Assignment title: System and Network

Design – Group Project

Assignment Number: 1

Name of the Group: Group D

Name of the module: CS5401

Names of the lecturers:

Mrs. Vishaka Nanayakara / Mr. Samantha
Senaratne

Academic year: 2010

Group members
Surangi Alexander
Amila Shamika Ariyawansa
Tharaka de Alwis (108256D)
M.M.K. Dissanayaka
Harshana Porawagama

Copyright © 2010 University of Moratuwa, Department of Computer Science

Copyright © 2010 University of Moratuwa, Department of Computer Science
REVISION VERSION
Ver. No Date of Prepared By Approved List of changes from
Release By Previous Version
0.7 03/13/2010 Tharaka de Draft template created
Alwis
0.8 03/14/2010 Tharaka de Merged documents
Alwis sections of Mahesh,
Surangi, Harashana and
Tharaka.
0.9 03/14/2010 Tharaka de Merged Amila’s literature
Alwis survey

Copyright © 2010 University of Moratuwa, Department of Computer Science

 Executive Summary

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 5

Table of Contents
1.Introduction....................................................................................................................................................9
Overview.......................................................................................................................................................9
Problem Domain.........................................................................................................................................10
Literature survey on other electronic voting systems.....................................................................................11
History........................................................................................................................................................11
Direct Recording Electronic Systems.........................................................................................................11
Electronic Voting in USA...........................................................................................................................11
Voting Process............................................................................................................................................11
Counting Process........................................................................................................................................11
Risks...........................................................................................................................................................12
Electronic Voting in India..........................................................................................................................12
Voting process............................................................................................................................................12
Counting Process........................................................................................................................................13
Constraints to improve safety.....................................................................................................................13
Solution...........................................................................................................................................................14
Solution Overview......................................................................................................................................14
Vision..........................................................................................................................................................14
Scope...........................................................................................................................................................14
Goals and Objectives..................................................................................................................................14
1.1.1.Organizational Impacts......................................................................................................................15
Requirements Electronic voting for Sri Lanka (Social barriers regarding electronic voting systems) .........16
Anonymous vote ........................................................................................................................................16
Transparency...............................................................................................................................................16
Timelines for counting process...................................................................................................................16
Dealing with lost/blank/invalid ballots.......................................................................................................16
Security ......................................................................................................................................................16
Accuracy/Integrity of ballots .....................................................................................................................16
Ease of use..................................................................................................................................................17
Summary.....................................................................................................................................................17
Technical Design............................................................................................................................................18
Operational Overview.................................................................................................................................18
FairVote - Client SoftWare ........................................................................................................................18
FairVote Voting Process ............................................................................................................................18
FairVote Client Features.............................................................................................................................18
Protect Voter’s anonymity......................................................................................................................18
Transparency...........................................................................................................................................19
Eliminates delays in the electoral process..............................................................................................19
Dealing with invalid/under-vote/over-vote cases...................................................................................19
Enhanced Security..................................................................................................................................20
Improved Accuracy and Integrity of ballots...........................................................................................20
Ease of use..............................................................................................................................................20
Usability features of FairVote ...................................................................................................................20
Offer informative feedback to users.......................................................................................................20
Design dialogs to yield closure...............................................................................................................21
Offer error prevention and simple error handling...................................................................................21
Use of Touch screen monitors................................................................................................................21
Support multiple languages....................................................................................................................21
Voice instructions for assistance............................................................................................................22
Improved features for people with disabilities.......................................................................................22
FairVote Audit Trails..............................................................................................................................22
No scrolls................................................................................................................................................22
Network Architecture ................................................................................................................................23
Introduction ..............................................................................................................................................23
Main Application Server ............................................................................................................................23

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 6

Network Connections ................................................................................................................................23

Monitoring Stations ...................................................................................................................................23
Security Architecture .................................................................................................................................24
Introduction ...............................................................................................................................................24
Information security ...................................................................................................................................24
Physical Security .......................................................................................................................................24
Hardware Specifications ............................................................................................................................25
Hardware Requirements Summary ............................................................................................................25
Main application server – Specifications ...................................................................................................25
PC server – Specifications .........................................................................................................................25
Touch screen display unit – Specifications ...............................................................................................26
High end firewall – Specifications ............................................................................................................26
Low end firewall – Specifications .............................................................................................................26
Fault Tolerant Measures ............................................................................................................................27
Hardware Fault Tolerant ............................................................................................................................27
Software Fault Tolerant .............................................................................................................................27
Project Conditions..........................................................................................................................................28
Assumptions...............................................................................................................................................28
Issues...........................................................................................................................................................28
Risks...........................................................................................................................................................28
Project Approach............................................................................................................................................29
Estimated Costs..........................................................................................................................................29
Dependencies..............................................................................................................................................29
Project Plan.................................................................................................................................................29
Limitations and Possible Enhancements........................................................................................................31
List of Abbreviations......................................................................................................................................32
Bibliography ..................................................................................................................................................33

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 7

List of Tables
Table Number Description Page
Table -1

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 8

List of Diagrams
Diagram Description Page
Number
Diagram -1

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 9

1. Introduction

Overview
Elections in Sri Lanka allow Sri Lankans to choose their presidential, parliamentarian
and provincial council representatives and express their preferences for how they will
be governed. Naturally, the integrity of the election process is fundamental to the
integrity of democracy itself. The election system must be sufficiently robust to
withstand a variety of fraudulent behaviors and must be sufficiently transparent and
comprehensible that voters and candidates can accept the results of an election.

