votesa final report(000627624)

1

Implementing a windows-based application for the South African voting system focusing on

encryption techniques

Name: Fulufhelo Miswe

Student No: 000627624

BSc. Business Information Technology

01 November 2010

10,731 words

A dissertation submitted in partial fulfillment of the requirements for the University of Greenwich‟s Bachelor of

Science Degree in Business Information Technology

2

Coursework Header Sheet

173150-11

Course COMP1181: Dept of IS & MM UG Project Course School/Level CM/UG

Coursework Project - CTI Randburg - DEC 10 - AC Assessment Weight 100.00%

Tutor K Jamil Submission Deadline 18/11/2010

Coursework is receipted on the understanding that it is the student's own work and that it has not,

in whole or part, been presented elsewhere for assessment. Where material has been used from

other sources it has been properly acknowledged in accordance with the University's Regulations

regarding Cheating and Plagiarism.

000627624

Tutor's comments

Grade Awarded___________ For Office Use Only__________ Final Grade_________

Moderation required: yes/no Tutor______________________ Date _______________

3

Abstract

Voting fraud is increasing in the elections around the world in countries that are still stuck to the

traditional ballot paper elections despite the advancement in technology. This project was

undertaken with the aim to create an application that exercises strong and secure encryption

algorithms to eliminate the current paper ballot voting system in South Africa. The solution came

after research, investigation and analysis of similar alternative systems that are in the market as i-

Voting, DRE (Direct-recording electronic) voting system and voting over virtual private

networks.

In the project I acknowledge that any voting system should be secured hence the research

surrounding encryption is included in the development of the project to select the safest method

of encryption. The system was developed using Visual basics 2008 and Microsoft Access.

Requirements were gathered using RAD techniques and tools as the requirements catalogue to

determine what functionality the system.

I developed the system based on my knowledge of databases that I acquired in the previous 2 and

half years and visual basics which was a module I did in my first year. The analytical skills used

in this project I gained through courses from my degree.

The application has major room for development as it could be developed for the client IEC

according to their specifications. Given more time and research further advancements can be

made and enhancements made to adjust to the fast moving technological world and needs.

Please note, any supporting material to this report has been included in the zip file including the

source code to the application, the application install file and the database.

4

Acknowledgements

Firstly I would like to thank my parents for making it possible that I study and the support they

continuously give me through life and my academics. My friends and family played a vital role

in pushing me to do my best and focusing on the project. The staff of CTI Randburg as a whole

was supportive and especially Blessing Mdunge and Colin Chaplin for helping me find the way

when all navigators seem to have failed me.

My fellow students made it easier and enjoyable it was fun working with them and I thank them

for making it a great academic year.

Above all I thank GOD almighty for bringing me to this day that I complete my project and

giving me the strength to go on.

5

Table of Contents

Abstract ......................................................................................................................................................... 3

Acknowledgements ....................................................................................................................................... 4

1. List of Figures ........................................................................................................................................... 8

2. List of Tables ............................................................................................................................................ 9

3. List of Abbreviations and terms of reference .......................................................................................... 10

4. Introduction ............................................................................................................................................. 11

5. Literature review ..................................................................................................................................... 13

5.1 Introduction ....................................................................................................................................... 13

5.2 Methodology and method research ................................................................................................... 13

5.3 Chosen Methodology and Structured method ................................................................................... 17

5.4 Current Voting Process ..................................................................................................................... 18

5.5 Trends in voting systems .................................................................................................................. 18

5.6 Encryption ......................................................................................................................................... 18

6. Objectives ............................................................................................................................................... 20

6.1 Main Objectives ................................................................................................................................ 20

6.2 SDLC Objectives: ............................................................................................................................. 21

7. Description of work done ........................................................................................................................ 22

7.1 System Analysis ................................................................................................................................ 22

7.1.1 The current voting system .......................................................................................................... 22

7.1.2 Advantages of the current voting system ................................................................................... 24

7.1.3 Disadvantages of the current system .......................................................................................... 25

7.1.4 Current similar system ............................................................................................................... 25

7.2 System requirements ......................................................................................................................... 27

7.2.1 Legal, Ethical and constitutional considerations ........................................................................ 27

7.2.2 Requirements definition ............................................................................................................. 28

7.2.3 Classes for development users ................................................................................................... 31

7.2.4 The Use case .............................................................................................................................. 32

7.2.5 Entity Relationship diagram ....................................................................................................... 34

7.2.6 Data Flow Diagram .................................................................................................................... 36

7.3 Preliminary System Design ............................................................................................................... 39

7.3.1 High level system architecture design........................................................................................ 40

6

7.3.2 User interface design .................................................................................................................. 41

7.4 Initial Prototype ................................................................................................................................ 42

7.4.2 Feedback ........................................................................................................................................ 43

7.4.3 Requirements refinement ............................................................................................................... 43

7.5 Design new prototype ....................................................................................................................... 43

After the results from the first prototype I redesigned the interface and coded the application for the

new prototype which was my second iteration. ...................................................................................... 43

The new prototype met all the requirements when tested as shown in section 7.6 ................................. 43

7.6 Testing............................................................................................................................................... 44

7.6 Summary and Presentation of results ................................................................................................ 46

8. Conclusion .............................................................................................................................................. 47

8.1 Discussion on the out come .............................................................................................................. 47

8.2 Conclusion ........................................................................................................................................ 48

8.3 Lessons Learnt .................................................................................................................................. 49

8.3 Recommendations, What can be done to further improve the system? ............................................ 50

9. List of Resources used during the production f the project .................................................................... 51

Bibliography ............................................................................................................................................... 52

Appendix ..................................................................................................................................................... 54

Appendix A ............................................................................................................................................. 54

Appendix B ............................................................................................................................................. 61

Appendix C ............................................................................................................................................. 62

1. Login ....................................................................................................................................................... 64

2. Administrator menu, Figure b-2.............................................................................................................. 64

2.1 Select voting to allow the voters to vote ....................................................................................... 65

2.2 Select manage to access the management tasks ............................................................................ 65

2.3 Select exit to close the application ................................................................................................ 65

3. Adding a voter to the registered voters ................................................................................................... 65

Enter the details of the voter and press register ...................................................................................... 66

3. Broadcasting the votes ............................................................................................................................ 67

4. Print voting results .................................................................................................................................. 67

Appendix D ............................................................................................................................................. 68

Appendix E ............................................................................................................................................. 76

7

The Gantt chart ................................................................................................................................... 76

Appendix F.............................................................................................................................................. 77

User interface design ........................................................................................................................... 77

Appendix G ............................................................................................................................................. 82

Test results .......................................................................................................................................... 82

Appendix H ............................................................................................................................................. 84

VoteSA: The diary .............................................................................................................................. 84

Appendix G ............................................................................................................................................. 88

Project Proposal .................................................................................................................................. 88

8

1. List of Figures

Figure 1(Image from www.iec.co.za) ......................................................................................................... 23

Figure 2(image accessed from www.iec.co.za) .......................................................................................... 24

Figure 3 ....................................................................................................................................................... 36

Figure 4 ....................................................................................................................................................... 37

Figure 5 ....................................................................................................................................................... 39

Figure A- 1 .................................................................................................................................................. 54

Figure A- 2 .................................................................................................................................................. 55

Figure A- 3 .................................................................................................................................................. 56

Figure A- 4 .................................................................................................................................................. 57

Figure A- 5 .................................................................................................................................................. 58

Figure A- 6 .................................................................................................................................................. 59

Figure A- 7 .................................................................................................................................................. 60

Figure E- 1 .................................................................................................................................................. 76

Figure F- 1 .................................................................................................................................................. 77

Figure F- 2 .................................................................................................................................................. 77

Figure F- 3 .................................................................................................................................................. 78

Figure F- 4 .................................................................................................................................................. 78

Figure F- 5 .................................................................................................................................................. 79

Figure F- 6 .................................................................................................................................................. 79

Figure F- 7 .................................................................................................................................................. 80

Figure F- 8 .................................................................................................................................................. 81

Figure G- 1 .................................................................................................................................................. 82

Figure G- 2 .................................................................................................................................................. 82

Figure G- 3 .................................................................................................................................................. 83

