A SMART E-VOTING SYSTEM USING RFIDAUTHENTICATION METHOD FOR A CAMPUS ELECTORAL

Amna SaadUniversiti Kuala Lumpur City

CampusMalaysian Institute of

Information Technology1016 Jalan Sultan Ismail

50250 Kuala Lumpur,Malaysia

amna@miit.unikl.edu.my

Mohd Izzat MohamatRoseli

Universiti Kuala Lumpur CityCampus

Malaysian Institute ofInformation Technology1016 Jalan Sultan Ismail

50250 Kuala Lumpur,Malaysia

izzy_tm@yahoo.com

Muhammad SaufiZullkeply

Universiti Kuala Lumpur CityCampus

Malaysian Institute ofInformation Technology1016 Jalan Sultan Ismail

50250 Kuala Lumpur,Malaysia

muhammadsaufi89@rocketmail.com

ABSTRACTA Smart Election System (SES) is an electronic election sys-tem (e-voting) for a campus election. The system is basedon a client-server system. The application is developed us-ing Microsoft Visual Basic (VB6) and SQL as the database.The system is integrated with an RFID system for the vot-ers authentication purpose. Students would have to registertheir profiles. Moreover they would be provided with oneRFID tag each before they can use the voting system. Thesystem consists of two application programs. First, the man-agement program which is to be used by the administratorwhile the other one is the voting terminal program for vot-ers to cast their votes. All information on students and votecounts are stored in the database. The SES Manager isan application that would be used by the administrator tocontrol the voting process. The SES Manager’s functions in-clude, but not limited to create voting sessions, add/removecandidates information, add/view voters profile and set sev-eral voting parameters. The SES Manager is also linked tothe database to update, create or remove data stored on it.The prototype of the SES system has been successfully de-veloped and tested. A simulation on the prototype showsthat the system meets the requirement for a smart campuselectoral system.

Categories and Subject DescriptorsH.4 [Information Systems Applications]: Miscellaneous

General TermsPrototyping

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, orrepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee..IMCOM (ICUIMC)14, January 9 - 11, 2014, Siem Reap, Cambodia.Copyright 2014 ACM 978-1-4503-2644-5...$15.00.

KeywordsCampus election, e-voting, RFID.

1. INTRODUCTIONElectronic election system or e-voting is a system built to

enhance the conventional voting method. This new systemreplaces a ballot paper with an electronic interface (GUI) ona computer. Other than the interface, the whole process istaken over by a computer system which means that from thebeginning process of authenticating voters to the final pro-cess of announcing results are handled by a computer. Thiscan reduce human error in voting, where voters sometimesspoilt their votes by accident or intentionally. Moreover itreduces human error in counting votes to obtain the finalresult.

Smart Election System using RFID is a project to enhancecurrent voting method used by Universiti Kuala Lumpur(UniKL). Currently UniKL uses ballot papers to cast votesand then manually count the votes. The new system wouldreduce human involvement of authenticating voters, distribut-ing ballot papers and vote counts. In the new system, vot-ers would be authenticated by their RFID tags, which aretheir existing student cards. After the authentication pro-cess, voters may proceed to the voting terminal to cast theirvotes without the uses of ballot papers. Finally, once theelection process has ended, the votes would be counted bythe system. The following sections are organized as follows;section 2 discusses the previous work of other researchers;section 3 discusses on the prototype development; section 4discusses the result and analysis of the system and section5 is the conclusion and future work.

2. RELATED WORKA campus election has long been practiced and the process

is similar to the election method used by most democraticcountries throughout the world. Educational institutions,both government-funded and private institutions have re-alized the importance of the campus elections as it couldbenefit the institutions as well as their students. Through acampus election young and energetic student leaders mightemerge to help organising students activities and to provideother assistance to their peers in the campus.

The campus election started with a conventional method,which consist the use of ballot papers. The new revolutionof a campus election has adopted an e-voting method for amore efficient process. In this section we define the paperbased voting and electronic based voting. We then discussthe RFID technology in used. Moreover we discuss severalother related projects of e-voting which use different methodto authenticate the voters.

