Internet Voting System Using Smart Card

Final Year Project Report Session:

2007-2011

Group Members:
Irfan Farid Sabri (irfan.farid@seecs.edu.pk) Muhammad Umer (m.umer@seecs.edu.pk) 2007-NUST-BIT-20 2007-NUST-BIT-131

Advisor:
Mr. Qasim Rajpoot

Co-Advisor:
Dr. Awais Shibli Dr. Amir Hayat

NUST School of Electrical Engineering and Computer Sciences

APPROVAL
This report has been submitted with the approval of the following Supervisors. 1. Signed.................................................................... Date................................ Mr. Qasim M Rajpoot Dept. of Computing School of Electrical Engineering and Computer Sciences National University of Sciences and Technology, Pakistan 2. Signed.................................................................... Date................................ Dr. Awais Shibli Dept. of Computing School of Electrical Engineering and Computer Sciences National University of Sciences and Technology, Pakistan 3. Signed.................................................................... Date................................ Dr. Amir Hayat Dept. of Computing School of Electrical Engineering and Computer Sciences National University of Sciences and Technology, Pakistan

1|Page

DEDICATION
This Project Report is dedicated to my dear mother, who is always behind my academic struggles and success. This work is dedicated to my dearest teacher without their guidance I may not be able to complete my work. I also dedicate this thesis to my best friend who has always helped me and believed that I could do it.

Muhammad Umer
I dedicate this report to my best friend who has always helped me and believed that I could do it.

Irfan Farid Sabri

2|Page

ACKNOWLEDGEMENT

My special thanks go to Mr. Qasim M Rajpoot, my Senior Supervisor, assisted by Dr. Awais Shibli and Dr. Amir Hayat, for their tireless technical support and guidance offered to me who have propelled this work to completion. Without reservations, I take this opportunity to thank my supervisors for allowing me to be one of their students. I am especially grateful to Dr. Awais Shibli for his all moral and technical guidance and for providing technical equipments. I cannot forget to thank Mr Abdul Ghafoor who provided the initial professional focus and direction on this work. In a very special way, I am grateful to Mr. Shane Farmer who was always willing to share his experiences, knowledge and guidance towards my journey to completion. And without his guidance I may not be able to succeed.

3|Page

Contents
Chapter No. 1 .......................................................................................................................................... 6 Introduction ............................................................................................................................................ 6 1.1) Project Description ........................................................................................................................... 6 1.2) Problem Statement .......................................................................................................................... 7 Chapter No. 2 .......................................................................................................................................... 8 Literature review ..................................................................................................................................... 8 2.1 2.2. Manual Voting ............................................................................................................................ 8 Computer-based Voting System ................................................................................................... 9 Computer-based (e-voting) Voting ...................................................................................... 9 Electronic Voting at polling stations...................................................................................... 9 Direct Recording Electronic Machines (DRE) ......................................................................... 9 Advantages of DRE Machine ........................................................................................... 10 Disadvantages of DRE Machine ................................................................................... 10 Optical Scan ...................................................................................................................... 10 Advantages of Optical Scan Method .............................................................................. 10 Disadvantages of Optical Scan Method .......................................................................... 11 Punch Cards ...................................................................................................................... 11 Remote Voting Methods ........................................................................................................... 11 Remote Internet Voting Method ....................................................................................... 11 Postal Ballot Method .......................................................................................................... 12 Internet Voting and Democracy .......................................................................................... 12 Comparative Analysis of Manual Voting System with E-Voting System ...................................... 12 2.3.1 2.3.2 2.4 2.4.1 2.5 2.6 2.7 Advantages of Manual System over E-Voting Systems................................................... 12 Disadvantages of Manual System as compared to E-voting Systems ............................... 13

2.2.1 2.2.2 2.2.3 2.2.3.1 2.2.3.2 2.2.4 2.2.4.1 2.2.4.2 2.2.5 2.3 2.3.1 2.3.2 2.3.3 2.3

Countries having Internet-Voting method for voting process..................................................... 14 Estonia .............................................................................................................................. 14 Effect of Internet-Voting on Democracy .................................................................................... 16 Significance and Target Market ................................................................................................. 17 Key Words: ............................................................................................................................... 17 ActiveX controls: ....................................................................................................................... 20

Chapter No. 3 ........................................................................................................................................ 21 4|Page

Methodology......................................................................................................................................... 21 3.1 3.2 3.2.1 3.2.2 3.2.3 3.2.4 3.3 3.4 3.5 Main Principles .......................................................................................................................... 21 Major Assumptions ................................................................................................................... 21 Trustworthy Voters Computer ........................................................................................... 21 Voting Requirements ......................................................................................................... 21 Voters Registration ............................................................................................................ 22 Voters Smart Card ............................................................................................................. 22

Security and Privacy ................................................................................................................... 22 Architecture: .............................................................................................................................. 24 Flow Chart: ............................................................................................................................... 28

Chapter No. 4 Design and Implementation30 4.1 4.2 4.3 Tools and Technology ................................................................................................................ 29 Components .............................................................................................................................. 30 Classes ....................................................................................................................................... 30

4.3.1 Voter Applications: ................................................................................................................... 30 4.3.2 Admin Application: ................................................................................................................... 31 4.3.3 Server Application:.................................................................................................................... 31 4.4 Use Case Diagram ............................................................................................................................ 33 4.5 System Interface .............................................................................................................................. 33 Chapter No. 5 Results.42 5.1 Results ............................................................................................................................................. 42 Chapter No.6 Discussion, Conclusion and Recommendation.43 6.1 Discussion and Conclusion ............................................................................................................... 43 6.2 Recommendations ........................................................................................................................... 44 References ............................................................................................................................................ 45

Appendix-1: Generating Self Signed Certificates 46 Appendix-2: SSL Configuration with Wamp Server.50 Appendix-3: Code Snaps 61

5|Page

Chapter No. 1 Introduction

"Let each citizen remember at the moment he is offering his vote that he is not making a present or a compliment to please an individual--or at least that he ought not so to do; but that he is executing one of the most solemn trusts in human society for which he is accountable to God and his country. "(Samuel Adams, the Writings of Samuel Adams). Voting is a method which is used for selection or decision making among groups or individuals. A vote or a ballot is the individual act of voting. Voting process is done in a minimum amount of secrecy that is the name and the identity is protected in the voting process. Voting has a great importance in a democratic country. Democracy is not possible without the choice of a good and secure voting mechanism. To establish good democracy this process should be secure and run in a transparent way. Pakistan is a democratic country with the population of 180,808,000 (more than 18crores).1 By the law of Pakistan elections must be held after every 5 Years. In which each citizen who is above 18years2 has right to vote. There are 7 main political parties in Pakistan.3Around 5.5million eligible Pakistani voters are in abroad living in 105 different countries4, and contributed more than $8 billion in 20105in the economy of Pakistan. But unfortunately they do not have voting rights because there is no proper voting system established for overseas Pakistanis. So to resolve this issue we are developing an Internet voting system which can be used for overseas Pakistanis for election purpose.

1.1) Project Description

Internet Voting System for Overseas Pakistanis is designed for overseas Pakistani. It is far most easy than conventional voting. The voter will vote on internet by using his/her Smart Card
1 2 3 4 5

6|Page

anywhere in the world where internet facility is available. Voter will not need to go to the Polling Station. He/she can vote sitting in his/her office, in Drawing room, travelling, in Railway Stations or Air Ports or anywhere else he/she will want to vote. Every voter registered with NADRA will be given a Smart Card. What he/she will need to do is only to open the site and insert his/her Smart Card in Smart Card Reader. Then voter will download a java application and run it. And then cast a vote.