9

2. List of Tables

Table 1 ........................................................................................................................................................ 42

Table 2 ........................................................................................................................................................ 44

10

3. List of Abbreviations and terms of reference

DBMS – Database Management System

DFD – Data Flow Diagram

DRE – Direct-Recording Electronic

DSDM - Dynamic Systems Development Method

eVoting – electronic voting

GUI – Graphical User Interface

ID – Identity Document

IDE – Integrated Development Environment

IEC – Independent Electoral Commission

IFP – Inkatha Freedom Party

IT – Information technology

iVoting – iVoting is “the casting of a secure and secret electronic ballot that is transmitted to

election officials over the Internet” as stated in (Gibson,2001)

LAN – Local Area Network

RAD –Rapid Application Development

SQL - Structured Query Language

SSADM – Structured Systems Analysis and Design Method

11

4. Introduction

As technology further advances the single most important aspect in the running of a country has

failed to progress parallel to the technological advancement. South Africa has a young

democracy with its first ever free and fair elections being hosted 16 years ago in 1994, which

could explain the reason there has not been much advancement from the conventional voting

route, prior to democracy in the apartheid regime (which ruled between 1948 and 1994) only

those of white skin were permitted to partake in the voting process (Bernstein.H) and there was

very little choice between the parties to vote for. In 1994 when the apartheid laws were burnt and

South Africa had its first ever elections as a democratic country, this was a part of its new

constitution post-apartheid where all citizens were equal and every eligible citizen has the right

to exercise their vote to select whom so ever they please to govern them(SA Constitution). After

the apartheid government the IEC (Independent electoral commission) was in charge and still is

in charge of the voting system in South Africa.

In the most recent (2009 general elections) presidential elections in South Africa there were

reports of attempts to switch ballot papers in the KwaZulu-Natal region by the IFP (Inkatha

Freedom Party) political party, though the claims were never validated, this proves the

vulnerability of the paper based voting system as a party can have pre-marked ballot papers that

could be posted in the voting boxes or also switching the ballot papers as seen in our neighboring

country Zimbabwe. The paper-based system depends on the integrity of the officials and

coordinators who would also love their preferred parties in power, as known South Africa is a

country with a high corruption rate. The coordinators are volunteers which makes it easy for

them to accept bribes and be corrupted. The current voting system requires that the ballots be

transported to a central chosen municipal area center for the counting and computing of the

votes, during this process the votes can be intercepted by criminal groups, the votes can be

changed during transportation. The dependence in the humans to manually control the entire

voting process without use of any IT (information technology) reduces the integrity of the entire

process as it is known, human beings make mistakes.

Furthermore the fact that the voting system is paper-based means that the counting of the votes is

done manually, which takes time as all voting ballots have to be assembled in one center and

then separated for the counting and then counted again for verification, a computer application

12

would consist of sorting and calculating algorithms that would compute the results in a matter of

minutes for the entire country after completion of the voting process. The ballot collection from

all different voting stations consumes resource. South Africa is country with a population of

close to 50 million with 17,680,729 of them voting it is surely time consuming counting the

votes.

I have that I develop a windows-based application that will handle the voting system and phase

out the traditional paper-based voting system. The digitalized voting system will counter the

above mentioned vulnerabilities by removing most of the human elements in key areas of the

voting system as the counting of the votes and transportation of the ballot papers.

The system will allow the user to cast their votes, select their preferred national and provincial

candidates and then exit for the next voter, this process will be looped till the last voter at the

voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed

take place. Every hour the application sends an encrypted file of the votes to the main server for

that region for the overall counting of the votes and then displayed in public mediums for the

notifications of the polls.

The proposed system will function and comply with the constitution regulations to elections,

there will be an element of anonymity every voters vote is a secret and the system will ensure

that the voters vote is a secret and ensure the voters vote is counted. I understand that the voting

application will involve sending data over the network and the authenticity of information being

sent over the network is important (Bellare.M, Canetti.R and Krawczyk.H, 1996). An

authentication scheme that is of the highest quality will be discussed and chosen as the voting

process determines the future of the nation. It is a process that cannot afford to have any

vulnerability with attackers and hackers on the internet that can temper with the votes and lead to

the wrong party being put in power which will not be the will of the people.

13

5. Literature review

5.1 Introduction

This literature review aims to discuss the possible Systems development life cycles (SDLC) that

could be used in developing the Voting system and select the ideal SDLC based on what will be

discussed along with structured methods

5.2 Methodology and method research

The following research into various methodologies will help me select the methodology that will

best serve my project taking into account the views of different authors o similar methodologies,

this gives me a better indication of the real advantages and disadvantages of each method and

methodology

In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is

due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book

was published in 2001 which is a nine years back and there has been more developments in

methodologies however what I picked reading through was the author of the book supports

waterfall more than any other model that was discussed in the textbook which is due to the time

the book was published. At that time waterfall was seen as an industry benchmark, a tried and

tested approach even if it had flaws that the author discussed like its lack of iteration in

development and lack of interaction with the user which a more recently used and accepted

methodology(DSDM) states are the key elements to a successful project. The author prefers

waterfall due to the fact that it offers simplicity in gathering requirements and the ease in

planning out the set out stages.

From my analysis of the article waterfall offers a step down approach where requirements from

one stage are complete before moving on to the next stage, forcing each stage to be completed in

isolation and nothing can be done before all the previous stages are complete and it‟s very hard

to change requirements as there is no iteration so when one stage is closed there cannot be any

changes or modifications made. Furthermore waterfall only shows the top level stages of a

project it does not show a realistic view of the project detailed.

14

In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the

author does not go into detail, after analyzing this lifecycle model I realized that it is the same

life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses

more on testing. Testing is what makes the v-model better than the waterfall model which it

originated from though the author does not explain this model with the same enthusiasm due to

the fact that traditionally waterfall was widely accepted and trusted so project managers where

more comfortable with it. The testing linked with each stage is good as it tests to see if all the

requirements for that stage have been met. From observation and in depth analysis the

contrasting fact between the V-model and the waterfall is that waterfall model focuses on

documents and the artifacts and V-model focuses more on being correct on delivering a project

hence the testing stages.

The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one

stage to the other. From my analysis waterfall model is ideal to use in situations where the

requirements are well defined and won‟t change as it lacks iteration so the initial requirements

are what the final product will be based on. After reviewing articles from different authors I have

come to the conclusion that the waterfall model does not suit an IT project as the requirements

are forever changing and it will be hard for me to develop my project using waterfall model only

which is supported by the reasons stated by pressman why waterfall model projects fail being

that users rarely know what they want and once you move from one stage you cannot go back to

rectify whatever mistake you could have made

Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author

expressed interest in prototyping due to the fact that requirements can be changed which

compared to the waterfall and the V-model it has an advantage as they do not change

requirements therefore making it impossible to modify the system but prototyping the user can

get a rough sketch of the final product and change what they do not like. From my analysis

Prototyping is good as it has more interaction with the user

(Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the

model as their definition of prototyping below states that it shows an upcoming product

15

They define a prototype as “an early version of the system that exhibits the essential features of

the later operational system”

From analyzing both publications Information Systems Development methods in action and

Software engineering theory and practice second edition prototyping has repetition and changes

to requirements that make it ideal to developing projects that meet requirements better than the

waterfall or V-model

The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not

offer any new tools or techniques but its advantage is in the way RAD uses the available

techniques with different management principles. The authors regard RAD as a fast growing and

it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of

operation. RAD uses small empowered teams and the user is well-involved

The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other

methodology by use of the statement”… which is of especial interest to us is the dynamic

systems development method...” They justify their preference of this method due to its origins,

from actual development practice in organizations. Due to DSDM being a framework than a

traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM

consortium

The lifecycle has 5 core stages (DSDM Consortium, 2008 ):

Feasibility study

Business study

Functional model iteration

Design and build iteration

Implementation

The DSDM consortium describes DSDM as a framework that is based on trial and error from

experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools,

by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM

consortium allows for DSDM to be integrated with other methodologies to develop more

