study of sms security as part of an electronic voting system
Contents
1. For example to encipher the message Meet me after the toga party with a rail fence of depth 2 we write the following me mat rht rpr iy _ etefieteoaat The encrypted message is MEMATRHTEGPRYETEFETEOAAT This sort of thing would be trivial to crypt analyze A more complex scheme is to write the message in a rectangle row by row and read the message off 23 column by column but permute the order of the columns The order of the columns then becomes the key to algorithm For example y A245 5 6 3 Pah era aA Gea S O G e w n 7 W O a Mm xX A Ciphertext PIUsAAPTMT SUOSODWCOLAENLY PE a 2 5 3 Data Encryption Standard DES The scheme for DES encryption is there are two inputs to the encryption function the plaintext to be encrypted and the key In this case the plaintext must be 64 bits in length and the key is 56 bits in length 24 64 bit plaintext Pate See an Serer ee ee Permuted choice COED Re ee ae Permuted choice 2 lt Inverse initial i permutation 64 bit ciphertext Figure DES encryption model Details of a Single Round 25 32 bits lt 32 bits gt Pee en E a os i Figure a single step of DES encryption 2 6 Optimal method of encryption for our proposed system We have chosen an optimal encryption algorithm Polyalphabetic Cipher Text for encrypt our SMS content It is a way to improve on the s2. as a one time pad is unbreakable It produces random output that bears no statistical relationship to the plain text there is simply no way to the code 27 An example should illustrate our point Suppose that we are using a Vigenere scheme with 27 characters in which the twenty seventh character is the space character but with a one time pad key that is as long as the message Thus it must be expanded to 27 x 27 Consider the cipher text ANKYODKYUREPFJBYOJDS PLREY LUNOFDOIUERFPLUYTS We now show two different decryptions using two different keys Ciphertext ANKYODKYUREPFJBYOJDS PLREYIUNOFDOIVUERFPLUYTS key pxImvmsydoftyrvzwe tnlebnecvgdupahfzzlmnyih plaintext mr mustard with the candlestick in the hall ciphertext ANKYODKYUREPFJUBYOJDSPLREYIUNOFDOIUERFPLUYTS key mfugpmi ydgaxgoufhk1llmhsqdgogtewbqfgyovuhwt plaintext miss scarlet with the knife in the library Suppose that a cryptanalyst had managed to find these two keys Two plausible plaintexts is in correct decryption If the actual key were produced in a truly random fashion then the cryptanalyst cannot say that one of these two keys is more likely then the other Thus there is no way to decide which key is correct and therefore which plaintext is correct In fact given any plaintext of equal length to the cipher text there is key that produce that plain text Therefore if you did an exhaustive search of all possible keys you would end up with many legible plai
3. b_idyydu YMIECNHGREQSP s x yf Liw tdp YMIECO Ssgii gu YMIECBVC rav_iqsaf YMIECPLMNJIYGVC s ual usasew r YMIECKSNZUSUSJIK ezvgle_l iiwdpg laf JDJDIQXDUNOP gwag bh YMIECKDZMHEKKUD sg zxp _laysrfz LKIAICNQIUQZKUDKE 0 r vtxv rppey 4 4 5 Results We have tested the unity and integrity of our software It encrypts the SMS properly and properly decrypt in the server end We have tested it using several types of input and we have successfully been able to decrypt all the data But we have considered only one polling booth database for testing For a complete testing we have to test in a large scale It took lots of time for studying and testing encryption algorithms Due to lack of time we were not able to do the full database of E voting and complete the whole testing 42 CHAPTER 5 USER MANUAL 5 1 Instructions for Administrators Election Commissioner can only login to Election Commission Server When she he logs in to the computer he will directly go to the E Voting software When he presses the count button it automatically counts the result of the National Election Administrator can see the result and publish the result of voting in the Internet and other media 5 2 Instruction for Voter Voters will have to go to the polling booth and authenticate them selves
4. of either hand placing a mark on the electoral roll against the number and name of the elector to indicate that a ballot paper has been issued to him and recording the elector s number and procuring signature of the elector on the counter foils of electoral roll and ballot paper respectively The elector on receiving the ballot paper shall forthwith proceed to the place reserved for marking the ballot paper put the prescribed mark on the ballot paper at any place within the space containing the name and symbol of the contesting candidate for whom he wishes to vote and after he has so marked fold the ballot paper and insert it in the ballot box He has to do the whole thing at the quickest speed If a person represents himself to be an elector applies for a ballot paper when another person has already represented himself as that elector and has voted under the name of the person so applying he shall be entitled to receive a ballot paper which is called a tendered ballot paper The Presiding Officer maintains separate accounts of tendered and challenged votes and also spoilt ballot papers as per law 11 The polling time is generally 0800 1600hrs local time No person is allowed entry into the polling station enclosure after 1600hrs 1 3 3 Count of Votes Immediately after the close of the poll with the casting of vote by the last voter of the day the Presiding Officer in the presence of such of the contesting candidates election
