Implementing a windows-based application for the South African voting system focusing on encryption techniques

Name: Fulufhelo Miswe Student No: 000627624 BSc. Business Information Technology 01 November 2010

10,731 words

A dissertation submitted in partial fulfillment of the requirements for the University of Greenwichs Bachelor of Science Degree in Business

Information Technology

Coursework Header Sheet 173150-11

Course Coursework Tutor

COMP1181: Dept of IS & MM UG Project Project - CTI Randburg - DEC 10 - AC K Jamil

Course School/Level Assessment Weight Submission Deadline

CM/UG 100.00% 18/11/2010

Coursework is receipted on the understanding that it is the student's own work and that it has not, in whole or part, been presented elsewhere for assessment. Where material has been used from other sources it has been properly acknowledged in accordance with the University's Regulations regarding Cheating and Plagiarism.

000627624 Tutor's comments

Grade Awarded___________ For Office Use Only__________ Moderation required: yes/no Tutor______________________

Final Grade_________ Date _______________

Abstract
Voting fraud is increasing in the elections around the world in countries that are still stuck to the traditional ballot paper elections despite the advancement in technology. This project was undertaken with the aim to create an application that exercises strong and secure encryption algorithms to eliminate the current paper ballot voting system in South Africa. The solution came after research, investigation and analysis of similar alternative systems that are in the market as iVoting, DRE (Direct-recording electronic) voting system and voting over virtual private networks. In the project I acknowledge that any voting system should be secured hence the research surrounding encryption is included in the development of the project to select the safest method of encryption. The system was developed using Visual basics 2008 and Microsoft Access. Requirements were gathered using RAD techniques and tools as the requirements catalogue to determine what functionality the system. I developed the system based on my knowledge of databases that I acquired in the previous 2 and half years and visual basics which was a module I did in my first year. The analytical skills used in this project I gained through courses from my degree. The application has major room for development as it could be developed for the client IEC according to their specifications. Given more time and research further advancements can be made and enhancements made to adjust to the fast moving technological world and needs. Please note, any supporting material to this report has been included in the zip file including the source code to the application, the application install file and the database.

Acknowledgements

Firstly I would like to thank my parents for making it possible that I study and the support they continuously give me through life and my academics. My friends and family played a vital role in pushing me to do my best and focusing on the project. The staff of CTI Randburg as a whole was supportive and especially Blessing Mdunge and Colin Chaplin for helping me find the way when all navigators seem to have failed me. My fellow students made it easier and enjoyable it was fun working with them and I thank them for making it a great academic year. Above all I thank GOD almighty for bringing me to this day that I complete my project and giving me the strength to go on.

Table of Contents
Abstract ......................................................................................................................................................... 3 Acknowledgements ....................................................................................................................................... 4 1. List of Figures ........................................................................................................................................... 8 2. List of Tables ............................................................................................................................................ 9 3. List of Abbreviations and terms of reference .......................................................................................... 10 4. Introduction ............................................................................................................................................. 11 5. Literature review ..................................................................................................................................... 13 5.1 Introduction ....................................................................................................................................... 13 5.2 Methodology and method research ................................................................................................... 13 5.3 Chosen Methodology and Structured method ................................................................................... 17 5.4 Current Voting Process ..................................................................................................................... 18 5.5 Trends in voting systems .................................................................................................................. 18 5.6 Encryption ......................................................................................................................................... 18 6. Objectives ............................................................................................................................................... 20 6.1 Main Objectives ................................................................................................................................ 20 6.2 SDLC Objectives: ............................................................................................................................. 21 7. Description of work done ........................................................................................................................ 22 7.1 System Analysis ................................................................................................................................ 22 7.1.1 The current voting system .......................................................................................................... 22 7.1.2 Advantages of the current voting system ................................................................................... 24 7.1.3 Disadvantages of the current system .......................................................................................... 25 7.1.4 Current similar system ............................................................................................................... 25 7.2 System requirements ......................................................................................................................... 27 7.2.1 Legal, Ethical and constitutional considerations ........................................................................ 27 7.2.2 Requirements definition ............................................................................................................. 28 7.2.3 Classes for development users ................................................................................................... 31 7.2.4 The Use case .............................................................................................................................. 32 7.2.5 Entity Relationship diagram....................................................................................................... 34 7.2.6 Data Flow Diagram .................................................................................................................... 36 7.3 Preliminary System Design............................................................................................................... 39 7.3.1 High level system architecture design........................................................................................ 40 5

7.3.2 User interface design .................................................................................................................. 41 7.4 Initial Prototype ................................................................................................................................ 42 7.4.2 Feedback ........................................................................................................................................ 43 7.4.3 Requirements refinement ............................................................................................................... 43 7.5 Design new prototype ....................................................................................................................... 43 After the results from the first prototype I redesigned the interface and coded the application for the new prototype which was my second iteration. ...................................................................................... 43 The new prototype met all the requirements when tested as shown in section 7.6 ................................. 43 7.6 Testing............................................................................................................................................... 44 7.6 Summary and Presentation of results ................................................................................................ 46 8. Conclusion .............................................................................................................................................. 47 8.1 Discussion on the out come .............................................................................................................. 47 8.2 Conclusion ........................................................................................................................................ 48 8.3 Lessons Learnt .................................................................................................................................. 49 8.3 Recommendations, What can be done to further improve the system? ............................................ 50 9. List of Resources used during the production f the project .................................................................... 51 Bibliography ............................................................................................................................................... 52 Appendix ..................................................................................................................................................... 54 Appendix A ............................................................................................................................................. 54 Appendix B ............................................................................................................................................. 61 Appendix C ............................................................................................................................................. 62 1. Login ....................................................................................................................................................... 64 2. Administrator menu, Figure b-2.............................................................................................................. 64 2.1 Select voting to allow the voters to vote ....................................................................................... 65 2.2 Select manage to access the management tasks ............................................................................ 65 2.3 Select exit to close the application ................................................................................................ 65 3. Adding a voter to the registered voters ................................................................................................... 65 Enter the details of the voter and press register ...................................................................................... 66 3. Broadcasting the votes ............................................................................................................................ 67 4. Print voting results .................................................................................................................................. 67 Appendix D ............................................................................................................................................. 68 Appendix E ............................................................................................................................................. 76 6

The Gantt chart ................................................................................................................................... 76 Appendix F.............................................................................................................................................. 77 User interface design........................................................................................................................... 77 Appendix G ............................................................................................................................................. 82 Test results .......................................................................................................................................... 82 Appendix H ............................................................................................................................................. 84 VoteSA: The diary .............................................................................................................................. 84 Appendix G ............................................................................................................................................. 88 Project Proposal .................................................................................................................................. 88

1. List of Figures
Figure 1(Image from www.iec.co.za) ......................................................................................................... 23 Figure 2(image accessed from www.iec.co.za) .......................................................................................... 24 Figure 3 ....................................................................................................................................................... 36 Figure 4 ....................................................................................................................................................... 37 Figure 5 ....................................................................................................................................................... 39

Figure A- 1 .................................................................................................................................................. 54 Figure A- 2 .................................................................................................................................................. 55 Figure A- 3 .................................................................................................................................................. 56 Figure A- 4 .................................................................................................................................................. 57 Figure A- 5 .................................................................................................................................................. 58 Figure A- 6 .................................................................................................................................................. 59 Figure A- 7 .................................................................................................................................................. 60

Figure E- 1 .................................................................................................................................................. 76

Figure F- 1 .................................................................................................................................................. 77 Figure F- 2 .................................................................................................................................................. 77 Figure F- 3 .................................................................................................................................................. 78 Figure F- 4 .................................................................................................................................................. 78 Figure F- 5 .................................................................................................................................................. 79 Figure F- 6 .................................................................................................................................................. 79 Figure F- 7 .................................................................................................................................................. 80 Figure F- 8 .................................................................................................................................................. 81

Figure G- 1 .................................................................................................................................................. 82 Figure G- 2 .................................................................................................................................................. 82 Figure G- 3 .................................................................................................................................................. 83

2. List of Tables
Table 1 ........................................................................................................................................................ 42 Table 2 ........................................................................................................................................................ 44

