Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)

IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

The Next Gen Election:

Design and Development of E-Voting Web Application
Raghav Chhabra Uday Vohra Vishrant Khanna
Department of Computer Science Department of Computer Science Department of Computer Science
M anav Rachna International M anav Rachna International M anav Rachna International
Institute of Research and Studies Institute of Research and Studies Institute of Research and Studies
Haryana India Haryana, India Haryana, India
[email protected] [email protected] [email protected]

Aditya Verman Dr. Poonam Tanwar Dr. Brijesh Kumar

Department of Computer Science Department of Computer Science Department of Computer Science
M anav Rachna International M anav Rachna International M anav Rachna International
Institute of Research and Studies Institute of Research and Studies Institute of Research and Studies
Haryana, India Haryana, India Haryana, India
[email protected] [email protected] [email protected]

Abstract— The elevated utilization of information protocols need to be established for the E-voting
te chnology seems to revolutionize both the provision of system. To reduce threats, different rules
governmental services and the vivacity of democracy. E-
voting or Ele ctronic voting symbolizes modern democracy.
concerning eligibility, ballot-privacy, singular
E-voting will be at its best when complied with the existing verifiab ility, comp leteness, fairness, universal
legal and regulatory framework. "Vote", the word means verifiab ility, and robustness have to be developed.
to dete rmine or to elect or select from a list or who will run "ELECTRONIC VOTING APPLICATION" is an
the country or the organization or a group. To find leaders
selecte d by people is the prime aim of voting (Scenario:
online voting method. In this system, individuals
Citizens electing their country leaders). Most countries, who are citizens of India and are over the age of 18
India is no exception, have trouble voting. Some of the and all sexes should be able to cast their ballot
issues at stake are incorrect voting during elections, without visiting polling stations. There is a
inexperienced personnel, inaccessible or insecure polling
stations, and inadequate voting equipment. The new database managed by the Indian Electoral
indigenous flagship internet-based voting system solves this Co mmission that stores all voters' names with
exact problem. It should be noted that users, in this case , complete information.
citizens, have a large time frame during the voting period
with the system running. The objective of this paper is to
come up with a new solution, does come with a small
In "ELECTRONIC VOTING APPLICATION",
learning curve, citizens will have to be trained on how to voters can easily use their voting rights online.
e xe rcise their right to vote online. They must be registered first to be able to vote.
The system admin istrator registers everyone
Keywords- voting, E-voting, electronic voting mainly for security reasons. The system
system. admin istrator registers voters on a special system
site that they only visit by simply filling out a
I. INT RODUCT ION registration form to register the voter. Citizens
wishing to register should contact the system
E-voting plays a vital role in the evolution of a
admin istrator to submit their contact information.
democratic society. The voting technique currently
The verification of the individual is done using
used involves voters to cast their votes by visiting
existing databases such as AADHAR, PA N-Card,
polling stations. Polling stations are either installed
Passport, etc., by the registration authority, the
fro m scratch or just some public places are used.
citizen is therefore registered as a voter by the
Implementation of E-voting would save a lot of
Indian Electoral Commission.
time for both voters and the election commission.
An ideal voting application should allow fu lly
After registration, the voter receives a Voter_Id
functional online voting using general household
number and a password with which he can access
devices [1]. Counting of voting can be done
the system and use the services provided by the
automatically and anonymously. E-voting system
system, e.g. Voting, reviewing results, etc. If
introduces a different type of threats and
invalid/incorrect information is sent, the citizen is
challenges as it relies on the internet,
not registered to vote.
simultaneously solving the problems faced while
using current voting systems. Different sets of