5. t provide adequate security For this reason the encryption method is repeated using different leaders The encryption EL en G2 _ k lip Lis a composition of consecutive applications of the encryption primitive e where leaders h l2 lk 2 L are used Also different quasigroup operations can be used in distinct primitives e The decryption function D dk _ dx 1 _ di li 2 Lis composed similarly except that the leaders 2 L are used in reverse order The Quasigroup operation used in primitive dl must correspond to the one used in e In earlier papers 1 2 it has been proved that mappings E and D are bijections and E D _ Dr Ex _ For encryption purposes primitives el and dl can be incorporated to produce a more complex encryption method Then encryption is defined as EL hi_ he_ AK l2 L hi 2 en di 22 In this construction primitive e is clearly used for decryption if corresponding primitive dl has been used in decryption 2 5 2 Transposition Algorithm Techniques All the techniques examined so far involve the substitution of a cipher text symbol for a plaintext symbol A very different king of mapping is achieved by performing some sort of permutation on the plaintext letters This technique is referred to as a transposition cipher The simplest such cipher is the rail fence technique in which the plaintext is written down as a sequence of diagonals and then read off as a Sequence of rows
6. where the voting data will be encrypted and sent to the election commission server The encrypted data that has been received through SMS will then be decrypted and stored in database accordingly The encryption decryption is the main core module of the system This makes the system more reliable by protecting vulnerable data from unauthorized access This works in the following way e Encrypt vote before sending to the Election commission server e Decrypt vote before storing in the Election Commission server 3 3 Analysis of the Project The project was considered to be totally based on JAVA platform We planned to do the project on JbuilderX environment in J2ME wireless toolkit 2 0 It was our duty to find out the feasible and best approach of how to solve the security problem We considered many algorithms and finally came up with a solution which would satisfy the requirements of the system to be 32 secured To do that we needed to implement a prototype of our proposed software and demonstrate it to the advisor 3 4 Building the prototype To do the prototype successfully we needed to be familiar with the JbouilderX platform using J2ME wireless toolkit V2 0 as we didn t work with this platform earlier After getting acquainted with the environment we started the software module that actually runs inside the mobile After completing the driver module for the mobile we started working on the encryption decryption procedure Thi
7. while at least preserving the security of the traditional vote Cryptography based frameworks are designed to enhance security while enhancing some functionality that remains mainly theoretical in traditional voting because of practical issues An electronic voting scheme is a protocol allowing voters to securely vote by interacting with a set of authorities who collect the votes and calculate the result of the election We usually distinguish between two types of electronic voting on line voting a k a remote voting for example via Internet and off line voting by using a voting machine or an electronic polling booth The main goal of a secure electronic voting system is to ensure the privacy of the voters and the accuracy of votes Our electronic voting system fulfills the following usual requirements Eligibility only votes of legitimate voters shall be taken into account 14 e No reusability each voter shall only be able to cast one vote e Anonymity all votes shall be secret e Accuracy cast ballot cannot be altered e Fairness it must be impossible to perform partial tabulation before the end of the election e Vote and go or walk away once a voter has cast his vote there is no further action he needs to take 1 6 Our proposed voting system with Secured SMS service The proposed system is considered to work with three phases The workflow is described below 1 6 1 Initial Setup of the System e
8. Mobile Phone Registration Each polling booth will be registered with a unique mobile number in the system s database e Candidate Registration Each candidate will be registered in the system s database with their unique IDs e Party amp Constituency Registration Each party and constituency will be registered in the system s database with their detail information 1 6 2 Vote Casting Process e Voter Authentication When a voter comes to the polling center for voting he she is manually authenticated by the polling officer whether he she is a valid voter e Electronic Voting Voters send the unique candidate IDs as their votes using the Electronic voting device which uses SMS technology 15 1 6 3 1 7 1 8 SMS delivery notification Voter is notified of successful SMS delivery The mobile network service providers like GP Aktel amp Banglalink etc will do this Invalid vote cast notification Voter is notified of unsuccessful vote cast like invalid voting format or mobile number Electronic Vote Recording Successful vote casts are updated in the database server accordingly Result Generation Electronic Vote counting After polling hour Super User initiates the counting command the stored data is then retrieved from the database for counting by the system Electronic Report Generation Based on the counting results the system will generate following reports Result by Constituency Result for each pollin
