INTERNATIONAL JOURNAL OF APPLIED ENGINEERING RESEARCH, DINDIGUL Volume 2, No 2, 2011

Transcription

1 Designing and developing secure protocol for mobile voting Abhishek Kumar 1,Ashok Kumar Srivastava 2 1- Junior Scientist, Computer Division, CSIR-Central Drug Research Institute, Chattar Manzil Palace, MG Marg, Lucknow Senior Principal Scientist, Computer Division, CSIR-Central Drug Research Institute, Chattar Manzil Palace, MG Marg, Lucknow CSIR-CDRI Communication Number: 8198 abhishek_kumar@cdri.res.in ABSTRACT In recent years, a drastic fall down is being noticed in the Indian general election s voting turnaround. Problem is becoming serious with the non-availability of a way to let voters cast votes who are residing outside their election-areas. The remote voting procedure for NRI s and Indian army is also not showing significant improvement. Somewhere the issues lie in ease of usage and somewhat lack of trust of current voting procedure. This article tries to solve this issue with the design and development of mobile voting protocol which is not only very easy to use but is also robust, secure and trusted. In this article, we have focused on designing a secure and globally trusted protocol to enable Indian citizens (or any other country s citizens who follows this protocol) to cast vote in their respective country s election via their GSM Mobile Phones from anywhere in the globe irrespective of their physical location. Apart from this, the motive of author is also to extend the usage of information technology to a scheme of Green-Election (Paperless election), addresses the issues of voting-problem in remote, disturb and sensible areas, and to suit the requirement of today s generation who, due to several problems, usually finds it difficult to go for manual vote casting. Keywords: Mobile Voting; Protocol for Mobile voting; Secure Mobile voting. Nomenclature EVM = Electronic Voting Machine NRI = Non Resident Indian SMS = Short Message Service UID = Unique Identification UIDAI = Unique Identification Authority of India (AADHAR) GSM = Global System for Mobile Communications 1. Introduction In democratic society, voting is used to collect and reflect people s opinion and making a trusted and accepted committee of representatives for successfully running the country. Currently, voting is being conducted in centralized or distributed voting booths. Voters have to present personally at the voting booth to cast their votes under the supervision of 522

2 authorized election commission members. For a variety of reasons, voters may not be able to attend voting booths physically but want to cast vote remotely. Accepted way of remote voting is Postal Voting (for NRI) and Proxy Voting (For Army), but it lacks proper authentication and involves a time-consuming procedure. This area needs to be explored properly due to following reasons: The current voting procedure is not very efficient and mostly probe to human error. Allegations keep being raised and there are enough ways for EVM tampering (Hari K. Prasad, 2010), (Tandayoshi Kohno, 2004), booth capturing, vote tampering, vote counting mistakes, violence and many more. The youth and the maximum voter portions of today are moving away from voting. Reasons are many such as: they find it difficult to manage time; out of their busy schedule for voting, they don t find any easy way of voting and the current way of remote voting is not very easy to use, lacks trust and also allowed for very specific group of people. The same problem is being faced by NRIs and Military men, the various remote voting ways were mainly targeted for this section only; Voting Via Embassies(for NRI) and Proxy Voting (from military persons); but they are not able to utilize it fully. The main reason remains as lack of authentication, flexibility and ease of use of current remote voting procedures. The voters who is residing outside their voting areas, also fails to cast their votes due to current not very effective voting procedures. The voting in remote and sensitive area always remains a problem and challenge. Major portion of people from this area fails to use right to vote. Taking example of Indian state Bihar which suffers from NAXALS and seen violence in election, the voting turnaround has decreased significally. In Bihar the Voting turnaround for Vidhna Sabha Election has fallen from 53.7 %( 1977) to 45.9 %( 2005 Nov). Politically disturbing areas like J&K also seeing constant reduction in voting turnaround. The overall effect of this trend is that the voting turnaround of Indian general election keeps falling drastically. Apart from this, there are many more reasons to look forward for a mobile voting as Reduced Costs, Greater accessibility for the disabled, Flexibility. (Manish Kumar) Table 1: Voting percentage in India s Lok Sabha elections General Election Year Male Female Total 1 st nd rd th th th th th th th th

