USC Web-based Electronic Voting System - Engl 23 Research v1.1

UNIVERSITY OF SAN CARLOS WEB-BASED ELECTRONIC VOTING SYSTEM

____________________

A Research Paper

Presented to the

Faculty of the Department of Languages and Literature

University of San Carlos

Cebu City, Philippines

____________________

In Partial Fulfillment

of the Requirements for the Subject

English 23

Technical Writing

____________________

by

Members Abaquita, Earl John

Berdin, Carla Galido, Ralph Christopher

Lucero, Kristian Saren, Mark

March 11, 2015

ii

UNIVERSITY OF SAN CARLOS COLLEGE OF ARTS AND SCIENCES

The Undergraduate Thesis titled “University of San Carlos Web-Based Electronic Voting System” prepared and submitted by EARL JOHN ABAQUITA, CARLA I. BERDIN, RALPH CHRISTOPHER B. GALIDO, KRISTIAN B. LUCERO, AND MARK F. SAREN in partial fulfillment of the requirements for the degree of BACHELOR OF SCIENCE IN COMPUTER ENGINEERING has been examined and is recommended for acceptance and approval for ORAL EXAMINATION.

THESIS COMMITTEE

-------------------------------------- Adviser

______________________________ ______________________________ Member Member

------------------------------------------------------------------------------------------------------------

PANEL OF EXAMINERS Approved by the Committee on oral Examination with a grade of _______.

_________________________ Member

______________________________ ______________________________ Member Member

Accepted and approved in partial fulfillment of the requirements for the degree BACHELOR OF SCIENCE IN COMPUTER ENGINEERING.

______________________________ Chair

3/11/2015 Date of Oral Examination

iii

ACKNOWLEDGMENT

The researchers would like to thank the following people for making this

study possible:

Mrs. Tomasita Laborte for her guidance all throughout the research. She

kindly read our paper and offered invaluable advices on grammar, organization,

and the theme of the paper.

The System Developers and the USC SSC COMELEC Chairperson for

their cooperation and the grant of access of the voting system.

Friends, classmates, and schoolmates for their cooperation in the

gathering of data.

The University of San Carlos for being an academic institution that fosters

study and research.

Teachers for sharing their technical knowledge in their field, and for

imparting their values with us.

Parents for their unconditional love and support in all our endeavors.

And most importantly, we thank our Lord God, our Creator for the strength

to pursue and the patience in conducting this research.

We thank all of you most sincerely.

iv

ABSTRACT

This study tested, verified, and validated the reliability of the University of San Carlos Web-Based Electronic Voting System in accordance to the Stanford Research Institute (SRI) criteria: system integrity, data integrity and reliability, and voter anonymity and data confidentiality. The sixty (60) participants of the test election were students of the university. They were instructed to vote using sample ballots with random names of candidates. The answered ballots were manually tallied and served as the basis of comparison for the output of the voting system. Test cases were also run by the researchers to test the system further. The comparison results counted as 100% identical and the test cases that were run proved to have passed the system requirements. This research will serve as an authentication of the university’s voting system.

v

TABLE OF CONTENTS

Page

Title Page---------------------------------------------------------------------------------- i

Approval Sheet--------------------------------------------------------------------------- ii

Acknowledgment------------------------------------------------------------------------- iii

Abstract------------------------------------------------------------------------------------- iv

Table of Contents------------------------------------------------------------------------ v

List of Tables------------------------------------------------------------------------------ vi

List of Figures----------------------------------------------------------------------------- vii

CHAPTER

I INTRODUCTION---------------------------------------------------------------- 1

Rationale of the Study------------------------------------------------- 1

Review of Related Literature---------------------------------------- 3

Theoretical Background----------------------------------------------- 7

THE PROBLEM------------------------------------------------------------------ 11

Statement of the Problem--------------------------------------------- 11

Significance of the Study---------------------------------------------- 11

RESEARCH METHODOLOGY----------------------------------------------- 12

Research Environment------------------------------------------------- 13

Research Participants-------------------------------------------------- 13

Research Instruments-------------------------------------------------- 13

Research Procedures--------------------------------------------------- 14

DEFINITION OF TERMS-------------------------------------------------------- 15

II PRESENTATION, INTERPRETATION AND ANALYSIS OF DATA------------------------------------------ 17

Interview Results--------------------------------------------------------- 17

Test Election Results---------------------------------------------------- 19

Software Testing Results---------------------------------------------- 23

III SUMMARY OF FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS----------------------------------------- 28

Summary of Findings---------------------------------------------------- 28

Conclusions---------------------------------------------------------------- 29

Recommendations------------------------------------------------------- 30

BIBLIOGRAPHY/References/Works Cited------------------------------------------- 31

APPENDICES*

A. Transmittal Letters------------------------------------------------------------- 33

B. Interview Questions/Test Ballot/Software Testing--------------------- 35

C. List of Respondents------------------------------------------------------------ 64

vi

LIST OF TABLES

Table Page

1 Test Election Results -------------------------------------------------------- 19

2 Software Testing Results -------------------------------------------------- 23

3 Bug Severity Distribution --------------------------------------------------- 24

4 Voter Account Table Structure in the Database ---------------------- 26

vii

LIST OF FIGURES

Figure Page

1 Schematic Diagram of the Study ----------------------------------------- 10

2 Presidential Result ----------------------------------------------------------- 21

3 Vice-Presidential Result ---------------------------------------------------- 21

4 Result for Councilors -------------------------------------------------------- 22

5 Software Testing Results -------------------------------------------------- 23

6 Bug Severity Distribution --------------------------------------------------- 25

viii

1

Chapter 1

THE PROBLEM AND ITS SCOPE

INTRODUCTION

Rationale of the Study

The Supreme Student Council election is a much awaited event in a

university. It is a demonstration of democracy and a formal decision-making

process by which the student population chooses individuals to hold office for the

next academic year. In the University of San Carlos, the USC Supreme Student

Council (USC-SSC) is responsible for the student body elections. The council for

the Academic Year 2015-2016 will be formed through elections on March 5,

2015.

Akin to any other elections before the computer era, the SSC elections in

the university were through the use of ballots and manual ballot counts. And as

the population of the university grew to being one of the largest academic

institutions in Cebu, assuring a fraud-free election posed as a very huge

challenge for the SSC, not to mention the very tedious task of ballot counting. To

address this, on March 11, 2011, the student council actualized their very first

step to digital elections- the full implementation of its very own web-based e-

voting system that uses PHP as the scripting language and MySQL for the

database.

On a global perspective, countries, including our own has adapted the

technological convenience brought by the Smartmatic Precinct Count Optical

2

Scan (PCOS) machines in place of the traditional ballot boxes ever since 2004

(Gulf News). But on 2014, issues regarding the reliability of these machines

came into the open. The Senate Committee tackled about the discrepancies of

the total manual ballot count in Nueva Ecija as compared to the result of the

PCOS machine count (Rappler, 2014). If even the PCOS machines are

vulnerable to disparities, there are issues that the university’s local system might

be threatened with. This led us to conduct this research.

This study focuses on assessing the Web voting system using the SRI

International Electronic Voting Criteria (September 1993): system integrity, voter

anonymity and data confidentiality, and data integrity and reliability. System

integrity refers to a tamperproof system. After software testing, the codes, its

parameters and configuration must remain static throughout the duration of the

elections. The voting counts must also never be accessed externally and that

there must never be an association between the votes and the voter’s identity.

Data integrity and reliability on the other hand refers to the correctness of the

data gathering. Lastly, the electronic vote counts must coincide with the real

voter count.

These criteria must be met by the web-based electronic voting system for

it to be qualified as credible and the only way of knowing is to conduct software

testing to the system. The student body deserves an honest and fraud-free

election and so it is imperative to ensure them this. The importance and

significance of each vote cast should be, at all times, at utmost consideration.

The voting system should cater to this principle. This is why the study should be

3

conducted, to test, verify, and validate the web-based voting system that has

been the backbone of the USC-SSC’s elections.

Review of Related Literature

The approach in conducting elections has evolved through the years.

From the traditional paper-based counting, e-voting has replaced it in the

pedestal. The streamlining of voting reduces the inconveniences that prevent

voters from going to polls (Dunlop, 2008). According to the National Democratic

Institute (NDI), the United States is the spearhead towards this evolution and

now 31 countries (out of 197) has piloted this technology, nine of which has not

continued.

