A Security Generated Approach towards Mass Elections using Voting Software

Document Sample
A Security Generated Approach towards Mass Elections using Voting Software Powered By Docstoc
					                                                     (IJCSIS) International Journal of Computer Science and Information Security,
                                                     Vol. 9, No. 7, July 2011



          A Security Generated Approach towards Mass Elections using Voting
                                     Software

Aradhana Goutam                              Ankit Kandoi                                    Manish Wagh
Fr. Conceicao Rodrigues College              Fr. Conceicao Rodrigues College                 Fr. Conceicao Rodrigues College
of Engineering,                              of Engineering,                                 of Engineering,
Bandstand, Bandra (W),                       Bandstand, Bandra (W),                          Bandstand, Bandra (W),
Mumbai 400050,                               Mumbai 400050,                                  Mumbai 400050,
Maharashtra, India                           Maharashtra, India                              Maharashtra, India
aradhana.pande@gmail.com                     ankit400063@yahoo.co.in                         manishwagh1989@gmail.com

Kashyap Shah                                 Prathamesh Tarkar
Fr. Conceicao Rodrigues College              Fr. Conceicao Rodrigues College
of Engineering,                              of Engineering,
Bandstand, Bandra (W),                       Bandstand, Bandra (W),
Mumbai 400050,                               Mumbai 400050,
Maharashtra, India                           Maharashtra, India
kashyap.m.shah.88@gmail.com                  prathamesh.tarkar@yahoo.in


    ABSTRACT                                                        right to cast one, and only one, vote in the election
                                                                    violates the fundamental principle of democracy.
    Elections form the core of democratic society and, as
    such, are of monumental importance in democratic                Keywords—online voting, Encryption, CAPTCHA,
    world. . In order for an election to remain truly               Bio-Metric, Graphs/Charts
    democratic, it must uphold four critical properties:
    privacy, incoercibility, accuracy and verifiability. In                    I.     INTRODUCTION
    this paper we analyze threats against these properties          A. Purpose:
    during the three phases of an election (voter
    registration, casting votes, and tabulating votes),             The main objective of this project is to illustrate the
    highlight specific ways voting systems have been                requirement of project Voting Software for mass
    compromised, summarize the weaknesses of current                elections. It gives detailed description of functional &
    voting techniques, and give assurance to voters to              non – functional requirements of the intended system.
    ensure their votes are handled properly in upcoming             It is meant to delineate the features of intended
    elections.                                                      system, so as to serve as guide to developers on one
                                                                    hand and software validation documents for the
    For an election to serve its purpose in a democracy,            perspective clients on the other. The final product of
    it must guarantee four properties:                              the team will be meeting requirements of this
    • Privacy — voters have the right to keep their ballots         document.
    secret.
                                                                    B. Scope:
    • Incoercibility — voters cannot reveal the contents of
                                                                    We describe what features are in scope and what are
    their cast ballots.
                                                                    not in the scope of the software to be developed.
    • Accuracy — the final tally is the actual sum of all
                                                                        a)     WITHIN THE SCOPE:-
    cast ballots.
                                                                             • Pre – election processing where users are
    • Verifiability — voters can prove to themselves that
                                                                               required to fill an online form, take its print
    their ballots were cast as intended and counted, and
                                                                               out and submit it to centre’s along with the
    anyone can prove that the final tally is accurate.
                                                                               required documents for validation.
    Violations of any of these properties, particularly in
    the form of security breaches, can disrupt the                           • Information about different parties, their
                                                                               representatives and their recent work is
    outcome of an election or discourage potential voters
                                                                               made available on the respective website.
    from participating. This can allow small groups of
    people to compromise the robustness and fairness of                      • Voter Authentication.
    the election. Any failure to guarantee each citizen the
                                                                             • Alerting voter if already voted once.



                                                              152                               http://sites.google.com/site/ijcsis/
                                                                                                ISSN 1947-5500
                                                   (IJCSIS) International Journal of Computer Science and Information Security,
                                                   Vol. 9, No. 7, July 2011


          • Secured transmission of count of votes of             Officer is authenticated with the help of fingerprint
            each          representatives       using             recognition.
            encryption/decryption/algorithm.
                                                                  Voter:
          • Administrator/ Chief       Election   Officer         The Voter can register himself in different languages
            Authentication.                                       as per his choice. The Voter is assigned an Unique
     b)    BEYOND THE SCOPE:-                                     Identifier after his identity is confirmed. The Voter
                                                                  can also browse through the website to gain
          • All the information in the forms collected at         knowledge of different candidates and parties. The
            the centre’s are stored and maintained in the         Voter is authenticated with the help of his Unique
            voter’s database.                                     Identifier, Date of Birth and age. Eventually, the
          • Any client related prediction.                        Voter can give a vote which gets recorded in the
                                                                  database.
C. Overview:
The rest of Software Requirement Specification
(SRS) is organized as follows: Section 2 gives overall            C. Performance Characteristics:
description of software. It gives what level of                        a)   Language Translation
proficiency is expected of the user, some general
constraints while making software and some                        Voter can submit the registration form in English,
assumptions and dependencies that are assumed.                    Marathi, Gujarati, Hindi, Telugu and Bengali.

