Download - VoteSA Final Report(000627624)
1
Implementing a windows-based application for the South African voting system focusing on
encryption techniques
Name: Fulufhelo Miswe
Student No: 000627624
BSc. Business Information Technology
01 November 2010
10,731 words
A dissertation submitted in partial fulfillment of the requirements for the University of Greenwich‟s Bachelor of
Science Degree in Business Information Technology
2
Coursework Header Sheet
173150-11
Course COMP1181: Dept of IS & MM UG Project Course School/Level CM/UG
Coursework Project - CTI Randburg - DEC 10 - AC Assessment Weight 100.00%
Tutor K Jamil Submission Deadline 18/11/2010
Coursework is receipted on the understanding that it is the student's own work and that it has not,
in whole or part, been presented elsewhere for assessment. Where material has been used from
other sources it has been properly acknowledged in accordance with the University's Regulations
regarding Cheating and Plagiarism.
000627624
Tutor's comments
Grade Awarded___________ For Office Use Only__________ Final Grade_________
Moderation required: yes/no Tutor______________________ Date _______________
3
Abstract
Voting fraud is increasing in the elections around the world in countries that are still stuck to the
traditional ballot paper elections despite the advancement in technology. This project was
undertaken with the aim to create an application that exercises strong and secure encryption
algorithms to eliminate the current paper ballot voting system in South Africa. The solution came
after research, investigation and analysis of similar alternative systems that are in the market as i-
Voting, DRE (Direct-recording electronic) voting system and voting over virtual private
networks.
In the project I acknowledge that any voting system should be secured hence the research
surrounding encryption is included in the development of the project to select the safest method
of encryption. The system was developed using Visual basics 2008 and Microsoft Access.
Requirements were gathered using RAD techniques and tools as the requirements catalogue to
determine what functionality the system.
I developed the system based on my knowledge of databases that I acquired in the previous 2 and
half years and visual basics which was a module I did in my first year. The analytical skills used
in this project I gained through courses from my degree.
The application has major room for development as it could be developed for the client IEC
according to their specifications. Given more time and research further advancements can be
made and enhancements made to adjust to the fast moving technological world and needs.
Please note, any supporting material to this report has been included in the zip file including the
source code to the application, the application install file and the database.
4
Acknowledgements
Firstly I would like to thank my parents for making it possible that I study and the support they
continuously give me through life and my academics. My friends and family played a vital role
in pushing me to do my best and focusing on the project. The staff of CTI Randburg as a whole
was supportive and especially Blessing Mdunge and Colin Chaplin for helping me find the way
when all navigators seem to have failed me.
My fellow students made it easier and enjoyable it was fun working with them and I thank them
for making it a great academic year.
Above all I thank GOD almighty for bringing me to this day that I complete my project and
giving me the strength to go on.
5
Table of Contents
Abstract ......................................................................................................................................................... 3
Acknowledgements ....................................................................................................................................... 4
1. List of Figures ........................................................................................................................................... 8
2. List of Tables ............................................................................................................................................ 9
3. List of Abbreviations and terms of reference .......................................................................................... 10
4. Introduction ............................................................................................................................................. 11
5. Literature review ..................................................................................................................................... 13
5.1 Introduction ....................................................................................................................................... 13
5.2 Methodology and method research ................................................................................................... 13
5.3 Chosen Methodology and Structured method ................................................................................... 17
5.4 Current Voting Process ..................................................................................................................... 18
5.5 Trends in voting systems .................................................................................................................. 18
5.6 Encryption ......................................................................................................................................... 18
6. Objectives ............................................................................................................................................... 20
6.1 Main Objectives ................................................................................................................................ 20
6.2 SDLC Objectives: ............................................................................................................................. 21
7. Description of work done ........................................................................................................................ 22
7.1 System Analysis ................................................................................................................................ 22
7.1.1 The current voting system .......................................................................................................... 22
7.1.2 Advantages of the current voting system ................................................................................... 24
7.1.3 Disadvantages of the current system .......................................................................................... 25
7.1.4 Current similar system ............................................................................................................... 25
7.2 System requirements ......................................................................................................................... 27
7.2.1 Legal, Ethical and constitutional considerations ........................................................................ 27
7.2.2 Requirements definition ............................................................................................................. 28
7.2.3 Classes for development users ................................................................................................... 31
7.2.4 The Use case .............................................................................................................................. 32
7.2.5 Entity Relationship diagram ....................................................................................................... 34
7.2.6 Data Flow Diagram .................................................................................................................... 36
7.3 Preliminary System Design ............................................................................................................... 39
7.3.1 High level system architecture design........................................................................................ 40
6
7.3.2 User interface design .................................................................................................................. 41
7.4 Initial Prototype ................................................................................................................................ 42
7.4.2 Feedback ........................................................................................................................................ 43
7.4.3 Requirements refinement ............................................................................................................... 43
7.5 Design new prototype ....................................................................................................................... 43
After the results from the first prototype I redesigned the interface and coded the application for the
new prototype which was my second iteration. ...................................................................................... 43
The new prototype met all the requirements when tested as shown in section 7.6 ................................. 43
7.6 Testing............................................................................................................................................... 44
7.6 Summary and Presentation of results ................................................................................................ 46
8. Conclusion .............................................................................................................................................. 47
8.1 Discussion on the out come .............................................................................................................. 47
8.2 Conclusion ........................................................................................................................................ 48
8.3 Lessons Learnt .................................................................................................................................. 49
8.3 Recommendations, What can be done to further improve the system? ............................................ 50
9. List of Resources used during the production f the project .................................................................... 51
Bibliography ............................................................................................................................................... 52
Appendix ..................................................................................................................................................... 54
Appendix A ............................................................................................................................................. 54
Appendix B ............................................................................................................................................. 61
Appendix C ............................................................................................................................................. 62
1. Login ....................................................................................................................................................... 64
2. Administrator menu, Figure b-2.............................................................................................................. 64
2.1 Select voting to allow the voters to vote ....................................................................................... 65
2.2 Select manage to access the management tasks ............................................................................ 65
2.3 Select exit to close the application ................................................................................................ 65
3. Adding a voter to the registered voters ................................................................................................... 65
Enter the details of the voter and press register ...................................................................................... 66
3. Broadcasting the votes ............................................................................................................................ 67
4. Print voting results .................................................................................................................................. 67
Appendix D ............................................................................................................................................. 68
Appendix E ............................................................................................................................................. 76
7
The Gantt chart ................................................................................................................................... 76
Appendix F.............................................................................................................................................. 77
User interface design ........................................................................................................................... 77
Appendix G ............................................................................................................................................. 82
Test results .......................................................................................................................................... 82
Appendix H ............................................................................................................................................. 84
VoteSA: The diary .............................................................................................................................. 84
Appendix G ............................................................................................................................................. 88
Project Proposal .................................................................................................................................. 88
8
1. List of Figures
Figure 1(Image from www.iec.co.za) ......................................................................................................... 23
Figure 2(image accessed from www.iec.co.za) .......................................................................................... 24
Figure 3 ....................................................................................................................................................... 36
Figure 4 ....................................................................................................................................................... 37
Figure 5 ....................................................................................................................................................... 39
Figure A- 1 .................................................................................................................................................. 54
Figure A- 2 .................................................................................................................................................. 55
Figure A- 3 .................................................................................................................................................. 56
Figure A- 4 .................................................................................................................................................. 57
Figure A- 5 .................................................................................................................................................. 58
Figure A- 6 .................................................................................................................................................. 59
Figure A- 7 .................................................................................................................................................. 60
Figure E- 1 .................................................................................................................................................. 76
Figure F- 1 .................................................................................................................................................. 77
Figure F- 2 .................................................................................................................................................. 77
Figure F- 3 .................................................................................................................................................. 78
Figure F- 4 .................................................................................................................................................. 78
Figure F- 5 .................................................................................................................................................. 79
Figure F- 6 .................................................................................................................................................. 79
Figure F- 7 .................................................................................................................................................. 80
Figure F- 8 .................................................................................................................................................. 81
Figure G- 1 .................................................................................................................................................. 82
Figure G- 2 .................................................................................................................................................. 82
Figure G- 3 .................................................................................................................................................. 83
9
2. List of Tables
Table 1 ........................................................................................................................................................ 42
Table 2 ........................................................................................................................................................ 44
10
3. List of Abbreviations and terms of reference
DBMS – Database Management System
DFD – Data Flow Diagram
DRE – Direct-Recording Electronic
DSDM - Dynamic Systems Development Method
eVoting – electronic voting
GUI – Graphical User Interface
ID – Identity Document
IDE – Integrated Development Environment
IEC – Independent Electoral Commission
IFP – Inkatha Freedom Party
IT – Information technology
iVoting – iVoting is “the casting of a secure and secret electronic ballot that is transmitted to
election officials over the Internet” as stated in (Gibson,2001)
LAN – Local Area Network
RAD –Rapid Application Development
SQL - Structured Query Language
SSADM – Structured Systems Analysis and Design Method
11
4. Introduction
As technology further advances the single most important aspect in the running of a country has
failed to progress parallel to the technological advancement. South Africa has a young
democracy with its first ever free and fair elections being hosted 16 years ago in 1994, which
could explain the reason there has not been much advancement from the conventional voting
route, prior to democracy in the apartheid regime (which ruled between 1948 and 1994) only
those of white skin were permitted to partake in the voting process (Bernstein.H) and there was
very little choice between the parties to vote for. In 1994 when the apartheid laws were burnt and
South Africa had its first ever elections as a democratic country, this was a part of its new
constitution post-apartheid where all citizens were equal and every eligible citizen has the right
to exercise their vote to select whom so ever they please to govern them(SA Constitution). After
the apartheid government the IEC (Independent electoral commission) was in charge and still is
in charge of the voting system in South Africa.