16

powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a

more robust and rigorous framework

Due to the publication being a DSDM consortium they do not cater for other methodologies they

strictly focus on their methodology

When developing a project it is essential to select not just the methodology but the structured method as

well. Structured methods have tools and techniques that support the methodology. One of the most widely

used structured methods is the SSADM (Structured Systems Analysis and Design Method)

(Weaver.P,2004). SSADM uses tools that help define the project

The waterfall model is an old model which goes as far back as the 1970(Weaver.P,2004) it was

introduced to create a formal method of the software development process, it follows a strict

stage to stage process, illustrated in Figure1.In each stage the products are verified before

proceeding to the next stage but in reality tasks of different stages often overlap. There is no

repeating of stages so it makes it hard to refine or add requirements thus it is used by big

companies that have analysts who can gather requirements fully in one stage and the

requirements are clear and less likely to change

A model that implements iteration in its stages is the spiral model, it is ideal for when the

requirements are unclear and uncertain (Weaver.P,2004). The iteration process involves drawing

up high-level requirements and creating a prototype for the requirements, after analyzing the

prototype the requirements are checked and modified then new requirements are created and

another prototype is developed until the requirements are met fully and the can be no further

refinement this process is repeated

17

5.3 Chosen Methodology and Structured method

After careful consideration and the literature review on the different types of development

methodology and methods associated with the methodology I decided I will use the Spiral life

cycle to develop my system and use a hybrid method for the structured method combining

techniques from the RAD method and SSADM. After reading through (Weaver.P, 2004) I found

it is common amongst students to creating a hybrid method or a highly customized method. I

chose spiral as it will allow me to create prototypes and to go back and forth refining my

requirements, as a student I do not have enough experience or knowledge that will allow me to

gather all the requirements in a single take, so the flexibility of the spiral model of getting

requirements and working with what I have will allow me to program the requirements and fill in

what is missing and change according to what the supervisor requires of me till the system meets

all the requirements and does all it is supposed to. The RAD tools that I will use will allow me to

gather the requirements and present the information in a structured manner from the tasks of

each class and the use case that will state who does what on the system. To show flow of the

system I decided to use the data flow diagram from the SSADM method.

18

5.4 Current Voting Process

Currently the voting in South Africa is conducted by the IEC (Independent Electoral

Commission) which is responsible for the distribution of the ballot papers, the election process

and the counting of the votes. Mostly its employees are volunteers from the regions.

5.5 Trends in voting systems

The problems in traditional voting methods have opened room for discovery of new methods and systems

to cast a vote (Kohno.T, Stubblefield.A and Rubin.A.D, 2003). Across the world in developed

countries as the United States they have started implementing on trial bases the iVoting system which is

“the casting of a secure and secret electronic ballot that is transmitted to election officials over

the Internet” as described in (Gibson, R. 2001). In the year 2003 France joined the revolution and

tried to implement the iVoting system and in 2006 there were reports of Estonia as the first to

host iVoting elections successfully, thus far iVoting is being implemented in developed countries

as iVoting requires a great deal of technology to conduct, you will need a safe computer with no

viruses, a fast computer that can connect to the internet fast and will not fail during the voting

process so high speed connection is required. With iVoting it allows citizens of the country to

vote from any part of the world as it is being implemented in the United States of America (Alan,

2005) the American citizens can take part in elections from anywhere in the world provided they

have the requirements and registration.

Though there have been studies on the use of electronic voting systems these studies warn

against the use of this method due to the ever increasing challenges posed by information

technology(Kohno.T, Stubblefield.A and Rubin.A.D, 2003).

5.6 Encryption

There are two types of computer encryption which could be symmetric-key encryption which

requires two computers to have the same key in order to communicate between each other

(Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before

it sends it over the network, however as the person sending the data you must know which

computers will be communicating so the key can be installed in both computers. The keys started

as DES 56 bit in the 1970‟s and are currently on 256 bit keys

19

The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a

public key and a private key. The computer keeps the private key for itself and issues the public

key to the computer that wishes to communicate with it. The key pair is based on prime numbers

which gives an infinite number of possibilities making it a good form of encryption.

Currently in the market there is a program called pretty good privacy that allows the user to

encrypt data.

Many cryptographic techniques are discussed in studies (Bellare.M, R. Canetti, and Krawczyk.H,

1996), (Boneh.D, Franklin.M, 2003), (Cramer.R, Shoup.V, 2001) with reference and focus on

the mathematical aspects of the encryption. These studies focus on calculations on how to protect

data however they are not accurate as they have failed to successfully implement these findings

in a practical project. Encryption is a complicated topic as the internet can never be safe from

attacks and threats regardless of the best protection available as the same people that create the

protection know a way around the protection and it is only a matter of time before other equally

talented programmers figure out the loop holes, in essence anything that runs on an internet

network cannot be rendered completely safe (Goodchild. J, 2010)

20

6. Objectives

6.1 Main Objectives

The project aims to:

Digitalize the current paper-based voting system by creating an application that allows

the users to vote electronically on a computer or voting kiosk, tabulate results and send

the results to a central location thereby phasing out the element of human manual

counting of votes and transporting of ballots to a central location.

Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting

body in South Africa, Research programming algorithms, research on the programming

environment appropriate to program the application

Deliverable: Literature review, Interim report content, a programming environment and tools

to program the application selected

Eliminate the vulnerabilities in paper-based voting system

Activity: security research and effectiveness of the digital voting system, testing criteria

Deliverable: Test criteria, acceptance criteria

Speed up the counting of votes by creating an application that tabulates the results of the

votes

Activity: Programming algorithms analysis

Deliverable: a programming algorithm that will allow for the quickest way to display the

results

Eliminate the human element in the voting process

Activity: Design a voting application that has minimal human interference

Deliverable: A windows based application

21

Provide secure democratic elections

Activity: Explore security threats, isolate the threats and test the vulnerability of the system

against the threats

Deliverable: A threat proof application that is tested against vulnerabilities

6.2 SDLC Objectives:

Requirements analysis

Activity: Research, data modeling

Deliverables: Use case, requirements catalogue, data and process models

Code and implementation

Activity: Coding the front end which consists of the user interfaces and designing the

database that will store all the voting and the voters to avoid people who voted voting again

Deliverable: A fully functional voting system with a connected database

User Acceptance Testing

Activity: Testing the system through other individuals

Deliverable: Bugs or a well-tested system

Prototyping

Activity: Create prototypes

Deliverable: prototypes of the proposed system

22

7. Description of work done

7.1 System Analysis

Analysis is a phase in the system development life cycle, in this phase of the project

development the aim is to analyze current voting processes and systems so as to gather the

requirements of the proposed system

7.1.1 The current voting system

Any eligible citizen can take part in the voting process in South Africa, eligible as identified by

the constitution of South Africa as above the age of 18. An eligible citizen registers to vote in

upcoming elections before the elections on the day that the government has set out.

On the day of the election the registered citizen will go to an IEC (Independent electoral

commission) voting station to vote. The person provides a South African ID book or a temporary

identity document to the voting officials, the voting officer verifies that the person is registered

by checking the voters roll or they have a registration sticker valid to take part in the elections.

Once it is proved that the person is eligible to vote, the person‟s name is ticked off the voters list

and their ID (identity document) document is stamped on the second page and their thumbnail is

marked with ink as a mechanism to ensure they do not vote again.

The voter is then given two ballot papers one for the national elections and one for the provincial

elections, the voter then finds an empty ballot booth and casts their vote in, they then fold their

ballot paper so their selection is not visible, the voter then puts their ballot papers in the ballot

box and the voting process is complete for the voter, see Figure 1.

23

Figure 1(Image from www.iec.co.za)

The counting process begins at the end of the voting process and it is monitored by party agents

as IEC officials count each vote individually, at the end of the calculations the results are verified

and the IEC publishes the winner of the elections which would be the party with the most votes,

the ballot papers are packaged and sent to the local municipal electoral office, see Figure 2

http://www.elections.org.za/content/uploadedImages/voting-process(3).jpg

24

Figure 2(image accessed from www.iec.co.za)

7.1.2 Advantages of the current voting system

It is important to acknowledge the advantages of the current system so that the proposed system

inherits all the good features that it can from the current system.

