See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/261321411

M-Vote: A Reliable and Highly Secure Mobile Voting System

Conference Paper · April 2013

DOI: 10.1109/PICICT.2013.25

CITATIONS READS

6 2,320

5 authors, including:

Adel Khelifi P V Sriniwas Shastry

American University in the Emirates (AUE) Cummins College of Engineering for Women
52 PUBLICATIONS   494 CITATIONS    18 PUBLICATIONS   45 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Design of Near Field Communication irregular shaped antenna View project

Software Measurement Etalons View project

All content following this page was uploaded by Adel Khelifi on 02 April 2017.

The user has requested enhancement of the downloaded file.

 M-Vote: A Reliable and Highly Secure Mobile
Voting System
Adel Khelifi, Yasmin Grisi, Dima Soufi, Dalya Mohanad P. V. S. Shastry
Software Engineering Department Electronics and Telecommunication Department
ALHOSN University MKSSS’s Cummins College of Engineering for Women
Abu Dhabi, UAE Karvenagar, Pune, India
[email protected] [email protected]

Abstract — The critical issue in elections is choosing a leader who was made to achieve a high level of integrity, but the risk
will represent his nation and preserve its citizens’ rights with the remained.
threat of a criminal element attempting to influence the outcome
of the election. Unfortunately, such disruptions have occurred at In this paper, we attempt to facilitate, and ensure, the
many paper-based voting stations, and also in some electronic integrity of elections by introducing our M-Vote system, which
voting systems. Manual, or paper-based voting is the most widely is capable of performing tasks that can reduce the risk inherent
used voting system, but its integrity can be questioned, since the in the voting process, such as the addition, deletion, and
votes are gathered and counted by hand, which decreases the alteration of votes. Requirements are gathered and composed
likelihood of every vote being counted, either accidentally or based on a list of questions asked of a specific category of
intentionally. Electronic voting systems have emerged to solve people who have participated in elections and election officials,
most of the problems that occur in manual voting. However, the and on other electronic voting systems, in order to acquire
criminal element, with their knowledge of how to exploit precise ideas regarding their experience and to avoid their
technical loopholes, attempts to take advantage of these mistakes. This system is designed to accept only one vote from
problems, thwarting any efforts to hold fair elections. To avoid the voter, check on his/her eligibility, and prevent any attempt
the mistakes made by both manual and electronic voting systems, to manipulate the vote. It is possible to perform all these
we have developed the M-Vote system to try to achieve the operations with nothing more than a mobile phone and an
desired goal, which is to preserve the integrity of elections. M- Internet connection.
Vote is a mobile phone application that uses three level of
security, which are username and password, national ID and This paper is organized as follows. Section II presents a
fingerprint, and a strong dedicated security algorithm. These literature review in which elections are defined and three types
techniques prevent votes from being deleted or changed, enhance of voting systems are presented. Section III presents the M-
integrity and put an end to criminal acts. The results showed that Vote system, as well as its security mechanism, and its
M-Vote is a highly secured mobile application that facilitates the functional and non-functional requirements. Section IV
vote process for most of people, since they only need a mobile presents the M-Vote Graphical User Interfaces, and the last
phone and an Internet connection to participate in the election section provides our conclusions and an outline of future
process.
enhancements.
Keywords: Elections; Voting systems; Mobile application
II. LITERATURE REVIEW
I. INTRODUCTION Elections can occur for variety of reasons, including ending
When we look at the problems that leaders have inflicted on a leader’s oppressive, end a political crisis, or choose a
many nations of the world, we note that those leaders either substantive government. There are many kinds of electoral
came to power illegally or became monarchs by right of system in use around the world. It is a formal decision-making
succession. In fact, both have a negative impact in terms of process for choosing a leader who could hold the public office.
oppression, injustice, and tyranny. To gain the leadership There are also different types of election, such as a general
illegally, all that is needed is to rig the official elections, which election, which is held to choose the nation’s leader and his
has happened in many countries. The aim of those who would aides; primary elections; municipal elections; and special
manipulate the electoral process is to exploit the gaps and elections. Once an election is called, those who wish to be
vulnerabilities they find, so that their candidate will have the nominated must know who to contact, in order to obtain the
opportunity to meet their demands, whether they be political or nomination papers to stand as candidates. After the completion
economic. Specialists are always thinking about ways to of the nomination process, an official list of candidates is
eliminate, or at least reduce, the risk of vote manipulation published. Essentially, they have to present themselves to the
during an election, and about techniques to replace paper-based public through an election campaigns and by presenting
voting to minimize the risk inherent in such a voting process. electoral platform. On election day, it is the voter’s job to cast
Later, electronic voting systems emerged, in which an attempt his/her vote for one of the candidates. When the election is
over, the results are gathered and counted by the election
authorities, and the winning candidate is announced. There are
steps followed in the voting process that are common to all Internet, or interactive television. Some examples of e-voting
election operations, set out by the well-known ACE Electoral systems are the following:
Knowledge Network [1].
 The Australian Capital Territory (2000).Polling places
e-voting. Australia.
A. Manual Voting
Manual voting was the first voting method, and is the  The Austrian Federal Council of Ministers (2003).
oldest, having been used for many centuries. In spite of its Remote e-voting. Austria.
shortcomings, it was considered the only way to vote, as there  Russell, P., Dundas, S. & Counties, G. (2003). Remote
was no successful alternative. Basically, this system relies on e-voting. Canada.
the voter, whose main role is casting his/her vote for one
candidate, either by selecting his/her name on a preprinted  The National Electoral Committee (2003). Remote e-
ballot containing the candidates’ names, or by writing the voting. Estonia.
selected candidate’s name on a blank ballot and placing it in a
sealed envelope. After voting is finished, a committee at the  The European Commission (2000). Polling place e-
polling station, composed of more than one person, opens the voting, remote e-voting. EU.
envelopes and places them in piles, one for each candidate.  France government (2003). Polling place e-voting,
Then, the counting process begins for all the candidates and the remote e-voting. France.
result is recorded. The tabulation process is repeated to ensure
that the results are identical. If they are not the same, they have  The Research group of Internet Voting (1999). Remote
to be tabulated a third time, and so on, until there are no e-voting. Germany.
discrepancies. Eventually, the results are certified and
 Election Commission (2003). Polling place e-voting.
transmitted to the tabulation center for the announcement of the
India.
final result. However, the traditional methods, with all their
diversity in terms of the means of voting, are still problematic.  The European Parliament and Local Elections (2004).
As mentioned before, since the votes are gathered and counted Polling place e-voting. Ireland.
by hand, there is a strong likelihood of the occurrence of errors.
 Ministry of Local Government and Regional
B. Electronic Voting Systems Development (2003). Polling place e-voting. Norway.
Elections permit the population to select their  Portuguese government (2004). Polling place e-voting.
