Scantegrity

Scantegrity is an end-to-end verifiable improvement for optical scan voting systems which was developed in part by the cryptographer David Chaum. Invisible ink decoder pens reveal a two to three letter code beside each candidate. The voter then can take these codes home on his or her receipt and, when combined with the ballot's serial number, the voter can verify that his or her vote was cast correctly. These two to three letter codes don't reveal anything about the contents of the vote.

Infrastructure attack protection
Little infrastructure is needed for people to vote using an optical scan system. Even if the power is out or if equipment fails, voters can vote on paper and have the optical scanner record it later.

Outsider hacking protection
Outside hacking shouldn't be effective against paper/optical scan ballots because voters don't have access to the scanning machines which tally votes. The cryptography itself would be very hard to break into because changing the posted encryptions would be quite noticeable.

Malware and virus protection
Scantegrity's optical scan machines would still vulnerable to malware, if someone could break into the physical machines themselves. However, it counters this both because there is an auditable paper vote record and because there is end to end voter verification. Though either system isn't perfect by itself, this two pronged solution is probably the best around in the status quo.

Man in the middle attack protection
There's not really an equivalent except for tampering with the data from the optical scan machine after the voting period is over (or during the voting period). This is possible but somewhat mitigated by the paper records and the auditing system.

Insider attack protection
All optical scan machines are vulnerable to these types of insider attacks - the firmware can easily be tampered with on most conventional machines. However, this is mitigated by the public audit and public posting of data - Scantegrity is end to end verifiable, so observers would be alerted if any election official tried to tamper with the information. This issue is also mitigated by the paper ballot record, as with current optical scan systems.

Coercion resistance
Scantegrity is receipt free - voters get a receipt but these receipts can be easily falsified - so the only way someone could sell their votes this way is to illegally take pictures of their ballot while in the voting booth.

Ensuring one person, one vote
Paper ballots solve this because each voter is given only a single paper ballot when they sign in. Existing optical scan systems have many security measures like serial numbers and watermarks.

Counting and tallying accuracy
http://www.vote.caltech.edu/Reports/2001report.html - optical scan ballots deliver the lowest rate of invalid votes of any technology form 1988-2001. Voters are asked for confirmation if they undervote. Technology is improving: from the Minnesota Senate race in 2009 gross accuracy was 99.91% And there's verification to ensure votes have been recorded.

Voter anonymity
It's anonymous because there's no name on the ballot. Since the link between a confirmation code and the candidate voted for must remain secret, the tally is generated using an anonymity-preserving backend.

Voter verifiability
Paper ballots are marked by the voter. The voter she can verify that their vote was actually counted by using the confirmation code / their ballots' serial number. But because the system is receipt free (there's no way for voters to prove without a doubt that they voted a certain way) it might be hard to verify if someone is really telling the truth when they call for an audit or for a recount. The solution to that issue is using invisible ink decoder pens so that the voter will be aware of one code when taking his or her receipt. Depending on how the system is implemented there may be a practical way to efficiently handle this kind of dispute resolution (when one voter thinks the system has been compromised.)

Immediate results protection
Having no intermediate results before the voting period ends is not very significant for a non-absentee voting system. Even if there aren't any practical restrictions to prevent obtaining intermediate results, straw polls in the status quo achieve the same end of producing intermediate results on election day. These are usually accurate,though not so in the 2004 election.

Ease of performing a recount
It should be possible to perform a recount, however it is still very cumbersome to do so. There's human error involved and it may be unclear when it's necessary for a recount. But these problems don't deny that it's possible for a recount to be performed in theory.

Usability
While there are costs associated with voting this way, it's not that much more complicated than normal optical scan voting (plus, it may motivate more people to vote if they can be assured that their votes will count.) The authors concede that many people won't use the verification system, but universal adoption may not be necessary: even if a small amount of voters verify their ballots then it would be beneficial.