In the most recent (2009 general elections) presidential elections in South Africa there were
reports of attempts to switch ballot papers in the KwaZulu-Natal region by the IFP (Inkatha
Freedom Party) political party, though the claims were never validated, this proves the
vulnerability of the paper based voting system as a party can have pre-marked ballot papers that
could be posted in the voting boxes or also switching the ballot papers as seen in our neighboring
country Zimbabwe. The paper-based system depends on the integrity of the officials and
coordinators who would also love their preferred parties in power, as known South Africa is a
country with a high corruption rate. The coordinators are volunteers which makes it easy for
them to accept bribes and be corrupted. The current voting system requires that the ballots be
transported to a central chosen municipal area center for the counting and computing of the
votes, during this process the votes can be intercepted by criminal groups, the votes can be
changed during transportation. The dependence in the humans to manually control the entire
voting process without use of any IT (information technology) reduces the integrity of the entire
process as it is known, human beings make mistakes.
Furthermore the fact that the voting system is paper-based means that the counting of the votes is
done manually, which takes time as all voting ballots have to be assembled in one center and
then separated for the counting and then counted again for verification, a computer application
12
would consist of sorting and calculating algorithms that would compute the results in a matter of
minutes for the entire country after completion of the voting process. The ballot collection from
all different voting stations consumes resource. South Africa is country with a population of
close to 50 million with 17,680,729 of them voting it is surely time consuming counting the
votes.
I have that I develop a windows-based application that will handle the voting system and phase
out the traditional paper-based voting system. The digitalized voting system will counter the
above mentioned vulnerabilities by removing most of the human elements in key areas of the
voting system as the counting of the votes and transportation of the ballot papers.
The system will allow the user to cast their votes, select their preferred national and provincial
candidates and then exit for the next voter, this process will be looped till the last voter at the
voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed
take place. Every hour the application sends an encrypted file of the votes to the main server for
that region for the overall counting of the votes and then displayed in public mediums for the
notifications of the polls.
The proposed system will function and comply with the constitution regulations to elections,
there will be an element of anonymity every voters vote is a secret and the system will ensure
that the voters vote is a secret and ensure the voters vote is counted. I understand that the voting
application will involve sending data over the network and the authenticity of information being
sent over the network is important (Bellare.M, Canetti.R and Krawczyk.H, 1996). An
authentication scheme that is of the highest quality will be discussed and chosen as the voting
process determines the future of the nation. It is a process that cannot afford to have any
vulnerability with attackers and hackers on the internet that can temper with the votes and lead to
the wrong party being put in power which will not be the will of the people.
13
5. Literature review
5.1 Introduction
This literature review aims to discuss the possible Systems development life cycles (SDLC) that
could be used in developing the Voting system and select the ideal SDLC based on what will be
discussed along with structured methods
5.2 Methodology and method research
The following research into various methodologies will help me select the methodology that will
best serve my project taking into account the views of different authors o similar methodologies,
this gives me a better indication of the real advantages and disadvantages of each method and
methodology
In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is
due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book
was published in 2001 which is a nine years back and there has been more developments in
methodologies however what I picked reading through was the author of the book supports
waterfall more than any other model that was discussed in the textbook which is due to the time
the book was published. At that time waterfall was seen as an industry benchmark, a tried and
tested approach even if it had flaws that the author discussed like its lack of iteration in
development and lack of interaction with the user which a more recently used and accepted
methodology(DSDM) states are the key elements to a successful project. The author prefers
waterfall due to the fact that it offers simplicity in gathering requirements and the ease in
planning out the set out stages.
From my analysis of the article waterfall offers a step down approach where requirements from
one stage are complete before moving on to the next stage, forcing each stage to be completed in
isolation and nothing can be done before all the previous stages are complete and it‟s very hard
to change requirements as there is no iteration so when one stage is closed there cannot be any
changes or modifications made. Furthermore waterfall only shows the top level stages of a
project it does not show a realistic view of the project detailed.
14
In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the
author does not go into detail, after analyzing this lifecycle model I realized that it is the same
life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses
more on testing. Testing is what makes the v-model better than the waterfall model which it
originated from though the author does not explain this model with the same enthusiasm due to
the fact that traditionally waterfall was widely accepted and trusted so project managers where
more comfortable with it. The testing linked with each stage is good as it tests to see if all the
requirements for that stage have been met. From observation and in depth analysis the
contrasting fact between the V-model and the waterfall is that waterfall model focuses on
documents and the artifacts and V-model focuses more on being correct on delivering a project
hence the testing stages.
The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one
stage to the other. From my analysis waterfall model is ideal to use in situations where the
requirements are well defined and won‟t change as it lacks iteration so the initial requirements
are what the final product will be based on. After reviewing articles from different authors I have
come to the conclusion that the waterfall model does not suit an IT project as the requirements
are forever changing and it will be hard for me to develop my project using waterfall model only
which is supported by the reasons stated by pressman why waterfall model projects fail being
that users rarely know what they want and once you move from one stage you cannot go back to
rectify whatever mistake you could have made
Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author
expressed interest in prototyping due to the fact that requirements can be changed which
compared to the waterfall and the V-model it has an advantage as they do not change
requirements therefore making it impossible to modify the system but prototyping the user can
get a rough sketch of the final product and change what they do not like. From my analysis
Prototyping is good as it has more interaction with the user
(Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the
model as their definition of prototyping below states that it shows an upcoming product
15
They define a prototype as “an early version of the system that exhibits the essential features of
the later operational system”
From analyzing both publications Information Systems Development methods in action and
Software engineering theory and practice second edition prototyping has repetition and changes
to requirements that make it ideal to developing projects that meet requirements better than the
waterfall or V-model
The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not
offer any new tools or techniques but its advantage is in the way RAD uses the available
techniques with different management principles. The authors regard RAD as a fast growing and
it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of
operation. RAD uses small empowered teams and the user is well-involved
The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other
methodology by use of the statement”… which is of especial interest to us is the dynamic
systems development method...” They justify their preference of this method due to its origins,
from actual development practice in organizations. Due to DSDM being a framework than a
traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM
consortium
The lifecycle has 5 core stages (DSDM Consortium, 2008 ):
Feasibility study
Business study
Functional model iteration
Design and build iteration
Implementation
The DSDM consortium describes DSDM as a framework that is based on trial and error from
experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools,
by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM
consortium allows for DSDM to be integrated with other methodologies to develop more
16
powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a
more robust and rigorous framework
Due to the publication being a DSDM consortium they do not cater for other methodologies they
strictly focus on their methodology
When developing a project it is essential to select not just the methodology but the structured method as
well. Structured methods have tools and techniques that support the methodology. One of the most widely
used structured methods is the SSADM (Structured Systems Analysis and Design Method)
(Weaver.P,2004). SSADM uses tools that help define the project
The waterfall model is an old model which goes as far back as the 1970(Weaver.P,2004) it was
introduced to create a formal method of the software development process, it follows a strict
stage to stage process, illustrated in Figure1.In each stage the products are verified before
proceeding to the next stage but in reality tasks of different stages often overlap. There is no
repeating of stages so it makes it hard to refine or add requirements thus it is used by big
companies that have analysts who can gather requirements fully in one stage and the
requirements are clear and less likely to change
A model that implements iteration in its stages is the spiral model, it is ideal for when the
requirements are unclear and uncertain (Weaver.P,2004). The iteration process involves drawing
up high-level requirements and creating a prototype for the requirements, after analyzing the
prototype the requirements are checked and modified then new requirements are created and
another prototype is developed until the requirements are met fully and the can be no further
refinement this process is repeated
17
5.3 Chosen Methodology and Structured method
After careful consideration and the literature review on the different types of development
methodology and methods associated with the methodology I decided I will use the Spiral life
cycle to develop my system and use a hybrid method for the structured method combining
techniques from the RAD method and SSADM. After reading through (Weaver.P, 2004) I found
it is common amongst students to creating a hybrid method or a highly customized method. I
chose spiral as it will allow me to create prototypes and to go back and forth refining my
requirements, as a student I do not have enough experience or knowledge that will allow me to
gather all the requirements in a single take, so the flexibility of the spiral model of getting
requirements and working with what I have will allow me to program the requirements and fill in
what is missing and change according to what the supervisor requires of me till the system meets
all the requirements and does all it is supposed to. The RAD tools that I will use will allow me to
gather the requirements and present the information in a structured manner from the tasks of
each class and the use case that will state who does what on the system. To show flow of the
system I decided to use the data flow diagram from the SSADM method.
