Developing an Indigenous Evoting System Architecture – A Case Study

By:

Dr Agu Collins Agu

Director, Zonal Offices Coordinating Department, National Information

Technology Development Agency (NITDA)

BRIEF SYSTEM OVERVIEW

NIGCOMSAT’s e-Registration and Voting

System is a novel invention of a reliable, secure

and always available electronic registration

and voting system that adopts two mature

technologies for its implementation; RFID

(Radio Frequency Identification) and

biometrics.

BRIEF SYSTEM OVERVIEW CONT’D

The unique combination of both technologies

provides an offline system with intrinsic voter

authentication as well as instant check for

multiple registrations, voting and an anti-

rigging mechanism. Complementing this

system is a database-driven web application

for real-time display of collated data e.g.

election results for public viewing.

KEY TECHNICAL SPECIFICATIONS

RFID Card Features Ruggedized PVC card with weather-proof embodiment

Contactless transmission of data (no battery required)

Operating distance 100mm

Fast data transfer (106 kbps)

High data integrity (16 bit CRC, parity, bit coding, bit

counting)

True anti-collision

Typical transaction <100ms (including backup

management)

Data retention of more than 10 years

KEY TECHNICAL SPECIFICATIONS

Security Features

Mutual triple pass authentication (DES, 3-DES and

AES)

Data encryption with replay attack protection (DES,

3-DES and AES)

Supports multi application with key hierarchy

Unique serial number for each card

Anti-tear protection mechanism

KEY TECHNICAL SPECIFICATIONS CONT’D

RFID Card Reader Features

Operating distance 100mm

Highly integrated analog circuitry to decode card

response

Unique serial number

Secure non-volatile key memory

Suitable for high security terminals based on 3-DES,

AES, RSA

Anti-collision procedure support

Very low power consumption (USB nano-watt technology)

KEY TECHNICAL SPECIFICATIONS CONT’D

Security Features

Mutual triple pass authentication (DES, 3-DES and

AES)

Data encryption with replay attack protection (DES,

3-DES and AES)

Supports multi application with key hierarchy

Unique serial number for each reader

Anti-tear protection mechanism

Supports over 32 secret keys

KEY TECHNICAL SPECIFICATIONS

Fingerprint Biometrics Features

FBI certified High performance PC USB fingerprint scanner 256 bit AES Enrollment time <0.1 second World’s best performing fingerprint algorithm (NIST

MINEX and FVC 2004/2006) Fast matching speed : 100,000 match within a second 500 dpi optical fingerprint sensor Very low power consumption (USB nano-watt

technology) Ruggedized scratch free sensor surface

Voter Registration Duplicate Search System

Multi-biometric technology to identify duplicate registrations in the nation’s voter database.

Accurately identify and remove all duplicate registrations in the voter database.

Database that will include photographic and fingerprint records for atleast 80 million voters.

With such a large database, the search for duplicates is a complicated task that requires a large number of matching operations and a high degree of reliability.

Will become core identification engine for Nigeria’s security / law enforcement system for data portability.

Key Benefits

System helps ensure the administration of fair and democratic elections by verifying the accuracy of the country’s national voter database.

Up to 40,000,000 fingerprints per second matching speed on a single unit.

Scalable cluster architecture.ISO & ANSI fingerprint template standards support. The interoperability and flexibility of the SDK enable

the system to work easily with a variety of other software and hardware.

The low cost-per-unit and low hardware system requirements enable a cost-effective solution for Nigeria.

How the System Works

Face and Fingerprint Capturing

The voter information collected consists of face and finger fingerprint images along with personal demographic information of each and every person registered.

In essence, the system will capture face and fingerprint data for up to 80 million voters using a variety of input devices, including PC Web cams for capturing face images and fingerprint scanners. The system stores the face and fingerprint images within the RFID Voter’s card and also in a secure database in WSQ format.

Template Generation

The Template Generation Module, based on a

Matching Client, reads the WSQ images from

the database and generates fused face and

fingerprint templates that are then stored in a

SQL Server Database. The Voter Registration

Duplicate Search System then uses these

templates to carry out the biometric “N-to-N”

matching process that identifies duplicates

within the database records.

N-N Matching

Our implementation for Nigeria will carry out fusion matching by providing two options: 1. Fuse always 2. Face then fuse  The first option, “Fuse always” is for a complete N-to-N matching strategy which requires much more time than that of second option. “Face then fuse” means that the system first generates face score, and if the score crosses the threshold value then the respective finger template is matched. Due to the high speed of the face matching algorithm, this process significantly reduces the amount of time required to identify duplicate entries.

N-N Matching

This powerful fused algorithm can produce up to

400,000 matches per second on a single

processor PC; and with fault-tolerant, scalable

cluster software, this number can be multiplied

across multiple PCs to perform extremely fast,

parallel fingerprint and face matching using

databases of practically unlimited size. The latent

fingerprint template editing capabilities will also

allow it to be used in forensic AFIS applications.

Server Cluster Architecture

The cluster server consists of a server machine,

several cluster machines, a cluster server

license, several cluster client licenses, and

necessary software and data as shown in figure

1 below. It provides significantly high capacity

for record matching depending on the number

of cluster nodes used. The cluster server can be

configured to match up to match tens of

millions of records at a time.

Server Cluster Architecture

Detailed System Description

The system involves the following four (4) phases: registration, verification, vote casting, and result tallying and display. Below are sub-sections that describe each phase respectively.

Registration PhaseIn the registration phase, designated registration units are used to register eligible voters. In a registration centre, a registration unit is comprised of the following:

1. Notebook2. HD camera3. Registration software4. RFID card reader5. Fingerprint scanner

Detailed System Description

Fingerprint Biometric Scanner A Specimen of an RFID Voter Card

RFID Card Reader/Writer RFID Card Printer

Voting Phase

The voting phase, designated voting stations are

used by eligible voters to vote. A voting station

is comprised of the following:

Notebook with a touch screen

Voting software

RFID card reader

Fingerprint scanner

Ballot printer

Result Tallying & Display Phase

A reliable communication link is to be used to connect

each voting centre to a centralized command center

for vote aggregation of votes from all voting centres. A

polling scheme is to be adopted to poll data from each

polling centre at a particular interval of time for real-

time collation and tallying of results. The collation and

tallying process is handled by a database management

system (DBMS). The collated and tallied results from

the various voting centres are made available for

online display through a web application over a secure

network and/or Internet.

Web Interface for Result Display including Textual and Graphical Viewing