representatives and convey their preference for who will Portugal.
govern them. Obviously, the honesty of the election process is
 Norwegian Ministry of Local Government and
essential to the truthfulness of democracy itself. The voting
Regional Development (2011). E-voting system.
system should be reliable enough to resist to many suspicious
behaviors, and at the same time adequately translucent and  OKOH, C. (2010, APRIL 20). ITAN Adopts E-Voting.
lucid that citizens and nominees can accept the results of an Nigeria.
election. Not surprisingly, history is cluttered with cases of
elections being misused to control their result. For this reason  E-Voting system (2007-2011). Estonia.
many researchers, professors, and developers began to think  E-voting polls (2012). USA.
about ways to enhance the integrity of the election process.
They established working teams to study many instances of  Bismark, D. (2010). E-voting without fraud.
traditional elections and the results of those elections, and came TEDGlobal.
up with the concept of e-voting, which is an electronic
technology and not necessarily related to traditional methods.  Lootah. (2007 April, 3). Lootah reviews success of e-
E-voting is a common type of polling, whereby electronic voting system. UAE.
systems multiple mechanisms are used, such as optical vote 1) Benefits of Electronic Voting systems
scanning systems and voting kiosks, as well as punched cards,
and involve the transmission of ballots and votes via telephone, Electronic voting technology can:
the Internet, or private computer networks.
 Speed up the process of counting votes,
The first country that introduced the concept of e-voting on
a broad scale was the United States, and is based on voters  Offer accessibility for voters in remote locations and
casting their votes electronically at polling stations. Then, most for disabled voters,
countries around the world followed their lead, and began to
develop and implement this technique. Most have succeeded in  Increase the security and reliability of elections.
doing so. A few countries have gone further, and started to 2) Failed E-Voting Projects
think about a new approach to facilitating voting that does not
involve direct communication with polling stations. This new Notable failures are the following: In the 2004 American
concept is known as remote voting, and has been introduced by presidential election in 2004, e-voting machines were in the
France and United States. With remote voting, voters simply news, as they both lost votes and doubled votes. In Fairfax
cast their votes electronically, using a personal computer, the County, VA, in 2003, votes were subtracted instead of added.
In San Bernardino County, CA, in 2001, a programming error Basically, the lock process is carried out through a fingerprint
caused the computer to look for votes in the wrong portion of screen that pops up, and the user has to touch that screen for
the ballot in 33 local elections, which meant that no votes were identity authentication. At that time, a vibration is felt and a
registered on those ballots for those elections [2]. beep is heard which persist to the end of scanning process. The
unlock process is different, in that it is based on the user
Finally, in 2012, the electoral commission in Ghana touching the screen until the fingerprint is authenticated, rather
abandoned the concept of e-voting, which was soon to be than on scanning or storing the data. It is important to mention
introduced. The reason given for doing so is that the country’s that this software doesn’t constitute a true biometric
technocrats realized that there were not enough skilled application, which does scan the fingerprint, but is an imitation
individuals to operate the system [3]. of that software.
About 85% of electronic voting projects in developing Android devices have taken the lead in the development of
countries have failed in some respect [4], according to the biometric scanning applications. The Android device
World Bank, and of those, 35% failed completely. The competitor, Apple, is in the process of patenting its biometric
statistics in the United States and Europe are just as grim. scanning products, which may include a voice recognition
According to Mercuri [5], "Europe appears to be rushing system, a retinal scanner that uses the iPhone's camera, or,
ahead to deploy computer voting technologies with serious most likely, a screen to scan fingerprints. According to
sociological and technological downsides, such as lack of Robinson [7], “Motorola has been heavily marketing the
auditability, and increased opportunities for vote selling, security benefits of using biometrics (fingerprint sensor) to
monitoring, coercion, and denial of service attacks" [5]. protect its latest Android smart phone, the Atrix. It is even
being called the ‘James Bond’ smart phone”.
C. Mobile Voting Systems According to Goode Intelligence [8], the key drivers behind
Today, mobile smart phones, connected to Internet, are market growth and the adoption of mobile phone biometric
considered one of the necessities of life and are highly reliable security include:
as an alternative to hard-wired phones and to computers,
because they are small size and easy to own. Previously,  Device security: Protecting the device against
password protection was difficult to break, and was a highly unauthorized access is the biggest driver for mobile
reliable means of safeguarding online accounts. However, but phone biometric security.
now there are numerous free programs that can be downloaded  Mobile commerce: The growth of mCommerce and the
and used to break passwords, which do not require need to effectively secure the ecosystem on the mobile.
sophisticated technical skills, so that anyone with a modicum
of experience can run them to steal online account information.  Near Field Communication (NFC): Contactless
To find solutions to such problems, biometrics are developed to technology is reaching a tipping point, and could well
determine and examine uniqueness of the human being body, be a major driver.
such as fingerprints, eye retinas and irises, DNA, voice
 Convenience: Swiping a finger on a phone or
patterns, facial patterns, and hand measurements. This
providing a verbal ‘voiceprint’ can be an easier and far
approach can provide optimal reliability, in terms of
more convenient way to verify identity than
determining the identities of users for authentication purposes,
conventional PINs and passwords.
as it is impossible for two any individuals, even twins, to have
the same body structure. Biometrics are a vast improvement  The need for a multifactorial authentication solution:
over passwords, the principal weakness of which is that they With the recent attack on the security firm RSA, which
can be forgotten. Moreover, many people use the same led to the exposure of vulnerabilities in its SecureID
password for all their accounts, and so when an attacker gains token technology, there is an urgent requirement for
access to one account, he/she can very often succeed in strong and agile authentication solutions – mobile
accessing the rest with the same password. phone-based biometric security can play an important
However, according to Microsoft, “Biometrics are often role in such solutions.
computationally intensive to compute, inaccurate, and unable  Military and law enforcement applications: This
to scale to identify an individual among a large set of known technology can provide a cost-effective method for
individuals.” “Therefore,” argues Microsoft, “the biometric capturing biometric data and verifying identity in the
identification of an individual may be supplemented by field.
identifying one or more devices associated with the individual.
When an individual is registered for identification, various According to the Joint EC-UNDP Task Force, there is
device identifiers of devices associated with the individual may strong interest on the part of African countries such as Benin,
be stored along with the biometrics of the individual. Malawi, Zambia, Tanzania, Togo, Mauritania, Ivory Coast,
Individuals may then be identified using both biometrics and DRC, and Nigeria in the procurement of high-tech biometric
detected device identifiers, thereby improving the efficiency, voter registration systems, which need to gather data via what
speed, accuracy, and scalability of the identification.” [6] are referred to as “mobile biometric or ID registration kits” [1].