I. Authentication-The fact that the voter has to provide their identity document means that

there is a guarantee that the person has the right to vote and it is the correct person

II. Freedom- The constitution on the bill of rights states that every citizen has the right to

free and fair elections, when the voter goes to the election booth the person is alone and

no one can interfere with the voter

http://www.iec.co.za/

http://www.elections.org.za/content/uploadedImages/counting-process.jpg?n=7097

25

III. Anonymity – (Kohno.T, Stubblefield.A and Rubin.A.D, 2003) The voter votes in the

voting booth alone and there is no record or link to the voter after they deposit the ballot

paper into the ballot box

IV. Integrity – The voter can only vote once as they are inked on the thumb and their ID book

is stamped

7.1.3 Disadvantages of the current system

These are the factors the new system aims at tackling and eliminating

I. Duration – The voting process takes too long between the voting, counting and

announcing the results of the election.

II. Manual counting – This process depends on the integrity of the voting officials and it is

quite a tiring task counting the ballot papers, though there are officials who overlook the

process computerized systems can be much more effective

III. Fraud – In the most recent elections the IFP (Inkatha Freedom Party) was accused of

inserting ballot papers already marked in the ballot boxes and in our neighboring country

Zimbabwe there has been claims of rigged elections but due to lack of proof it is hard to

prove such

IV. Security – The ballots are transported to a counting center which they can be intercepted

whilst being transported

7.1.4 Current similar system

eVoting consists of many forms, it can be done over the internet or using digital systems as

voting kiosks and DRE‟s, currently in the market are the following methods of electronic voting:

Voting over the internet: (Mercuri.R, 2000) critics do not advise this method of eVoting due to the

threat posed by hackers that can intercept the process and create fake votes and there are people

who sell their votes as an attempt to make money and it will be hard to verify that the person is

making the vote freely and willingly over the internet as they can be intimidated to cast a vote

and the factor of security is still worrying when it comes to voting on the internet as some

systems do not enforce good security standards

26

Optical scanning voting system - When the user votes using the computer and the computer

prints out the votes and the voting officials take all the printed ballots to one location and

manually count them, similarly an electronic device scans and tabulates the results.

DRE (Direct-recording electronic voting system):

A direct-recording electronic (DRE) voting machine eliminate papers from the voting process

completely however they adopt the same process when it comes conducting the voting process,

the user goes to the voting station and provides their identification and after the verification of

the voter the voter is directed to a terminal to cast their vote in, the DRE presents the voter with

the possible candidates and the user makes a selection to proceed the DRE asks the user to

confirm the choice and after this the choice is stored and it is the end of the voting process for

one voter. The DRE is safe as it is not involved in networking through the internet, The only

threat to the DRE is the programmers and the officials that are conducting the voting process

hence a process has been introduced whereby the DRE prints the paper version and it is placed in

a ballot box for the counting to verify if the results from the DRE are accurate however this

process is redundant and it is still similar to the conventional voting method.

27

7.2 System requirements

From what was discussed in the analysis stage requirements are gathered in this stage for exactly

what the system will entail and the functional requirements of the system.

7.2.1 Legal, Ethical and constitutional considerations

1. The voting system should be transparent, the users should be able to see what they are

doing, and they should understand the whole process and what is happening to their

votes.

2. There should be paper trail of the votes, it should be verifiable that the votes indeed were

cast and can be accounted for.

3. A voter can only vote once, it is a constitutional right that can only be exercised once in a

term of voting, the voter should be registered and authorized to do so.

4. The votes should reflect the choice of the voters and reflect what really happened during

the elections.

5. Every citizen who is eligible to vote should be able to use the system, it should cater for

people with disabilities as well, and the system should not require specialized skills to

use.

6. The system should have an element of secrecy and the vote should not be traceable back

to the voter as a vote is a secret

28

7.2.2 Requirements definition

There are two types of requirements, the functional requirements and the non-functional

requirements, in this section I assign the tasks for the voting system to either one of the

requirements definition, this helps in the production state as it is easier to select the most critical

requirements for the system.

Functional requirements:

This are the features that explain the core functionality of the system, they explain what the

system does

Requirements catalogue for the voting system

Requirement ID:90011 Priority: M Source: F.Miswe Sign-off: F.Miswe


Have a security system at logon

The voting system should be able to authenticate the administrators to ensure that there is no

illegal people gaining entry to the system

Non-functional requirements

Description Acceptable Target value

Password Authentication Alphanumeric password,

number password

Password must at least be six

characters

Encryption type >=256 bit 256 bit encryption

Attempts 3 times 1

Benefits: only the approved users will gain access to the system

Comments: If any illegal activities occur the it can be traced at which user this occured




The system will calculate the total number of votes and display the total and the percentage



Calculating algorithm Math functions Math functions in programming

language

Response time during calculation 0-35 seconds 20 seconds

Benefits: The votes do not have to be manually counted which takes time

Comments: The is accuracy in the results as the

29




Verify that the user is eligible to vote and the voter will vote once



Database Oracle, Microsoft Access Microsoft access

Benefits: The voter votes just once and there is no voting fraud that occurs

Comments: The voting integrity is maintained




Record and store the party candidate to allow for the voters to select the party



Input device Standard 101 keys keyboard,

Touch screen, barcode scanner,

enhanced 106 keys keyboard ,

mouse

Any of the suggested devices

Response time during capturing

The details

0-35 seconds 20 seconds

Benefits: The parties running for the elections will be represented and they will not be left out

Comments: The parties are the ones the voters are electing to represent them




Encrypt the votes



Encryption method symmetric-key encryption,

public key encryption

symmetric-key

Benefits: The voting will be secure and it will not be easy to try and sabotage the voting system

Comments: The encryption will done through the programming language using embedded encryption

algorithms as hashing

30


Requirement ID:90016 Priority: S Source: F.Miswe Sign-off: F.Miswe


Print the poll

Print a receipt of proof



Printer Laser printer, inkjet Laser printer

Paper Plain white paper Plain white paper

Printer response time 20 seconds Not more than 30 seconds

Benefits: There is a paper trail that the vote indeed happened and the user cannot vote again

Comments: The printer will be connected to a network of computers that print after the user is done

voting

31

7.2.3 Classes for development users

1. The voter – The voter is the end user of the system who has to cast the vote and

2. The Electoral commission officer – They conduct the voting process, printing the results

and helping the voters through the system

3. The South African government – They are ultimately the owners and sponsors of the

system as it is being developed for the South African voting system

4. IEC – Verify the votes and publish the results

32

7.2.4 The Use case

I developed a use case to explore all the scenarios that occur on the system, the use case changed

throughout as I added more features to the system.

Figure

33

Primary scenario

Use case for: VoteSA

Version: 1.0

Goal: To cast a vote in the elections using a digital application with encryption

Stakeholders: SA Government, Voter, IEC

Precondition: Voter must be South African citizen

Voter must be eligible to vote

Voter must be registered to vote

Primary case: 1. The IEC officer logs in on to the system

2. The IEC officer selects vote from the menu

3. The voter enters the ID number and voter number

4. The voter selects their preferred national candidate

5. The voter selects their preferred provincial candidate

6. The voter confirms vote

7. The voter receives a receipt

Post condition: Voting polls are updated

34

7.2.5 Entity Relationship diagram

Citizen

Voter

Voter_Receipt

Vote

IEC

Result

Political_Party

Vote_Log

Observer

Registers

Receives

Cast

Receives

Manages

Updates

Observes

Broadcast

d

National

Provincial

1, 1

1, 1

1, 1

1, 1 1, 1

1, 1

1, m

1, 1

1, 1 m,m

m,m

1, 1

1, 1 1, 1

1, m

M,1

35

Entity attributes:

Citizen (IDNO, Name, Address)

Voter (VoterNo, IDNO)

Vote (VoteNo, VoterIDNO, PartyID, ElectionType, VoteDate)

Voter_Receipt(VoterIDNO, VoteDate)

Vote_Log(FileNo, VoteNo, PartyId, ElectionType, Date)

Political_Party( PartyID, PArtyName)

Result(PartyID, PartyName, TotalVotes, ElectionDate, Percentage)

IEC(RegisterNo,Region)

Observer(ObserverId, ObserverName)

36

7.2.6 Data Flow Diagram

Context diagram below shows all the external entities that will interact with the system

Figure 3

37

DFD for registering a voter to the voters table

Figure 4

38

Figure 5

39

7.3 Preliminary System Design

In this stage I will design the system architecture, the components that are included in the voting

system. A deployment diagram and high-level architecture design are described in this chapter

Figure 6

40

7.3.1 High level system architecture design

The voter is required to register at the municipal they will be voting at to acquire a voting

number when they get registered, when they are registered the voter is on the voters roll that

allows them to participate in the elections. During this stage the voter and the IEC officers are

involved. In the event that a voter registered in another municipal and at time of voting they are

in a different area get registered on the day with proof of registration.