9. STUDY OF SMS SECURITY AS PART OF AN ELECTRONIC VOTING SYSTEM A thesis Submitted to the Department of Computer Science amp Engineering Of BRAC University By Chowdhury Mushfiqur Rahman ID 02101108 Shah Md Adnan Khan ID 01201055 In Partial Fulfillment of the requirements for the Degree Of Bachelor of Computer Science amp Engineering May 2006 f BRAC UNIVERSITY l BRAC University Dhaka Bangladesh DECLARATION Chowdhury Mushfigur Rahman University ID 02101108 have completed some modules of our proposed Thesis Secured SMS Service in Electronic Voting System Under CSE 400 course based on the result found by me therefore declare that this project has been published previously neither in whole nor in part of any degree except this publication also mentioned work found by other researcher by reference Signature of Signature of Supervisor Author ACKNOWLEDGEMENT Firstly I m grateful to almighty Allah for providing the strength and energy to start such a project and finally finish it successfully I m really very grateful and take the honor to express my special thanks to my supervisor DR Yousuf M Islam PhD for all sorts of supportive suggestions and opinions Without his support co operation and resources it would be a day dream to complete my research in this due time My special thanks go to my Co Supervisor Matin Saad Abdullah and Ms Bushra Taufiq Chowdhury for their usefu
10. Then they will find the electronic ballot and a confirmation button They will have to press the button in the ballot and press the confirmation button When his or her vote will cast he or she will receive a status report 5 3 Instruction for Polling booth officer Polling booth officer will verify the voter according to the voter list He will monitor successful vote cast If any one fails to cast a vote successfully then he or she is given asecond chance 44 CHAPTER 6 CONCLUSION The current election system is manual In this system we found out some major flaws The system is fully paper based like printing ballot papers and distributing them high risk of ballot box hijacking in the remote areas ballot paper is manually counted which requires huge man power As a result counting errors may occur and it needs recounting compilation of result requires many stages which is very time consuming This problems as a whole put a big question mark on the reliability and transparency of the current election system So we have come up with an electronic voting system which secures the voting procedure We managed to provide security of the SMS that is the vote carrier of our proposed E voting system These provide more security reliability and efficiency to the system As our proposed system is easy to implement initially it can be installed in high risk areas of ballot box hijacking as a pilot project In a word our solution for the national e
11. agents and polling agents as may be present proceeds with the count of votes The Presiding Officer gives such of the contesting candidates election agents and polling agents as may be present reasonable facility of observing the count and gives them such information with respect thereto as can be given consistent with the orderly conduct of the count and the discharge of his duties in connection therewith Under the law no person other than the Presiding Officer the Polling Officer any other person on duty in connection with the poll the contesting candidates their election agents and polling agents are to be present at the count However authorized observers are allowed by the Election Commission to observe the count as a special dispensation The Presiding Officer shall open the used ballot box or ballot boxes and count the entire lot of ballot papers taken out from there in presence of these persons The valid ballot papers cast in favor of each contesting candidate are preserved in separate packets The Presiding Officer immediately after the count prepares a statement of the count and if so requested by any candidate or election agent or polling agent present gives him a certified copy of the statement of the count and the ballot paper account The Presiding Officer puts in good order all records of the poll and sends them to the Returning officer immediately The Returning Officer is required to give the contesting ca