1.2) Problem Statement

The project aims at To provide a User-friendly, Secure, Reliable, Scalable, Quick, less costly Voting System. Voting can be done by several methods but in general it has three types, one is Manual voting system which is used in most of the countries like Pakistan, Computer based voting system adopted by a lot of countries like India, and Remote voting system which has been adopted in some countries like Estonia. In election process if computer is involved in counting and taking the votes then it is called evoting (electronic voting). Computer involvement can be as vote taking and counting machines present on the polling stations for example DRE,s or it can be via internet which is known as Remote Internet Voting (RIV). Remote Internet Voting can be done either on polling station or at home. Electronic voting is the latest of these attempted solutions and it comes hand in hand with the Information Age, addressing many of the difficulties presented by physical voting methods. However, along with the problems it attempts to solve, it inherits many of its own from the age in which it comes. In order to fully understand electronic voting and to evaluate the characteristics it needs to have, we must consider the interests of all the parties involved. Thereafter, discussing the advantages and disadvantages of the solutions currently proposed will allow us to reach a definitive conclusion about the viability of an electronic voting system. We have studied all the voting systems and found RIV (Remote Internet voting) as the best solution of our problem and need of the day. To achieve our goal we have used Smart Card with internet voting. We have made our channel secure with SSL and FIPS196 to minimize the security attacks.

7|Page

Chapter No. 2 Literature review

As the time has changed, the technology has evolved. With the evolution of the new technology things have changed in every field of life. Even the behavior of the people also has been changed. As in this age of the technology, everything has moved from manual to the automation i.e. now most of the systems are computerized systems. Therefore voting system also has evolved. Now there are various voting techniques being used around the world.Most famous of them are listed below: 1. Manual Voting System 2. Computer-based Voting System i. Computer-based Voting ii. Electronic Voting at polling stations iii. Direct Recording Electronic Machines (DRE,s) iv. Optical Scan v. Punch Cards 3. Remote Voting Methods I. Remote Internet Voting (RIV) II. Postal Ballot Method

2.1

Manual Voting

Manual voting is also called paper-based voting. It is the most transparent and secure voting system known among all other voting methods. In manual voting everything is done by hand. That is from creating the ballots up to the result everything is done by hand. Its process is very simple and can be very easily understood by a common citizen. Voters get the paper-ballot at Polling station just before casting their vote on the voting day. Voters cast their vote by marking their choice on the ballot paper and dropping that ballot in the specific ballot box. Now as we know Pakistan is a democratic country, so according to the law the government of Pakistan should be elected by its citizens through transparent elections. In Pakistan currently deployed electoral system is paper based-voting system. People go to the polling stations and by using a physical ballot paper they cast their vote. One man-one-vote is made possible by using their unique computerized national identity card. Polling stations are opened for nine hours without having break.
8|Page

Paper-voting were the leading medium for voting twenty years ago, but now it has been replaced by other methods.

2.2.

Computer-based Voting System

Computer-based (e-voting) Voting

2.2.1

In the voting process if computer is involved then it is known as computer-based voting. Computer involvement can be expressed as the collecting and counting of votes via computer. Electronic Voting further has two major categories, one is voting via computer at polling stations and the other is voting via computer on the internet (via web) which can be either from a public place for example at polling station or can be at private place for example at home. Both of these systems have been adopted in many modern countries successfully.

2.2.2 Electronic Voting at polling stations

In this type of election process, the voting system is mostly based on some hardware device like punch card or DREs etc. These devices are placed in the polling stations and people come to the polling stations and by using the device they cast their vote. Some common devices used for this purpose are DREs, punch cards and optical scanners etc. Each of these has its own features and technique and hence has advantages and disadvantages.

2.2.3 Direct Recording Electronic Machines (DRE)

A DRE (Direct Recording Electronic) voting system consists of a computer with a touchscreen monitor, a permanent storage medium such as a write-once memory card, software, and, in some systems, a ballot printer. DRE is very much like a home computer. A touch screen allows the user to touch a marked spot on the monitor surface with his/her finger, thus its screen works as same as keyboard so it is very convenient in use an example of this can be the ATM(Automatic Teller Machine). For its proper working we need an operating system installed in it, this operating system can be either specific to it or can be any common use OS like windows, and an application software which runs over this operating system. Actually this software is responsible of the internal working of DRE (in collecting and counting the votes). The advantages and disadvantages of DRE are discussed below:

9|Page

2.2.3.1 Advantages of DRE Machine

1.

DREs are used by the countries mostly to increase the turnover of votes by providing convenient way of voting process. It is the only system known today that allows a truly secret ballot for the blind. They can even be set up so that the voter can choose one of a large number of languages right in the booth. They can save time. Results can be calculated efficiently with less time. DRE machines can easily be configured to handle different candidates.
Disadvantages of DRE Machine

2. 3.

4. 5. 6.
2.2.3.2

1.

DREs are very expensive devices especially for developing countries like Pakistan. DREs have a very shorter life span. DREs batteries must be recharged repetitively between elections. DREs serve few voters per machine, creating a bottleneck and long lines. DREs can lose votes, which cannot be recovered. DREs prevent ordinary citizens from observing the counting of votes.

2. 3. 4. 5. 6. 7.

2.2.4

Optical Scan

After the voter completes his ballot for voting by making choice and marking the ballot on the ballot paper the ballot is inserted into a machine (optical scanner) which uses light as a sensor. A light is beamed on the voting locations and the quality of the beam light tells the machine if a mark is present or not. Optical Scan method is very easy and convenient to the users and also adopted in many countries. Optical scan voting system can be set in such a way that voter will see a little difference with the traditional voting system. Its major advantages and disadvantages are discussed below:
2.2.4.1 Advantages of Optical Scan Method

1.

Optical Scan results in shorter lines at polling stations.

10 | P a g e

2. 3.

In this method voter has an option to revote. Voters need not to wait for machines to become available to mark ballot. And also submitting the ballot is very easy; paper can be submitted on either side up.
Disadvantages of Optical Scan Method

2.2.4.2

1.
2.

Ballots need to be printed and its a slow, expensive and inflexible process. There is no process in place with hand counting for those ballots that remain unreachable by the machine.

2.2.5

Punch Cards
A punch card is a piece of stiff paper which contains digital information represented by the presence or absence of the holes in predefined positions. Punch cards were the first method for utilizing the computer and technology. They were firstly designed and used by USA in 1964. In this method voter requires to punch holes in the specific location on the paper ballot to cast his/her vote. The ballot is then inserted into a machine (punch card reader) and records the vote.

2.3

Remote Voting Methods

In remote voting method voter cast his/her vote from a remote location either from his/her home or office. Remote voting method includes remote internet voting method and absentee (postal) ballot method. We will discuss here only the remote internet voting (RIV) method in detail. In RIV method internet is the back bone of the system. RIV is very different from other evoting because voter can use general purpose computer for voting instead of specially designed expensive system like DRE. In this system Votes are collected at central location and need not to carry votes from every polling station manually. RIV method gives the voter more convenience and flexibility for voting that is he/she can vote at anytime from anywhere in the specified election days whenever he/she is free.