2.1 Paper Based Voting SystemThe paper based voting system is a traditional version of

election method and has been implemented for a long timeuntil now. This method uses ballot papers for casting anda manual counting votes. During the voting process, an el-igible voter makes the appropriate selection by marking aballot paper using a pen or a pencil before it is thrown intoa ballot box. Once the election period is over, the ballotpapers would be counted manually. In many situations thecampus election would be run at only one stop center. How-ever if there is more than one polling post then the ballotboxes would be collected in one place before the countingprocess begins.

2.2 Electronic Voting SystemAn electronic voting is a term encompassing several dif-

ferent types of voting, embracing both electronic means ofcasting a vote and counting votes. The voting process canbe done by either users casting votes at a voting station orcasting vote over the internet. The E-voting method worksby using a combination of both hardware and software. Thehardware part includes a centralized server, voting terminalsand network connection . The role of the server is to store allvoting information such as voters’ information, votes, can-didates’ information and performing the process of countingvotes [7].In essence both the paper ballots and electronic voting

focusing on voter privacy and election outcome thrustwor-thiness. Auditing methods are usually differ for e-votingand paper ballots. The auditing should allow recountingto verify the result of an election. A voter-verified audit-ing should not cause a privacy violation problem [1]. Onthe other hand, the main objectives of an electronic votingare to increase participation, lowering the costs of runningelections and improving the accuracy of the results [9].

2.3 RFID TechnologyRadio Frequency Identification (RFID) is defined as an

Auto Identification and Data collection technology which al-lows identification of a large number of tagged objects usingradio waves RFID technology. There are two main compo-nents of RFID system; an RFID tag and its counter part anRFID reader.RFID Tag is defined as an electronic circuit that use ra-

dio frequency waves to communicate with an identifier whichallows it to be differentiated from any other electronic cir-cuits. Using RFID, wireless automatic identification takes avery specific form to detect objects, locations, or individu-als that are marked with a unique identifier code containedwith an RFID tag to attach to or embedded in the target [5].An RFID has 96 bit memory for hexadecimal data storagewith Ultra High Frequency ranges between 850 MHz to 950MHz [3]. There are four types of RFID tags like a PassiveRFID Tag, a Battery-Assisted Passive (BAP) RFID Tag or

a Semi-passive RFID tag and an Active RFID Tag. In thisproject we use the Passive RFID tag. In which case thecard contains minimal data and the detail data is stored ona database server.

The RFID reader is a Radio Frequency device that trans-mitted and received signals from an RFID Tag. A RadioFrequency sensor can communicate with RFID tags that arewithin 1 meter range and is designed to interface with aninformation processing system [3]. RFID technologies areefficient and secure comparing to other network [2]. TheRFID reader is connected to a main system through a USBport. This ensures the communication between the systemand the RFID reader work. The reader supports the trans-fer of data to a remote computer over a network connection[3].

2.4 Related ProjectsWe have made a comparison of the authentication tech-

nology, security level, network environment and system typeamong several related projects

2.4.1 Project 1: Electronic Campus Voting SystemSeveral campuses in Malaysia have adopted electronic vot-

ing systems to replace the traditional ballot paper systems.A few campuses have implemented open source web basedsystems, while others chose to build their own programs.Most existing campus voting systems use a user credentialsuch as a student Identification (ID) number as the user-name, and an identification card (IC) number as the pass-word to login to the voting system. Once logged in, userscan cast votes according to the terms and conditions en-closed by the campuses. After the voting process, the usersare logged out automatically.

However there are still room for improvements. For exam-ple, the student ID and identification number are too generaland can be obtained easily. In essence, the student ID num-ber is shown on a student card, while identification numberis shown on his IC, both information are permanent andvisible. An identity theft might exist whereby someone mayobtain this information to be used during the Electoral Day.He might be casting vote on others name with or withouttheir consents.

2.4.2 Project 2: Online Vote SystemThis project was the originality of Kolej Universiti Teknikal

Kebangsaan Malaysia (KUTKM) student. The idea of theproject was to build an online voting system for KUTKMstudents, to replace the existing voting method which wasusing ballot papers and votes were counted manually [8].The project involves some hardware and software integra-tion to provide both security and improve efficiency of thenew system. This system identifies voters according to thepassword, which are given to the students during the regis-tration process. The passwords are used to provide one-timevoting to each student. This system includes various types ofsoftware such as: Microsoft FrontPage 2000 to create the in-terface for the voting system, Microsoft Access 2000 to storevoting data and voters/candidate information and PersonalWeb Server to run the system.