The above system in Figure 3 is a 3-tier system with the first tier which involves all the human

interaction where there is a front end application which allows for the users to vote and the IEC

officers to conduct the voting processes and printing the results. The actions done by the IEC

officer on the application on the first tier are monitored by the party agents to ensure that no

fraudulent activities occur

The second tier is the server that is the bridge between the database and the front end application

The third tier is the database management system, access that stores all the votes that are made

and the details of the registered voters.

Requirements for the system:

I. Windows XP or newer version

II. 256Mb Ram

III. 20Mb hard disk space

IV. Intel Pentium 3 2.0 GHz

41

7.3.2 User interface design

The design was results of refining the initial prototype to try and include the audience and appeal

to the user refer to Appendix F for screen shots of the user interface design.

The application was designed with simple white background and little decorations as this is a

professional software and has to be presentable, whilst creating the interface the goal was to

create a simple application that will require no specialized expertise as the applications will be

used by citizens of all ages starting from the age of 18 to the country‟s oldest citizen and people

with disabilities. The color white for the background was ideal as it is a color of peace and South

Africa has come a long way to value their democracy.

Throughout the application there are images of the national flag and the IEC flag to symbolize

that it is a proudly South African application and it is authorized by the IEC. Simple buttons and

labels are used to give instructions to the user.

There are examples to guide the user when voting

Large fonts were used for clarity and contrasting color blue which also has an element of peace

to was used to write the instructions to ensure they are clear and readable

Simple reports are generated for results

42

7.4 Initial Prototype

Please see Appendix A for the full initial prototype.

A prototype helps show a preview of what the final system can look like, in most cases it is used

to communicate between stakeholders and the programmer (Stapleton. J, 2003).

The first prototype was created to get an idea of the final required project; it had most of the

functionality that was identified in the requirements that were identified in the earlier stages,

there were three testers of the prototype who were each given the requirements catalogue and a

description of how the system is supposed to react and they tested the system against the stated

requirements. Whilst testing the requirements the users had to answer the questions provided in

Appendix B

The users that tested the system comprised of 3 members B.Mdunge (Lecturer), G.Makobe (IT

Student) and B.Ncube (A general person), the mix of individuals from different structures of life

allows the system to be tested by users of all expertise and get the views of all the users as it will

be used by every citizen.

The application was installed on a laptop and demonstrated to the testers to let them know and

explain to them what they will be testing and give them the details of the prototype so they

understand all aspects before testing. After the demonstration the voters had two days to test the

system against any concerns.

After the allocated two days the testers returned with their results and answers to the

questionnaire. Their response are listed in the table below Table 1

Tester Comments and summary of questionnaire

B. Mdunge The design is simple, maybe too simple for an application that will be used

across the country

It does not meet the objectives stated on the test plan

Functionalities are not running well

The results are incorrect

A voter can vote a million times

Voters who are not registered can vote

The system does not store the old votes when the new voter votes

G. Makobe You do not need an ID to vote

You can vote as much as you please

Nice simple design

Quick to use

Friendly and usable GUI

The application is not consistent

B. Ncube Simple design

I could not make my vote as the application kept on closing Table 1

43

7.4.2 Feedback

Requirements

Expand the system

Include authentication at login

Verify the voters

Check for voters that have voted and those who have not voted before

Confirm the voters votes by including a paper trail

Change the color scheme

7.4.3 Requirements refinement

The prototype is not meeting most requirements but that was anticipated as it stated that the

prototype has minimal functionalities, the concerns raised by the testers are mostly what was

expected as the functionalities are yet to be added, this prototype was designed to test the design

mostly and the components to include in the application.

The average user was more concerned about the interface and not what the application does as

they did not understand the mechanics behind the application and requested that the background

be changed. The concern however with what the other two testers discovered is that the database

is not working, the application is not reflecting the changes in the database.

The problem discovered with concern to the database is due to the database being saved as

.accdb and the solution is to save the database as .mdb which after being implemented worked.

7.5 Design new prototype

After the results from the first prototype I redesigned the interface and coded the application for

the new prototype which was my second iteration.

The new prototype met all the requirements when tested as shown in section 7.6

44

7.6 Testing

For the test result, consult Appendix G

Test Plan

Item tested How Steps Expected

results

Actual results Test date

Login Run the

application

Enter

incorrect

login details

An error

message

restricting

entry to the

system

An error

message

30 October

2010

Display

results

Run the

manage

window

Login

successfully,

select

manage,

Click display

result

A Data grid

showing the

result as

expected

Data grid

with poll

results

29 October

2010

Print results Run the

manage

window

Login

successfully,

select

manage,

Click print

poll

The national

and provincial

results

The national

and provincial

results

29 October

2010

Register user Enter data on

the register

tab

Access the

manage

window, click

register, enter

the voter data

and click

register and

check the

database if

the data is in

A message

box

confirming

the user is

registered

The data is in

the database

table for

registered

voters and the

confirmation

message box

29 October

2010

Registered

voter

Enter the id

number of a

non-

registered

voter

On the voter

screen enter a

random

number

A message

box showing

that the voter

has not been

registered

A warning

message box

23 October

2010

Table 2

45

Test Plan

Item tested How Steps Expected

results

Actual results Test date

Voting twice Vote

successfully

the first time

and try voting

again

Vote the first

time enter the

ID and then

on repeat

enter the

same voter

details

An error

message

showing that

the voter has

already voted

Message box

showing the

error

27 October

2010

Test Data

Login:

Username: administrator (not case sensitive)

Password: p@55word

Register Voter:

Voter No: 21

Voter Id: 2301036245091

Voter Name: John

Voter Address: 23 Hunter Avenue Randburg

Voting twice:

Voter No: 1

Voter ID: 9009146245081

Unregistered Voter:

Voter No: 32

Voter ID: 73839390939

46

7.6 Summary and Presentation of results

The application has met all the requirements that were set out during its second iteration, the

application allows for the voters to make a safe vote that only they know and they can change

their option should they discover they made a mistake during the voting

A voter only votes once and can only vote if registered on the voters roll

The application prints out confirmation that the voter voted

The application computes the results of the poll and broadcasts the results as well

Voters registered in another district are allowed to register on the voters roll to participate on the

elections in the area

47

8. Conclusion

8.1 Discussion on the out come

The system was developed for the South African voting system to combat problems as fraud and

enhance the voting process by adding technology to help create an efficient system, the main

goal of the system was to create a digital voting system that uses encryption technology to

protect the vote whilst it is sent to the server where all the votes are sent. The application uses

standard voting standards by ensuring anonymity where no details of the votes are linked with

the voter that made the vote, the application has qualities of the traditional method of voting and

a paper trail is used for the transparency of the system as proof that the votes were conducted and

they were not generated by the program.

The application uses strong authentication which allows only the IEC administrators to login,

after logging in the IEC officials have a menu to either vote or manage, the manage menu is

where the officer can display the results of the voting or print the results and also register voters

from other regions on day of voting.

The vote menu requires the user to select a language which other language packs have not been

loaded; only English is operational thus far. The voter enters their vote number and voter ID to

cast their vote for the provincial and national elections, the voter then gets a screen displaying

their choice and if the screen displays their choice they click confirm and a print to confirm is

made. A voter‟s guide (see Appendix D) is released to increase the transparency of the system

and let the voters exactly how to vote with the new system.