Section 3 gives specific requirements which software                   b) UIDs
is expected to deliver. Functional requirements are               Voter is assigned an Unique Identifier (UID) once
given by various UML diagrams. Some performance                   his/her identity is confirmed.
and design requirements are also specified in the
document.                                                              c)   Reliability

            II.    DESCRIPTION                                    The Voting System does not fail even if thousands of
                                                                  users are trying to access it at the same time.
A. Product Perspective:                                                d) Exclusive Access To Results
The system will prompt the voter to enter his user id
                                                                  Only the Chief Election Officer is allowed to access
and DOB. These details will be checked against the
                                                                  the results of the election via fingerprint
database      decentralized  according     to     the
                                                                  authentication.
locality/postal code. Further, the voter will be
permitted to select one of the representatives                         e)   Human Verification
displayed on the GUI screen.
                                                                  It is generated during the voter registration which is
The system will alert the user:                                   used to distinguish human voters from web spiders
                                                                  and computer programs.
1.          For vote confirmation
                                                                       f)   Charts
2.          If he has voted earlier.
                                                                  Results of the election can be viewed in the form of
The system will have admin who has fully fledged
                                                                  table and charts like Pie chart, Bar chart and Line
rights with regards to managing resources across
                                                                  graph.
centers such as transferring voters information to the
centre’s, decrypting and counting the votes received                   g) Denial of copy
by each representative, displaying results on the
                                                                  The website developed has right click, select,
website
                                                                  highlighting and back button disabled.
B. User Characteristics:
                                                                  D. Behavioral Description:
Features of entities involved in the system:
                                                                     • Response time should not be more than one
Chief Election Officer (CEO):                                          second.
The Chief Election Officer has the exclusive right to                • Transferring a vote should not take more than
view the results of the election. He can view the                      three seconds.
results with respect to a ward or country in the form
of charts. After viewing the results, he would then                  • There should be proper synchronization and
display the results on the website. The Chief Election                 accurate time interval.




                                                            153                               http://sites.google.com/site/ijcsis/
                                                                                              ISSN 1947-5500
                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                              Vol. 9, No. 7, July 2011


E. Design Constraints:                                            b) Server Site:
 • The Exit button cannot be disabled.                          • Windows XP/Vista/ 7 or Linux Operating
                                                                  System
 • The Menu button cannot be disabled.
                                                                • Java2 Software Development Kit 1.6
F. General Constraints
                                                                • Java Runtime Environment
 • Full working of the system requires Internet
   connection.                                                  • NetBeans 6.8
 • The system is single-user software decentralized             • Glassfish V3 Domain
   according to postal code or locality.
                                                                • TomCat
G. Assumptions & Dependencies:                                  • Java DB
   Assumptions:
                                                                • Web browser
 • The system assumes that the users have a bit
                                                             J. Validation criteria:
   knowledge regarding how to use a
   mouse/keyboard of a computer.                             Software should provide following validations:
 • Full working of the system is dependent on the               • If the input is incorrect or empty then an error is
   availability of Internet connection.                           thrown and the control is redirected to the home
                                                                  page.
   Dependencies:
 The system needs following 3rd party products:                 • The voter is allowed to see only those sections
                                                                  which are permitted by the CEO.
 • NetBeans
                                                                   III.    INVESTIGATION HISTORY
 • Glassfish Application Server
                                                             A. Overview of Swiss Voting:
 • Tomcat Web Server
                                                             A study realized in 2001 by the Research and
 • JavaDB                                                    Documentation Centre on Direct Democracy (c2d)
                                                             upon request by the Geneva State Chancellery states
H. Hardware Specifications:                                  that the implementation of Internet voting could
   a) Client site:                                           increase turnout by as much as nine percentage point.
Minimum Requirements:                                        Since its launch in the beginning of the current
                                                             decade, the eGov Trenbarometer realized by the Bern
 • P4 2.4 GHz                                                technical school shows that two thirds of Swiss
 • 256 MB RAM                                                citizens wish to be able to vote online. Studies
                                                             conducted in 2003 and 2004 by the GFS polling
 • 20 GB Hard Disk                                           institute at the request of the federal Chancellery
 • Broadband connection (128 Kbps)                           have shown that most of the citizens aged 18 to 29
                                                             considered voting online. All these elements allow
   b) Server site:                                           thinking that Internet voting will indeed have a
                                                             positive impact on turnout.
Minimum Requirements:
                                                             The Swiss citizens living in the municipalities of
 • Intel /AMD dual core/core 2duo laptop with in-
                                                             Anières, Avusy, Bernex, Chêne-Bourg, Collonge-
   built fingerprint recognition system
                                                             Bellerive, Cologny, Grand-Saconnex, Onex, Plan-les-
 • 4 GB RAM                                                  Ouates, Thônex and Vandoeuvres were able to vote
                                                             online for the federal and cantonal ballot of March
 • 240 GB Hard Disk                                          the 7th, 2010. The online voting site was opened
 • Broadband connection(2Mbps)                               from Monday February the 8th at midday to Saturday
                                                             March the 6th at midday. Past this deadline, these
I. Software Specifications:                                  citizens were able to vote in their polling station on
   a) Client Site:                                           March the 7th, from 10 am until midday.
                                                             Swiss citizens living abroad were also able to vote
 • Windows 2000/XP/Vista/ 7 Operating System
                                                             online, providing they were registrred to vote in
 • Web browser                                               Geneva and have their residence in the European