One of the weaknesses in the system is the use of passwordfor authenticating voters. As mentioned above, the pass-words are distributed during the registration of the voters.While registration to vote may be conducted quite a while

Table 1: Comparison of Related ProjectComparisonparameter

Project 1 Project 2 Project 3 Project 4 Smart Election Sys-tem using RFID

Authentication user:StudentID; password:Malaysia IC

System gener-ated passwordand Singlesign on.

User Cre-dential andVerificationAccess Code(VAC)

User Creden-tial and Cer-tificate

RFID Tag

Security Level*

LOW MODERATE MODERATE MODERATE MODERATE

Network LAN LAN LAN WAN VLAN- Databaseserver, SES Managerand Voting termi-nals are in separateVLAN, refer toFigure 1

Ownership Mostly pro-prietary

Proprietary Web-based Web-based Proprietary

Owner - KUTKM,Malaysia

UTeM,Malaysia

LancasterUniversityU.K

UniKL, Malaysia

Note *: Based on the criteria set in [4].

before the election take place, the passwords given mighthave been missing, exposed to someone else or even stolen.If the voters do not take appropriate action, the passwordmight end up in a wrong hand.

2.4.3 Project 3: Campus Election System (CESYS)The Campus Election System (CESYS) is a project by

Universiti Teknikal Malaysia Melaka (UTeM) student, whichaimed to enhance and integrate the existing voting systemwith Verification Access Code (VAC) that is sent to votersvia Short Messaging Service (SMS) [10]. The Electoral Sys-tem in UTeM would be enhanced into electronic based andwould be integrated with VAC for security purpose. Thesystem would identify voters from their student cards andsend the VAC to the voter via SMS only if the voter hasnot participated in the election process. The system is de-veloped by using Macromedia Dreamweaver, PHPMyAdminand MySQL database. Other requirement device and systemincludes a GSM modem and Ozeki Message server, which isused to send VAC to voters mobile phone.CESYS has implemented VAC to authenticate voters dur-

ing the election, however the VAC is sent via SMS once thevoters have check-in for the election. The weakness identi-fied here was the use of the SMS service. An SMS serviceis widely used as a medium for communication and infor-mation delivery. However, under certain circumstances, thesystem itself may have an interruption that might cause adelay in delivering text messages, which means a delay indelivering the VAC to voters. Other than the delay, prob-lems could arise if the voters have left their mobile phones atthe hostel or home, or the phones or numbers are no longerbeing used. So the VAC could not be delivered to the voters,or the code might end up with someone else.

2.4.4 Project 4: Campus e-democracyCampus e-democracy project is an electronic election sys-

tem built to be worked on the web browser. The systemincorporates a login server and MySQL server for the au-

thentication process, and a web server to handle the overallprocess [6]. The system requires connection over the internetvia a secured protocol to assure a safer voting process. Userswould navigate to the appropriate web address in order tocast votes. The voting process starts with the authenticationprocess, which involves server certificate and user certificateverification before the user could login to the server. Oncethe login procedure is successful, the user can start castingvote. The result would be recorded into the system and thevoting completion receipt is displayed on the user side.

Online voting system, especially over the internet has al-ways been criticized for its security. Even though much pre-caution has been taken to improve the security of an onlinevoting system, it is still doubtful. Using a web browser maycause problem due to incompatibility. This may reduce theefficiency of the voting process. Web browsers are also proneto attacks due to its weaknesses. For example, an outdatedweb browser may not contain the security update that couldprevent attacks. There are also possibilities where users casttheir votes over public computer or public network such asat the cyber cafe or over Wi-Fi network, where the securitylevel of such environment is low on certain points.

3. PROTOTYPE DEVELOPMENTThe related projects by other higher education institutions

within Malaysia and Lancaster University motivate UniKLstudents to come up with their own e-voting system takinginto consideration the weaknesses and strong points of thesesystems. The new system is known as the Smart ElectionSystem (SES) using RFID for authentication eligible usersbefore they can cast their ballots during the campus pollingday. Table 1 shows the differences and similarities of SES tothe other projects.