18
5.4 Current Voting Process
Currently the voting in South Africa is conducted by the IEC (Independent Electoral
Commission) which is responsible for the distribution of the ballot papers, the election process
and the counting of the votes. Mostly its employees are volunteers from the regions.
5.5 Trends in voting systems
The problems in traditional voting methods have opened room for discovery of new methods and systems
to cast a vote (Kohno.T, Stubblefield.A and Rubin.A.D, 2003). Across the world in developed
countries as the United States they have started implementing on trial bases the iVoting system which is
“the casting of a secure and secret electronic ballot that is transmitted to election officials over
the Internet” as described in (Gibson, R. 2001). In the year 2003 France joined the revolution and
tried to implement the iVoting system and in 2006 there were reports of Estonia as the first to
host iVoting elections successfully, thus far iVoting is being implemented in developed countries
as iVoting requires a great deal of technology to conduct, you will need a safe computer with no
viruses, a fast computer that can connect to the internet fast and will not fail during the voting
process so high speed connection is required. With iVoting it allows citizens of the country to
vote from any part of the world as it is being implemented in the United States of America (Alan,
2005) the American citizens can take part in elections from anywhere in the world provided they
have the requirements and registration.
Though there have been studies on the use of electronic voting systems these studies warn
against the use of this method due to the ever increasing challenges posed by information
technology(Kohno.T, Stubblefield.A and Rubin.A.D, 2003).
5.6 Encryption
There are two types of computer encryption which could be symmetric-key encryption which
requires two computers to have the same key in order to communicate between each other
(Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before
it sends it over the network, however as the person sending the data you must know which
computers will be communicating so the key can be installed in both computers. The keys started
as DES 56 bit in the 1970‟s and are currently on 256 bit keys
19
The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a
public key and a private key. The computer keeps the private key for itself and issues the public
key to the computer that wishes to communicate with it. The key pair is based on prime numbers
which gives an infinite number of possibilities making it a good form of encryption.
Currently in the market there is a program called pretty good privacy that allows the user to
encrypt data.
Many cryptographic techniques are discussed in studies (Bellare.M, R. Canetti, and Krawczyk.H,
1996), (Boneh.D, Franklin.M, 2003), (Cramer.R, Shoup.V, 2001) with reference and focus on
the mathematical aspects of the encryption. These studies focus on calculations on how to protect
data however they are not accurate as they have failed to successfully implement these findings
in a practical project. Encryption is a complicated topic as the internet can never be safe from
attacks and threats regardless of the best protection available as the same people that create the
protection know a way around the protection and it is only a matter of time before other equally
talented programmers figure out the loop holes, in essence anything that runs on an internet
network cannot be rendered completely safe (Goodchild. J, 2010)
20
6. Objectives
6.1 Main Objectives
The project aims to:
Digitalize the current paper-based voting system by creating an application that allows
the users to vote electronically on a computer or voting kiosk, tabulate results and send
the results to a central location thereby phasing out the element of human manual
counting of votes and transporting of ballots to a central location.
Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting
body in South Africa, Research programming algorithms, research on the programming
environment appropriate to program the application
Deliverable: Literature review, Interim report content, a programming environment and tools
to program the application selected
Eliminate the vulnerabilities in paper-based voting system
Activity: security research and effectiveness of the digital voting system, testing criteria
Deliverable: Test criteria, acceptance criteria
Speed up the counting of votes by creating an application that tabulates the results of the
votes
Activity: Programming algorithms analysis
Deliverable: a programming algorithm that will allow for the quickest way to display the
results
Eliminate the human element in the voting process
Activity: Design a voting application that has minimal human interference
Deliverable: A windows based application
21
Provide secure democratic elections
Activity: Explore security threats, isolate the threats and test the vulnerability of the system
against the threats
Deliverable: A threat proof application that is tested against vulnerabilities
6.2 SDLC Objectives:
Requirements analysis
Activity: Research, data modeling
Deliverables: Use case, requirements catalogue, data and process models
Code and implementation
Activity: Coding the front end which consists of the user interfaces and designing the
database that will store all the voting and the voters to avoid people who voted voting again
Deliverable: A fully functional voting system with a connected database
User Acceptance Testing
Activity: Testing the system through other individuals
Deliverable: Bugs or a well-tested system
Prototyping
Activity: Create prototypes
Deliverable: prototypes of the proposed system
22
7. Description of work done
7.1 System Analysis
Analysis is a phase in the system development life cycle, in this phase of the project
development the aim is to analyze current voting processes and systems so as to gather the
requirements of the proposed system
7.1.1 The current voting system
Any eligible citizen can take part in the voting process in South Africa, eligible as identified by
the constitution of South Africa as above the age of 18. An eligible citizen registers to vote in
upcoming elections before the elections on the day that the government has set out.
On the day of the election the registered citizen will go to an IEC (Independent electoral
commission) voting station to vote. The person provides a South African ID book or a temporary
identity document to the voting officials, the voting officer verifies that the person is registered
by checking the voters roll or they have a registration sticker valid to take part in the elections.
Once it is proved that the person is eligible to vote, the person‟s name is ticked off the voters list
and their ID (identity document) document is stamped on the second page and their thumbnail is
marked with ink as a mechanism to ensure they do not vote again.
The voter is then given two ballot papers one for the national elections and one for the provincial
elections, the voter then finds an empty ballot booth and casts their vote in, they then fold their
ballot paper so their selection is not visible, the voter then puts their ballot papers in the ballot
box and the voting process is complete for the voter, see Figure 1.
23
Figure 1(Image from www.iec.co.za)
The counting process begins at the end of the voting process and it is monitored by party agents
as IEC officials count each vote individually, at the end of the calculations the results are verified
and the IEC publishes the winner of the elections which would be the party with the most votes,
the ballot papers are packaged and sent to the local municipal electoral office, see Figure 2
24
Figure 2(image accessed from www.iec.co.za)
7.1.2 Advantages of the current voting system
It is important to acknowledge the advantages of the current system so that the proposed system
inherits all the good features that it can from the current system.