As defined by the journal “Network Voting System Standards” by

VoteHere, Inc. (2002), an electronic voting system is a voting system in which the

election data is recorded, stored, and processed primarily as digital information.

This applies to the voting system of the University of San Carlos Supreme

Student Council (SSC) because it uses software that runs in a computer that is

connected to the school’s servers.

An ABC Australia article by a political correspondent has formally

broached last month (November 2014) that Australia’s Joint Standing Committee

on Electoral Matters released an interim report saying that there were too many

risks in the implementation of e-voting federal elections. From the machine being

vulnerable to hacking to the cost it would require to mitigate this risk, the federal

parliament committee has ruled out e-voting. On the other side of the globe, the

United Kingdom has also abandoned this technology. It turned out that the pilots

4

they were testing had basic errors. And even if they were only basic, the UK has

dismissed it overlooking that it definitely plays a huge impact on the electoral

integrity and could wreck an election. The NDI Guide has also pointed out the

same matters for Norway, Italy, Kazakhstan, Guatemala, Costa Rica, Paraguay,

Netherlands, Belgium, and even our country, Philippines.

The University of San Carlos is not the only university that employs a web-

based voting system. As cited by Reyes (2010) in his article “How UP Diliman

Implemented Its Own Automated Voting System”, UP Diliman has been

implementing a web-based electronic voting system for all its university-wide

elections since 2009. To add security measures, an eligible voter is given a pre-

prepared computer generated password for him to use it as his login password. A

CAPTCHA form is also put in place to ensure that the electronic ballot was filled

out by a human. Security is a major factor to consider in a voting system, and the

USC SSC’s web-based electronic voting system should uphold the integrity of

the election by being secure and reliable.

According to the article, “ACLU-TN Opens Toll-Free Voter Hotline and

Online Voting Resource Center for March 6 Primary Voters Experiencing

Problems at the Polls Urged to Call” published by Targeted News Service (2012),

these are the problems that voters may face at the polls: too few machines in

polling places which will lengthen lines and discourage eligible voters; moving

polling places on short notice or without sufficient warning; and disinformation

campaigns.

5

Electronic voting systems are, in their nature, different from physical voting

methods. In the journal “Bringing Confidence to Electronic Voting”, Riera and

Brown (2003) stated that because of the digital nature of the ballots, the

complexity of the system, the lack of transparency of the systems used, and the

special privileges of certain people have in the system, a wide variety of threats

can be encountered. In an electronic voting system, a bulk of these threats must

be prepared and tested for so that the elections will run smoothly and fraud-free.

In many areas of the country, vote buying, ballot-box stuffing, voter

suppression and intimidation, even outright thievery have long been components

of the political culture, and voters have had to rely on little more than blind faith in

hoping that their votes would be accurately assigned to their chosen candidates

(Oravec, 2005). This study by Oravec was conducted in the United States of

America. This is one of the main problems of the voting system, whether it is e-

voting or manual voting. In e-voting, voters are forced to believe that the system

correctly assigns their votes to the right candidate without even knowing how the

system handles all the data.

The publication “Report of the National Workship on Internet Voting:

Issues and Research Agenda” lists several criteria that election system must

satisfy. This includes eligibility and authentication, uniqueness, accuracy,

integrity, and reliability, among many others. This research focuses on these

criteria to determine if the USC SSC’s voting system satisfies these

requirements.

6

Security testing is generally an overlooked and underappreciated part of

the electronic voting machine testing process as a whole (Balzarotti et al, 2010).

According to the study “An Experience in Testing the Security of Real-World

Electronic Voting Systems” by Balzarotti et al, these are the reasons why security

testing is hard to do for these kind of systems: First, the majority of software

developers are not security experts, or even security aware. This leads to

software with “bolted-on” security, poorly implemented security, or no security

whatsoever; Second, software testing engineers and the organizations that

employ them are concerned with proper execution in response to use cases and

the advertised functionality of a product. Exceptional and hostile environments

are usually not considered in the testing process, even though there are a

substantial number of publications on security testing therefore, security holes

are not discovered; Finally, the security of large systems with many developers is

often hard to assess because it requires knowledgeable individuals who are able

to understand how one could leverage the complex interactions between the

components to bring the system into an unintended and vulnerable state.

The aforementioned characteristics of voting systems imply three

important consequences that necessitate proper design and security evaluation.

First, the presence of sensitive election information makes the threat of well-

funded and motivated attackers a real concern. Second, the distributed nature,

complex design, and reliance on proper execution of operational procedures all

serve to create a wide and varied attack surface. Finally, the public’s relation to

voting systems, both in their use and in their effect on the future direction of

7

society, makes public perception and confidence of primary importance when

testing these systems. All of these factors, combined with historical

implementation issues, set the testing requirements for electronic voting systems

apart from the testing of other systems.

There are ISO Standards to license a software and only validation,

verification and thorough testing basing on these standards can prove the

integrity of a software, and in e-voting, it turns out that its integrity relies on the

machines as well. How secure is an electronic vote is a monumental question

faced by every governing community implementing this technology. Perhaps it’s

never going to be perfect but it is imperative to be certain that its discrepancies

won’t compromise the rectitude of an election and won’t rob its people of

democracy.

Theoretical Background

The University of San Carlos has adopted the practice of e-voting for its

elections. An electronic voting system, as defined by the journal “Network Voting

System Standards” by VoteHere, Inc. (2002), is a voting system in which the

election data is recorded, stored, and processed primarily as digital information. It

is believed that it can reduce election costs and increase civic participation by

making the voting process more convenient.

The voting system has three modules - the Administrator module, Election

Unlocker module, and the Voter module. Each of these modules govern the data

to be fetched or added to the main database with a specific user only having

access to one module. Miscommunication within these modules can cause

8

discrepancies depending on the severity that could compromise the outcome of

the elections.

To ensure a good voting system, requirements must be set for the system

to be used. There are certain criteria that an e-voting system should meet to be

credible. Amidst the debate in evaluating these systems, a paper presented at

the 16th National Computer Security Conference in Baltimore, Maryland has

assessed and consolidated the basic needs of an e-voting system. It was

presented by Peter G. Neumann in behalf of the Stanford Research Institute

(SRI) International.

First criterion is system integrity. The computer systems (in hardware

and system software) must be tamper-proof. Ideally, system changes must be

prohibited throughout the active stages of the election process. No run-time self-

modifying software can be permitted. There should be no bugs that can subvert

the election.

Data integrity and reliability in the system must also be observed. Data

involved in entering and tabulating votes must be tamperproof. Votes must be

recorded correctly.

The last criterion is voter anonymity and data confidentiality. The

voting counts must be protected from external reading during the voting process.

The association between recorded votes and the identity of the voter must be

completely unknown within the voting systems.

Software testing should also be done to the USC E-Voting System since it

is primarily software. As mentioned by Kaner (November 2006), software testing

9

is an investigation conducted to provide stakeholders with information about the

quality of the product or service under test. Software testing doesn’t only limit to

finding bugs in a program but it involves the execution of software component or

system to evaluate one or more properties of interest. These properties of

interest include the following: meeting the requirements of the specified system;

performs the functions within an acceptable time; sufficiently usable; can be

installed and run in its intended environment; and achieve the general result its

stakeholder’s desire.

In order to determine if the USC E-Voting System is reliable, the system

should be analyzed and examined based on the criteria mentioned for a credible

e-voting system. Any errors that would yield from the software testing will also

determine the effectiveness of the system and whether the USC should continue

using the system in the long run.

10

Schematic Diagram

11

THE PROBLEM

Statement of the Problem

The purpose of this study is to determine the effectiveness of the

University of San Carlos (USC) Web-based Electronic Voting System through

software testing.

This study attempts to answer the following questions:

1.0 How is the voting system implemented in terms of the following criteria:

1.1 system integrity

1.2 data integrity and reliability

1.3 voter anonymity and data confidentiality

2.0 Does the USC Web-based Electronic Voting System provide a systematic

and accurate election to the USC-SSC?

Significance of the Study

This study would be beneficial to the following:

The Supreme Student Council who are called responsible in administering

honest and reliable elections. The result of the software testing will serve as the

basis of the integrity of the elections that can’t be freely questioned.

