Background of the study
The applications of information and communication technology based on E-Governance has ability to facilitate administration and help to develop efficient as well as cost effective method than conventional method of an administration. In this perspective, an administration is dependent on gathering information of the participants and enables flawless voting mechanism. In a democratic country, it is important to have flawless voting mechanism considering the primary pillar of the governance (Shuaibu et al. 2017). However, at present days of business, several people stay away from voting constituency for having several compulsions and providing increase in the number of uncast votes to a very high level. The issues need to be sorted out for efficient administration. The utilization of advanced communication technologies and authentication mechanism has an important role in this aspect. The concept of multifaceted smart card based E-Governance system has functionality of bio-metric authentication system. With A Virtual Private Network (VPN), a voter can be able to give own vote safe and secured way through internet.
Research aims and objectives
The research aims to analyze the effectiveness of VPN in online voting system. In addition, the study evaluates the advantages and disadvantages of using VPN in online voting system.
The objectives of the study can be listed as followed.
- To analyze the effectiveness of VPN in online voting system
- To find out the limitations of using VPN in online voting system
- To recommended solution to minimize the issues while using VPN in online voting system
The research questions can be explained as followed.
- What is the effectiveness of VPN in online voting system?
- What are the limitations of using VPN in online voting system?
- How to minimize the issues while using VPN in online voting system?
For a developing country, it is a massive challenge to maintain an efficient administration within affordable budget. Application of Information and Communication Technology (ICT) based on E-Governance has an important role in order to provide method facilitate efficient administration in cost effective way. There have many studies on utilization of computer technologies in order to enhance elections. However, there are risks of moving and adopting electronic voting system as there are challenges in software engineering, insider threats and vulnerabilities in network as well as challenges of auditing. On the other hand, accuracy is one of the major issues (Culnane et al. 2017). In this aspect, it is important to develop and implement a system that will be helpful to mitigate the issues and provide system for enabling efficient administration.
As information technology has pervaded virtually each of the facets of human life, it becomes important to apply in basic purposes. Voting system is considered as one of the most important things in a democratic country. Thus, it is important for administration of a country or an organization to set up right process for selecting right administration for future. Traditional voting system has several issues like accuracy, validity and security of the data. On the other hand, it is very difficult to have time for voting. Thus, it becomes an important issue to mitigate the issues and develop such system that is able to take votes online securely.
E-voting system becomes as the ability of a nation to enhance electoral procedure. Non-electoral voting system often includes high costs as well as easy manipulation. In addition, paper ballots, direct counting as well as other manual electoral procedures have proved unreliable due for rigging and misplacement of votes. Moreover, mixing up votes along with changing of ballot papers and outcomes are the major limitations of conventional voting system. Hence, it becomes an issue to implement a system that is able to save time of people and give accurate result.
Overview of e-voting system
Electronic voting system is one of the terms that encompass various types of voting and embracing electronic means of casting a vote as well as electronic means of casting a vote as well as electronic means of counting votes. It includes punched cards, specialized voting kiosks as well as optical scan voting systems. It also engages transmission of ballots as well as votes through telephone and private computer networks. It has ability to speed up the counting of ballots.
At present days, e-voting procedures utilize several cryptographic algorithms in order to propose a secured protocol. Usually, an e-voting system includes of five major phases. In the phase of registration, each voter needs to register providing data of identification data in order to participate in the election procedure (Elbarbary 2016). On the other hand, setup phase produces the keys utilized in the encryption as well as signature scheme for encryption as well as sign votes. On the other hand, in the authentication phase, administrator makes verification of registered citizens in order to become an eligible voter through making comparison of the details. The voting phase manages casting of vote in secured way so that there are any early outcomes obtained and influence on the remaining voters. The phase of counting is responsible for last and final stage of the election procedure where invalid votes are checked as well as removed, whereas valid votes are counted properly and generate result of the election.