3 12 th th th (Source: accessed on Oct 19, 2011) In 2009, general election has a voting percentage of % (Source: Wikipedia: India General Election, 2009) Hence, there is a great room for a remote voting protocol which is easy, transparent and most importantly secure. In this article, we have worked on a protocol development for secure and easy remote voting procedure via GSM mobile. Though GSM itself has inbuilt security features (Yang Feng, 2006), (Manish Kumar), this protocol further extends it for a secure mobile voting. We can also extend proposed protocol to define another inherent protocol/s for a secure online voting. 1.1 Protocol Description In current voting procedure, every valid voter has to register themselves to Election Commission of India and get their voter ID-Card. This ID-card is used as photo identification while casting vote. This protocol adds an extra field to the present Voter ID-Card namely: UID (The AADHAR UID) (Unique Identification Authority of India, Planning Commission).While registering to election commission, user will register his/her mobile number. Firstly, the user has to activate given mobile number to enable mobile voting. The mobile voting activation procedure for voters would be as follow: After proper verification, a secret number will be sent on the user s registered mobile number. After getting this number, user has to log-in to the Indian Election Commission s online mobile-voting activation gateway and provide following information: 1. The Secret Number 2. The UID as on voter s ID-card 3. The Voter ID as on voter s ID-card 4. Mobile number on which this information is sent This will be a single time activity which has to be done. An automated verification will be done on back end side and on success; the number will be activated for mobile voting. Also a secret key will be passed to the mobile user (this will be used to decrypt the secured encrypted SMS from election commission). The user also needs to download and install a small cryptography application (used to decrypt and view secure SMS from election commission).the detailed description of this protocol is elaborated down onwards. 2. Voting via this protocol 524

4 If a user is subscribed and allowed to cast mobile vote, on election day of his/her area, user will get an SMS from Election Commission of India, having a list of candidates name along with their parties name and parties symbol s name. User has to simply reply to this SMS to cast the vote. The Election commission s SMS format would be: <Sequel Number> <Candidates Name> <Candidates Parties Name> <Candidates Parties symbol s Name> Secret Key : <Highly robust randomly generated 12 characters length alphanumeric key> So, On Election Day, user will get an Election commission s SMS like: 1. Hira Yadav (INDIAN NATIONAL CONGRESS) (HAND) 2. Prabhu Lal (BJP) (LOTUS) 3. Priyanka Aggarwal (BSP) (ELEPHANT) 4. Vikash Yadav (NIRDALIYA) (AEROPLAN) Secret key: XX DFR To cast vote, user has to simply reply to this SMS in a predefined format. The reply format is: <SECRETKEY><SPACE>IM<SPACE><UID><SPACE>IS<SPACE><NUMERIC DIGIT> The extended full format of this SMS is: <Secret Key> I am <UID> is selecting <Candidates numeric digit> Ex: XX DFR IM 98XDUIDR45T IS 4 User will get an acknowledgement SMS on the same registered number after vote acceptance. 2.1 Backend architecture and working of protocol The backend of this protocol has one highly secured centralized database with three tables: Database_Name: Electorate_Information_Database Table 2: Electorate_Information_Table UID Voter_ID Voter_Name Father_Name //UID of the voter as on AADHAR UID CARD //Voter ID of the voter // Voter name //Voter s father name 525

5 Permanent_Address // Voter s registered permanent address Registered_Mobile_Number //Voter s registered mobile number for mobile voting Election_Area //Voter s election area (which area voter is allowed to vote for) Gender //Voter s gender Date_Of_Birth //Voter s Date of birth Date_Election_Commission_Registration //Date voter registered him/her self to election commission of India Date_Mobile_voting_registration //Date voter registered him/her self for mobile voting Date_Mobile_voting_activation //Date on which voter mobile information is validated and voter allowed for mobile voting Mobile_Voting_Allowed //Whether the voter is allowed for mobile voting or not. Usage: This table will be used for any usual query and fetch/update voter s basic information. This table can be published online on log-in basis for voter s to counter check their information. Election Area field will be used to decide, when user has to sent voting SMS. UID Secret_Symmetric_Key Table 2: Electorate_Cryptography_Key // UID of the voter as on AADHAR UID CARD //The voter s specific symmetric key used for Election commission s secure SMS encryption and decryption Usage: This is highly secured database s table and contains the symmetric secret key which will be used to encrypt and decrypt the SMS which will be sent to voters for casting mobile vote. This table s access can be restricted to only few people for security concerns. 526

