Civitas

Civitas is an internet voting project from Cornell's Computer Science department. Civitas is based on a voting scheme invented by Juels, Catalono, and Jakobsson. The basic protocol is fairly simple - voters upload their votes onto a public bulletin board, and then "tabulation tellers" use a mix net to tally the votes. Zero Knowledge proofs help it achieve verifiability. What's unique about this system is that it gives voters the opportunity to use "undetectably fake credentials," to achieve coercion resistance.

Infrastructure attack protection
All internet voting systems are vulnerable to denial-of-service attacks. There are defenses against these kind of attacks, but they can't stand up to an adversary given sufficient computing power. In the event of such a situation voters would have to vote in person (or by mail)

Outsider hacking protection
All internet voting systems are, at least potentially, vulnerable to outside attack on the servers running the software. Yet so long as there exists one honest tabulation teller and assuming that the voter submits his vote to at least one correct ballot box it should not be possible for an outsider to compromise the voting system.

Malware and virus protection
Civitas assumes a trusted voting client. There might be a way to modify the protocol to provide more defenses against viruses at a cost, but these mechanisms have not been implemented yet. One defense is the fact that each voter can check that their vote is included (correctly) in the final tally. Would there be some way for such a voter to change their vote ex-pos facto if a virus interferes?

Man in the middle attack protection
This is mitigated by the fact that the man in the middle doesn't know the content of the vote that is being transmitted. The voter could check to ensure that his or her vote went through the system as well before the election ends.

Insider attack protection
This hasn't been addressed because this system is theoretical. This is a big issue however. It can be partially addressed by 1) open source software and 2) security of the systems themselves - at least there are less machines to deal with compared with DREs.

Coercion resistance
In theory, voters can construct fake credentials by running an algorithm and can give that to the adversary. This, however, seems difficult for voters to utilize in practice. However, voters can vote more than once online (or possible at a polling place as well) which seems to partially solve this problem.

Ensuring one person, one vote
If voters can register securely (this could be done in person) then only those registered should be permitted to vote. Those with the proper keys would not be able to have their vote counted more than once.

Counting and tallying accuracy
The system should accurately count and record votes. The tabulation tellers verify the proof of well formedness for each vote, and votes with invalid credentials are discarded. Also, anyone can verify that their vote was recorded correctly.

Voter anonymity
"The list of submitted votes and the list of authorized credentials are anonymized by... mix net[s]." Currently each teller performs 2 permuations - the revealed information can be made statistically small by requiring 5 permuations each (this would increase tabulation time be 3%) or by using mix nets based on zero-knowledge proofs. Anonymity holds even if a number of the tellers are corrupt.

Voter verifiability
"Tabulation is made publicly verifiable by requiring each tabulation teller to post proofs that it is honestly following the protocols. All tabulation tellers verify these proofs as tabulation proceeds. ... Anyone can verify these proofs during and after tabulation, yielding universal verifiability. A voter can also verify that his vote is present in the set retrieved by the tabulation tellers, yielding voter verifiability."

Immediate results protection
So long as there are multiple "key shares split among several independent tally authorities" then no election results should be obtainable before the voting period ends.

Ease of performing a recount
Anyone can verify that their vote was included in the proper tally. Though this data may be unusable for the purpose of conducting a recount, however.

Usability
The exact usability of the system isn't fully known because this system is more of a general protocol at this stage rather than something that has been implemented and tested.