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 536

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

II. PROBLEMS WIT H EXISTING SYST EMS in the ballot bo x, which poll works should be
watching.
A. Current Scenario
“If the election is later disputed or found being
In the early days, the voting process was rigged, officials can optically scan these paper
performed using a paper ballot. After the ballots or hand-count them accordingly.”
advancement of technology, Electronic Vot ing
Machines were developed, and like any
technology, it also has its pros and cons.
C. Electronic Voting Machine
B. Election Commission of INDIA Electronic voting machines (EVMs) were
The duties of the Election Commission of India originally developed to smoothen the process of
(ECI) as established by Article 324 of the voting. They were a great success but created new
Constitution are to ensure that the election process problems of their own. Furthermo re, EVMs do not
is being performed in a fair and free manner [2]. satisfy the basic legal requirements that were
For any election to qualify as free and fair, the being established in the IT Act 2000 [4].
standards are as follows:
The current version of EVMs that are being used
i. Individuals must be meticulously verified in the election process cannot verify the identity of
as eligible voters; the voter. This leads to a new problem, which if
ii. Voters must be able to vote only a single exploited any nu mber of fake and bogus votes can
ballot, wh ich should be anonymous be cast in the ballot.
and allowed to opt-in private space;
iii. The ballot box or any storage medium D. Related work
must be secure and carefully surveyed E-voting applications’ trails have been carried out
during the election, voters must only by several countries, depending on their
have the power to cast in the vote note capabilities to carry out such an event. Some of the
redact them; success stories are listed:
iv. After the election is over, the votes must In 2000, elections were carried out using an E-
be extracted fro m the ballot in voting system in the United States’ election. Even
presence of observers from all though it was only carried out in some parts of
participating parties, the votes and the Florida, it marked its name in the history of E-
voters must remain anonymous ; voting systems’ development [5].
v. When or if there is any doubt in the result In 2002, an electronic voting system was tested
the verification of votes must be in the United Kingdom. During this process, 16
available; authorities were rewarded for building that E-
vi. The vote of the respective voter must go voting system. For the same, 18 more authorities
to the candidate he/she cast it to. were awarded after a year.

Over the last few centuries, the paper ballot In the year 2004, the United States conducted
satisfies all the six needs for a fair and free the election using an E-voting system DRE for the
election. However, the way EVMs are being used first time in history at a national level.
in India for general elections dissatisfies the The first mass internet-based voting was
requirements shown above. recorded in the French Presidential election. In the
Election Co mmission of India then integrated year 2007, history was made in France in E-voting
the EVMs with the assurance of a “paper backup” which involved more than 31,000 voters to
or “paper trail” as is performed in different participate in the 2007 French Presidential
states/countries. This was an easy and practical election.
way to meet the last two needs mentioned. In the year 2014, 17,60,000 ballots were
As intended, the “paper trail” procedure is recorded in the election of the Min istry of National
supposed to support the process of voting, Education of France.
described below:
E. Problem with Existing Systems
When the voter gets approved then he/she can
● Costly and time taking: The stages of
make decisions in the ballot. If they confirm the
choice displayed to them, the vote is being gathering and registering the data into the
recorded in some storage medium [3]. database take too much time and is
expensive to conduct, for example, time
After that the EVM prints out the choice made and money is spent in printing data
by the voter in the receipt form and gets deposited capture forms, in preparing registration
stations together with human resources,

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 537

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

and thereafter advertising the days set for A. Registration phase

registration process including sensitizing 1. The voting process starts with the
voters on the need for reg istration, as well registration of the voter.
as time spent on entering this data to the 2. If the voter is registered already, he/she
database. can go to the login page to cast
● More than required paperwork: In the his/her vote.
current process a lot of paper usage is 3. If the voter has not been registered, He/
involved which leads to other problems She needs to go to the registration
like storage spacing, environmental center with valid documents.
degradation, global warming, etc. 4. There he/she will fill a form and submit it
● Mistakes are made during filling with photocopies of valid documents
information: Mistakes are part of being as proofs of various kinds.
human; It is very unheard-of human 5. If elig ible he /she will get his/ her voter
beings being 100% efficient in data entry. id card after some week and will be
● Loss of registration forms: Registration eligible to cast a vote.
forms are sometimes lost after being filled If not, the officer will contact you about the reason
in with voter information, in most cases, and how it can be solved
these are difficult to follow-up. Hence,
many individuals remain unregistered
even though they were elig ible and
willing to cast their vote/ballot.
● Inadequate time provided to verify the
voter register: This seems to resurface
again and again as a big pain point for
voters, the ability to verify their voter
records are correct gives them the peace
of mind every voter should have of their
vote being considered every time they
vote.