3. List of Abbreviations and terms of reference

DBMS Database Management System
DFD Data Flow Diagram DRE Direct-Recording Electronic DSDM - Dynamic Systems Development Method

eVoting electronic voting GUI Graphical User Interface

ID Identity Document

IDE Integrated Development Environment

IEC Independent Electoral Commission

IFP Inkatha Freedom Party IT Information technology iVoting iVoting is the casting of a secure and secret electronic ballot that is transmitted to election officials over the Internet as stated in (Gibson,2001)
LAN Local Area Network

RAD Rapid Application Development SQL - Structured Query Language SSADM Structured Systems Analysis and Design Method

10

4. Introduction
As technology further advances the single most important aspect in the running of a country has failed to progress parallel to the technological advancement. South Africa has a young democracy with its first ever free and fair elections being hosted 16 years ago in 1994, which could explain the reason there has not been much advancement from the conventional voting route, prior to democracy in the apartheid regime (which ruled between 1948 and 1994) only those of white skin were permitted to partake in the voting process (Bernstein.H) and there was very little choice between the parties to vote for. In 1994 when the apartheid laws were burnt and South Africa had its first ever elections as a democratic country, this was a part of its new constitution post-apartheid where all citizens were equal and every eligible citizen has the right to exercise their vote to select whom so ever they please to govern them(SA Constitution). After the apartheid government the IEC (Independent electoral commission) was in charge and still is in charge of the voting system in South Africa. In the most recent (2009 general elections) presidential elections in South Africa there were reports of attempts to switch ballot papers in the KwaZulu-Natal region by the IFP (Inkatha Freedom Party) political party, though the claims were never validated, this proves the vulnerability of the paper based voting system as a party can have pre-marked ballot papers that could be posted in the voting boxes or also switching the ballot papers as seen in our neighboring country Zimbabwe. The paper-based system depends on the integrity of the officials and coordinators who would also love their preferred parties in power, as known South Africa is a country with a high corruption rate. The coordinators are volunteers which makes it easy for them to accept bribes and be corrupted. The current voting system requires that the ballots be transported to a central chosen municipal area center for the counting and computing of the votes, during this process the votes can be intercepted by criminal groups, the votes can be changed during transportation. The dependence in the humans to manually control the entire voting process without use of any IT (information technology) reduces the integrity of the entire process as it is known, human beings make mistakes. Furthermore the fact that the voting system is paper-based means that the counting of the votes is done manually, which takes time as all voting ballots have to be assembled in one center and then separated for the counting and then counted again for verification, a computer application
11

would consist of sorting and calculating algorithms that would compute the results in a matter of minutes for the entire country after completion of the voting process. The ballot collection from all different voting stations consumes resource. South Africa is country with a population of close to 50 million with 17,680,729 of them voting it is surely time consuming counting the votes. I have that I develop a windows-based application that will handle the voting system and phase out the traditional paper-based voting system. The digitalized voting system will counter the above mentioned vulnerabilities by removing most of the human elements in key areas of the voting system as the counting of the votes and transportation of the ballot papers. The system will allow the user to cast their votes, select their preferred national and provincial candidates and then exit for the next voter, this process will be looped till the last voter at the voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed take place. Every hour the application sends an encrypted file of the votes to the main server for that region for the overall counting of the votes and then displayed in public mediums for the notifications of the polls. The proposed system will function and comply with the constitution regulations to elections, there will be an element of anonymity every voters vote is a secret and the system will ensure that the voters vote is a secret and ensure the voters vote is counted. I understand that the voting application will involve sending data over the network and the authenticity of information being sent over the network is important (Bellare.M, Canetti.R and Krawczyk.H, 1996). An authentication scheme that is of the highest quality will be discussed and chosen as the voting process determines the future of the nation. It is a process that cannot afford to have any vulnerability with attackers and hackers on the internet that can temper with the votes and lead to the wrong party being put in power which will not be the will of the people.

12

5. Literature review
5.1 Introduction
This literature review aims to discuss the possible Systems development life cycles (SDLC) that could be used in developing the Voting system and select the ideal SDLC based on what will be discussed along with structured methods

5.2 Methodology and method research

The following research into various methodologies will help me select the methodology that will best serve my project taking into account the views of different authors o similar methodologies, this gives me a better indication of the real advantages and disadvantages of each method and methodology In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book was published in 2001 which is a nine years back and there has been more developments in methodologies however what I picked reading through was the author of the book supports waterfall more than any other model that was discussed in the textbook which is due to the time the book was published. At that time waterfall was seen as an industry benchmark, a tried and tested approach even if it had flaws that the author discussed like its lack of iteration in development and lack of interaction with the user which a more recently used and accepted methodology(DSDM) states are the key elements to a successful project. The author prefers waterfall due to the fact that it offers simplicity in gathering requirements and the ease in planning out the set out stages. From my analysis of the article waterfall offers a step down approach where requirements from one stage are complete before moving on to the next stage, forcing each stage to be completed in isolation and nothing can be done before all the previous stages are complete and its very hard to change requirements as there is no iteration so when one stage is closed there cannot be any changes or modifications made. Furthermore waterfall only shows the top level stages of a project it does not show a realistic view of the project detailed.

13

In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the author does not go into detail, after analyzing this lifecycle model I realized that it is the same life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses more on testing. Testing is what makes the v-model better than the waterfall model which it originated from though the author does not explain this model with the same enthusiasm due to the fact that traditionally waterfall was widely accepted and trusted so project managers where more comfortable with it. The testing linked with each stage is good as it tests to see if all the requirements for that stage have been met. From observation and in depth analysis the contrasting fact between the V-model and the waterfall is that waterfall model focuses on documents and the artifacts and V-model focuses more on being correct on delivering a project hence the testing stages. The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one stage to the other. From my analysis waterfall model is ideal to use in situations where the requirements are well defined and wont change as it lacks iteration so the initial requirements are what the final product will be based on. After reviewing articles from different authors I have come to the conclusion that the waterfall model does not suit an IT project as the requirements are forever changing and it will be hard for me to develop my project using waterfall model only which is supported by the reasons stated by pressman why waterfall model projects fail being that users rarely know what they want and once you move from one stage you cannot go back to rectify whatever mistake you could have made Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author expressed interest in prototyping due to the fact that requirements can be changed which compared to the waterfall and the V-model it has an advantage as they do not change requirements therefore making it impossible to modify the system but prototyping the user can get a rough sketch of the final product and change what they do not like. From my analysis Prototyping is good as it has more interaction with the user (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the model as their definition of prototyping below states that it shows an upcoming product

14

They define a prototype as an early version of the system that exhibits the essential features of the later operational system From analyzing both publications Information Systems Development methods in action and Software engineering theory and practice second edition prototyping has repetition and changes to requirements that make it ideal to developing projects that meet requirements better than the waterfall or V-model The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not offer any new tools or techniques but its advantage is in the way RAD uses the available techniques with different management principles. The authors regard RAD as a fast growing and it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of operation. RAD uses small empowered teams and the user is well-involved The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other methodology by use of the statement which is of especial interest to us is the dynamic systems development method... They justify their preference of this method due to its origins, from actual development practice in organizations. Due to DSDM being a framework than a traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM consortium The lifecycle has 5 core stages (DSDM Consortium, 2008 ): Feasibility study Business study Functional model iteration Design and build iteration Implementation The DSDM consortium describes DSDM as a framework that is based on trial and error from experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools, by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM consortium allows for DSDM to be integrated with other methodologies to develop more

15

powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a more robust and rigorous framework Due to the publication being a DSDM consortium they do not cater for other methodologies they strictly focus on their methodology
When developing a project it is essential to select not just the methodology but the structured method as well. Structured methods have tools and techniques that support the methodology. One of the most widely used structured methods is the SSADM (Structured Systems Analysis and Design Method) (Weaver.P,2004). SSADM uses tools that help define the project