2.3.1 Remote Internet Voting Method

In this method every voter is given a user ID and password. User logs in using his/her user ID and password. Then he/she can cast the vote. As in our case, every user will be provided by a smart card having credentials of the user and some certificates signed by C.A (Certification Authority). User will be able to log in using the Smart Card issued by the issuing Authority (NADRA) and then he/she will be able to cast vote.

11 | P a g e

2.3.2 Postal Ballot Method

In this method, ballot papers are sent to the voters via postal mail. Voters get the ballot and vote on that paper and send it back to the election commission or vote counting authority. It is a very slow and expensive process.

2.3.3 Internet Voting and Democracy

E-democracy is relatively a new concept which has surfaced out the popularity of the internet because citizens are more willing to use the internet (websites) to support their candidate. Below there are some types of the e-democracy: Online Consultation Political websites E-Voting

2.3 System

Comparative Analysis of Manual Voting System with E-Voting

To achieve good democracy we need to secure our voting process. To do so we must have many available options. A comparative study of such common systems is discussed below:
2.3.1 Advantages of Manual System over E-Voting Systems

Most of the democratic countries use the manual voting system that is paper-based voting system. The advantages of this system are discussed below: 1. All voters use an identical ballot

In paper-based voting all voters use the identical ballot. Therefore votes at polling station and by postal can be counted by using same kind of equipment (machine). 2. System cost is very low

It is very inexpensive system and is easily affordable for poor countries like Pakistan. No special expensive equipments are used in this system. 3. Paper ballots are easily understood by voters

Using paper ballot for voting is the easiest way to cast a vote. Any voter can cast his/her voter without having any prior qualification. 4. Paper ballots are inherently voter verified

It is because the vote is marked directly by the voter himself/herself and put in ballot box physically with his/her own hands, therefore this improves the confidence of the voter on voting process. 5. Paper ballots allow each voter to vote only once

12 | P a g e

Each voter is given a single paper ballot which is marked by the user on the basis of national identity card. 6. Conflicts between electronic ballots and paper ballots are eliminated

In this system there are only paper-based votes i.e. paper ballots can be counted without any mix-up and confusion. 7. Paper ballot system easily accommodates additional voters at low cost

In paper ballot system only one marking device or marking pen is required in a polling station if some additional polling stations are required immediately. But with other systems, like DRE, this is not possible at such low cost. 8. No threat of vote loss due to equipment failure

Paper based voting is safe in a sense that there is no hardware or software component whose failure can cause the damage to the valuable votes. Like in the case of DRE system, DRE,s have batteries associated with them which should be powered up during election day and there is a chance that the machine can crash and if this happens then all the votes will be damaged/lost. 9. It is the most transparent electoral system.

As long as transparency is concerned it is the most transparent system among all the systems as vote is cast by the voter himself/herself. In other systems like DREs and Remote Internet Voting transparency is a big issue so far. 10. Voter privacy

All votes are pure anonymous as there is no link between the vote and the voter after the vote has been cast.
2.3.2 Disadvantages of Manual System as compared to E-voting Systems

Although majority of the countries use manual voting system and it is very easy to run but it also have many advantages which are discuss below: 1. Paper-based electoral system is very inefficient

Paper-based voting system is very slow and needs days to manipulate votes to announce result. It is because all work is done via hand so it requires enough time to finish. 2. Requirement of huge staff and large number of polling stations

To run this system huge staff and large number of polling station are required especially for a populated country like Pakistan. 3. Paper-based system is not fault proof

As, all work is done by humans so there is a chance of human error in counting the votes. 4. Non convenience for overseas

13 | P a g e

For overseas this system is very inconvenient. First the election authority has to send the absentee ballots to them and then they fill these and send these ballots back to them. Most of them receive after time and discarded thus a lot of valuable votes are vanished in this way and thus turnover ratio is reduced. 5. Many voters reluctant to spare time to cast their vote

In a populated country like Pakistan long lines are seen during the polling day and large number of voters does not want to waste their valuable time just for lining up thus many of the voters does not use their voting right. It is not a healthy sign for the democracy. System should be designed to increase the turnout to support democracy rather than decreasing it. So far we have seen almost all the possible methods for voting process but we will focus upon the Internet-Voting only in detail. Internet Voting is a very crucial option for voting as it involves so many security risks. Also it is very difficult to maintain the vote secrecy and voter privacy. So this kind of voting option can result in a corrupt democracy. But keeping in view all these threats that Internet Voting has, many countries have implemented Internet Voting for their voting process for example Estonia, Switzerland, Canada, Austria, USA etc.

2.4

Countries having Internet-Voting method for voting process

Many countries have already implemented Internet-Voting method for their election process. One of the major reasons of their implementation of I-voting system is to increase the turnover of votes by providing a convenient and easy way to vote for election process. Some of these countries implemented this system partially that is for their some of the states and some implemented fully. One common thing which is observed in all these countries is that while they implemented Internet-Voting they also allowed paper-based voting. Usually I-Voting lasts about 3-weeks before the election-day and just before the election-day the I-Voting is closed and then the manual (traditional) voting system starts. But we have found RIV as the best solution of our problem. Many countries have already implemented Internet-Voting method for their election process. One of the major reasons of their implementation of I-voting system is to increase the turnover of votes by providing a convenient and easy way to vote for election process. We have studied the system of the countries (Estonia and Switzerland) that have deployed Internet Voting System in their voting process. Estonia is one of the countries that have Internet Voting System as their voting process.

2.4.1

Estonia

Estonia is a country whose population is 1.35 million. More than 54% of the population uses internet every day. Estonias Internet Voting system is based upon some basic principles and
14 | P a g e

they tried to follow all the major principle for paper based voting. Some major principle which paper-based kept in view in the implementation of the new system is given below: All major principles of paper paper-voting are followed. Internet Voting has been introduced as advance polling that is Internet Voting is allowed before the Voting Day. The user uses ID-card (smart card) also called e-card for his/her ID card e authentication for voting process. System authenticates the user based on the e-card. e Voter confirms his his/her choice with digital signature. Voter can revote, only the last vote is considered in the vote counting process. Voter can also cast his/her vote via paper and if so then the e-vote is discarded. Voting System of Estonia is basically dependent on the Smart Card. Therefore in the following picture main features of the Smart Card are shown.

To cast vote, voter must register him/herself in Central Population Register (CPR). The voters registered with the CPR are eligible to vote. Then to cast vote using Internet Voting System, a voter must have a Smart Card with Smart Card Reader, a Computer and Internet Connection. User needs to open the site to cast the vote. When site is opened, voter must enter his/her site smart card into smart card reader. After the Pin confirmation, smart card is ready to use. Credentials of the voter are sent to the server for authenticity. If user is valid, he/she can select any candidate. Vote of the user is encrypted by the public key of the voter and is digitally signed by the smart card of the user. At the web server, both digital signature and the encrypted vote are separated to maintain the anonymity. When the vote is cast by the voter, a mess message of
15 | P a g e

confirmation is displayed on the user screen to give him/her satisfaction that his/her vote have been cast and has been counted. But at the server side, at the end of the voting process, all votes are collected, sorted, eligibility is checked, duplications are removed, digital signs are removed from the encrypted votes and at the end they are taken to the Vote Counting Application which counts the votes and gives the result. Architecture Diagram of the Estonias System is shown below:

2.5

Effect of Internet-Voting on Democracy

From last 10 years, Internet-voting (I-voting) has been moved from the field of fundamental research to practical application. The European Convention on Human Rights emphasizes that votes should remain secret and also the privacy of the voter should be granted. But unfortunately this is not being done so easily because it is almost impossible to secure each persons computer during the election time. Family voting cannot be prevented and vote buying and selling could be a major threat for democracy. Also, we the voters computer can be infected that is it can contain viruses or Trojan horses. Therefore, it cannot be insured that the vote going to the voting server is the one chosen by the voter. Peoples motivation to vote is decreasing continuously. In most countries people are not willing to vote for example in Switzerland the turnout at the polls is constantly decreasing. As it was 80% in 1919 and about 45% in 2003. Almost all other Western Countries have the same situation. Now they think that the voting system should be change and made modernized and convenience to the voters should be given, especially for youth to increase the turnout ratio. One of the major reasons to support internet voting for voters is to increase the voters turnout to improve the democracy but the voters are reluctant to adopt this new system as
16 | P a g e

in traditional systems they can verify their ballot is taking into account but now in this system there is no mean to confirm that his/her vote is actually counted. Thus to improve democracy and the voters confidence on the new system the administration should provide at least such verification. There should be verification mechanisms by which a voter can verify his/her vote and he/she should be confident that the program he/she is using is working as it is supposed to be.

2.6

Significance and Target Market

Our project is beneficial for overseas voters and later for the voters inside Pakistan. It is also beneficial for Pakistan. Because more people participate in voting process, right people will be elected and better will be the Govt. for next tenure resulting in progress of Pakistan. So far there are only few of the countries who actually have tried to make an Internet Voting System for their people. So, our system will be flexible enough so that it could be customized and deployed for any country according to their needs so we can sell out our system for other countries also. Thus this is a product which will not only create a value for each and every citizen of the Pakistan by making its voting process easy and convenient but also the other nations too. Our project also can be used for internet voting system for an organization. So it is very dynamic and useful project.

2.7

Key Words:
Smart Card: Smart Card or Integrated Circuit Card is a plastic card containing a microprocessor that enables the holder to perform operations requiring data that is stored in the microprocessor; typically used to perform financial transactions. Smart cards may also provide strong security authentication for single sign-on within large organizations. It has two categories 1. 2. Memory Cards: It has non-volatile memory storage components. Microprocessor Cards: It has volatile memory storage and microprocessor components. Voters application (VA): It is an application at the client side which encrypts the credentials of voter and vote of the voter at the client side and signs the encrypted vote. Voters application operates in the voters computer.

17 | P a g e

Vote-Forwarding server (VFS): It is a server, authenticating the voter by means of the ID card and supplies voters with the application and supporting data, receives given votes and transfers them to the VSS. VFS also acts as a Web server. Vote storage server (VSS): It is a server which stores the votes given by the voters and enables to sort, delete and forward them to the VCA. Vote counting application (VCA): It is a separate application which sums up digitally unsigned e-votes and delivers the results of the e-voting. The computer running the VCA is called VCA server. Audit System: It is a Component of the Central System dealing with gathering audit data and working with audit application. Database: It is a central Database which has list of eligible voters. Time-stamping service: It is a service which keeps track of the each vote. That is when the vote was cast by which user. This track is kept as the reference for the future, so that any dispute, if it comes, can be solved. Digital Signature: It is A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender.6The message which is being sent is passed from the hash function and the result is called Digital Signature. This result is appended with the message and is transmitted over the network. At the receivers end, the digital signature is removed and the rest of the message is again passed from the hash function. The result achieved from this process is again compared with the digital signature. If both are same, then data is not changed while it was on the network.

18 | P a g e

Digital Certificate: A Digital Certificate is a defined data structure with a Digital Signature. The data represents who owns the certificate, who signed the certificate. It also has public key and the validity of the certificate with the serial number and other relevant information.

Certification Authority(CA): A certification authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption.7 Secure Socket Layer (SSL): The Secure Sockets Layer (SSL) is a commonly-used protocol. It manages the security of a message transmitted on the Internet. SSL uses a program layer which is located between HTTP and TCP
7

19 | P a g e

layers. It uses Public-Private key encryption system from RSA including digital certificates to increase the security. ActiveX: ActiveX is a framework for defining reusable software components in a programming language independent way.8 These reusable components can also be combined to perform certain tasks. However each component can perform its task independently. These are mainly supported by the Windows. But it also has gain support in Linux. It is also supported by Netscape, Mozilla and other browsers. One just needs to download its Plugin for respective browser. ActiveX controls: Active controls are small programs which are used to create distributed applications.

20 | P a g e

Chapter No. 3 Methodology

In our implementation of Internet Voting System we are focusing on the simplicity. Here simplicity means that system should be user friendly and a voter should not find major difference between conventional voting system which is paper based voting with respect to casting his/her vote and the web based voting system. But due to high security requirements in the system, system may become complex somehow. But we have to keep in balance the simplicity and the security as we know that a system which is highly secure but not user friendly cannot be successful. In our case we may say that if our internet voting system is fully secured but it has so many complexities in it so that user is unable to cast vote or he/she feels inconvenient then the system will fail automatically because voters will not prefer it as a voting method. So to keep it in balance we are focusing on the following principles:

3.1

Main Principles
All major principles of paper-voting are followed. Internet Voting has been introduced as a concept of advance polling that is Internet Voting is allowed before the Voting Day. The user uses ID-card (smart card) also called e-card for his/her authentication for voting process. System authenticates the user based on the e-card. Voter can revote, only the last vote is considered in the vote counting process.

For the proper working of the system every voter who wants to cast his/her vote via internet must have an e-card, a computer and the computer must be connected to the internet. Basically these are the assumptions we are taking.

3.2

Major Assumptions

3.2.1 Trustworthy Voters Computer

We have to trust on the voters computer that is assumed that voter PC is free of viruses, malicious activities and is trustworthy.

3.2.2 Voting Requirements

A Computer The computer is connected to the internet.

21 | P a g e

Smart Card issued by issuing authority(NADRA) smart Card reader

There are some pre-voting processes for the internet voting which are completed before the voting day. These processes are necessary and should be completed because without these processes internet voting is not possible. These are given below:

3.2.3 Voters Registration

All the eligible voters who want to cast their vote via internet have to be registered in a central database we called it IDMS (Identity Management Server) before the voting day because only those voters will be able to cast vote online who have registered themselves with the IDMS.

3.2.4 Voters Smart Card

Voter has to get his/her smart card from the issuing authority and verifies its functionality and necessary documents installed in it before the deadline. After having all the necessary requirements the voter casts vote as the following procedure: The voter inserts the ID-card into card reader and opens the webpage for voting. The voter downloads a java application from the web site and executes it. The voter verifies him/herself using the certificate which is already loaded into the ecard. The server checks if the voter is eligible (using the data from IDMS) and verifies his/her certificate. The voter is shown the candidate list of the candidates. The voter makes his/her voting decision, which is encrypted by the voter application. The voter confirms his/her choice with a digital signature via smart card.

At the vote count the voter's digital signature is removed and at the final stage the members of the National Electoral Committee can open the anonymous I-Votes and count them.