Use of VPN in e-voting system
There are several types of voting competitions as well as the way for voting. The VPN platform provides a fast, safe as well as reliable means of transmitting data over the internet. The outcomes of validation show that it will be helpful to facilitate the process of adoption for establishing effective e-governance in the developing countries. Multi-Protocol Label Switch is one of the most important solutions for security threats that surrounds the utilization of public networks. In addition, it offers a secured network configuration between a sender as well as receiver over a public non-secured network.
Figure 1: Flowchart
(Source: Created by author)
A Virtual Private Network can transform the characteristics of a public network into the public secured network as well as gives works through creating a specific tunnel on IP (Bagui et al. 2016). Moreover, it enables to the entities in order to utilize internet as virtual backbone through allowing them in order to create secure virtual links between cooperating headquarters along with remote sites through internet. Open VPN is one of the VPN solutions that are adapted to the proposed model. It characterizes the process of tunneling of traffic by transport layer.
Malicious code, running on the voter's customer brings down the security of any voting framework to silliness: Plenty of assaults are conceivable: (I) changing the voter's choice without the voter seeing it, (ii) keeping voters from the race, by discarding the vote and influencing the voter to trust that everything works accurately, e.g., by showing faked messages, (iii) extricating the voter's choice and transmitting the plaintext vote to the assailant. Basic cryptographic means don't beat any of these assaults, since pernicious code communicates before the cryptographic operations are connected. The foe may, for example, listen stealthily on mouse or console inputs and conclude the voter's choice. In this manner, the two prerequisites can be disregarded by vindictive code on the voting gadget. This is a difficult issue on the grounds that vindictive code can be circulated effortlessly and naturally, e.g., by misusing security imperfections of the end-client gadget or by sending contaminated messages to the voter. This should be possible enormously by means of infections (Bagui et al. 2017). Malicious code could likewise be put on the voter's gadget by engineers of items running on many end client gadgets (e.g., Solitair). Contrasted with postal voting, these assaults should be possible naturally and scalable with noteworthy effect on the decision result.
Degenerate voters may change the customer voting programming and additionally their gadget in discretionary ways: They can, e.g., log their mouse and console occasions, some other I/O interfaces like the one to associate with the system. In addition, they can store each middle of the road calculation step. Therefore, having a probabilistic encryption work encP and a plaintext m and also the relating figure content c subsequent to processing c = encP (m), the voter has logged every single irregular parameter to have the capacity to demonstrate that c has a place with m. The most difficult issue thusly, is the age of a proof for the voting choice which would abuse the receipt freeness and in this manner, permit vote offering. Receipt-freeness is a notable issue. While many sans receipt voting conventions as of now exist (a large portion of them depend on assumptions5 as for a few parameters (e.g., irregular numbers for probabilistic encryption) which must be kept mystery on the customer side. This supposition does not hold by and by since stage proprietors have finish control over the voting gadget - the PC. It isn't sufficient to offer m, c and proof(m, c). Somebody purchasing votes, the client, may likewise need to know whether the demonstrated c is the one that is thrown and included or one made it request to swindle (PatilRagul et al. 2015). In this manner this demonstrating assault works great for any voting convention working with an announcement board where the encoded vote can be by one means or another relegated to the voter. In this way, a degenerate voter can offer his logged information (e.g., vote, parameters, and keys) and the client of the vote checks whether the comparing vote is on the release board or not. This assault can be bolstered by the use of voter evidence. On the off chance that the voter has the likelihood to check that his vote is put away and tallied. This verification can likewise be utilized by the client to check whether the voter acted as guaranteed. Notice, it is a considerable amount of exertion for single voters to get the important information out of the voting programming just to offer a solitary vote. In any case, most clients will wish to purchase an extensive number of votes at any rate, and along these lines give the degenerate voters instant apparatuses (which lead the vital logging and announcing naturally), which they just need to introduce and utilize.