EVote is suggested computerized voting system to Sri Lanka and it enables Sri
Lankans to vote for any candidate in an easier and more convenient way in any
presidential, parliamentarian or provincial council election. Even though there are
different levels of educated peoples in Sri Lanka; the system has been designed in a
way that all they can vote accurately and confidently as they desire. The electoral
process will be secured and unimpeachable with the introduction of the EVote
system to the Sri Lanka electoral process.

EVote System eliminates the variety of fraudulent incidents which are happened in
past elections and the electoral process will be taken place transparently. EVote
system ensures that particular person can vote only once and this feature will
facilitate to a perfect electoral process. The traditional ballot papers used in past
elections will be abandoned and touch screen terminals will be introduced to each
polling station. This will reduce the huge expenditure involved in printing, storing and
transportation of ballot papers. User friendly interface in terminals will ease users to
vote confidently and accurately. EVote voice commands are also used to increase
the confidence of the users and User Interface will facilitate to use Sinhala, English
or Tamil in voting. After the polls are closed; votes are securely transferred to the
nearest provincial head office and then votes will be transferred to the main counting
center securely. EVote system provides a secured vote transferring mechanism and
it will avoid the frauds happened in transferring of ballot boxes in past elections.

The vote counting process of the EVote system is very efficient and the final results
can be disseminated within few minutes after starting the counting process. Final
results will be counted securely ensuring transparency and demonstrating integrity in
the process. EVote system allows to selected political party representatives to
examine the counting process and it will increase the people’s confidence about the
electoral process. Election Results will be released basis of polling divisions, districts
and all island. The System also facilitates to fast dissemination of election results by
providing effective mechanism to access the election results to government and
private media centers.

EVote System comports for country like Sri Lanka and will ensure the accuracy and
fairness of elections in Sri Lanka and it will also reduce the election expenditures due
to its lower operating cost.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 10

Problem Domain
In most of the past elections there were many claims regarding the accuracy of the
electoral process in Sri Lanka. Most of claims ended up with court proceedings also.
These frauds are happening due to the security gaps, malpractices of the existing
electoral process in Sri Lanka.

Following problems are identified as key issues in current electoral process

• No mechanism to ensuring a voter votes only once
• Using fake ballot papers
• Ballot box lost during the transport
• Biasness and malpractices in counting process
One of the major issues in Sri Lanka electoral process is not having an approach to
ensure that a voter votes only once. Even though the National Identity Card is used
to identify a person it was not compulsory in most of the past elections. Due to the
above reason one person may have a chance to vote more than once and therefore
it will highly affect to the fairness of elections.

Ability of using fake ballot papers is another issue in electoral process in Sri Lanka.
Some incidents were reported where the fake ballot papers were used in past
elections. Since those ballot papers are very much similar to the original ballot
papers it is difficult to identify those as fake ballot papers. So it also affects to the
election results badly.
In current electoral process ballot boxes are sealed at the polling centers to avoid the
frauds happening while the transportation of ballot boxes to the counting centers.
Even though the ballot boxes are sealed before sending them to the main counting
centers; there were occasions those ballot boxes are hacked and filled with fake
ballot papers. Also there were situations some ballot boxes are lost during the
transport. In the last presidential election also some original voted ballot papers were
found after the election from a paddy field.

There can be frauds happening in the counting process also. Even though counting
is examined by the political party representatives; many incidents were reported in
past elections in the counting process. Since peoples involve in the counting process
it is difficult to avoid biasness and other counting related issues. Sometimes it has to
recount the votes due to the malpractices used in the counting process and in such a
scenario it delayed releasing whole election result.

At many of the recent elections there has been allegation of fraud, malpractices in
the voting centers as well as there has been allegation of biasness in the counting
process. All of above mentioned problems are identified as key issues in the existing
electoral process. EVote system is directed to overcome all the issues identified in
the current electoral process.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 11

Literature survey on other electronic voting systems

History
Since voting is considered as one of the most important rights of a citizen in any
democratic nation, the method of voting has also been changed time to time to make
the process more safe and convenient. In early days like 1700's the in United States
of America oral elections were conducted. Later they have changed to written
ballots, in fact this is the method which is being practicing in most countries in the
world today. In USA this was revolutionized further through Lever Voting Machines,
Punch Cards, Optical Mark-Sense Scanners. These techniques improved the
counting process of the votes.
Then around 1996 they have introduced “Direct Recording Electronic Systems
(DREs)”[1]. This was widely used after the year 2000 for all the elections. Later
around 2004 this was adapted by several other countries like Basil, India,
Venezuela.

Direct Recording Electronic Systems

This provides an electronic version of the ballot paper interface so that the voters
can give his/her input using buttons or touchscreen. The data is processed by a
computer program so that the real time counting is possible.

