Graphical Password
Content
DECLARATION
We the students of Azad College of Engineering and Technology, hereby declare that this project titled
“GRAPHICAL
PASSWORD
FOR
DATA
SECURITY” is being submitted to the Department of Computer Science and
Engineering, Azad College of Engineering and Technology affiliated to JNTU, Hyderabad, For the award of B.Tech (CSE) degree is a record of bonafide work done by us at CMTES and it has not been submitted to any other Institute or University for the award of any degree or prize.
NAME OF THE STUDENTS AJITH KRISHNAN. R MOHAMMED ARSHAD MOHAMMED YAMEEN NEHA
ACKNOWLEDGEMENT
The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation made it possible, whose constant guidance and encouragement crown all efforts with success. We are grateful to our project guide Ms. Asha Kamala for the guidance, inspiration and constructive suggestions that helpful us in the preparation of this project. We would like to express our deep gratitude to the Mr. Mohd Basid Ali Ahmed, Head of the department of CSE branch, Mr. S.Sreekanth, principal of Azad College of engineering & technology, for his timely co-operation while carrying out the project We also thank our colleagues who have helped in successful completion of the project.
Table of Contents
INTRODUCTION .............................................................................................................. 1 1.1 PROJECT OVERVIEW ..................................................................................... 3
ORGANISATION PROFILE ............................................................................................. 4 SYSTEM DEVELOPMENT PHASE................................................................................. 5 3.1 INTRODUCTION .................................................................................................... 5 3.2 OBJECTIVE OF THE PROJECT ............................................................................ 6 SYSTEM ANALYSIS ........................................................................................................ 7 4.1 INTRODUCTION .................................................................................................... 7 4.2 EXISTING SYSTEM ............................................................................................... 8 4.3 PROPOSED SYSTEM: ............................................................................................ 8 4.4 HARDWARE AND SOFTWARE SPECIFICATION ............................................. 9 4.5 FEATURES OF SOFTWARE USED .................................................................... 10 SOFTWARE REQUIREMENT SPECIFICATION ......................................................... 15 5.1 INTRODUCTION .................................................................................................. 15 5.2 COMPONENTS OF SRS ....................................................................................... 15 5.3 FUNCTIONAL REQUIREMENTS ....................................................................... 16 5.4 OTHER NON FUNCTIONAL REQUIREMENTS ............................................... 17 5.5 EXTERNAL INTERFACE REQUIREMENTS ..................................................... 19 5.6 CONCLUSION ....................................................................................................... 19 SYSTEM DESIGN ........................................................................................................... 20 6.1 INTRODUCTION .................................................................................................. 20 6.2 DATA FLOW DIAGRAMS ................................................................................... 20 TESTING AND IMPLEMENTATION............................................................................ 29 7.1 INTRODUCTION .................................................................................................. 29 7.2 STRATEGIC APPROACH TO SOFTWARE TESTING ...................................... 29 CONCLUSION ................................................................................................................. 39 BIBILOGRAPHY ............................................................................................................. 40 APPENDIX ....................................................................................................................... 40 UML DIAGRAMS ....................................................................................................... 41 TABLES ....................................................................................................................... 52 SCREENS ..................................................................................................................... 53 GLOSSARY ................................................................................................................. 79
INTRODUCTION
CHAPTER 1
INTRODUCTION
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random appearing. Instead, they create short, simple, and in secure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource. Traditionally, alphanumeric passwords have been used for authentication, but they are known to have security and usability problems. Today other methods, including graphical passwords, are possible alternatives. This paper reports on research aimed to design a new kind of graphical password system, empirically test its usability, and compare it to alphanumeric passwords. In this concept an image would appear on the screen, and the user would click on a few chosen regions of it. If the correct regions were clicked in, the user would be authenticated. Memory of passwords and efficiency of their input are two key human factors criteria. Memorability has two aspects: (1) how the user chooses and encodes the password and (2) what task the user does when later retrieving the password. In a graphical password system, a user needs to choose memorable locations in an image. Choosing memorable locations depends on the nature of the image itself and the specific sequence of click locations.
In a graphical password system based on recognition, the user has to be able only to recognize previously seen images, making a binary choice of whether the image is known or not known. This is done by comparing the previously used Graphical Password for Data Security 1
image with the image chosen. A pixel by pixel comparison is done to verify the image before the location verification is done. The application then proceeds to provide security for data. To perform data protection the user is prompted with text input and a transaction password. The data is encoded using ASCII conversion and made unreadable. A container is then prompted into which the encoded data is hidden. Appropriate binary bookmarks are used to identify the location and length of the hidden data and password. These bookmarks are used by the receiver to retrieve the data. The application proposes to strengthen data security with the use of graphical passwords and steganography using appending data in binary streams. Replace the existing system of typed passwords. Generate passwords from images. Use the same image but vary generated passwords. Protect Data in any container Data Security
This project was done at CMTES INFORMATICS LIMITED, Secunderabad. The software is developed using VB.NET as front end and SQL Server as the backend.