The entire study body that they may be able to vote in the elections to

come with the assurance that the unit that they are using to cast their votes has

gone through thorough and repeated testing and that every vote shall count.

12

The candidates whose positions will be determined by every vote of the

student body. An honest election will ensure that whatever number of casted

votes there will be in their favor or not, that they will be at peace with it and that

there will be no grievances of feeling cheated.

The university whose student body performance and cooperation can be

highly affected by the ability of the Supreme Student Council to lead, that is, for

the right and elect young leaders to be in it.

RESEARCH METHODOLOGY

Research Methods

This study uses quantitative style of research in the form of software

testing to measure the quality of the unit which was the USC Web-based

Electronic Voting system. The study focuses on determining if the system

passes the three criteria, and on finding bugs in the software. Software Test

Measurements was used for quantification. An example of test measurement

was finding the total number of defects found in a given module. Data gathered

were tabulated and presented in graph for further analysis.

13

Research Environment

The voting on the test ballots done by the participants was conducted

inside the university premises. Since the system is temporarily hosted online for

testing purposes, the software testing was conducted outside the university.

Research Participants

The participants of the study were tertiary students of the University of

San Carlos - Technological Center. The participants were taken from those

enrolled in courses in different colleges but mostly under the College of

Engineering during the second semester of the Academic Year 2014-2015. Sixty

(60) participants were considered to vote on test ballots in the study.

Research Instruments

The researchers sought access of the Web Voting System from the SSC-

COMELEC. These voting stations were put-up online and were prepared for

software testing. Sixty (60) test ballots were prepared for the researchers to

predict the controlled outcome of the test elections which were compared to the

experimental outcome. These test ballots were given out to students from

different colleges, mostly from the College of Engineering.

An interview with the COMELEC chair was conducted to gain a basic

knowledge of the voting system. Interviews to the voting system’s developers,

who are currently working abroad, were also conducted through the Internet.

14

Research Procedures

Gathering of Data. The study applied a software testing approach in

gathering data. Requirements for the electronic voting system were determined

based on these three criteria: system integrity, data integrity and reliability, voter

anonymity and data confidentiality. Test cases were then designed for each

criteria to be tested. Each test case included the functionality being tested,

system preconditions, steps to take, expected outcome, actual result, and

pass/fail status.

A test election was started using an administrator account. Sample parties

with respective candidates, from president to councilors, were made. Election

parameters and settings were also set up just like the upcoming 2015 elections.

Test ballots were given to 60 students, and were asked to vote on the

candidates by checking the box beside the candidate. This test ballots served as

the guide for the testers who will input the votes into the web-based voting

system. The testers then logged in to the voting system using the ID numbers of

the students, and inputted their choices based on who they voted for in the test

ballots.

To ensure the consistency of the votes, the researchers double-checked

the web-based voting ballot against their respective printed ballot.

The participants were assured of the confidentiality of their votes and

accounts, that their information were used for academic purposes only.

Treatment of Data. The results of the test cases were checked to see if

the test case passed or failed. The failed test cases were recorded and were

15

considered as a bug. Details of the bug such as its description, and severity,

were listed. The severity of the bugs, and the bug density was used to check if

the system passes the system integrity criterion.

The total votes of each candidate in the web-based election was checked

against the total votes of each candidate on the printed ballots. These were

presented in tabular form. This was to determine if the vote counting produces

correct results and if the system passes the data integrity and reliability criterion.

As for voter anonymity and data confidentiality, the table structure for the

voter account was listed. It was checked to see if the individual votes can be

traced back to its voter.

Definition of Terms

The following terms are defined as used in study:

USC SSC Elections is the gathering of votes from the students of the

University of San Carlos in order to decide upon who will be taking each position

of the Supreme Student Council.

Web-based system is a set of interdependent parts and processes that

are integrated as one, but cannot be fully operational when there is no network

connection available.

Electronic Voting (E-voting) system is a voting system that uses servers,

and algorithms, and relies heavily on a network connection to aid in collecting

and counting votes.

PHP is the scripting language used in making the flow and algorithms of a

web-based system.

16

MySQL is the database management system used in storing and

organizing the data collected.

Functionality refers to the system’s overall quality of being suited to serve

its purpose well and achieve the user’s needs.

Software Testing is the step-by-step process through which the Voting

Software is presented by different scenarios to ensure that it will function as it is

expected. Bug tracking is also part of it.

System integrity means that the system must not be changed whether it’s

hardware or software during the active stages of the election.

Data integrity and reliability means that the data must not be changed.

The data must be handled securely and the votes counted must be correct.

Voter anonymity and data confidentiality means that the voting counts

must be protected from external reading and the voter’s identity must be

unknown in the system.

Bug is an error or a fault in the system that produces an incorrect or

unexpected result to a set of procedures.

Test Ballot is a list of candidates running in an election written or printed

on a piece of paper where voters record their decisions.

Test Elections is the process of running an election for the sake of testing

purposes and collection of data.

17

Chapter 2

TABULAR AND GRAPHICAL PRESENTATION OF DATA, ANALYSIS AND INTERPRETATION

This chapter presents, analyzes, and interprets the data gathered from the

interviews, test ballots, test election results, and software testing.

Interviews were conducted for the researchers to have a basic

understanding of how the system works. Since the developers are already based

abroad, the interview was conducted through the Internet. The researchers

scheduled the interview among three key correspondents:

1. Danica Blanche Fernandez - USC SSC COMELEC Chairperson

The university has been using the system since the 2011 SSC Elections.

Before the elections, a Master List of all the Candidates should be secured. Then

the Administrator will have to input the information into the system along with the

list of registered voters. During the Election Day, an Election Unlocker verifies the

voter’s eligibility to vote and unlocks the voter’s account. Once the voter is in, he

can start to vote and submit his votes with results automatically added into the

system in real time.

2. Valxtopher Caro - System Developer, and Administrator

3. Jocel Sabellano - System Developer

According to the developers, the idea of creating a Web voting system

was inspired by the Philippine elections itself. But since a nationwide

development would be too broad, they narrowed it down within the university.

The components that make up the system is a MySQL database, the Internet

18

Information Services (IIS) for the Web server and Windows Server 20xx as the

Base Operating System. During the first launching of the system, there were two

databases, one in the Main Campus and one in the Technological Center but the

latest system only uses one database.

As with any released software, there were test runs in the back and front

end of the system. That is the server side and the client side. Testing is only

done before elections when there are new patches in the system. These tests

are conducted 2-3 weeks before the elections in which the COMELEC is also

involved with the basic functionality testing like network connectivity where most

of the problems are encountered.

Part of the researchers’ testing was conducted with a manual election

where university students were asked to cast their votes on test ballots with

random names for a test election. Table 1 shows the result of the sixty (60) test

ballots counted manually and the actual data from the test elections.

19

Table 1 Test Election Results

Test Ballots System Results

Candidate Name Party Votes (no.) Votes (%) Votes(no.) Votes(%)