There are a great many fingerprint scanning applications Clarke and Furnell [9] have compared various biometric
that permit the user to lock and unlock his/her device. techniques for mobile phones. They found that fingerprint
recognition is the most suitable authentication technique for “Mobile Voting was No. 1 in a list of five mobile messaging
mobile phone users. predictions newly released by VeriSign Inc.'s messaging and
mobile media division. The success of the Obama presidential
TABLE I. COMPARISON OF VARIOUS BIOMETRIC TECHNIQUES FOR
campaign last year using a combination of television,
MOBILE PHONES grassroots, and the Internet with last-mile support from mobile
technology is proof of the channel's potential.” He added:
Biometric technique User preference Accuracy “There has been a new movement toward the acceptability of
Facial recognition Medium High the mobile.” [13] This method is based on exchanging SMS
messages and has been developed to be used in several fields,
Fingerprint recognition High Very high such as elections, banking, and many other services.
Hand geometry Medium Very high
4. The WeVote program, which uses exchangeable SMS
Handwriting recognition NA Medium messages and send the results to the Web server. This method
Iris scanning Medium Very high
requires a GSM modem and a driver, JDK 6, or the latest
version, in addition to the WeVote program. The registration
Keystroke analysis Low Medium process is conducted via SMS, and includes basic information
Service utilization NA Low about the voter, such as age/birthday and gender, which would
be stored in the database [14].
Voiceprint verification High High
Consequently, with M-Vote, we concentrate on one
dimension of biometric technology, which is fingerprint
“The user preference is investigated in a survey. The authentication. VeriFinger Embedded is used in this project to
assigned accuracy category is based upon reports by the prove the effectiveness of using such a tool in this application.
International Biometric Group and National Physical Neurotechnology, the Biotech specialist, has developed and
Laboratory.” [10] released applications that support fingerprint or facial
recognition, or both. These three releases are called VeriFinger
1) Most Prominent Mobile Voting Systems Embedded, VeriLook Embedded, and MegaMatcher
Embedded respectively. They can be downloaded and run on
The mobile-based voting system is a solution to increase mobile devices that support the Android OS, such as smart
voters’ participation in the election operation since the mobile phones, tablets, and handheld computers. VeriFinger
phone acts as the polling booth. However, the mobile phone is Embedded is also supported by a range of popular fingerprint
not designed to accommodate large computation schemes. This scanners and readers, ensuring fingerprint capture in less than 1
is why the GSM mobile voting scheme was developed, based second in a device with a 1 GHz processor or better.
on the blind signature, the digital signature, and bit For the proof of concept, we developed our own database,
commitment. This method has the ability to handle large scale and then, during the implementation phase, we produced a
elections, as well as the largest possible number of voters. demo to test the application for efficiency and errors. A small
Among the many achievements in this field, the most number of university staff members and students participated
prominent are the following: in the test process. They registered in the system by providing
the necessary information, such as their national ID number
1. In 2011, the Mobile Voting System was introduced by and their fingerprint, which read and stored in the database.
Radovan Murin [11]. This is an open source android Then, if the voter wishes to elect a candidate he/she has to log
application developed for election purposes. This system uses in to the system by providing his/her number and fingerprint,
two methods: which compared to those in the database. If they are identical,
 Method 1 “requires a computer and either a data cable access will be granted. Otherwise an error message is
from your device or the ability to read micro SD displayed, stating that no such information exists in the
cards.” [12] database.