12. an be derived from the operation _ 2 but for our purposes operations _ and right inverse are sufficient 2 5 1 1 Encryption The encryption primitive e on Sequence X1X2 Xn is defined as e X1X2 Xn Y1Y2 Yn where yi l_xX Vit 1 yi_ xet i 1 n 1 2 The variable is called the leader and in our application it is derived from the secret key password Transformation e is a mapping A A Elements xi yi 2 Aare usually not characters but entities of bits where the bit length of the element is defined by the size of the Latin square associated with the Qquasigroup 2 5 1 2 Decryption Decryption d A A is naturally a reverse operation of encryption It is defined as di yiy2 Yn X1X2 Xn where 21 _X1 l yi xi 1 yilytt i 1 n 1 In essence the decryption primitives as well as the encryption primitives are table lookup methods where the Latin square associated with the quasigroup is used In encryption the previous encrypted element and the next not yet encrypted element are used to find corresponding value from the table This value is then used as the new encrypted value In decryption the values used for lookup are the previous already decrypted value and the next not yet decrypted value With these a new decrypted value is found from the Latin square 2 5 1 3 Composition of encryption and decryption One application of the encryption el defined earlier usually doesn
13. ate who has or is deemed to have received the highest number of votes to be elected The Commission is required as per law to publish in the official gazette the name of the returned candidate The Returning Officer shall supply duly attested copies of the consolidated statement and the return of election to such of the candidates and their election agents as may desire to have them 13 1 4 Advanced Voting System Used Abroad Electronic voting systems for electorates have been in use since the 1960s when Punch Card systems debuted The newer marksense ballots allow a computer to count a voter s mark with an optical sensor Electronic voting systems have gained popularity and have been used for government elections and referendums primarily in European countries Electronic Voting Machines are used on a large scale in India Brazil UK and the United States In 2002 in the United States the Help America Vote Act mandated that one accessible voting system be provided per polling place which many jurisdictions have chosen to satisfy with the use of accessible electronic voting machines 1 5 Security Aspects of E voting system The aim of an electronic voting system is to translate the traditional vote to a digital context Several experimentations have already been done based either on black box machines or on cryptographic frameworks The purpose of electronic voting systems is to obtain the results immediately after the end of the poll
14. dy been done We wish to carry out the proposed system into further details That is security aspects and implementation TABLE OF CONTENTS TITLE DECLARATION ACKNOWLEDGEMENT ABSTRACT TABLE OF CONTENTS CHAPTER 1 INTRODUCTION 1 1 Background of Election System in Bangladesh 1 2 Criteria for Election System 1 3 Current Voting Status in Bangladesh 1 3 1 Before Poll 1 3 2 Poll 1 3 3 Count of Votes 1 3 4 Recount 1 4 Advanced Voting System Used Abroad 1 5 Security Aspects of E voting system 1 6 Our proposed voting system with Secured SMS service 1 6 1 Initial Setup of the System 1 7 1 8 1 6 2 Vote Casting Process 1 6 3 Result Generation Feasibility of our System Advantages of our System CHAPTER 2 METHODOLOGY 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 Studies and visits undertaken 2 1 1 Polling booth 2 1 2 Registered Cell Phone 2 1 3 Election commission server 2 1 4 Existing SMS Gateway System of Grameen Phone Problems and areas of security leak identified Ideas about SMS security Security alternative Various Encryption decryption algorithm amp use 2 5 1 Quasigroups Encryption Algorithms 2 5 1 1 Encryption 2 5 1 2 Decryption 2 5 1 3 Composition of encryption and decryption 2 5 2 Transposition Algorithm Techniques 2 5 3 Data Encryption Standard DES Optimal method of encryption for our proposed system Detailed discussion about the selected encryption algorithm 2 7 1 One time padding in Encrypt
15. f repeating the vote Someone can send a false delivery report that the vote has been cast In this case any unauthorized person can delete the SMS and send a false delivery report to the voter Security alternative The content of the SMS will be encrypted so that nobody can read or understand the SMS We can use a counter to check the number of digit of the SMS content Also other counter measures can be taken like monitoring the whole SMSC server with the help of authorized persons from the Election Commission Various Encryption decryption algorithm amp use Quasigroups Encryption Algorithms 20 A groupoid is a finite set Q that is closed with respect to an operator _ that is a_b2 Q for alla b 2 Q A groupoid is a quasigroup if it has unique left and right inverses i e for any u v 2 Q there exists unique x and y such that x_u vandu_ y v This means that all operations are invertible and have unique solutions which implies their usability as cryptographic substitution operations With this in mind we can define inverse operations for _ call them left inverse and right inverse The operator resp defines a new quasigroup Q resp Q and for algebra Q _ x _ x y y x x _ y A quasigroup can be characterized with a structure called Latin square A Latin square is ann _ n matrix where each row and column is a permutation of elements of a set In our case Q n Several other operations c
