Turn off mark up when writing, cutting, and pasting initial document.

You guys should come to see me. DATE?

The Electronic Voting System

Architecture Document

Team Mu Paul Casillo ichael !nyder

""#$%#$&"'

The Electronic (oting !ystem

Tom )orkman Mentors ehmet alcok Doug !mith

Team

$ # $'

""#$%#$&"'

The Electronic (oting !ystem

Revision List
Revision Number D*A+T&." &.$ Date Description "&#",#&% -riginal Draft "&#$.#&% *e/ised Diagrams, E0ecuti/e !ummary

Team

' # $'

""#$%#$&"'

The Electronic (oting !ystem

Approvals Page

Team: oncur: oncur: oncur: 111111111111111111111111111111111111111111 Michael Sny!er 111111111111111111111111111111111111111111 Tom "or#man 111111111111111111111111111111111111111111 Paul asillo

Mentor: oncur: oncur: $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Mehmet Malco# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Doug Smith

%nstructor: Approval: $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ &ary "al#er

Team

2 # $'

""#$%#$&"'

The Electronic (oting !ystem

Table o' ontents

".& E0ecuti/e !ummary.........................................................................Page 3 $.& 4ntroduction and 5ackground...........................................................Page % '.& Document -67ecti/es.......................................................................Page 8 2.& 4ntended Audience...........................................................................Page , 3.& Architecture -/er/iew and !cope...................................................Page , 3." +unctional 5lock !tructure........................................................Page , 3.$ Tier !tructure.........................................................................Page ,"& 3.' !oftware odule !tructure....................................................Page ."$ 3.2 9ardware !tructure..............................................................Page """2 3.3 :etwork !tructure................................................................Page """2 3.% Data !tructure.......................................................................Page "$"2 3.8 ;ser 4nterface !tructure and Con/entions...........................Page "$"3 3., Technology.........................................................................Page "2 "8 3.. Phases...................................................................................Page "2", 3."& Preconditions and 4nputs....................................................Page "3", %.& !takeholders...............................................................................Page "3",

Table o' (igures

".& +unctional 5lock Diagram.............................................................Page ,. $.& Tier !tructure Diagram .................................................................Page "" $'.& !oftware odule Diagram.......................................................Page "&"' '2.& ;ser 4nterface Architecture Diagram.......................................Page "'"%

Team

3 # $'

""#$%#$&"'

The Electronic (oting !ystem

)*+ E,ecutive Summary

There is a federal mandate that 6y the $&&, presidential election all 3& states must use some form of electronic ta6ulation. The integrity of our country<s election process is the /ery essence of our democratic infrastructure. 4t is imperati/e that accuracy, security, and relia6ility 6e considered the highest priority and assured 6efore the ne0t national election. After the $&&& Presidential /oting ta6ulation issues, a ma7ority of our states 6egan the transition to electronic /oting machines. The current /oting system relies on the user<s a6ility to follow instructions written on the screen. )ith the ad/ancement of technology, no effort was made to address the positioning of names on the 6allot. Past elections ha/e shown that the name on the first position in a contested primary 6allot has an eight percentage point ad/antage. )ith a fully electronic /oting system in place, the current system makes no effort to ensure the integrity of its system, or its security. The architecture document will co/er our proposed system. The functional 6lock structure e0plains the general purpose and usage of the system. The tier structure displays the interface tier, the processing tier, the data tier, and the we6 tier, as well as their interconnecti/ity. Each of these tiers contains a le/el of different software modules that must interface with different hardware components. A generic flowchart descri6es the user interface and its usage. +inally, the phases of implementation are descri6ed. -ur proposed system will incorporate a new user interface which will employ /ideo and audio instructions. The 6allot positions will 6e randomly generated with each /ote cast pre/enting candidates from 6eing elected on their poll position. -ur system will incorporate a dual purpose real=time data6ase. To pro/ide assurance in our democratic /oting system the data6ase will pro/ide a paper trail for /ote auditing as well as allow for the /oters to check their posted /otes using a randomly assigned num6er.