 Method 2 requires an Internet connection. 2) Mobile voting system problems

The whole process is performed via SMS. The voter can The most common Mobile voting system problems
register and answer the election questions by sending and encountered can be grouped into 2 categories:
receiving SMS messages.
1. Environmental factors: These may be internal or
2. The Mobile Voting System application won the USA external to the organization:
Challenge in 2010. “It was developed by New York City
entrepreneur Elliot Klein who has identified a variety of uses a) Internal: Perhaps the most common problems are the
for his innovation, ranging from government elections to lack of skill in administrating biometric voter registration and
stockholder proxies and other authorized response-based staff resistance to change.
processes.” [12] b) External: Political leaders may not be interested in the
3. According to Michael Campbell, senior vice president of registration process and its accuracy and integrity. Vendors
sales and marketing for VeriSign Messaging and Mobile Media may gain access to a system and corrupt its ability to correctly
tally votes or to manipulate the electorate, motivated by money AFIS can be integrated in a suite of applications that work
or power. together to provide comprehensive fingerprint and palm print
identification solutions to accommodate the needs of voter
2. Technical factors: Many machines have been registration systems, as well as voter authentication and voter
developed recently with as variety of speeds and levels of identification systems used at voting time.” [1]
efficiency and reliability that can cause delays and failures.
Changes in biometric characteristics, such as voices altering
with age and fingerprints altering due to skin scratches or the
kind of work carried by individuals, can affect the mobile
voting process.