Electronic Voting in USA

After analyzing some of the problems encountered in 2000 presidential election
using the punch card voting system USA government put more effort to upgrade
there current voting system. As a result DRE was introduced.

Voting Process
1. Here the voters registration process is also computerized and unique
username and password are given to the voter.
2. Voter goes to the voting center and logs onto the coting machine (Here
voters identity is also verified using given username and password).
3. Machine displays all the contestants and voter can proceed with his/her
preferences.
4. Finally he/she has to make the confirmation so that the votes get
registered.

Counting Process
A public network DRE voting system is an election system that uses electronic votes
and transmits vote data from the polling place to central location over a public
network. So that it has the facility of transmitting votes as they are cast or
periodically as batches of throughout the election day or as one batch at the close of
voting. Based on the technique used, a real time counting happens at the central
location.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 12

Risks
According to the critiques even though well established network security features are
being used, having a network to communicate votes to a central server, exposes the
system to unimaginable risk.

Electronic Voting in India

Even though some of the controversial incidents occurred in USA with the usage of
electronic voting machines, in year 2004 India came to success with 380 million
votes on more than 1 million voting machines. The task of creating inexpensive easy
to use voting machine was successfully done by two Indian companies. They
created a machine which looks like a cross between a computer keyboard and a
Casio music synthesizer.

The System is a set of two devices running on 6V batteries. One device, the Voting
Unit is used by the Voter, and another device called the Control Unit is operated by
the Electoral Officer. Both units are connected by a 5 meter cable. The Voting unit
has a Blue Button for every candidate, the unit can hold 16 candidates, but up to 4
units can be chained, to accommodate 64 candidates. The Control Units has Three
buttons on the surface, namely, one button to release a single vote, one button to
see the total umber of vote casted till now, and one button to close the election
process. The result button is hidden and sealed; it cannot be pressed unless the
Close button is already pressed.

The voting unit has a list of candidate's names and their Party Symbols pasted on
the surface, and a Blue button to cast a vote faces ever candidate's name. The Party
Symbols (like a Lotus, an elephant, a horse etc.) are approved by the election
commission to be unique, All political parties use these symbols while campaigning,
and illiterate people can identify their candidates by looking at his symbol, and
pressing the blue button in front of his symbol.

The order of the candidates can be rearranged which means unscrupulous

politicians couldn't rig the machines at the factory, since they wouldn't know which
button would be assigned to which candidate. On the other hand the software is
embedded into a micro processor which is not possible to re program. If someone
tries to pry open the machine, it automatically shuts down.

Voting process
1. In India voters' registration process is happened manually. So that each voter is
being registered based on their paper ID card.
2. At the voting center the voter is identified this paper ID card.
3. Like Sri Lanka, voter's finger is marked with a special ink so that the ink cannot
be removed easily.
4. While the voter is entering to the voting booth, the electoral Officer then Presses
a button on his Control Unit, that releases a single ballot, for the voter to use, this of
course is electronic so it just enables the Voting unit to register one Vote.
5. When the voter arrives, he/she presses a button in front of name and election
symbol of the candidate.
Copyright © 2010 University of Moratuwa, Department of Computer Science
Group D – SND Assignment 13

6. Real time response system is also included with the machine so that a light
glows red and a beep is emitted, indicating that a vote has been registered.
(When a trouble arises, an election official can push an override button that
shuts down the system.)

As far as the infrastructure of electronic voting systems between India and USA is
concerned the major difference is that not like the machines used in USA, Indian
machines are not networked. All the votes are being stored inside the machine itself
at a particular voting center.

Counting Process
1. After the voting is done, electoral officer finishes the voting by pressing the the
“Close” switch on the control unit. After that no further votes are registered by the
unit. The total number of the Votes registered are noted by all political party agents
and then the control units are put into its own special carrying case, and sealed for
transport.
2. Control units from different polling centers are collected to a central district
counting center.
(One such center is situated for each district)
3. At there all the sealed control units are opened. These control units are comes
up with special button to obtain the results which is physically secured by a
protective seal. When this is pressed it gives the Serial number of the Candidate,
and the votes that he has won.
4. At this point the election commissioner has to check the total number of votes
displays in the control unit with actual number of voters. If they are not tally each
other then the machine is found to be faulty. As a result the commissioner ask for a
re-election.

Constraints to improve safety

Only 5 votes are accepted by the system in a minute. Also the the polling centers are
distributed such a way that maximum number of total votes in any polling center
cannot exceed 1500. As a result if someone forcefully captured the booth, he/she
can cast only maximum of 1500 bogus votes, but the climax here is that this will take
minimum 5 hours time.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 14

Solution

Solution Overview
Over the years at many elections there have been allegations of fraud, malpractices
and biasness in the counting process, some even leading to court proceedings.
Delays in the releasing of election results due to inefficiencies in the counting
process have brought a dilemma on the Sri Lankan voting system as a whole.