I. Authentication-The fact that the voter has to provide their identity document means that
there is a guarantee that the person has the right to vote and it is the correct person
II. Freedom- The constitution on the bill of rights states that every citizen has the right to
free and fair elections, when the voter goes to the election booth the person is alone and
no one can interfere with the voter
25
III. Anonymity – (Kohno.T, Stubblefield.A and Rubin.A.D, 2003) The voter votes in the
voting booth alone and there is no record or link to the voter after they deposit the ballot
paper into the ballot box
IV. Integrity – The voter can only vote once as they are inked on the thumb and their ID book
is stamped
7.1.3 Disadvantages of the current system
These are the factors the new system aims at tackling and eliminating
I. Duration – The voting process takes too long between the voting, counting and
announcing the results of the election.
II. Manual counting – This process depends on the integrity of the voting officials and it is
quite a tiring task counting the ballot papers, though there are officials who overlook the
process computerized systems can be much more effective
III. Fraud – In the most recent elections the IFP (Inkatha Freedom Party) was accused of
inserting ballot papers already marked in the ballot boxes and in our neighboring country
Zimbabwe there has been claims of rigged elections but due to lack of proof it is hard to
prove such
IV. Security – The ballots are transported to a counting center which they can be intercepted
whilst being transported
7.1.4 Current similar system
eVoting consists of many forms, it can be done over the internet or using digital systems as
voting kiosks and DRE‟s, currently in the market are the following methods of electronic voting:
Voting over the internet: (Mercuri.R, 2000) critics do not advise this method of eVoting due to the
threat posed by hackers that can intercept the process and create fake votes and there are people
who sell their votes as an attempt to make money and it will be hard to verify that the person is
making the vote freely and willingly over the internet as they can be intimidated to cast a vote
and the factor of security is still worrying when it comes to voting on the internet as some
systems do not enforce good security standards
26
Optical scanning voting system - When the user votes using the computer and the computer
prints out the votes and the voting officials take all the printed ballots to one location and
manually count them, similarly an electronic device scans and tabulates the results.
DRE (Direct-recording electronic voting system):
A direct-recording electronic (DRE) voting machine eliminate papers from the voting process
completely however they adopt the same process when it comes conducting the voting process,
the user goes to the voting station and provides their identification and after the verification of
the voter the voter is directed to a terminal to cast their vote in, the DRE presents the voter with
the possible candidates and the user makes a selection to proceed the DRE asks the user to
confirm the choice and after this the choice is stored and it is the end of the voting process for
one voter. The DRE is safe as it is not involved in networking through the internet, The only
threat to the DRE is the programmers and the officials that are conducting the voting process
hence a process has been introduced whereby the DRE prints the paper version and it is placed in
a ballot box for the counting to verify if the results from the DRE are accurate however this
process is redundant and it is still similar to the conventional voting method.
27
7.2 System requirements
From what was discussed in the analysis stage requirements are gathered in this stage for exactly
what the system will entail and the functional requirements of the system.
7.2.1 Legal, Ethical and constitutional considerations
1. The voting system should be transparent, the users should be able to see what they are
doing, and they should understand the whole process and what is happening to their
votes.
2. There should be paper trail of the votes, it should be verifiable that the votes indeed were
cast and can be accounted for.
3. A voter can only vote once, it is a constitutional right that can only be exercised once in a
term of voting, the voter should be registered and authorized to do so.
4. The votes should reflect the choice of the voters and reflect what really happened during
the elections.
5. Every citizen who is eligible to vote should be able to use the system, it should cater for
people with disabilities as well, and the system should not require specialized skills to
use.
6. The system should have an element of secrecy and the vote should not be traceable back
to the voter as a vote is a secret
28
7.2.2 Requirements definition
There are two types of requirements, the functional requirements and the non-functional
requirements, in this section I assign the tasks for the voting system to either one of the
requirements definition, this helps in the production state as it is easier to select the most critical
requirements for the system.
Functional requirements:
This are the features that explain the core functionality of the system, they explain what the
system does
Requirements catalogue for the voting system
Requirement ID:90011 Priority: M Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
Have a security system at logon
The voting system should be able to authenticate the administrators to ensure that there is no
illegal people gaining entry to the system
Non-functional requirements
Description Acceptable Target value
Password Authentication Alphanumeric password,
number password
Password must at least be six
characters
Encryption type >=256 bit 256 bit encryption
Attempts 3 times 1
Benefits: only the approved users will gain access to the system
Comments: If any illegal activities occur the it can be traced at which user this occured
Requirements catalogue for the voting system
Requirement ID:90012 Priority: M Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
The system will calculate the total number of votes and display the total and the percentage
Non-functional requirements
Description Acceptable Target value
Calculating algorithm Math functions Math functions in programming
language
Response time during calculation 0-35 seconds 20 seconds
Benefits: The votes do not have to be manually counted which takes time
Comments: The is accuracy in the results as the
29
Requirements catalogue for the voting system
Requirement ID:90013 Priority: M Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
Verify that the user is eligible to vote and the voter will vote once
Non-functional requirements
Description Acceptable Target value
Database Oracle, Microsoft Access Microsoft access
Benefits: The voter votes just once and there is no voting fraud that occurs
Comments: The voting integrity is maintained
Requirements catalogue for the voting system
Requirement ID:90014 Priority: M Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
Record and store the party candidate to allow for the voters to select the party
Non-functional requirements
Description Acceptable Target value
Input device Standard 101 keys keyboard,
Touch screen, barcode scanner,
enhanced 106 keys keyboard ,
mouse
Any of the suggested devices
Response time during capturing
The details
0-35 seconds 20 seconds
Benefits: The parties running for the elections will be represented and they will not be left out
Comments: The parties are the ones the voters are electing to represent them
Requirements catalogue for the voting system
Requirement ID:90015 Priority: M Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
Encrypt the votes
Non-functional requirements
Description Acceptable Target value
Encryption method symmetric-key encryption,
public key encryption
symmetric-key
Benefits: The voting will be secure and it will not be easy to try and sabotage the voting system
Comments: The encryption will done through the programming language using embedded encryption
algorithms as hashing
30
Requirements catalogue for the voting system
Requirement ID:90016 Priority: S Source: F.Miswe Sign-off: F.Miswe
Functional requirements:
Print the poll
Print a receipt of proof
Non-functional requirements
Description Acceptable Target value
Printer Laser printer, inkjet Laser printer
Paper Plain white paper Plain white paper
Printer response time 20 seconds Not more than 30 seconds
Benefits: There is a paper trail that the vote indeed happened and the user cannot vote again
Comments: The printer will be connected to a network of computers that print after the user is done
voting
31
7.2.3 Classes for development users
1. The voter – The voter is the end user of the system who has to cast the vote and
2. The Electoral commission officer – They conduct the voting process, printing the results
and helping the voters through the system
3. The South African government – They are ultimately the owners and sponsors of the
system as it is being developed for the South African voting system
4. IEC – Verify the votes and publish the results
32
7.2.4 The Use case
I developed a use case to explore all the scenarios that occur on the system, the use case changed
throughout as I added more features to the system.
Figure
33
Primary scenario
Use case for: VoteSA
Version: 1.0
Goal: To cast a vote in the elections using a digital application with encryption
Stakeholders: SA Government, Voter, IEC
Precondition: Voter must be South African citizen
Voter must be eligible to vote
Voter must be registered to vote
Primary case: 1. The IEC officer logs in on to the system
2. The IEC officer selects vote from the menu
3. The voter enters the ID number and voter number
4. The voter selects their preferred national candidate
5. The voter selects their preferred provincial candidate
6. The voter confirms vote
7. The voter receives a receipt
Post condition: Voting polls are updated
34
7.2.5 Entity Relationship diagram
Citizen
Voter
Voter_Receipt
Vote
IEC
Result
Political_Party
Vote_Log
Observer
Registers
Receives
Cast
Receives
Manages
Updates
Observes
Broadcast
d
National
Provincial
1, 1
1, 1
1, 1
1, 1 1, 1
1, 1
1, m
1, 1
1, 1 m,m
m,m
1, 1
1, 1 1, 1
1, m
M,1
35
Entity attributes:
Citizen (IDNO, Name, Address)
Voter (VoterNo, IDNO)
Vote (VoteNo, VoterIDNO, PartyID, ElectionType, VoteDate)
Voter_Receipt(VoterIDNO, VoteDate)
Vote_Log(FileNo, VoteNo, PartyId, ElectionType, Date)
Political_Party( PartyID, PArtyName)
Result(PartyID, PartyName, TotalVotes, ElectionDate, Percentage)
IEC(RegisterNo,Region)
Observer(ObserverId, ObserverName)
36
7.2.6 Data Flow Diagram
Context diagram below shows all the external entities that will interact with the system
Figure 3
37
DFD for registering a voter to the voters table
Figure 4
38
Figure 5
39
7.3 Preliminary System Design
In this stage I will design the system architecture, the components that are included in the voting
system. A deployment diagram and high-level architecture design are described in this chapter
Figure 6
40
7.3.1 High level system architecture design
The voter is required to register at the municipal they will be voting at to acquire a voting
number when they get registered, when they are registered the voter is on the voters roll that
allows them to participate in the elections. During this stage the voter and the IEC officers are
involved. In the event that a voter registered in another municipal and at time of voting they are
in a different area get registered on the day with proof of registration.