The waterfall model is an old model which goes as far back as the 1970(Weaver.P,2004) it was introduced to create a formal method of the software development process, it follows a strict stage to stage process, illustrated in Figure1.In each stage the products are verified before proceeding to the next stage but in reality tasks of different stages often overlap. There is no repeating of stages so it makes it hard to refine or add requirements thus it is used by big companies that have analysts who can gather requirements fully in one stage and the requirements are clear and less likely to change A model that implements iteration in its stages is the spiral model, it is ideal for when the requirements are unclear and uncertain (Weaver.P,2004). The iteration process involves drawing up high-level requirements and creating a prototype for the requirements, after analyzing the prototype the requirements are checked and modified then new requirements are created and another prototype is developed until the requirements are met fully and the can be no further refinement this process is repeated

16

5.3 Chosen Methodology and Structured method

After careful consideration and the literature review on the different types of development methodology and methods associated with the methodology I decided I will use the Spiral life cycle to develop my system and use a hybrid method for the structured method combining techniques from the RAD method and SSADM. After reading through (Weaver.P, 2004) I found it is common amongst students to creating a hybrid method or a highly customized method. I chose spiral as it will allow me to create prototypes and to go back and forth refining my requirements, as a student I do not have enough experience or knowledge that will allow me to gather all the requirements in a single take, so the flexibility of the spiral model of getting requirements and working with what I have will allow me to program the requirements and fill in what is missing and change according to what the supervisor requires of me till the system meets all the requirements and does all it is supposed to. The RAD tools that I will use will allow me to gather the requirements and present the information in a structured manner from the tasks of each class and the use case that will state who does what on the system. To show flow of the system I decided to use the data flow diagram from the SSADM method.

17

5.4 Current Voting Process

Currently the voting in South Africa is conducted by the IEC (Independent Electoral Commission) which is responsible for the distribution of the ballot papers, the election process and the counting of the votes. Mostly its employees are volunteers from the regions. 5.5 Trends in voting systems
The problems in traditional voting methods have opened room for discovery of new methods and systems to cast a vote (Kohno.T, Stubblefield.A and Rubin.A.D, 2003). Across the world in developed countries as the United States they have started implementing on trial bases the iVoting system which is

the casting of a secure and secret electronic ballot that is transmitted to election officials over the Internet as described in (Gibson, R. 2001). In the year 2003 France joined the revolution and tried to implement the iVoting system and in 2006 there were reports of Estonia as the first to host iVoting elections successfully, thus far iVoting is being implemented in developed countries as iVoting requires a great deal of technology to conduct, you will need a safe computer with no viruses, a fast computer that can connect to the internet fast and will not fail during the voting process so high speed connection is required. With iVoting it allows citizens of the country to vote from any part of the world as it is being implemented in the United States of America (Alan, 2005) the American citizens can take part in elections from anywhere in the world provided they have the requirements and registration. Though there have been studies on the use of electronic voting systems these studies warn against the use of this method due to the ever increasing challenges posed by information technology(Kohno.T, Stubblefield.A and Rubin.A.D, 2003).

5.6 Encryption
There are two types of computer encryption which could be symmetric-key encryption which requires two computers to have the same key in order to communicate between each other (Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before it sends it over the network, however as the person sending the data you must know which computers will be communicating so the key can be installed in both computers. The keys started as DES 56 bit in the 1970s and are currently on 256 bit keys

18

The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a public key and a private key. The computer keeps the private key for itself and issues the public key to the computer that wishes to communicate with it. The key pair is based on prime numbers which gives an infinite number of possibilities making it a good form of encryption. Currently in the market there is a program called pretty good privacy that allows the user to encrypt data. Many cryptographic techniques are discussed in studies (Bellare.M, R. Canetti, and Krawczyk.H, 1996), (Boneh.D, Franklin.M, 2003), (Cramer.R, Shoup.V, 2001) with reference and focus on the mathematical aspects of the encryption. These studies focus on calculations on how to protect data however they are not accurate as they have failed to successfully implement these findings in a practical project. Encryption is a complicated topic as the internet can never be safe from attacks and threats regardless of the best protection available as the same people that create the protection know a way around the protection and it is only a matter of time before other equally talented programmers figure out the loop holes, in essence anything that runs on an internet network cannot be rendered completely safe (Goodchild. J, 2010)

19

6. Objectives
6.1 Main Objectives The project aims to: Digitalize the current paper-based voting system by creating an application that allows the users to vote electronically on a computer or voting kiosk, tabulate results and send the results to a central location thereby phasing out the element of human manual counting of votes and transporting of ballots to a central location. Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting body in South Africa, Research programming algorithms, research on the programming environment appropriate to program the application Deliverable: Literature review, Interim report content, a programming environment and tools to program the application selected Eliminate the vulnerabilities in paper-based voting system Activity: security research and effectiveness of the digital voting system, testing criteria Deliverable: Test criteria, acceptance criteria Speed up the counting of votes by creating an application that tabulates the results of the votes Activity: Programming algorithms analysis Deliverable: a programming algorithm that will allow for the quickest way to display the results Eliminate the human element in the voting process Activity: Design a voting application that has minimal human interference Deliverable: A windows based application

20

 Provide secure democratic elections Activity: Explore security threats, isolate the threats and test the vulnerability of the system against the threats Deliverable: A threat proof application that is tested against vulnerabilities

6.2 SDLC Objectives: Requirements analysis Activity: Research, data modeling Deliverables: Use case, requirements catalogue, data and process models Code and implementation Activity: Coding the front end which consists of the user interfaces and designing the database that will store all the voting and the voters to avoid people who voted voting again Deliverable: A fully functional voting system with a connected database User Acceptance Testing Activity: Testing the system through other individuals Deliverable: Bugs or a well-tested system Prototyping Activity: Create prototypes Deliverable: prototypes of the proposed system

21

7. Description of work done

7.1 System Analysis

Analysis is a phase in the system development life cycle, in this phase of the project development the aim is to analyze current voting processes and systems so as to gather the requirements of the proposed system 7.1.1 The current voting system Any eligible citizen can take part in the voting process in South Africa, eligible as identified by the constitution of South Africa as above the age of 18. An eligible citizen registers to vote in upcoming elections before the elections on the day that the government has set out. On the day of the election the registered citizen will go to an IEC (Independent electoral commission) voting station to vote. The person provides a South African ID book or a temporary identity document to the voting officials, the voting officer verifies that the person is registered by checking the voters roll or they have a registration sticker valid to take part in the elections. Once it is proved that the person is eligible to vote, the persons name is ticked off the voters list and their ID (identity document) document is stamped on the second page and their thumbnail is marked with ink as a mechanism to ensure they do not vote again. The voter is then given two ballot papers one for the national elections and one for the provincial elections, the voter then finds an empty ballot booth and casts their vote in, they then fold their ballot paper so their selection is not visible, the voter then puts their ballot papers in the ballot box and the voting process is complete for the voter, see Figure 1.

22

Figure 1(Image from www.iec.co.za)

The counting process begins at the end of the voting process and it is monitored by party agents as IEC officials count each vote individually, at the end of the calculations the results are verified and the IEC publishes the winner of the elections which would be the party with the most votes, the ballot papers are packaged and sent to the local municipal electoral office, see Figure 2

23

Figure 2(image accessed from www.iec.co.za)

7.1.2 Advantages of the current voting system It is important to acknowledge the advantages of the current system so that the proposed system inherits all the good features that it can from the current system. I. Authentication-The fact that the voter has to provide their identity document means that there is a guarantee that the person has the right to vote and it is the correct person II. Freedom- The constitution on the bill of rights states that every citizen has the right to free and fair elections, when the voter goes to the election booth the person is alone and no one can interfere with the voter

24

III.

Anonymity (Kohno.T, Stubblefield.A and Rubin.A.D, 2003) The voter votes in the voting booth alone and there is no record or link to the voter after they deposit the ballot paper into the ballot box Integrity The voter can only vote once as they are inked on the thumb and their ID book is stamped

IV.