III. PROPOSED ARCHIT ECT URE

In this paper, an e-voting application is proposed. Figure 2: Registration Phase

B. Voting phase
1. To cast a vote, open the login page.
2. Enter your voter_id and password to log
in.
3. Select the candidate you want to vote for
from the list.
4. Check Or verify your vote.
5. Submit, to end your voting process.

Figure 1: Application’s ER diagram

It has two main co mponents: Voter and

Admin/Election commission.
It consists of two phases: Registration phase,
Login phase, and Voting phase.

Figure 3: Voting Phase

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 538

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

B. Viruses
Viruses are a malicious piece o f code that attaches
IV. LEGAL ISSUES
itself to a host intended to spread fro m one to
Any application in these times has to follow some another. It can replicate itself and even copy it to
legal rules and must be under some regulations of other programs. The infected vulnerable system
some sort. may lose data, admin control, sensitive data, and
who knows what. if an E-voting application gets
A. Remote voting: infected then it may co mpro mise the elect ion or
perform several malicious tasks.
Remote elect ions at the mo ment fail to provide
any kind of super visional factor. When the
individual casts its votes in the voting booth, they C. Worms
are given some privacy or space, but still kept in A worm is a malicious program that replicates
surveillance fro m a d istance; which is not possible itself and spreads to the network or any other
in the E-voting system. While an indiv idual is connection present without any human interaction.
casting votes in the election process, a family It doesn't need to attach itself to any software
member o r coercer can watch over your shoulder program i.e. it does not require any host to carry
and compro mise the process [6]. The website on the code. Worms can harm E-voting application
which the application is hosted can be by either compro mising server storage or network
compromised by an attacker/ hacker. bandwidth. If programmed accordingly, the ability
B. Transparency: to overwrite file and change result of the election,
bringing the purity of the ballet into danger.
In today’s election scheme, an ind ividual has no
way to verify that his/her vote is counted correctly
and fairly [7]. For any reason, if an individual’s D. Trojan Horses
vote gets misplaced, there is no way of even A trojan horse is a program or file that appears to
realizing that the vote is lost. be safe but may be performing tasks like giv ing
Transparency in the electoral process is very admin access to the system or network, sending
tricky and difficu lt to achieve. So metimes it can informat ion to an attacker(s), and so on. They are
be dangerous as it may leak more information than an immense reason for concern to the
it should or is allowed to. confidentiality and integrity of the E-voting
application(s) and/or systems' network. The data
C. Voter privacy: of the voting process or voters can be stolen.
In an election process, voter’s privacy or
anonymity is the key element. It is forbidden by E. Physical Attacks
law to even know what another individual opted There are several ways in wh ich an E-voting
for in the ballot. To achieve, the privacy of each system can be co mp ro mised physically. They may
voter, no vote should be traceable back to the damage, disrupt, change, or destroy computer
voter [8]. equipment or the data itself. Physical attacks on E-
voting can be a scheme of a candidate/party to
sabotage the election process. It may also be an
V. SECURIT Y A NALYSIS
attempt to steal the voters’ personal informat ion
No web application is entirely secure in this for illegal uses. So, the infrastructure of the E-
world; bad people (attackers) catch up with voting system should be kept secret.
developers and all very quickly [9]. Various
threats can harm the E-voting system in different
phases of security leaving an unsecured system. VI. NULLIFIERS OF THREAT S A GAINST E-
VOT ING SYST EMS

