snd assignment 1.3 -report

8/9/2019 SND Assignment 1.3 -Report

1/34

Assignment title: System and Network

Design Group Project

Assignment Number: 1

Name of the Group: Group D

Name of the module: CS5401

Names of the lecturers:

Mrs. Vishaka Nanayakara / Mr. Samantha

Senaratne

Academic year: 2010

Group members

Surangi Alexander

Amila Shamika Ariyawansa

Tharaka de Alwis (108256D)

M.M.K. DissanayakaHarshana Porawagama

Copyright 2010 University of Moratuwa, Department of Computer Science


2/34



3/34

REVISION VERSION

Ver. No Date of Release

Prepared By ApprovedBy

List of changes fromPrevious Version

0.7 03/13/2010 Tharaka deAlwis

Draft template created


Merged documentssections of Mahesh,Surangi, Harashana andTharaka.


Merged Amilas literaturesurvey



4/34

Executive Summary



5/34

Group D SND Assignment 5

Table of Contents1.Introduction ....................................................................................................................................................9

Overview .......................................................................................................................................................9

Problem Domain .........................................................................................................................................10

Literature survey on other electronic voting systems .....................................................................................11History ............................................................................................................................................. ...... .....11

Direct Recording Electronic Systems .........................................................................................................11Electronic Voting in USA ...........................................................................................................................11

Voting Process ............................................................................................................................................11

Counting Process ........................................................................................................................................11

Risks .................................................................................................................................................. ...... ...12

Electronic Voting in India ................................................................................................... ...... ...... ...... .....12

Voting process ....................................................................................................................................... .....12

Counting Process ........................................................................................................................................13

Constraints to improve safety .....................................................................................................................13Solution ...........................................................................................................................................................14

Solution Overview ......................................................................................................................................14

Vision ..........................................................................................................................................................14

Scope ...........................................................................................................................................................14

Goals and Objectives ..................................................................................................................................141.1.1.Organizational Impacts ......................................................................................................................15

Requirements Electronic voting for Sri Lanka (Social barriers regarding electronic voting systems) ..... ....16

Anonymous vote ........................................................................................................................................16Transparency ...............................................................................................................................................16

Timelines for counting process ................................................................................................................ ...16

Dealing with lost/blank/invalid ballots .................................................................................................... ...16

Security ......................................................................................................................................................16

Accuracy/Integrity of ballots .....................................................................................................................16

Ease of use ..................................................................................................................................................17

Summary .....................................................................................................................................................17

Technical Design ............................................................................................................................................18

Operational Overview .............................................................................................................................. ...18

FairVote - Client SoftWare ........................................................................................................................18FairVote Voting Process ............................................................................................................................18

FairVote Client Features .............................................................................................................................18

Protect Voters anonymity ......................................................................................................................18

Transparency ...........................................................................................................................................19

Eliminates delays in the electoral process ............................................................................... ...... ...... ...19

Dealing with invalid/under-vote/over-vote cases ...................................................................................19

Enhanced Security ..................................................................................................................................20

Improved Accuracy and Integrity of ballots ...........................................................................................20Ease of use ............................................................................................................................... ...... ...... ...20

Usability features of FairVote ...................................................................................................................20

Offer informative feedback to users .................................................................................................... ...20

Design dialogs to yield closure ...............................................................................................................21

Offer error prevention and simple error handling ...................................................................................21

Use of Touch screen monitors ....................................................................................................... ...... ...21

Support multiple languages ....................................................................................................................21

Voice instructions for assistance ..................................................................................... ...... ...... ...... .....22Improved features for people with disabilities .............................................................................. ...... ...22

FairVote Audit Trails ..............................................................................................................................22

No scrolls ............................................................................................................................................. ...22

Network Architecture ................................................................................................................................ 23

Introduction ..............................................................................................................................................23

Main Application Server ............................................................................................................................23



6/34


Network Connections ................................................................................................................................ 23

Monitoring Stations ...................................................................................................................................23

Security Architecture .................................................................................................................................24

Introduction ...............................................................................................................................................24

Information security ...................................................................................................................................24Physical Security .......................................................................................................................................24

Hardware Specifications ............................................................................................................................25Hardware Requirements Summary ............................................................................................................25

Main application server Specifications ...................................................................................................25

PC server Specifications .........................................................................................................................25

Touch screen display unit Specifications ...............................................................................................26

High end firewall Specifications ............................................................................................................26

Low end firewall Specifications .............................................................................................................26Fault Tolerant Measures ............................................................................................................................27

Hardware Fault Tolerant ............................................................................................................................27

Software Fault Tolerant .............................................................................................................................27

Project Conditions ..........................................................................................................................................28

Assumptions ................................................................................................................................ ...... ...... ...28

Issues ...........................................................................................................................................................28

Risks .................................................................................................................................................. ...... ...28

Project Approach ............................................................................................................................................29Estimated Costs ..........................................................................................................................................29

Dependencies ..............................................................................................................................................29Project Plan .................................................................................................................................................29

Limitations and Possible Enhancements ............................................................................................. ...... .....31

List of Abbreviations ......................................................................................................................................32

Bibliography ..................................................................................................................................................33



7/34


List of TablesTable Number Description Page

Table -1



8/34


9/34


1. Introduction

Overview

Elections in Sri Lanka allow Sri Lankans to choose their presidential, parliamentarianand provincial council representatives and express their preferences for how they will

be governed. Naturally, the integrity of the election process is fundamental to theintegrity of democracy itself. The election system must be sufficiently robust towithstand a variety of fraudulent behaviors and must be sufficiently transparent andcomprehensible that voters and candidates can accept the results of an election.