7.1.3 Disadvantages of the current system These are the factors the new system aims at tackling and eliminating I. Duration The voting process takes too long between the voting, counting and announcing the results of the election. II. Manual counting This process depends on the integrity of the voting officials and it is quite a tiring task counting the ballot papers, though there are officials who overlook the process computerized systems can be much more effective III. Fraud In the most recent elections the IFP (Inkatha Freedom Party) was accused of inserting ballot papers already marked in the ballot boxes and in our neighboring country Zimbabwe there has been claims of rigged elections but due to lack of proof it is hard to prove such IV. Security The ballots are transported to a counting center which they can be intercepted whilst being transported 7.1.4 Current similar system eVoting consists of many forms, it can be done over the internet or using digital systems as voting kiosks and DREs, currently in the market are the following methods of electronic voting: Voting over the internet: (Mercuri.R, 2000) critics do not advise this method of eVoting due to the threat posed by hackers that can intercept the process and create fake votes and there are people who sell their votes as an attempt to make money and it will be hard to verify that the person is making the vote freely and willingly over the internet as they can be intimidated to cast a vote and the factor of security is still worrying when it comes to voting on the internet as some systems do not enforce good security standards

25

Optical scanning voting system - When the user votes using the computer and the computer prints out the votes and the voting officials take all the printed ballots to one location and manually count them, similarly an electronic device scans and tabulates the results. DRE (Direct-recording electronic voting system): A direct-recording electronic (DRE) voting machine eliminate papers from the voting process completely however they adopt the same process when it comes conducting the voting process, the user goes to the voting station and provides their identification and after the verification of the voter the voter is directed to a terminal to cast their vote in, the DRE presents the voter with the possible candidates and the user makes a selection to proceed the DRE asks the user to confirm the choice and after this the choice is stored and it is the end of the voting process for one voter. The DRE is safe as it is not involved in networking through the internet, The only threat to the DRE is the programmers and the officials that are conducting the voting process hence a process has been introduced whereby the DRE prints the paper version and it is placed in a ballot box for the counting to verify if the results from the DRE are accurate however this process is redundant and it is still similar to the conventional voting method.

26

7.2 System requirements From what was discussed in the analysis stage requirements are gathered in this stage for exactly what the system will entail and the functional requirements of the system. 7.2.1 Legal, Ethical and constitutional considerations 1. The voting system should be transparent, the users should be able to see what they are doing, and they should understand the whole process and what is happening to their votes. 2. There should be paper trail of the votes, it should be verifiable that the votes indeed were cast and can be accounted for. 3. A voter can only vote once, it is a constitutional right that can only be exercised once in a term of voting, the voter should be registered and authorized to do so. 4. The votes should reflect the choice of the voters and reflect what really happened during the elections. 5. Every citizen who is eligible to vote should be able to use the system, it should cater for people with disabilities as well, and the system should not require specialized skills to use. 6. The system should have an element of secrecy and the vote should not be traceable back to the voter as a vote is a secret

27

7.2.2 Requirements definition There are two types of requirements, the functional requirements and the non-functional requirements, in this section I assign the tasks for the voting system to either one of the requirements definition, this helps in the production state as it is easier to select the most critical requirements for the system. Functional requirements: This are the features that explain the core functionality of the system, they explain what the system does
Requirements catalogue for the voting system Requirement ID:90011 Priority: M Source: F.Miswe Sign-off: F.Miswe Functional requirements: Have a security system at logon The voting system should be able to authenticate the administrators to ensure that there is no illegal people gaining entry to the system Non-functional requirements Acceptable Target value Alphanumeric password, Password must at least be six number password characters Encryption type >=256 bit 256 bit encryption Attempts 3 times 1 Benefits: only the approved users will gain access to the system Comments: If any illegal activities occur the it can be traced at which user this occured Description Password Authentication

Requirements catalogue for the voting system Requirement ID:90012 Priority: M Source: F.Miswe Sign-off: F.Miswe Functional requirements: The system will calculate the total number of votes and display the total and the percentage Non-functional requirements Description Acceptable Target value Calculating algorithm Math functions Math functions in programming language Response time during calculation 0-35 seconds 20 seconds Benefits: The votes do not have to be manually counted which takes time Comments: The is accuracy in the results as the

28

Requirements catalogue for the voting system Requirement ID:90013 Priority: M Source: F.Miswe Functional requirements: Verify that the user is eligible to vote and the voter will vote once

Sign-off: F.Miswe

Non-functional requirements Description Acceptable Target value Database Oracle, Microsoft Access Microsoft access Benefits: The voter votes just once and there is no voting fraud that occurs Comments: The voting integrity is maintained

Requirements catalogue for the voting system Requirement ID:90014 Priority: M Source: F.Miswe Sign-off: F.Miswe Functional requirements: Record and store the party candidate to allow for the voters to select the party Non-functional requirements Acceptable Standard 101 keys keyboard, Touch screen, barcode scanner, enhanced 106 keys keyboard , mouse 0-35 seconds

Description Input device

Target value Any of the suggested devices

Response time during capturing 20 seconds The details Benefits: The parties running for the elections will be represented and they will not be left out Comments: The parties are the ones the voters are electing to represent them

Requirements catalogue for the voting system Requirement ID:90015 Priority: M Source: F.Miswe Functional requirements: Encrypt the votes Non-functional requirements Acceptable

Sign-off: F.Miswe

Description Encryption method

Target value

symmetric-key encryption, public key encryption

symmetric-key

Benefits: The voting will be secure and it will not be easy to try and sabotage the voting system Comments: The encryption will done through the programming language using embedded encryption algorithms as hashing

29

Requirements catalogue for the voting system Requirement ID:90016 Priority: S Source: F.Miswe Functional requirements: Print the poll Print a receipt of proof

Sign-off: F.Miswe

Non-functional requirements Description Acceptable Target value Printer Laser printer, inkjet Laser printer Paper Plain white paper Plain white paper Printer response time 20 seconds Not more than 30 seconds Benefits: There is a paper trail that the vote indeed happened and the user cannot vote again Comments: The printer will be connected to a network of computers that print after the user is done voting

30

7.2.3 Classes for development users 1. The voter The voter is the end user of the system who has to cast the vote and 2. The Electoral commission officer They conduct the voting process, printing the results and helping the voters through the system 3. The South African government They are ultimately the owners and sponsors of the system as it is being developed for the South African voting system 4. IEC Verify the votes and publish the results

31

7.2.4 The Use case I developed a use case to explore all the scenarios that occur on the system, the use case changed throughout as I added more features to the system.

Figure
32

Primary scenario Use case for: VoteSA Version: Goal: 1.0 To cast a vote in the elections using a digital application with encryption

Stakeholders: SA Government, Voter, IEC Precondition: Voter must be South African citizen Voter must be eligible to vote Voter must be registered to vote Primary case: 1. The IEC officer logs in on to the system 2. The IEC officer selects vote from the menu 3. The voter enters the ID number and voter number 4. The voter selects their preferred national candidate 5. The voter selects their preferred provincial candidate 6. The voter confirms vote 7. The voter receives a receipt Post condition: Voting polls are updated

33

7.2.5 Entity Relationship diagram

Citizen 1, 1

Political_Party 1, m
National

Receives
Registers

Provincial

1, 1 Voter 1, 1 1, 1
Cast

1, 1 Vote 1, 1 m,m 1, 1 m,m

Updates Manage s

Receive s

IEC 1, 1 1, 1 1, 1

Vote_Log
Broadcast

Voter_Receipt 1, m 1, 1
Observes

Result

M,1 Observer

34

Entity attributes: Citizen (IDNO, Name, Address) Voter (VoterNo, IDNO) Vote (VoteNo, VoterIDNO, PartyID, ElectionType, VoteDate) Voter_Receipt(VoterIDNO, VoteDate) Vote_Log(FileNo, VoteNo, PartyId, ElectionType, Date) Political_Party( PartyID, PArtyName) Result(PartyID, PartyName, TotalVotes, ElectionDate, Percentage) IEC(RegisterNo,Region) Observer(ObserverId, ObserverName)

35

7.2.6 Data Flow Diagram Context diagram below shows all the external entities that will interact with the system

Figure 3

36

DFD for registering a voter to the voters table

Figure 4

37

Figure 5

38

7.3 Preliminary System Design In this stage I will design the system architecture, the components that are included in the voting system. A deployment diagram and high-level architecture design are described in this chapter