16. f the encrypted information 29 The time required to break the cipher exceeds the useful lifetime of the information 30 CHAPTER 3 SYSTEM DEVELOPMENT 3 1 Project initialization and planning The work done by us was a part of previously worked out research project and we have continued the project further more The previously completed tasks were implementing an E voting system which will work as an alternative of the current national election system This E voting system is proposed to 31 work with SMS technology Our major project requirement was to make sure that the whole SMS gateway from the polling station to the Election Commission server should be secure enough to make the whole E voting process successful For this reason we needed to study the whole SMS technology To do that we Studied a lot We took help from Internet and also from many books But another important aspect of our study was to work with the largest Cell phone operator in Bangladesh Grameen Phone We went to GP as a Survey team and put our best efforts in understanding the whole process of SMS gateway that GP uses It was a major help of our project because with out understanding the whole process practically we won t be able to complete our research The findings in the survey have already been discussed previously 3 2 Voting Data Security Module As the proposed system is an election system so there has to be a voting data security module
17. g Center Determining the Winning Candidate Feasibility of our System May be initially installed in high risk areas where the risk of hijacking ballot box is very high We can use the system as a pilot project For election it is possible to switch off all the mobile connections except registered mobiles with dedicated network The possibility of the mobile network congestion will be much less numbers of mobiles under each Base Transceiver Station BTS Very simple system to operate and can be installed in a short time Advantages of our System 16 Simple voting interface for voters Vote count and generating results are done in a short period of time Less human involvement is needed with more efficiency System is more secure and dependable CHAPTER 2 METHODOLOGY 2 1 Studies and visit undertaken Different Steps of the process of Electronic voting using SMS service 2 1 1 Polling booth In the polling booth a voter first has to authenticate him her self Then voter will have to cast the vote using an Electronic Ballot Unit A control unit is connected with the electronic ballot unit The control unit will pass the signal to a Registered Cell phone 2 1 2 Registered Cell Phone The vote will transmit to Election Commission Server as a Short Text Message When the vote reaches the Election Commission vote will be received by another registered cell phone which will be connected to the EC server 2 1 3 Election commi
18. hone number 5550001 eceived sms message Crom sms 5550000 on port s0000 2 yes 7 36 After that the sender receives a confirmation that vote has been successfully cast TI 5550000 pefaunc Jol SHIFT SPACE Now to prove that the cip operly we use a roll back mechanism swapping the sender to receiver and the receiver to sender We use again the same port number 50000 and now send the cipher text to the destination number as 555 000 0 EJ 5550000 DefaultColorPha js m E3 25 45550001 Send a Message 5MS Text SMS Binary SMS To Selected Clients Add Unlisted Client 5550001 Port Optional 50000 So we see that the receiver confirms the result that the same content has been sent again which clearly shows that the content of the SMS is successfully encrypted and also decrypted Candidate ID 10001 1 0002 10006 1 000S 1001 1 1001 3 10015 Index YONAN Party Total Name Wote Aawvarn Lleag eS Mm Fr Jatio Part Somotorarm Jamayat is Gikaipa On Jashod N O28 NOU The above figure represents the result of the election of particular one polling booth as we considered only one polling booth There is a simple database 38 which would simply count the votes for candidates participating in the election from one station This is a simple demonstration of how the voting is going to be counted 4 3 Acceptance testing Before we build
19. icer with necessary ballot boxes of such material and design as are approved by the Commission Not more than one ballot box is used at a time for the purpose of the poll at any polling booth 1 3 2 Poll At least half an hour before the time fixed for the commencement of the poll the Presiding Officer is required to ensure that every ballot box to be used is empty show the empty ballot box to the contesting candidates and their election agents and polling agents whoever may be present close and seal the ballot box and place the ballot box so as to be conveniently accessible to the elector visible to all present in the booth Officials and election or polling agents as may be present Every elector will mark his ballot paper in secret before the same is folded and inserted in the ballot box by the elector himself 10 The Presiding Officer regulates the number of electors to be admitted to the polling station at a time and excludes from the polling station all other persons except those connected with the polling The Presiding Officer is responsible for keeping order at the polling station so that an elector can exercise his free will to cast his vote at the polling station Where an elector presents himself at the polling station to vote the Presiding Officer shall after satisfying himself about his identity issue to him a ballot paper after giving him a personal mark made with indelible ink on his thumb or any other finger