The above system in Figure 3 is a 3-tier system with the first tier which involves all the human
interaction where there is a front end application which allows for the users to vote and the IEC
officers to conduct the voting processes and printing the results. The actions done by the IEC
officer on the application on the first tier are monitored by the party agents to ensure that no
fraudulent activities occur
The second tier is the server that is the bridge between the database and the front end application
The third tier is the database management system, access that stores all the votes that are made
and the details of the registered voters.
Requirements for the system:
I. Windows XP or newer version
II. 256Mb Ram
III. 20Mb hard disk space
IV. Intel Pentium 3 2.0 GHz
41
7.3.2 User interface design
The design was results of refining the initial prototype to try and include the audience and appeal
to the user refer to Appendix F for screen shots of the user interface design.
The application was designed with simple white background and little decorations as this is a
professional software and has to be presentable, whilst creating the interface the goal was to
create a simple application that will require no specialized expertise as the applications will be
used by citizens of all ages starting from the age of 18 to the country‟s oldest citizen and people
with disabilities. The color white for the background was ideal as it is a color of peace and South
Africa has come a long way to value their democracy.
Throughout the application there are images of the national flag and the IEC flag to symbolize
that it is a proudly South African application and it is authorized by the IEC. Simple buttons and
labels are used to give instructions to the user.
There are examples to guide the user when voting
Large fonts were used for clarity and contrasting color blue which also has an element of peace
to was used to write the instructions to ensure they are clear and readable
Simple reports are generated for results
42
7.4 Initial Prototype
Please see Appendix A for the full initial prototype.
A prototype helps show a preview of what the final system can look like, in most cases it is used
to communicate between stakeholders and the programmer (Stapleton. J, 2003).
The first prototype was created to get an idea of the final required project; it had most of the
functionality that was identified in the requirements that were identified in the earlier stages,
there were three testers of the prototype who were each given the requirements catalogue and a
description of how the system is supposed to react and they tested the system against the stated
requirements. Whilst testing the requirements the users had to answer the questions provided in
Appendix B
The users that tested the system comprised of 3 members B.Mdunge (Lecturer), G.Makobe (IT
Student) and B.Ncube (A general person), the mix of individuals from different structures of life
allows the system to be tested by users of all expertise and get the views of all the users as it will
be used by every citizen.
The application was installed on a laptop and demonstrated to the testers to let them know and
explain to them what they will be testing and give them the details of the prototype so they
understand all aspects before testing. After the demonstration the voters had two days to test the
system against any concerns.
After the allocated two days the testers returned with their results and answers to the
questionnaire. Their response are listed in the table below Table 1
Tester Comments and summary of questionnaire
B. Mdunge The design is simple, maybe too simple for an application that will be used
across the country
It does not meet the objectives stated on the test plan
Functionalities are not running well
The results are incorrect
A voter can vote a million times
Voters who are not registered can vote
The system does not store the old votes when the new voter votes
G. Makobe You do not need an ID to vote
You can vote as much as you please
Nice simple design
Quick to use
Friendly and usable GUI
The application is not consistent
B. Ncube Simple design
I could not make my vote as the application kept on closing Table 1
43
7.4.2 Feedback
Requirements
Expand the system
Include authentication at login
Verify the voters
Check for voters that have voted and those who have not voted before
Confirm the voters votes by including a paper trail
Change the color scheme
7.4.3 Requirements refinement
The prototype is not meeting most requirements but that was anticipated as it stated that the
prototype has minimal functionalities, the concerns raised by the testers are mostly what was
expected as the functionalities are yet to be added, this prototype was designed to test the design
mostly and the components to include in the application.
The average user was more concerned about the interface and not what the application does as
they did not understand the mechanics behind the application and requested that the background
be changed. The concern however with what the other two testers discovered is that the database
is not working, the application is not reflecting the changes in the database.
The problem discovered with concern to the database is due to the database being saved as
.accdb and the solution is to save the database as .mdb which after being implemented worked.
7.5 Design new prototype
After the results from the first prototype I redesigned the interface and coded the application for
the new prototype which was my second iteration.
The new prototype met all the requirements when tested as shown in section 7.6
44
7.6 Testing
For the test result, consult Appendix G
Test Plan
Item tested How Steps Expected
results
Actual results Test date
Login Run the
application
Enter
incorrect
login details
An error
message
restricting
entry to the
system
An error
message
30 October
2010
Display
results
Run the
manage
window
Login
successfully,
select
manage,
Click display
result
A Data grid
showing the
result as
expected
Data grid
with poll
results
29 October
2010
Print results Run the
manage
window
Login
successfully,
select
manage,
Click print
poll
The national
and provincial
results
The national
and provincial
results
29 October
2010
Register user Enter data on
the register
tab
Access the
manage
window, click
register, enter
the voter data
and click
register and
check the
database if
the data is in
A message
box
confirming
the user is
registered
The data is in
the database
table for
registered
voters and the
confirmation
message box
29 October
2010
Registered
voter
Enter the id
number of a
non-
registered
voter
On the voter
screen enter a
random
number
A message
box showing
that the voter
has not been
registered
A warning
message box
23 October
2010
Table 2
45
Test Plan
Item tested How Steps Expected
results
Actual results Test date
Voting twice Vote
successfully
the first time
and try voting
again
Vote the first
time enter the
ID and then
on repeat
enter the
same voter
details
An error
message
showing that
the voter has
already voted
Message box
showing the
error
27 October
2010
Test Data
Login:
Username: administrator (not case sensitive)
Password: p@55word
Register Voter:
Voter No: 21
Voter Id: 2301036245091
Voter Name: John
Voter Address: 23 Hunter Avenue Randburg
Voting twice:
Voter No: 1
Voter ID: 9009146245081
Unregistered Voter:
Voter No: 32
Voter ID: 73839390939
46
7.6 Summary and Presentation of results
The application has met all the requirements that were set out during its second iteration, the
application allows for the voters to make a safe vote that only they know and they can change
their option should they discover they made a mistake during the voting
A voter only votes once and can only vote if registered on the voters roll
The application prints out confirmation that the voter voted
The application computes the results of the poll and broadcasts the results as well
Voters registered in another district are allowed to register on the voters roll to participate on the
elections in the area
47
8. Conclusion
8.1 Discussion on the out come
The system was developed for the South African voting system to combat problems as fraud and
enhance the voting process by adding technology to help create an efficient system, the main
goal of the system was to create a digital voting system that uses encryption technology to
protect the vote whilst it is sent to the server where all the votes are sent. The application uses
standard voting standards by ensuring anonymity where no details of the votes are linked with
the voter that made the vote, the application has qualities of the traditional method of voting and
a paper trail is used for the transparency of the system as proof that the votes were conducted and
they were not generated by the program.
The application uses strong authentication which allows only the IEC administrators to login,
after logging in the IEC officials have a menu to either vote or manage, the manage menu is
where the officer can display the results of the voting or print the results and also register voters
from other regions on day of voting.
The vote menu requires the user to select a language which other language packs have not been
loaded; only English is operational thus far. The voter enters their vote number and voter ID to
cast their vote for the provincial and national elections, the voter then gets a screen displaying
their choice and if the screen displays their choice they click confirm and a print to confirm is
made. A voter‟s guide (see Appendix D) is released to increase the transparency of the system
and let the voters exactly how to vote with the new system.
