UAlg secure vote module

Bibliographic Details
Main Author: Matos, Tiago Alexandre Pereira
Publication Date: 2024
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10400.1/27124
Summary: This dissertation proposes the development of an election system to be held, following the common electoral procedures. Since elections collect sensitive data, the system must be as secure as possible while respecting its users privacy. To register who voted on which candidate would completely hinder an election and the public trust on a system would be completely ruined. The objective of this web-based system is for users to vote from whatever location without having, physically to go into a polling station. A web-based system requires components for data processing or backend application, data storage i.e. databases and data presentation or frontend application. For a backend application, a REST API will be developed, this API is responsible for processing all data regarding elections and other features of the system itself. This API must be as secure as possible without compromising its users privacy, therefore a cipher suite must be used. The cipher suite describes the encryption being used on the system, where all votes must be encrypted before stored, so nobody can view it before the tallying process starts. Since asymmetric encryption is sometimes used and due to these keys being too long in length, a key management system must also be developed to store these keys. This key management system is an independent component of the main system to decentralize the keys from the election system. In case of the election system being compromised, the key management system is not necessarily also compromised. All data will have to be stored in databases since its the most efficient way to store it. The databases must take into account the system requirements, where in some situations, availability may be precedent over ACID capabilities. An user interface must also exist to interact easily and securely with the application and the system itself. This user interface must also encrypt the users votes so the backend application never "sees" the votes in plaintext when a vote is cast and stored.
id RCAP_41e815ef48b9ae16a755ff8d2288dc23
oai_identifier_str oai:sapientia.ualg.pt:10400.1/27124
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling UAlg secure vote moduleElectionselectronic electionssecure voteinternet votingThis dissertation proposes the development of an election system to be held, following the common electoral procedures. Since elections collect sensitive data, the system must be as secure as possible while respecting its users privacy. To register who voted on which candidate would completely hinder an election and the public trust on a system would be completely ruined. The objective of this web-based system is for users to vote from whatever location without having, physically to go into a polling station. A web-based system requires components for data processing or backend application, data storage i.e. databases and data presentation or frontend application. For a backend application, a REST API will be developed, this API is responsible for processing all data regarding elections and other features of the system itself. This API must be as secure as possible without compromising its users privacy, therefore a cipher suite must be used. The cipher suite describes the encryption being used on the system, where all votes must be encrypted before stored, so nobody can view it before the tallying process starts. Since asymmetric encryption is sometimes used and due to these keys being too long in length, a key management system must also be developed to store these keys. This key management system is an independent component of the main system to decentralize the keys from the election system. In case of the election system being compromised, the key management system is not necessarily also compromised. All data will have to be stored in databases since its the most efficient way to store it. The databases must take into account the system requirements, where in some situations, availability may be precedent over ACID capabilities. An user interface must also exist to interact easily and securely with the application and the system itself. This user interface must also encrypt the users votes so the backend application never "sees" the votes in plaintext when a vote is cast and stored.Esta tese propõe um sistema para a realização de eleições, seguindo o procedimento eleitoral comum. Uma vez que as eleições recolhem informações sensíveis, este sistema deve ser o mais seguro possível, ao mesmo tempo que respeita a privacidade dos seus utilizadores, uma vez que nunca é registado quem votou em quê. Fazer isso prejudicaria completamente uma eleição e a confiança pública nas eleições seria arruinada. Este será um sistema web para que os utilizadores possam votar onde desejarem, sem terem que se deslocar fisicamente até uma mesa de voto, embora os utilizadores devam votar em locais privados uma vez que o sistema não consegue proteger contra outras pessoas verem os votos sendo submetidos. Um sistema