The system was not built using server technology as it is a prototype so testing for encryption in

transportation was not possible

48

8.2 Conclusion

Using Microsoft development tools, .Net Framework I created the voting application which was

one of the objectives of the project. The encryption that was used on the application is the

encryption function that is found in the Visual basics classes it allows the data being transported

to be encrypted and sent, the data that is being sent is then sent as a long string and similarly so

the data is decrypted by a function found on Visual basics to decrypt data. I failed to find

cryptography method that can be implemented to completely safeguard the votes as there is no

such method currently (Goodchild. J, 2010)

The safest way of voting is using a LAN or DRE that has paper trail and voting kiosks. The use

of a basic LAN will decrease the threats that are brought by internet and online vulnerabilities.

Digital voting still has a long way to go before it can provide credible results that will leave no

room for questions or doubt. But in the meantime resources can be devoted to test and try the

venture as it promises that it can be useful in the voting system provided it is implemented well.

In conclusion the project delivered on its aims to implement a voting system that operates

digitally, that is able to compute votes immediately and generate a paper trail for confirmation.

49

8.3 Lessons Learnt

It had been a long while since I developed using Visual basics 2008 so my programming skills

were a bit rusty at first but got the hang of it and just moved on from where I left a year ago, I

gained a lot of new skills that helped me and now I‟m proficient in the VB programming

language, I used Microsoft access for the database which affirmed my skills. Initially the system

was supposed to run on an SQL server but due to the delay in the project proposal acceptance it

was difficult to determine the environment and tools I will use, I did not have enough time to

familiarize myself with the SQL Server as I had not done it or used it before and I could not

acquire a copy of SQL Server that had all the functionality and drivers on time as I am using

windows 7, I had troubles installing the server so I could not use the SQL Server. But there was

little I learnt whilst troubleshooting trying to run the server

As this is a student project time was always going to be a worrying factor and indeed it proved to

be, suddenly when the final date crept closer the work scope just became more and more and that

is when I learnt that in projects you have to learn to multitask, to prioritize what is important and

what needs my immediate attention, I learnt to work under pressure, to deliver the best under

pressure and to value the opinion of those that I worked around as they pointed out things that I

could not see. And finally a lesson that I should have learnt years ago, procrastination will never

ever work to my favor and there is no better time than now to do something.

50

8.3 Recommendations, What can be done to further improve the system?

The goals of the system were achieved to create a system that will allow for quick computation

of results after voting is conducted and safely conducting the voting process.

Technology is growing and expanding every day to implement a digital system is a bit late

already as it is, most developed countries like the United States of America and Estonia have

already started experimenting with iVoting it has been ten years now since the year 2000 when

they first experimented with iVoting and since then they have been improvements to the process

adding more security features and ensuring its security, For South Africa to catch up they also

need to start implementing such technology as iVoting that will make it easier to conduct voting

and administrate the process. The trend is moving towards eVoting despite the security threats

which are being dealt with this is a cheaper more manageable solution to voting as oppose to

conventional ways of voting.

In the meantime this application I developed can be modified to work on kiosks that are easy to

setup and more languages can be added to cater for the 11 official languages in South Africa so

that the kiosks are customized to the language of the user and also have audio instructions so as

to assist the user on using the system.

The system was created with a voter‟s guide that can be given to voters when they register for

the next elections so they can familiarize themselves with the system they are going to be using

in the next elections.

51

9. List of Resources used during the production f the project

Visual studio 2008

Microsoft Office professional 2010

Windows 7 Ultimate

Fujitsu laptop li 3710

Printer

Internet – http://www.a1vbcode.com

Internet – http://www.elections.org.za

South African constitution

http://www.a1vbcode.com/

52

Bibliography

Bellare.M, R. Canetti, and Krawczyk.H, 1996. „Keying hash functions for message

authentication.In Advances in Cryptology:‟ Proceedings of CRYPTO ‟96, pages 1–15. Springer-

Verlag

Bernstein.H,(1978),For their triumphs and for their tear: conditions and resistance of women in

apartheid South Africa,International defence and Aid Fund, London

Boneh.D, Franklin.M,2003, „Identity-Based Encryption from the Weil Pairing‟ retrieved October

12, 2010, from www.springerlink.com/content/bf5j8nhdp32pxqgy/

Cramer.R, Shoup.V, 2001, ‘Universal Hash Proofs and a Paradigm for Adaptive Chosen

Ciphertext Secure Public-Key Encryption‟, retrieved October 12, 2010, from psu.edu

DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008

11:58:39, from DSDM consortium

Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies

Finkelstein.A, Kramer.J and Nuseibeh.B (1994). Software Process Modeling and Technology,

Research Studies Press Ltd. Taunton, Sommerset, UK.

Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in

action, McGraw Hill, London

Gibson, R. 2001. „Elections online: Assessing internet voting in light of the Arizona Democratic

Primary‟, Political Science Quarterly 116(4): 561-583

Goodchild. J, 2010,‟E-Voting: how secure is it?‟, CSO Online, Retrieved October 28,2010, from

www.verifiedvotingfoundation.org/article.php?id=6799

Law. A.M and KeltonW.D (2000). Simulation Modeling and Analysis, 3rd Edition, McGraw-

Hill,NY.

Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Education

Inc, United States of America

Pressman, R.s, 2005, Software engineering: A practitioner‟s approach sixth edition, McGraw

Hill, America

Rubin.A.D, 2010, Security considerations for remote electronic voting. Communications of the

ACM, Retrieved September 14, 2010, from http://avirubin.com/e-voting.security/

53

Schneier.B (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C,

JohnWiley & Sons, New York

The voting process [Image] 2010. Retrieved October 2, 2010 from

http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10

0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink

The counting process [Image] 2010. Retrieved October 2, 2010 from

http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10

0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink

Stapleton. J, (2003), DSDM Business Focused Development, second edition, Addison Wesley, Great

Britain

http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=100&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink




54

Appendix

Appendix A

Prototype

IEC voting system

1. The login interface for the IEC officials

Figure A- 1

55

Figure A- 2

56

4

Figure A- 3

57

Figure A- 4

58

Figure A- 5

59

Figure A- 6

60

Figure A- 7

61

Appendix B

Questions that were asked the testers of the first prototype:

1. Is the system user friendly? Please explain your choice if no and suggest a better solution

2. Did you encounter any difficulties using the system, if you did which aspect

3. What are your comments on the graphical user interface

4. Were you impressed with the time it takes for the entire voting process

5. What are the security threats you identified

6. Is there anything in particular missing on the system that you would like added

7. Are there any suggestions you have that will make the system function at its best

62

Appendix C

IEC Administrators guide

63

Table of Contents 1. Login ....................................................................................................................................................... 64

2. Administrator menu, Figure b-2.............................................................................................................. 64

2.1 Select voting to allow the voters to vote ....................................................................................... 65

2.2 Select manage to access the management tasks ............................................................................ 65

2.3 Select exit to close the application ................................................................................................ 65

3. Adding a voter to the registered voters ................................................................................................... 65

Enter the details of the voter and press register ...................................................................................... 66

3. Broadcasting the votes ............................................................................................................................ 67

4. Print voting results .................................................................................................................................. 67

64

1. Login

Login details, Figure B-1

Username: administrator

Password: p@55word

2. Administrator menu, Figure b-2

65

2.1 Select voting to allow the voters to vote

2.2 Select manage to access the management tasks

2.3 Select exit to close the application

3. Adding a voter to the registered voters

Click the manage button, see Figure b-1 and it will take you to a menu with the register option,

select the register button, see figure b-3

66

Enter the details of the voter and press register

67

3. Broadcasting the votes

On Figure 3 select the display poll button and the following screen with the total tally will be

shown

Select back to go back or exit to close the application

4. Print voting results

On Figure b4 select the print button and the total votes will be print

68

Appendix D

69

Migrating from the traditional voting system will only be successful if the voters know how to

use the system, for transparency the system should be well explained and the users are guided on

how to vote

70

1. What do you need to vote?

You will only need your ID book and the voter registration number that was issued to you when

you registered

2. How do I vote?

2.1 Step 1

Enter your ID number on the text field and select your voter number and press next, if you are

unsure about the procedure please ask for assistance from any visible IEC official

71

An example of the data that you enter is below, see Figure A1-2

72

2.2.1 Step 2

A registered voter will be taken to the next screen, see Figure A2-3, on this screen you make the

selection of your choice for the candidate you seek to represent you in national government