The ebb and flow inquire about is searching for a Trusted Platform which incorporates the alluring properties of open stages (e.g., PC's and PDA's) and of shut stages (voting gadget, smartcards). In this way, it isn't restricted in its usefulness like shut stages however it can demonstrate to an outsider, that it is all around acted, as shut stages. A trusted stage depends on Trusted Computing equipment and on a protected working framework. Put stock in Computing (TC).
Figure 1: Implementation framework of VPN
(Source: Created by author)
TC alludes to an innovation pushed, created and advanced by the Trusted Computing Group (TCG). The center segment of TC is the Trusted Platform Module (TPM), a protected and alter obvious module (frequently a solitary chip) coordinated into the stage (PatilRagul et al. 2016). TPMs are thought of as economical, to the point of effectively turning into a standard piece of off-the-rack PC stages. Around 50 million PCs with TPM chips have been dispatched, and expectations for 2010 territory around the 250 million market. They give a few fundamental functionalities.
Results and discussion
From the secondary analysis done in the literature review chapter, it can be concluded that, it is important to update the systems according to the demands of people and society. Private internet access is one of the main types of VPN that is used in online voting. Private internet access is one of the types in VPN industry that has reached to the place by executing a great combination of low prices, proper security features as well as extensive selection of the severs (Moss et al. 2015). PIA is one of the simple VPNs that are treated as good for changing IP address for the purpose of voting as well as bypassing the restrictions. On the other hand, ExpressVPN is considered as expensive option compared to different VPN services. ExpressVPN also allows gaining great speed and give advantages when required. In addition, there are servers in 90 countries as well as level of security as well as privacy that can be offered high quality. ExpressVPN need not to keep the logs of online.
On the other hand, VPNAREA is one of VPNs that is focused with privacy. It has a great list of features that can be designed in order to ensure that identity is not revealed. In order to avoid IP address, location as well as other details is properly revealed. In addition, VPN are consisting of protection against the leakage of DNS (LeBeau et al. 2017). WebRTC as well as a kill Switch shuts down applications of internet in case of connection drops of VPN. The particular functionality makes ideal for the purpose of voting several times without letting the particular system noticeable again. PUREVPN is one of the highlights of PUREVPN and impressive for global coverage extended through 141 countries. There is flexibility to change between servers as well as selection of new locations in order to keep real IP address. PureVPN does not keep logs of traffic as well as offers affordable prices.
On the other hand, a trusted boot making a chain of trust is basic. The trusted boot logs the boot succession beginning with the Core Root of Trust Measurement (CRTM) in ensured registers of the TPM (called Platform Configuration Register - PCR). These PCR esteems are marked by a key called Attestation Identity Keys (AIK). The AIK is produced by the TPM and people in general key is either confirmed by a Trusted Third Party or without by utilizing the convention. In the second case no data about the TPM or its proprietor is given away.. Fixing might be encouraged utilizing confined keys. In this manner, a key match is produced and the relating mystery key is bound to the present stage, stage setup and application. Presently, a remote example can encrypt information including a requested setup utilizing the relating open key. The TPM can unscramble the figure however discharges the information just if the present stage arrangement coordinates the requested one (Kalis et al. 2017). While the TPM itself is an inactive part, the natives it gives can, with secure working frameworks bolster, be utilized to essentially enhance security on end-client gadgets. Secure Operating System. The working framework controls the data stream over the equipment layer and hence, it approaches all information - including security basic information.