EVote is suggested computerized voting system to Sri Lanka and it enables SriLankans to vote for any candidate in an easier and more convenient way in anypresidential, parliamentarian or provincial council election. Even though there aredifferent levels of educated peoples in Sri Lanka; the system has been designed in away that all they can vote accurately and confidently as they desire. The electoralprocess will be secured and unimpeachable with the introduction of the EVotesystem to the Sri Lanka electoral process.

EVote System eliminates the variety of fraudulent incidents which are happened inpast elections and the electoral process will be taken place transparently. EVotesystem ensures that particular person can vote only once and this feature willfacilitate to a perfect electoral process. The traditional ballot papers used in pastelections will be abandoned and touch screen terminals will be introduced to eachpolling station. This will reduce the huge expenditure involved in printing, storing andtransportation of ballot papers. User friendly interface in terminals will ease users tovote confidently and accurately. EVote voice commands are also used to increasethe confidence of the users and User Interface will facilitate to use Sinhala, Englishor Tamil in voting. After the polls are closed; votes are securely transferred to the

nearest provincial head office and then votes will be transferred to the main countingcenter securely. EVote system provides a secured vote transferring mechanism andit will avoid the frauds happened in transferring of ballot boxes in past elections.

The vote counting process of the EVote system is very efficient and the final resultscan be disseminated within few minutes after starting the counting process. Finalresults will be counted securely ensuring transparency and demonstrating integrity inthe process. EVote system allows to selected political party representatives toexamine the counting process and it will increase the peoples confidence about theelectoral process. Election Results will be released basis of polling divisions, districtsand all island. The System also facilitates to fast dissemination of election results byproviding effective mechanism to access the election results to government and

private media centers.

EVote System comports for country like Sri Lanka and will ensure the accuracy andfairness of elections in Sri Lanka and it will also reduce the election expenditures dueto its lower operating cost.



10/34


Problem Domain

In most of the past elections there were many claims regarding the accuracy of theelectoral process in Sri Lanka. Most of claims ended up with court proceedings also.These frauds are happening due to the security gaps, malpractices of the existingelectoral process in Sri Lanka.

Following problems are identified as key issues in current electoral process

No mechanism to ensuring a voter votes only once Using fake ballot papers Ballot box lost during the transport Biasness and malpractices in counting process

One of the major issues in Sri Lanka electoral process is not having an approach toensure that a voter votes only once. Even though the National Identity Card is usedto identify a person it was not compulsory in most of the past elections. Due to theabove reason one person may have a chance to vote more than once and thereforeit will highly affect to the fairness of elections.

Ability of using fake ballot papers is another issue in electoral process in Sri Lanka.Some incidents were reported where the fake ballot papers were used in pastelections. Since those ballot papers are very much similar to the original ballotpapers it is difficult to identify those as fake ballot papers. So it also affects to theelection results badly.In current electoral process ballot boxes are sealed at the polling centers to avoid thefrauds happening while the transportation of ballot boxes to the counting centers.Even though the ballot boxes are sealed before sending them to the main countingcenters; there were occasions those ballot boxes are hacked and filled with fakeballot papers. Also there were situations some ballot boxes are lost during thetransport. In the last presidential election also some original voted ballot papers were

found after the election from a paddy field.

There can be frauds happening in the counting process also. Even though countingis examined by the political party representatives; many incidents were reported inpast elections in the counting process. Since peoples involve in the counting processit is difficult to avoid biasness and other counting related issues. Sometimes it has torecount the votes due to the malpractices used in the counting process and in such ascenario it delayed releasing whole election result.

At many of the recent elections there has been allegation of fraud, malpractices inthe voting centers as well as there has been allegation of biasness in the counting

process. All of above mentioned problems are identified as key issues in the existingelectoral process. EVote system is directed to overcome all the issues identified inthe current electoral process.



11/34


Literature survey on other electronic voting systems

History

Since voting is considered as one of the most important rights of a citizen in anydemocratic nation, the method of voting has also been changed time to time to make

the process more safe and convenient. In early days like 1700's the in United Statesof America oral elections were conducted. Later they have changed to writtenballots, in fact this is the method which is being practicing in most countries in theworld today. In USA this was revolutionized further through Lever Voting Machines,Punch Cards, Optical Mark-Sense Scanners. These techniques improved thecounting process of the votes.Then around 1996 they have introduced Direct Recording Electronic Systems(DREs)[1]. This was widely used after the year 2000 for all the elections. Lateraround 2004 this was adapted by several other countries like Basil, India,Venezuela.