6 Table 3: Electorate_Voting_Status UID Voting_Status Voting_Date_and_Time Voting_Mode Secret_PRNG_Number //UID of the voter as on AADHAR UID CARD // This is the field which provides information that whether user has yet casted vote or not // Date and Time when user casted vote // which mode was used to cast vote Mobile Mode or Polling Booth Mode (User manually casted vote by going to polling booth) //12 characters length secret Pseudo Random Number for carrying acknowledgment functionalities Usage This table will provide information regarding the current voting status of a voter and also provide many other fields for problem shooting like at what Date/Time vote has been casted, via which mode (mobile voting or voter casted vote from polling booth) vote has been casted, and also keep the a secret PRNG number for acknowledgment purpose. This table will be updated as soon as voter will cast vote via any mean and will be used by polling booth s officer and the mobile voting server to query/update voter s current voting status. The 4 fields of this table(voting Status, Date and Time, Voting Mode, Secret PRNG number) are volatile in nature and will be reset every time a new election helds in that area. Apart from this, this protocol also includes a small portable device which will be given to all of the Election camp officers. The prototype of this small portable device is: Figure1: Prototype of the small portable device for checking and updating voter s voting status 527

7 This portable device will be used to make a secured connection and query the centralized election commission s database regarding the current voting status of a user. This machine will consist of following parts: An alphanumeric keypad for punching voter s UID Three punch buttons namely: Query (query election commission s centralized database regarding the voting status of voter), Vote casted (to update the voting status of voter in the centralized database after allowing for vote casting), and Reset (to reset the display of the machine and reset its functionalities and flush any old data) Two display panels: One for viewing the UID while punching the same and second for viewing the output of the query Before allowing any voter to cast vote, the pooling booth officer will punch his/her UID on the machine and press query. If the user has casted vote by any other means previously, the same was updated on the database and will be reflected on the machine. However if the user has not casted any vote, the same will be shown as the output and the user will be allowed to cast vote after carrying proper formalities. Parallel an update will also be sent to the centralized database regarding this action via the same machine, to stop voter doing a revoting. If the user has already casted the vote, the output panel will show result as: YES, else the output panel will show result as: NO and polling officer can update the database regarding voter s voting status by pressing button: Vote Casted, which will immediately update the centralized database. 3. Challenges and Solutions Challenges and scenarios which have to be addressed in this protocol. 3.1 Users should not be allowed to cast vote more than once at any cost There are 2 scenario of this case: Voter casts vote physically by going to Polling booth: In this scenario after doing a proper verification via the provided machine, the polling officer will allow the user to cast the vote and will update the same to the election commission centralized database immediately Voter casts mobile vote: In this scenario, as soon as the vote reaches election commission s server, a backend checking will be done with the centralized database whether voter has casted vote previously or not via any other mean. If found a case of re-voting, the vote will be immediately discarded, else, the vote will be accepted and the user will get a confirmation SMS on the registered mobile number. The backend database will be update immediately to reflect the latest voting status of the voter 3.2 Security This is the area which has to be put under special consideration. There are many levels of security checks designed for making this protocol robust and secure. 528