Internet Voting projects like in Switzerland or the one of the GI have additionally seen the customer shortcoming. In this way, they offer gifts to the voters which disclose voters how to enhance the reliability of their PCs (Raina et al. 2016). While this approach can decrease the dangers made by malware, numerous clients will probably not have the capacity to take after these guidelines, and the system is futile against degenerate voters. Otten has additionally tended to the customer issues and therefore, proposed in an uncommon voting working framework in view of Knoppix. Here, voters need to boot their PC from CD keeping in mind the end goal to vote. This approach does not take care of the degenerate voter issue but rather it tends to the dangers caused by malware. Other work like and proposed the utilization of an onlooker, e.g., a smartcard. By doing as such they conquer the assaults of a degenerate voter for the most part yet a smartcard does not connect straightforwardly with the voting server but rather finished the end-client gadget and along these lines the open framework. Malware on the end-client gadget can mount a man-in-the-center assault and abuse the card, by sending a wrong vote to the card keeping in mind the end goal to scramble and sign it or the PC shows the wrong poll. As of now in 2002, Avin Rubin talked about the security contemplations for remote electronic voting in broad daylight decisions and found a few defects caused by malware inside the utilization of PCs as end-client gadgets for Online Voting (Shuaibu et al. 2017). He officially indicated out that equipment bolster empower a trusted way between the client and the decision server is important to conquer the dangers.
It can be concluded that, a safe working framework is basic to shield securitycritical applications from each other and from vindictive code utilizing security properties like process separation and a confided in way. Put stock in Platform. A trusted stage consolidates both TC and a protected working framework. The engineering comprises of three layers: a put stock in figuring support, security part and application layer. The trusted registering bolster layer contains of customary equipment like a CPU, memory, and equipment gadgets. Besides, it gives confided in registering innovation. The security layer is the safe working framework and is isolated into a hypervisor and a trusted programming layer (Hopp and Vargo2017). The fundamental assignment of the hypervisor is the arrangement of a unique interface of the basic equipment assets. Also, it permits to share these assets and acknowledges get to control implementation. The trusted programming layer (TSL) broadens the interfaces of the basic administrations by security properties and guarantees separation of the applications executed over this layer. Cases of security-administrations are secure UIs (like a trusted GUI to guarantee that the show and thusly what the client sees is secure, or a put stock in way from the console), secure booting, and commonly confided away.Over the trusted programming layer, security-basic and non-basic applications are executed in parallel. Inheritance working frameworks can be executed to keep malevolent code from perusing or adjusting information from a past voting stage, this information can likewise be scrambled in view of fixing. Accordingly, just the legitimate voting programming running on the best possible framework can read the information. Degenerate Voter (Eissa and Cho 2015). To keep voters from controlling the voting gadget or the voting programming remote validation is basic. Subsequently, the entire framework design, including the working framework and the voting programming, is estimated and demonstrated to the voting server. The server just acknowledges a message and speaks with the voter if the voter's voting programming is real and keeps running on a confided in stage. The voter can in any case introduce vindictive programming on any virtual machine however here he can't vote on the grounds that the voting server won't acknowledge his poll on account of the wrong esteems in the PCRs (remote confirmation can be accomplished via fixing the messages to the arrangement of the voting application and underlying TCB). Those malware can't impact or spy the voting programming running in the voting virtual machine due to the procedure disconnection. Scattering of Manipulated Voting Software. As a rule, the voter downloads the voting programming (the entire voting virtual machine). At present, some extra programming processes the voting programming's hash esteem and the voter confirms the esteem or the voter checks whether the voting programming is accurately marked (Moss 2015). In any case, right now, malware running on the stage can control this security check and the show, too. This can't occur on the trusted stage in view of the put stock in way. In rundown, a trusted stage beats the recognized open issues of Online Voting and it gives greater security to the last assault where halfway arrangements as of now exist. Therefore, a confided in stage on the voting customers and server is a strong establishment for a safe and reliable Online Voting System.