Direct Recording Electronic Systems

This provides an electronic version of the ballot paper interface so that the voterscan give his/her input using buttons or touchscreen. The data is processed by acomputer program so that the real time counting is possible.

Electronic Voting in USA

After analyzing some of the problems encountered in 2000 presidential electionusing the punch card voting system USA government put more effort to upgradethere current voting system. As a result DRE was introduced.

Voting Process

1. Here the voters registration process is also computerized and uniqueusername and password are given to the voter.2. Voter goes to the voting center and logs onto the coting machine (Herevoters identity is also verified using given username and password).3. Machine displays all the contestants and voter can proceed with his/herpreferences.4. Finally he/she has to make the confirmation so that the votes getregistered.

Counting Process

A public network DRE voting system is an election system that uses electronic votes

and transmits vote data from the polling place to central location over a publicnetwork. So that it has the facility of transmitting votes as they are cast orperiodically as batches of throughout the election day or as one batch at the close ofvoting. Based on the technique used, a real time counting happens at the centrallocation.



12/34


Risks

According to the critiques even though well established network security features arebeing used, having a network to communicate votes to a central server, exposes thesystem to unimaginable risk.

Electronic Voting in IndiaEven though some of the controversial incidents occurred in USA with the usage ofelectronic voting machines, in year 2004 India came to success with 380 millionvotes on more than 1 million voting machines. The task of creating inexpensive easyto use voting machine was successfully done by two Indian companies. Theycreated a machine which looks like a cross between a computer keyboard and aCasio music synthesizer.

The System is a set of two devices running on 6V batteries. One device, the VotingUnit is used by the Voter, and another device called the Control Unit is operated bythe Electoral Officer. Both units are connected by a 5 meter cable. The Voting unithas a Blue Button for every candidate, the unit can hold 16 candidates, but up to 4units can be chained, to accommodate 64 candidates. The Control Units has Threebuttons on the surface, namely, one button to release a single vote, one button tosee the total umber of vote casted till now, and one button to close the electionprocess. The result button is hidden and sealed; it cannot be pressed unless theClose button is already pressed.

The voting unit has a list of candidate's names and their Party Symbols pasted onthe surface, and a Blue button to cast a vote faces ever candidate's name. The PartySymbols (like a Lotus, an elephant, a horse etc.) are approved by the electioncommission to be unique, All political parties use these symbols while campaigning,and illiterate people can identify their candidates by looking at his symbol, and

pressing the blue button in front of his symbol.

The order of the candidates can be rearranged which means unscrupulouspoliticians couldn't rig the machines at the factory, since they wouldn't know whichbutton would be assigned to which candidate. On the other hand the software isembedded into a micro processor which is not possible to re program. If someonetries to pry open the machine, it automatically shuts down.

Voting process

1. In India voters' registration process is happened manually. So that each voter isbeing registered based on their paper ID card.2. At the voting center the voter is identified this paper ID card.3. Like Sri Lanka, voter's finger is marked with a special ink so that the ink cannotbe removed easily.4. While the voter is entering to the voting booth, the electoral Officer then Pressesa button on his Control Unit, that releases a single ballot, for the voter to use, this ofcourse is electronic so it just enables the Voting unit to register one Vote.5. When the voter arrives, he/she presses a button in front of name and electionsymbol of the candidate.



13/34


6. Real time response system is also included with the machine so that a lightglows red and a beep is emitted, indicating that a vote has been registered.

(When a trouble arises, an election official can push an override button thatshuts down the system.)As far as the infrastructure of electronic voting systems between India and USA isconcerned the major difference is that not like the machines used in USA, Indianmachines are not networked. All the votes are being stored inside the machine itselfat a particular voting center.

Counting Process

1. After the voting is done, electoral officer finishes the voting by pressing the theClose switch on the control unit. After that no further votes are registered by theunit. The total number of the Votes registered are noted by all political party agentsand then the control units are put into its own special carrying case, and sealed for

transport.2. Control units from different polling centers are collected to a central districtcounting center.(One such center is situated for each district)3. At there all the sealed control units are opened. These control units are comesup with special button to obtain the results which is physically secured by aprotective seal. When this is pressed it gives the Serial number of the Candidate,and the votes that he has won.4. At this point the election commissioner has to check the total number of votesdisplays in the control unit with actual number of voters. If they are not tally eachother then the machine is found to be faulty. As a result the commissioner ask for a

re-election.

Constraints to improve safety

Only 5 votes are accepted by the system in a minute. Also the the polling centers aredistributed such a way that maximum number of total votes in any polling centercannot exceed 1500. As a result if someone forcefully captured the booth, he/shecan cast only maximum of 1500 bogus votes, but the climax here is that this will takeminimum 5 hours time.



14/34


Solution

Solution Overview

Over the years at many elections there have been allegations of fraud, malpracticesand biasness in the counting process, some even leading to court proceedings.

Delays in the releasing of election results due to inefficiencies in the countingprocess have brought a dilemma on the Sri Lankan voting system as a whole.

