Khaled Elleithy and Ihab Rimawi Computer Science and Engineering Department University ofBridgeport Bridgeport CT'06601

ell,eithy@bridgepo.rt.,edu
secret ballot" which means to separate the identity of the voter from the ballot [3], Online voting is not a new concept In the Iast three decades, studies tried to. come up with a way to create online voting systems that enable' peoples to vote while they are at their home ,. It was not: until the late '90's. when the idea became practically possible. Internet revolution helped the idea to grow Studies expect that online voting will replace 'the present voting system sooner or later '[4].

In this paper, we present the design and implementation of the CyberVote system. The Cyberl/ote system gives voters a reliable and highly secure environment to cast their votes using Internet terminals, suc.h as p,e"" handheld devices, and mobile phones. FurtneYmtJr,e" it relies 'Upon an ,fnnovQtil e 'voting p:ro,tocol that uses cryptographic tools.

The cryp,tograp/tJ;ic protocol ensures authenttcatio»

of

voters, notification, and confirming the P;I'OCe8S afterwards. in a random' time, in order to eliminate any probability 0..1' identity theft. Also. it guarantees the privacy and integrity of each vvte during the registration process, transformation through the Internet, and during the counting and auditing process. Furthermore, the .(~yberV{Jtesvstem includes a tool that resets the database before the voting process .J tarts. When the elections time ends, voters cannot cast their votes. and ,rh'e) - are not allowed to access their accounts during counting process. The counting PP~(),(,'f!,SS is .tull} automated, giving no chance for manipulation ofthe results. When the results are ready" it J, ill be posted 0'12' the official election website along with statistic studies and graphs that explain the results.

11,2.~Advantages B,od. problems of o:oJiue voting systems

Online voting provide' convenience, co. t-s aving, and saves the voters from dealing with heavy traffic, 'bad weather condition" WId postal service issues, Furthermore, it helps millions of disabled and blind people to cast their voteswithout any assi stance [5].

1.2.2" Preblems
systems

face

applym,g

Online

voting

1~2.2".l., aHfo.rnia. Task Foree C
California formed a committee caned 'California. Internet Voting Task Force to study the feasibility of replacing 'the current voting system with remote' online voting system. The taskforee released its. report on January 2000. The report .uggested that using a remote internet voting system will increase 'the number of voters due to the convenience it provides. It added.v'However, technological threats to the .iecurity, integrity and secrecy of Internet ballots are significant" [2].. The taskforce divided remote online votinginto two. different types: a- Using computers and LANs controlled by the'

I. lntrod'DctioD

The 2000 presidential elections forced most of the organizations, around the world to think of a better way of voting that enables ~s much people tocast 'their ballots in a convenient "ray 1[1]. It was suggested to introduce a system that enables voters to use the int,em'et to cast their ballots, since 'the internet is a, cheap, fast" and effective way 'to transfer data.M,any researchers have studied the benefits and threats of u_ing internet for voting [2]. Most studies raised concerns about voters' authentication; security of ballots during transfer through internet, and maintaining the

s.tate.
bUsing computers and LAN.s controlled by - oters,

The task force concluded 'that the first type can be easily used while the second needs more analysis and study because of the threat of Trojan horses, and back doors, [2].

219 K. EJ.leitl1Jet at. (eds.), Adeances 'in Computer. lnformaiion; and Systen1.s Sciences, and Engineering, 2.19-225. © 2006 Springer.