President

Alegarbes Voice 15 25.00 15 25.00

Alipio Fight 24 40.00 24 40.00

Lee Inspire 21 35.00 21 35.00

Vice-President

Benatiro Fight 25 41.67 25 41.67

Enad Voice 17 28.33 17 28.33

Espina Inspire 18 30.00 18 30.00

Councilors

Ababon, B. Voice 23 38.33 23 38.33

Ababon, C. Fight 21 35.00 21 35.00

Abangan Fight 20 33.33 20 33.33

Abella Voice 20 33.33 20 33.33

Abellana Inspire 24 40.00 24 40.00

Abellanosa Fight 20 33.33 20 33.33

Adlawan Voice 26 43.33 26 43.33

Albero Inspire 19 31.67 19 31.67

Amahan Fight 31 51.67 31 51.67

Austria Voice 17 28.33 17 28.33

Bcasno Inspire 20 33.33 20 33.33

Bacus Voice 22 36.67 22 36.67

Barba Fight 29 48.33 29 48.33

Benjamin Fight 26 43.33 26 43.33

Bihag Voice 23 38.33 23 38.33

Cabading Voice 16 26.67 16 26.67

Cabanday Fight 21 35.00 21 35.00

Cabiso Inspire 25 41.67 25 41.67

Cabornay Voice 26 43.33 26 43.33

Camado Fight 13 21.67 13 21.67

Centino Fight 24 40.00 24 40.00

Chua Inspire 20 33.33 20 33.33

Cortes fight 25 41.67 25 41.67

Cruz Fight 18 30.00 18 30.00

Daitol Inspire 19 31.67 19 31.67

Dandan Fight 17 28.33 17 28.33

Desquitado Inspire 22 36.67 22 36.67

Ducao Voice 13 21.67 13 21.67

Duro Fight 23 38.33 23 38.33

Figues Inspire 16 26.67 16 26.67

Francisco Fight 14 23.33 14 23.33

20

Fuentes Voice 18 30.00 18 30.00

Gabiana Voice 26 43.33 26 43.33

Gadapan Fight 19 31.67 19 31.67

Gonzaga, A. Inspire 22 36.67 22 36.67

Gonzaga, V. Voice 21 35.00 21 35.00

Ibon Fight 19 31.67 19 31.67

Illut Inspire 18 30.00 18 30.00

Isidro Fight 25 41.67 25 41.67

Julia Voice 20 33.33 20 33.33

Larrazabal Inspire 18 30.00 18 30.00

Licardo Fight 21 35.00 21 35.00

Lim, E. Inspire 19 31.67 19 31.67

Lim, H. Voice 25 41.67 25 41.67

Lopernes Inspire 15 25.00 15 25.00

Lumba Voice 18 30.00 18 30.00

Manginsay Inspire 15 25.00 15 25.00

Mate Voice 16 26.67 16 26.67

Melendres Inspire 16 26.67 16 26.67

Mendoza Voice 16 26.67 16 26.67

Monato Voice 14 23.33 14 23.33

Montebon Fight 20 33.33 20 33.33

Montecarlo Voice 16 26.67 16 26.67

Mosqueda Inspire 16 26.67 16 26.67

Napuli Inspire 16 26.67 16 26.67

Ocariza Inspire 20 33.33 20 33.33

Pajantoy Fight 15 25.00 15 25.00

Perez Inspire 23 38.33 23 38.33

Rizada Inspire 20 33.33 20 33.33

Robinson Fight 18 30.00 18 30.00

Satera Voice 15 25.00 15 25.00

Sosas Inspire 16 26.67 16 26.67

Varquez Fight 31 51.67 31 51.67

Legend: Candidates in Red = Winners Candidates in Green = Tie

The actual system data and the test ballots are 100% equal. This can be

exactly presented through a bar graph comparison.

21

Figure 2

Figure 3

22

Figure 4

The graph shows that the voting system results matched accurately with

the test ballot votes. Each vote was correctly recorded by the system. This

means that the system meets the data integrity and reliability criteria which

stipulates that the electronic vote count must coincide with the real vote count.

23

The table below shows the results of the software testing done to the

voting system. The results are also shown in a bar graph that follows the table.

Table 2 Software Testing Results

Module No. of TCs executed

No. of TCs passed

No. of TCs failed

Bug Density (%)

Administrator 64 56 8 12.50

Election Unlocker 8 8 0 0

Voter 12 12 0 0.00

Total 84 76 8 9.52

Legend: TCs is shorthand for Test Cases. Bug density is the no. of TCs failed (bugs) divided by the no. of TCs executed times 100 percent.

Figure 5

The results revealed that the majority of the failed test cases can be found

in the Administrator module. This is understandable because the Administrator

module is the largest module of the three and, by extension, more test cases will

be designed and executed for the module.

0

20

40

60

80

100

Administrator Election Unlocker Voter Total

No

. of

Test

Cas

es

Voting System Module

Software Testing Results

No. of TCs executed No. of TCs passed No. of TCs failed

24

The results also revealed that in the Election Unlocker, and Voter

modules, no test cases failed. This means that no bugs were detected on those

modules. This is because the system developers and COMELEC have tested

each module in the past years. Any bugs they had found were fixed so that it

won’t show up in the voting system again.

It is important to note the low bug density (9.52%) of the system. The

lower the bug density, the more reliable the system is. This was expected

because of the testing that have been done before by the developers and

COMELEC. Most of the bugs have been found and fixed in the past.

The table below shows the Bug Severity Distribution of the voting system.

The results are also shown in a bar graph following the table.

Table 3

Bug Severity Distribution

Bug Severity Administrator Election Unlocker Voter Total Total (%)

Critical 0 0 0 0 0

High 0 0 0 0 0

Medium 1 0 0 1 11.11

Low 7 0 0 7 77.78

Total 8 0 0 8 100

25

Figure 6

From the results, it can be seen that there are no critical and high severity

bugs that is found in the voting system. Critical bugs cause a failure of the

complete system, or subsystem. High severity bugs does not cause a failure, but

causes the system to produce incorrect, incomplete, inconsistent results, or

impairs the system usability. In a web-based voting system, critical and high

severity bugs must not be present in the system to provide a smooth and reliable

experience to the user.

The data also revealed that majority of the bugs are of low severity, and

are found in the Administrator module. These are bugs are aesthetic, or a result

of non-conformance to a standard, and have minimum impact on system use.

More importantly, these bugs does not subvert the elections, and does not

interfere with the tallying and counting of votes, which is one of the most crucial

component of an electronic voting system. The bugs also show that the voting

system is not error-free but the good thing about this is that the developers are

0

1

2

3

4

5

6

7

8

Critical High Medium Low

No

. of

Bu

gs

Bug Severity

Bug Severity Distribution

Administrator Election Unlocker Voter Total

26

now aware that these bugs exist, and that the bugs can now be fixed. These

results show that the voting system still passes the system integrity criterion

because the bugs found are not severe enough to subvert the election.

The table below shows the table structure of the Voter Account that can

be found in the database.

Table 4 Voter Account Table Structure in the Database

Voter_Account

voters_id

name

middle_name

family_name

course

yr_level

college

voting_status

account_status

unlocked_by

ballot_status

It can be seen from the table that only the necessary information regarding

the voter, such as his voter ID, full name, course, year level, and college, are

listed. Irrelevant voter information, such as phone number, and address is not

stored. Additional fields such as voting status, account status, unlocked by, and

ballot status are only there for monitoring the voter account. It tells the

administrators and the unlockers if the voter has already voted, or if the account

is now unlocked.

27

It is also important to note what fields are not included in the table. The

individual votes of the voter is not recorded in the database. This signifies that a

vote cannot be traced back to a voter, removing a possibility for coercion. This

also means that the system passes the voter anonymity and data confidentiality

criterion.

28

Chapter 3

SUMMARY OF FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

SUMMARY OF FINDINGS

It was the purpose of this study to determine how the University of San

Carlos (USC) Web-based Electronic Voting System was implemented in terms of

system integrity, data integrity & reliability, and voter anonymity & data

confidentiality. This study also aimed to determine if the system provides a

systematic and accurate election to the USC-SSC.

The researchers applied a software testing approach to determine if the

system met the criteria for a good voting system. The researchers also

distributed test ballots to tertiary students of the University of San Carlos –

Technological Center in order to compare the manual outcome to the actual

outcome of the voting system. There were sixty (60) students who responded to

the test ballots.

In answer to the first sub-problem, the findings were:

System Integrity. In the Administrator module, eight (8) test cases failed

out of the sixty-four (64) executed, but seven (7) of those are low severity bugs.

In the Election Unlocker module, nothing failed out of the eight (8) test cases.

Lastly, in the Voter module, nothing failed out of the twelve (12) test cases.

Data Integrity and Reliability. The voting system results and the test ballot

votes from the sample population were 100% identical.

29

Voter Anonymity and Data Confidentiality. The system was determined to

store election votes anonymously wherein any election personnel cannot find out

the votes for each individual voter but only the overall tally for each candidate.

In answer to the second sub-problem, the results of the testing conducted

on the voting system establish that the system provides a systematic and

accurate election to the USC-SSC. No critical and high severity bugs were found

that can subvert the system, the voting system generates accurate vote tallies,

and a recorded vote can’t be traced back to its voter.