73

2.2.2 Select the party you want to represent you at the local government

74

2.3 Step 3

Confirm the vote that you make by pressing confirm, Figure A2-5 and if the vote you made was

a mistake and you wish to change select change and it will repeat the voting process

75

2.4 Finish

The confirmation screen that you have voted, Figure A2-6

That is all you need to know about your new voting system, we trust that you will enjoy using

the system and it will be to your convenience. Striving to make the country better

76

Appendix E

The Gantt chart

Figure E- 1

77

Appendix F

User interface design

Figure F- 1

Figure F- 2

78

Figure F- 3

Figure F- 4

79

Figure F- 5

Figure F- 6

80

Figure F- 7

81

Figure F- 8

82

Appendix G

Test results

Figure G- 1

Figure G- 2

83

Figure G- 3

84

Appendix H

VoteSA: The diary

At the end of the first semester I started thinking up of topics in which my final project will be

based on. I had two ideas after I started thinking of what I could do, one idea was a school

management system and the other idea was a bus control system. I had to weight which one was

more feasible to produce, at the end of it all after consulting my lecture I discovered that the bus

system will be too complicated for the project as I only have 200 hours for the whole project and

I have other modules and assignments in between. I chose the school management system and to

start off I went to a school in my township to find out the daily operations and what in their daily

operations can be automated making use of the interview technique and the observation. Due to

delays on project proposal acceptance I deviated from my initial project plan and schedule that is

displayed in the gantt chart on Appendix E

30 June 2010

After all the research and studying of schools and how they operate I compiled my project

proposal and sent it to my supervisor

15 July 2010

I got a response from my supervisor and my project proposal was rejected due to the complexity

that was involved as I had included a financial system which is a completely new system . I went

back home and reworked on my title and the proposal.

16 July 2010

I consult a staff member Blessing Mdunge to find out how I can refine my proposal to be

accepted, he gave me a few pointers and again I went home to incorporate the new information

gained

85

19 July 2010

I get a link from my supervisor on a school management system currently being used in schools

around South Africa. My School tool was developed by Mark Shuttleworth and it is distributed

freely for schools

30 July 2010

I submit my new project proposal with a new project title after I spent a few days researching on

similar tools

02 August 2010

Get a response from my supervisor and she is still not impressed with my proposal due to my

title being too vague and using ambiguous words, depressed and worried I went home and

thought about exactly how I could meet the requirements of the project, I read through the book

on how to achieve success in your project and using guidelines from the book I went on working

on my proposal with more knowledge of what is expected

03 August 2010

Continue working on my project proposal and title to try and add functionality that is new and

unique to existing systems, research on the internet

04 August 2010

Got an E-mail from my supervisor rejecting the refinements I made on the proposal and I decide

with time running out to change my topic all in all to a voting system with face recognition

techniques

05 August 2010

I submit the idea but my supervisor advises me against doing so as internet voting is broad and

risky due to the risks on the internet so I changed my approach to digital voting

86

10 August 2010

Visit the IEC website to find out how voting is conducted in South Africa and the procedures

involved in the voting and the Wikipedia site on South Africa as whole

15 August 2010

Display understanding in connecting to a database

25 August 2010

Coding standards and process tool

02 September 2010


05 September 2010

Create prototype and see what functionality the system will have from the requirements analysis

09 September 2010

Do more research and design the application

05 October 2010

Communication with my supervisor is terminated by my supervisor stating that we should

communicate through a third party

08 October 2010

I start with the coding to my voting system

20 October 2010

I start with my final report whilst still coding as I‟m encountering many errors and failing to

isolate them

87

26 October 2010

I get assisted by Blessing Mdunge my lecturer with some errors I was experiencing

29 October 2010

I finish coding completely and publish the my application

30 October 2010

I test the application through installation and run it on the working environment and do not

discover any errors I am happy with the test and continue with my documentation

31 October 2010

Create the voter‟s guide and the administrator‟s manual

Continue typing my final report

01 November 2010

Submit my final report

88

Appendix I

Project Proposal

Postgraduate Final year project proposal

Title: Implementing a windows-based application for the South African voting system focusing

on encryption techniques

Name: Fulufhelo Miswe

Programme of Study: BSc Business Information Technology

Topic area: Computing, Networking security, Application development, Database

Date Proposal Submitted: 17th

August 2010

Project hand-in date: 1st November 2010

89

1. Background

Voting is a democratic right that should be conducted in the true sense of the word “democracy”,

electing freely the person/party to represent you in the government and this right is infringed

when there is fraud in the conducting of voting by officials using means such as losing ballot

papers and replacing ballot papers.

In the most recent presidential elections in South Africa there were reports of attempts to switch

ballot papers in the KwaZulu-Natal region by the IFP political party, though the claims were

never validated, this proves the vulnerability of the paper based voting system as a party can

have pre-marked ballot papers that could be posted in the voting boxes or also switching the

ballot papers as seen in our neighboring country Zimbabwe. The paper-based system depends on

the integrity of the officials and coordinators who would also love their preferred parties in

power, as known South Africa is a country with a high corruption rate. The coordinators are

volunteers which makes it easy for them to accept bribes and be corrupted.

Furthermore the fact that the voting system is paper-based so the counting of the votes is done

manually after the papers are collected from all different voting stations which as well consumes

resources and opens room for fraud on the voting papers during transportation or counting. South

Africa is country with a population of close to 50 million with half of them voting it is surely

time consuming counting the votes and has an element of human error in it

I am proposing that I develop a windows-based application that will handle the voting system

and phase out the traditional paper-based voting system. The digitalized voting system will

counter the above mentioned vulnerabilities by removing most of the human element in key

areas of the voting system as the counting of the votes and transportation of the ballot papers.

The system will allow the user to cast their votes, select their preferred national and provincial

candidates and then exit for the next voter, this process will be looped till the last voter at the

voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed

take place. Every hour the application sends an encrypted file of the votes to the main server for

that region for the overall counting of the votes and then displayed in public mediums for the

notifications of the polls

2. Key phrases: IEC, Voting, Election, National election, Provincial election, implementing,

windows-based, application, South African voting system, encryption techniques

90

3. Preliminary investigation

SDLC:

In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is

due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book

was published in 2001 which is a nine years back and there has been more developments in

methodologies however what I picked reading through was the author of the book supports

waterfall more than any other model that was discussed in the textbook which is due to the time

the book was published. At that time waterfall was seen as an industry benchmark, a tried and

tested approach even if it had flaws that the author discussed like its lack of iteration in

development and lack of interaction with the user which a more recently used and accepted

methodology(DSDM) states are the key elements to a successful project. The author prefers

waterfall due to the fact that it offers simplicity in gathering requirements and the ease in

planning out the set out stages.

From my analysis of the article waterfall offers a step down approach where requirements from

one stage are complete before moving on to the next stage, forcing each stage to be completed in

isolation and nothing can be done before all the previous stages are complete and it‟s very hard

to change requirements as there is no iteration so when one stage is closed there cannot be any

changes or modifications made. Furthermore waterfall only shows the top level stages of a

project it does not show a realistic view of the project detailed.

In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the

author does not go into detail, after analyzing this lifecycle model I realized that it is the same

life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses

more on testing. Testing is what makes the v-model better than the waterfall model which it

originated from though the author does not explain this model with the same enthusiasm due to

the fact that traditionally waterfall was widely accepted and trusted so project managers where

more comfortable with it. The testing linked with each stage is good as it tests to see if all the

requirements for that stage have been met. From observation and in depth analysis the

contrasting fact between the V-model and the waterfall is that waterfall model focuses on

documents and the artifacts and V-model focuses more on being correct on delivering a project

hence the testing stages.