3.3

Security and Privacy

Security is insured by public-private key concept. System generates public private key pairs. All the votes are encrypted at the voters end by their (system) public keys and they are decrypted at the server by the systems private keys. The encryption at the voters end is the responsibility of the voters application which resides at the voters computer. To have a better understanding of this scheme let us look it as Envelope Scheme:

22 | P a g e

Voters application encrypts the votes by the systems public key and the vote is then signed by the smart card. In the above figure pink envelope represents encrypted votes and the yellow envelope represents the digital signature or in other words the voters identity. Now after the signing-of the votes, all votes are collected at a central location. Here few important processing is performed: All the votes are Collected All the votes are Sorted Voters eligibility is verified Duplicate votes are discarded And envelopes are separated from each other, that is digital signatures are removed from the encrypted votes.

Pink envelopes (encrypted votes) are sent to the administration for counting; the administration enables the private key, decrypts the votes and counts them. Yellow envelopes (voters list) are sent to another location and at the end of the internet voting period this list is printed and is sent to the paper-based voting stations just to avoid the double votes. Voters privacy is ensured in this system as before counting the votes there is no link between the voter and vote. At the vote counting end all the received votes are totally anonymous and no one can figure out that who votes for whom.

23 | P a g e

3.4

Architecture:

The architecture diagram of the system is given below:

First of all user will get his/her smart card from the smart card issuing authority, say NADRA. The card issuing authority will be an independent third party. When the user receives his/her smart card for voting, the smart card will contain all the necessary certificates signed by the CA (Certification Authority). Now currently there is no CA as an entity in the system rather we are assuming that the certificates loaded in the smart card are signed by external entity CA and also our web server will have the CA s certificates in its repository which is used for the user authentication.
NADRA

User Smart Card

User will enter the URL to open the voting website.A secure connection between Web server and users Web Browser is established using SSL Protocol. Web Browser will get the Web Server certificates to verify that it is the intended web server. This will prevent Man in the middle attack.
24 | P a g e

Web Browser

HTTPS

Web Server

User will insert his/her smart card in a smartcard reader and will connect it to the computer. To cast vote user will be asked to download an application stored on the web server. When user will run JAVA application(Client Application), this will ask for PIN of smart card, to verify the user.
Verify PIN

SC

Voter App

After the user has verified him/herself with the smart card, this JAVA applicationwill fetch certificates of voter stored in the smart card to make a secure connection between user and Vote Storage Server(VSS), and will exchange these certificates using FIPS196. In FIPS196, both the client( Voter ) and server(VSS) exchange their certificates with each other, and verify each other. This protocol is used to prevent the user from "Masquerading Attacks".

SC

Voter App

VSS FIPS196

VSS will then perform the following two actions: 1. Validate the users certificates with the certificates of the CA which will present in the VSSs repository.
25 | P a g e

2. Check that weathers the user is a valid voter by checking DN (Distinguish Name) from the IDMS (Identity Management Server). IDMS will have the entire valid voters list.

VSS

IDMS

After the user has been verified, the candidate list of the candidates in the voters area is shown in the client application. This list of candidates is sent by the VSS.

Voter App Candidate

List

VSS

Then user will select a desired candidate and then will cast vote. Voter application will encrypt the vote and will send to the smart card. Smart card will sign the vote with its private key and hand it over to the java application. Java application will send the encrypted and signed vote to the VSS, which will remove users sign and will store the vote in its Database.

SC

Voter App
Candidate List

VSS

Voters privacy is ensured here as VSS will remove the voters signature in this point and then this sign will be sent, which represents the voters, to a different database and the encrypted data, which represents the votes, to another database. After this step the correspondence between voter and the vote will not be made.
26 | P a g e

Sign + Encrypted Vote

VSS
Voter's Sign

Vote
Encrypted Votes

At the end of voting period, the encrypted votes will be sent to Vote Counting Server(VCS), which will decrypt the votes by using its private key and will count the votes and will produce a report.

VCS Encrypted Votes

27 | P a g e

3.5

Flow Chart:

28 | P a g e

Chapter No.4 Design and Implementation

4.1 Tools and Technologies
The system is implemented using open source programming language Java, enabling the system to be installed and executed on any computer platform. System is deployed and demonstrated on Linux (RedHat) and Windows (7) operating systems. The database is developed in MySql Server (PHPMyAdmin5). Following tools are used for the system development: Net beans Eclipse Bouncy Castle JCOP OpenSSL Key tool Frameworks used are: Java Card Joomla

Servers used are: WAMP Server MySql Server

Operating Systems: Windows 7 RedHat

Hardware used is: Smart card reader Precise Biometric 250 Java Compliance smart card (64K, 8bit)

29 | P a g e

4.2

Components
Key components of the system are: Voter Application Smart Card and Smart Card Application Server Application Admin Application Vote Counting Application Certification Authority (In this version, we are using Java keystores and self signed CA,s certificates)

4.3

Classes
4.3.1 Voter Applications:
Verif y Certif icate PersonalInf o image Liv ingCountry expiry Date birthPlace PersonalInf o( ) getFacialImage( ) getFirstName( ) display ( ) RemoteAuthentication cert certData clientSocket NID serv erRand md channel serv erHash serv erCertData key RemoteAuthentication( ) getPK( ) getCertLength( ) getCertif icate( ) connectToServ er( ) v erif y User( ) getCNIC( ) getPreparedData( ) sendToServ er( ) receiv eHelloReply ( ) sendHashCert( ) receiv eHashCert( ) getCertHash( ) getSenderId( ) encry ptHash( ) v erif y ( ) sendRand( ) getCandidateList( ) Encry ptVote channel areaNo encry ptedVote_env elop encry ptedVote digitalSign_env elop packet Encry ptVote( ) prepareEnv elop( ) getEncry ptVote( ) getAreaNo( ) getSignData( ) v erif y Certif icate( ) ProgressThread animate( ) Key getPriv ateKEy ( ) getPublicKey ( )

CardAuthentication terminals terminal f actory card rAPDU channel resetAll( ) getCardChannel( ) getTerminals( ) connectToTerminal( ) connectToCard( ) selectAppletAPDUs( ) doPinVerf icaton( ) v erif y PIN( ) getRemainingTries( ) v erif y InputKey Formate( ) remoteVerif icationStart( )

RemoteThread RemoteThread( )

VoterApplication personalInf o_MenuItemActionPerf ormed( ) more_PIN_LabelMouseClicked( ) jMenuItem1ActionPerf ormed( ) CandidateList table_rows cand_inf o selected Utility reset( ) papolate( ) setList( ) getVoteSy mbal( ) ShowCardAuthentication ShowPersonalInf o

ShowProgressBar Message initComponents( ) ShowCandidateList

30 | P a g e

4.3.2 Admin Application:

SmartCardHostApp terminals terminal f actory v otingcert card rAPDU channel CA_PublicKey user_PublicKey CA_Priv ateKey user_PublicKey Spec Key _Factory key store f In cert userCert caCert alias getPublicKey ( ) getKey Store( ) generateCert( ) createClientCert( ) send( ) storeUserCertToCard( ) storeCACertToCard( ) getUserCertif icate( ) getCACertif icate( ) powerOf ( ) signTestData( ) v erif y Signature( ) loadFacialImage( ) generateVotingServ erCert( ) VotingServ erCert publicKey priv ateKey key Gen v 3CertGen addCertToKey Store( ) Cert( ) generateVotingServ erCert( )

4.3.3 Server Application:

31 | P a g e

Database connection = null connectToDatabase( )

utility conv ertHex ToString( ) by teArray ToHexString( ) getRandomNumber( ) intToBy teArray ( ) by teArray ToInt( )