CONCLUSIONS

Based on the findings of the software testing conducted and the sample

population selected through non-probability sampling for the manual voting,

these conclusions can be formulated:

1. The USC Web Voting System is an effective voting system.

The system has been determined to pass on all of the three criteria to ensure a

good voting system. The system integrity criterion has been proven by only

finding medium and low severity bugs in the system, not critical and high severity

bugs, and the system’s low bug density (9.52%). The lower the bug intensity, the

more reliable the system is. The 100% accuracy of the voting system results and

the test ballot votes proved the data integrity and reliability criterion. It stipulates

that the electronic vote must coincide with the real vote count. The voter

anonymity and data confidentiality criterion was also proven when either the

30

Administrator or Election Unlocker has no access to the votes cast by each

voters.

2. The USC Web Voting System is not an error-free voting system.

Even though effective, the USC Web Voting system is not error-free. The

Administrator module is the only module that contributed to the bug density of the

system, but the majority of the bugs are of low severity.

RECOMMENDATIONS

Based on the findings and conclusions, these are the recommendations of

this study:

1. Web-based electronic voting systems should undergo software testing.

The immediate detection of bugs in the study proved that software

testing is a reliable means of examining a voting system.

2. Even though low, the bugs found on the system must not be neglected.

The developers and COMELEC should fix the bugs found, and continue

to perform software testing until an error-free system is achieved. Only

then can the voters have full confidence on the voting system.

3. Future researches on a related topic should include a wider range of

criteria in order to determine the effectiveness of a voting system. The

more criteria, the more the system could be tested and improved.

31

BIBLIOGRAPHY

Arthur, C. 2014, May 12. Estonian e-voting shouldn’t be used in European

elections, say security experts. The Guardian. [Internet] [cited December

2014]. Available from:

http://www.theguardian.com/technology/2014/may/12/estonian-e-voting-

security-warning-european-elections-research

Balzarotti, et al. 2010. An Experience in Testing the Security of Real-World

Electronic Voting Systems. [Internet] [cited December 2014].

Dunlop, T. 2008. Online Voting: Reducing Voter Impediments [Internet] [cited

December 2014].

International Foundation for Electoral Systems. 2012. International Experience

with E-Voting. [Internet] [cited December 2014]. Available from:

https://www.regjeringen.no/globalassets/upload/krd/prosjekter/e-

valg/evaluering/topic6_assessment.pdf

International Institute for Democracy and Electoral Assistance. 2011. Introduces

principles and overall goals for the implementation of e-voting. [Internet]

[cited December 2014]. Available from: https://www.terena.org/activities/tf-

csirt/meeting7/gritzalis-electronic-voting.pdf

Internet Policy Institute, Report of the National Workshop on Internet Voting, USA,

March 2001.

Network Voting System Standards. 2002. VoteHere Inc. Public Draft 2.

http://www.theguardian.com/technology/2014/may/12/estonian-e-voting-security-warning-european-elections-research

http://www.theguardian.com/technology/2014/may/12/estonian-e-voting-security-warning-european-elections-research

https://www.regjeringen.no/globalassets/upload/krd/prosjekter/e-valg/evaluering/topic6_assessment.pdf

https://www.regjeringen.no/globalassets/upload/krd/prosjekter/e-valg/evaluering/topic6_assessment.pdf

https://www.terena.org/activities/tf-csirt/meeting7/gritzalis-electronic-voting.pdf

https://www.terena.org/activities/tf-csirt/meeting7/gritzalis-electronic-voting.pdf

32

Oravec, JA. 2005. Preventing E-Voting Hazards: The Role of Information

Professionals in Securing the Promise of Electronic Democracy [Internet]

[cited December 2014].

Peter N. 1993. Some basic criteria for confidentiality, integrity, availability, and

assurance for computer systems in electronic voting. [Internet] [cited

2014 Dec]. Available from:

http://www.csl.sri.com/users/neumann/ncs93.html

Reyes O. 2010. How UP Diliman Implemented Its Own Automated Voting System.

[Internet] [cited February 18 2010]. Available from:

https://lawinnovations.wordpress.com/2010/02/18/halalandiliman/

Reyes, MA. 2013, September 25. World leader in E-voting. Philstar. [Internet]

[cited December 2014]. Available from:

http://www.philstar.com/business/2013/09/25/1237748/world-leader-e-

voting

Riera A, Brown P. 2003. Bringing confidence to electronic voting. Electronic

Journal of e-Government [Internet] [cited February 18 2010]; 1(1):14-21.

Available from: http://www.ejeg.com/issue/download.html?idArticle=214

Sungkyunkwan University. The 9th International Common Criteria Conference.

[Intenet] [cited December 2014]. Available from:

https://www.commoncriteriaportal.org/iccc/9iccc/pdf/B2303.pdf

US Dept. of Defense, Voting Over the Internet Pilot Project Assessment Report,

DoD Washington Headquarters Services Federal Voting Assistance

Program, USA, June 2001.

http://www.csl.sri.com/users/neumann/ncs93.html

http://www.philstar.com/business/2013/09/25/1237748/world-leader-e-voting

http://www.philstar.com/business/2013/09/25/1237748/world-leader-e-voting

http://www.ejeg.com/issue/download.html?idArticle=214

https://www.commoncriteriaportal.org/iccc/9iccc/pdf/B2303.pdf

33

APPENDIX A-1

Transmittal Letter

January 16, 2015

USC - Commission on Elections

University of San Carlos - Downtown Campus

P. Del Rosario St., Cebu City, 6000

To whom it may concern:

May this letter find you in peace and in good health.

As a major requirement for our Technical Writing course, English 23, we, 4th year Computer

Engineering students of the University of San Carlos, in accordance with our field of study, have

chosen to conduct research on the USC Web Voting System.

In this regard, we would like to ask permission from your good office to allow us access of the

voting system as it plays a very crucial role to accomplish our study.

Attached is the Rationale and Statement of the Problem of our study. Your favorable response

regarding this request will be highly appreciated. Thank you.

Respectfully yours,

MARK F. SAREN

Research Coordinator

Noted:

MRS. TOMASITA L. LABORTE

Research Adviser

Approved:______________________________

USC COMELEC

34

APPENDIX A-2

University of San Carlos College of Engineering

TEST BALLOT

We are fourth year students of the University of San Carlos who are conducting a study entitled: USC Web-based electronic voting system. In our study, we are to test the voting system used in administering the elections to find out if the results it produces are accurate. In this regard, may we request you to fill up the following ballot for the researchers to have votes that will be used during the test election. Please fill up the ballot according to the instructions presented in each part of the ballot. Rest assured that the ballots obtained will be confidential and will be used for academic purposes only. Your cooperation will be highly appreciated. Researchers: Abaquita, Earl John Berdin, Carla Galido, Ralph Christopher Lucero, Kristian Saren, Mark --------------------------------------------------------------------------------------------------------------------------------

35

APPENDIX B -1

Test Ballot

Note: This is not an official ballot of the SSC Elections Instruction: Put a check mark on the checkbox beside the candidate you want to vote. If you want to change your vote, put an ‘X’ mark on the checkbox and put a check mark on another candidate. President (choose only one candidate)

Alegarbes, Marc Lourenze (VOICE)

Alipio, Christine (FIGHT)

Lee, Jasper ( INSPIRE)

Vice President (choose only one candidate)

Benatiro, Denver John (FIGHT)

Enad, Evangeline (VOICE)

Espina, Mariah Jessa (INSPIRE)

Councilors (choose up to 21 candidates only)

Ababon, Bobby Michael(VOICE)

Ababon, Caryl Mae(FIGHT)

Abangan, Elean(FIGHT)

Abella, Philip(VOICE)

Abellana, Francis(INSPIRE)

Abellanosa, Rebecca(FIGHT)

Adlawan, Venci (VOICE)

Albero, Dione (INSPIRE)

Amahan, Aldrianne (FIGHT)

Austria, Bernadette (VOICE)

Bacasno, Rica (INSPIRE)

Bacus, Maristella (VOICE)

Barba, Aileen(FIGHT)

Benjamin, Jay(FIGHT)

Bihag, Dycah Aldrianne (VOICE)

Cabading, Carylle (VOICE)

Cabanday, Ann Nicole(FIGHT)

Cabiso, Neil (INSPIRE)

Cabornay, Dwight (VOICE)

Camado, Trixie May(FIGHT)

Centino, Farah(FIGHT)