From this project we strive to design an ICT based electoral counting process in Sri
Lanka to eliminate the following main areas of concern from the existing voting
system and procedures
• Effective and efficient counting of ballot papers
• Eliminating fraud
• Securely transferring the counted votes from the Counting Centers to the
Election Secretariat (main office)
• Ensuring transparency and demonstrating integrity in the process
• Efficient dissemination of election results

Vision
Design an efficient and cost effective voting system for Sri Lanka's department of
elections covering the entire vote counting and results announcing process ensuring
reliability, availability, fault tolerance and security to conduct Presidential,
Parliamentary, Provincial and Local Elections in a free and fair manner.

Scope

Goals and Objectives

Goals Objectives
Effective and efficient • Eliminate fraud that might in-cure with the use of
voting through a physical paper and ballot boxes.
touch sensitive • Cut down the recurring costs associated with long
computers. list of voting papers with all candidate information
for future elections.
• Support users of all groups of age, gender,
language and level of education (computer literacy)
to easily and effectively cast the vote.

Transfer votes to a • Eliminate the transfer of ballet boxes of counting.

hosted central server
located at head office of
Department of election
or ICTA.
• Eliminate the existing manual counting process
which has become questionable over the recent
years.
• Cut down the costs in mainlining counting centers
at 22 districts.

Ensure Security,
• To ensure transparency and demonstrating
Reliability, Fault
Tollerance and integrity in the process.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 15

Availability during the

election period.

Use a cost effective
voting system that can
be used by the
Department of election
for over a long period of
time (10 years)
• Reduce the cost of infrastructure for the voting
system that Department of election might have to
undertake.
• Reduce the recurring costs associate with every
election place.

Provide the final results • Efficient dissemination of election results.

within a maximum of
two hours of duration.

1.1.1. Organizational Impacts

Impact to and Participation of
Organization Organization
Department of election Processes and procedure followed
according to a new act.
ICTA Technology and Infrastructure used within
this institute will be used for elections.
Nanasala (currently 600 centers island Technology and Infrastructure used within
wide) this institute will be used for elections.
Government schools and institutes with Technology and Infrastructure used within
ICT facilities. this institute will be used for elections.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 16

Requirements Electronic voting for Sri Lanka (Social barriers regarding

electronic voting systems)

Anonymous vote
Ballot is considered as a secret vote and a right of each and every individual in a
democratic country. Usually this will determine which party will govern the country.
Therefore anonymity of votes should be given special consideration. Many people
fear or are very reluctant to have their votes discovered by any of the candidate
parties. If vote is not secret, severe security concerns may arise regarding safety of
voters. Therefore with computerized voting systems, people will have various
concerns. Since their ballot is electronically recorded, people who are used to
manual voting might not feel same safety regarding anonymity of their votes.

Transparency
Computing systems compute results in manner which is not transparent to the end
users of the system. With manual counting, people can see the progress of an
election process, how ballots are being counted at any given point in time. But when
this process is computerized, this is hidden to the voters and every one who is
interested in the election.

Timelines for counting process

When compared with manual election process, automated election should be able to
achieve timelines in fairly impressive manner. If delays are encountered in
completing the count and in the release of unofficial preliminary results, this will have
a negative effect on the confidence in the voting process. Therefore speed of
processing is another critical aspect.

Dealing with lost/blank/invalid ballots

Currently in Sri Lanka we are using a manual process for elections. Therefore blank
ballots and invalid ballots are very common cases. Due to theses reasons number of
valid ballots are lessen and this has a huge impact on the election process. To hold
an election, government and tax payers of a country have to bear a huge cost. If
ballots are wasted, the election is just an extra cost to a country with no useful
purpose.

Security
Current process of elections is more vulnerable to fraud. From the time voting begins
to the completion of the count, ballots may be modified, tampered or replaced,
specially when ballot boxes are moved to another location. Therefore security in this
process is a major concern of voters, counting officials and national and international
electoral observers.

Accuracy/Integrity of ballots
Accuracy in the election process ensures Integrity of ballots. Both manual and
computerized election processes must ensure that votes are accurately recorded
and counted. Without this assurance, it is more likely that the voters will lose
confidence in the election. Ultimately whole election process is at a risk. Therefore
Copyright © 2010 University of Moratuwa, Department of Computer Science
Group D – SND Assignment 17

accuracy of this process is another main concern of interested parties of an election.

Furthermore, later discovery of errors can lead to accusations of fraud.

Ease of use
Recent studies indicate many electronic voting systems have failed simply because
these interfaces are not user friendly. Users of electronic voting systems accept such
systems to be simple and less complex. In traditional manual election process, users
spend very less time for voting. If votes are directly recorded using electronic
systems, users should be able to use these systems with less learning effort and
without ant burden.

Summary
These are major sociological barriers for the design of electronic voting systems.
Therefore design of such systems should take these aspects in to consideration.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 18

Technical Design

Operational Overview

FairVote - Client SoftWare

We propose client-server architecture for FairVote system. The client side
software will be installed at voting centers spread Island wide. Since most
SriLankans are not computer literate, this software should have a relatively
easy to use interface. FairVote will use touch screen monitors so that even
the computer illiterate voters can use this system without much burden.