III. M-VOTE SYSTEM DESCRIPTION

A. Requirements analysis
The analysis phase was conducted based on three methods
of gathering requirements for our M-Vote system. We called
on the knowledge of people who had already participated in the
election process. We also elicited requirements elicited from
qualified people in this domain who are election officers who
manage the voting process. In addition, because of the
widespread use of many different electronic voting systems, we
were able to gather information based on the methodology and
requirements implemented by those systems. As a result, we
benefited from the experience of their users, both positive and
negative. This information also helps us to avoid mistakes that
have been made in the past.
The use case diagram below (Figure 1) illustrates the
functionality of M-Vote in terms how the system performs, and
includes stakeholders involved, such as the voter and the
administrators. M-Vote’s most important non functional
requirements are: security, performance, usability, availability,
and reliability.

B. Voting operation deatils using M-Vote

There are two key features that were taken into
consideration after the problems of the Manual Voting System
and the E-Voting System had been described, which are:
- the M-Vote client
- the M-Vote server
The client of M-Vote is the mobile phone. The registration
process determines the identity of the voters. If their identity is Figure 1. M-Vote Use Case Diagram
authenticated, the voters are allowed to exercise their
responsibility to participate in elections. This process is In a production scenario, M-Vote server side has a
performed manually in most countries, and automatically or database, which is connected to the government identity
semi-automatically in other countries, to verify voter identity. authority server to check the voter’s identity. If the person is 18
or over and wishes to participate in the election process and
There are techniques available that facilitate the registration elect a candidate, he must participate in the registration
process to ensure the identity of voters, and that each voter process. Through M-Vote, the voter provides information such
votes only once, using voters’ digital information. One of these as his/her national ID number and fingerprint. Then, this
is a database, on the server side, that stores and records the information is transmitted directly to the government server to
required data. The second technique is one of the best known verify the identity and age of the voter. If the information
and most widely publicized biometrics, fingerprint recognition. entered by the voter conforms with the information in the
Because of their uniqueness and consistency, fingerprints have government database, the voter information is recorded on the
been used for identification for over a century. system database server. The registration process is now
“Today, identification can be achieved in a few seconds complete, and he/she can participate in the voting process.
with reasonable accuracy. As a result, the use of automated Otherwise an error message is displayed, stating that there is no
fingerprint identification systems (AFIS) that record, store, such information in the database. Later, if the voter wishes to
search, match and identify finger prints is rapidly expanding.
modify his information, he/she has the ability to do that, but OUT data(0,127)}
without the authority to change the vote. Begin
Istate = cipher; round_key(0) = key;
C. M-Vote Security Mechanism Add_round_key(Istate, round_key(Nr),Istate);
Of the many objectives associated with information for round = Nr-1 step -1 to 1
security systems; privacy or confidentiality, data integrity and Isub_shift_row(Istate);
authentication are the framework objectives, and the remaining Add_round_key(Istate, round_key(Nr-round);
ones can be derived from these [14]. The Advanced Encryption Ip_box(Istate);
Standard (AES) is an approved algorithm which uses a end for;
128/192/256 bit key to generate cipher text. This is one of the Isub_shift_row(Istate);
strongest encryption algorithms available, and has been Add_round_key(Istate, round_key(0);
evaluated on software as well as hardware platforms, like End.
FPGAs and ASICs [15]. It has been found that the mix-column ----- Isub_shift_row()----
in encryption and inverse mix-column in decryption are most {IN i_state;
computational and hence consumes large amount of clock OUT o_state}
period time. This reduces the throughput and also increases the begin
dynamic power consumption. Hence we are suggesting a itemp = Is_box(i_state);
modified algorithm for AES, in which substitute byte, shift row
for r= 0 step 1 to 4
will remain as in the original AES and mix column operation is
replaced by 128 permutation operation followed by add round for c = 0 step 1 to Nb
key operation. Here is our modified algorithm for AES: itemp(r, (c+(shift(r,Nb) .mod. Nb))) =
itemp(r,c);
---Algorithm for encryption ---//shift(0,Nb) = 0, shift(1,Nb)=1, shift(2,Nb)=2,
{ IN data(0,127), key(0,(32*Nk)-1); shift(3,Nb)=3//---
OUT cipher(0,127)} end for;
Begin end for;
State = data; round_key(0) = key; o_state = itemp;
Add_round_key(state, round_key(0),state); end.
for round = 1 step 1 to Nr-1 ---- Algorithm for key expansion as same as in original AES
sub_shift_row(state); {IN key(0,32*Nk-1);
p_box(state); OUT round_key}
Add_round_key(state, round_key(round); Declarations key[4*Nk]is byte, w[Nb*(Nr+1)] is word,
end for; temp is word;
sub_shift_row(state); begin
Add_round_key(state,round_key(Nr)); i = 0;
Cipher = state; while (i < Nk)
End w[i] = word(key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