91

The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one

stage to the other. From my analysis waterfall model is ideal to use in situations where the

requirements are well defined and won‟t change as it lacks iteration so the initial requirements

are what the final product will be based on. After reviewing articles from different authors I have

come to the conclusion that the waterfall model does not suit an IT project as the requirements

are forever changing and it will be hard for me to develop my project using waterfall model only

which is supported by the reasons stated by pressman why waterfall model projects fail being

that users rarely know what they want and once you move from one stage you cannot go back to

rectify whatever mistake you could have made

Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author

expressed interest in prototyping due to the fact that requirements can be changed which

compared to the waterfall and the V-model it has an advantage as they do not change

requirements therefore making it impossible to modify the system but prototyping the user can

get a rough sketch of the final product and change what they do not like. From my analysis

Prototyping is good as it has more interaction with the user

(Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the

model as their definition of prototyping below states that it shows an upcoming product

They define a prototype as “an early version of the system that exhibits the essential features of

the later operational system”

From analyzing both publications Information Systems Development methods in action and

Software engineering theory and practice second edition prototyping has repetition and changes

to requirements that make it ideal to developing projects that meet requirements better than the

waterfall or V-model

The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not

offer any new tools or techniques but its advantage is in the way RAD uses the available

techniques with different management principles. The authors regard RAD as a fast growing and

it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of

operation. RAD uses small empowered teams and the user is well-involved

According to the authors the following is the lifecycle of a RAD project

RAD is said to offer advantages as Speed production, low cost and iteration

92

The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other

methodology by use of the statement”… which is of especial interest to us is the dynamic

systems development method...” They justify their preference of this method due to its origins,

from actual development practice in organizations. Due to DSDM being a framework than a

traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM

consortium

The lifecycle has 5 core stages:

Feasibility study

Business study

Functional model iteration

Design and build iteration

Implementation

The DSDM consortium describes DSDM as a framework that is based on trial and error from

experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools,

by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM

consortium allows for DSDM to be integrated with other methodologies to develop more

powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a

more robust and rigorous framework

Due to the publication being a DSDM consortium they do not cater for other methodologies they

strictly focus on their methodology

After analyzing all the discussed methods I am considering DSDM, prototyping and the RAD

methods based on the lack of research on the project I will not select a methodology now but the

methodologies I‟m considering offer rapid development which is ideal for my project due to the

project time constraints and the ability to change requirements gives me an advantage as the

project requirements are being modified daily.

93

Industry Research:

Currently the voting in South Africa is conducted by the IEC (Independent Electoral

Commission) which is responsible for the distribution of the ballot papers, the election process

and the counting of the votes. Mostly its employees are volunteers from the regions.

Across the world ways of improving on this traditional method of voting are being explored and

there have been breakthroughs in the form of voting over the internet known as eVoting.

However this method has proved it is vulnerable to multiple threats whereby the users had more

rights than required and the users were voting non-stop without any detection of multiple votes

cast by one user. eVoting proved to be dangerous because there was no way of validating the

voter is who they claim to be and people with power could force people to vote as this voting is

conducted over the internet which eliminates the democracy in voting

Security is a threat around the use of the internet whether it accessing a personal email account

or trying to purchase or sell something over the internet, there is a threat of someone intercepting

the transaction. The voting system will use an internet connection to send the votes over a

network, the vote file that will be sent will be encrypted.

Encryption is a form of network security that protects packets that are being sent over the

network by encoding information that can be decoded only by the recipient with a code (Tyson,J.

2001). Computer encryption is based on cryptography but the most recent computer encryption is

based on algorithms so as to decrease the risk of security weakness from human-based codes

which were the earliest methods of encryption.

Technology, Product review, Trends

There are two types of computer encryption which could be symmetric-key encryption which

requires two computers to have the same key in order to communicate between each other

(Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before

it sends it over the network, however as the person sending the data you must know which

computers will be communicating so the key can be installed in both computers. The keys started

as DES 56 bit in the 1970‟s and are currently on 256 bit keys

The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a

public key and a private key. The computer keeps the private key for itself and issues the public

key to the computer that wishes to communicate with it. The key pair is based on prime numbers

which gives an infinite number of possibilities making it a good form of encryption.

Currently in the market there is a program called pretty good privacy that allows the user to

encrypt data.

94

The voting industry is failing to move from the traditional way of paper-based voting system not

only in South Africa but across the world even with attempts to move to eVoting the countries

and government officials are skeptical due to the risks that come with this kind of process, lack

of security, weak cryptography but with the advancement of technology the industry will soon be

digitalized and the paper-based method phased out.

eVoting consists of many forms, it can be done over the internet or using digital systems as

voting kiosks and DRE‟s, currently in the market are the following methods of electronic voting:

Voting over the internet: critics do not advise this method of eVoting due to the threat posed by

hackers that can intercept the process and create fake votes

Optical scanning voting system - When the user votes using the computer and the computer

prints out the votes and the voting officials take all the printed ballots to one location and

manually count them, similarly an electronic device scans and tabulates the results.

DRE (Direct-recording electronic voting system):

A direct-recording electronic (DRE) voting machine captures votes using a ballot display

provided with mechanical or electro-optical components that can be activated by the voter that

processes data with computer software; they use memory components to record voting data and

ballot images. After the election it tabulates the voting data stored in a removable memory

component and as printed copy. The system may also provide a means for transmitting

individual ballots or vote totals to a central location for consolidating and reporting results from

precincts at the central location. These systems use a precinct count method that tabulates ballots

at the polling place. They typically tabulate ballots as they are cast and print the results after the

close of polling

95

4. Objectives

The project aims to:

Digitalize the current paper-based voting system by creating an application that allows

the users to vote electronically on a computer or voting kiosk, tabulate results and send

the results to a central location thereby phasing out the element of human manual

counting of votes and transporting of ballots to a central location.

Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting

body in South Africa, Research programming algorithms, research on the programming

environment appropriate to program the application

Deliverable: Literature review, Interim report content, a programming environment and tools

to program the application selected


Activity: Research, data modeling

Deliverables: Use case, requirements catalogue, data and process models

Speed up the counting of votes by creating an application that tabulates the results of the

votes

Activity: Programming algorithms analysis

Deliverable: a programming algorithm

Store/Backup voting polls

Activity: Research on servers

Deliverable:

Eliminate the human element in the voting process

Activity: Design a voting application that has minimal human interference

Deliverable: A windows based application

Provide secure democratic elections

Activity: Explore security threats, isolate the threats and test the vulnerability of the system

against the threats

Deliverable: A threat proof application that is tested against vulnerabilities

96

Eliminate the vulnerabilities in paper-based voting system

Activity: security research and effectiveness of the digital voting system, testing criteria

Deliverable: Test criteria, acceptance criteria

5. Resources and Courses taken that will help with the project

Resources

The following resources are needed for the project:

Desktop Computer and printer( entry level)

SQL Server

Access to the internet

Visual studio ( Visual basics)

Microsoft office suite( Project, Visio, Word, Access)

People

Information

Courses:

Systems Analysis and design

Database design and implementation

Project Management

Visual basics

Internet Server Management

97

6. Ethical Consideration

Neutral:

The application should not take the views of one political party and promote it or resemble the

colors or emblem of a party or any material that will promote the party on the application

Appropriate:

The application should be relevant, simple and straight forward to cater for all users of all

eligible voting ages

Transparency:

Explaining exactly how the system works the users and making sure that the system appeals to everyone

who will use it

Voter fraud

The uses need to be guaranteed that their vote will be acknowledged and recognized and there will not

be any failure delivering their votes

Anonymity:

The users need to be assured the vote cannot be linked back to them

98

7. Schedule of activities

TASK DESCRIPTION DURATION

Investigation Carry out an investigation on

the South African voting

system and the technology that

will be required

9 days

Development Software Acquire and familiarize

myself with the software

required for the whole system

28 days

Analysis Analyze the data and produce

a well-defined systems

requirements document

8 days

Design and Coding Creating the voting system by

implementing design and

coding

11 days

Testing Testing the voting system on

multiple computers by

simulation of the voting

process

3 Days

Initial report The first report on the voting

system

8 days

Final report A report with all the

documentation and the

conclusion and the outcome of

the project

10 days

99

Reference:

DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008

11:58:39, from DSDM consortium

Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies

Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in

action, McGraw Hill, London

Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Educatio,

Inc,United States of America

Pressman, R.s, 2005, Software engineering: A practitioner‟s approach sixth edition,

McGraw.Hill, America

votesa final report(000627624)

Documents

independent

small empowered

electronic

high corruption

oldest lifecycle

software engineering

interim report

switch ballot