The system was not built using server technology as it is a prototype so testing for encryption in
transportation was not possible
48
8.2 Conclusion
Using Microsoft development tools, .Net Framework I created the voting application which was
one of the objectives of the project. The encryption that was used on the application is the
encryption function that is found in the Visual basics classes it allows the data being transported
to be encrypted and sent, the data that is being sent is then sent as a long string and similarly so
the data is decrypted by a function found on Visual basics to decrypt data. I failed to find
cryptography method that can be implemented to completely safeguard the votes as there is no
such method currently (Goodchild. J, 2010)
The safest way of voting is using a LAN or DRE that has paper trail and voting kiosks. The use
of a basic LAN will decrease the threats that are brought by internet and online vulnerabilities.
Digital voting still has a long way to go before it can provide credible results that will leave no
room for questions or doubt. But in the meantime resources can be devoted to test and try the
venture as it promises that it can be useful in the voting system provided it is implemented well.
In conclusion the project delivered on its aims to implement a voting system that operates
digitally, that is able to compute votes immediately and generate a paper trail for confirmation.
49
8.3 Lessons Learnt
It had been a long while since I developed using Visual basics 2008 so my programming skills
were a bit rusty at first but got the hang of it and just moved on from where I left a year ago, I
gained a lot of new skills that helped me and now I‟m proficient in the VB programming
language, I used Microsoft access for the database which affirmed my skills. Initially the system
was supposed to run on an SQL server but due to the delay in the project proposal acceptance it
was difficult to determine the environment and tools I will use, I did not have enough time to
familiarize myself with the SQL Server as I had not done it or used it before and I could not
acquire a copy of SQL Server that had all the functionality and drivers on time as I am using
windows 7, I had troubles installing the server so I could not use the SQL Server. But there was
little I learnt whilst troubleshooting trying to run the server
As this is a student project time was always going to be a worrying factor and indeed it proved to
be, suddenly when the final date crept closer the work scope just became more and more and that
is when I learnt that in projects you have to learn to multitask, to prioritize what is important and
what needs my immediate attention, I learnt to work under pressure, to deliver the best under
pressure and to value the opinion of those that I worked around as they pointed out things that I
could not see. And finally a lesson that I should have learnt years ago, procrastination will never
ever work to my favor and there is no better time than now to do something.
50
8.3 Recommendations, What can be done to further improve the system?
The goals of the system were achieved to create a system that will allow for quick computation
of results after voting is conducted and safely conducting the voting process.
Technology is growing and expanding every day to implement a digital system is a bit late
already as it is, most developed countries like the United States of America and Estonia have
already started experimenting with iVoting it has been ten years now since the year 2000 when
they first experimented with iVoting and since then they have been improvements to the process
adding more security features and ensuring its security, For South Africa to catch up they also
need to start implementing such technology as iVoting that will make it easier to conduct voting
and administrate the process. The trend is moving towards eVoting despite the security threats
which are being dealt with this is a cheaper more manageable solution to voting as oppose to
conventional ways of voting.
In the meantime this application I developed can be modified to work on kiosks that are easy to
setup and more languages can be added to cater for the 11 official languages in South Africa so
that the kiosks are customized to the language of the user and also have audio instructions so as
to assist the user on using the system.
The system was created with a voter‟s guide that can be given to voters when they register for
the next elections so they can familiarize themselves with the system they are going to be using
in the next elections.
51
9. List of Resources used during the production f the project
Visual studio 2008
Microsoft Office professional 2010
Windows 7 Ultimate
Fujitsu laptop li 3710
Printer
Internet – http://www.a1vbcode.com
Internet – http://www.elections.org.za
South African constitution
52
Bibliography
Bellare.M, R. Canetti, and Krawczyk.H, 1996. „Keying hash functions for message
authentication.In Advances in Cryptology:‟ Proceedings of CRYPTO ‟96, pages 1–15. Springer-
Verlag
Bernstein.H,(1978),For their triumphs and for their tear: conditions and resistance of women in
apartheid South Africa,International defence and Aid Fund, London
Boneh.D, Franklin.M,2003, „Identity-Based Encryption from the Weil Pairing‟ retrieved October
12, 2010, from www.springerlink.com/content/bf5j8nhdp32pxqgy/
Cramer.R, Shoup.V, 2001, ‘Universal Hash Proofs and a Paradigm for Adaptive Chosen
Ciphertext Secure Public-Key Encryption‟, retrieved October 12, 2010, from psu.edu
DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008
11:58:39, from DSDM consortium
Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies
Finkelstein.A, Kramer.J and Nuseibeh.B (1994). Software Process Modeling and Technology,
Research Studies Press Ltd. Taunton, Sommerset, UK.
Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in
action, McGraw Hill, London
Gibson, R. 2001. „Elections online: Assessing internet voting in light of the Arizona Democratic
Primary‟, Political Science Quarterly 116(4): 561-583
Goodchild. J, 2010,‟E-Voting: how secure is it?‟, CSO Online, Retrieved October 28,2010, from
www.verifiedvotingfoundation.org/article.php?id=6799
Law. A.M and KeltonW.D (2000). Simulation Modeling and Analysis, 3rd Edition, McGraw-
Hill,NY.
Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Education
Inc, United States of America
Pressman, R.s, 2005, Software engineering: A practitioner‟s approach sixth edition, McGraw
Hill, America
Rubin.A.D, 2010, Security considerations for remote electronic voting. Communications of the
ACM, Retrieved September 14, 2010, from http://avirubin.com/e-voting.security/
53
Schneier.B (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C,
JohnWiley & Sons, New York
The voting process [Image] 2010. Retrieved October 2, 2010 from
http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10
0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink
The counting process [Image] 2010. Retrieved October 2, 2010 from
http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10
0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink
Stapleton. J, (2003), DSDM Business Focused Development, second edition, Addison Wesley, Great
Britain
54
Appendix
Appendix A
Prototype
IEC voting system
1. The login interface for the IEC officials
Figure A- 1
55
Figure A- 2
56
4
Figure A- 3
57
Figure A- 4
58
Figure A- 5
59
Figure A- 6
60
Figure A- 7
61
Appendix B
Questions that were asked the testers of the first prototype:
1. Is the system user friendly? Please explain your choice if no and suggest a better solution
2. Did you encounter any difficulties using the system, if you did which aspect
3. What are your comments on the graphical user interface
4. Were you impressed with the time it takes for the entire voting process
5. What are the security threats you identified
6. Is there anything in particular missing on the system that you would like added
7. Are there any suggestions you have that will make the system function at its best
62
Appendix C
IEC Administrators guide
63
Table of Contents 1. Login ....................................................................................................................................................... 64
2. Administrator menu, Figure b-2.............................................................................................................. 64
2.1 Select voting to allow the voters to vote ....................................................................................... 65
2.2 Select manage to access the management tasks ............................................................................ 65
2.3 Select exit to close the application ................................................................................................ 65
3. Adding a voter to the registered voters ................................................................................................... 65
Enter the details of the voter and press register ...................................................................................... 66
3. Broadcasting the votes ............................................................................................................................ 67
4. Print voting results .................................................................................................................................. 67
64
1. Login
Login details, Figure B-1
Username: administrator
Password: p@55word
2. Administrator menu, Figure b-2
65
2.1 Select voting to allow the voters to vote
2.2 Select manage to access the management tasks
2.3 Select exit to close the application
3. Adding a voter to the registered voters
Click the manage button, see Figure b-1 and it will take you to a menu with the register option,
select the register button, see figure b-3
66
Enter the details of the voter and press register
67
3. Broadcasting the votes
On Figure 3 select the display poll button and the following screen with the total tally will be
shown
Select back to go back or exit to close the application
4. Print voting results
On Figure b4 select the print button and the total votes will be print
68
Appendix D
69
Migrating from the traditional voting system will only be successful if the voters know how to
use the system, for transparency the system should be well explained and the users are guided on
how to vote
70
1. What do you need to vote?
You will only need your ID book and the voter registration number that was issued to you when
