Secure Online Election System
Sneha Subramanian1, Saketh Kamatham2

1VSneha Subramanian, Department of Computer Science,SRM Institute of Science and Technology, Chennai, Tamil Nadu, India.

2Saketh Kamatham, Department of Computer Computer Science.,SRM Institute of Science and Technology, Chennai, Tamil Nadu, India.

Manuscript received on 15 September 2019 | Revised Manuscript received on 23 September 2019 | Manuscript Published on 11 October 2019 | PP: 1166-1171 | Volume-8 Issue-11S September 2019 | Retrieval Number: K123509811S19/2019©BEIESP | DOI: 10.35940/ijitee.K1235.09811S19

Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (

Abstract: India, the biggest democratic ruling system in terms of population utilises the Electronic Voting Machine or EVM for their general elections. Any EVM comprises of two units: The Control unit and the Ballot unit. Ongoing research has indicated many disadvantages in the system. One of the main disadvantages we encounter is that many researchers have claimed that the EVM can easily be tampered with. EVMs also encounter many physical threats. To prevent these drawbacks, we have proposed an online voting system which counter many physical difficulties faced by the EVM. One main difficulty in the online system is the SQL Injection attack. SQL injection is messing with the database and controlling it with the help of SQL Queries. Our project focuses on the Tautology based SQL Injection attack. In this attack, a statement whose value will always be true or 1 is passed instead of username and password by the hacker. This allows access to the database which allows him/her to manipulate it. Manipulation can be of several kinds. Web based Voting is another innovation that is rising which has the possibility of countering numerous downsides looked by the EVMs. The online voting application works as any other web application. Each voter who wants to vote needs to fill all the required details and create an account on the website first. On the day of voting, when voters cast their vote, they need to sign in with their respective credentials. When the credentials match with the data from database, the voter can get to the voting page and make his choice. An affirmation mail is the sent to the client after effectively making the choice. The votes cast by the voters are sent to a separate database which is viewed in the administration side . We use stored procedures and parameterized queries to prevent the Tautology based SQL attack. If a malicious user enters any query which has a value, it will simply be passed as a parameter to the SQL statement and wont be a component of the SQL statement itself, thus rendering the stored procedure invulnerable to SQL injection attacks. We also use the Secure Hash Algorithm 256 (SHA-256). It is a type of cryptographic hash function which generates a unique 256 bit long hash key for each vote. It is a one way function and so it cannot be decrypted. This ensures that the votes are not manipulated.

Keywords: Online, Electronic Voting Machine, Application
Scope of the Article: Security, Trust and Privacy