--- Add_round_key()--- i = i+1;
{IN i_state, key; end while;
OUT o_state} i = Nk;
Begin while (i < Nb * (Nr+1)]
o_state = i_state .xor. key; temp = w[i-1];
end if (i mod Nk = 0)
----- sub_shift_row()---- temp = SubWord(RotWord(temp)) xor Rcon[i/Nk];
{IN i_state; else if (Nk > 6 and i mod Nk = 4)
OUT o_state} temp = SubWord(temp);
Begin end if;
temp = s_box(i_state); w[i] = w[i-Nk] xor temp;
for r= 0 step 1 to 4 i = i + 1;
for c = 0 step 1 to Nb end while;
temp(r,c) = temp(r, (c+(shift(r,Nb) .mod. Nb))); for j = 0 step 1 to Nr
---//shift(0,Nb) = 0, shift(1,Nb)=1, shift(2,Nb)=2, round_key(j) = w[j*4] && w[j*4+1] && w[j*4+2]
shift(3,Nb)=3//--- && w[j*4+3]; ---// ‘&&’ is concatenation
end for; ---/// operator//----
end for; end for;
o_state = temp; End.
end
-----Algorithm for decryption As mentioned in earlier sections, every voter registered and
{IN cipher(0,127), key(0,(32*Nk)-1); indentified by the Election Authority will be able to use a
 secure messaging service between the client mobile and the viii. Valid vote message sent: Once the vote has been declared
server. A 128 bit AES will be used on the client side as well as valid, the M-Vote system deactivates the key and the voter
on the server side, and all the messages sent or received would is notified that he/she has voted successfully.
be encrypted. This feature would be in addition to the other
identification procedures that use biometric security systems. ix. M-Vote system reminder: If a vote has not been cast within
The primary concern in this part of the design is the key the specified session period, the message is resent, to give
distribution. The key is to be initiated only when the election is the voter the opportunity to cast his/her ballot.
announced and the voters are contacted to register for the x. Steps (iii) to (viii) are repeated if the voter in Step ix wishes
current election process. The first level of registration is more to cast his/her ballot.
generic, in the sense that the biometric fingerprint information,
personal details, and unique identification numbers are stored D. Technology and Tools used in the project
in the database, so that the information stays with the authority
for a long period of time. The second level of registration
initiates the election procedure itself, verifying the mobile Technology tools are considered an important factor, helping
phone connection with the system and initiating the encryption engineers design and implement any system, whether it is a
and decryption key between the server and the client. The Web-based or mobile application. Naturally, drawing tools
advantage of this kind of two tier system is that a new key is vary widely, and in this project only certain kinds of tools have
generated every time an election is held and can be used only been selected which are characterized by strength and excellent
within a specified period of time. The key expires under these performance. Furthermore, implementation tools for mobile
conditions: applications that support the Android OS have also been
mentioned, which are used in the implementation phase. The
- when the session period within which the voter is main technologies we use are the following: OpenProj, Smart
expected to vote is over. Draw, Android SDK, MS Visio 2007, ArgoUML, PHP
Programming Language, Adobe Photoshop CS, Microsoft SQL
- when the voter has cast his ballot.
Server Management Studio 2005, MySQL Database, and
- when the voter’s information, either biometric or Apache Web Server.
mobile verification, has failed.
E. M-Vote advantages
Breaking the AES 128 keys using cryptographic analysis
requires some time, perhaps days. The authors have found no
evidence in the literature that this can be done fraudulently in a M-Vote allows:
short period of time. As a result, a specified time during which - Voting without borders: This application makes the voting
the key is valid strengthens our system considerably. process much easier, since the voter does not need to reside in
The sequence of actions performed in the election process, the country of which he is a citizen. Simply by providing his
using M-Vote, is as follows: national ID number and fingerprint, he will be able to take part
in the election process.
i. Voter registration: Personal details and biometric
information, like the fingerprints of all fingers of the voter, - Voting only once: After the voter casts his vote, there is
are collected. no opportunity to manipulate that vote, since the mobile phone
number, ID, and fingerprint are recorded in the database, so the
ii. Voter validation: The authenticity of the voter’s credentials voter will be blocked should he/she attempt to vote for a
submitted during registration is verified at the government second time.
identity authority server.
- Choice Consideration: The voting process is conducted
iii. M-Vote system activation: When an election date is using mobile phones equipped with touch screens. Under
announced, a message to that effect is sent to registered normal circumstances, the touch that gets 50% or more of the
voters. pixels is taken as the voter’s choice. If the voter confirms that
iv. Voter response: The voters are expected to respond to the selection, it is considered to be the voter’s choice.
M-Vote activation message, to enable mobile phone - An automated counting process: This process is
identification and verification by the servers. implemented on the database side, which resides on the
v. M-Vote activation code sent: The M-Vote server sends an election authority’s server, and so it will be much faster and
encrypted message containing the activation code and the more accurate than manual voting.