FairVote Voting Process

The traditional voting process will remain the same except some parts of it
will be automated using FairVote. The voter will arrive at the designated
voting location and check in. Voter will not be authenticated by the system,
instead committee of elections department will check for the legitimacy of the
voter as in the current process. Voter will be directed to FairVote Client touch
screen system where voter can cast a valid and satisfactory ballot with the
assistance of the FairVote Client. First screen of FairVote will prompt the
voter to select the language (Sinhala/Tamil/English). Once the language is
selected screens will be based on that language.

At first voter will be asked to select the party (Beetle leaf, Elephant,
Trophy...etc.). Images of each party will be displayed together with the party
name. Next voter has to select the candidate. Images of each candidate will
be displayed together with the name. Finally User may submit, cancel or spoil
his/her vote. For that three option buttons ‘Submit’, ’Cancel’, ’Spoil’ are
available. Ballot will be validated and recorded by the system. These ballot
records are pushed to FairVote Server system running at Headquarters when
the election is over. After that, processing will be carried out by FairVote
Server system in a timely and elegant manner.

FairVote Client Features

FairVote client is designed with above mentioned social aspects in mind.
FairVote Client Features addresses these social barriers.

Protect Voter’s anonymity

Some computerized systems use PIN numbers, bio-identification
techniques such as fingerprints when user first arrives at the system. But
studies indicate that PIN numbers can be stolen, fraudulated, or even
sold. On the other hand voters are not willing to use fingerprints since they
fear their identity will be stored in the system and it will expose risks on
the voters. Therefore, to protect anonymity of votes, voter identity will not
be recorded in FairVote system. There will not be any login/user
authentication screen in FairVote. This will improve the confidence in the
voter and make FairVote a very practical solution for computerizing Sri

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 19

Lankan election. Capturing and storing user identity along with his/her
vote can’t be accepted due to ethical and legal reasons.

Furthermore, FairVote uses a manual process to validate voter

authenticity. Just like in current manual process, committee of elections
department will be present at the voting center and make sure that the
voting process is not vulnerable to fraud and only the rightful voters
exercise their right.

Transparency
For the election process to be open and transparent, representatives of
political parties, national and international electoral observers should be
allowed to witness and/or participate in the process. Manual counting is by
its nature more transparent than computerized counting. If vote counting
is computerized, new mechanisms for ensuring transparency need to be
introduced. Therefore to improve transparency, FairVote will use external
audits.
Furthermore, we need to make this process transparent to end users of
the system. At the point of casting a vote, after the vote is made, if voter
wishes to have a printed copy of his/her vote, the system can generate a
copy of the ballot selection. This will not be generated for every ballot by
default, because it will have a performance issue. But if a voter wants to
get a printed copy, his request can be accommodated by the system.

Eliminates delays in the electoral process

Achieving timelines in the electoral process is significant for a Direct
Recording System. As mentioned in the social barriers of electronic voting
systems section, achieving time lines should be a special concern of an
electronic voting system. As soon as election process is over, ballot
records are pushed to FairVote Server system running at Headquarters.
After that, processing will be carried out by FairVote Server system.
Special features of FairVote server and its processing will be mentioned in
the next section.

Dealing with invalid/under-vote/over-vote cases

FairVote is implemented in such a way that these situations will be
minimized and hence vote count will be increased. In the usability section
of FairVote Client this will be described in more detail. Designing
interfaces to minimize errors and recover from errors is an important
consideration in a system. Therefore necessary checks will make sure
that votes are not wasted as invalid votes. Furthermore, a user is entirely
free to cast a blank vote if he/she wishes to do so.
In this way, good design of electronic voting systems can reduce number
of blank and invalid ballots. In addition, proper fault tolerance mechanisms
must be in place to ensure that computer system failures will not result in
lost ballots.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 20

Enhanced Security
Using various mechanisms such as SSL, XXX security is enhanced and
the whole electoral process is no more vulnerable to fraud. This will
improve the electoral process greatly, compared to current situation.

Improved Accuracy and Integrity of ballots

The manual process of counting votes is susceptible to lots of human
mistakes. Some votes may not be counted. Ballots that are damaged,
unreadable are discarded from the totals. FairVote can ensure that such
mistakes will not happen. FairVote Client running on each voting center is
designed to minimize voter errors. FairVote will alert voter if a ballot is
invalid due to over/under voting. Since whole process is automated
damaged or unreadable votes are impossible. Furthermore if a voter
wants not to vote for any of the candidate, that is also allowed with
FairVote design. This way FairVote design is flexible for the voter while
improving accuracy of this process. Since ballot counting is automated,
FairVote adds accuracy to whole election process enhancing voter
confidence in the election process.

Ease of use
Voters expect electronic voting systems to be easy and simple so that
they can use the system with minimum learning effort. Usability features
of FairVote section will cover how this aspect is handled with respect to
Human Computer Interaction principles.

