Abstrak Voting telah menjadi bagian penting dari demokrasi. Terdapat beberapa faktor yang harus dipenuhi agar proses voting dapat dilaksanakan dengan baik. Misalnya, otentikasi pengguna, yaitu hanya mereka yang benar-benar memenuhi syarat saja yang boleh mengikuti proses voting tersebut; keamanan data, yaitu data yang dikirimkan untuk proses voting harus bersifat rahasia. Sistem voting secara manual bisa memenuhi persyaratan tersebut, akan tetapi penggunaan sistem voting secara elektronik (e-voting) bisa menjadi suatu alternatif. Dengan penggunaan e-voting, diharapkan proses yang dilakukan bisa lebih transparan dan bisa lebih mudah untuk memenuhi persyaratan yang ada. Dalam makalah ini, kami mengusulkan penggunaan biometrik, khususnya sidik jari, sebagai media untuk melakukan otentikasi; dan kriptografi kombinasi kunci privat dan publik untuk menjada kerahasiaan data. Tidak seperti PIN (personal identification number) atau kata sandi (password), sidik jari relatif sulit dipindahtangankan atau bahkan dipalsukan. Di sisi yang lain, kriptografi kunci privat digunakan untuk menjaga kerahasiaan data, sedangkan kriptografi kunci publik digunakan untuk menjaga kerahasiaan kunci privat. Selain itu, desain arsitektur e-voting juga diusulkan. Evaluasi dilakukan, terutama untuk mengetahui tingkat akurasi proses otentikasi dan juga waktu yang diperlukan untuk melakukan otentikasi, enkripsi dan dekripsi terhadap data. Berdasarkan uji coba yang dilakukan, didapatkan bahwa waktu yang diperlukan relatif tinggi, yang dipengaruhi oleh banyak faktor, seperti spesifikasi komputer yang digunakan. Kata Kunci: keamanan data, otentikasi, kriptografi Abstract Voting has played an important role in the democracy. There are some factors must be met to make the voting process running well. For example, the authenticity of the users, this means that only they who fulfill the requirements are granted access to participate in the voting process; data security, which means that the data sent during voting process must be protected. A manual voting system may be able to meet those requirements, however, an electronic voting (e-voting) system can be an alternative. By implementing e-voting, the process may be more transparent and makes it easier to fulfill the requirements. In this paper, we propose to use biometrics, particularly fingerprint, to be a medium for authenticating users; and private and public key cryptography for securing the data confidentiality. It is more difficult for attackers to transfer, distribute or even forge fingerprint than PIN (personal identification number) or password. In addition, private key cryptography is used for protecting the data, while public key cryptography is for securing the key of the private cryptography. Furthermore, architecture of e-voting is also presented. The evaluation is performed, especially to measure the acccuracy level of the authentication; and the time taken for this authentication process as well as encryption and decryption of the data. According to the experimental result, it can be inferred that the time taken is relatively high. In fact, it is affected by various factors, for example, the specification of the computer being used. Keywords: data security, authentication, cryptography.
[1]
Guido Schryen.
Security aspects of Internet voting
,
2004,
37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.
[2]
Borislava I. Simidchieva,et al.
Specifying and verifying requirements for election processes
,
2008,
DG.O.
[3]
Jiankun Hu,et al.
An Efficient Mobile Voting System Security Scheme Based on Elliptic Curve Cryptography
,
2009,
2009 Third International Conference on Network and System Security.
[4]
Alexander H. Trechsel,et al.
E-voting in the 2005 local elections in Estonia and the broader impact for future e-voting projects
,
2006,
DG.O.
[5]
Xun Yi,et al.
Secure Electronic Voting for Mobile Communications
,
2006,
2006 IEEE 63rd Vehicular Technology Conference.
[6]
Melanie Volkamer,et al.
Requirements and Evaluation Procedures for eVoting
,
2007,
The Second International Conference on Availability, Reliability and Security (ARES'07).