Gabiana, Joseph Franz (VOICE)

Gadapan, Francis (FIGHT)

Gonzaga, Arianne (INSPIRE)

Gonzaga, Valerie (VOICE)

Ibon, Marc Mikhael (FIGHT)

Illut, Keane Paolo (INSPIRE)

Isidro, Lester Mark (FIGHT)

Julia, Jude (VOICE)

Larrazabal, Mary Ann (INSPIRE)

LIcardo, Hazel Rose (FIGHT)

Lim, Emma (INSPIRE)

Lim, Harvey (VOICE)

Lopernes, Maverick (INSPIRE)

Lumba, Carl Kevin (VOICE)

Manginsay, Sharleene (INSPIRE)

Mate, Patrick (VOICE)

Melendres, Sapphire (INSPIRE)

Mendoza, Clint (VOICE)

Monato, Anthony Cleo (VOICE)

36

Chua, Aerielle (INSPIRE)

Cortes, Miguel (VOICE)

Cruz, Loreen(FIGHT)

Daitol, Joseph Marie (INSPIRE)

Dandan, Kimberly(FIGHT)

Desquitado, Jhoannes (INSPIRE)

Ducao, Patrick Joseph (VOICE)

Duro, Christian (FIGHT)

Figues, Vern Alan (INSPIRE)

Francisco, Melissa (FIGHT)

Fuentes, Grace (VOICE)

Montebon, Marie (FIGHT)

Montecalvo, Tatreena (VOICE)

Mosqueda, Miranette May (INSPIRE)

Napuli, Jade (INSPIRE)

Ocariza, Ulysses (INSPIRE)

Pajantoy, John Nnyam (FIGHT)

Perez, John Earl (INSPIRE)

Rizada, Devon(INSPIRE)

Robinson, Emmanuel (FIGHT)

Satera, Glenn (VOICE)

Sosas, Marc Julius (INSPIRE)

Varquez, Lucio (FIGHT)

37

APPENDIX B-2

INTERVIEW QUESTIONS Directed to USC SSC COMELEC Chairperson Name: Course: Organization: What process does the COMELEC undergo in an election? How long have you been using the web-based voting system? Who are the developers of the system? Who are the administrators of the system? Do you do your own testing of the voting system? What kind of problems have you experienced/encountered with the system? Directed to the System Developers Name: Course: Role: Where did the idea of developing an electronic voting system come from? What servers are you using for your system? What is the process of your test runs? What are you testing for? Is the COMELEC involved in testing the system? If so, in what regard? What kind of problems have you experienced/encountered initially in launching the system?

38

APPENDIX B-3

TEST CASES

ADMINISTRATOR MODULE

Test Case ID

Submodule

Functionality Being Tested

Precondition Steps Test Data

Expected Result Actual Result Status

TC_A_01 Login

Invalid Administrator login to the voting system

1. At the log-in page, waiting for input

1. Input an invalid account username

administrator

Failure to log-in

An error message "Invalid Username or Password" is displayed

Pass 2. Input an invalid account password

admin1234

2. Click "Login" button

TC_A_02 Login 1. At the log-in page, waiting for input

1. Input account username

admin

Failure to log-in

An error message "Invalid Username or Password" is displayed

Pass 2. Input account password

administrator1


TC_A_03 Login Administrator login to the voting system

1. At the log-in page, waiting for input


software_testing123

Administrator account logged-in successfully

Administrator account logged-in sucessfully


findthebugs


39

TC_A_04 Login Administrator account already logged-in

1. Another user is currently using the same Administrator account


software_testing123

User logs in as Administrator

Administrator account logged-in


findthebugs


TC_A_05 Admin Homepage

Ability to view all current users

1. Logged-in to Admin Homepage

1. Click on "Home" found on the menu bar

User should be directed to a page that shows all users in the system

User is directed to a page that shows all users in the system

Pass

TC_A_06 Add New User

Functional "Add" button

1. Logged-in as Admin 2. User is on the "Add New User" window 3. All values inputted to the other fields are valid

1. Click "Add" button testdata

Acount should be successfully added

Account Added Sucessfully

Pass


Functional "Reset" button

1. Logged-in as Admin 2. User is on the "Add New User" window 3. Any values are inputted to the all fields

1. Click "Reset" button

All fields should be blank

Account Added to Database

Fail


Functional "Close" button

1. Logged-in as Admin 2. User is on the "Add New User" window

1. Click "Close" button

The Add New User window should be closed, and the user should be redirected back to the Admin homepage

User is redirected to Admin homepage and Add new user window is closed

Pass

40


Create another administrator account

1. Logged-in to the Admin Homepage

1. Select create New User

Successfully created an admin account

Admin account created and data is added to Database

Pass

2. Input New User data <valid user data>

3. Indicate as Admin account

4. Click create for data to be stored in DB


Create an unlocker account using an admin account

1. Logged-in to the Admin Homepage

1. Select create New User

Successfully created an unlocker account

Unlocker account created and data is added to Database

Pass

2. Input Student ID 1234566

3. Input Username test_unlocker

4. Input Password password20

5. Indicate as Unlocker account

4. Click create for data to be stored in DB


Form validation for Student ID field


1. Do not input a Student ID

Error message should display that Student ID should be filled up

An error message popped up with a message "Please complete all information"

Pass

2. Click "Add" button

41




1. Input Student ID consisting of alphabets & special characters

abc123!@#

Error message should display that says Student ID is invalid

Data Added to Database

Fail





1. Input a Student ID that is more than 20 characters long

123456789012345678901234567890 Error message should

display that says Student ID is too long

User is added to database. Only the first 20 characters are displayed

Fail



Form validation for 'Name' field


1. Do not input a Name

Error message should display that says Name should be filled up


Pass




1. Logged-in as Admin 2. User is on the "Add New

1. Input a Name that is more than 20 characters long

maria leonora teresa crispin

Error message should display that says Name is invalid


Fail

42

User" window 3. All values inputted to the other fields are valid

basilio sisa bartolome





1. Input special characters in the Family Name field

maria123!@#

Error message should display that says Name can only contain alphabetic characters


Fail



Form validation for 'Family Name' field


1. Do not input a Family Name

Error message should display that says Family Name should be filled up


Pass




1. Logged-in as Admin 2. User is on the "Add New User" window 3. All values inputted to the

1. Input a Family Name that is more than 20 characters long

abaquita saren berdin lucero galido

Error message should display that says max length for Family Name is 20 characters


Fail


43

other fields are valid





familyName#$

Error message should display that says Family Name can only contain alphabetic characters


Fail



Form validation for 'Gender' field


1. Do not click on "Male" or "Female" radio button

Error message should display that all information should be filled up


Pass



Form validation for 'Username' field


1. Do not input a Username An error message

stating that the Username field should be minimum of 5 characters should be displayed


Pass


44




1. Input a Username that is less than 5 characters

test An error message stating that the Username field should be minimum of 5 characters should be displayed

An error message popped up with a message "Username's character must be minimum of 5"

Pass





1. Input a Username that has special characters

testd@t@

A success message should be displayed. User should be added to the database


Pass





1. Input a Username that is more than 35 characters long

softwaretestingtest1test2

An error message stating that the Username field should be at most 30 characters long should be displayed


Pass



Form validation for 'Password' field

1. Logged-in as Admin 2. User is on the "Add New

1. Input any Password testing123 Characters should be

displayed as asterisks (*)

Characters displayed are asterisks(*)

Pass

45

User" window 3. All values inputted to the other fields are valid




1. Do not input a Password An error message

stating that the Password field should be minimum of 5 characters should be displayed

An error message popped up with a message "Password's character must be minimum of 5"

Pass





1. Input a Password that is less than 5 characters

test An error message stating that the Password field should be minimum of 5 characters should be displayed

An error message popped up with a message "Password's character must be minimum of 5"

Pass





1. Input a Password that has special characters

test!@#

The user should be added to the system


Pass


46




1. Input a Password that is more than 35 characters long

softwaretestingtesting12345

The user should be added to the system


Pass



Form validation for 'Confirm Password' field


1. Input any Confirm Password

testing123

Characters should be displayed as asterisks (*)

Characters displayed are asterisks(*)

Pass




1. Do not input a Confirm Password

An error message should be displayed

An error message is displayed with a message "Passwords do not match"

Pass




1. Logged-in as Admin 2. User is on

1. Input a Confirm Password that does not match the Password

testign456

An error message should be displayed

An error message is displayed with a message

Pass

47

the "Add New User" window 3. All values inputted to the other fields are valid


"Password's character must be minimum of 5"




1. Input a Password that matches the Password

testing123

Adding of user should be successful


Pass



Form validation for 'User's Role' field


1. Do not click on "Administrator", "Election Head" or "Election Unlocker" radio button

An error message should be displayed that says all information should be filled up


Pass


TC_A_35 Update User

Functional link to 'Update User' window

1. Logged-in as Admin 2. User is on the Admin homepage

1. Click on the a user's Student ID

Update User' window should pop-up. User's data should be displayed, and only the fields 'Name', 'Family

Update User; window popped-up.