8 3.2.1 Secure SMS The SMS sent to user will be secured SMS. The SMS will be encrypted with a robust symmetric encryption algorithm with a secret user s specific symmetric key (which was already passed to the user while activating mobile number) and digitally signed. The motive is that even though if the SMS will get tapped, the intruder will never be able to decrypt the SMS and thus would never be able to cast a fake vote. On receiving the secured SMS, voter will open this via the application he/she downloaded from the Election commission s web site and after providing secret decryption key, voter will be able to see and reply to the SMS. Either Election commission can develop own proprietary SMS cryptography application or can use any robust third party solution Acknowledgment This protocol will have a full functional acknowledgment feature, to ensure that the voting has been casted via authorized person. If we see the format of the SMS: <Sequel Number> <Candidates Name> <Candidates Parties Name> <Candidates Parties symbol> Secret Key : <Highly robust randomly generated alphanumeric key> The <SECRET KEY> is the one which is used to manage this acknowledgement. This secret number will be a generated by a highly robust PRNG (Pseudo Random number generator algorithm) and will be embedded in the SMS. Due to secure SMS, the message will be decrypted once it will reach the right voter s phone. After decryption the voter will use the same number in voting reply: <SECRET_KEY><SPACE>IM<SPACE><UID><SPACE>IS<SPACE><NUMERIC DIGIT> This ensures the acknowledgment over the voting. This also stops voter to vote until unless an SMS is particularly sent to mobile by the election commission server. This feature can also be extended to black-list mobile numbers in special cases, because user won t be allowed to SMS vote until unless he/she gets SMS with secret number on his/her mobile number Add-on checking On receiving the mobile vote, the server will ensure that the vote has been sent from the same mobile number on which the SMS was sent to stop any burglary in the mobile voting. However this Add-on checking can be dropped to provide voters a flexible voting mechanism where they would be allowed to vote from any mobile once they get voting SMS on their registered mobile number Mobile Stolen Scenario There are many ways to handle this scenario: User can contact the election commission s help center and after proper verification, request to block the number can be accepted. 529

9 User can request election commission s help center to register a new mobile number for mobile-voting. As the user is registered with mobile number not the SIM CARD number, as soon as the user gets same number again from his/her respective mobile service company, he/she can do a mobile voting. Moreover, as the mobile voting format consists UID of the user, which is again a privately known number, the chances of using stolen mobile number for fake voting is very less Miscellaneous checks The mobile voting will be allowed as per Indian standard time and the voter won t be allowed to use mobile vote once the normal voting time of the area ended. Only the polling booth manager will be allowed to query the election commission s centralized database via the provided machine and update the same (regarding the voting status of the voter). All other users will simply cast votes and in a way simply updates the database. Figure 2: The overview of the mobile voting protocol s architecture 4. Working architecture of Mobile-Voting 4.1 Outside working architecture The outside working architecture of this protocol is: 530

10 4.2 Flow Chart demonstration for Mobile-voting at various stages Figure 3: Action flow chart for the automated election commission server for handling Mobile-Voting 531

11 Figure 4: Action flow chart for voters casting mobile votes Figure 5: Action flow chart for polling booth s officer for allowing a manual voting after checking the voter s voting status for stopping any burglary 532

12 5. Conclusion In our study we have found that there is a great scope of mobile voting in the current social scenario and the above proposed protocol not only provides a starting milestone in this direction but also opens a new room for further exploration and extending the proposed protocol for practical usage. 6. References 1. Tandayoshi Kohno, Adam Stubblefield, Aviel D.Rubin, Dan S. Wallach (February 27,2004), Analysis of an Electronic Voting System, pp Yang Feng, Siaw-Lynn Ng, Scarlet Schwiderski-Grosche ( June 26, 2006), An Electronic Voting System Using GSM Mobile Technology, pp Hari K. Prasad, J.Alex Halderman, Rop Gongriijp, Scott Wolchok, Eric Wustrow, Arun Kankipati, Sai Krishnan Sakhamuri, Vasavya Yagati (April 29,2010), Security Analysis of India s Electronic Voting Machines 4. Unique Identification Authority of India, Planning Commission, Government of India (July 7, 2010), Aadhar Handbook for Registrars, Version 1-July 2010, pp Manish Kumar, T.V. Suresh Kumar, M. Hanumanthappa, D Evangelin Geetha, Secure Mobile Based Voting System, pp India Elections Statistics, accessed 19 October, Wikipedia, Indian General Election 2009, general_election,_ 2009, accessed on 19 October,