e-Voting Application using Barcode Vtoken

Bowo Prasetyo Isolated e-Voting System in a Precinct Secured with Vote Sealing and Paper Audit Trail
December 10, 2011 http://www.scribd.com/prazjp http://www.slideshare.net/bowoprasetyo

e-Voting Application

e-Voting Application is an open source project aiming to create an e-voting system which complies to European e-Voting standard and EML specification. e-Voting Application is also used as basis to create an e-voting system which complies to Indonesian e-Voting standard which is being defined by Badan Pengkajian dan Penerapan Teknologi (BPPT).

Download and License

e-Voting Application can be found here: http://sourceforge.net/projects/evotingapp/ It is under the license GPL v3, basically means:

You may download, modify, use and redistribute it freely. Derived works should be made open source too under the same license.

e-Voting Application Components

Client side applications:

Vtoken Generating application (VG). e-Voting Machine application (EVM). Vote Counting application (VC). e-Voting Tabulation system (EVT).

Server side systems:

e-Voting Scenario

Voting opening

Administrator opens voting process. Administrator generates vtoken using VG. Voters cast vote using EVM. Administrator closes voting process. VG/EVM generates result in files. Administrator sends result to election body.

Voting session

Voting closing

Result delivery

Voting Opening
EVM VG EVM

EVM

Administrator opens voting in VG machine and all EVM machines

Voting Opening

Administrator opens voting process on the machine by pressing an open voting button on VG/EVM. When opening voting process, VG/EVM:

Activates and deactivates some functions. Generates a pair of private key public key for digital signature:

VG: vtoken-private.bin and vtokenpublic.bin

EVM: private.bin and public.bin

vtoken-public.bin is then copied from VG

machine to each EVM machine.

Voting Opening

Before administrator open voting process on the machine, VG:

cannot be used to generate vtoken. can be used to reset ballot box. can be used to generate vtoken. cannot be used to reset ballot box.

After administrator open voting process, VG:

Voting Opening

Before administrator open voting process on the machine, EVM:

cannot be used to cast votes. can be used to view result. can be used to reset ballot box. can be used to cast votes. cannot be used to view result. cannot be used to reset ballot box.

After administrator open voting process, EVM:

Voting Session
VG EVM
2. Voter validates vtoken 1. Administrator verifies voter barcode and casts vote and gives vtoken barcode

4. Voter puts paper audit trail into audit box

3. Voter takes paper audit trail

Voting Session

Voter verification

Administrator verifies voter identity. Administrator generates vtoken as proof of right-to-vote using VG machine. EVM validates vtoken before voting. Voter casts vote using EVM.

Vtoken generation

Vtoken validation

Voting

Voting Session

Vote sealing

EVM seals vtoken + vote using digital signature. EVM collects sealed votes in ballot box electronic. Voter takes generated paper audit trail and puts into audit box.

Vote collection

Paper audit trail generation

Voter Verification

Before voter casts a vote, administrator verifies for two things:

voter's identity, and whether voter is eligible to vote. manually using traditional identity card, or electronically using digital identity card, or combination of both.

Administrator performs voter verification:

Vtoken Generation

Vtoken is a proof of right-to-vote for voter. It is issued by administrator after voter verification. It is generated by Voter Generator (VG) application as a unique random number. It is validated by EVM before voter casts vote.

Vtoken Validation

Before EVM can be used to cast vote, it should validates vtoken of the voter. Voter can use EVM to cast a vote, if:

Vtoken is validated as the right one issued by administrator. Vtoken is validated as the one that is not already used before.

Voting

Voter uses EVM to cast a vote by:

Scanning vtoken barcode. Choose a candidate with a touch. Confirm the choice with a touch. Take paper audit trail and put it in audit box.

Vote Sealing

Each vote casted by voters is combined by their unique vtoken and sealed. By sealing it means:

Encrypts vtoken + vote.

Makes it hard-to-read by bad guys. Makes it cannot be altered (integrity). Makes it cannot be denied as coming from the machine (non-repudiation).

