FAISAL ABDULLAH SAKHAR AL AMRY - Universiti …umpir.ump.edu.my/16161/1/A risk assessment study on...
Transcript of FAISAL ABDULLAH SAKHAR AL AMRY - Universiti …umpir.ump.edu.my/16161/1/A risk assessment study on...
A RISK ASSESSMENT STUDY ON
ELECTRONIC VOTING SYSTEM
FAISAL ABDULLAH SAKHAR AL AMRY
MASTER OF TECHNOLOGY MANAGEMENT
UNIVERSITI MALAYSIA PAHANG
UNIVERSITI MALAYSIA PAHANG
DECLARATION OF THESIS AND COPYRIGHT Author’s full name : FAISAL ABDULLAH SAKHAR AL AMRY
Date of birth : 25 DECEMBER 1974
Title : A RISK ASSESSMENT STUDY ON ELECTRONIC
Academic Session : 2015/2016
I declare that this thesis is classified as:
CONFIDENTIAL (Contains confidential information under the
Official Secret Act 1972)
RESTRICTED (Contains restricted information as specified by the
organization where research was done)
OPEN ACCESS I agree that my thesis to be published as online open
access (Full text)
I acknowledge that Universiti Malaysia Pahang reserve the right as follows:
1. The Thesis is the Property of Universiti Malaysia Pahang.
2. The Library of Universiti Malaysia Pahang has the right to make copies
for the purpose of research only.
3. The Library has the right to make copies of the thesis for academic exchange.
Certified By:
(Student’s Signature) (Signature of Supervisor)
A5592269 DR CHENG JACK KIE
New IC / Passport Number Name of Supervisor
Date : Date :
SUPERVISORS' DECLARATION
We hereby declare that we have checked this thesis and in our opinion, this thesis is
adequate in terms of scope and quality for the award of the degree of Master in Project
Management.
__________________________
(Supervisor’s Signature)
Full Name : DR CHENG JACK KIE
Position : SENIOR LECTURER
Date : SEPTEMBER 2016
STUDENT’S DECLARATION
I hereby declare that the work in this thesis is my own except for quotations and
summaries, which have been duly acknowledged. The thesis has not been accepted for
any degree and is not concurrently submitted for award of other degree.
________________________
(Author’s Signature)
Name : FAISAL ABDULLAH SAKHAR AL AMRY
ID Number : MPR12001
Date : SEPTEMBER 2016
A RISK ASSESSMENT STUDY ON ELECTRONIC VOTING SYSTEM
FAISAL ABDULLAH SAKHAR AL AMRY
Thesis submitted in fulfilment of the requirements
For the award of the degree of
Master of Technology Management
Faculty of Industrial Management
UNIVERSITI MALAYSIA PAHANG
August 2016
vi
TABLE OF CONTENTS
Page
DECLARATION
TITLE PAGE i
DEDICATION ii
ACKNOWLEDGEMENTS iii
ABSTRACT iv
ABSTRAK v
TABLE OF CONTENTS vi
LIST OF TABLES ix
LIST OF FIGURES xi
LIST OF ABBREVIATIONS xiii
CHAPTER 1 INTRODUCTION
1.1 Introduction 1
1.2 Background 1
1.2.1 Electronic Voting System 4
1.2.2 Oman Government Election System 6
1.3 Problem Statement 9
1.4 Research Objective 10
1.5 Research Scope 10
1.6 Operational Definitions 10
1.6.1 Operational Definitions for Risk Management Culture
1.6.2 Operational Definitions for Respondents Profile
1.6.3 Operational Definitions for E-voting risk factors
11
12
12
1.7 Thesis Organization 13
CHAPTER 2 LITERATURE REVIEW
2.1 Introduction 15
2.2 Electronic Voting (E-Voting) Paradigms 15
2.3 E-Voting Adoption Model 19
2.4 Direct-Recoding Electronic Voting Machine (DRE) 21
vii
2.5 Internet Voting (I-Voting) 21
2.6 E-Voting Risks and Risk Assessment 23
2.7 Security Requirements for E-Voting 24
2.7.1 General Security Measurements 25
2.7.2 Counter-attack Requirements 29
2.8 Historical Perspective On E-Voting Issues
2.8.1 The case of USA
34
34
2.8.2 The case of Estonia 35
2.9 Analytical Hierarchy Process(AHP) 36
2.10 Summary 37
CHAPTER 3 METHODOLOGY
3.1 Introduction 39
3.2 Research Design 39
3.3 Instrument Development 41
3.3.1 Survey Questionnaire I: Assessing Risk Management Culture
3.3.2 Questionnaire II for Applying AHP
41
43
3.3.3 Questionnaire III for assessing new e-voting system 43
3.4 The Application of AHP in Assessing E-Voting 44
3.5 Data Collection Method 44
3.5.1 Data collection from questionnaire 44
3.5.2 Data collection from AHP survey questionnaire 45
3.6 Data Analysis 45
3.6.1 Descriptive Analysis 45
3.6.2 Steps of applying AHP 45
