Professional Documents
Culture Documents
08 Chapter-Iii PDF
08 Chapter-Iii PDF
This chapter discusses about various voting machines and their limitations to be
used in current scenario. In sections 3.1 and 3.2 we present EVM functionality and its
limitations. In Sections 3.3 and 3.4 we describe about a new proposed EVM model and
its features which provides a secure voting model by overcoming vulnerabilities in the
present model. In Section 3.6 and in Section 3.7 we have discuss and analyze the
3.1. INTRODUCTION
Gaming stations or Kiosks. The design specification of these specialized devices, on the
other hand, should make it possible to offer several services to the end-user in a more
secure, reliable fashion which is not readily feasible with a general-purpose computer.
Elections allow the people to choose their representatives and express their
preferences for how they will be governed. Naturally, the integrity of the election
process is fundamental to the integrity of democracy itself. The election system must be
sufficiently transparent and comprehensible that voters and candidates can accept the
being manipulated in order to influence their outcome. The design of a “good” voting
53
must satisfy a number of sometimes competing criteria. The anonymity of a voter’s
ballot must be preserved, both to guarantee the voter’s safety when voting against a
malevolent candidate and to guarantee that voters have no evidence that proves which
candidates received their votes. The existence of such evidence would allow votes to be
purchased by a candidate.
attacks, including ballot stuffing by voters and incorrect tallying by insiders. A voting
system must be comprehensible and usable by the entire voting population, regardless
important engineering problem and where, if other security is done well, electronic
voting could be a great improvement over current paper systems. Flaws in any of these
aspects of a voting system, however, can lead to indecisive or incorrect election results.
people have less faith in computers due to hacking threats and system crashes.
Security is needed for the votes casted in EVM because important decisions are
based on the result. Due to ballot design or the mistake of unintentional voter, may lead
to foul votes. Unreliable results can also be produced by this scheme. Due to this
scheme, chances for malpractice are made available by corrupt leaders which may even
change the government decisions. But the design of EVM provides some loop holes
which threatens the security of the votes. The hardware provided with PROM for
storage of votes is compact with few instructions that run directly on the hardware. For
this simple design process, security is hard to maintain and may result in malpractice of
votes [13].
54
To avoid the above mentioned problem, our thesis challenges the security of the
votes casted by the public. Our thesis focuses on two points [1]. One is to provide
security and the other is to provide backup storage for post checking, if at all any
problem arises. This facility is provided by using cryptography where two public keys
are used for encryption and one private key for decryption. Backup storage acts as a
remote server which preserves the votes. This storage is used for the purpose of
rechecking and confirmation. Hence, our thesis provides solution for the security
government-owned companies. The first Indian EVMs were developed in the early
1980s by ECIL. They were not widely used all over the nation because of the
inconvenience of the machine. They proposed the next model including the separate
control and ballot units and the layout of both components [3].
used firmware stored in external UV-erasable PROMs along with 64kb EEPROMs for
storing votes. Second-generation models were introduced in 2000 by both ECIL and
BEL. These machines moved the firmware into the CPU and upgraded other
components. They were gradually deployed in greater numbers and used nationwide
55
Fig: 3.1 Electronic Voting Machine
India's EVM has two main components, shown in the Fig 3.1. There is a control
unit, used by poll workers which stores and accumulates votes and a ballot unit, located
in the election booth which is used by voters. These units are connected by a 5 m cable
which has one end permanently fixed to the ballot unit. The system is powered by a
battery pack inside the control unit. The EVMs are designed for one-or two-race
elections, as are typical in India. The old (or) existing EVM is a real machine used
EVM has a storage unit called memory or control unit and ballot unit. The votes
casted are saved in the memory and during counting time the workers remove the seal
of the memory and check the votes and declare the results. Ballot unit is used by the
votes in the booth. First the ballot unit is set up with the no. of candidates and their
symbols [3]. The control unit shares the no. of votes casted to enable the checking of
56
3.2.2 FUNCTIONS OF EVM
During election time the machine is already checked once and then used for the
purpose. The individual who wants to deliver the votes just checks for the particular
name in the list. Next, the individual pressed ballot button for the selected candidate to
cast the vote. The vote casted and stored in the memory or control unit.
At the end of the day, the control unit is checked and sealed for security
purpose. On the counting day the control units are checked and the votes are counted.
Finally the result is declared based on the total number of votes wanted, which is stored
in the EVM.
Environmental conditions may affect the votes stored in the memory for a long
period of time like rain, pollution, worms and insects may damage the votes [6, 9].
Damage caused by the electoral fraud where party loyalties may attack the booth
Problem in the internal components of the cable may result in wrong casting of vote
The Source code of EVM is not revealed and the inner working style is not
57
3.4. PROPOSED SECURE EVM MODEL (S-EVM)
Electronic Voting machine should provide good voting storage mechanism that
and verify.
2. Reliable: The voting storage mechanism should not rely on fragile moving parts or
3. Durable: The record of votes should survive unexpected crashes of the voting
storage mechanism.
4. Tamper-evident: Anyone with read access to the voting record should be able to
contents of the voting record should not reveal information about the order in which
7. Cost Effective: Election officials may only deploy these solutions if the cost per
catastrophic events like power loss and battery failure might cause a machine to crash.
voter privacy if one also knows the order in which people voted [23].