key. This message can be decrypted at the client’s mobile - Nomination of a party candidate: If an individual wishes
using the code and the International Mobile Equipment to nominate himself/herself for election, he/she sends a request
Identity number of the mobile phone. to the election authority for approval. Once his request has
vi. Voting period set: The period during which voting can take been approved, the administrator will check whether or not his
place is announced. name is on the list of candidates. If not, the administrator will
add him to the list of candidates.
vii. Key retrieval by the mobile phone: The ballot can be cast
by the voter during the specified voting session. - Appointment of an administrator: The election authority,
nominates an Admin for M-Vote who is responsible for
managing electoral districts, and assigning system’s tasks and  Voting Home Screen: the ballot, where the voter
privileges to election authority staff. He also manages chooses his/her preferred candidate.
candidates, parties, and voters on the system.
After the voter has selected one of the candidates, a
- Election authority: This body is responsible for organizing message will be displayed to confirm his/her selection.
national elections and referenda. Also, they can monitor and
control the voting process through a secure website, but
without being able to manipulate the results. Furthermore, they
are responsible for announcing the winning candidate.
Moreover, there is a log file on the server to record every
transaction that occurs, such as where the users (administrators
and election authority staff) come from, how often they return
to the site and how they navigate through it.
To summarize, M-Vote provides the ability to conduct the
voting process without the direct intervention of polling
stations, as simply as possible, and voters can cast their votes
via a mobile phone. This system is characterized by its
effectiveness, high usability, accuracy, and rapidity. With its
contribution to a fair and accurate election process, will
constitute a successful step toward achieving democracy. Also,
it removes all the obstacles that have been encountered in the
past, in the era of manual and electronic voting processes. It Figure 2. Registration Home Screen Figure 4. Voting Home Screen
can be considered as a turning point in the political, social, and
economic areas of state policy, with its multi-factor
authentication solution. B. M-Vote Web Control Panel
Moreover, little or no resistance to change is expected with Setting up a website requires special attention, in order to
the implementation of this system, as no particular skills are ensure the creation of a private environment used only by the
required to administer the biometric voter registration process. individuals responsible for controlling any process with they
work. In order to set up our mobile voting system, M-Vote, we
There is no possibility that vendors will gain access to the have to provide an appropriate environment which suits the
system and corrupt its ability to correctly tally votes or needs of all users. The M-Vote website acts as the mastermind
manipulate the results for money or power, since M-Vote runs for managing the whole voting process efficiently. It is an
a dedicated strong security algorithm. Moreover, since a important tool for automating the delivery of services from the
fingerprint can be captured by anyone, there is no concern electoral authorities to voters. This means that the following
about the concept that forbids or restricts physical contact with factors must be taken into consideration before the website
a member of the opposite gender (except spouse, children, infrastructure is built:
siblings, grandchildren, parents, and grandparents).
 Security: Complex mechanisms must be devised to
Changes in biometric characteristics, such as a fingerprint thwart any attempts to access the website fraudulently
being altered by a scratch or by a work-related change is not an and steal its data.
issue for M-Vote, since the voter will have scanned all his/her
fingers during registration. Furthermore, no new equipment or  Integrity: There must be mechanisms in place to avoid
systems is needed to achieve the required standards and to data corruption.
facilitate the voting process.  Consistency: Every component must act reliably within
Finally, M-Vote is being developed for many uses, varying certain parameters.
from students’ representative selection to government elections  Authenticity: There must be a way to verify the
and other formal response-based procedures. identity of every administrator and every election
authority member in the system.
IV. M-VOTE GRAPHICAL USER INTERFACES
Below are main M-Vote screens on the server side (website):
In this section, we show how the main interfaces are
designed and how they will react under a live example. Login Page: An administrator or an election authority
member can enter the site on this page using his/her national
A. M-Vote Mobile Application ID number and fingerprint.
Below are main M-Vote screens on the client side (mobile Election Results Home Page: The number of votes that has
phone): been cast during the election is shown on this page, along with
the name of the winning candidate. This information can only
 Registration Home Screen: a short form to fill out, in be displayed by election authority staff.
order to be registered and continue through the voting
process.
 enhancements and publicity, M-Vote could be an ideal solution
for voting, it is a method that demands integrity on the part of
both nation and government.