3.1 Smart Election System (SES) using RFIDSmart Election System using RFID is a project proposed

to enhance current voting method used by Universiti KualaLumpur (UniKL). Currently UniKL students use ballot pa-

Figure 1: Network Topology

pers to cast votes. The votes would be manually counted.The new system would reduce human involvement of authen-ticating voters, distributing ballot papers and vote counts.In the new system, voters would be authenticated by theirRFID tags, which are their student cards. After the authen-tication process, voters may proceed to the voting terminalto cast their votes without the uses of ballot papers. Fi-nally, once the election process has ended, the votes wouldbe counted automatically by the system.

3.1.1 Problem StatementThe current voting method used by UniKL is prone to hu-

man errors. This error includes mistakes during vote cast-ing, where voters accidentally choose less or more candi-dates than they should, or they do not vote according tothe appropriate guidelines, which results as a spoil ballot.Another error occurs during the votes counting, where theballot papers are counted by human and there are possi-bilities that problem such as miscount the ballot papers tohappen. Other than the above, some students are not awareof the campus Election Day due to poor advertising andannouncement as some of them might have overlooked theannouncement placed on the notice boards or UniKL elec-tronic board. In addition, there are also students who forgotabout the Electoral Day, however that is totally a separateissue. On top of that, it is hard to view voters statistics. Forexample, to view the statistic by gender on how many stu-dents attended the election. In order to do so, the campuselectoral committee needs to separate names from the namelist based on genders. Hence, it could take quite a long timeto complete. The same process would be repeated for otherdifferent reports. These statistics are important in order todetermine the trend of the campus election.

3.1.2 Problem SolutionTo overcome the problem stated in subsection 3.1.1, a new

system is developed, known as Smart Election System usingRFID. This system enhances campus election system frompaper-based voting system into fully electronic voting facil-

ities. The system provides on-screen candidate informationand allow users to cast their votes using the system. Hu-man errors can be minimized as the system would controlthe condition for the voting session, for example the systemwould control the minimum or maximum number of can-didates allowed to be elected. The votes count is also per-formed by the system and would reduce the time required toobtain results. This system would allow administrators toview voters information and profile. There is also an optionfor administrators to view the statistic that displays numberof students participated in the campus election and can beviewed categorized by gender, course, and age.

3.1.3 MethodologyFigure 1 shows the logical topology of the project. The

system consists of a database server, personal computers,a layer three switch and RFID readers. Alternatively thelayer three switch can be substituted with a router and alayer two switch. This is essential for creating VLAN andto ensure that each VLAN would be able to access anotherVLAN. During a polling day, the same set up is recom-mended. There could be several PCs set as voting terminals.The PCs would be connected to the switch. The switch isalso connected to the database server and an administratorPC or notebook. The SES Manager software would be in-stalled in the administrator PC. An administrator would beat the polling venue all the time until the election processis completed. We have chosen the client-server topology ina LAN environment in order to minimise the vulnerabili-ties and risks on the electoral data and to increase data in-tegrity. The potential threats would be from identity theftsand man-in-the-middle attacks if a web-based system is im-plemented.

The privacy of the voters are also important. Their ballotsare secret and should be protected just like casting a paperballot. The result of the polling would only be revealed onceall the voters have casted their votes or when the castingperiod expired. SES Manager would have the engine thatcontrol the election process. SES Manager is also used toset the candidates profiles and other condition as stipulatedin a campus electoral policy.

3.1.4 Development and TestingThere are two main modules of the SES system using

RFID as depicted in Figure 3. The first is the SES Managerand the second is the Voters module. The SES Managercontrols the overall electoral process from registering voters,candidates, setting election session, monitoring the voterscasting ballots and to produce the result and statistic. Thevoters module consists of the functionality to authenticatevoters, for voters to cast the ballots and logging out. TheSES Manager also have a function to set users privilege.