58
Taking into consideration of various drawbacks and above considerations in
existing EVM model leads us to propose the new model with secure storage of votes in
EVM as well as secure backup storage, thus providing solution for security issues in the
existing EVM model. Also in the proposed new model can avoid fake votes i.e., which
a fake voter can vote without original voter presence by sending a key to original
voter’s mobile in which he will enter key at the time of giving vote in EVM which can
In our proposed model security is provided at two stages for vote in EVM first
at the stage of storing in memory of EVM and at second stage the backing up of vote in
have discussed in previous chapter. Security is applied for storage in memory of EVM
used by the r accumulation of votes for counting while other, called backup storage is
used to store votes for post-checking purposes in case any problem arises.
59
3.5 COMPONENTS OF SECURE EVM MODEL
Based on the security issues of the existing EVM model, the architecture of the
proposed model is constructed. The voting system must prevent tampering with the
election, the voting results and the system’s functionality. To overcome the drawbacks
regarding privacy issues the new model is created with additional components. Along
with the components of the existing model, additional features are introduced to
a) Control Unit: Control Unit contains the main circuit board with CPU of a micro
controller with an Oscillator. CPU consists of ROM, which provides security for
the software being changed. The CPU is custom manufactured with the election
software from being electronically reprogrammed. Also on the main circuit board
b) Switches: Buttons are connected with switches used for casting the votes, storage
c) EVM Storage: The Unit which is used to store the votes casted by the individual.
The memory or storage unit contains the votes which can be used for counting
d)Backup Storage: The alternate storage used to backup vote which is used to store
vote in back up storage device at remote server in encrypted format by using public
key-2 which is derived from proposed security algorithm MPPK. The encrypted
vote in remote server can be used by polling officer in case of damaged EVM or
60
e) Security Module: When creating a secure system, getting the design right is only
part of the battle. The design must then be securely implemented. The efficient
coding practices and implementation styles are to be used to create the voting
storage back up device. This module is split into two parts which encrypts votes at
allows to view the count of votes after giving key by Poll booth officer or admin.
MPPK algorithm [19] [20] allows to store votes in encrypted form in main memory
61
The proposed Secure EVM Model first ensures that the Voter is properly
authenticated by polling officer in the Election booth then he is proceeded to EVM for
the existing way of using Voter cards or UID. After the voter can cast vote in EVM
where the votes are stored securely using MPPK cryptographic algorithm. The step by
Voter V obtains his Voter-ID VID/UID from election office that is used for
PA makes two Public keys using MPKK algorithm along with Token for Vote
Token
Vote Vt is also encrypted by using key PK2 and send Remote server using
secure channel.
Remote Server (Rs) accepts the vote Vt and stores the encrypted vote.
At the time of result the Vote Vt is decrypted and retrieved from EVM by using
Private key of Prk of the polling officer either from EVM memory or from
S-EVM model will provide Integrity and security for vote in the storage which
62
3.7. SECURITY ANALYSIS OF PROPOSED SECURE EVM MODEL
complexity and minimizing the size of the trusted computing base. To address the
to most other deployed DREs or existing EVM’s. The EVM use a simple embedded
system design, as we already know and the software is compact consisting of a few
The following are the some of the problems that arise in the hardware of EVM
Tampering with Machine State which should be addressed/ or manufactured under the
In our model we consider our system to be free from the above hardware
security threats and the votes polled in EVM are stored in memory which are part of the
and the polling both to which it belongs. To view the results, Polling official will
officiate for the results if the EVM is secure in its place without damage physically
network connection via communication mechanism, for vote storage at remote server as
backup is similar mirroring the memory of EVM. If EVM memory is hacked entire
votes may be modified, so to overcome this the proposed model stores votes not only in
memory of machine but also in remote server in encrypted form by using MPPK
cryptographic algorithm [12] with pairs of two keys. In this model pair of public keys
are used for encryption and private key is used for decryption.
63
Fig: 3.4 Encrypted Votes in EVM Memory
The casted vote in EVM is encrypted with one of the pair of public key PK1 and
stored in EVM memory as shown in Fig-3.4 and same vote is encrypted with public key
PK2 and stored in the EVM backup storage at remote server as shown in fig-3.5. At the
time of results EVM votes are decrypted with private key of that EVM given by polling
official if voting machine is in normal condition or in case of EVM failure votes are
retrieved from remote server by using private key of poll booth officer.
64
Fig: 3.5 Encrypted Votes stored in Remote Server
The proposed model is better designed to withstand any security attacks on data in
the storage.
Since EVM is an electronic device Votes stored electronically can be lost due to
the proposed EVM model which provides back up of Votes can be recovered.
65
In the proposed S-EVM model since the votes are encrypted in Memory of EVM it
On transit of votes to remote server the proposed EVM Votes are encrypted and
As in the new EVM model Votes are accessed only by polling officer with his
3.9. CONCLUSION
In this chapter we have discussed about the existing EVM functionality and its
limitations and based upon its observations a new model secure electronic voting
machine S-EVM model is proposed which enhances security for vote in storage as
well as by hackers or in case of damage in EVM. In the proposed S-EVM model a new
Chapter is concluded by showing the results and analysis of the proposed S-EVM
model.
66