From this project we strive to design an ICT based electoral counting process in SriLanka to eliminate the following main areas of concern from the existing votingsystem and procedures

Effective and efficient counting of ballot papers

Eliminating fraud Securely transferring the counted votes from the Counting Centers to the

Election Secretariat (main office) Ensuring transparency and demonstrating integrity in the process Efficient dissemination of election results

Vision

Design an efficient and cost effective voting system for Sri Lanka's department ofelections covering the entire vote counting and results announcing process ensuringreliability, availability, fault tolerance and security to conduct Presidential,Parliamentary, Provincial and Local Elections in a free and fair manner.

Scope

Goals and Objectives

Goals Objectives

Effective and efficientvoting through atouch sensitivecomputers.

Eliminate fraud that might in-cure with the use ofphysical paper and ballot boxes.

Cut down the recurring costs associated with longlist of voting papers with all candidate informationfor future elections.

Support users of all groups of age, gender,language and level of education (computer literacy)to easily and effectively cast the vote.

Transfer votes to ahosted central serverlocated at head office ofDepartment of electionor ICTA.

Eliminate the transfer of ballet boxes of counting.

Eliminate the existing manual counting process

which has become questionable over the recentyears.

Cut down the costs in mainlining counting centersat 22 districts.

Ensure Security,Reliability, FaultTollerance and

To ensure transparency and demonstratingintegrity in the process.



15/34


Availability during theelection period.

Use a cost effectivevoting system that canbe used by theDepartment of election

for over a long period oftime (10 years)

Reduce the cost of infrastructure for the votingsystem that Department of election might have toundertake.

Reduce the recurring costs associate with everyelection place.

Provide the final resultswithin a maximum oftwo hours of duration.

Efficient dissemination of election results.

1.1.1. Organizational Impacts

OrganizationImpact to and Participation ofOrganization

Department of election Processes and procedure followedaccording to a new act.

ICTA Technology and Infrastructure used withinthis institute will be used for elections.

Nanasala (currently 600 centers islandwide)

Technology and Infrastructure used withinthis institute will be used for elections.

Government schools and institutes withICT facilities.

Technology and Infrastructure used withinthis institute will be used for elections.



16/34


Requirements Electronic voting for Sri Lanka (Social barriers regardingelectronic voting systems)

Anonymous vote

Ballot is considered as a secret vote and a right of each and every individual in a

democratic country. Usually this will determine which party will govern the country.Therefore anonymity of votes should be given special consideration. Many peoplefear or are very reluctant to have their votes discovered by any of the candidateparties. If vote is not secret, severe security concerns may arise regarding safety ofvoters. Therefore with computerized voting systems, people will have variousconcerns. Since their ballot is electronically recorded, people who are used tomanual voting might not feel same safety regarding anonymity of their votes.

Transparency

Computing systems compute results in manner which is not transparent to the endusers of the system. With manual counting, people can see the progress of anelection process, how ballots are being counted at any given point in time. But whenthis process is computerized, this is hidden to the voters and every one who is

interested in the election.

Timelines for counting process

When compared with manual election process, automated election should be able toachieve timelines in fairly impressive manner. If delays are encountered incompleting the count and in the release of unofficial preliminary results, this will havea negative effect on the confidence in the voting process. Therefore speed ofprocessing is another critical aspect.

Dealing with lost/blank/invalid ballots

Currently in Sri Lanka we are using a manual process for elections. Therefore blankballots and invalid ballots are very common cases. Due to theses reasons number ofvalid ballots are lessen and this has a huge impact on the election process. To holdan election, government and tax payers of a country have to bear a huge cost. Ifballots are wasted, the election is just an extra cost to a country with no usefulpurpose.

Security

Current process of elections is more vulnerable to fraud. From the time voting beginsto the completion of the count, ballots may be modified, tampered or replaced,specially when ballot boxes are moved to another location. Therefore security in this

process is a major concern of voters, counting officials and national and internationalelectoral observers.

Accuracy/Integrity of ballots

Accuracy in the election process ensures Integrity of ballots. Both manual andcomputerized election processes must ensure that votes are accurately recordedand counted. Without this assurance, it is more likely that the voters will loseconfidence in the election. Ultimately whole election process is at a risk. Therefore



17/34


accuracy of this process is another main concern of interested parties of an election.Furthermore, later discovery of errors can lead to accusations of fraud.

Ease of use

Recent studies indicate many electronic voting systems have failed simply becausethese interfaces are not user friendly. Users of electronic voting systems accept suchsystems to be simple and less complex. In traditional manual election process, usersspend very less time for voting. If votes are directly recorded using electronicsystems, users should be able to use these systems with less learning effort andwithout ant burden.

Summary

These are major sociological barriers for the design of electronic voting systems.Therefore design of such systems should take these aspects in to consideration.



18/34


Technical Design

Operational Overview

FairVote - Client SoftWare

We propose client-server architecture for FairVote system. The client sidesoftware will be installed at voting centers spread Island wide. Since mostSriLankans are not computer literate, this software should have a relativelyeasy to use interface. FairVote will use touch screen monitors so that eventhe computer illiterate voters can use this system without much burden.