Pass

48

Name', 'Gender', 'User's Role', 'Account Status', 'Login Status' should be editable.

TC_A_36 Update User

Update 'Name' field

1. User is on the "Update User" window 2. All other fields are not changed

1. Change user's Name <updated name> Name should be

updated, other fields should remain the same

Data updated sucessfully

Pass 2. Click on "Update" button

TC_A_37 Update User

Update Form validation for 'Name' field

1. Logged-in as Admin 2. User is on the "Update User" window 3. All values inputted to the other fields are valid

1. Do not input a Name

Error message should display that says Name should be filled up


Pass


TC_A_38 Update User



1. Input a Name that is more than 20 characters long

maria leonora teresa crispin basilio sisa bartolome

Error message should display that says Name is invalid

Error message should display that says Name is too long

Pass


TC_A_39 Update User


1. Logged-in as Admin 2. User is on the "Update User" window


maria123!@#

Error message should display that says Name can only contain alphabetic characters

Error message is displayed that says Name can only contain alphabetic characters

Pass


49

3. All values inputted to the other fields are valid

TC_A_40 Update User

Update 'Family Name' field


1. Change user's Family Name

<updated family name>

Family Name should be updated, other fields should remain the same


Pass

2. Click on "Update" button

TC_A_41 Update User

Update Form validation for 'Family Name' field


1. Do not input a Family Name

Error message should display that says Family Name should be filled up


Pass


TC_A_42 Update User

Update Form validation for 'Family Name' field


1. Input a Family Name that is more than 20 characters long

abaquita saren berdin lucero galido


Error message is displayed that says max length for Family Name is 20 characters

Pass


TC_A_43 Update User

Update Form validation for

1. Logged-in as Admin 2. User is on


familyName#$

Error message should display that says Family

Error message is displayed that says Family Name can

Pass

50

'Family Name' field

the "Update User" window 3. All values inputted to the other fields are valid


Name can only contain alphabetic characters

only contain alphabetic characters

TC_A_44 Update User

Update 'Gender' field


1. Change user's Gender by clicking another radio button

Gender should be updated, other fields should remain the same


Pass


TC_A_45 Update User

Update 'Users Role' to Administrator


1. Change User's Role by clicking on Administrator

User's Role should be updated The user should now log in as an Administrator


Pass


TC_A_46 Update User

Update 'Users Role' to Election Unlocker


1. Change User's Role by clicking on Election Unlocker

User's Role should be updated The user should now log in as an Election Unlocker


Pass


TC_A_47 Update User

Disable a user's account

1. User is on the "Update User" window 2. All other fields are not changed 3. User's

1. Click on "Disable" option

The disabled user should not be able to log in to his account

Account is sucessfully disabled


51

account is currently enabled

TC_A_48 Update User

Enable a user's account

1. User is on the "Update User" window 2. All other fields are not changed 3. User's account is currently disabled

1. Click on "Enable" option

The enabled user should now be able to log in to his account

Account is sucessfully enabled


TC_A_49 Update User

Update Login Status to "Not Logged-out"

1. User is on the "Update User" window 2. All other fields are not changed 3. User's account is currently logged-out

1. Click on "Not Logged-out" option

The updated user should not be able to log in to his account

User cannot log in to his account


TC_A_50 Update User

Update Login Status to "Logged-out"

1. User is on the "Update User" window 2. All other fields are not changed 3. User's account is currently not logged-out

1. Click on "Log-out" option

The updated user should now be able to log in to his account

User can log in to his account


52

TC_A_51 Delete User

Delete a user's account

1.Logged-in to Admin Homepage

1. Select a user account

Selected account should be deleted from DB The deleted user should not be able to log in to his account

Account was successfully deleted from database

Pass 2. Click on "Delete Profile" button

TC_A_52 Application Control

Functional Link to "Application Control" webpage

1. Logged-in as Admin

1. Click on "Application Control" found on the menu bar

User should be redirected to the "Application Control" webpage

User is redirected to the Applications Control page

Pass


Start Elections

1. Logged-in as Admin 2. User is on "Application Control" webpage 3. Elections are not yet started

1. Click on "Start Now" button

Elections should start. Unlocked voters should be able to log in

Unlocked voters are able to log-in sucessfully

Pass


Stop Elections

1. Logged-in as Admin 2. User is on "Application Control" webpage 3. Elections are not yet started

1. Click on "Stop Now" button

Elections should stop. Voters should not be able to log in to the system

Voters are'nt able to log in to the system

Pass

TC_A_55 Logout Log out as Admin

1. User is on Admin homepage

1. Click on "Logout" menu on the menu bar

User should be logged-out. It should be indicated in the database. User should

User is redirected back to the login page

Pass

53

be redirected to login page.

TC_A_56 Election Results

Number of students who voted (Students' Percentage)

1. Logged-in as Admin 2. Test Elections is finished

1. Click on "Reports Poll" found on menu System should generate

accurate Student's Percentage

The correct student percentage is displayed

Pass 2. Click on "Student's Percentage" submenu


Total number of votes per college


1. Click on "Reports Poll" found on menu

System should generate accurate total no. of students, no. of students who voted, and no. of students who hasn't voted

The corrcet total no. of students, no. of students who voted, and no. of students who hasn't voted is displayed

Pass

2. Click on "By College" submenu


Total number of votes per candidate sorted per college



System should generate accurate total no. of votes per candidate sorted per college

The total no. of votes per candidate sorted per college is not displayed

Fail 2. Click on "Candidates by College" submenu


Presidential Votes, and percentages



accurate presidential votes, and percentages

The correct presidential votes, and percentages is displayed

Pass 2. Click on "President" submenu


Vice Presidential Votes, and percentages



System should generate accurate vice presidential votes, and percentages

The correct vice presidential votes, and percentages is displayed

Pass

2. Click on "Vice-President" submenu


1. Logged-in as Admin


System should generate accurate votes for

The correct votes for councilors, and

Pass

54

Votes for Councilors, and percentages

2. Test Elections is finished

2. Click on "Councilors" submenu

councilors, and percentages

percentages is displayed


Votes for all candidates



accurate votes for all candidates

The correct votes for all candidates is displayed

Pass

2. Click on "View All Candidates" submenu


Declare Election Winners while the election is still running

1. Logged-in as Admin 2. Test Elections has not yet ended


System should display a warning message that says that the election must be ended before declaring winners

A warning message is displayed saying "Please stop election status in order to declare winners. Make sure the election has alreay ended."

Pass

2. Click on "Declare Winners"


Declare Election Winners



accurate election results Accurate election results is generated

Pass 2. Click on "Declare Winners"

55

ELECTION UNLOCKER MODULE Test Case

ID Submod

ule Functionality Being Tested

Precondition Steps Test Data Expected Result Actual Result Status

TC_EU_01 Login

Successful unlocker account login to the voting system

1. A valid unlocker account to login 2. At Login Page

1. In the login panel, enter the username in the username field

<a valid username> The user is logged in

successfully to the system. User is taken to Unlocker Home Page

The user is logged in successfully to the system. User is taken to Unlocker Home Page

Pass 2. Enter the password in the password field

<a valid password>


TC_EU_02 Login Unsuccessful unlocker login

1. A valid unlocker username


<a valid username>

Error message should be displayed.

Error message is displayed.


