Developing an Indigenous Evoting
System Architecture – A Case Study
By:
Dr Agu Collins Agu
Director, Zonal Offices Coordinating
Department, National Information Technology
Development Agency (NITDA)
BRIEF SYSTEM OVERVIEW
NIGCOMSAT’s e-Registration and Voting System is a
novel invention of a reliable, secure and always
available electronic registration and voting system that
adopts
two
implementation;
mature
technologies
RFID
Identification) and biometrics.
(Radio
for
its
Frequency
BRIEF SYSTEM OVERVIEW CONT’D
The unique combination of both technologies
provides an offline system with intrinsic voter
authentication as well as instant check for
multiple registrations, voting and an anti-rigging
mechanism. Complementing this system is a
database-driven web application for real-time
display of collated data e.g. election results for
public viewing.
KEY TECHNICAL SPECIFICATIONS
RFID Card Features

Ruggedized PVC card with weather-proof embodiment

Contactless transmission of data (no battery required)

Operating distance 100mm

Fast data transfer (106 kbps)

High data integrity (16 bit CRC, parity, bit coding, bit
counting)

True anti-collision

Typical transaction <100ms (including backup
management)

Data retention of more than 10 years
KEY TECHNICAL SPECIFICATIONS
Security Features

Mutual triple pass authentication (DES, 3-DES and AES)

Data encryption with replay attack protection (DES, 3DES and AES)

Supports multi application with key hierarchy

Unique serial number for each card

Anti-tear protection mechanism
KEY TECHNICAL SPECIFICATIONS CONT’D
RFID Card Reader Features

Operating distance 100mm

Highly integrated analog circuitry to decode card response

Unique serial number

Secure non-volatile key memory

Suitable for high security terminals based on 3-DES, AES,
RSA

Anti-collision procedure support

Very low power consumption (USB nano-watt technology)
KEY TECHNICAL SPECIFICATIONS CONT’D
Security Features

Mutual triple pass authentication (DES, 3-DES and AES)

Data encryption with replay attack protection (DES, 3DES and AES)

Supports multi application with key hierarchy

Unique serial number for each reader

Anti-tear protection mechanism

Supports over 32 secret keys
KEY TECHNICAL SPECIFICATIONS
Fingerprint Biometrics Features









FBI certified
High performance PC USB fingerprint scanner
256 bit AES
Enrollment time <0.1 second
World’s best performing fingerprint algorithm (NIST MINEX
and FVC 2004/2006)
Fast matching speed : 100,000 match within a second
500 dpi optical fingerprint sensor
Very low power consumption (USB nano-watt technology)
Ruggedized scratch free sensor surface
Voter Registration Duplicate Search System
 Multi-biometric technology to identify duplicate




registrations in the nation’s voter database.
Accurately identify and remove all duplicate registrations in
the voter database.
Database that will include photographic and fingerprint
records for atleast 80 million voters.
With such a large database, the search for duplicates is a
complicated task that requires a large number of matching
operations and a high degree of reliability.
Will become core identification engine for Nigeria’s security
/ law enforcement system for data portability.
Key Benefits
 System helps ensure the administration of fair and





democratic elections by verifying the accuracy of the
country’s national voter database.
Up to 40,000,000 fingerprints per second matching speed
on a single unit.
Scalable cluster architecture.
ISO & ANSI fingerprint template standards support.
The interoperability and flexibility of the SDK enable the
system to work easily with a variety of other software and
hardware.
The low cost-per-unit and low hardware system
requirements enable a cost-effective solution for Nigeria.
How the System Works
Face and Fingerprint Capturing
 The voter information collected consists of face and finger
fingerprint images along with personal demographic
information of each and every person registered.
 In essence, the system will capture face and fingerprint data
for up to 80 million voters using a variety of input devices,
including PC Web cams for capturing face images and
fingerprint scanners. The system stores the face and
fingerprint images within the RFID Voter’s card and also in
a secure database in WSQ format.
Template Generation
The Template Generation Module, based on a
Matching
Client, reads the WSQ images from the
database and generates fused face and fingerprint
templates that are then stored in a SQL Server
Database. The Voter Registration Duplicate Search
System then uses these templates to carry out the
biometric “N-to-N” matching process that identifies
duplicates within the database records.
N-N Matching
Our implementation for Nigeria will carry out fusion
matching by providing two options:
1. Fuse always
2. Face then fuse
The first option, “Fuse always” is for a complete N-to-N
matching strategy which requires much more time than that of
second option.
“Face then fuse” means that the system first generates face
score, and if the score crosses the threshold value then the
respective finger template is matched. Due to the high speed of
the face matching algorithm, this process significantly reduces
the amount of time required to identify duplicate entries.
N-N Matching
 This powerful fused algorithm can produce up to
400,000 matches per second on a single processor
PC;
and
with
fault-tolerant,
scalable
cluster
software, this number can be multiplied across
multiple PCs to perform extremely fast, parallel
fingerprint and face matching using databases of
practically unlimited size. The latent fingerprint
template editing capabilities will also allow it to be
used in forensic AFIS applications.
Server Cluster Architecture
The cluster server consists of a server machine,
several cluster machines, a cluster server license,
several
cluster
client
licenses,
and
necessary
software and data as shown in figure 1 below. It
provides significantly high capacity for record
matching depending on the number of cluster nodes
used. The cluster server can be configured to match
up to match tens of millions of records at a time.
Server Cluster Architecture
Detailed System Description
The system involves the following four (4) phases: registration,
verification, vote casting, and result tallying and display. Below are subsections that describe each phase respectively.
Registration Phase
In the registration phase, designated registration units are used to register
eligible voters. In a registration centre, a registration unit is comprised of
the following:
1. Notebook
2. HD camera
3. Registration software
4. RFID card reader
5. Fingerprint scanner
Detailed System Description
Fingerprint Biometric Scanner
RFID Card Reader/Writer
A Specimen of an RFID Voter Card
RFID Card Printer
Voting Phase
The voting phase, designated voting stations are used
by eligible voters to vote. A voting station is
comprised of the following:
 Notebook with a touch screen
 Voting software
 RFID card reader
 Fingerprint scanner
 Ballot printer
Result Tallying & Display Phase
A reliable communication link is to be used to connect each
voting centre to a centralized command center for vote
aggregation of votes from all voting centres. A polling
scheme is to be adopted to poll data from each polling
centre at a particular interval of time for real-time collation
and tallying of results. The collation and tallying process is
handled by a database management system (DBMS). The
collated and tallied results from the various voting centres
are made available for online display through a web
application over a secure network and/or Internet.
Web Interface for Result Display including
Textual and Graphical Viewing