Figure 6

39

7.3.1 High level system architecture design

The voter is required to register at the municipal they will be voting at to acquire a voting number when they get registered, when they are registered the voter is on the voters roll that allows them to participate in the elections. During this stage the voter and the IEC officers are involved. In the event that a voter registered in another municipal and at time of voting they are in a different area get registered on the day with proof of registration. The above system in Figure 3 is a 3-tier system with the first tier which involves all the human interaction where there is a front end application which allows for the users to vote and the IEC officers to conduct the voting processes and printing the results. The actions done by the IEC officer on the application on the first tier are monitored by the party agents to ensure that no fraudulent activities occur The second tier is the server that is the bridge between the database and the front end application The third tier is the database management system, access that stores all the votes that are made and the details of the registered voters. Requirements for the system: I. II. III. IV. Windows XP or newer version 256Mb Ram 20Mb hard disk space Intel Pentium 3 2.0 GHz

40

7.3.2 User interface design The design was results of refining the initial prototype to try and include the audience and appeal to the user refer to Appendix F for screen shots of the user interface design. The application was designed with simple white background and little decorations as this is a professional software and has to be presentable, whilst creating the interface the goal was to create a simple application that will require no specialized expertise as the applications will be used by citizens of all ages starting from the age of 18 to the countrys oldest citizen and people with disabilities. The color white for the background was ideal as it is a color of peace and South Africa has come a long way to value their democracy. Throughout the application there are images of the national flag and the IEC flag to symbolize that it is a proudly South African application and it is authorized by the IEC. Simple buttons and labels are used to give instructions to the user. There are examples to guide the user when voting Large fonts were used for clarity and contrasting color blue which also has an element of peace to was used to write the instructions to ensure they are clear and readable Simple reports are generated for results

41

7.4 Initial Prototype Please see Appendix A for the full initial prototype. A prototype helps show a preview of what the final system can look like, in most cases it is used to communicate between stakeholders and the programmer (Stapleton. J, 2003). The first prototype was created to get an idea of the final required project; it had most of the functionality that was identified in the requirements that were identified in the earlier stages, there were three testers of the prototype who were each given the requirements catalogue and a description of how the system is supposed to react and they tested the system against the stated requirements. Whilst testing the requirements the users had to answer the questions provided in Appendix B The users that tested the system comprised of 3 members B.Mdunge (Lecturer), G.Makobe (IT Student) and B.Ncube (A general person), the mix of individuals from different structures of life allows the system to be tested by users of all expertise and get the views of all the users as it will be used by every citizen. The application was installed on a laptop and demonstrated to the testers to let them know and explain to them what they will be testing and give them the details of the prototype so they understand all aspects before testing. After the demonstration the voters had two days to test the system against any concerns. After the allocated two days the testers returned with their results and answers to the questionnaire. Their response are listed in the table below Table 1 Tester B. Mdunge Comments and summary of questionnaire The design is simple, maybe too simple for an application that will be used across the country It does not meet the objectives stated on the test plan Functionalities are not running well The results are incorrect A voter can vote a million times Voters who are not registered can vote The system does not store the old votes when the new voter votes You do not need an ID to vote You can vote as much as you please Nice simple design Quick to use Friendly and usable GUI The application is not consistent Simple design I could not make my vote as the application kept on closing

G. Makobe

B. Ncube
Table 1

42

7.4.2 Feedback
Requirements Expand the system Include authentication at login Verify the voters Check for voters that have voted and those who have not voted before Confirm the voters votes by including a paper trail Change the color scheme 7.4.3 Requirements refinement The prototype is not meeting most requirements but that was anticipated as it stated that the prototype has minimal functionalities, the concerns raised by the testers are mostly what was expected as the functionalities are yet to be added, this prototype was designed to test the design mostly and the components to include in the application. The average user was more concerned about the interface and not what the application does as they did not understand the mechanics behind the application and requested that the background be changed. The concern however with what the other two testers discovered is that the database is not working, the application is not reflecting the changes in the database. The problem discovered with concern to the database is due to the database being saved as .accdb and the solution is to save the database as .mdb which after being implemented worked.

7.5 Design new prototype After the results from the first prototype I redesigned the interface and coded the application for the new prototype which was my second iteration. The new prototype met all the requirements when tested as shown in section 7.6

43

7.6 Testing

For the test result, consult Appendix G Item tested Login How Run the application Test Plan Steps Expected results Enter An error incorrect message login details restricting entry to the system Login A Data grid successfully, showing the select result as manage, expected Click display result Login The national successfully, and provincial select results manage, Click print poll Access the A message manage box window, click confirming register, enter the user is the voter data registered and click register and check the database if the data is in On the voter A message screen enter a box showing random that the voter number has not been registered Actual results An error message Test date 30 October 2010

Display results

Run the manage window

Data grid with poll results

29 October 2010

Print results

Run the manage window

The national 29 October and provincial 2010 results

Register user

Enter data on the register tab

The data is in the database table for registered voters and the confirmation message box

29 October 2010

Registered voter

Enter the id number of a nonregistered voter

A warning message box

23 October 2010

Table 2

44

Item tested Voting twice

How Vote successfully the first time and try voting again

Test Plan Steps Expected results Vote the first An error time enter the message ID and then showing that on repeat the voter has enter the already voted same voter details

Actual results Message box showing the error

Test date 27 October 2010

Test Data Login: Username: administrator (not case sensitive) Password: p@55word Register Voter: Voter No: 21 Voter Id: 2301036245091 Voter Name: John Voter Address: 23 Hunter Avenue Randburg Voting twice: Voter No: 1 Voter ID: 9009146245081 Unregistered Voter: Voter No: 32 Voter ID: 73839390939

45

7.6 Summary and Presentation of results The application has met all the requirements that were set out during its second iteration, the application allows for the voters to make a safe vote that only they know and they can change their option should they discover they made a mistake during the voting A voter only votes once and can only vote if registered on the voters roll The application prints out confirmation that the voter voted The application computes the results of the poll and broadcasts the results as well Voters registered in another district are allowed to register on the voters roll to participate on the elections in the area

46

8. Conclusion
8.1 Discussion on the out come
The system was developed for the South African voting system to combat problems as fraud and enhance the voting process by adding technology to help create an efficient system, the main goal of the system was to create a digital voting system that uses encryption technology to protect the vote whilst it is sent to the server where all the votes are sent. The application uses standard voting standards by ensuring anonymity where no details of the votes are linked with the voter that made the vote, the application has qualities of the traditional method of voting and a paper trail is used for the transparency of the system as proof that the votes were conducted and they were not generated by the program. The application uses strong authentication which allows only the IEC administrators to login, after logging in the IEC officials have a menu to either vote or manage, the manage menu is where the officer can display the results of the voting or print the results and also register voters from other regions on day of voting. The vote menu requires the user to select a language which other language packs have not been loaded; only English is operational thus far. The voter enters their vote number and voter ID to cast their vote for the provincial and national elections, the voter then gets a screen displaying their choice and if the screen displays their choice they click confirm and a print to confirm is made. A voters guide (see Appendix D) is released to increase the transparency of the system and let the voters exactly how to vote with the new system. The system was not built using server technology as it is a prototype so testing for encryption in transportation was not possible

47

8.2 Conclusion Using Microsoft development tools, .Net Framework I created the voting application which was one of the objectives of the project. The encryption that was used on the application is the encryption function that is found in the Visual basics classes it allows the data being transported to be encrypted and sent, the data that is being sent is then sent as a long string and similarly so the data is decrypted by a function found on Visual basics to decrypt data. I failed to find cryptography method that can be implemented to completely safeguard the votes as there is no such method currently (Goodchild. J, 2010) The safest way of voting is using a LAN or DRE that has paper trail and voting kiosks. The use of a basic LAN will decrease the threats that are brought by internet and online vulnerabilities. Digital voting still has a long way to go before it can provide credible results that will leave no room for questions or doubt. But in the meantime resources can be devoted to test and try the venture as it promises that it can be useful in the voting system provided it is implemented well. In conclusion the project delivered on its aims to implement a voting system that operates digitally, that is able to compute votes immediately and generate a paper trail for confirmation.

