04-01-2013, 04:27 PM
Secure Internet-Based Voting System for Low ICT Resourced Countries
1Secure Internet.pdf (Size: 2.59 MB / Downloads: 62)
ABSTRACT
Internet voting is currently one of the most intensely debated subjects in information
communication technology that would deliver a free and fair election. The study moves
to propose secure Internet based voting system. The product of the study is a secure
web-based system that would enable remote voting with capability to allow a voter to
independently verify his vote was used in the final tally.
As for regions in countries with low ICT resources and whose accessibility is difficult,
election processes have not been conducted to the satisfaction of the voters due to unwarranted
delays in the processing of votes pausing high risks that could lead to wrong
tarrying and declaration of the final results.
Quantitative data was collected from respondents through a questionnaire about a desired
system that would solve remote - inaccessible regions particularly in low ICT resourced
countries. The system was developed basing on the derived system requirements and
using the Microsoft.NET Framework using Visual Studio.NET and MS SQL Server 2000
as the relational database management system (RDBMS). Interface pages for the system
clients (for example, voter) were achieved through HTML for data interchange over the
secure WEB. An 128-bit encryption algorithm was implemented to ensure end-to-end
votes security
INTRODUCTION
Background to the Study
Internet voting is emerging as significant alternative to other conventional systems in the
delivery of trusted elections. Although certain forms of electronic voting have been used
successfully in a number of countries during the national and local elections, Internet
voting had not been used in a legally binding political elections. In the USA, Internet
voting (abbreviated as i-voting or ivoting) had never been used until March 2000 - when
the Arizona Democratic Party held its primary election online. Other countries which have
implemented i-voting are France (from 2003) and Estonia (2006). Estonia is believed to
have held the world’s 1st ever successful i-voting election in 2006. Any country with plans
to adopt the use of i-voting systems must first get full government election certification
and legislations before implementation (Gibson, 2001; Alan, 2005).
There is scanty information on successful implementation of internet-based voting in low
ICT resourced countries. Low ICT resourced countries are generally poor in economic
terms and their election systems are mostly manual with limited capacity to automation.
Deployment of internet based voting would be expensive and needs also appropriate
technical support and usage on the part of the nationals. However, undoubtedly an implementation
of Internet voting to communities in geographically difficult to reach terrains
with poor communication infrastructure, would allow increased access to the voting process.
Electronic Voting Systems
Like for the traditional/ conventional elections systems/procedures, the e-voting systems
must deliver reliable and trusted elections. And so must be designed and operated as to
ensure the reliability and security of the voting process. The e-voting systems have to be
as free, secret, reliable and secure as the conventional voting systems. An e-voting system
therefore should consider the following minimum requirements:
(i) To ensure that only persons with the right to vote are able to cast a vote.
(ii) To ensure that every vote cast is counted and that each vote is counted only once.
(iii) To maintain the voter’s right to form and to express his or her opinion in a free
manner, without any coercion or undue influence.
(iv) To protect the secrecy of the vote at all stages of the voting process.
(v) To guarantee accessibility to as many voters as possible, especially with regard to
persons with disabilities.
(vi) To increase voter confidence by maximizing the transparency of information on the
functioning of each system.
State of the Internet Voting around the world
The question of secure remote voting has been quite controversial. Many people question
if the Internet is secure enough for something as very important as a general election.
Nevertheless, the Dutch government were willing to take the risk of introducing a remote
internet voting system for the European parliamentary elections.
The United Kingdom government has piloted electronic voting aiming at increasing turnout
at elections. At the 2002 local elections five councils tested remote Internet voting for the
first time. The Swindon Borough Council conducted the largest pilot, offering the remote
Internet voting to all voters. Almost 15000 voters were surveyed as to their motivation
for choosing their voting method. Reports say that turnout increased by 3.5 per cent.
However, the research pointed out that feasibility of Internet voting implementations
has numerous barriers that include security, legal and fiscal requirements making remote
voting infeasible at the moment.
Testing the prototype using theoretical data
In determining the accuracy of any system, three important aspects were considered:
verification, validation and credibility. Verification is the process of determining that a
prototype performs as expected, checking all assumptions and any diagrams like flowcharts
and ERD. Validation is the process of determining whether a conceptual prototype can
accurately represent a system under study. Law and Kelton (1991) suggested that if the
prototype was ”valid”, then the decisions made with the prototype should be similar to
those that would be made by the physical experiment on the final system.
According to Sargent (1994), the most common approach for checking the validity of the
system is for the system developers to decide as to whether the system is valid or not. The
Event Validity test method would be used to test the system i.e. Events of the prototype
are compared to those of the real system to determine if they are the same. Answers to
the two questions must be answered: Does the prototype represent the desired system
correctly? and Does the specifications of the prototype match the requirements for the
desired system? A simulation/ prototype is considered credible when the simulation and
its results are acceptable to the user. Sargent (1994), recommends a prototype test team
to check and decide on system validity. Theoretical data was used in the various tests and
careful observations made. Results of the tests are print-outs on screen and/or printer.
System Overview
This section is about defining or drawing up the system requirements specification, creating
an acceptance test plan and beta test plan. As regards the design, design specifications
were developed through flow charting and process maps that define inputs, outputs,
and process interactions. The Systems Development Life Cycle methodology has been
adopted in this project. The software tools used included Microsoft professional suite of
Visio, Excel, Word and Paint.
In a typical voting system, a mature person registers with the Elections body at a gazetted
polling station. The person identifies self and declares age and his home constituency
information to the elections official. When that information is proven and valid, the
person if asked more bio data information which are all written into registration form.
The person is finally given a unique voter’s identification number which shall always be
presented at any voting opportunity. At voting time, the registered voter identifies self
and he/she is then given a vote with a list of all candidates from which a voter shall make
a choice.
Analysis
Systems analysis is defined as work that involves applying analytical processes to the
planning, design, and implementation of new and improved information systems to meet
the business requirements of an organization; It is a phase of the systems development life
cycle (SDLC) in which a current system is studied and alternative replacement systems
are proposed. SDLC, a method for developing information systems, is made up of four
main stages: analysis, design, implementation, and evaluation.
Existing Systems
A study of existing manual and automated voting systems was done. Weaknesses for each
of the systems were identified in view of service delivery to geographically remote areas to
enable voting. Then requirements for an effective, efficient and secure system with tested
security protocols and technologies were identified. A client - server architectural system
design that consists of at least key elements: the client, user, internet link, documents/
data flow and server(s) was developed. Any identified loopholes were compiled, analyzed
and a remedial solution has been proposed. Inputs and outputs were tested and validated
at every critical stage of the proposed system. Conclusions have been drawn from the
obtained results. Recommendations have been made and documented.
System Requirements
Questionnaire
To achieve the study’s objective, the questionnaire on Appendix D, filled by 50 independent
respondents, had 5-tickable agreement options/ scale consisting of ”Strongly
Disagree”, ”Disagree”, ”Neutral”, ”Agree”, and ”Strongly Agree”. The questionnaire also
had questions with blank spaces that would enable respondents to write in answers in a
structured manner. Data from the dully filled questionnaires was captured, compiled, and
analyzed to determine requirements for a system that would address the objective. Microsoft
Excel software was used for presentation and analysis. The system requirements
are summarized in the Table 1 . The key attributes of the desired system are listed and
a brief description is indicated against each.