FairVote Voting Process

The traditional voting process will remain the same except some parts of itwill be automated using FairVote. The voter will arrive at the designatedvoting location and check in. Voter will not be authenticated by the system,instead committee of elections department will check for the legitimacy of thevoter as in the current process. Voter will be directed to FairVote Client touchscreen system where voter can cast a valid and satisfactory ballot with theassistance of the FairVote Client. First screen of FairVote will prompt thevoter to select the language (Sinhala/Tamil/English). Once the language isselected screens will be based on that language.

At first voter will be asked to select the party (Beetle leaf, Elephant,Trophy...etc.). Images of each party will be displayed together with the partyname. Next voter has to select the candidate. Images of each candidate willbe displayed together with the name. Finally User may submit, cancel or spoilhis/her vote. For that three option buttons Submit, Cancel, Spoil areavailable. Ballot will be validated and recorded by the system. These ballot

records are pushed to FairVote Server system running at Headquarters whenthe election is over. After that, processing will be carried out by FairVoteServer system in a timely and elegant manner.

FairVote Client Features

FairVote client is designed with above mentioned social aspects in mind.FairVote Client Features addresses these social barriers.

Protect Voters anonymity

Some computerized systems use PIN numbers, bio-identification

techniques such as fingerprints when user first arrives at the system. Butstudies indicate that PIN numbers can be stolen, fraudulated, or evensold. On the other hand voters are not willing to use fingerprints since theyfear their identity will be stored in the system and it will expose risks onthe voters. Therefore, to protect anonymity of votes, voter identity will notbe recorded in FairVote system. There will not be any login/userauthentication screen in FairVote. This will improve the confidence in thevoter and make FairVote a very practical solution for computerizing Sri



19/34


Lankan election. Capturing and storing user identity along with his/hervote cant be accepted due to ethical and legal reasons.

Furthermore, FairVote uses a manual process to validate voterauthenticity. Just like in current manual process, committee of electionsdepartment will be present at the voting center and make sure that thevoting process is not vulnerable to fraud and only the rightful votersexercise their right.

Transparency

For the election process to be open and transparent, representatives ofpolitical parties, national and international electoral observers should beallowed to witness and/or participate in the process. Manual counting is byits nature more transparent than computerized counting. If vote countingis computerized, new mechanisms for ensuring transparency need to beintroduced. Therefore to improve transparency, FairVote will use externalaudits.

Furthermore, we need to make this process transparent to end users ofthe system. At the point of casting a vote, after the vote is made, if voterwishes to have a printed copy of his/her vote, the system can generate acopy of the ballot selection. This will not be generated for every ballot bydefault, because it will have a performance issue. But if a voter wants toget a printed copy, his request can be accommodated by the system.

Eliminates delays in the electoral process

Achieving timelines in the electoral process is significant for a DirectRecording System. As mentioned in the social barriers of electronic voting

systems section, achieving time lines should be a special concern of anelectronic voting system. As soon as election process is over, ballotrecords are pushed to FairVote Server system running at Headquarters.After that, processing will be carried out by FairVote Server system.Special features of FairVote server and its processing will be mentioned inthe next section.

Dealing with invalid/under-vote/over-vote cases

FairVote is implemented in such a way that these situations will beminimized and hence vote count will be increased. In the usability sectionof FairVote Client this will be described in more detail. Designinginterfaces to minimize errors and recover from errors is an importantconsideration in a system. Therefore necessary checks will make surethat votes are not wasted as invalid votes. Furthermore, a user is entirelyfree to cast a blank vote if he/she wishes to do so.In this way, good design of electronic voting systems can reduce numberof blank and invalid ballots. In addition, proper fault tolerance mechanismsmust be in place to ensure that computer system failures will not result inlost ballots.



20/34


Enhanced Security

Using various mechanisms such as SSL, XXX security is enhanced andthe whole electoral process is no more vulnerable to fraud. This willimprove the electoral process greatly, compared to current situation.

Improved Accuracy and Integrity of ballotsThe manual process of counting votes is susceptible to lots of humanmistakes. Some votes may not be counted. Ballots that are damaged,unreadable are discarded from the totals. FairVote can ensure that suchmistakes will not happen. FairVote Client running on each voting center isdesigned to minimize voter errors. FairVote will alert voter if a ballot isinvalid due to over/under voting. Since whole process is automateddamaged or unreadable votes are impossible. Furthermore if a voterwants not to vote for any of the candidate, that is also allowed withFairVote design. This way FairVote design is flexible for the voter whileimproving accuracy of this process. Since ballot counting is automated,FairVote adds accuracy to whole election process enhancing voterconfidence in the election process.

Ease of use

Voters expect electronic voting systems to be easy and simple so thatthey can use the system with minimum learning effort. Usability featuresof FairVote section will cover how this aspect is handled with respect toHuman Computer Interaction principles.