A. Denial of Service To nullify different types of threats, some

mitigation controls are suggested. They don’t
Denial of Service (DOS) is an attack which
ensure absolute safety but act as safeguards to the
intends to or successfully shut down a network or
network or system, making them difficult to
a system, wh ich makes it inaccessible to the compromise.
authorized users. This attack can disrupt the
election process, even take down the whole
network A. Authentications Schemes
Logical and physical access to the E-voting
system(s) should be allotted based on credentials
and rights on the basis or either role -based policy
or need to know basis. Administrators and voters

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 539

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

should gain access with the help of non-trivial G. Open Source Systems in E-Voting
authorization and authentication mechanis ms for The idea of including open source systems in E-
improved security[10]. For example, Public Key voting has been suggested. It’s still not a wise
Infrastructure was applied in the Estonian E- decision to include an open-source system running
voting System (EstEVS), which enabled voters to E-voting over the internet. An open-source system
vote only when they used their authentication and cannot be trusted more than a closed source
Digital signature certificates. system. In an art icle by Ken Thompson entitled
However, t raditional methods with some tweaks “Reflections on Trusting Trust” it was stated that
can also provide great authentication method like “you can’t trust code that you did not totally create
making it mandatory for the user to set complex yourself” [13]. Any application written in a way
credentials. that it is derived fro m an ingenious piece of code
can be used to include or insert backdoors in the
B. Phishing Scams application.
A Social ph ishing scam could be avoided by
spreading knowledge of E-voting applicat ion VII. RESULT ANALYSIS
about different tactics using which phishing scam
Ideal Electronic voting or any voting method for
could be launched [11].
that matter should follow certain parameters for the
The above can be done only if the educators are successful voting process[14].
up to date with the newest methods of
exploitation. Technical phishing scams could be In order to perform an internet-based election,
more harmfu l than the social phishing scams as some parameters need to be addressed.
they have the ability to disrupt the elect ion
process. A. Ballot privacy
No one other than the voter themselves cannot
acquire knowledge of someone’s ballot.
C. Mutual authentication
This is the method in which the client is required
to authenticate the server and server must B. Individual verifiability.
authenticate the client for further interaction.
The voter must have an option to verify or
confirm after the voting process.
D. Integrity Threats
Integrity threats are those which makes you C. Eligibility
question the integrity of the data. Integrity threats Only the legal voter would be allowed to enrol
in an E-voting application can be minimized by in the voting process.
forbidding changes during the active stages of the
voting process [12]. E-voting applicat ion must be D. Completeness
reviewed by an independent third party before Each and every vote should be counted
deployment to verify that it does exact ly what it is precisely.
supposed to and further to find any kind of
anomaly in the code. Using Cryptographic
techniques while data transmission can reduce E. Uniqueness
integrity threats. Every voter should only be allo wed to vote
once during an election. An individual should not
be allowed to vote again.
E. Subverting System Accountability Solutions
The usage of checksums and encryption on the F. Robustness
audit trails helps to catch or to prevent any kind of No one should have the ability to modify the
changes to the file system. It helps to reduce the results during the process of counting and/or
risk of running source code with side effects. tallying.

F. Network Infrastructure Through Redundancy G. Coercion-Resistance

Honey pots and Cryptograph can be used to The voter should not be able to prove who
minimize attacks on the network or the system. he/she casted their vote to.
However, preventing DOS attack can be quite
challenging some times.
H. Fairness
Anything or anyone should not possess the
power or ability to influence the result of the
election.