you registered
2. How do I vote?
2.1 Step 1
Enter your ID number on the text field and select your voter number and press next, if you are
unsure about the procedure please ask for assistance from any visible IEC official
71
An example of the data that you enter is below, see Figure A1-2
72
2.2.1 Step 2
A registered voter will be taken to the next screen, see Figure A2-3, on this screen you make the
selection of your choice for the candidate you seek to represent you in national government
73
2.2.2 Select the party you want to represent you at the local government
74
2.3 Step 3
Confirm the vote that you make by pressing confirm, Figure A2-5 and if the vote you made was
a mistake and you wish to change select change and it will repeat the voting process
75
2.4 Finish
The confirmation screen that you have voted, Figure A2-6
That is all you need to know about your new voting system, we trust that you will enjoy using
the system and it will be to your convenience. Striving to make the country better
76
Appendix E
The Gantt chart
Figure E- 1
77
Appendix F
User interface design
Figure F- 1
Figure F- 2
78
Figure F- 3
Figure F- 4
79
Figure F- 5
Figure F- 6
80
Figure F- 7
81
Figure F- 8
82
Appendix G
Test results
Figure G- 1
Figure G- 2
83
Figure G- 3
84
Appendix H
VoteSA: The diary
At the end of the first semester I started thinking up of topics in which my final project will be
based on. I had two ideas after I started thinking of what I could do, one idea was a school
management system and the other idea was a bus control system. I had to weight which one was
more feasible to produce, at the end of it all after consulting my lecture I discovered that the bus
system will be too complicated for the project as I only have 200 hours for the whole project and
I have other modules and assignments in between. I chose the school management system and to
start off I went to a school in my township to find out the daily operations and what in their daily
operations can be automated making use of the interview technique and the observation. Due to
delays on project proposal acceptance I deviated from my initial project plan and schedule that is
displayed in the gantt chart on Appendix E
30 June 2010
After all the research and studying of schools and how they operate I compiled my project
proposal and sent it to my supervisor
15 July 2010
I got a response from my supervisor and my project proposal was rejected due to the complexity
that was involved as I had included a financial system which is a completely new system . I went
back home and reworked on my title and the proposal.
16 July 2010
I consult a staff member Blessing Mdunge to find out how I can refine my proposal to be
accepted, he gave me a few pointers and again I went home to incorporate the new information
gained
85
19 July 2010
I get a link from my supervisor on a school management system currently being used in schools
around South Africa. My School tool was developed by Mark Shuttleworth and it is distributed
freely for schools
30 July 2010
I submit my new project proposal with a new project title after I spent a few days researching on
similar tools
02 August 2010
Get a response from my supervisor and she is still not impressed with my proposal due to my
title being too vague and using ambiguous words, depressed and worried I went home and
thought about exactly how I could meet the requirements of the project, I read through the book
on how to achieve success in your project and using guidelines from the book I went on working
on my proposal with more knowledge of what is expected
03 August 2010
Continue working on my project proposal and title to try and add functionality that is new and
unique to existing systems, research on the internet
04 August 2010
Got an E-mail from my supervisor rejecting the refinements I made on the proposal and I decide
with time running out to change my topic all in all to a voting system with face recognition
techniques
05 August 2010
I submit the idea but my supervisor advises me against doing so as internet voting is broad and
risky due to the risks on the internet so I changed my approach to digital voting
86
10 August 2010
Visit the IEC website to find out how voting is conducted in South Africa and the procedures
involved in the voting and the Wikipedia site on South Africa as whole
15 August 2010
Display understanding in connecting to a database
25 August 2010
Coding standards and process tool
02 September 2010
Requirements analysis
05 September 2010
Create prototype and see what functionality the system will have from the requirements analysis
09 September 2010
Do more research and design the application
05 October 2010
Communication with my supervisor is terminated by my supervisor stating that we should
communicate through a third party
08 October 2010
I start with the coding to my voting system
20 October 2010
I start with my final report whilst still coding as I‟m encountering many errors and failing to
isolate them
87
26 October 2010
I get assisted by Blessing Mdunge my lecturer with some errors I was experiencing
29 October 2010
I finish coding completely and publish the my application
30 October 2010
I test the application through installation and run it on the working environment and do not
discover any errors I am happy with the test and continue with my documentation
31 October 2010
Create the voter‟s guide and the administrator‟s manual
Continue typing my final report
01 November 2010
Submit my final report
88
Appendix I
Project Proposal
Postgraduate Final year project proposal
Title: Implementing a windows-based application for the South African voting system focusing
on encryption techniques
Name: Fulufhelo Miswe
Programme of Study: BSc Business Information Technology
Topic area: Computing, Networking security, Application development, Database
Date Proposal Submitted: 17th
August 2010
Project hand-in date: 1st November 2010
89
1. Background
Voting is a democratic right that should be conducted in the true sense of the word “democracy”,
electing freely the person/party to represent you in the government and this right is infringed
when there is fraud in the conducting of voting by officials using means such as losing ballot
papers and replacing ballot papers.
In the most recent presidential elections in South Africa there were reports of attempts to switch
ballot papers in the KwaZulu-Natal region by the IFP political party, though the claims were
never validated, this proves the vulnerability of the paper based voting system as a party can
have pre-marked ballot papers that could be posted in the voting boxes or also switching the
ballot papers as seen in our neighboring country Zimbabwe. The paper-based system depends on
the integrity of the officials and coordinators who would also love their preferred parties in
power, as known South Africa is a country with a high corruption rate. The coordinators are
volunteers which makes it easy for them to accept bribes and be corrupted.
Furthermore the fact that the voting system is paper-based so the counting of the votes is done
manually after the papers are collected from all different voting stations which as well consumes
resources and opens room for fraud on the voting papers during transportation or counting. South
Africa is country with a population of close to 50 million with half of them voting it is surely
time consuming counting the votes and has an element of human error in it
I am proposing that I develop a windows-based application that will handle the voting system
and phase out the traditional paper-based voting system. The digitalized voting system will
counter the above mentioned vulnerabilities by removing most of the human element in key
areas of the voting system as the counting of the votes and transportation of the ballot papers.
The system will allow the user to cast their votes, select their preferred national and provincial
candidates and then exit for the next voter, this process will be looped till the last voter at the
voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed
take place. Every hour the application sends an encrypted file of the votes to the main server for
that region for the overall counting of the votes and then displayed in public mediums for the
notifications of the polls
2. Key phrases: IEC, Voting, Election, National election, Provincial election, implementing,
windows-based, application, South African voting system, encryption techniques
90
3. Preliminary investigation
SDLC:
In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is
due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book
was published in 2001 which is a nine years back and there has been more developments in
methodologies however what I picked reading through was the author of the book supports
waterfall more than any other model that was discussed in the textbook which is due to the time
the book was published. At that time waterfall was seen as an industry benchmark, a tried and
tested approach even if it had flaws that the author discussed like its lack of iteration in
development and lack of interaction with the user which a more recently used and accepted
methodology(DSDM) states are the key elements to a successful project. The author prefers
waterfall due to the fact that it offers simplicity in gathering requirements and the ease in
planning out the set out stages.
From my analysis of the article waterfall offers a step down approach where requirements from
one stage are complete before moving on to the next stage, forcing each stage to be completed in
isolation and nothing can be done before all the previous stages are complete and it‟s very hard
to change requirements as there is no iteration so when one stage is closed there cannot be any
changes or modifications made. Furthermore waterfall only shows the top level stages of a
project it does not show a realistic view of the project detailed.
In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the
author does not go into detail, after analyzing this lifecycle model I realized that it is the same
life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses
more on testing. Testing is what makes the v-model better than the waterfall model which it
originated from though the author does not explain this model with the same enthusiasm due to
the fact that traditionally waterfall was widely accepted and trusted so project managers where
more comfortable with it. The testing linked with each stage is good as it tests to see if all the
requirements for that stage have been met. From observation and in depth analysis the
contrasting fact between the V-model and the waterfall is that waterfall model focuses on
documents and the artifacts and V-model focuses more on being correct on delivering a project
hence the testing stages.