Usability features of FairVote

Studies indicate many electronic voting systems in past have failed resulting

further erosion of voter confidence in the election process. According to theseresearches this is due to lack of usability in design of such systems. Ideallythese systems should be designed focusing on the users of the system.Every citizen of a country has a right to vote. Therefore electronic votingsystems should be designed to assist voters in easily exercise this right.Therefore, design of a Direct Recording System (DRE) should take in toconsideration about various issues such as human error, capabilities of DRE,goals of the voters, how the voters will go about achieving those goals,natural flow in which the voting occur etc. At the same time, design shouldgrant the system on features such as easy to use (or usability), userfriendliness, interactivity etc. Various Human Computer Interaction (HCI)

principles can be used for designing effective, user friendly and interactivesystems. Below we will discuss how FairVote Client interface design isimproved with HCI principles.

Offer informative feedback to users

Invalid votes are a common case for any election. Therefore systemshould provide meaningful information regarding errors encountered sothat users, themselves can recover with less burden. Voters might enter



21/34


wrong inputs. At this point, some systems provide error codes or displayerrors such as Your vote cant be processed. Rather than displayingsuch less informative errors, systems should be able to provideinformative feedback on such situations. Ex Your input is wrong. Itshould be in the following formatetc.

Design dialogs to yield closure

The interaction between user and system can be considered as a dialog.So the closure of dialogs should be designed in such a way that theclosure is seen by the user. If not when interacting with systems, usersmight wonder whether actions they carried out were actually performed ornot. To simplify the users interaction with the system it is important tomake sure that users are aware of it, when a particular action has beencarried out. With voice instructions provided by FairVote client, the dialoginteraction between voter and system can be improved. Also, voter can bemade more confident about casting of votes. Closure of this dialog inFairVote is designed in such a way voter is sure that he has successfully

made the vote.

Offer error prevention and simple error handling

Error handling on the other hand has to be supported by any system inorder to encourage exploration and relieve anxiety. If error prevention isnot supported, users will be frightened to use the system not knowing howto recover from various errors that they might encounter. With errorprevention and error handling users will be free to use functionality withless anxiety. At the same time users will be encouraged to explore thedepths the system. FairVote interface is designed both to prevent errorsand handle errors. Each screen has a specific help space on the bottom

left corner of the screen. This help box is allocated with useful instructionsfor each step. If errors are encountered users can simply recover with outany burden.

Use of Touch screen monitors

FairVote will use touch screen monitors so that even the non-IT literatevoters can use this system without much burden. If voters have to use akeyboard and a mouse to cast their vote, most Srilankan voters will find itvery difficult to use the system. Therefore FairVote uses touch screenmonitors. Although FairVote will be designed with a very user friendlyinterface for Sri Lankan community, still a media campaign needs to betriggered within Sri Lanka to educate voters. This campaign will make

sure that voters will be more confident to use the system.

Support multiple languages

Sri Lanka is a nation of multi-religious, multi-races and multi-culturalcommunities. Each community has different cultural aspects andlanguages. Therefore FairVote will be designed to accommodate all threelanguages, Sinhala, Tamil and Ennglish. At entry point, voter will be asked



22/34


to select his/her preferred language. From that point onwards users caneasily interact with the system using preferred language.

Voice instructions for assistance

To reduce learning overhead on the side of the voter, interfaces will be

designed with voice instructions. At starting point users will be promptedfor voice instructions. If user decides to get voice enabled help, based onusers preferred language, voice instructions will be provided. This willguide users to accomplish their task easily. In addition, each voting boothwill have a designated employee to help users in case they needassistance to use FairVote.

Improved features for people with disabilities

Almost 10 percent of the worlds population lives with some type ofdisability. Many such people find it difficult to exercise their right to vote.By taking in to account various user interface design principles, Electronicvoting systems can allow greater accessibility for individuals with

disabilities. Since FairVote design incorporates voice instructions, elderlypeople and people with visual disabilities can be assisted to make correctchoices when casting votes.

FairVote Audit Trails

Whole election process is monitored by national and international bodies.Since FairVote automates whole process, it is important that at any pointin time, it should be able to trace back and check for validity of theprocess. Audit Trails can be carried out and leave out all doubts regardingFairVote process. At each voting center, FairVote Client is connected totwo databases. In the event of primary database failure, backup database

can take over. Furthermore the backup database can be used for auditingpurposes. Using a separate algorithm to count the ballots audit trails canbe carried out. Furthermore, recounting of ballots is not costly with theFairVote system compared to current situation.

No scrolls

FairVote Interface will not have any scroll bars. Having scrolls in thescreen might be a problem since most voters are non-IT literate. Design issimplified not to have any scroll bars. Voters will be able to use FairVotesimple and accurately.



23/34


Network Architecture

Introduction

The proposed network architecture for the eVoting system is described in the Figure

xx. The main components of the network are described in the following part.

Main Application Server

There are four main application servers which carry out the eVoting systemprocessing. There are two main application server sets running at twophysically separated locations,

o Site 1 Department of Electionso Site 2 Undisclosed

The counting process is to be run at both locations separately and after allthe processing is done results is to be compared and verified.

In a single location there are two servers, primary server and the backupserver connected in hot standby. Hot standby is a method of redundancy inwhich the primary and secondary (i.e., backup) systems run simultaneously.The data is mirrored to the secondary server in real time so that bothsystems contain identical information.

