News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

online voting system discussion... need help

Started by Brad, December 02, 2011, 05:24:23 PM

Previous topic - Next topic

Brad

online voting system discussion... need help
anyone want to jump in here... we are trying to build an online voting system
Thanks...

Intro...
we know that this system will get attacked... so we count on that..
the idea is that once attacked... we resort to recovery thru multiple backup...




ok... a couple architectural ideas... client side

we can write a program (an executable) that everyone needs to download (a plugin like flash).... but that is insecure... because who knows what program you are really downloading the official one or a fake one... so we want to stay web based...

I believe we can get around the key-loggers by using a screen based keypad to enter the login data... and have the buttons randomly distributed around the randomly positioned pad.. so an intruder can't record the mouse clicks....

now we want voters to be able to change their votes at any time before the poll end.... so we will need to determine that the voter changing the vote is who they are... and we also need to determine that the voter is only registered once... such that they are only counted once...

so on-line registration is a problem.... at some point the voter must have made a personal visit somewhere... ie .. motor vehicles, courthouse, somewhere ... there we give them an ID# ...

now they login with the ID# anywhere... at first login they are also given a key by image.... the ID# becomes the username and the key becomes their password... and we add some tricks to encrypt this key and ID# differently upon every transmission....

once logged in the voter sees their current vote... the position (order) of their current vote....ie. they were the 967th voter to vote in that district at that time... all by image... if that number changes the voter is alerted that either they forgot the number or someone has tampered with their vote... so they simply change it again... if it continues to change they know that there's a problem... at any time the voter can check on their standing vote & vote position... we should also limit the numbers of times someone can change their vote in a given day... like once.

now... the easy thing is keep a running tally of the count... so if the tally changes by to much %... we are also alerted that something might be wrong... further, do we make that running tally public ?

I don't think so.... we want people to vote their mind... and we don't want to attract those that are not interested in voting ... to vote at that last minute for any reasons... being paid or coerced ...

we can also implement some other client side help... such as, a small plugin the simply alert's someone that their vote has been changed... similar alerts at site login.. and email notification if desired...

we can further provide a screen that at any time anyone can see a listing of all the current vote data grouped by precinct... hiding the actual vote... but providing the ID#, number of changes, time of casting and order positions...

After the poll ends the screen will then also show the actual vote...

this screen (data screen) will be mirrored everywhere and anywhere one wishes to help host mirrored sites and serve as additional backups...


we will also want a screen where someone can alert us that they think their vote has been compromised... and provide related data... thru print screen snapshots... here's where DOS (denile of service) may possibly become an issue... so we need to limit these notices to one per day or something...

server side...

we are going to want to have a lot of servers....
at least 5 per precinct, more per district, more per state, etc.

the servers need to check themselves and each-other...

...

...

human side ....

protecting against tech intrusion (those who have access to the servers)...
this should not be a problem if we have enough central servers at enough different lacations ... and all have the same data and level of permissions... a leaderless server system so to speak...

(not sure of this yet, due to potential dis-assembly problems) we will also allow anyone to install and maintain these main systems as further backup ... providing no one or group in control ....

graphics/image/handicapped issues....

we will allow users to toggle different color schemes for those who are color blind.. we will also allow voters to tab thru the buttons for those that can't use a mouse....

denile of voter eligibility (DOVE attacks).... addressing Susan's concerns,

we will provide an alternate way for voters who are denied an ID# by any precinct... whom feel they should be allowed to vote... another way to obtain an an ID#... in this system we will not support voter restriction ...

first set of ideas

baltoro

BRAD,   
Have you seen Robin William's movie, "Man of the Year" ???
Baltoro

Brad

nope...  :wink   not yet ... does it relate ?

baltoro

Well I wouldn't recommend it,...the concept is funny, but, it fizzles out about mid-way through,...and, the Robin Williams character spends most of the movie riding around in a limousine having a series of anxiety attacks.
The plot concept is that a software engineer invents a system to automate voting in the United States, but, the system is corrupt and programmed to falsely report a victory in a Presidential contest. The Robin Williams character (who. ironically, plays a comedian in the movie) gets elected by this computerized voting system,...and one of the engineers for the corrupt software company runs a statistical analysis on the actual voter data and figures out that it is programmed to report whatever the Chief Operating Officer of the company desires. And, the software engineer then tells the Robin Williams character that he really lost the election,...but, they are the only ones on the planet who know the TRUTH (except the evil psychopath Chief Operating Officer, of course).
So, it's relevant,...but, not extremely so,...
I frankly would like to have Robin Williams elected President,...or, maybe, George Carlin, if he can figure out a way to come back from the dead,... :eek
But, seriously,...that's only because ZARA won't run,...
Baltoro

Brad

hehe... sounds like it's worth seeing... ;)

one thing that just concerned me.... I am really trying to build an on-line polling system.... but I think the problems are the same w/ actual voting...

but, I starting thinking that for something as important as an election... if people could vote anywhere it could get dangerous for elderly voters.. ie.. someone forcing them to vote their way... outside of the secrecy and security of a polling place...

dedndave

i would think that people voting multiple times - or using a bot to do so - would be a big concern, too

Brad

hey Dave... :8)    naw... given the idea to use an randomly generated image based keypad for data entry...  I don't think a bot could pull that off ... no ?

hutch--

Nah, if you can't have Obama I support Alfred E. Neuman.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

dedndave

what, me worry ?

we're showing our age, Hutch - lol

Tedd

Don't place too much faith in images.
It's not entirely difficult to grab the contents of the screen, extract the button positions, and recognize digits. It's a bit more work than grabbing plain text, but if you're going to the trouble of fixing an election, it's nothing. You can make it a little more difficult by adding random background images onto the buttons, and distorting the digits (CAPTCHA style,) but this only makes it more difficult, not impossible.

Also, if you haven't made your mind up after changing your vote 5 times, there's something wrong.


As for an online polling system, I don't think you need to worry about this much security.
No snowflake in an avalanche feels responsible.

Bill Cravener

Quote from: hutch-- on December 05, 2011, 10:47:38 AM
Nah, if you can't have Obama I support Alfred E. Neuman.



Steve, it's all so funny!

The right has become nothing more then a propaganda movement led by people like Limbaugh, Glenn Beck, Hannity, the tea-baggers and all the other right-wing-nut talking heads. The right has become so phuked up in their crazy beliefs and their constant lies that Newt Gingrich now appears to be their front runner. Can you believe it? The right is so disparate for someone with a far-right attitude, now that Herman Cain has had to drop out, that they would even accept Newt Gingrich of all people. The right is literally handing President Obama back the White House this coming election on a silver platter.
My MASM32 Examples.

"Prejudice does not arise from low intelligence it arises from conservative ideals to which people of low intelligence are drawn." ~ Isaidthat

Brad

Tedd, THANKS... your right... I had forgot about the printscreen possibility... is there a way the capture the screen image w/o invoking print screen ?

dedndave

HWND_DESKTOP is the handle for the desktop window (=0)
you should be able to make an image from that
here are some examples....

http://www.masm32.com/board/index.php?topic=2172.0
http://www.masm32.com/board/index.php?topic=13318.0

download all the attachments in those threads - they are fun   :P

Brad

cool.... thanks Dave... now I remember why I love this site ;)

MichaelW

The Microsoft header files define HWND_DESKTOP as:

/*
* Special value for CreateWindow, et al.
*/
#define HWND_DESKTOP        ((HWND)0)


To get the actual handle for the desktop window, which AFAIK will always be non-zero, you use GetDesktopWindow.
eschew obfuscation