3.7 Summary 48
CHAPTER 4 RESULTS AND DISCUSSION
4.1 Introduction 49
4.2 Reliability Test 49
4.3 Respondents Profile 51
viii
4.3.1 Job Position (Position) 51
4.3.2 Educational Level 52
4.3.3 Department 52
4.3.4 Age 53
4.4 Analysis of the old e-voting Process 53
4.4.1 Interviews and Observations 53
4.4.2 Interview Results on the Analysis of the old e-voting Process 54
4.5 Assessment of Risk Management Culture 55
4.6 Assessment of the old Voting System 63
4.7 Results of AHP Analysis 67
4.8 New e-voting System Development 70
4.8.1 E-Authentication Activation Application(EAAA) 70
4.9 Assessment of the New E-voting System
4.9.1 Advantages of the new e-voting System
72
79
4.10 Summary 79
CHAPTER 5 CONCLUSIONS AND FUTURE RECOMMENDATION
5.1 Introduction 80
5.2 Research Summary 80
5.3 Recommendations 82
5.3.1 E- Authentication Activation 82
5.3.2 Security Related Advantage of Technical IT Design 85
5.3.3 Risk Mitigation Techniques 86
5.4 Contribution of the study 89
5.5 Limitation of the Study 89
5.6 Future Research And Recommendations 90
REFERENCES 92
APPENDICES 97
A Questionnaire 97
B List of Publications 104
ix
LIST OF TABLES
Table No.
Title
Page
2.1 Comparison of e-voting schemes 16
2.2 Assessment of relevant attacks on e-voting systems 24
3.1 Steps of AHP method 46
3.2 Relative Scores 47
4.1 Reliability Statistics 50
4.2 Reliability Item-Total Statistics 50
4.3 Frequencies of Job Position Variables (N=82) 51
4.4 Frequencies of Educational Level Variables (N=82) 52
4.5 Frequencies of Department Variables (N=82) 52
4.6 Frequencies of Age Level Variables (N=82) 53
4.7 Overall ranking of the factors of risk management culture 56
4.8 Risk management effectiveness 57
4.9 Importance of risk assessment 58
4.10 Interest to learn about risk management 59
4.11 Risk transfer 60
4.12 Professional training on Risk 61
4.13 Familiar with ISO31000 and ISO31010 62
4.14 Overall ranking of the factors of risk assessment 63
4.15 Voter cheating by ink removal 64
4.16 Voter cheating by using different machines 65
4.17 Voting Process Faster 66
4.18 Security risks of e-voting system 67
x
4.19 Pair-wise Comparison 68
4.20 Standardized Matrix 68
4.21 Results of the analysis 69
4.22 Computing λmax. 69
4.23 Random Consistency Index 70
4.24 Overall ranking of risk assessment factors of the new e-voting 73
4.25 Process faster than before 74
4.26 Paper work as an alternative of voting 75
4.27 Voter cheating by using different machines 76
4.28 Errors due to lack of knowledge 77
4.29 Comparisons of the number of the voters between 2009 and 2013 78
5.1 Steps of Voting Process 83
xi
LIST OF FIGURES
Table No. Title Page
1.1 Risk Identification Frame 3
2.1 E-Voting Adoption Model 20
2.2 Security properties of voting scheme 24
2.3 Verification overview 26
2.4 Overview of the EVIV vote protocol phases 27
2.5 Overview of the JCJ-scheme 33
3.1 Research Design 40
4.1 Old system voting hall model 54
4.2 Risk management effectiveness 56
4.3 Importance of risk assessment 57
4.4 Interest to learn about risk management 58
4.5 Risk transfer 59
4.6 Professional training on Risk 60
4.7 Familiar with ISO31000 and ISO31010 61
4.8 Voter cheating by ink removal 63
4.9 Voter cheating by using different machines 64
4.10 Voting Process Faster 65
4.11 Chosen variables of security 66
4.12 E-authentication of citizens 70
4.13 A sample of the voter authenticated with fingerprints 70
4.14 Voting process is faster than before 73
4.15 Paper work as an alternative of voting 74
xii
4.16 Voter cheating by using different machines 75
4.17 Errors due to lack of knowledge 76
4.18 Comparison of 2009 and 2013 voters 83
5.1 Elections and Application Process. 84
5.2 Data transfer from disconnected servers 85
5.3 Steps of risk mitigation 86
xiii
LIST OF ABBREVIATIONS
AHP Analytic Hierarchy Process
DOD Department of Defense
ROP Royal Oman Police
MOI Ministry of Interior
GCC
Cooperation Council for the Arab States of the Gulf
(Saudi Arabia,UAE,Kuait,Bahran,Qatar and Oman)
OS Operating system
DRE Direct-recoding electronic voting machine
EAAA E-Authentication Activation Application