Network Connections

The network connections required for the site 1 and site 2 are acquired fromthe national ISP provider. The network links are required to have 99.9%availability at the Election Day. The existing Internet connections at thepolling centers are used to connect polling center servers.

If a polling center does not have an Internet connection, the polling centerserver should be transported to the nearest Internet available polling centeror a Nanasala station.

Monitoring Stations

Each site has five monitoring terminals. Four will be monitoring pollingactivities while one will be monitoring the network and system activities.



24/34


Security Architecture

Introduction

The information security is considered as most critical in the eVoting system.

The following mentioned security implementation and security policies arefollowed in this system.

Information security

There will be 4 application servers and estimated 12000 polling centerservers (PC servers). SSL certificates are provided to the 4 applicationservers and for the polling center servers digital certificates are providedwhich supports client side authentication. From this mechanism applicationservers get authenticated to the polling center servers and vice versa.

All data from the polling centers are digitally signed and encrypted before

transmission using corresponding digital certificates. This process is done ina security module in the polling center servers.

All the polling center servers are connecting through Extranet VPN to themain application servers. Exranet VPN supports the use of Internet as itsbase and deals with a wider scale of users and physical locations to allowthe PC servers to access main application servers.

Passwords to the main application servers are divided in to two parts. And itis to be distributed among two persons (One is from the technical team andthe other from appointed by the election commissioner).

Passwords to the PC servers are divided in to two parts. And it is to bedistributed among two persons (One is from the technical team and the otherperson will be the head of the respective polling center).

Physical Security

The main application servers should be placed on a dedicated server rackand it should be kept locked.

All physical accesses should be logged.

No remote login should be allowed to the server.

The server rack should be under video surveillance. And the video should berecorded for future reference.



25/34


Hardware Specifications

The following required hardware must be purchased to setup the eVoting system. Allmentioned hardware are mandatory requirements. Note that in network site 1 andsite 2, available routers and switches will be used to support the network

infrastructure. This measure is taken to minimize the hardware cost that will requirefor a complete network infrastructure.

Hardware Requirements Summary

Requirement Number requiredMain application servers 4PC servers + Monitoring PCs 12000Touch screen display units 12000High end firewalls 2Low end firewalls 2

Main application server Specifications

Feature Minimum configurationForm factor Rack mountableProcessor Intel Xeon Quad Core Processor 2.93

GHzFront side bus 1333MHzChipset Intel

Cache 8MBMemory (RAM) 4GB DDR-3 RDIMMsHard disk drives 5 x 300GB Hot-swap SATA with 7200

rpmRAID support Hardware RAID 5Built in IO ports 1 x RS232 serial, USB x 4, 1 x mini-DIN

keyboard, 1 x mouseNetwork interface 2 x Ethernet 100/1000 MbpsOptical Drive DVD+/-RWPower supply unit Redundant unitsOperating system support Redhat Enterprise Linux

PC server Specifications

Feature Minimum configurationForm factor Mini-ITXProcessor Intel Atom 1.6GHzFront side bus 533MHz



26/34


Chipset Intel 945GC ChipsetCache 1MBMemory (RAM) 2GB DDR-2Hard disk drives 1 x 160GB with 7200rpmRAID support NoneBuilt in IO ports 1 x RS232 serial, USB x 4, 1 x mini-DIN

keyboard, 1 x mouseNetwork interface 1 x Ethernet 10/100 MbpsOptical Drive DVD+/-RWOperating system support Windows XP

Touch screen display unit Specifications

Feature Minimum configurationDisplay size 17 inch

Resolution 1280x1024 at 60HzParts per inch 96Response rate 2msColors 16mConnections Analog (VGA), USB for Touch function,

Internal Power supplyPower consumption Energy star complaintKensington Lock Support YesSpeakers YesFree Accessories Power cable, VGA cable and USB cable

High end firewall Specifications

Feature Minimum ConfigurationThroughput 100MbpsNumber of interfaces 4Number of firewall policies 250Firewall connections 25000Firewall connections per second 3000Network interfaces Ethernet 100/1000 MbpsNumber of zones 4

VPN functionality SSLMemory 256MB

Low end firewall Specifications

Feature Minimum Configuration



27/34


Throughput 50MbpsNumber of interfaces 4Number of firewall policies 50Firewall connections 5000Firewall connections per second 1000Network interfaces Ethernet 100/1000 MbpsNumber of zones 4VPN functionality SSLMemory 128MB

Fault Tolerant Measures

In order to maximize the availability and reliability of the eVoting system, thefollowing fault tolerant measures are undertaken.

Hardware Fault Tolerant

eVoting main application server is replicated in two physical locations

Single location consists of a primary server and an active standby server

One server is configured in hardware RAID level 5.

Software Fault Tolerant

Database level redundancy ?

Data processing ?

Data integrity check between site1 and site2



28/34


Project Conditions

Assumptions

Issues

# Date Priority Owner Description Status & Resolution1 03/13/10 High Commis

sioner ofelection

According topublicationsmade by ICTA,only 10% of SriLankans are ITliterate

Educate the public onusage of such touch basedsystem in means TV,Media, Newspaper andExhibitions.