ACKNOWLEDGMENT

A special thank you goes to Mr. Vaidas Didvalis from

Neurotechnology Company, Lithuania, for providing us free
licenses of MegaMatcher SDK that contains VeriFinger.
VeriFinger is a fingerprint identification technology intended
for biometric systems developers and integrators.

REFERENCES
[1] Joint EC-UNDP Task Force. (2012, April 17). Biometric Voter
Figure 3. Login Page Registration: Skills required and problems encountered? Retrieved
August 16, 2012, from Aceproject Web site: http://aceproject.org/
[2] Schneier B. (2004, November 10). The Problem with Electronic Voting
Machines. Retrieved from Schneier website:
http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html
[3] Costa K. (2012). Jettisons e-voting for 2012 polls. Retrieved from
Allvoices website: http://www.allvoices.com/news/8863658-ghana-
govt-jettisons-evoting-for-2012-polls
[4] Bismark, D. (2004, November 5). 85% of electronic voting projects
failed in developing countries. Retrieved from Ted website:
http://www.ted.com/talks/david_bismark_e_voting_without_fraud.html
[5] Mercuri R. (2010, September 1). E-voting. Retrieved from
Notablesoftware http://www.notablesoftware.com/evote.html#Statement
[6] Nir N, Veradim K, Eyal K, and Shimshit. (2012, June). Patent of the
Month in the Biometry Field. Retrieved July 28, 2012, from Planet
Biometrics: http://www.planetbiometrics.com/creo_files/upload/article-
files/patent_of_the_month_-_july_2012.pdf
[7] Robinson, R. (2011, October 24). Growth Expected from Mobile Phone
Biometric Security Market. Retrieved August 14, 2012, from Card
Guide International website: http://www.card-guide-
Figure 4. Election Results Home Page international.com/201110241732/Growth-Expected-from-Mobile-
Phone-Biometric-Security-Market.html?print=1&tmpl=component
[8] Goode Intellignece. (2005). Market for mobile phone biometric security
V. CONCLUSION products and services set to grow and will generate over $161 million
Throughout the long history of the democratic process, and revenue by 2015. Retrieved from
http://www.goodeintelligence.com/media/media_centre/1309411147mo
with the progress of time and changes in people’s needs, the bile_phone_biometric_security_final_news_release_300611.pdf
election is a powerful tool for peacefully resolving conflicts,
[9] Clarke, and Furnell. (2005). Biometrics on the mobile phone. Retrieved
whether political, religious, or economic, based on the will of from http://www.intechopen.com/books/recent-application-in-
the majority. As such, an election leads to a period of transition biometrics/biometrics-on-mobile-phone
in any country. Security, integrity, and availability form the [10] Wang, S. and Liu, J. (2010). Biometrics on the mobile phone. Retrieved
cornerstone of any voting process, and the nature of that July 28, 2012, from http://www.intechopen.com/books/recent-
process can affect both the actual and perceived legitimacy of application-in-biometrics/biometrics-on-mobile-phone
electoral outcomes. During the development of our M-Vote [11] Murin, R. (2011). Mobile voting system Quick Start and Tutorial.
system, the previous experience of the participants in the field Retrieved 16-08-2012, from http://code.google.com/p/mobile-voting-
system/downloads/detail?name=Mobile%20voting%20system%20Quick
of manual and electronic voting systems was considered, as %20Start%20-%20EN.pdf
were the vulnerabilities and weaknesses of the manual and e- [12] Gibbons, G. (2010, October 18). Mobile Voting Application Wins USA
voting systems in use today. M-Vote is designed to improve on Challenge. Retrieved August 16, 2012, from Insidegnss website:
current voting processes by allowing voters to cast their ballot http://www.insidegnss.com/node/2343
via mobile phones, streamline the registration process by [13] Khan, M. A. (2009, April 6). Mobile voting could become reality by
requiring simply the voter’s national ID number to check 2012: VeriSign. Retrieved August 16, 2012, from Mobile Marketer Web
his/her eligibility and scanned fingerprint to ensure integrity, site: http://www.mobilemarketer.com/cms/news/messaging/2980.html
eliminate vote tampering, and increase voter confidence in the [14] Pavlo, B. and Ekimov, V. (2010, November 4). wevote - Mobile Voting
System. Retrieved August 16, 2012, from
voting process. The results show that M-Vote is a secured http://code.google.com/p/wevote/
mobile application that increases the accuracy and efficiency of
[15] A Menezesm, P Van Oorschot, and S Vanstone, Handbook of Applied
the voting process. In fact, it accommodates very large Cryptogoraphy, CRC Press 1996.
numbers of voters, since the process doesn't require a great deal
of effort and it can be completed quickly. Finally, with more

View publication stats