developing an indigenous evoting system architecture – a case study by: dr agu collins agu...
TRANSCRIPT
Developing an Indigenous Evoting System Architecture – A Case Study
By:
Dr Agu Collins Agu
Director, Zonal Offices Coordinating Department, National Information
Technology Development Agency (NITDA)
BRIEF SYSTEM OVERVIEW
NIGCOMSAT’s e-Registration and Voting
System is a novel invention of a reliable, secure
and always available electronic registration
and voting system that adopts two mature
technologies for its implementation; RFID
(Radio Frequency Identification) and
biometrics.
BRIEF SYSTEM OVERVIEW CONT’D
The unique combination of both technologies
provides an offline system with intrinsic voter
authentication as well as instant check for
multiple registrations, voting and an anti-
rigging mechanism. Complementing this
system is a database-driven web application
for real-time display of collated data e.g.
election results for public viewing.
KEY TECHNICAL SPECIFICATIONS
RFID Card Features Ruggedized PVC card with weather-proof embodiment
Contactless transmission of data (no battery required)
Operating distance 100mm
Fast data transfer (106 kbps)
High data integrity (16 bit CRC, parity, bit coding, bit
counting)
True anti-collision
Typical transaction <100ms (including backup
management)
Data retention of more than 10 years
KEY TECHNICAL SPECIFICATIONS
Security Features
Mutual triple pass authentication (DES, 3-DES and
AES)
Data encryption with replay attack protection (DES,
3-DES and AES)
Supports multi application with key hierarchy
Unique serial number for each card
Anti-tear protection mechanism
KEY TECHNICAL SPECIFICATIONS CONT’D
RFID Card Reader Features
Operating distance 100mm
Highly integrated analog circuitry to decode card
response
Unique serial number
Secure non-volatile key memory
Suitable for high security terminals based on 3-DES,
AES, RSA
Anti-collision procedure support
Very low power consumption (USB nano-watt technology)
KEY TECHNICAL SPECIFICATIONS CONT’D
Security Features
Mutual triple pass authentication (DES, 3-DES and
AES)
Data encryption with replay attack protection (DES,
3-DES and AES)
Supports multi application with key hierarchy
Unique serial number for each reader
Anti-tear protection mechanism
Supports over 32 secret keys
KEY TECHNICAL SPECIFICATIONS
Fingerprint Biometrics Features
FBI certified High performance PC USB fingerprint scanner 256 bit AES Enrollment time <0.1 second World’s best performing fingerprint algorithm (NIST
MINEX and FVC 2004/2006) Fast matching speed : 100,000 match within a second 500 dpi optical fingerprint sensor Very low power consumption (USB nano-watt
technology) Ruggedized scratch free sensor surface
Voter Registration Duplicate Search System
Multi-biometric technology to identify duplicate registrations in the nation’s voter database.
Accurately identify and remove all duplicate registrations in the voter database.
Database that will include photographic and fingerprint records for atleast 80 million voters.
With such a large database, the search for duplicates is a complicated task that requires a large number of matching operations and a high degree of reliability.
Will become core identification engine for Nigeria’s security / law enforcement system for data portability.
Key Benefits
System helps ensure the administration of fair and democratic elections by verifying the accuracy of the country’s national voter database.
Up to 40,000,000 fingerprints per second matching speed on a single unit.
Scalable cluster architecture.ISO & ANSI fingerprint template standards support. The interoperability and flexibility of the SDK enable
the system to work easily with a variety of other software and hardware.
The low cost-per-unit and low hardware system requirements enable a cost-effective solution for Nigeria.
How the System Works
Face and Fingerprint Capturing
The voter information collected consists of face and finger fingerprint images along with personal demographic information of each and every person registered.
In essence, the system will capture face and fingerprint data for up to 80 million voters using a variety of input devices, including PC Web cams for capturing face images and fingerprint scanners. The system stores the face and fingerprint images within the RFID Voter’s card and also in a secure database in WSQ format.
Template Generation
The Template Generation Module, based on a
Matching Client, reads the WSQ images from
the database and generates fused face and
fingerprint templates that are then stored in a
SQL Server Database. The Voter Registration
Duplicate Search System then uses these
templates to carry out the biometric “N-to-N”
matching process that identifies duplicates
within the database records.
N-N Matching
Our implementation for Nigeria will carry out fusion matching by providing two options: 1. Fuse always 2. Face then fuse The first option, “Fuse always” is for a complete N-to-N matching strategy which requires much more time than that of second option. “Face then fuse” means that the system first generates face score, and if the score crosses the threshold value then the respective finger template is matched. Due to the high speed of the face matching algorithm, this process significantly reduces the amount of time required to identify duplicate entries.
N-N Matching
This powerful fused algorithm can produce up to
400,000 matches per second on a single
processor PC; and with fault-tolerant, scalable
cluster software, this number can be multiplied
across multiple PCs to perform extremely fast,
parallel fingerprint and face matching using
databases of practically unlimited size. The latent
fingerprint template editing capabilities will also
allow it to be used in forensic AFIS applications.
Server Cluster Architecture
The cluster server consists of a server machine,
several cluster machines, a cluster server
license, several cluster client licenses, and
necessary software and data as shown in figure
1 below. It provides significantly high capacity
for record matching depending on the number
of cluster nodes used. The cluster server can be
configured to match up to match tens of
millions of records at a time.
Server Cluster Architecture
Detailed System Description
The system involves the following four (4) phases: registration, verification, vote casting, and result tallying and display. Below are sub-sections that describe each phase respectively.
Registration PhaseIn the registration phase, designated registration units are used to register eligible voters. In a registration centre, a registration unit is comprised of the following:
1. Notebook2. HD camera3. Registration software4. RFID card reader5. Fingerprint scanner
Detailed System Description
Fingerprint Biometric Scanner A Specimen of an RFID Voter Card
RFID Card Reader/Writer RFID Card Printer
Voting Phase
The voting phase, designated voting stations are
used by eligible voters to vote. A voting station
is comprised of the following:
Notebook with a touch screen
Voting software
RFID card reader
Fingerprint scanner
Ballot printer
Result Tallying & Display Phase
A reliable communication link is to be used to connect
each voting centre to a centralized command center
for vote aggregation of votes from all voting centres. A
polling scheme is to be adopted to poll data from each
polling centre at a particular interval of time for real-
time collation and tallying of results. The collation and
tallying process is handled by a database management
system (DBMS). The collated and tallied results from
the various voting centres are made available for
online display through a web application over a secure
network and/or Internet.
Web Interface for Result Display including Textual and Graphical Viewing