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 540

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

4. The number of login attempts can be

reduced to a fixed nu mber to prevent
I. Receipt-freeness
brute force login.
Any individual must not receive or attempt to 5. Bio metrics can be used like face
create any sort of receipt or acknowledg ment detection or fingerprint sensors to
during or after casting their votes. identify the voter.
6. Android/IOS app can be developed for
the same purpose.
VIII. CONCLUSION
7. Create REST APIs so that a scalable
Our new internet-based voting system manages architecture is developed.
the voter’s informat ion, which makes the life of 8. Shift storage to blockchain-based
the voter easier, they can just simply login and distributed ledger.
exercise their right to vote. Th is new voting
system is built on the backbone princip les of free REFERENCES
and fair elections and hence tries to incorporate all
the benefits of traditional voting solutions. This [1] Yifan Wu, An E-voting Systembased on Blockchain and
solution manages the heavy and repetitive task of Ring Signature,: University of Birmingham, 2017.
vote management, it counts the number of votes [2] The problem with EVMs by Subramanian Swamy,
received by individual candidates and later the https://www.thehindu.com/opinion/op-ed/The-problem-
with-EVMs/article13369610.ece, 2 september 2010.
number of votes received by each political party. [3] Orhan Cetinkaya, and Deniz Cetinkaya, Verification and
The Election Co mmission of India independently Validation Issues in Electronic Voting, :Institute of
owns and maintains the voter and election Applied Mathematics, METU, Ankara, Turkey. 2014.
databases with the comp lete information. Th is [4] L. Christian Schaupp, Lemuria Carter, E‐voting: from
database is stored in an undisclosed location and apathy to adoption: Journal of Enterprise Information
Management, 2005 .
only top officials of the Election Co mmission of
[5] e-Envoy, in the service of democracy; a consultation
India know the exact location. paper on policy for electronic democracy. In. London:
The system allo ws all eligible voters (Ages 18 and office of the e-Envoy, Cabinet Office, 2002.
above as of the 1st January of the voting year) to [6] Electoral Commission, Modernising elections: A strategic
register themselves on the system. After which evaluation of the 2002 electoral pilot schemes. London:
they can log in by their secret credentials and T he Electoral Commission, 2002..
exercise their right to vote. The system's [7] M.L. Markus and D. Robey, Information technology and
organization change: causal structure in theory and
intelligent design does not allo w any person to research, Management Science 4(5) (1988).
vote more than once. [8] Ministerie van Binnenlandse Zaken en Koninkrijkrelaties,
All the votes are recorded and stored on the Brief aan de T weede Kamer over heroverweging Kiezen
backend databases. The result is evaluated in a op Afstand (Letter to the Parliament regarding the
reconsideration with respect to e-voting). In. Den Haag:
few minutes through the pre-written code, which Ministerie van Binnenlandse Zaken en Koninkrijkrelaties,
keeps tallying the results in real-time. This new 2002.
solution conquers all the pain points with [9] J. Olsson and J. Åstrom, eSweden: Hare or Tortoise? In
traditional methods of voting, like h igh cost and Internet Voting. Present states and future perspectives
time involvement. The user-friendly design makes IPSA Research Committee 05. Marburg, 2002.
[10] W.J. Or likowski and D. Robey, Information technology
it easy to use, and also easy to fix. and the structuring of organizations, Information Systems
Research 2(2) (1991), 143–163.
[11] L. Pratchett, The implementation of electronic voting in
IX. FUT URE SCOPE the UK, London: Local Government Association, 2002.
This application has a lot of potentials if [12] S. Bundesrat, Bericht ¨uber den Vote ´electronique;
Chancen, Risiken und Machbarkeit elektronischer
implemented with state-of-the-art infrastructure. Aus¨ubung politischer Rechte. In: Schweizerischen
Some further enhancements can be: Bundesrat, 2002.
1. The user interface can be made mo re [13] F.I. Solop, Digital Democracy Comes of Age in Arizona:
interactive. Participation and Politics in the First Binding Internet
Election. In American Political Science Association
National Conference. Washington DC, 2000.
2. Two-step authentication can be
[14] B.Watt, Implementing electronic voting: A report
introduced to improve security. addressing the legal issues raised by the implementation
3. OTP verification through mobile nu mber of electronic voting. In: University of Essex, 2002.
can also be included.

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 541

Authorized licensed use limited to: University of New South Wales. Downloaded on July 13,2020 at 06:20:08 UTC from IEEE Xplore. Restrictions apply.