web requer componentes para o processamento de dados, ou seja, uma aplicação backend, armazenamento de dados, ou seja, bases de dados, e apresentação de dados, ou seja, uma aplicação frontend. Para uma aplicação backend, será desenvolvida uma REST API, que será responsável pelo processamento de todos os dados relacionados com eleições e outras funcionalidades do próprio sistema. Esta API deve ser o mais segura possível, sem comprometer a privacidade dos seus utilizadores, sendo necessário usar uma cipher suite. Essa cipher suite descreve a criptografia usada no sistema, todos os votos devem ser encriptados antes de serem gravados, para que ninguém possa visualizá-los antes do início da contagem de votos. Como a criptografia assimétrica às vezes é usada e devido ao comprimento dessas chaves, um sistema de gestão de chaves também deve ser desenvolvido para grava-las. Este sistema é uma componente independente do sistema principal, a fim de descentralizar as chaves do sistema de eleições, caso o sistema de eleições seja comprometido, as chaves não serão necessariamente comprometidas. Todos os dados terão que ser gravados em bases de dados, pois é a maneira mais eficiente de gravar dados. As bases de dados devem ter em consideração os requisitos do sistema, uma vez que em algumas situações a disponibilidade pode ser mais importante do que as capacidades ACID. Uma interface também deve existir para que os utilizadores tenham uma aplicação fácil e segura para interagir com o próprio sistema, essa interface também deve encriptar os votos dos utilizadores, para que o aplicação backend nunca "veja" os votos em texto quando um voto é submetido e gravado.Guerreiro, JoelSapientiaMatos, Tiago Alexandre Pereira2025-05-15T13:01:08Z2024-06-282024-06-28T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.1/27124urn:tid:203868307enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-05-21T02:01:09Zoai:sapientia.ualg.pt:10400.1/27124Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T07:35:28.160111Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv UAlg secure vote module
title UAlg secure vote module
spellingShingle UAlg secure vote module
Matos, Tiago Alexandre Pereira
Elections
electronic elections
secure vote
internet voting
title_short UAlg secure vote module
title_full UAlg secure vote module
title_fullStr UAlg secure vote module
title_full_unstemmed UAlg secure vote module
title_sort UAlg secure vote module
author Matos, Tiago Alexandre Pereira
author_facet Matos, Tiago Alexandre Pereira
author_role author
dc.contributor.none.fl_str_mv Guerreiro, Joel
Sapientia
dc.contributor.author.fl_str_mv Matos, Tiago Alexandre Pereira
dc.subject.por.fl_str_mv Elections
electronic elections
secure vote
internet voting
topic Elections
electronic elections
secure vote
internet voting
description This dissertation proposes the development of an election system to be held, following the common electoral procedures. Since elections collect sensitive data, the system must be as secure as possible while respecting its users privacy. To register who voted on which candidate would completely hinder an election and the public trust on a system would be completely ruined. The objective of this web-based system is for users to vote from whatever location without having, physically to go into a polling station. A web-based system requires components for data processing or backend application, data storage i.e. databases and data presentation or frontend application. For a backend application, a REST API will be developed, this API is responsible for processing all data regarding elections and other features of the system itself. This API must be as secure as possible without compromising its users privacy, therefore a cipher suite must be used. The cipher suite describes the encryption being used on the system, where all votes must be encrypted before stored, so nobody can view it before the tallying process starts. Since asymmetric encryption is sometimes used and due to these keys being too long in length, a key management system must also be developed to store these keys. This key management system is an independent component of the main system to decentralize the keys from the election system. In case of the election system being compromised, the key management system is not necessarily also compromised. All data will have to be stored in databases since its the most efficient way to store it. The databases must take into account the system requirements, where in some situations, availability may be precedent over ACID capabilities. An user interface must also exist to interact easily and securely with the application and the system itself. This user interface must also encrypt the users votes so the backend application never "sees" the votes in plaintext when a vote is cast and stored.
publishDate 2024
dc.date.none.fl_str_mv 2024-06-28
2024-06-28T00:00:00Z
2025-05-15T13:01:08Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.1/27124
urn:tid:203868307
url http://hdl.handle.net/10400.1/27124
identifier_str_mv urn:tid:203868307
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833603012792156160

Similar Items