2 03/13/10 High President

Certain PoliticalParties willcriticise thesystem nomatter what.

Public awarenesscampaigns needs to beperformed right from grassroot level to upward levels.Political support isrequired safe guard

confidence level of thepublic.

Risks

# Risk Area Likelihood Risk Owner Project Impact-Mitigation Plan

1 Server crashesduring theelection day

Low ElectionDepartmentIT Team

Have backup servers ready withinthe Elections department.Backup procedures need to befollowed by IT staff ensuring highavailability.

2 Votingcenter PCcrashes

Low ElectionDepartmentIT Team

Have backup PC in the votingcenter.

3 Voter turnout will dropdue to hightech natureof the votingsolution

Medium Commissioner

Ensure a across island campaign toeducate users of all ages, gendersand different ethnic groups.Have simulated systems for publicusage.

4 Voters findit difficult touse thesystem

High TechnicalAdvisoryTeam,SoftwareDevelopmentfirm

Necessary usability standards andguidelines need to be includedSample testing needs to beperformed to identify whether theusability stands are really met bytaking people from different ages

and ethnic backgrounds.



29/34


Project Approach

Estimated Costs

Cost DescriptionDateEstimate Per Unit

Quantity Cost (Rs)

Touch PC voting center and

backup[Assumed Windows Vista/XPlicense already installed]

03/13/10 200000 11000 *

2

2200000000

Cod Core Server with RAID 03/13/10 500000 4 2000000

Software development -Java/JEE

03/13/10 10000000

Auditing (ICTA or Price Waterhouse)

03/13/10 2000000

Oracle 11g/SQL Server 2008license

03/13/10

VPN software free/commercial

03/13/10

Labor cost (trained staff at

voting points)

03/13/10 15000 (1

monthsalary)

5000 75000000

Domain name registry andHosting

03/13/10 20000

Touch PC voting center andbackup[Assumed Windows Vista/XPlicense already installed]

03/13/10 200000 11000 *2

2200000000

Total

Dependencies

A new act needs approved within the parliament to make process and proceduralchanges within the election department

The total cost for the voting system needs to be added to next budget of thegovernment.

Need to call tenders to purchase Servers, PCs, Software and Network equipment.

Need to call tenders to find a local software development company to develop thevoting system.

Need to setup a technical advisory team to ensure voting system meets acceptancestandards and guidelines

Need to setup a Procedure roll out committee responsible for implementation ofprocesses and procedures within the Department to make use of the voting system

Need to setup an audit team to ensure that department is ready to rollout the overallvoting system for the next up and coming election.

Need to setup Media campaign to educate the general public on how to use votingsystem to eradicate doubt, bring trust and confidence

Project Plan

Departmental SOW Owner Due Date (Sequence



30/34


relative to events)Approval of Proposal Commissioner

Cabinet MinisterPresident

A new act for change process& procedures for the

Department of election needto be approved

President or CabinetMinister

Once proposal is approvedby Commissioner and

President

Budget for overall cost of thevoting system needs to beapproved

President or FinanceMinister

Next budget

Call tenders to find a suitablesoftware development firm tobuild the voting system.

Commissioner After budget approval

Setup a technical advisoryteam to ensure voting systemmeets acceptance standardsand guidelines

Commissioner Once the softwaredevelopment company isgiven the go ahead fordevelopment

Call tenders to purchase ofHW and Network equipmentrequired for the voting system

Commissioner After budget approval andtreasury has released funds.

Setup a Procedure roll outcommittee responsible forimplementation of processesand procedures within theDepartment to make use ofthe voting system

Commissioner Once the software is readyfor use within thedepartment.

Setup an audit team toensure that department isready to rollout the overallvoting system for the next upand coming election.

Commissioner Once the software is readyfor use within thedepartment.

Setup Media campaign toeducate the general public onhow to use voting system to

eradicate doubt, bring trustand confidence

Commissioner, Procedurerollout committee andTechnical advisory

committee.

After Department is ready touse the software and beforethe next election



31/34


Limitations and Possible Enhancements



32/34


List of Abbreviations

Acronym/Abbreviations Description

CRM Customer Relationship Management



33/34


Bibliography

There were 10,875 polling stations throughout the country for the lastpresidential election.: http://sundaytimes.lk/100117/FunDay/fut_01.html

Problems with electronic voting systems a blog with user comments :http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html

http://www.essvote.com/flash/demo.html

http://www.slelections.gov.lk/news.html

http://sundaytimes.lk/100117/FunDay/fut_01.htmlhttp://www.schneier.com/blog/archives/2004/11/the_problem_wit.htmlhttp://www.essvote.com/flash/demo.htmlhttp://www.essvote.com/flash/demo.htmlhttp://www.slelections.gov.lk/news.htmlhttp://sundaytimes.lk/100117/FunDay/fut_01.htmlhttp://www.schneier.com/blog/archives/2004/11/the_problem_wit.htmlhttp://www.essvote.com/flash/demo.htmlhttp://www.slelections.gov.lk/news.html


34/34


Appendix A: Glossary

snd assignment 1.3 -report

Documents