91
The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one
stage to the other. From my analysis waterfall model is ideal to use in situations where the
requirements are well defined and won‟t change as it lacks iteration so the initial requirements
are what the final product will be based on. After reviewing articles from different authors I have
come to the conclusion that the waterfall model does not suit an IT project as the requirements
are forever changing and it will be hard for me to develop my project using waterfall model only
which is supported by the reasons stated by pressman why waterfall model projects fail being
that users rarely know what they want and once you move from one stage you cannot go back to
rectify whatever mistake you could have made
Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author
expressed interest in prototyping due to the fact that requirements can be changed which
compared to the waterfall and the V-model it has an advantage as they do not change
requirements therefore making it impossible to modify the system but prototyping the user can
get a rough sketch of the final product and change what they do not like. From my analysis
Prototyping is good as it has more interaction with the user
(Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the
model as their definition of prototyping below states that it shows an upcoming product
They define a prototype as “an early version of the system that exhibits the essential features of
the later operational system”
From analyzing both publications Information Systems Development methods in action and
Software engineering theory and practice second edition prototyping has repetition and changes
to requirements that make it ideal to developing projects that meet requirements better than the
waterfall or V-model
The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not
offer any new tools or techniques but its advantage is in the way RAD uses the available
techniques with different management principles. The authors regard RAD as a fast growing and
it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of
operation. RAD uses small empowered teams and the user is well-involved
According to the authors the following is the lifecycle of a RAD project
RAD is said to offer advantages as Speed production, low cost and iteration
92
The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other
methodology by use of the statement”… which is of especial interest to us is the dynamic
systems development method...” They justify their preference of this method due to its origins,
from actual development practice in organizations. Due to DSDM being a framework than a
traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM
consortium
The lifecycle has 5 core stages:
Feasibility study
Business study
Functional model iteration
Design and build iteration
Implementation
The DSDM consortium describes DSDM as a framework that is based on trial and error from
experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools,
by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM
consortium allows for DSDM to be integrated with other methodologies to develop more
powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a
more robust and rigorous framework
Due to the publication being a DSDM consortium they do not cater for other methodologies they
strictly focus on their methodology
After analyzing all the discussed methods I am considering DSDM, prototyping and the RAD
methods based on the lack of research on the project I will not select a methodology now but the
methodologies I‟m considering offer rapid development which is ideal for my project due to the
project time constraints and the ability to change requirements gives me an advantage as the
project requirements are being modified daily.
93
Industry Research:
Currently the voting in South Africa is conducted by the IEC (Independent Electoral
Commission) which is responsible for the distribution of the ballot papers, the election process
and the counting of the votes. Mostly its employees are volunteers from the regions.
Across the world ways of improving on this traditional method of voting are being explored and
there have been breakthroughs in the form of voting over the internet known as eVoting.
However this method has proved it is vulnerable to multiple threats whereby the users had more
rights than required and the users were voting non-stop without any detection of multiple votes
cast by one user. eVoting proved to be dangerous because there was no way of validating the
voter is who they claim to be and people with power could force people to vote as this voting is
conducted over the internet which eliminates the democracy in voting
Security is a threat around the use of the internet whether it accessing a personal email account
or trying to purchase or sell something over the internet, there is a threat of someone intercepting
the transaction. The voting system will use an internet connection to send the votes over a
network, the vote file that will be sent will be encrypted.
Encryption is a form of network security that protects packets that are being sent over the
network by encoding information that can be decoded only by the recipient with a code (Tyson,J.
2001). Computer encryption is based on cryptography but the most recent computer encryption is
based on algorithms so as to decrease the risk of security weakness from human-based codes
which were the earliest methods of encryption.
Technology, Product review, Trends
There are two types of computer encryption which could be symmetric-key encryption which
requires two computers to have the same key in order to communicate between each other
(Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before
it sends it over the network, however as the person sending the data you must know which
computers will be communicating so the key can be installed in both computers. The keys started
as DES 56 bit in the 1970‟s and are currently on 256 bit keys
The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a
public key and a private key. The computer keeps the private key for itself and issues the public
key to the computer that wishes to communicate with it. The key pair is based on prime numbers
which gives an infinite number of possibilities making it a good form of encryption.
Currently in the market there is a program called pretty good privacy that allows the user to
encrypt data.
94
The voting industry is failing to move from the traditional way of paper-based voting system not
only in South Africa but across the world even with attempts to move to eVoting the countries
and government officials are skeptical due to the risks that come with this kind of process, lack
of security, weak cryptography but with the advancement of technology the industry will soon be
digitalized and the paper-based method phased out.
eVoting consists of many forms, it can be done over the internet or using digital systems as
voting kiosks and DRE‟s, currently in the market are the following methods of electronic voting:
Voting over the internet: critics do not advise this method of eVoting due to the threat posed by
hackers that can intercept the process and create fake votes
Optical scanning voting system - When the user votes using the computer and the computer
prints out the votes and the voting officials take all the printed ballots to one location and
manually count them, similarly an electronic device scans and tabulates the results.
DRE (Direct-recording electronic voting system):
A direct-recording electronic (DRE) voting machine captures votes using a ballot display
provided with mechanical or electro-optical components that can be activated by the voter that
processes data with computer software; they use memory components to record voting data and
ballot images. After the election it tabulates the voting data stored in a removable memory
component and as printed copy. The system may also provide a means for transmitting
individual ballots or vote totals to a central location for consolidating and reporting results from
precincts at the central location. These systems use a precinct count method that tabulates ballots
at the polling place. They typically tabulate ballots as they are cast and print the results after the
close of polling
95
4. Objectives
The project aims to:
Digitalize the current paper-based voting system by creating an application that allows
the users to vote electronically on a computer or voting kiosk, tabulate results and send
the results to a central location thereby phasing out the element of human manual
counting of votes and transporting of ballots to a central location.
Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting
body in South Africa, Research programming algorithms, research on the programming
environment appropriate to program the application
Deliverable: Literature review, Interim report content, a programming environment and tools
to program the application selected
Requirements analysis
Activity: Research, data modeling
Deliverables: Use case, requirements catalogue, data and process models
Speed up the counting of votes by creating an application that tabulates the results of the
votes
Activity: Programming algorithms analysis
Deliverable: a programming algorithm
Store/Backup voting polls
Activity: Research on servers
Deliverable:
Eliminate the human element in the voting process
Activity: Design a voting application that has minimal human interference
Deliverable: A windows based application
Provide secure democratic elections
Activity: Explore security threats, isolate the threats and test the vulnerability of the system
against the threats
Deliverable: A threat proof application that is tested against vulnerabilities
96
Eliminate the vulnerabilities in paper-based voting system
Activity: security research and effectiveness of the digital voting system, testing criteria
Deliverable: Test criteria, acceptance criteria
5. Resources and Courses taken that will help with the project
Resources
The following resources are needed for the project:
Desktop Computer and printer( entry level)
SQL Server
Access to the internet
Visual studio ( Visual basics)
Microsoft office suite( Project, Visio, Word, Access)
People
Information
Courses:
Systems Analysis and design
Database design and implementation
Project Management
Visual basics
Internet Server Management
97
6. Ethical Consideration
Neutral:
The application should not take the views of one political party and promote it or resemble the
colors or emblem of a party or any material that will promote the party on the application
Appropriate:
The application should be relevant, simple and straight forward to cater for all users of all
eligible voting ages
Transparency:
Explaining exactly how the system works the users and making sure that the system appeals to everyone
who will use it
Voter fraud
The uses need to be guaranteed that their vote will be acknowledged and recognized and there will not
be any failure delivering their votes
Anonymity:
The users need to be assured the vote cannot be linked back to them
98
7. Schedule of activities
TASK DESCRIPTION DURATION
Investigation Carry out an investigation on
the South African voting
system and the technology that
will be required
9 days
Development Software Acquire and familiarize
myself with the software
required for the whole system
28 days
Analysis Analyze the data and produce
a well-defined systems
requirements document
8 days
Design and Coding Creating the voting system by
implementing design and
coding
11 days
Testing Testing the voting system on
multiple computers by
simulation of the voting
process
3 Days
Initial report The first report on the voting
system
8 days
Final report A report with all the
documentation and the
conclusion and the outcome of
the project
10 days
99
Reference:
DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008
11:58:39, from DSDM consortium
Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies
Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in
action, McGraw Hill, London
Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Educatio,
Inc,United States of America
Pressman, R.s, 2005, Software engineering: A practitioner‟s approach sixth edition,
McGraw.Hill, America