                                                       154                               http://sites.google.com/site/ijcsis/
                                                                                         ISSN 1947-5500
                                                 (IJCSIS) International Journal of Computer Science and Information Security,
                                                 Vol. 9, No. 7, July 2011


Union, in Andorra, North Cyprus, Lichtenstein,                  careful engineering, strong safeguards and rigorous
Monaco, San Marino Vatican City or in one of the                testing in both design and operations. The actual
state parties to the Wassenaar Arrangement                      development, implementation and testing of the
(Argentina, Australia, Canada, Croatia, Japan,                  project will require about 5-6months.
Norway, New Zealand, Russia, South Africa, South
Korea, Turkey, Ukraine and United States of                     F. Other Significant factors:
America). On February the 8th 2009, the Geneva                     a) Market and real estate feasibility:
citizens approved with a 70.2% majority the
                                                                The main intention of the project is not to capture
inclusion of Internet voting in their Constitution.
                                                                markets or to earn large profits. But the main aim is
B. Overview of Estonian Internet voting:                        to provide the citizens with safe, easy, comfortable
                                                                and faster way for voting. It should also reduce the
Internet voting is available during an early voting             complexity on the administrative side.
period (sixth day to fourth day prior to Election Day).
Voters can change their electronic votes an unlimited              b) Cultural feasibility:
number of times, with the final vote being tabulated.           This project takes into account the cultural and
It is also possible for anyone who votes using the              linguistic characteristic of the demography. It allows
Internet to vote at a polling station during the early          the voter to select the language in which he wants to
voting period, invalidating their Internet vote. It is          vote thus overcoming language barriers.
not possible to change or annul the electronic vote on
the Election Day.                                                          V.    SYSTEM ANALYSIS
      IV.    FEASIBILITY STUDY                                  A. Drawbacks of Paper Ballot System:
A. Technological and System Feasibility:                           • There may be large magnitude of lost and
This project uses technologies like Enterprise Java                  uncounted votes.
Beans (EJB), Java Server Pages (JSP), Servlet and                  • Counting of votes is more time consuming and
databases like Java DB. Apart from EJB, these                        complex.
technologies do not require any special efforts from
the technical team to get used it.                                 • Casted votes need to be transported.
B. Economic feasibility:                                           • More dependence on human ability, hence more
This project is economically feasible. It requires the               prone to errors.
use of NetBeans IDE. This software is easily
available and can be brought without any special
                                                                   • Overall cost of voting is very high.
expenditure.                                                       • Third party may be obtain knowledge of casted
C. Legal feasibility:                                                votes