<an invalid password>


TC_EU_03 Login Unsuccessful unlocker login

1. A valid unlocker password


<an invalid username>




<an invalid password>


TC_EU_04 Login Unlocker account already logged-in

1. Another user is currently using the Election Unlocker account






56

TC_EU_05 Unlock Voter

Unlock an eligible voter

1. Logged in with a valid Election Unlocker Account 2. At Unlocker Home Page

1. Input ID No. of student and press enter

<a valid ID number>

Voter's account status is seen, and must be "Locked"


Pass 2. Enter security code to unlock voter

<a valid security code>

3. Click "Unlock" button

Display that the ID number was successfully unlocked

Display "ID number was Successfully Unlocked"


Unlock a voter with invalid ID number



<an invalid ID number>

Prompt user to search a student with a valid ID number

Prompt user to search a student with a valid ID number

Pass


Unlock an eligible voter with invalid security code



<a valid ID number>



Pass 2. Enter security code to unlock voter

<an invalid security code>

3. Click "Unlock" button

Display "incorrect code". Prompt user to enter correct security code

Display "incorrect code". Prompt user to enter correct security code


Checking of a voter's account status

1. Logged in with a valid Election Unlocker Account 2. At


<a valid ID number>

Display voter's account status

Display voter's account status

Pass

57

Unlocker Home Page

VOTER MODULE

Test Case #

Functionality Being Tested

Precondition Steps Test Data Expected Result Actual Result Status

TC_V_01

Successful voter login to the voting system with an unlocked account

1. An unlocked voter account to login


<a valid username>

The user is logged in succesfully, and user is led to the ballot page

The user is logged in succesfully, and user is led to the ballot page

Pass


TC_V_02

Unsuccessful voter login when a locked voter tries to login to the voting system

1. A valid voter account to login


<a valid username>

An error message is displayed and the user is not logged in to the voting system

An error message is displayed and the user is not logged in to the voting system

Pass


TC_V_03 Voter can only vote on one president

1. Voter is on the ballot page

1. Click on one candidate for President

The second Presidential Candidate selected will be highlighted

An error message is displayed prompting user to deselect previous selection

Pass 2. Click on another candidate for President

TC_V_04 Voter can only vote on one vice president

1. Voter is on the ballot page

1. Click on one candidate for Vice President

The second Vice Presidential candidate

An error message is displayed prompting

Pass

58

2. Click on another candidate for Vice President

selected will be highlighted

user to deselect previous selection

TC_V_05 Voter can vote on 21 councilors

1. Voter is on the ballot page 2. Voter has selected one president, and one Vice President

1. Select 21 councilors

Voter is led to a page that shows the summary of his votes


Pass

2. Click on "Vote Now" button

TC_V_06 Voter can vote on less than 21 councilors


1. Select 12 councilors



Pass


TC_V_07 Voter can abstain from voting on councilors


1. Do not select any Councilors



Pass


TC_V_08 Voter cannot vote on more than 21 councilors


1. Select 25 councilors An error message is

displayed stating that a voter can only vote on up to 21 councilors

An error message is displayed prompting user to deselect previous selections

Pass 2. Click on "Vote Now" button

59

TC_V_09 Voter can change his choices before submitting his votes

1. Voter is logged in to the system 2. Voter has, at least, selected one president, and one Vice President 3. Voter is on the summary of votes page

1. Click on "Go Back" button

The voter is led to the ballot page again

The voter is led to the ballot page again

Pass

TC_V_10

Voter's account will be locked when he doesn't log into his account within five (5) minutes of unlocking his account

1. Voter is logged in to the system 2. Voter has, at least, selected one president, and one Vice President 3. Voter is on the summary of votes page 4. Voter's is on the voting module for more than 5 minutes

1. Click on "Submit Vote" button

An error message will show stating that the voter's did not log in within 5 minutes after unlocking his account. Must unlock his account again

An error message is shown stating that the voter's did not log in within 5 minutes after unlocking his account. User must unlock his account again

Pass

TC_V_11

Voter's account will not be locked when he logs in before five (5) minutes of unlocking his account

1. Voter is logged in to the system 2. Voter has, at least, selected one president, and one Vice President 3. Voter is on the summary of votes page 4. Voter's is on the voting module for less than 5 minutes

1. Click on "Submit Vote" button

The voter's vote will be counted to the vote tally

The voter's vote will be counted to the vote tally

Pass

60

TC_V_12 A voter can only submit votes once

1. Voter has already clicked the "Submit Vote" button. 2. Votes were accepted

1. Go back to login page

<a username who has already voted>

Error. A message that the voter has already voted will be displayed

Error messaged is displayed saying that account has already voted

Pass 2. Login with the same account previously

61

APPENDIX B-4

BUG TRACKING Bug ID

Test Case # Bug Name Area Path Severity

Reported On Environment Description

Steps To Reproduce

Expected Result Reason

B_01 TC_A_07

Non-functional 'Add New User' Reset button

Admin Homepage -> Add New User

Low 2/6/2015

OS: Windows 8 Browser: Google Chrome Version 42.0

When the Reset button is pressed, if there are data in the input fields, those data are not cleared. It acts as an "Add" button instead

1. Click "Add New User" 2. Input any value to any input field 3. Click "Reset" button

The fields with values should be cleared

Reset functionality not added. 'Add' functionality was added to the button instead

B_02 TC_A_12

Alphabetic & Special Characters in Student ID field

Admin Homepage -> Add New User -> Student ID field

Low 2/6/2015


Student ID field accepts alphabets & special characters

1. Click "Add New User" 2. Input a Student ID that contains alphabets & special characters. 3. Click "Add" button


No alphabetic & special characters form validation for Student ID

B_03 TC_A_13 Too long Student ID input

Admin Homepage -> Add New User -> Student ID field

Low 2/6/2015


Student ID field accepts input that is more than 20 characters long

1. Click "Add New User" 2. Input a Student ID that is more than 20 characters long


No max length form validation for Student ID

62


B_04 TC_A_15 Too long Name input

Admin Homepage -> Add New User -> Name field

Low 2/6/2015


Name field accepts input that is more than 20 characters long

1. Click "Add New User" 2. Input a Name that is more than 20 characters long 3. Click "Add" button

Error message should display that says max length for Name is 20 characters

No max length form validation for Name field

B_05 TC_A_16

Numeric & Special Characters in Name field

Admin Homepage -> Add New User -> Name field

Low 2/6/2015


Name field accepts numeric & special characters

1. Click "Add New User" 2. Input a Name that contains numeric & special characters 3. Click "Add" button

Error message should display that says Name should only contain alphabetic characters

No numeric & special characters form validation for Name field

B_06 TC_A_18 Too long Family Name input

Admin Homepage -> Add New User -> Family Name field

Low 2/6/2015


Family Name field accepts input that is more than 20 characters long

1. Click "Add New User" 2. Input a Family Name that is more than 20 characters long 3. Click "Add" button


No max length form validation for Family Name field

B_07 TC_A_19 Numeric & Special Characters in

Admin Homepage -> Add New

Low 2/6/2015 OS: Windows 8 Browser:

Family Name field accepts numeric & special characters

1. Click "Add New User" 2. Input a

Error message should

No numeric & special characters

63

Family Name field

User -> Family Name field

Google Chrome Version 42.0

Family Name that contains numeric & special characters 3. Click "Add" button

display that says Family Name should only contain alphabetic characters

form validation for Family Name field

B_08 TC_A_58

Candidates by College not showing the no. of votes per candidate sorted per college

Admin Homepage-> Reports Poll -> Candidates by college

Medium 2/9/2015


Candidates by college does not show the no. of voters per candidate sorted per college. The table is there complete with the rows such as Candidate Name, Position, Party, College, and the different Colleges, as well as theTotal, but there are no values in the table

1. Click on "Reports Poll" 2. Click on "Candidates by college" submenu

The total number of votes per candidate sorted per college should be displayed in the table

The functionality is not yet added.

64

APPENDIX C

LIST OF RESPONDENTS

INTERVIEW

Danica Fernandez – USC SSC Comelec Chairperson

Valxtopher Caro – System Developer

Jocel Sabellano – System Developer

TEST ELECTIONS

Among the sixty (60) respondents:

Department of Computer Engineering – 40

Department of Psychology – 5

Department of Industrial Engineering – 10

Department of Civil Engineering – 5

Documents

USC Web-based Electronic Voting System - Engl 23 Research v1.1