In this Section, we inspect frameworks in view of SSL and a web-program, for example, Polyas (utilized for the GI races) and the framework utilized as a part of the Swiss races. These conventions initially build up a SSL association with the voting server (or to two progressive servers, a voter registry and a poll server). We accept each gathering has a dynamic TPM chip. As for the momentum point in inquire about we could circulate a CD to boot a safe stage. This CD contains a GUI equipped for giving a confided in way, a web program and a protected VPN module. All correspondence is burrowed by means of IPSec, with all non-IPSec movement dismissed by the voting server without thought. Before the genuine voting convention (and truth be told, SSL key trade) is executed, the two sides authenticate each other. Obviously, restricting voters to the utilization of one CD-based arrangement and utilizing validation has the reaction of locking out voters utilizing stages without a TPM. Additionally, a few voters may feel their framework to be "sufficiently secure", and be awkward with rebooting from the CD. Neither ought to be effectively rejected, however would justify assist thought.
It can be recommend that hat the voter's gadget is as yet a frail purpose of any Online Voting System in light of open stages. Assaulting the customer empowers the breaking of the race mystery and additionally the control of the decision result by adjusting votes on the voter's gadget. Besides, we demonstrated that sans receipt voting conventions and voter unquestionable status does not by any means help to tackle these issues. Besides, by utilizing the usefulness of reliable stages, we can rearrange the voting conventions while likewise having the capacity to utilize some other security basic application.
Bagui, S., Fang, X., Kalaimannan, E., Bagui, S.C. and Sheehan, J., 2017. Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features. Journal of Cyber Security Technology, pp.1-19.
Becker, R., 2016. Publisher under fire for fake article webpages. Nature News, 535(7610), p.11.
Culnane, C., Eldridge, M., Essex, A. and Teague, V., 2017, October. Trust Implications of DDoS Protection in Online Elections. In International Joint Conference on Electronic Voting (pp. 127-145). Springer, Cham.
Eissa, T. and Cho, G., 2015. Lightweight Anti-Censorship Online Network for Anonymity and Privacy in Middle Eastern Countries. International Arab Journal of Information Technology (IAJIT), 12.
Elbarbary, E.M.M., 2016. Building Smart Multipurpose Electronic Voting System (Doctoral dissertation, October 6 University).
Garfinkle, N. and Garfinkle, R., Democracyontheweb, Llc, 2017. Systems and methods for voting. U.S. Patent 9,536,366.
Hopp, T. and Vargo, C.J., 2017. Does negative campaign advertising stimulate uncivil communication on social media? Measuring audience response using big data. Computers in Human Behavior, 68, pp.368-377.
Jain, A.S., Facebook Inc, 2016. Generating Answers to Questions Using Information Posted By Users on Online Social Networks. U.S. Patent 20170206271A1.
Kalis, J., Moore, J., Kodovsky, J., Adcock, A.B., Rothermel, D. and Wang, Z., Facebook Inc, 2017. Location-Based Place Determination Using Online Social Networks. U.S. Patent 20170156033A1.
Kalis, J., Moore, J., Kodovsky, J., Adcock, A.B., Rothermel, D. and Wang, Z., Facebook, Inc., 2017. Location-based place determination using online social networks. U.S. Patent 9,602,965.
LeBeau, M.J., Lessin, S.W., Barillari, J.D., Shimoni, A., Murillo, A.G., Niewczas, M.M., Modi, M. and Kalinowski, C.E., Facebook Inc, 2017. Customizing third-party content using beacons on online social networks. U.S. Patent 9729643B2.
Moss, H., International Business Machines Corporation, 2015. Segmented questionnaire validation of business rules based on scoring. U.S. Patent 9,092,787.
PatilRagul, H., Tarte Babita, B., WadekarSapana, S. and Zurunge Bhakti, S., 2015. A Secure E-Voting System Using Face Recognition and Dactylogram.
Raina, R., Hong, K., Sankar, S., Virochsiri, K., Curtiss, M. and Mishra, C., Facebook, Inc., 2016. Using inverse operators for queries on online social networks. U.S. Patent 9,367,536.
Shuaibu, A., Mohammed, A. and Ume, A., 2017. A Framework for the Adoption of Electronic Voting System in Nigeria. International Journal, 7(3).