48

8.3 Lessons Learnt

It had been a long while since I developed using Visual basics 2008 so my programming skills were a bit rusty at first but got the hang of it and just moved on from where I left a year ago, I gained a lot of new skills that helped me and now Im proficient in the VB programming language, I used Microsoft access for the database which affirmed my skills. Initially the system was supposed to run on an SQL server but due to the delay in the project proposal acceptance it was difficult to determine the environment and tools I will use, I did not have enough time to familiarize myself with the SQL Server as I had not done it or used it before and I could not acquire a copy of SQL Server that had all the functionality and drivers on time as I am using windows 7, I had troubles installing the server so I could not use the SQL Server. But there was little I learnt whilst troubleshooting trying to run the server As this is a student project time was always going to be a worrying factor and indeed it proved to be, suddenly when the final date crept closer the work scope just became more and more and that is when I learnt that in projects you have to learn to multitask, to prioritize what is important and what needs my immediate attention, I learnt to work under pressure, to deliver the best under pressure and to value the opinion of those that I worked around as they pointed out things that I could not see. And finally a lesson that I should have learnt years ago, procrastination will never ever work to my favor and there is no better time than now to do something.

49

8.3 Recommendations, What can be done to further improve the system?

The goals of the system were achieved to create a system that will allow for quick computation of results after voting is conducted and safely conducting the voting process. Technology is growing and expanding every day to implement a digital system is a bit late already as it is, most developed countries like the United States of America and Estonia have already started experimenting with iVoting it has been ten years now since the year 2000 when they first experimented with iVoting and since then they have been improvements to the process adding more security features and ensuring its security, For South Africa to catch up they also need to start implementing such technology as iVoting that will make it easier to conduct voting and administrate the process. The trend is moving towards eVoting despite the security threats which are being dealt with this is a cheaper more manageable solution to voting as oppose to conventional ways of voting. In the meantime this application I developed can be modified to work on kiosks that are easy to setup and more languages can be added to cater for the 11 official languages in South Africa so that the kiosks are customized to the language of the user and also have audio instructions so as to assist the user on using the system. The system was created with a voters guide that can be given to voters when they register for the next elections so they can familiarize themselves with the system they are going to be using in the next elections.

50

9. List of Resources used during the production f the project

Visual studio 2008 Microsoft Office professional 2010 Windows 7 Ultimate Fujitsu laptop li 3710 Printer Internet http://www.a1vbcode.com Internet http://www.elections.org.za South African constitution

51

Bibliography
Bellare.M, R. Canetti, and Krawczyk.H, 1996. Keying hash functions for message authentication.In Advances in Cryptology: Proceedings of CRYPTO 96, pages 115. SpringerVerlag Bernstein.H,(1978),For their triumphs and for their tear: conditions and resistance of women in apartheid South Africa,International defence and Aid Fund, London Boneh.D, Franklin.M,2003, Identity-Based Encryption from the Weil Pairing retrieved October 12, 2010, from www.springerlink.com/content/bf5j8nhdp32pxqgy/ Cramer.R, Shoup.V, 2001, Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption, retrieved October 12, 2010, from psu.edu DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008 11:58:39, from DSDM consortium Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies Finkelstein.A, Kramer.J and Nuseibeh.B (1994). Software Process Modeling and Technology, Research Studies Press Ltd. Taunton, Sommerset, UK. Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in action, McGraw Hill, London Gibson, R. 2001. Elections online: Assessing internet voting in light of the Arizona Democratic Primary, Political Science Quarterly 116(4): 561-583 Goodchild. J, 2010,E-Voting: how secure is it?, CSO Online, Retrieved October 28,2010, from www.verifiedvotingfoundation.org/article.php?id=6799 Law. A.M and KeltonW.D (2000). Simulation Modeling and Analysis, 3rd Edition, McGrawHill,NY. Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Education Inc, United States of America Pressman, R.s, 2005, Software engineering: A practitioners approach sixth edition, McGraw Hill, America Rubin.A.D, 2010, Security considerations for remote electronic voting. Communications of the ACM, Retrieved September 14, 2010, from http://avirubin.com/e-voting.security/

52

Schneier.B (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C, JohnWiley & Sons, New York The voting process [Image] 2010. Retrieved October 2, 2010 from http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10 0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink The counting process [Image] 2010. Retrieved October 2, 2010 from http://www.elections.org.za/content/Dynamic.aspx?id=1084&name=Elections&LeftMenuId=10 0&BreadCrumbId=220&ekmensel=14ae2c49_100_251_btnlink
Stapleton. J, (2003), DSDM Business Focused Development, second edition, Addison Wesley, Great Britain

53

Appendix
Appendix A
Prototype IEC voting system 1. The login interface for the IEC officials

Figure A- 1

54

Figure A- 2

55

Figure A- 3

56

Figure A- 4

57

Figure A- 5

58

Figure A- 6

59

Figure A- 7

60

Appendix B
Questions that were asked the testers of the first prototype: 1. Is the system user friendly? Please explain your choice if no and suggest a better solution 2. Did you encounter any difficulties using the system, if you did which aspect 3. What are your comments on the graphical user interface 4. Were you impressed with the time it takes for the entire voting process 5. What are the security threats you identified 6. Is there anything in particular missing on the system that you would like added 7. Are there any suggestions you have that will make the system function at its best

61

Appendix C
IEC Administrators guide

62

Table of Contents
1. Login ....................................................................................................................................................... 64 2. Administrator menu, Figure b-2.............................................................................................................. 64 2.1 Select voting to allow the voters to vote ....................................................................................... 65 2.2 Select manage to access the management tasks ............................................................................ 65 2.3 Select exit to close the application ................................................................................................ 65 3. Adding a voter to the registered voters ................................................................................................... 65 Enter the details of the voter and press register ...................................................................................... 66 3. Broadcasting the votes ............................................................................................................................ 67 4. Print voting results .................................................................................................................................. 67

63

1. Login Login details, Figure B-1 Username: administrator Password: p@55word

2. Administrator menu, Figure b-2

64

2.1 Select voting to allow the voters to vote 2.2 Select manage to access the management tasks 2.3 Select exit to close the application

3. Adding a voter to the registered voters Click the manage button, see Figure b-1 and it will take you to a menu with the register option, select the register button, see figure b-3

65

Enter the details of the voter and press register

66

3. Broadcasting the votes On Figure 3 select the display poll button and the following screen with the total tally will be shown

Select back to go back or exit to close the application 4. Print voting results On Figure b4 select the print button and the total votes will be print

67

Appendix D

68

Migrating from the traditional voting system will only be successful if the voters know how to use the system, for transparency the system should be well explained and the users are guided on how to vote

69

1. What do you need to vote? You will only need your ID book and the voter registration number that was issued to you when you registered 2. How do I vote? 2.1 Step 1 Enter your ID number on the text field and select your voter number and press next, if you are unsure about the procedure please ask for assistance from any visible IEC official

70

An example of the data that you enter is below, see Figure A1-2

71

2.2.1 Step 2 A registered voter will be taken to the next screen, see Figure A2-3, on this screen you make the selection of your choice for the candidate you seek to represent you in national government

72

2.2.2 Select the party you want to represent you at the local government

73

2.3 Step 3 Confirm the vote that you make by pressing confirm, Figure A2-5 and if the vote you made was a mistake and you wish to change select change and it will repeat the voting process

74

2.4 Finish The confirmation screen that you have voted, Figure A2-6

That is all you need to know about your new voting system, we trust that you will enjoy using the system and it will be to your convenience. Striving to make the country better