20. imple monoalphabetic substitution cipher This technique has the following features e Asetof related monoalphabetic substitution rules is used e A key determines which particular rule is chosen for a given transformation 2 7 Detailed discussion about the selected encryption algorithm 26 In the Polyalphabetic cipher the ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plain text and has no statistical relationship to it The system can be expressed succinctly as follows C p k where p ith binary digit of plaintext k ith binary digit of key c ith binary digit of ciphertext exclusive or XOR operation Thus the cipher text is generated by performing the bitwise XOR of the plain text and the key Because of the properties of the XOR decryption simply involves the same bitwise operation Pi OK The essence of this technique is the means of construction of the key Vernam proposed the use of a running loop of tape that eventually repeated the key so that in fact the system worked with a very long but repeating keyword Although such a scheme with a long key presents formidable cryptanalytic difficulties it can be broken with sufficient cipher text the use of known or probable plaintext sequences or both 2 7 1 One time padding in Encryption One time pad uses a random key that was truly as long as the message with no repetitions Such a scheme known
21. ion Advantages of using the algorithm CHAPTER 3 SYSTEM DEVELOPMENT 3 1 3 2 3 3 3 4 Project initialization and planning Voting Data Security Module Analysis of the Project Building the prototype 3 5 Feedback from the Advisor 3 6 Customization of the system to be flexible to any cell phone network operator 3 7 Combining the modules together as a full working model CHAPTER 4 SYSTEM TESTING 4 1 Unity and integration testing 4 2 System testing 4 3 Acceptance testing 4 4 Test Data 4 5 Results CHAPTER 5 USER MANUAL 5 1 Instructions for Administrators 5 2 Instruction for Voter 5 3 Instruction for Polling booth officer CHAPTER 6 CONCLUSION REFERENCES CHAPTER 1 INTRODUCTION 1 1 Background of Election System in Bangladesh Bangladesh started her journey with Parliamentary system of Government then switched over to Presidential system and in 1991 reverted back to Parliamentary system Parliament consists of three hundred members elected in accordance with law from single member territorial constituencies Besides this there was a provision of thirty seats reserved exclusively for woman members up to the year 2000 who were elected according to law by the members of the parliament Parliament has tenure of 5 years unless dissolved earlier 1 2 Criteria for Election System Based on the traditions of the elections and voting system in the Bangladesh election systems whether through traditional voting meth
22. l and important suggestions Without their Supportive consultancies my research will never have fulfilled the requirements would also like to thank the senior brothers of University and friends who helped me in every possible way want to specially thank my teachers and friends who always supported and helped me during my thesis work as a family member by always giving me moral support Finally feel deepest admiration to my department for giving me the honor to perform the Thesis a partial fulfillment of the requirement for the Degree of Bachelor of Computer Science and Engineering ABSTRACT E voting is a new technology in voting system Recently it was experimented in UK Basically this system is proposed to work via Short Message System SMS Using secure messaging system we are trying to develop the e voting system here in our country Our goal is to develop a system which will be able to send SMS from a registered cell phone to a server located in the base polling station and cast a vote for a voter The system must be secured so that while voting no outside interference can be made to change the vote So there will be no tension of casting false vote By the help of this system our voters will be able to cast their votes in a secure way and also the results will be available immediately when the vote casting finishes This is going to be a pioneer change in our voting system Some work on this proposed system has alrea
23. lection system improves the overall efficiency of the current election system by providing secured and simplified processing of election results 46 References 47 N O S E opr oe a 11 12 13 14 15 16 17 18 19 20 21 22 23 24 20 26 27 William Stallings Cryptography and Network Security Jeffry A Hoffer Joey F George Modern System Analysis amp Design http www cellular co za news_2002 021302 uk_to_ use _sms_voting htm http www smartmobs com archive 2003 02 07 sms_voting_in_u html http www textually org textually archives 2003 05 000521 htm http www telsis com 0304 htm http news zdnet co uk internet security 0 39020375 39186974 00 htm http mindprod com jgloss conversion html http forum java sun com thread jspa threadID 664309 amp messagelD 38 90826 http www bangladeshgov org ecs http www nesc ac uk action esi contribution cfm Title 639 http www orlingrabbe com des_java htm http avirubin com vote http www newscientist com article ns id dn398 7 http www computerworld com governmenttopics government policy stor y 0 10801 92950 00 html http www eff org Activism E voting 20030723_ eff_pr php http www usatoday com tech news computersecurity 2004 07 30 evote hack challenge_x htm http www mbalance com products security firewall aspx http www oreillynet com pub a wireless 2001 09 28 relay html http www mcafee com us local_content white_papers wo_sm