which ensures the security of the datagiven to the: system. • CyberVote can deletes the voters 'who voted from CyberVote stops Voting process according to pr. Furthermore replacing major servers with smaller . 3. get to cast their votes. sending a physical notice to voters confirming the voting process as ociated with the time of voting.. Another solution that can be' more time efficient is transmission a tool to the voter's computer after that stops all the processes running on the I.3" CyberVote There are many technical problems that appear when remote online voting systems.' .. since access to internet varies from. one' class to another in the society 'which might not give accurate results [7]" . Desi.. website • CyberVote encrypts received data .. urthermore.S any network can be solved by having a backup' server that picks up as soon as the other Se1Ver stops working. Voters can log into their accounts Cybervote authenticates users cast their votes using official CyberVnte machine except for the processes the system runs. 2. This is probably the toughest challenge facing the developers of those systems. or mail. Remote online voting. which maintains the privacy of the voting process. Giving applying CyberVote is a remote online voting system that tries to overcome the problems of the' present remote voting systems. but it does 'Dot eliminate it. Flooding 1 system was designed to fulfill the following functional requirements: Administrator specifies registration tunes and The Cybervote I. we can not secure the voter terminal. Identity specified date and time • CyberVote counts the votes • CyberVote posts Te ults on official website. CyberVote . ervers placed according to population of voters in different areas will help stopping any kind of coordinate network flooding [8:].' terminals.~'ii .. In order to' overcome this problem the voter should be asked challenging questions that help authentication. and it ensures voters authentieation. Security.- t. The most practical solution is to have an online: scanning tool that scans the voters' computer from potential threats before the: voters. Having access to computers and internet is another important issue'.1 • Voters vote stops accepting new registrations its period is over._c 1 2 2".2~. Reliability._reb _ec D. Cybervote uses di fferem methods of encryption. three non-functional 1. Another problem that prevents the implementation of online voting is the security on the other side of the system.gn )10.ngl t --hn call "p.SS to population table m • Voters can register during registration period • CyberVote System checks voters' eligibility to after Securing all the voters terminals could be' an impossible missi on simply because 'voters run multiple applications OlD their terminals that might be capable of changing or manipulating the 'voting process. oVI.220 ELLEITHY AND RIMA WI 1.. can reduce the risk of identity theft [8]. SM S messages. It enables voters to east their votes from their own Internet terminals" in a highly secured len vironment.. • CyberVcte saves the vote in a highly secured database 1. will make identity theft task easier than before . Separating the database server from the CyberVote server gives 'the' system another voters thehance to vote using.1 CyberVote arranges confirmation process by different techniques.3" S'" -·1" • ii' . CyberVcte requirements which are: fulfills. -_. problem that affects any voting process no matter what kind of technology is used. Furthermore. the database II messages. internet will affect the secrecy of ballots. security advantage. Even if we manage to secure the server and we have a secure ballot transmission overthe internet. '1Ie" "m--.1 . I. Administrator database daters) specifies voting times and daters) • Administrator adds candidates to CyberVote II Administrator has lU::Ce. the internet should not have a huge impact onthe to voting process ifwe keep the old fashion way by going to polls where 'terminals are available located in the' areas where computer access is not available as much as other areas. Usability. identity fr-om the ballet.e. Having aICCeSs. ·11 . The first issue that can be a threat is a ceordinated network flood [7]. Cybervote follows the secret ballots criteria" wnich separates voter's. Also.4Identity Theft theft is a. This solution will reduce the risk of having security problems on the voters. since other people can watch the 'Voting process from behind the voters back [7 . 2. . the voter terminal. such as Phone email.2. " ..

' invoti number '"an d. That table will send the voters confirmations of the' procese.ALYS]S AND D4P'LEMENTATI ON I Q.2 nu m berOfvoters wlnrnBrName CanOl ildatl!i!S S N COUlI1t.UonOTE vetl.a.~grams.t'rat~onDTS !reg~stira.JDesi:~nDi.2 Database D'csign i In order to separate the identity of voters from their ballots.lngS vo~il'ilg!E _IIPK'.AN.' 1 1 'O'IO:B. from the registered Voters table as soon as they hit on vote button."" DOB-'>- n.Design 1. Figure' I: UML diagram ofCyberVote system 2.1~.2.Systc'm .FIt<: 1 FK. __ 11 P6SSWOfd 'fi rs'lN am d' ImllddlolnllUal IlastlName'" IJW!honeNumber ia's. V '0119 t'.me'" ~eg]ms. I tim.s Figure 2: Relationships among the tables in Cybervote database. .s . at new technique is introduced in CyberVote system 'that delete.rstName"' middlel nUial ias:~Na.o:n. Their 'Vote: will be' stored in casted table..2. then the' system will store in the population database that voter X ted 10 vUILlng bY vote. the UlvlL diagram which explains explain how CyberVote system works.F A CYB. 'the data of voters.ER VOTE SYSTEM . ..21 2.2.~Addres. Figure ] shows. so . and their social security number will be ·tored ina separate table caned confirm.DESIGN~ .