Digitally signs the encrypted vtoken + vote.

Vote Collection

Each sealed vote (encrypted and digitally signed) is collected into electronic ballot box.

Technically speaking, they are collected in a table in MySQL database.

Sealed votes are collected in random order such that it cannot be traced down to the voter.

After each vote the table storage is physically reordered according to some random number.

Paper Audit Trail Generation

EVM prints paper audit trail as soon as collected e-vote into electronic ballot box. Paper audit trail is a visual proof for voter that his/her choice is correctly accepted.

Hence paper audit trail should clearly print the voter's choice in human readable format.

Paper audit trail is also counted as comparison to e-vote in the case of dispute.

Hence paper audit trail may also print additional machine readable barcode.

Voting Closing
EVM VG EVM

EVM

Administrator closes voting in VG machine and all EVM machines

Voting Closing

Administrator closes voting process on the machine by pressing a close voting button on VG/EVM. When closing voting process, VG/EVM:

Activates and deactivates buttons. Generates a result file:

vtokens.bin containing vtokens

generated.

result.bin containing voting result.

Voting Closing

Before administrator close voting process on the machine, VG:

can be used to generate vtoken. cannot be used to reset ballot box. cannot be used to generate vtoken. can be used to reset ballot box.

After administrator close voting process, VG:

Voting Closing

Before administrator close voting process on the machine, EVM:

can be used to cast votes. cannot be used to view result. cannot be used to reset ballot box. cannot be used to cast votes. can be used to view result. can be used to reset ballot box.

After administrator close voting process, EVM:

Result Management

Administrator sends voting results from each machine to election body. Each EVM machine generates voting result:

#-*-result.bin: a binary file containing all

sealed votes casted by voters on the machine.

#-*-public.bin: a binary file containing key to

verify and decrypt the sealed votes.

VG and each EVM also generates audit result:

#-vtokens.bin with #-vtoken-public.bin #-vtoken-audit.log, #-*-audit.log

Voting Result Management

Files result.bin contains sealed votes which are encrypted and digitally signed. To verify and decrypt this sealed votes, the suitable public key is needed. Therefore each #-*-result.bin should always be accompanied by corresponding #-*public.bin.

Audit Result Management

Paper audit trails are physically collected and could be counted in case of dispute. File vtokens.bin contains generated vtokens which are digitally signed. To verify this vtokens, the suitable public key is needed. Therefore each #-vtokens.bin should always be accompanied by corresponding #-vtokenpublic.bin.

Audit Result Management

Files #-vtoken-audit.log, #-*-audit.log contains record of all actions taken by user along with its timestamp. These are digitally signed by VG/EVM, and could be verified using corresponding #-*-vtokenpublic.bin/#-*-public.bin. These could be used to reconstruct all actions happened during evoting process for audit purpose. Since all sensitive information related to vote confidentiality is not recorded, these cannot be used to trace down voters and their choice.

Key Management

VG machine generated a pair of key:

#-vtoken-private.bin #-vtoken-public.bin #-*-private.bin #-*-public.bin

Each EVM generated a pair of key:

#: precinct no. *: room no.

Private Key Management

Private key is used to digitally sign vtoken as well as sealed vote. After voting process finished, private key from all machines should be:

copied to external media, deleted from each machine, and guarded securely from being misused.

Misuse of private key for example could generate forged votes as being genuine.

Public Key Management

Public key is used to verify digital sign of vtoken and sealed vote. Public key is also used to decrypt sealed vote. After voting process finished, public key from all machines should be:

copied to external media together with corresponding

result.bin/vtokens.bin

deleted from each machine, and guarded securely from being misused.

Misuse of public key for example to decrypt sealed vote by unauthorized person.

References

LEGAL, OPERATIONAL AND TECHNICAL STANDARDS FOR EVOTING, Recommendation Rec(2004)11 adopted by the Committee of Ministers of the Council of Europe on 30 September 2004 and explanatory memorandum.