75

Appendix E
The Gantt chart

Figure E- 1

76

Appendix F
User interface design

Figure F- 1

Figure F- 2

77

Figure F- 3

Figure F- 4

78

Figure F- 5

Figure F- 6

79

Figure F- 7

80

Figure F- 8

81

Appendix G
Test results

Figure G- 1

Figure G- 2

82

Figure G- 3

83

Appendix H
VoteSA: The diary

At the end of the first semester I started thinking up of topics in which my final project will be based on. I had two ideas after I started thinking of what I could do, one idea was a school management system and the other idea was a bus control system. I had to weight which one was more feasible to produce, at the end of it all after consulting my lecture I discovered that the bus system will be too complicated for the project as I only have 200 hours for the whole project and I have other modules and assignments in between. I chose the school management system and to start off I went to a school in my township to find out the daily operations and what in their daily operations can be automated making use of the interview technique and the observation. Due to delays on project proposal acceptance I deviated from my initial project plan and schedule that is displayed in the gantt chart on Appendix E 30 June 2010 After all the research and studying of schools and how they operate I compiled my project proposal and sent it to my supervisor 15 July 2010 I got a response from my supervisor and my project proposal was rejected due to the complexity that was involved as I had included a financial system which is a completely new system . I went back home and reworked on my title and the proposal. 16 July 2010 I consult a staff member Blessing Mdunge to find out how I can refine my proposal to be accepted, he gave me a few pointers and again I went home to incorporate the new information gained

84

19 July 2010 I get a link from my supervisor on a school management system currently being used in schools around South Africa. My School tool was developed by Mark Shuttleworth and it is distributed freely for schools

30 July 2010 I submit my new project proposal with a new project title after I spent a few days researching on similar tools 02 August 2010 Get a response from my supervisor and she is still not impressed with my proposal due to my title being too vague and using ambiguous words, depressed and worried I went home and thought about exactly how I could meet the requirements of the project, I read through the book on how to achieve success in your project and using guidelines from the book I went on working on my proposal with more knowledge of what is expected 03 August 2010 Continue working on my project proposal and title to try and add functionality that is new and unique to existing systems, research on the internet 04 August 2010 Got an E-mail from my supervisor rejecting the refinements I made on the proposal and I decide with time running out to change my topic all in all to a voting system with face recognition techniques 05 August 2010 I submit the idea but my supervisor advises me against doing so as internet voting is broad and risky due to the risks on the internet so I changed my approach to digital voting
85

10 August 2010 Visit the IEC website to find out how voting is conducted in South Africa and the procedures involved in the voting and the Wikipedia site on South Africa as whole 15 August 2010 Display understanding in connecting to a database 25 August 2010 Coding standards and process tool 02 September 2010 Requirements analysis 05 September 2010 Create prototype and see what functionality the system will have from the requirements analysis 09 September 2010 Do more research and design the application 05 October 2010 Communication with my supervisor is terminated by my supervisor stating that we should communicate through a third party 08 October 2010 I start with the coding to my voting system 20 October 2010 I start with my final report whilst still coding as Im encountering many errors and failing to isolate them

86

26 October 2010 I get assisted by Blessing Mdunge my lecturer with some errors I was experiencing 29 October 2010 I finish coding completely and publish the my application 30 October 2010 I test the application through installation and run it on the working environment and do not discover any errors I am happy with the test and continue with my documentation 31 October 2010 Create the voters guide and the administrators manual Continue typing my final report

01 November 2010 Submit my final report

87

Appendix I Project Proposal

Postgraduate Final year project proposal

Title: Implementing a windows-based application for the South African voting system focusing on encryption techniques Name: Fulufhelo Miswe Programme of Study: BSc Business Information Technology Topic area: Computing, Networking security, Application development, Database Date Proposal Submitted: 17th August 2010 Project hand-in date: 1st November 2010

88

1. Background
Voting is a democratic right that should be conducted in the true sense of the word democracy, electing freely the person/party to represent you in the government and this right is infringed when there is fraud in the conducting of voting by officials using means such as losing ballot papers and replacing ballot papers. In the most recent presidential elections in South Africa there were reports of attempts to switch ballot papers in the KwaZulu-Natal region by the IFP political party, though the claims were never validated, this proves the vulnerability of the paper based voting system as a party can have pre-marked ballot papers that could be posted in the voting boxes or also switching the ballot papers as seen in our neighboring country Zimbabwe. The paper-based system depends on the integrity of the officials and coordinators who would also love their preferred parties in power, as known South Africa is a country with a high corruption rate. The coordinators are volunteers which makes it easy for them to accept bribes and be corrupted. Furthermore the fact that the voting system is paper-based so the counting of the votes is done manually after the papers are collected from all different voting stations which as well consumes resources and opens room for fraud on the voting papers during transportation or counting. South Africa is country with a population of close to 50 million with half of them voting it is surely time consuming counting the votes and has an element of human error in it I am proposing that I develop a windows-based application that will handle the voting system and phase out the traditional paper-based voting system. The digitalized voting system will counter the above mentioned vulnerabilities by removing most of the human element in key areas of the voting system as the counting of the votes and transportation of the ballot papers. The system will allow the user to cast their votes, select their preferred national and provincial candidates and then exit for the next voter, this process will be looped till the last voter at the voting station. Each voters vote is printed out for the paper trail to prove that the vote did indeed take place. Every hour the application sends an encrypted file of the votes to the main server for that region for the overall counting of the votes and then displayed in public mediums for the notifications of the polls

2. Key phrases: IEC, Voting, Election, National election, Provincial election, implementing, windows-based, application, South African voting system, encryption techniques

89

3. Preliminary investigation SDLC: In (Pfleager,S.L, 2001) various methodologies are analyzed starting with the waterfall which is due to the fact that the waterfall model is one of the first and oldest lifecycle models. The book was published in 2001 which is a nine years back and there has been more developments in methodologies however what I picked reading through was the author of the book supports waterfall more than any other model that was discussed in the textbook which is due to the time the book was published. At that time waterfall was seen as an industry benchmark, a tried and tested approach even if it had flaws that the author discussed like its lack of iteration in development and lack of interaction with the user which a more recently used and accepted methodology(DSDM) states are the key elements to a successful project. The author prefers waterfall due to the fact that it offers simplicity in gathering requirements and the ease in planning out the set out stages. From my analysis of the article waterfall offers a step down approach where requirements from one stage are complete before moving on to the next stage, forcing each stage to be completed in isolation and nothing can be done before all the previous stages are complete and its very hard to change requirements as there is no iteration so when one stage is closed there cannot be any changes or modifications made. Furthermore waterfall only shows the top level stages of a project it does not show a realistic view of the project detailed.

In the same book(Pfleager,S.L, 2001) the author discusses the V-model lifecycle however the author does not go into detail, after analyzing this lifecycle model I realized that it is the same life cycle model as the waterfall, it has the same stages except for the V-model lifecycle focuses more on testing. Testing is what makes the v-model better than the waterfall model which it originated from though the author does not explain this model with the same enthusiasm due to the fact that traditionally waterfall was widely accepted and trusted so project managers where more comfortable with it. The testing linked with each stage is good as it tests to see if all the requirements for that stage have been met. From observation and in depth analysis the contrasting fact between the V-model and the waterfall is that waterfall model focuses on documents and the artifacts and V-model focuses more on being correct on delivering a project hence the testing stages.

90

The author (Pressman, R.s, 2005) describes waterfall as a linear model which moves from one stage to the other. From my analysis waterfall model is ideal to use in situations where the requirements are well defined and wont change as it lacks iteration so the initial requirements are what the final product will be based on. After reviewing articles from different authors I have come to the conclusion that the waterfall model does not suit an IT project as the requirements are forever changing and it will be hard for me to develop my project using waterfall model only which is supported by the reasons stated by pressman why waterfall model projects fail being that users rarely know what they want and once you move from one stage you cannot go back to rectify whatever mistake you could have made

Another model discussed in (Pfleager,S.L, 2001) was the prototyping model, the author expressed interest in prototyping due to the fact that requirements can be changed which compared to the waterfall and the V-model it has an advantage as they do not change requirements therefore making it impossible to modify the system but prototyping the user can get a rough sketch of the final product and change what they do not like. From my analysis Prototyping is good as it has more interaction with the user