which 'consists of the action was done. a random number win begenerated. SI-iA256..3. Wehave implemented Cybervote nsing Firebird 1. 'the main classes used are as. starting voting in order to ensurethe transparency of the voting processmaintaining a high degree of security. and will 'be added to the 'encrypted. Also~]t was implemented witbASP'.N. CyberVote system represents a very simple open seurce code system that ensures.~ which method. The emplyees 'the'). We used FbConnection class connectivity to the firebird database. and M.2. Deleting requires three levelpasswords. Figured. compatible with the handheld and mobile devices. which means that a supervisor and two employees should enter their passwords and.5 encryption methods. This complexity gives some doubts of having back doors in those systems. .222 ELLEITHY AND RIlvIAWl CyberVote system uses different 'types.where altering can only change the information related jo an. entry. Choosing this database was based on its open source code. feature increases the security of the system. the supervisor bas to enter his/her password along with the employee in order to enable the employee work on adding new entries into the database. Cybervote uses.. . it has a help link that comes in two different ways" text or animated. among the component diagram of the different components that comprise - CyberVote bas. of encrypting algorithms such as Secure Hashing Algorithm (SI{A I )" Message Digest Algorithm (MD5). but not the social security number of an entry. Component diagram of CyberVcte The PC version of CyberVote has some light flash animation as tile' banner shows.. When a registered. database requires VwO level passwords from the employee. and wheo 'to alter an entry. decide when and how' to add. Another feature CyberVote is to' ensure safety of its database is. i. . altering entries. number-win determine the encryption algorithm .and SHA512.01f security to the data of voters. Altering the population.D. one level password given by two employees. FigtU'IC 3 shows relanonships dIe system. fellows: m . This. It win be encrypted afterwards. especially the employees controlling the population data.N et provides. a simple interfacewhh a jninimal number of frames that is. voter hits on register button. The techniqueprovides high. new entries into the populstioncwher. This feature also helps the beginner users of the internet to browse CyberVote without any help. which provides SHA~. data. on the login page. Cybervete has an open source code that isreleased when. that provides the use very complicated algorithrns andmethodstryingto provide the security and privacy bJ voters". ehangetheir passwords.el due to the availability of 'encrypting algorithms that provide the required security for the system. degree . any action win 'take place either adding entries. 5 database. . Ion regular bases.. Cyber'Vote uses different classes for security= that Microsoft Visual Studio . prompting the employees to.or deleting entries wiUbe documented in [I separate table in the database. Idennfication number of the employee working on this action. .~ SHA25{i-. This. SI'-IA512~wbieh provides provides SHA256 encryption SJ-IA5 12 encryption method. to delete an entry. F orrnsA uthentication. Furthermore. and a timestamp that showsthe date and time of the update.e. which eliminates any pmbability of back doors. privacy and security of voters by providing the implementationphases step by step: The' online voting systems CybefVote hats different levels of authentication for different users. usernames in orderto enable the employee 'to work on deleting records from the database.

IM... the system will transform into the second step of registration asking for a.o[tuJil . After validating the data provided by the voter. which enhances the security features of Cyberv'ote security enhancement. If 'the voter is not registered yet.:! -10" I I~'I iii . as shown in Piglue 8~ the system will not -allow the voters toaccess their pages.. in Figure '9. ' U .Y~H u iiiHftnJiliiJut!ki(liil. after signing into CyberVote. It should consider other devices like handheld devices and mobile phones. u __ ~ -_--. by m.gistta:tionprocess and win also send an email confirming the process. Figure 4 . secret question ill case of the voter forgot the password shown ""I. Y<OinfoX' l'iF~t~j~ IO.81ges designed for voters should be easy to understand and use by all levels of society.. and registration period did not expire yet" voter should UBethe registration link that wil] invoke the: registratioe module as shownin Figure 5. Thawilr..w IU~(J . CyberVotle system will issue a letterto confirm the r-e. During' the voting process.'Dtintg. if a user tries to login before the voting process starts.rVote Ending Registration PflOCe5S Afterthe registration process is.Fizure U -"~. TIle main logon page is shown in Figure 4. as shown in F"nguIe7. voters should ehoose tile candidate out of the list as shown. hance not to Ich008e any of the candidates. Wi:' w._ ' "'b~. Also.223 Web p. Furthermore..~lIB: Figure?" Cybe.Login page of CybefVete system.~ '!lIif..I 1 !!:.1Ii".Hl :. votes' data win be deleted 'UOD1 CyberVote database. as shown in Figure 10.. When bitting on Vote. complete. The social security number wil] be added to the confirmation list.. they get the.

