Security based Requirements Engineering for E-Voting System as a legitimate solution for e-governance

  • eWorld Forum Track: Governance
    Title of Paper: Security based Requirements Engineering for E-Voting System as a legitimate solution for e-governance

    Author Name: P Salini


    The change of technology has put increased pressure on e-governance to modernize its election process. In our country, after several elections, we have noticed many problems like long lines, sensitive polling booth, and other polling problems. Many countries are rushing to update their aging and out-dated voter machines and traditional forms of capturing and identifying voters\’ information. E-voting could gradually lead to a smoother, electoral process. A number of countries, worldwide, has started or considered starting thinking and experimenting as well as implementing e-voting. In Europe, a variety of e-voting schemes is developed, tested and piloted across the continent. E-voting at polling stations is widely practiced in the USA and Brazil, in some countries of the former Soviet Union and in India. Some of the E-voting countries are Switzerland, Estonia, The Netherlands, Denmark, United Kingdom and Canada. There are three main types of electronic voting, Machine counting, computer voting and online voting. Of these, online voting is the focus of most current attention. If such voting is to become a reality, it must address each of the steps like the registration process would need to include distribution of appropriate identification numbers, etc. Passwords and smart cards can be used to increase the reliability and security of voter authentication; however, it is difficult to prevent voters from giving away or selling their votes when authentication is carried out without human intervention. Coercion and large scale fraud may also be more of a concern than at present. In many countries considering the introduction of e-voting, legal, technological and political challenges still have to be solved and overcome, and this step, once achieved, subsequently explained to the interested public. Meaningful advances on the way to e-voting can be achieved – besides trans-border exchange of views and experiences – only by close co-operation of and mutual understanding between, first of legal and technological experts, then by lawmakers and experts, and finally by politicians, experts and the public. Citizens and politicians must not assume electronic machines are cure-alls to the traditional ballot crisis. Since e-voting entails plugging votes across a network into a central IT-infrastructure, security and privacy concerns become increasingly imminent. The election process is in need of a standard and secure electronic system that voters can rely on and have trust in. Unfortunately, last year, it was a Canada-based organization that told Indian government websites, including some of those maintained by diplomatic missions abroad, were hacked. Clearly, our government administrators have a lot of learning to do when it comes to counter-hacking. A recent study revealed that various e-voting systems show serious specification, design, and implementation flaws. E-Voting is probably the most security sensitive process handled electronically nowadays. The main reason for this being that the worst-case scenario is really catastrophic. For example, assume an electronic vote for the country is discovered to have been tampered with. This fraudulent act will not only have drastic consequences for country itself, but will also have enormous consequences for the whole world. Bearing this in mind, the highest achievable security is never too much for an e-Voting system. Electronic voting systems play a critical role in today’s democratic societies, as they are responsible for recording and counting the citizens’ votes and there are a number of reports describing the malfunctioning of these systems, suggesting that their quality is not up to the task. E-Voting, for such an e-governance initiatives, what steps election officials could take to ensure its elections via e-voting are secure through a cost/benefit analysis. So our proposal is when an e-Voting system is build, Tasks such as the Security Requirements Elicitation, the Specification of Security Requirements or the Security requirements Validation are essential to assure the Quality of the resulting e-Voting system. It is essential to capture the corresponding security needs and requirements to fulfill business goals, build trustworthy systems, and protect assets. The development of e-Voting system usually involves more heterogeneous stakeholders than the construction of traditional Voting system. Therefore a thorough Security Requirements analysis is even more relevant. By considering the Security requirements as functional requirements in the Requirement phases, the Security requirements and domain knowledge for e-Voting system can be captured in a well-defined model. So the completeness, consistency, traceability and reusability of Security Requirements for e-Voting system and its integration with the artifacts of other phases can be cost effectively improved and can effect a significant reduction of the problems currently encountered in the e-Voting system due to poor Security Requirements Engineering and Management. In this paper we propose Security based requirements engineering process in the early phases of e-Voting system development to identify, categorize and prioritize the list of assets, threats and vulnerabilities for e-Voting system. The security goals for e-voting system are Authentication, Democracy, Uniqueness, Accuracy, Confidentiality, Integrity, Availability Verifiability and Auditability. We develop use case and misuse case models to identify Security Requirements for e-Voting system. By identifying Security Requirements at application level, host, database level and network level in the earlier stage of e-Voting system development life cycle we will be able to design and build e-Voting system which is less prone to vulnerabilities and threats. The benefits of E-Voting increased actual security, increased voter accessibility and turnout, substantial cost savings, supports all counting methods, multiple languages, automated vote tabulation, instant, accurate results, full encryption, anti-fraud controls, secure login, auditable, voter verifiable, and 24/7 internet polling. Most countries believe that e-voting will occur within the next decade and it is mandatory to build a secure e-Voting system which is considered to be in the higher security level. This paper proposes a Security based Requirements Engineering for E-voting will help to standardize the Security Requirements for e-Voting system and build a secure e-Voting system and as a legitimate option for e-governance.

    Brief biodata of presenter:

    P.Salini is from Puducherry, India born in 1981.She received her B.Tech degree in Information Technology and M.Tech in Computer Science and Engineering from Pondicherry University and now she is doing her Ph.D in Computer Science and Engineering, from Pondicherry Engineering College affiliated to Pondicherry University. In 2005 she joined as a lecturer in department of Information Technology in a private engineering college. Now she is working as a Assistant Professor in department of Computer Science and Engineering, Pondicherry Engineering College. Her research interests are in software engineering, security engineering and requirements engineering. She is a member of ISTE.

  • eWorld Forum 2012 :: Award Winners

Address: Elets Technomedia Pvt Ltd., Stellar IT Park, 7A/7B, 5th floor, Annexe Building, C-25, Sector 62, Noida, Uttar Pradesh 201301
Contact No: +91-120-4812600.