Usability features of FairVote

Studies indicate many electronic voting systems in past have failed resulting
further erosion of voter confidence in the election process. According to these
researches this is due to lack of usability in design of such systems. Ideally
these systems should be designed focusing on the users of the system.
Every citizen of a country has a right to vote. Therefore electronic voting
systems should be designed to assist voters in easily exercise this right.
Therefore, design of a Direct Recording System (DRE) should take in to
consideration about various issues such as human error, capabilities of DRE,
goals of the voters, how the voters will go about achieving those goals,
natural flow in which the voting occur etc. At the same time, design should
grant the system on features such as easy to use (or usability), user
friendliness, interactivity etc. Various Human Computer Interaction (HCI)
principles can be used for designing effective, user friendly and interactive
systems. Below we will discuss how FairVote Client interface design is
improved with HCI principles.

Offer informative feedback to users

Invalid votes are a common case for any election. Therefore system
should provide meaningful information regarding errors encountered so
that users, themselves can recover with less burden. Voters might enter

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 21

wrong inputs. At this point, some systems provide error codes or display
errors such as ‘Your vote can’t be processed’. Rather than displaying
such less informative errors, systems should be able to provide
informative feedback on such situations. Ex –Your input is wrong. It
should be in the following format…etc.

Design dialogs to yield closure

The interaction between user and system can be considered as a dialog.
So the closure of dialogs should be designed in such a way that the
closure is seen by the user. If not when interacting with systems, users
might wonder whether actions they carried out were actually performed or
not. To simplify the user’s interaction with the system it is important to
make sure that users are aware of it, when a particular action has been
carried out. With voice instructions provided by FairVote client, the dialog
interaction between voter and system can be improved. Also, voter can be
made more confident about casting of votes. Closure of this dialog in
FairVote is designed in such a way voter is sure that he has successfully
made the vote.

Offer error prevention and simple error handling

Error handling on the other hand has to be supported by any system in
order to encourage exploration and relieve anxiety. If error prevention is
not supported, users will be frightened to use the system not knowing how
to recover from various errors that they might encounter. With error
prevention and error handling users will be free to use functionality with
less anxiety. At the same time users will be encouraged to explore the
depths the system. FairVote interface is designed both to prevent errors
and handle errors. Each screen has a specific help space on the bottom
left corner of the screen. This help box is allocated with useful instructions
for each step. If errors are encountered users can simply recover with out
any burden.

Use of Touch screen monitors

FairVote will use touch screen monitors so that even the non-IT literate
voters can use this system without much burden. If voters have to use a
keyboard and a mouse to cast their vote, most Srilankan voters will find it
very difficult to use the system. Therefore FairVote uses touch screen
monitors. Although FairVote will be designed with a very user friendly
interface for Sri Lankan community, still a media campaign needs to be
triggered within Sri Lanka to educate voters. This campaign will make
sure that voters will be more confident to use the system.

Support multiple languages

Sri Lanka is a nation of multi-religious, multi-races and multi-cultural
communities. Each community has different cultural aspects and
languages. Therefore FairVote will be designed to accommodate all three
languages, Sinhala, Tamil and Ennglish. At entry point, voter will be asked

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 22

to select his/her preferred language. From that point onwards users can
easily interact with the system using preferred language.

Voice instructions for assistance

To reduce learning overhead on the side of the voter, interfaces will be
designed with voice instructions. At starting point users will be prompted
for voice instructions. If user decides to get voice enabled help, based on
user’s preferred language, voice instructions will be provided. This will
guide users to accomplish their task easily. In addition, each voting booth
will have a designated employee to help users in case they need
assistance to use FairVote.

Improved features for people with disabilities

Almost 10 percent of the world’s population lives with some type of
disability. Many such people find it difficult to exercise their right to vote.
By taking in to account various user interface design principles, Electronic
voting systems can allow greater accessibility for individuals with
disabilities. Since FairVote design incorporates voice instructions, elderly
people and people with visual disabilities can be assisted to make correct
choices when casting votes.

FairVote Audit Trails

Whole election process is monitored by national and international bodies.
Since FairVote automates whole process, it is important that at any point
in time, it should be able to trace back and check for validity of the
process. Audit Trails can be carried out and leave out all doubts regarding
FairVote process. At each voting center, FairVote Client is connected to
two databases. In the event of primary database failure, backup database
can take over. Furthermore the backup database can be used for auditing
purposes. Using a separate algorithm to count the ballots audit trails can
be carried out. Furthermore, recounting of ballots is not costly with the
FairVote system compared to current situation.

No scrolls
FairVote Interface will not have any scroll bars. Having scrolls in the
screen might be a problem since most voters are non-IT literate. Design is
simplified not to have any scroll bars. Voters will be able to use FairVote
simple and accurately.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 23

Network Architecture

Introduction
The proposed network architecture for the eVoting system is described in the Figure
xx. The main components of the network are described in the following part.

<Network Diagram>

Main Application Server

• There are four main application servers which carry out the eVoting system
processing. There are two main application server sets running at two
physically separated locations,
o Site 1 – Department of Elections
o Site 2 – Undisclosed
• The counting process is to be run at both locations separately and after all
the processing is done results is to be compared and verified.
• In a single location there are two servers, primary server and the backup
server connected in hot standby. Hot standby is a method of redundancy in
which the primary and secondary (i.e., backup) systems run simultaneously.
The data is mirrored to the secondary server in real time so that both
systems contain identical information.