Reques tHandler caCertif icate v otingCert md clientID serv erID randNo clientRandomN o clientHash certData serv erH ash cipher RequestHandler( ) getNId( ) run( ) receiv eHelloMessage( ) receiv eHashCert( ) reply H elloMess age( ) getClientID( ) getClientRand( ) getCertHash( ) v erif y ( ) generateHas h( ) getRand( ) sendHashCert( ) getPreparedData( ) encry ptHash( ) getPK( ) sendCandidateList( ) receiv eEnv elope( ) getCaPK( )

Serv er connectionSocket : ty pe = initv al welcomeSocket : ty pe CaPublic Key : ty pe key store : ty pe userCertif icate : ty pe getCaPublicKey ( ) getKey store( ) setCaCertif icate( ) startServ er( ) openKey Store( )

Verif y certif ic ate v erif y Certif icate( )

UserAuthentication v erif y UserNID( )

Env elop seperatEnv elop( ) ID lookBlob

Vote isVoteCasted( ) v oteCast( ) getSy sDate( ) getCandidateCNICLis t( )

ID lookBlob( ) loadAccounts( ) buildGUI( ) connectToDB( ) display SQLErrors( ) createThumbnail( )

DBClass getConnection( )

32 | P a g e

4.4 Use Case Diagram

4.5 System Interface

Voter Application Interface

When user will download the Voter Application and executes it, it will get the following main screen: After selecting the terminal (card reader), application will ask the user to insert his/her PIN code.

33 | P a g e

Figure 1

Figure 2

34 | P a g e

Figure 3

In case of wrong PIN entry voter application will display the following error message on the

35 | P a g e

screen:

Figure 4

If voter will enters a valid PIN code then application will show the progress screen as shown below:

36 | P a g e

Figure 5

Application will reads the voters credentials from smart card and sends to the server. If server validates the voter then it sends the list of candidates corresponding to the voter.

37 | P a g e

Figure 6

When user clicks on the vote button, the application will ask for confirmation:

38 | P a g e

Figure 7

If voter will select yes and vote is casted successfully a message will be displayed on the casted application:

39 | P a g e

Figure 8

And in any stage if the connection between the voters computer and the server will terminates then system will show the appropriate error message like:

40 | P a g e

Figure 9

41 | P a g e

Chapter No. 5 Results

5.1 Results
This project (Internet Voting System Using Smart Card) is very secure, reliable, easily manageable voting system for overseas Pakistanis. It has made voting process very easy and secure. It has reduced the cost for administration and time to vote. Through this project we have not only tried to deploy a system which would provided an ease on the user end but it also provides easiness on the administration part. We have also considered the interests and concerns of the political parties involved in the election. In our system, user needs to have a smart card, smart card reader, computer and internet connection. User needs to authenticate him/ her with the smart card by entering security pin provided to him/her by the issuing authority of the smart card (NADRA). After his/her confirmation, user's credentials are sent to web server to verify the voter. After confirmation, user needs to download java application first and then install it. This java application reads certificates and then sends it to the vote storage server (VSS). Both VSS and clients application exchange and verify each other's certificates, establishing a connection of FIPS196. When FIPS196 has established successfully, a list of candidates of the voter's area is shown to the voter. Voter can select one of the candidates and then can cast his/her vote. A confirmation message is shown to the voter if his/her vote is cast successfully. We have also provided a facility to the user that he/she can vote more than once. Every time he/she votes, his/her previous vote are updated, which means that only his/her last vote is counted. We have tried to provide a solution with maximum security and minimum complexity at the user's end. Our database is completely secure and so is our system. We have secured our system with SSL and FIPS196 protocols. We have given minimum rights to voter, i.e. user can only cast his/her vote. He/she cannot view or make any type of changes in the database. All the database activities are secure and are performed at the Server's end. We have tried to document each and every step that we have done in this, so that it can be useful for any future endeavor.

42 | P a g e

Chapter No.6 Discussion, Conclusion and Recommendations

6.1 Discussion and Conclusion
Around 5.5-million eligible Pakistani voters are in abroad living in 105 different countries, and contributed more than $8 billion in 2010 in the economy of Pakistan. But unfortunately they do not have voting rights because there is no proper voting system established for overseas Pakistanis. In near past election commission of Pakistan has rejected a proposal for Internet Voting System for overseas Pakistanis. It is because proposal of the project was not supported by the project report and any kind of prototype. We have designed our system keeping security of the system in our mind as the first preference. Our system is secure and user friendly too. User is provided with maximum ease and security. User can interact with our system very easily as our system has a very user friendly GUI on user end. User end has no complexity. All the complexity is on the developer part. So that user may able to use our system without any difficulty. User just needs to visit our site, download java application and install it. Then GUI appears which asks the voter to enter his/her security pin for smart card. After verification a list of candidates of the voter's area no. is displayed to the voter. Voter just needs to select a candidate and cast his/her vote. To ensure that vote has been cast successfully, voter receives a message from the server, conforming that vote has cast successfully. All the security checks and security steps are done by the application in the backend and voter does not have to perform these checks manually, which makes the voter's job very easy and voter finds it efficient way to cast vote. Our system also provides facility to voter to cast his/her vote more than once. But only final vote is counted. This system allows voters to vote all the places where internet is available irrespective of any specific location. A voter can cast his/ her vote anywhere in the world, all he/she needs is computer, internet connection, smartcard reader and smart card. This system will increase turnout ratio and more educated people will be able to decide the future of country for next 5 years without facing any family or any other pressures.

43 | P a g e

6.2 Recommendations
The objective of the project was achieved: to develop and implement a secure internet based voting system. To practice the system in low resourced countries, additional works have to be done. Appropriate sets of legislations must make by the concerned country to ensure results from the system are usable and trusted. Secondly, the overall systems security must be enhanced to address known vulnerabilities. The population needs also to be educated on how to use the computer-based voting application.

6.3 Futures Work

Internet-based systems are prone to cyber attacks. So there is need to research further on how best to secure the voting system using the latest and strong encryption algorithms. Furthermore, it is necessary to develop a mechanism of allowing people to register online while ensuring correct and authentic data. The system developed presents its features in English. There is need to develop a system that can be configured for any language to ensure usability worldwide. Each stage of voting involves people, a process and technology.

44 | P a g e

References
1. http://www.prb.org/pdf10/10wpds_eng.pdf,
http://www.trueknowledge.com/q/population_of_pakistan_2011

2. 3. 4. 5.

http://en.wikipedia.org/wiki/Voting_age#P
http://en.wikipedia.org/wiki/List_of_political_parties_in_Pakistan

http://www.overseaspakistanis.net/node/17
http://www.overseaspakistanis.net/node/19,http://en.wikipedia.org/wiki/Pakistani_diaspor a