24. ndidates and their election agents a notice in writing of the day time and place for the 12 consolidation of the results and in the presence of such of the contesting candidates and election agents as may be present consolidate in the prescribed manner the results of the count furnished by the Presiding Officer including therein the postal ballots received by him before the time aforesaid 1 3 4 Recount The Returning Officer shall recount the valid ballot papers in respect of any polling station if the count by the Presiding Officer is challenged in writing by a contesting candidate or his election agent and the Returning Officer is satisfied about the reasonableness of the challenge or he is directed so to do by the Commission Where after consolidation of the results or the count it is found that there is equality of votes between two or more contesting candidates and the addition of one vote for one such candidate would entitle him to be declared elected the Returning Officer shall forthwith draw a lot in respect of such candidates and the candidate on whom the lot falls shall be deemed to have received the highest number of votes entitling him to be declared elected The lot shall be drawn in the presence of such of the contesting candidates and their election agents as may be present The Returning Officer shall after obtaining the result of the count or of the draw of the lot declare by public notice the contesting candid
25. ntexts with no way of knowing which the intended plaintext was Therefore the code is unbreakable The security of the one time pad is entirely due the randomness of the key If the stream of the character that constitutes the key is truly random then the stream of characters that constitute the cipher text will be truly random Thus there are no patterns or regularities that a cryptanalyst can use to attack the cipher text 28 In theory we need look no further for a cipher The one time pad offers complete security but in practice has two fundamental difficulties There is the practical problem of making large quantities of random keys Any heavily used system might require millions of random characters one regular basis Supplying truly random characters in this volume is a significant task Even more daunting is the problem of key distribution and projection For every message to be sent a key of equal length is needed by both sender and receiver Thus amammoth key distribution problem exists Because of these difficulties the one time pad of limited utility and is useful primarily for low bandwidth channels requiring very high security 2 8 Advantages of using the algorithm There are some major advantages of using this algorithm for encryption Converts each character into bit level Bit wise XOR operation is done between each character of the plain text and key The cost of breaking the cipher exceeds the value o
26. ods or SMS voting are commonly expected to satisfy a number of criteria including e Eligibility and Authentication Only authorized voter should be able to vote e Uniqueness no voter should be able to vote more than one time e Accuracy Election system should record the vote correctly e Integrity votes should not be modified forged and deleted without detection e Verifiability and Audit ability It should be possible to verify that all votes have been correctly accounted for in the final election tally and there should be reliable and demonstrably authentic election records e Reliability Election system should work robustly without loss of any votes even in the face of numerous failures including failures of voting machines and total loss of mobile communication e Secrecy No one should be able to determine how an individual voted and voter should not be able to prove how they voted e Flexibility The election procedure must have such flexibility that they can be adapted at any point of the election subject to the demand of the current situation 1 3 Current Voting Status in Bangladesh According to the law casting of votes and counting of votes are the pivotal and final tasks in the whole process of the election though the consolidation of results and declaration of the names of returned candidates are the subsequent legal requirements 1 3 1 Before Poll The Returning Officer provides each Presiding Off