~ffrl'9' E "':s~y.:. ~JDlld¢qnqD xzr-: 'RA x·v - . __ II. complete. email.f1 nn'ornllt ----- which is a list consists only of social security numbers that will be notified late Ion.-. an employee and his I her supervisor an! required to sign.2j ..ii~t~ . Figure 8..and dates.. le .. ~ r"..~ t· Vaii:(l[Raeu~1ri( Ji When adding a candidate as shown ~rl candidate will be validated according regulations. Other department will be' responsible for adding candidates the' data of candidates.-Th". Login prior voting process Figure 15.~ will enable the administrator to specify the times and dates for both registration and voting processes . and altering ~ .. and then will be added to file candidate databas e. I . adding to it. . MkrOl>""... SMS text message.w_nlean methods the system determine. .J __ ~ rug ' :: .o~~·l ~i~I."lor". setting voting and registration times .224 ELLEI'THY AND. for adding any new entry.. -- r . as shown in Figure ]11 and Figure 12. on a ranonl tirne . RIMA WI --. or alter an entry as shown in Figure ffi4.'." . the administrator home pagewili show.. or even by mail confirming the voting process.An Employee should login first ..kro .. -. such as automated phone eall. After the login process is.. Administrator is all 'entity responsible for deleting from population databases. the to the voting •• ••• •• _. and altering on it SiJ10f' those processes are extremely important.r ~~tEJ :t3!l3. add entry...- n (. The Adrninistrator will choose either to set the voting and regi stration periods. Figure '9" Voting home page Figure ] I.The previous page.Administrator Side The administrator In Cybervote system is more than one department. it uses multistage passwords. This procedurewmH minimize any chance of database manipulation. every action ms registered with timestamps along with the ill' of the employee working on it. as shown in Figure' 13. ndor ..::"~ JNWIi!l .. delete entry.d . deleting them" When logging into the population table..-- ---." d epen'··'dl'\ .

. feasibility November of on Internet in the Electronic D'C~ USA. J" ao~'1 Welcome' X SSM.httn g [3] Workshop Starbtl~ Privacy Society.44. 44. Similar systems will replace "the traditional techniq ues of voting eventually. I[]] Rebecca Mercuri. oj· the i. 34 2004. 69-71. Time and Date setting 3. 'Conclusion and future work CyberVote system. .. Ontario.C:Yin dl}~ EmjU. [6] Tom Pender UML Bible. 39.ashington 1 ~~. ~ '. p..CM.J A. Adding a candidate 4.DESIGN~ANALYSIS AND IMPLEJ. t. Canada pp. [9] Aviel Dr Rubin 'ecurity Considerations of remote U elections' Communications of the ACM: 44~ January 2001. [8J Joe Mohen and Julia Glidden'! "The case for internet electronic December voting". of the A CM. "Inside risks: voting automation (early and often")" Communicatians of the A eM 43. 2000" page: t 76. Communications 2002...~ il ~~ .44. he implemented in future work.-i'ior ID PfiS~W' rrr! .l. U :!$mrti~ dilt~ 20 '!.. pv/executive/ivo. "A. report on the [2] California. Supervisor login page Figure 15. new step in the development of remote online voting. freedom and privacy : challenging the assumptions. CO'fJ1n1Unications of the ACjW. Biometric authentieation methods will 8upm.. In this technique we separate the voters from In tbis paper 'we presented voting". pp. :Ii ~ g. pp.1ENTATION OF A CYBERVO'TE SYSTEM 225 their ballots.45~ . CyberV ote is. 44. 73 .223~ 2000 .ca . [7] Phillips and Spakovsky "Gauging the risks of internet Figure 14. Furthermore.· of the 2004 ACA411l0rkshpp on PrivQ.c€'on Computers.!:! E_ ~ _!2 [5] L..85.. Figure 12. 2003. Hoffman and L. Communication . and Cranor" "Internet Voting for Public Officials: Introduction".g .~. Toronto. References . voting' "3' www.ss. Internet Voting Task F orce.teihome. 219 .. l . studies show that implementing such systems is feasible and practical with the'model'll technology resolving the security challenges. John Wiley & Sons.7 !! 2. Pro ceedi l27 ~ 7 flg. 101 II 1.: 33 - dalte. such as adding the keyboard stroke fingerprint and use the iris scan via webcams.1 H t~ 16 1~ 18 l'! II .~January 200t pp.it' 3[1 _!l 1.. [4] Computers Freedom and Pri vacy..~ the electronic societyJW. pp. a. Proceedings of the tenth cUJ~leren.