(Fitzgerald, B, Russo, N.L, Stolterman, E 2002) focused in the iteration and early delivery of the model as their definition of prototyping below states that it shows an upcoming product They define a prototype as an early version of the system that exhibits the essential features of the later operational system From analyzing both publications Information Systems Development methods in action and Software engineering theory and practice second edition prototyping has repetition and changes to requirements that make it ideal to developing projects that meet requirements better than the waterfall or V-model The authors in (Fitzgerald, B, Russo, N.L, Stolterman, E 2002) acknowledge that RAD does not offer any new tools or techniques but its advantage is in the way RAD uses the available techniques with different management principles. The authors regard RAD as a fast growing and it is cheaper without any loss to the quality furthermore RAD eliminates bureaucratic ways of operation. RAD uses small empowered teams and the user is well-involved According to the authors the following is the lifecycle of a RAD project RAD is said to offer advantages as Speed production, low cost and iteration

91

The authors in (DSDM Consortium, 2008 ) declare fully that they prefer DSDM over any other methodology by use of the statement which is of especial interest to us is the dynamic systems development method... They justify their preference of this method due to its origins, from actual development practice in organizations. Due to DSDM being a framework than a traditional lifecycle it has a set lifecycle process that can only be changed by the DSDM consortium The lifecycle has 5 core stages: Feasibility study Business study Functional model iteration Design and build iteration Implementation

The DSDM consortium describes DSDM as a framework that is based on trial and error from experiments from the 1990s. DSDM combines the knowledge from people, techniques and tools, by so doing DSDM can deliver a fully functional system in under 6 months. The DSDM consortium allows for DSDM to be integrated with other methodologies to develop more powerful and accurate methods. The DSDM can be used with eXtreme Programming to create a more robust and rigorous framework Due to the publication being a DSDM consortium they do not cater for other methodologies they strictly focus on their methodology After analyzing all the discussed methods I am considering DSDM, prototyping and the RAD methods based on the lack of research on the project I will not select a methodology now but the methodologies Im considering offer rapid development which is ideal for my project due to the project time constraints and the ability to change requirements gives me an advantage as the project requirements are being modified daily.

92

Industry Research: Currently the voting in South Africa is conducted by the IEC (Independent Electoral Commission) which is responsible for the distribution of the ballot papers, the election process and the counting of the votes. Mostly its employees are volunteers from the regions. Across the world ways of improving on this traditional method of voting are being explored and there have been breakthroughs in the form of voting over the internet known as eVoting. However this method has proved it is vulnerable to multiple threats whereby the users had more rights than required and the users were voting non-stop without any detection of multiple votes cast by one user. eVoting proved to be dangerous because there was no way of validating the voter is who they claim to be and people with power could force people to vote as this voting is conducted over the internet which eliminates the democracy in voting Security is a threat around the use of the internet whether it accessing a personal email account or trying to purchase or sell something over the internet, there is a threat of someone intercepting the transaction. The voting system will use an internet connection to send the votes over a network, the vote file that will be sent will be encrypted. Encryption is a form of network security that protects packets that are being sent over the network by encoding information that can be decoded only by the recipient with a code (Tyson,J. 2001). Computer encryption is based on cryptography but the most recent computer encryption is based on algorithms so as to decrease the risk of security weakness from human-based codes which were the earliest methods of encryption. Technology, Product review, Trends There are two types of computer encryption which could be symmetric-key encryption which requires two computers to have the same key in order to communicate between each other (Tyson,J. 2001). The sending computer has a code that it uses to encrypt a packet of data before it sends it over the network, however as the person sending the data you must know which computers will be communicating so the key can be installed in both computers. The keys started as DES 56 bit in the 1970s and are currently on 256 bit keys The second form of encryption is public key encryption (Tyson,J. 2001) which uses two keys; a public key and a private key. The computer keeps the private key for itself and issues the public key to the computer that wishes to communicate with it. The key pair is based on prime numbers which gives an infinite number of possibilities making it a good form of encryption. Currently in the market there is a program called pretty good privacy that allows the user to encrypt data.

93

The voting industry is failing to move from the traditional way of paper-based voting system not only in South Africa but across the world even with attempts to move to eVoting the countries and government officials are skeptical due to the risks that come with this kind of process, lack of security, weak cryptography but with the advancement of technology the industry will soon be digitalized and the paper-based method phased out. eVoting consists of many forms, it can be done over the internet or using digital systems as voting kiosks and DREs, currently in the market are the following methods of electronic voting: Voting over the internet: critics do not advise this method of eVoting due to the threat posed by hackers that can intercept the process and create fake votes Optical scanning voting system - When the user votes using the computer and the computer prints out the votes and the voting officials take all the printed ballots to one location and manually count them, similarly an electronic device scans and tabulates the results. DRE (Direct-recording electronic voting system): A direct-recording electronic (DRE) voting machine captures votes using a ballot display provided with mechanical or electro-optical components that can be activated by the voter that processes data with computer software; they use memory components to record voting data and ballot images. After the election it tabulates the voting data stored in a removable memory component and as printed copy. The system may also provide a means for transmitting individual ballots or vote totals to a central location for consolidating and reporting results from precincts at the central location. These systems use a precinct count method that tabulates ballots at the polling place. They typically tabulate ballots as they are cast and print the results after the close of polling

94

4. Objectives The project aims to: Digitalize the current paper-based voting system by creating an application that allows the users to vote electronically on a computer or voting kiosk, tabulate results and send the results to a central location thereby phasing out the element of human manual counting of votes and transporting of ballots to a central location. Activity: Investigate in to the voting system of South Africa, the IEC, which is the voting body in South Africa, Research programming algorithms, research on the programming environment appropriate to program the application Deliverable: Literature review, Interim report content, a programming environment and tools to program the application selected Requirements analysis Activity: Research, data modeling Deliverables: Use case, requirements catalogue, data and process models Speed up the counting of votes by creating an application that tabulates the results of the votes Activity: Programming algorithms analysis Deliverable: a programming algorithm Store/Backup voting polls Activity: Research on servers Deliverable: Eliminate the human element in the voting process Activity: Design a voting application that has minimal human interference Deliverable: A windows based application Provide secure democratic elections Activity: Explore security threats, isolate the threats and test the vulnerability of the system against the threats Deliverable: A threat proof application that is tested against vulnerabilities
95

 Eliminate the vulnerabilities in paper-based voting system Activity: security research and effectiveness of the digital voting system, testing criteria Deliverable: Test criteria, acceptance criteria

5. Resources and Courses taken that will help with the project

Resources
The following resources are needed for the project: Desktop Computer and printer( entry level) SQL Server Access to the internet Visual studio ( Visual basics) Microsoft office suite( Project, Visio, Word, Access) People Information Courses: Systems Analysis and design
Database design and implementation Project Management Visual basics Internet Server Management

96

6. Ethical Consideration Neutral: The application should not take the views of one political party and promote it or resemble the colors or emblem of a party or any material that will promote the party on the application Appropriate: The application should be relevant, simple and straight forward to cater for all users of all eligible voting ages
Transparency: Explaining exactly how the system works the users and making sure that the system appeals to everyone who will use it Voter fraud The uses need to be guaranteed that their vote will be acknowledged and recognized and there will not be any failure delivering their votes Anonymity: The users need to be assured the vote cannot be linked back to them

97

7. Schedule of activities
TASK Investigation DESCRIPTION Carry out an investigation on the South African voting system and the technology that will be required Acquire and familiarize myself with the software required for the whole system Analyze the data and produce a well-defined systems requirements document Creating the voting system by implementing design and coding Testing the voting system on multiple computers by simulation of the voting process The first report on the voting system A report with all the documentation and the conclusion and the outcome of the project DURATION 9 days

Development Software

28 days

Analysis

8 days

Design and Coding

11 days

Testing

3 Days

Initial report Final report

8 days 10 days

98

Reference: DSDM Consortium, 2008, DSDM Public Version 4.2, DSDM Consortium, Retrieved 12-1-2008 11:58:39, from DSDM consortium Davies R, 2004, DSDM explained, retrieved Sept 21, 2004, from Rachel Davies Fitzgerald, B. Russo, N.L. Stolterman, E. (2002) Information Systems Development methods in action, McGraw Hill, London Pfleager,S.L.(2001) Software engineering theory and practice second edition, Pearson Educatio, Inc,United States of America Pressman, R.s, 2005, Software engineering: A practitioners approach sixth edition, McGraw.Hill, America

99