6. http://www.google.com.pk/url?sa=t&source=web&cd=2&ved=0CB4QFjAB&url=http% 3A%2F%2Fwww.researchcollective.org%2FDocuments%2FHerald_March_2008_Articl e_1.pdf&ei=LvJpTYDoG4fIrQfWuI3DCw&usg=AFQjCNHXrXcTL1SWFOMYXyOawNi6h4 XpVg 7. http://www.webopedia.com/TERM/D/digital_signature.html 8. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html 9. http://en.wikipedia.org/wiki/ActiveX 10. http://en.wikipedia.org/wiki/Estonia 11. http://www.id.ee/public/The_Estonian_ID_Card_and_Digital_Signature_Concept.pdf 12. http://www.google.com.pk/url?sa=t&source=web&cd=4&ved=0CCEQFjAD&url=http %3A%2F%2Fsiteresources.worldbank.org%2FEXTEDEVELOPMENT%2FResources%2F Martens_Estonia.ppt&rct=j&q=estonia%20envelope%20scheme&ei=k4JzTLPsC43Wv QOqiqHyBQ&usg=AFQjCNG3E0xBdGqeXoFd4IR-qzjRSX-2bg&cad=rja 13. http://www.valimised.ee/windows.html 14. http://www.vvk.ee/public/dok/e-voting_security.pdf 15. http://en.wikipedia.org/wiki/Smart_card 1. Java Card Technology for Smart Cards: Architecture and Programmer's Guide Author: Zhiqun Chen
Source: SEECS Libray 16. http://forums.oracle.com/forums/forum.jspa?forumID=991 17. http://www.ecp.gov.pk/content/ERSYS.html 18. http://en.wikipedia.org/wiki/E-democracy 19. Implementing electronic voting in the UK http://www.communities.gov.uk/index.asp?id=1133596 20. Electronic voting and counting http://www.elections.act.gov.au/Elecvote.html 21. How E-Voting Threatens Democracy http://www.wired.com/politics/security/news/2004/03/62790 22. Literacy in Pakistan http://pakistantimes.net/2004/07/15/national4.htm 23. http://download.oracle.com/javase/6/docs/api/java/security/spec/RSAPublicKeySpec.html 24. Digital Certificate DER Encoding http://homepages.dcc.ufmg.br/~coelho/nm/asn.1.intro.pdf 45 | P a g e

25. PKI Infrastructure

http://www.ietf.org/rfc/rfc2459.txt 26. http://www.scribd.com/doc/21386702/Secure-Online-Voting-System 27. http://snipplr.com/view/18368/saveload--private-and-public-key-tofrom-a-file/ 28. http://www.docjar.com/html/api/org/bouncycastle/x509/examples/AttrCertExample.java.ht ml 29. ASN.1 Notation http://download.oracle.com/javase/1.4.2/docs/api/java/security/cert/X509Certificate.html 30. Digital Certificate genration http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certificati on+Request+Generation 31. SSL Configuration http://nurulislam.wordpress.com/2008/06/24/https-and-ssl-setup-step-by-step-guide/

46 | P a g e

Appendix-1: Generating Self Signed Certificates In IVSOP project we need CAs root certificate which could sign users certificate. To generate CA certificate we are using OpenSSL and by using keytool we can further configure the keystore properties. The problem I faced during certificate generation is that certificate is generation successfully but when we certificate add it to the keystore then by default its private key is not added. So we have to do this task explicitly. I am saying that it is problem as keytool does not have option of moving private key of a certficate into keysore. To solve this problem I had to convert (export) the private key and certificate into PKS 12 formate, and then by using keytool I had imported it into JKS formate. The whole procudure is shown below: Step-1: Generatekeys using openssl.

>>openssl ssl

genrsa

-des3

-out out

server.key

1024

Step-2: Generate the certificate.

>>openssl req -new -key server.key -out server.csr key

47 | P a g e

Below Server Certificate and its corresponding private key is shown:

Also following commands are used:

>>openssl rsa -in server.key.org -out server.key >>openssl x509 -req -days 365 -in server.csr signkey server.key -out server.crt

48 | P a g e

Step-3:Now export into PKS 12 formate >>openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -name IVOSP out keystore.p12

Step-4: Import it back to JKS formate >>keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

49 | P a g e

Appendix-2: SSL Configuration with WAMP Server Requirements: Installed and properly functioning WAMP server (PHP5, Apache, MySql).
Note: The configuration is tested with: wamp server version: 2.0 Apache verison: 2.2.11 PHP version: 5.3.0

Steps: For Localhost: To configure WAMP+SSL on localhost, we have to perform the following steps: Step-01
Create SSL Certificate and Key

i.

First of all you have to reach the the bin directory of Apache server, which is by default installed when you install WAMP Server.

50 | P a g e

ii.

Create a server private key with 1024 bits encryption. You should enter this command without quotes: openssl genrsa -des3 -out server.key 1024

iii.

It'll ask you to enter a pass phrase(password), just enter any password you like.

The result will be lool like this,

iv.

Remove the pass phrase from the RSA private key (while keeping a backup copy of the original file). Enter this command without quotes:
copy server.key server.key.org

and then enter the following. It'll ask you the pass phrase, just type it.
openssl rsa -in server.key.org -out server.key

51 | P a g e

The result will be lool like this,

Note: There is a warning here, please do not be confused with this. We will set the path of apache config file in the later command which will fix the problem at all.

Now we will have the following two options:

A. Create a self-signed Certificate B. Create a real certificate for SSL

A. Create a self-signed Certificate Create a self-signed Certificate (X509 structure) with the RSA key you just created. Enter the command:
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.2.8\conf\openssl.cnf

52 | P a g e

After this command he program will ask you to enter the necessary information needed for the certificate formation. You have to fill this information and your name means that your server name, which here is local host. The result will be look like this,
Note: You might combine above steps into one step by using this command, no quotes: "openssl req -new -x509 -nodes -out server.crt -keyout server.key" if you have trouble following through.

B. Creating a real Certificate that is CA compliant To create a real SSL server certificate create a server RSA private key for your Apache server (Triple-DES encrypted and PEM formatted): Type command:

openssl genrsa -des3 -out server.key 1024

53 | P a g e

You might keep the backup of server private key in a maximum secure place and guard it well (e.g your digital wallet). Create a Certificate Signing Request (CSR) for public (output will be PEM formatted). A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process at your certificate authority website: Type the command:
openssl req -new -key server.key -out server.csr config C:\wamp\bin\apache\apache2.2.8\conf\openssl.cnf

You will now be asked to enter details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or a DN. For some fields there will be a default value, If you enter '.', the field will be left blank. Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name). Depending on a specific certifying authority (CA) you might have to enter the details as specified by them. Normally, the CA authority will provide specific instructions for you. C. Now all you have to do is sending this Certificate Signing Request (CSR) to a Certifying Authority (CA) to be signed. A trusted CA means all major web browsers recognize it without giving you a warning when you install your CA-signed SSL certificate on your webserver. Once the CSR has been openssl x509 -noout -text -in server.crt.

54 | P a g e

signed, you will have a REAL Certificate, which can be used by Apache. You can have a CSR signed by a commercial CA (fees are required). Then they will send you the signed certificate which you can store in a server.crt file. Once, your CSR certificate has been signed and returned to you, you can view the details by using this command:

55 | P a g e

Step-02 Copy the server.key and server.crt files.