Network Connections
• The network connections required for the site 1 and site 2 are acquired from
the national ISP provider. The network links are required to have 99.9%
availability at the Election Day. The existing Internet connections at the
polling centers are used to connect polling center servers.
• If a polling center does not have an Internet connection, the polling center
server should be transported to the nearest Internet available polling center
or a Nanasala station.

Monitoring Stations
• Each site has five monitoring terminals. Four will be monitoring polling
activities while one will be monitoring the network and system activities.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 24

Security Architecture

Introduction
• The information security is considered as most critical in the eVoting system.
The following mentioned security implementation and security policies are
followed in this system.

Information security
• There will be 4 application servers and estimated 12000 polling center
servers (PC servers). SSL certificates are provided to the 4 application
servers and for the polling center servers digital certificates are provided
which supports client side authentication. From this mechanism application
servers get authenticated to the polling center servers and vice versa.
• All data from the polling centers are digitally signed and encrypted before
transmission using corresponding digital certificates. This process is done in
a security module in the polling center servers.
• All the polling center servers are connecting through Extranet VPN to the
main application servers. Exranet VPN supports the use of Internet as its
base and deals with a wider scale of users and physical locations to allow
the PC servers to access main application servers.
• Passwords to the main application servers are divided in to two parts. And it
is to be distributed among two persons (One is from the technical team and
the other from appointed by the election commissioner).
• Passwords to the PC servers are divided in to two parts. And it is to be
distributed among two persons (One is from the technical team and the other
person will be the head of the respective polling center).

Physical Security
• The main application servers should be placed on a dedicated server rack
and it should be kept locked.
• All physical accesses should be logged.
• No remote login should be allowed to the server.
• The server rack should be under video surveillance. And the video should be
recorded for future reference.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 25

Hardware Specifications

The following required hardware must be purchased to setup the eVoting system. All
mentioned hardware are mandatory requirements. Note that in network site 1 and
site 2, available routers and switches will be used to support the network
infrastructure. This measure is taken to minimize the hardware cost that will require
for a complete network infrastructure.

Hardware Requirements Summary

Requirement Number required

Main application servers 4
PC servers + Monitoring PCs 12000
Touch screen display units 12000
High end firewalls 2
Low end firewalls 2

Main application server – Specifications

Feature Minimum configuration

Form factor Rack mountable
Processor Intel Xeon Quad Core Processor 2.93
GHz
Front side bus 1333MHz
Chipset Intel
Cache 8MB
Memory (RAM) 4GB DDR-3 RDIMMs
Hard disk drives 5 x 300GB Hot-swap SATA with 7200
rpm
RAID support Hardware RAID 5
Built in IO ports 1 x RS232 serial, USB x 4, 1 x mini-DIN
keyboard, 1 x mouse
Network interface 2 x Ethernet 100/1000 Mbps
Optical Drive DVD+/-RW
Power supply unit Redundant units
Operating system support Redhat Enterprise Linux

PC server – Specifications

Feature Minimum configuration

Form factor Mini-ITX
Processor Intel Atom 1.6GHz
Front side bus 533MHz
Copyright © 2010 University of Moratuwa, Department of Computer Science
Group D – SND Assignment 26

Chipset Intel 945GC Chipset

Cache 1MB
Memory (RAM) 2GB DDR-2
Hard disk drives 1 x 160GB with 7200rpm
RAID support None
Built in IO ports 1 x RS232 serial, USB x 4, 1 x mini-DIN
keyboard, 1 x mouse
Network interface 1 x Ethernet 10/100 Mbps
Optical Drive DVD+/-RW
Operating system support Windows XP

Touch screen display unit – Specifications

Feature Minimum configuration

Display size 17 inch
Resolution 1280x1024 at 60Hz
Parts per inch 96
Response rate 2ms
Colors 16m
Connections Analog (VGA), USB for Touch function,
Internal Power supply
Power consumption Energy star complaint
Kensington Lock Support Yes
Speakers Yes
Free Accessories Power cable, VGA cable and USB cable

High end firewall – Specifications

Feature Minimum Configuration

Throughput 100Mbps
Number of interfaces 4
Number of firewall policies 250
Firewall connections 25000
Firewall connections per second 3000
Network interfaces Ethernet 100/1000 Mbps
Number of zones 4
VPN functionality SSL
Memory 256MB

Low end firewall – Specifications

Feature Minimum Configuration

Copyright © 2010 University of Moratuwa, Department of Computer Science
Group D – SND Assignment 27

Throughput 50Mbps
Number of interfaces 4
Number of firewall policies 50
Firewall connections 5000
Firewall connections per second 1000
Network interfaces Ethernet 100/1000 Mbps
Number of zones 4
VPN functionality SSL
Memory 128MB

Fault Tolerant Measures

In order to maximize the availability and reliability of the eVoting system, the
following fault tolerant measures are undertaken.

Hardware Fault Tolerant

• eVoting main application server is replicated in two physical locations
• Single location consists of a primary server and an active standby server
• One server is configured in hardware RAID level 5.