Most of the projects on voting have been                        B. Drawbacks of Electronic Voting Machine
accomplished in hardware. NO COPYRIGHT has                      (EVM):
been imposed on such kind of project anywhere in
India or anywhere else in the world. Also the project              • Can    be hacked         using      modern       hacking
complies with the Legal requirements laid down on                    algorithms.
by the Government of India. The project also takes                 • Susceptible to return oriented programming.
care of the democratic and moral values of the voting
system.                                                            • Machine can be replaced by identical malicious
                                                                     machine.
D. Operational feasibility:
As this project involves commonly used and easily                  • Booth capturing is possible.
compatible software, it is robust, easily scalable and          C. Drawbacks of Optical Scanners:
can be easily integrated with the existing system
without the loss of security. It provides higher                The system uses polarized light transmitted from
efficiency at lower cost without any compromise.                sources of illumination, such as Light Emitting
                                                                Diodes (LEDs), and is received at the photo detectors
E. Schedule feasibility:                                        via cross-polarizer. Such systems, which require a
The software development team should be able to                 voter to use an ink pen for checking boxes,
learn the technologies to be used and enhance their             connecting lines, or other techniques, can result in
skills within two months. This software requires                questioned or uncounted ballots due to improper



                                                          155                               http://sites.google.com/site/ijcsis/
                                                                                            ISSN 1947-5500
                                                     (IJCSIS) International Journal of Computer Science and Information Security,
                                                     Vol. 9, No. 7, July 2011


marking.                                                                    He will be prompted to enter his UID, age and
                                                                            date of birth.
  • With all optical systems, smudges or dirt on a
    ballot corrupts the scanning process creating a                         The system checks if he is a valid voter and
    high possibility for error.                                             whether he has voted earlier.

    The quality of the ink mark is important.                               The system then lists the voting menu .

    An optical reader may miss light or inconsistent                        The user just clicks on the desired party.
    marks made by a voter.                                                  Your vote is encrypted on your PC. It is then
    Optical readers are cumbersome to transport to                          stored in a file that has no connection with the
    election sites and to store between elections.                          voters’ database. Votes are decrypted and
                                                                            counted on the final ballot’s day using the key
    Sensitive to dirt and dust accumulation on the                          held by the vote controllers. Until then,
    optical areas.                                                          nobody can know the content of the electronic
D. Features of Our Software:                                                ballot box.

    Precise vote counting                                                After the voting is over the Chief Election
                                                                         Officer authenticates himself (using fingerprint
    Option to conduct        in    a   centralized    and                recognition) to view the results. The Chief
    decentralized manner                                                 Election Officer is the first person to see the
    Rapid availability of results in the form of tables,                 results
    charts(line, pie, bar)
    Secure and reliable vote casting
    Lowers the cost of voting                                                        HTML                        HTML
                                                                                   BROWSER                     BROWSER
    Easily scalable
    Economical, robust and easy to integrate with
    emerging technologies                                                                        FIREWALL

    The system aims at            boosting the voting
    percentage drastically
                                                                                     SERVLET                         JSP
  VI.      SYSTEM ARCHITECTURE
A. WORKING:
                                                                                                HTML/XML PAGES
    The working of our system is as follows:
    The     technology    provides     freedom     to
                                                                                                     RMI/IIOP
    programmers to adept and adopts different
    languages and techniques whenever they are
    required to provide the best result. This enables                       EJB SESSION BEANS                EJB entities          JDBC
    the voter to view the form and the result in his
    own mother tongue.
    The voter must fill the pre-election form.                                                 MQ SERIES/JAVA
                                                                                           MESSAGING SERVICE (JMS)
    The system allows the voter to select the
    Language in which he wants to fill the form.
    The voter takes a print-out of it and submits it in                                                    DATABASE                DATABASE
    the local ward.
    The officer verifies the information filled by the                                            Figure 6.1
    candidate and gives him a UID (Unique                           B. TECHNICAL DETAILS:
    Identification Number) and password .The UID
    is to be kept secret.                                                The Voter enters the details through HTML web
                                                                         browser. Now JSP allows the Voter to submit the
    On the day of elections, the user must go to                         details to the Server.
    voting site.
                                                                         The Servlet accepts the request and sends



                                                              156                               http://sites.google.com/site/ijcsis/
                                                                                                ISSN 1947-5500
                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                          Vol. 9, No. 7, July 2011


response to the Client. The Servlet contains the                              VII.       Output:
business logic.
The Entity Beans represents tables in database.
The getter () and setter () methods are used to
read and write from the database. The Session
Beans accesses all the data from the database.
Are translated and compiled into JAVA servlets
but are easier to develop than JAVA servlets.
JSP uses simplified scripting language based
syntax for embedding HTML into JSP.
JSP containers provide easy way for accessing
standard objects and actions.
JSP reaps all the benefits provided by JAVA
servlets and web container environment, but they
have an added advantage of being simpler and
more natural program for web enabling                                   Figure 7.1 Homepage (index.jsp)
enterprise developer
JSP use HTTP as default request /response
communication paradigm and thus make JSP
ideal as Web Enabling Technology.
JSP parsing