27. rking model After the completion of our SMS sending software and encryption decryption procedure it was required to integrate both the works done by us to create the full functional software We started by making the jar file of our software to run in the mobile environment It was almost easy to implement as we integrated both the SMS sending part amp encryption decryption part of the software We installed the software in mobile environment and tested it to check whether the software works successfully or not It was a successful demo as I ve stated the testing data and results later in this report 34 CHAPTER 4 SYSTEM TESTING 4 1 Unity and integration testing We have tested our software in cell phones by creating jar files All the cell phones that have JAVA installed in it will be able to successfully run our software 4 2 System testing 35 First in the simulator we use a number with 555 000 1 Now suppose we are giving vote to Awami with sign Boat as we see in the following figure So vote is casted as Awami Boat of which our target is to encrypt the content EF 5550000 DefaultColorPhs ys bel Ea ber 455 500 01 Type Your Yote Now after sending the SMS content to a certain destination using port number 50000 we see that the destination receiver receives the content encrypted amp the received object is cipher text 25 5550001 WMA Console Send CBS Console running using p
28. s part was really tricky for us to implement as the algorithm we intended to use wasn t implemented earlier So we maintained a constant touch with our supervisor and co supervisor who helped us in many ways 3 5 Feedback from the Advisor After building the prototype we showed a demonstration to our advisor showing all the aspects about SMS security He gave us valuable feedback from which we were able to calculate our problem areas which were to overcome to complete the research successfully We had to go through some minor changes in the prototype to finally disclose it as functional software 3 6 Customization of the system to be flexible to any cell phone network operator We had to design such software which would be able to adapt with all the cell phone operators currently functional in the country To do that we had to work with the cell phone companies and find out their areas of differentiability While working with Grameen Phone we studied their network for SMS 33 transmission thoroughly and found that all the operators work on a basic model which is SMS gateway through SMSC server So we intended to focus our attention on the SMSC server location where the highest amount of security threat is possible For that we needed to rethink our system a little bit and finally came up with a solution of encrypting the SMS content so that no one can see or read the content of the SMS 3 7 Combining the modules together as a full wo
29. s_architec ture pdf http www cisco com univercd cc td doc product software ios1 22 1 22ne wit 122t 1 2et1 3 ft_aes htm http www pentazip com PW PentaSuite_Security htm http www abisoft net dev html http www thefreecountry com sourcecode encryption shtml http Awww schneier com blowfish html http www eweek con article2 0 1759 1859751 00 asp http www tero co uk des 48
30. ssion server The registered cell phone will be connected with the server When the vote will be received by the server it will automatically upgrade the database 18 Figure E voting system 2 1 4 Existing SMS Gateway System of Grameen Phone Figure SMS Gateway of Grameen Phone When we send a SMS from a cell phone it reaches Base Station Control BSC to Mobile Switching Center MSC In the MSC it finds its destination Then it directly goes to the Short Message Service Center SMSC From the SMSC server when it reaches to its destination a delivery report generates from the SMSC server They are using Short Message Peer to Peer SMPP protocol 2 2 Problems and areas of security leak identified 19 With the help of Grameen Phone we have found out the problems and areas of security leak In the SMS gateway only security breach can happen in SMSC Server because no one can read or delete any SMS content in Base Station Control BSC or Mobile Switching Center MSC But in the SMSC server any administrator can read or delete the SMS content No one can change or edit the content of SMS So security breach can happen only in SMSC server So the critical point for us is SMSC Server 2 3 2 4 2 5 2 5 1 Ideas about SMS security Any unauthorized person can read the content of SMS SMS can be deleted in the SMS gateway Delivery report can be deleted in the SMS gateway In this case there is a chance o
31. the real encryption software for mobile application we have to test the software in JbuilderX J2ME wireless toolkit 2 0 First we have implemented the encryption software having a user interface We have to write the plain text in the plain text field and the key in the key field amp Frame Title joj x Plain Text Dr Yousuf M Islam Key supervisot Build Rebuild Cipher Text __o 39 In the interface when we press the button Build it creates the cipher text using the plain text and Key amp Frame Title E Ioj xj Plain Text br Yousuf bl Islam Key Supervisor Build Rebuild OO E OO000s8 E OOO00 i Cipher Text Cipher text will show in the interface After we get the cipher text then we press the clear button to clear the plain text area field Frame Title _ 5 x Plain Text Pe Key Supervisor _ a fy AE Cipher Text O00 E OO000s88 E 0000 Clear Exit Finally when we press the Rebuild button it builds the plain text using the same key and cipher text 40 ioj xi Plain Text or Yousuf M Islam Superwisar O0 E O0O000s8 E 0000 gt se some manual inputs and outputs of our proposed system are shown below KEY Cipher text BANGLADESH BIKOLPO DHARA JAMAT DARIPALLA THESIS IN BRAC NATIONAL ELECTION OF BANGLADESH YMIECLIUERN SS ISYWUW YMIECIEMX s cLiewuvj YMIECWZO P lvzwe YMIECIUBX
Download Pdf Manuals
Related Search