56 | P a g e

i. In the conf folder of apache2.2.11 folder, create two folders named as ssl.key and ssl.crt ii. Copy the server.key file to ssl.key folder and server.crt file to ssl.key and ssl.crt folders from the /bin directory of apache Step-03: Edit the httpd.conf file and php.ini i. In httpd.conf file, remove the comment '#' at the line which says: LoadModule ssl_module modules/mod_ssl.so

ii. In httpd.conf, remove the comment '#' at the line which says: Include conf/extra/httpd_ssl.conf Then move that line after this block <IfModule ssl_module>.... </IfModule> iii. Open the php.ini file located in apache2.2....\bin folder, remove the comment ';' at the line which says: Extension=php_openssl.dll

57 | P a g e

Step-04 Edit the httpd_ssl.conf file in the folder name, extra i. Find the line which says "SSLMutex...." and change it to "SSLMutex default" without quotes ii. Find the line which says: <VirtualHost _default_:443>. Right after it, change the line which says "DocumentRoot ..." to DocumentRoot "C:/wamp/www/" with quotes. Change the line "ErrorLog...." to Errorlog logs/sslerror_log. Change the line "TransferLog ...." to TransferLog logs/sslaccess_log. iii. SSL crt file: Change the line "SSLCertificateFile ...." to SSLCertificateFile "conf/ssl.crt/server.crt" iv. SSL key file: Change the line "SSLCertificateKeyFile ...." to SSLCertificateKeyFile "conf/ssl.key/server.key" v. Change the line which says: <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">or something similar to <Directory "C:/wamp/www/">and add the following lines inside those <Directory ... >...</Directory> tags: Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all iv. Make sure the line CustomLog "logs/ssl_request_log" \ is uncommented (remove the #). Step-05

Check the systex: enter httpd -t In the previous DOS Command (means in the /bin directory of the apache)windows, enter httpd

58 | P a g e

-t . If it displays Syntax is OK, then go to Step 6. If not, then correct the wrong syntax and redo step 5.

Step-06 Restart the Apache server

Restart the WAMP Server in order to reflect the changes you have applied so far. If restart fails then please repeat the steps again and try to find the error you have done. Step-07 Restart the Apache server, and Browse HTTPS

If restart is successful, then open the browser and enter "[localhost"]; without quotes.

______________________________________________________________________________ ____________

59 | P a g e

For WWW: Configuraton for World Wide Web

If you want to allow world wide web access to your HTTPS secure server, then in the httpd_ssl.conf file, change the line which says 'ServerName localhost:443' to 'ServerName www.yourwebsitename.com:443' without quotes. yourwebsitename is your registered internet domain name. If you don't have it, then just use your WAN IP address. For example 'ServerName 99.238.53.105:443'. Make sure these setups are correct to allow outside access to secured www server. i. The DocumentRoot should points to the correct website folder on your

computer. ii. If your computer's connected to the router, setup the router to allow port 443 forwarding to your
60 | P a g e

computer. iii. If your computer has a firewall enabled or behind a network firewall, set up the firewall to allow incoming port 443 connection. References: http://www.wampserver.com/phorum/read.php?2,32986,page=1 Appendix-3: Code Snaps Following function is used to get the totals terminals connected with the computer,
/**************************************************************************** ********/ //function to get the terminals list publicvoid getTerminals() { try { // Display the list of terminals factory = TerminalFactory.getDefault(); terminals = factory.terminals().list(); System.out.println("Terminals: " + terminals); } catch(Exception exception) { System.out.println("Error, could not get card reader(s)"+" "+exception.getMessage()); } } /**************************************************************************** ********/

To get the public key of the user from the smart card following function is doing its job,

/**************************************************************************** ********/ publicbyte[] getPublicKey() { byte mod[] = null; try { channel = card.getBasicChannel(); byte[] getPublicKeyModCommand = { (byte) 0x08, (byte) 0x31, (byte) 0x00, (byte) 0x00, (byte) 0x00 }; byte[] getPublicKeyExpCommand = { (byte) 0x08, (byte) 0x30, (byte) 0x00, (byte) 0x00, (byte) 0x00 }; rAPDU CommandAPDU(getPublicKeyModCommand)); = channel.transmit(new

61 | P a g e

if (rAPDU.getSW() != 0x9000) { System.out.println("Could not get the modulus"); } if (rAPDU.getSW() == 0x9000) { // System.out.println("modulus getting from is:"); mod = rAPDU.getData(); modulus = new BigInteger(rAPDU.getData()); // arrayPrint(rAPDU.getData()); }

card

rAPDU = channel.transmit(new CommandAPDU(getPublicKeyExpCommand)); if (rAPDU.getSW() != 0x9000) { System.out.println("Could not get exp"); } System.out.println(); if (rAPDU.getSW() == 0x9000) { exponent = new BigInteger(rAPDU.getData()); // System.out.println("Exponent is :"+exponent); // arrayPrint(rAPDU.getData()); } } catch (Exception exception) { exception.printStackTrace(); } return mod; } /********************************************************************** ***************/

To connect with the java keystore we are using the following key function,
/********************************************************************** ***************/ publicvoid getKeyStore() { try { String keystoreFilename = "D:\\keystore\\keystore.jks"; file = new File(keystoreFilename); password = "keystore".toCharArray(); alias = "my certificate"; fIn = new FileInputStream(keystoreFilename); keystore = KeyStore.getInstance("JKS"); keystore.load(fIn, password); } catch (Exception exception) { exception.printStackTrace(); } }

62 | P a g e

/********************************************************************** ***************/

The most difficult part of the code called chaining is handled by the following function:
/********************************************************************** ***************/

publicvoid send(int cla, int ins, int p1, int p2, byte[] data, int le) { try { byte[] buffer = newbyte[261]; // 5 byte header 255 byte data 1 byte // Le int totalSent = 0; int totalLength = data.length; int remain = totalLength; while (remain > 0) { // set the header buffer[0] = (byte) (cla & 0xff); buffer[1] = (byte) (ins & 0xff); buffer[2] = (byte) (p1 & 0xff); buffer[3] = (byte) (p2 & 0xff); int send = (remain >MAX_APDU_LENGTH) MAX_APDU_LENGTH : remain; remain -= send; // take this many byte off the total left buffer[4] = (byte) (send & 0xff); System.arraycopy(data, totalSent, buffer, 5, send); int apduSize = 5 + send; // check if this is the last APDU if (remain == 0) { buffer[0] = (byte) 0x00; // last one so add the le if not -1 if (le != -1) { buffer[send + 5] = (byte) (le & 0xff); apduSize++; } } else { buffer[0] = (byte) 0x10; } ResponseAPDU CommandAPDU( buffer, 0, apduSize)); System.out.println("TOTAL SENT: " + totalSent + ": This this time: " + send response :" + Integer.toHexString(response.getSW())); response = channel.transmit(new

"

63 | P a g e

totalSent += send; if (response.getSW() != 0x9000) { System.out.println("could not card: " + response.getSW() + "::" + Integer.toHexString(response.getSW())); } if (response.getSW() == 0x9000) { // System.out.println("cert is store"); } } } catch (Exception exception) { exception.printStackTrace(); System.out.println("Could not send cert to SC, exception is: " + exception); } }

store

cert

to

the

/********************************************************************** ***************/

User Facial image is being store with the help of following function,
/********************************************************************** ***************/ publicvoid loadFacialImage() { try { InputStream fis = newFileInputStream("images.jpg"); byte[] buffer = newbyte[fis.available()]; fis.read(buffer); System.out.println("size of the image is: " + buffer.length); int cla = 0x00; int ins = 0xDA; int p1 = 0x01; int p2 = 0x02; // instruction to tell the applet that image data is // coming in this command // System.out.println("CA certificate from key store is: \n"+cert); System.out.println("\nCA certificate Endoding before sending: \n"); arrayPrint(buffer); System.out.println("\ntotal size of the facial image is: " + buffer.length); int le = 0x00; send(cla, ins, p1, p2, buffer, le); } catch (Exception ex) { ex.printStackTrace(); } }

64 | P a g e

/********************************************************************** ***************/

The End

65 | P a g e