A Secure end to end verifiable e-voting system using cryptography: a case of Independent Electoral and Boundaries Commission of Kenya
Elections that are run purely on manual voting system have presented a plethora of challenges that have often affected the credibility of elections done entirely using the traditional manual voting system. Countries round the world are quickly shifting to the use of e-voting systems with such nations already reaping the benefits of running their elections using e-voting systems. However, a number of countries especially in the developing world are yet to embrace a full e-voting platform and this has often affected the election outcomes in such countries. This study sought to evaluate the use of electronic voting systems to address the electoral malpractices in elections. The study proposes an e-voting system that employs a java enterprise application standard which makes use of the tiered design pattern allowing for scalability using distributed approach. All components are an extension of the server to the client machine, allowing for dynamic content delivery. Voters are only allowed to vote once. After voting, the user identity is flagged to prevent another attempt. Any further attempted logins will be denied access. Communication between the client machines and the servers are secured preventing eavesdropping or snooping on the user's identity in transit. Further once the data is delivered to the server, the application environment also provides added layer of security ensuring that only authorized personnel have permission to view data. To further enhance security all user actions on the client terminals are relayed to the server based on event response model. Security logs can be generated based on user activity which can only be viewed by users with administrative rights. The system uses two different databases. The electoral process that involves capturing data is managed using election database. The security aspect that involves starting/stopping the election, managing and viewing of security logs is managed using a security database. Both of them run on MySQL platform. This platform was used because of its compatibility with PHP and other platforms as well as the ability to encrypt passwords before storage. This ensures that confidentiality and integrity aspects are enforced.