The e0ecuti/e summary ne/er mentios that this is an architecture. The e0ec. !ummary should descri6e the document not the pro7ect concept.

Team

% # $'

""#$%#$&"'

The Electronic (oting !ystem

-*+ %ntro!uction an! .ac#groun!

-*) Statement o' Problem The current /oting system relies hea/ily on the user<s a6ility to follow instructions written on the screen, and has pro/en to 6e confusing. The central importance of /oting in a democracy imposes a greater need for o/ersight in ensuring technology does not play a role in affecting or thwarting the choice of the citi>ens. ? ercuri @ Camp, $&&2A Another issue which needs to 6e addressed is the positioning of names on the 6allot. Past elections ha/e shown that the name on the first position in a contested primary 6allot has an , percentage point ad/antage. :ew /oting machines lack a fully secure /ote ta6ulating and auditing system to ensure that there can 6e no tampering with the electronic /otes. Current leading e=/oting suppliers work on the principle of security through o6scurity. This pro/ides no way to /erify that software functions as the suppliers claim. ?Bitcat, $&&2A Electronic /oting machines potentially make /oting fraud /ery simple. An election sa6oteur needs only to introduce a minor change in the master copy of the /oting software to 6e effecti/e. ?Difranco, Petro, !hear, (ladimiro/A -*- State o' Technology/ %n!ustry/ or Research After the $&&& Presidential /oting ta6ulation issues, a ma7ority of our states 6egan the transition to electronic /oting machines. 4n haste, the companies that 6egan producing these machines were more concerned with marketing a finished product = with little regard to the Cuality of the product. 4n hindsight, there are a num6er of flaws which need to 6e addressed. There is a federal mandate that 6y the $&&, presidential election all 3& states must use some form of electronic ta6ulation. The integrity of our country<s election process is the /ery essence of our democratic infra=structure. 4t is imperati/e that accuracy, security and relia6ility 6e considered the highest priority and assured 6efore the ne0t national election. -*0 urrent Systems The most widely used election system used in Pennsyl/ania polls was de/eloped 6y Die6old Election !ystem. The machine uses a touchscreentouch=screen interface, and onscreen written instructions. Prior to /oting, the machine reCuires a poll worker to insert a card, displaying the /oting interface. The interface itself has many flaws. ost users find finali>ing the /ote confusing, as it reCuires the push of a 6utton e0ternal to the screen. This is counterintuiti/e to a system that uses the touchscreentouch=screen as the only means of input. Also, many users are only present to /ote for one particular district or area, and statistically they choose the first candidate they see on the screen for the rest

Team

8 # $'

""#$%#$&"'

The Electronic (oting !ystem

of the districts. This skews the results 6y gi/ing a candidate at the top of the list an ad/antage o/er the candidates 6elow him or her. The /oting ta6ulation system reCuires a physical memory card to 6e remo/ed from the system transported /ia a human and tallied at an e0ternal location. This method of data retrie/al opens the door for many errors. )ith the card in the possession of a person, it is su67ect to damage, tampering, or e/en misplacement. -*1 2ypothesis -ur team will de/elop a new, more understanda6le /oting en/ironment. The new system will 6etter suit the needs of the /oters as well as the administrators in/ol/ed in the election process. The team will de/elop a simple user interface designed to make the /oting e0perience faster and less stressful. )e will employ a data6ase accessi6le /ia the internet which will assure /oters of the system<s integrity. 5y incorporating the same data6ase, election officials will 6e a6le to check the integrity of /ote ta6ulation as well as increase its efficiency.

0*+ Document 3b4ectives

This document descri6es the architecture a new electronic /oting system. The description will include the software components, their relation to each other, and their relation to the hardware components. 5y detailing these items, Team u will 6e a6le to design and implement the new /oting system.