Software Fault Tolerant

• Database level redundancy ?
• Data processing ?
• Data integrity check between site1 and site2

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 28

Project Conditions

Assumptions

Issues
# Date Priority Owner Description Status & Resolution
1 03/13/10 High Commis According to Educate the public on
sioner of publications usage of such touch based
election made by ICTA, system in means TV,
only 10% of Sri Media, Newspaper and
Lankans are IT Exhibitions.
literate
2 03/13/10 High Presiden Certain Political Public awareness
t Parties will campaigns needs to be
criticise the performed right from grass
system no root level to upward levels.
matter what. Political support is
required safe guard
confidence level of the
public.

Risks
# Risk Area Likelihood Risk Owner Project Impact-Mitigation Plan
1 Server Low Election Have backup servers ready within
crashes Department the Elections department.
during the IT Team Backup procedures need to be
election day followed by IT staff ensuring high
availability.
2 Voting Low Election Have backup PC in the voting
center PC Department center.
crashes IT Team
3 Voter turn Medium Commissione Ensure a across island campaign to
out will drop r educate users of all ages, genders
due to high and different ethnic groups.
tech nature Have simulated systems for public
of the voting usage.
solution
4 Voters find High Technical Necessary usability standards and
it difficult to Advisory guidelines need to be included
use the Team, Sample testing needs to be
system Software performed to identify whether the
Development usability stands are really met by
firm taking people from different ages
and ethnic backgrounds.

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 29

Project Approach

Estimated Costs
Date Quantit
Cost Description Estimate Per Unit y Cost (Rs)
Touch PC – voting center and 03/13/10 200000 11000 * 2200000000
backup 2
[Assumed Windows Vista/XP
license already installed]
Cod Core Server with RAID 03/13/10 500000 4 2000000
Software development - 03/13/10 10000000
Java/JEE
Auditing (ICTA or Price Water 03/13/10 2000000
house)
Oracle 11g/SQL Server 2008 03/13/10
license
VPN software – 03/13/10
free/commercial
Labor cost (trained staff at 03/13/10 15000 (1 5000 75000000
voting points) month
salary)
Domain name registry and 03/13/10 20000
Hosting
Touch PC – voting center and 03/13/10 200000 11000 * 2200000000
backup 2
[Assumed Windows Vista/XP
license already installed]
Total

Dependencies
• A new act needs approved within the parliament to make process and procedural
changes within the election department
• The total cost for the voting system needs to be added to next budget of the
government.
• Need to call tenders to purchase Servers, PCs, Software and Network equipment.
• Need to call tenders to find a local software development company to develop the
voting system.
• Need to setup a technical advisory team to ensure voting system meets acceptance
standards and guidelines
• Need to setup a Procedure roll out committee responsible for implementation of
processes and procedures within the Department to make use of the voting system
• Need to setup an audit team to ensure that department is ready to rollout the overall
voting system for the next up and coming election.
• Need to setup Media campaign to educate the general public on how to use voting
system to eradicate doubt, bring trust and confidence

Project Plan
Departmental SOW Owner Due Date (Sequence

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment
Approval of Proposal
A new act for change process
& procedures for the
Department of election need
to be approved
Budget for overall cost of the
voting system needs to be
approved
Call tenders to find a suitable
software development firm to
build the voting system.
Setup a technical advisory
team to ensure voting system
meets acceptance standards
and guidelines
Call tenders to purchase of
HW and Network equipment
required for the voting system
Setup a Procedure roll out
committee responsible for
implementation of processes
and procedures within the
Department to make use of
the voting system
Setup an audit team to
ensure that department is
ready to rollout the overall
voting system for the next up
and coming election.
Setup Media campaign to
educate the general public on
how to use voting system to
eradicate doubt, bring trust
and confidence
Copyright © 2010 University of Moratuwa, Department of Computer Science
30
relative to events)
Commissioner
Cabinet Minister
President
President or Cabinet Once proposal is approved
Minister by Commissioner and
President
President or Finance Next budget
Minister
Commissioner After budget approval
Commissioner Once the software
development company is
given the go ahead for
development
Commissioner After budget approval and
treasury has released funds.
Commissioner Once the software is ready
for use within the
department.
Commissioner Once the software is ready
for use within the
department.
Commissioner, Procedure After Department is ready to
rollout committee and use the software and before
Technical advisory the next election
committee.
Group D – SND Assignment 31

Limitations and Possible Enhancements

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 32

List of Abbreviations

Acronym/Abbreviations Description
CRM Customer Relationship Management

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 33

Bibliography

• There were 10,875 polling stations throughout the country for the last
presidential election.: http://sundaytimes.lk/100117/FunDay/fut_01.html
• Problems with electronic voting systems – a blog with user comments :
http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html
• http://www.essvote.com/flash/demo.html

• http://www.slelections.gov.lk/news.html

Copyright © 2010 University of Moratuwa, Department of Computer Science

Group D – SND Assignment 34

Appendix A: Glossary

Copyright © 2010 University of Moratuwa, Department of Computer Science