Figure 2 shows the front interfacing of SES screen. Usercan choose ”Management” or ”Voters” module based on theprivilege set on the RFID card. A voter uses RFID Tag toaccess the system and only eligible voters would be allowedin. Once scanning the RFID Tag, this system would allowvoters to auto login and to cast their votes. Once completedthe voters would scan their RFID to logout. This completetheir session with the system.

The SES system also provides session to view a studentprofile to make sure the information is registered in thedatabase. The voters can view their own profile and can

Figure 2: SES Front Interface

Table 2: Testing for Single LoginTesting VoteSessions/Voter

Voter 1 Voter 2 Voter 3

First Login Successful Successful SuccessfulSecond Login X X XThird Login X X XFourth Login X X X

verify their data but they could not change the profile iferror exist. If there exist any incorrect data , they can re-port to the administrator. The administrator would do thecorrection on the database. This is to ensure the integrityof the voter profiles. Figure 4 shows the screen to the SESVoter Registration.Many other rules can be set in every voting session. For

example, a voter is allowed to vote only once per session.SES Manager would keep track of any voters that try tovote more than once. In this case we have tested the sys-tem for first login, second login and so forth. The resultis shown in Table 2. Another important feature of SES isto ensure the strong signal between an RFID tag and anRFID reader. RFID test is focused on the operating rangeof the RFID reader and tag. Several tests are conducted byplacing the RFID tag in the opposite direction, facing theRFID reader. The process is repeated with various ranges.The results are then recorded. The reason why this testis conducted is because, different RFID reader has differ-ent operating ranges and some are able to detect RFID tagplaces further while some reader require the tag to be intactwith the reader [11]. The same volunteers have tested on thesuitable distance between the RFID tag and reader.To avoidunauthorized voters from tempering the SES authenticationand login system the distance between the RFID tag andRFID reader should not be too far. From our observationthe RFID reader can recognized signal from RFID tag forthe range less than 8cm, refer to Table 3. Hence, we candeduce that the system is suitable for a close environmentsetup during the actual electoral day.

Table 3: RFID Range TestTestingRange/Voter

Voter 1 Voter 2 Voter 3

0-3cm OK OK OK5cm OK OK OK6cm OK OK OK7cm OK OK OK8cm OK OK OK9cm Failed Failed Failed10cm Failed Failed Failed

4. RESULT AND ANALYSISWe have recorded users feedback on the system, so that

we could improve the SES prototype. Several students havevolunteered to test the system and the results of their end-to-end testing of the system is shown in Table 4. We haverectified the problem and as such we have included our re-marks in the table. Since we are using a low capacity serverwith minimal processing power we think most of the issueis related to the server capacity. In general the studentsare satisfied with the functionalities provided in SES thoughthere is a comment related to the GUI of the prototype.

4.1 ResultFrom our observation the SES system has potential to

substitute the paper ballots. The main objective of the sys-tem is to fulfill the requirement of an e-voting system whichmust cater for voter privacy, voters data integrity and sys-tem availability during the actual election process. The sys-tem must also be easy to use and user friendly. The mostimportant thing is the system security. For example the sys-tem should be secure from the threat due to identity theftand man-in-the-middle attack. The project is a work inprogress. It has opened up the opportunity for our studentsto implement other types of authentication method. In thisprototype we choose RFID as our authentication method.We think it is the most appropriate approach because it re-duces human interventions to login into the system. More-over the client-server environment reduces the risk of expos-ing the system to the main public. In this model, the systemwould not be left open to the voters all the time. Instead,the administrator would control the polling sessions. Thesystem would be set in a designated place and only eligiblevoters would be allowed in the polling center.

4.2 AnalysisThe main concern of an e-voting system is on the data

integrity and voters and candidates privacies.The resultsgained from the prototype have triggered a guideline thatcould be used by other higher learning institutions to eval-uate a functioning e-voting system whether it is suitable fora campus electoral. In essence, an e-voting system wouldconsist the following components:

i. Network Element: In which case a remote access net-work would have more vulnerabilities and threats ascompared to a local access network

ii. System Security: Different types of security measuresrequire for a stand alone, a Client-Server, a Web-basedor a mobile system.