1*+ %nten!e! Au!ience 4.0 Intended Audience

anagementD Eary )alker ehmet alcok Doug !mith Penn !tate ;ni/ersity PeersD Team Bappa Team Fam6da Team u Team :u +uture odifiers

Team

, # $'

""#$%#$&"'

The Electronic (oting !ystem

5*+ Architecture 3vervie6 an! Scope

The scope of this document includesD +unctional 5lock !tructure Tier !tructure !oftware odule !tructure 9ardware !tructure :etwork !tructure Data !tructure ;ser 4nterface !tructure and Con/entions Technology Phases Preconditions and 4nputs 5*) (unctional .loc# Structure +igure ".& displays the 6asic structure of the system.

Team

. # $'

""#$%#$&"'

The Electronic (oting !ystem

+igure ".& +unctional 5lock Diagram

This diagram misses its mark. !ee me for help.

Team

"& # $'

""#$%#$&"'

The Electronic (oting !ystem

The administrator will initiali>e the system for use. The user will input their information through the E;4. -nce the session ends, the data is logged to the PC<s hard disk, sent to the data6ase, and a thermal receipt is printed for the user with their uniCue /oter 4D. The administrator may initiali>e the system again for the ne0t /oter, or close the machine.
Team u "" # $' ""#$%#$&"'

The Electronic (oting !ystem

The we6 interface will display information retrie/ed from the data6ase. 4t will only display a user<s specific /otes and general /oting information and percentage per closed district. 5*- Tier Structure The following tiers will 6e implementedD E;4 tier Processing tier Data tier )e6 tier +igure $.& displays this tier structure. D4AE*A ?

Team

"$ # $'

""#$%#$&"'

The Electronic (oting !ystem

+igure "$.& +unctional 5lockTier !tructure Diagram

The E;4 tier will in/ol/e the standard user interface, /isually impaired user interface, and the administrati/e interface. Eraphics can 6e created with Ado6e Photoshop C! and the whole interface can 6e displayed using Ga/a Applet or G!P. The processing tier will in/ol/e all the Ga/a code that dri/es data retrie/al, o67ect management, and session handling. The data tier will in/ol/e ta6le creation, PF#!HF for 6atch processing, and uniCue seCuencing.

Team

"' # $'

""#$%#$&"'

The Electronic (oting !ystem

The we6 tier will in/ol/e the we6 interface. Ga/a will 6e used for session management and security. Any graphics can 6e created with Ado6e Photoshop C! and the whole interface can 6e displayed using G!P. 5*0 So't6are Mo!ule Structure The following modules will 6e implementedD !tandard E;4 (isually impaired E;4 Administrati/e E;4 5allot randomi>er !ession handler )e6 interface +igure $'.& summari>es these modules and their relation.

Team

"2 # $'

""#$%#$&"'

The Electronic (oting !ystem

Standard GUI
Data logging module Database mapping class JSP interface *all Module

+igure $'.& !oftware Diagram

odule

*all Module

'allot (andomi)er
Database mapping class

Session Handler (Machine) #isuall$ Impaired GUI

Data logging module Database mapping class JSP interface (etrie e Data *all Module Singleton methods Sa e session !nd session Start session Data logging module

"dministrati e GUI
Data logging module Database mapping class JSP interface *all Module

Web Interface
Data logging module Database mapping class JSP interface

*all Module

(etrie e Data

Session Handler (Web)

Data logging modules %ogin e&pirations handling

The three E;4<s will ha/e their own applet or G!P to display the information. *unning in the 6ackground of the user=6ased E;4<s will 6e data logging modules. These will handle all the o67ects that the user is affecting ?i.e. their /otesA. The 6allot randomi>er will 6e a small method that takes the list of current candidates to 6e displayed, and reorders them randomly. The session handler will employ singleton methods so that only one instance of the /oting system may run on a gi/en machine. 4t will also pre/ent multiple /otes from

Team

"3 # $'

""#$%#$&"'