                FRONT-END:

                HTML/JSP/JAVSCRIPT




                                                         Figure 7.2 Description (webpage.html)
              MIDDLEWARE:

              PROCESSING AND
              TRANSFERRING VOTES
              THROUGH EJB




                BACK-END:

                JAVADB
                                                         Figure 7.3 User registration (user_reg.jsp)



              Figure 6.2




                                                   157                                http://sites.google.com/site/ijcsis/
                                                                                      ISSN 1947-5500
                                    (IJCSIS) International Journal of Computer Science and Information Security,
                                    Vol. 9, No. 7, July 2011




                                                   Figure 7.5 Voting page




Fig. 7.4 Voter’s Information form




                                                   Figure 7.6 Thank you page




                                             158                               http://sites.google.com/site/ijcsis/
                                                                               ISSN 1947-5500
                                                        (IJCSIS) International Journal of Computer Science and Information Security,
                                                        Vol. 9, No. 7, July 2011




                                                                       Figure 7.10 Results in TABULAR FORM




Figure 7.7 Admin login (admin_login.jsp)




                                                                       Figure 7.11 Results in BAR CHART




Figure 7.8 Login successful (check_admin.jsp)




                                                                       Figure 7.12 Results in LINE CHART




Figure 7.9 Results page (check_admin.jsp) of different ward




                                                                       Figure 7.13 Results in PIE CHART




                                                                 159                               http://sites.google.com/site/ijcsis/
                                                                                                   ISSN 1947-5500
                                                    (IJCSIS) International Journal of Computer Science and Information Security,
                                                    Vol. 9, No. 7, July 2011


          VIII.      CONCLUSION
A. SCOPE FOR FUTURE IMPROVEMENT:
      The authentication of user and administrator
      can always be replaced by a finger print
      recognition / authentication approach which
      will definitely improve the security about
      voters and administrators identity. Image
      content retrieval algorithms will be required to
      match the fingerprints of the voter while
      voting and administrator while accessing any
      database against those maintained within the
      respective database.
      The encryption/decryption algorithm can be
      changed if its secrecy is compromised.
B. Conclusion:
The project “Voting software for mass elections”
has been implemented successfully. This project is
user friendly, fast, efficient, tamper proof and has
good security features. It has all the pre-requisites of
good software. It will definitely revitalize the
common man's interest in voting. Thus, leading to
stronger democracy.



          REFERENCES
    1.    www.projectparadise.com
    2.    www.beprojects.com
    3.    www.101projects.com
    4.    www.projecttopics.com
    5.    www.seminartopics.com
    6.    www.itproj.com
    7.    www.computer.org
    8.    www.ieee.org
    9.    www.google.com
    10.   ieee-security and privacy,issue-march/april2009
    11.   ieee-Internet computing,issue-jan/feb2009
    12.   ieee-network,issue-jan/feb09
    13.   Java2 ,2nd edition,by Herbert Schild
    14.   Master       EJB      2.1-Gerald      Brose,Rima
          Patel,Sriganesh
    15.   Express Computer,issue-August/sept2009
    16.   Itprofessional,issue-may/june09
    17.   http://www.servesecurityreport.org/
    18.   http://www.serveusa.gov/
    19.   http://www.geneve.ch/evoting/english/welcome.a
          sp
    20.   authorsATservesecurityreport.org




                                                             160                               http://sites.google.com/site/ijcsis/
                                                                                               ISSN 1947-5500

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:31
posted:8/26/2011
language:English
pages:9
Description: Elections form the core of democratic society and, as such, are of monumental importance in democratic world. In order for an election to remain truly democratic, it must uphold four critical properties: privacy, incoercibility, accuracy and verifiability. In this paper we analyze threats against these properties during the three phases of an election (voter registration, casting votes, and tabulating votes), highlight specific ways voting systems have been compromised, summarize the weaknesses of current voting techniques, and give assurance to voters to ensure their votes are handled properly in upcoming elections. For an election to serve its purpose in a democracy, it must guarantee four properties: • Privacy — voters have the right to keep their ballots secret. • Incoercibility — voters cannot reveal the contents of their cast ballots. • Accuracy — the final tally is the actual sum of all cast ballots. • Verifiability — voters can prove to themselves that their ballots were cast as intended and counted, and anyone can prove that the final tally is accurate. Violations of any of these properties, particularly in the form of security breaches, can disrupt the outcome of an election or discourage potential voters from participating. This can allow small groups of people to compromise the robustness and fairness of the election. Any failure to guarantee each citizen the right to cast one, and only one, vote in the election violates the fundamental principle of democracy.