Figure 3: SES Modules

Figure 4: SES Voter Registration

Table 4: Users FeedbackSTUDENT COMMENT REMARKSStudent A Easy to use - User

doesn’t have totype anything tologin, just touchthe card to loginand logout.

This feature will bemaintained in SES.

Student B -Fast and timesaving -Justtouch the cardand vote.

This feature will bemaintained in SES.

Student C Easy to use butsometimes have aslight delay.

The delay is due to thelow specification serverand network based envi-ronment. The solution isto get higher-end serverand improve the networkconnectivity.

Student D Good applicationbut the applica-tion GUI buttonslooks old.

GUI issues can be fixed.

Student E Need to improveservice becausefirst time loginfailed, in my case

The server respond willbe improved with betterserver. Another possi-bility of this problem isdue the time taken bythe server to match theuser RFID with the dataregistered in the server.The solution would be toimprove the search en-gine in SES with a bet-ter algorithm. For exam-ple, using a binary searchinstead of a sequentialsearch.

Student F Good applicationand more secure.

The security of the sys-tem includes the net-work security, data secu-rity and the physical se-curity of the equipments.

iii. Data Integrity: Data should be encrypted especiallyfor data that is exposed to the public.

iv. System Engine: It is the heart of the system. It shouldhave functionalities for an administrator to set eligiblecandidates and sessions based on a university rules andregulations for a campus election. It should also cap-ture events log for accounting purposes in the future.

v. GUI: The system should be easy to use and user friendly.

5. CONCLUSION AND FUTURE WORKSES is a proprietary e-voting system that was developed

by a group of UniKL students. The students envisage thatSES would be used as a system to assist a campus elec-toral process. SES has much potential to be expanded into

a secure and smart e-voting system. SES contains the fea-tures of a closed centered voting system that maintain thevoters confidentiality. The system also eliminates paper bal-lots. The prototype meets the requirements for an e-votingsystem. The functionalities of SES can be expanded. Forexample, advertisement about a campus polling day, encour-agement for students involvement and to cast their votescould be spread using an sms alert message to students’BYOD would be triggered from SES Manager. This typeof feature can be included in the SES. The current versionof SES includes an engine for setting up candidates basedon the university rules and regulation for a campus election.For example, the potential candidates must maintain goodacademic standing throughout their studies. The studentsperformances record can be extracted from another system.At the moment the two systems have no links. The mainpart of SES is the engine. We have presented a guideline foran electoral system. The guideline can be applied to othere-voting system.

6. ACKNOWLEDGMENTSOur gratitude to Universiti Kuala Lumpur and to our

sponsor and parent company the Majlis Amanah Rakyat(MARA).

7. REFERENCES[1] D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. Ryan,

J. Benaloh, and M. Kutylowski. Towards TrustworthyElections: New Directions in Electronic Voting,volume 6000. Springer, 2010.

[2] K. Coyle. Management of RFID in Libraries. TheJournal of Academic Librarianship, 31(5):486–489,2005.

[3] M. Dhanalakshmi and U. Mamatha. RFID basedlibrary management system. Proceedings ofASCNT–2009, CDAC, Noida, India, -:227–234, 2009.

[4] First. Forum of Incident Response and Security Teams: Common Vulnerability Scoring System (CVSS-SIG),Last visited June 2013.

[5] Y.-C. Huang. Secure Access Control Scheme of RFIDSystem Application. In Information Assurance andSecurity, 2009. IAS’09. Fifth International Conferenceon, volume 1, pages 525–528. IEEE, 2009.

[6] J. Kovar. Electronic Voting System: Campuse-democracy. Lancaster University, March 2010.

[7] D. Lundin. Component Based Electronic VotingSystems. Springer, 2010.

[8] A. Norfaizah. Online Student Vote System, volume 1.KUTKM, 2004.

[9] G. Z. Qadah and R. Taha. Electronic voting systems:Requirements, design, and implementation. ComputerStandards & Interfaces, 29(3):376–386, 2007.

[10] S. N. Salleh. Campus Election System. OnlineElection, volume 1. UTeM Library, 2008.

[11] Technical Support Team. Advanced RFIDMeasurements: Basic Theory to ProtocolConformance Test. Technical report, NationalInstruments Corporation, Last visited July 2013.