The Electronic (oting !ystem

6eing cast. A session handler will 6e adapted for the we6 interface as well, to gi/e e0pirations to dormant logins and collect usage information. The we6 interface will ha/e its own G!P to display the information. 4n the 6ackground, data6ase mapping classes will collect the specific information. 5*1 2ar!6are Structure The hardware in/ol/ed will includeD Eeneric PC<s Touch=screen monitors Thermal printers agnetic card readers The system will 6e installed to hard disk on the generic PC<s. agnetic card readers will 6e used to initiali>e the system and close the system. The E;4 will use touch=screen monitors as the user input source. After the user<s session ends, thermal printers will print a receipt of the transaction, gi/ing the user their uniCue /oter 4D. 5*5 Net6or# Structure The initial network setup will utili>e Penn !tate<s on=campus FA:. This will allow for secure transactions 6etween the demonstration PC<s and the data6ase. The we6 interface can 6e ser/ed from the Penn !tate 5ehrend C! !enior Design we6space allocated to Team u. 5*7 Data Structure The following ta6les will 6e implemented in the schemaD Candidates ta6le District ta6le ;ser /ote ta6le ;ser statistics ta6le Current /otes materiali>ed /iew Error ta6le The candidates ta6le will contain all the current candidates for the election. 4t will ha/e a foreign key to the district ta6le. The district ta6le will contain all the a/aila6le /oting districts and will dri/e what users will see as their possi6le list of candidate choices.

Team

"% # $'

""#$%#$&"'

The Electronic (oting !ystem

The user /ote ta6le will contain each user<s /otes 6ased on a foreign key to the candidates ta6le. 4t will also include a foreign 6ack to the district ta6le for referential integrity. The user statistics ta6le will contain the anonymous session information for each user. This can 6e used 6y administrators or de/elopers for research purposes. The current /otes materiali>ed /iew will gather all the current /otes together per candidate, per district using PF#!HF. This will dri/e the we6 interface<s general /ote information. 4t will pro/ide an e0tra le/el of security as it will ne/er directly access any single user<s /ote. 4t will also pro/ide less transactional stress on the other ta6les. The error ta6le will contain any caught e0ceptions or prematurely closed sessions that may occur in the system. 5*8 9ser %nter'ace Structure an! onventions The /oting machines will implement following interfacesD The standard user interface The /isually impaired interface The administrati/e interface These interfaces can 6e seen in flowchart form in +igure '2.&.

Team

"8 # $'

""#$%#$&"'

The Electronic (oting !ystem

+igure '2.& ;ser 4nterface Architecture Diagram

"dministrati e GUI
"dministrator initiali)es or restarts session

Standard GUI
Instructions appear *andidates appear S$stem +aits for selection

/es

#isuall$ Impaired GUI

Instructions are read *andidates are read S$stem +aits for selection

Does user +ant to .uit,

-o

-o

Is user satisfied +ith decision, /es

Is user satisfied +ith decision, /es

Standard GUI
-e&t instructions appear -e&t candidates appear S$stem +aits for selection

-o

-o

#isuall$ Impaired GUI

-e&t instructions are read -e&t candidates are read S$stem +aits for selection

-o -o

"re all elections chosen,

"re all elections chosen,

/es

/es

Is user satisfied +ith all decisions,

Is user satisfied +ith all decisions,

S$stem
/es %og ote !nd session /es

Team

", # $'

""#$%#$&"'

The Electronic (oting !ystem

The standard user interface will display the candidates for a particular district or election. The user will select their choice 6y pressing the appropriate name. A confirmation screen will appear that allows the user to change their choice or continue. -nce they continue, the ne0t set of candidates will appear and the process repeats. -nce all election choices ha/e 6een e0hausted, a final confirmation screen will appear, displaying all the user<s pre/iously confirmed choices. They can choose to go 6ack and change any of these, or finally confirm their /ote. The /isually impaired interface will read each candidate<s name to the user. After each name is read, the user may select anywhere on the screen to choose that candidate. A confirmation message will 6e read that allows them to return 6y pressing anywhere on the screen again or 7ust wait to continue. -nce they continue, the ne0t set of candidates is read and the process repeats. -nce all election choices ha/e 6een e0hausted, a final confirmation message will 6e read, e0plaining all the user<s pre/iously confirmed choices. They can choose to go 6ack and change any of these 6y pressing anywhere on the screen at the appropriate prompt, or finally confirm their /ote in the same manner. The administrati/e interface will appear after an administrator initiali>es it with a keycard. This interface will allow a machine to 6e restarted. 5*: Technology 5*:*) Languages The system will 6e de/eloped using the Ga/a programming language. The !un Ga/a ".3.& AP4 and GDB will 6e the /ersion used. Eclipse 4DE will use the !un Ga/a ".3.& compiler to compile all classes and e0port any Ga/a archi/es necessary. Ga/a was chosen for the following reasonsD Thorough AP4 !imple session usage Data6ase connecti/ity Thorough e0ception handling -67ect=oriented nature 5*:*- Databases The system will use -racle 6ased !HF for all data6ase transactions. -racle IE will 6e the /ersion used. -racle was chosen for the following reasonsD !ta6ility 5uilt=in data6ase optimi>ation and hints

Team

". # $'

""#$%#$&"'

The Electronic (oting !ystem

PF#!HF functionality !ecurity

5*; Phases 5*;*) %nitiation The initiation phase will in/ol/e planning and designing the software modules. )e will design each user interface and design the schema for the data6ase as well. 5*;*- %mplementation +irst, we will implement the user interfaces. )ithin the interface, we can implement the random 6allot positioning system. )e can also integrate access for the /isually impaired as it will ha/e to 6e tied closely to all of the dependent E;4 properties. !econd, we will create the random num6er generator for /oter assignment and implement the real=time data6ase. These will 6e closely tied together as the uniCue /oter key will ha/e to 6e the primary key to our dri/ing ta6le. Third, we will implement the secure ta6ulation system and implement the support we6site for /oter /erification. This will tie 6ack to the data6ase and users will 6e a6le to securely retrie/e their ?and only theirA /otes from the ta6les. 5*;*0 Delivery -nce the system has 6een implemented, it will 6e installed on two PC<s and demonstrated 6efore the Penn !tate 5ehrend C! !enior Design teams. The help documentation will also 6e distri6uted during this phase. 5*)+ Precon!itions an! %nputs The user should only ha/e general understanding of how to use a touch=screen monitor and how general /oting works in a democracy. The interface should 6e a6le to guide them through the whole process. The user will 6e a6le to input their /oting choices and change them at specific times until they finally cast their 6allot. The user<s session ends at that point.

7*+ Sta#ehol!ers

Team

$& # $'

""#$%#$&"'

The Electronic (oting !ystem

The stakeholders on this pro7ect includeD Paul Casillo ichael !nyder Tom )orkman Eary )alker ehmet alcok Doug !mith Penn !tate ;ni/ersity

Team

$" # $'

""#$%#$&"'

The Electronic (oting !ystem

&lossary o' Terms

The following are a list of terms used throughout this documentD E;4 -racle PF#!HF = = = Eraphical ;ser 4nterface A 6rand name of data6ase that employs its own procedural language -racle<s procedural language

Team

$$ # $'

""#$%#$&"'

The Electronic (oting !ystem

.ibliography
Difranco, Petro, !hear, (ladimiro/ ?$&&2, -cto6erA !mall (oting Elections Can !wing Elections. Communications of the AC , 28, 2'=23 Gason Bitcat ?$&&2, -cto6er A !ource A/aila6ility and E=(oting Communications of the AC , 28, %3=%8 ercuri and Camp ?$&&2, -cto6erA The Code of The Elections Communications of the AC , 28, 3'=38 $&&2 4EEE !ymposium on "$ Proceedings, $8= 2& ay $&&2. ?$&&2, Gune &"A !ecurity and Pri/acy, $&&2.

Team

$' # $'

""#$%#$&"'