Graphical Password for Data Security
2
1.1 PROJECT OVERVIEW
Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource. Traditionally, alphanumeric passwords have been used for authentication, but they are known to have security and usability problems. Today other methods, including graphical passwords, are possible alternatives. This paper reports on research aimed to design a new kind of graphical password system, empirically test its usability, and compare it to alphanumeric passwords. In this concept an image would appear on the screen, and the user would click on a few chosen regions of it. If the correct regions were clicked in, the user would be authenticated.
The crucial points that the system emphasis on are listed in the following The application proposes to strengthen data security with the use of graphical passwords and steganography using appending data in binary streams. Replace the existing system of typed passwords. Generate passwords from images. Use the same image but vary generated passwords. Protect Data in any container
Graphical Password for Data Security
3
ORGANISATION PROFILE
CHAPTER 2
ORGANISATION PROFILE
CMTES is a 22 year old organization. CMTES is an ISO 9001:2000 Certified organization, and a registered unit of software technology parks of India (STPI), member of Hyderabad Software Exporters Association (HYSEA). With the state of art infrastructure and well qualified & experienced team of more than 250 skilled professionals, CMTES can be trusted to deliver the right solutions to all its customers. The company offers services such as application development, software maintenance, internal consulting and establishing software centers for a wide range of clients Its domain expertise lies in developing and maintaining machine critical systems particularly in financial alliances. The company is also keen on having tie ups with domestic software companies for providing high quality software development services.
CMTES recognizes the traditional challenges in every project as well as the circumstances and goals that make each project unique. Informatics is committed to our vision and solutions that meet and exceed our client’s business requirement while advancing technology and developing innovative approaches. CMTES respect for those unchanging goals in the market place combined with our use of technology to create innovative cost efficient solutions set us apart from the other technology solutions providers. Informatics have provided successful on site development on a variety of platform and languages for companies. We are giving practices and providing profitable and practical solutions to the needs of the customer. Informatics benefits their clients by turning their technological challenges into opportunities that expand their reach and increases their ability to prosper.
Graphical Password for Data Security
4
SYSTEM DEVELOPMENT PHASE
CHAPTER 3
SYSTEM DEVELOPMENT PHASE
3.1 INTRODUCTION
The information system is developed using the classical systems development cycle (SDLC).the method is classically thought of as the set of activities that analyst, designers and users carry out to develop and implement an information system. The systems development life cycle method consists of the following activities. Preliminary investigation Determination of systems requirements Design of system Development of software System testing Implementation and evaluation Considering the activities specified above, the procedures carried out for the project is Detailed study of the overall system Study of various types of data that flow through the system Design of data files Program development Modification and implementation Preparation of reports
End users initiate system projects. System development cycle consists of 4 phases. System analysis, system design, system implementation and system support. System analysis deals with study of current system, its flows, definition of needs, requirements and evaluation of alternative solutions. System analysis is the most critical phase of information development. The purpose of preliminary study phase is to study the initial feasibility of a project request. The next phase of the system analysis is to define the end user requirements for a new system. The purpose of this
Graphical Password for Data Security
5
phase is to identify what the new and improved information must be able to do. The next phase is to select a feasible solution from alternative information candidates. A cost benefit analysis determines with the expected system developments and the lifetime cost for the new system will be offset by the benefit of the new system.
3.2 OBJECTIVE OF THE PROJECT
The objectives are: Password generation from images using region specific inputs. Password verification of images using region specific inputs. Image comparison. Convert images from one format to another. Secure data in any container
Graphical Password for Data Security
6
SYSTEM ANALYSIS
CHAPTER 4
SYSTEM ANALYSIS
4.1 INTRODUCTION
System study is s detailed study of various operations performed by system and their relationships within and outside the system. System study gives the structure and functioning of the system. System study is done in order to understand the problem and emphasize what is needed from the system. In this step the main task understands the need of the system. The information required for the user is also determined in this phase. It can be done on the existing system only. During the study phase a preliminary analysis is carried out in sufficient depth to permit a technical and economic evaluation of proposed system. At the conclusion of study phase a decision is made whether or not proceeds with a design phase. After need for new information system has been identified, the system analyst performs an initial investigations to define the problem in detail. The initial investigations objective is to determine the request is valid or feasible before recommendations reached to do nothing improve or modify the existing system or build a new one. When the initial investigation is completed, the analyst receives a system proposal summarizing the findings and recommendations analyst is sought for approval. When approved, the proposal feasibility studies that describes and evaluates candidate system and provides for the selection of good system that needs system and provides for selection of good system that needs system performance requirements. To do feasibility study, the economic, technical and behavioral features in system developments has to be considered. First a project team is formed. The team develops system flow charts to identify the characteristics of candidate system, evaluate the performance and cost data and select best candidate system for job.
Graphical Password for Data Security
7
4.2 EXISTING SYSTEM
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random appearing. Instead, they create short, simple, and in secure passwords.
The main concerns are:
Passwords are keyboard input. Although length is not fixed to a minimum level at least 6 alphanumeric characters strengthen it. Images are not used to generate keys or passwords Data security using steganography is restricted to only images. Size of data hidden has a length constraint when compared to the size of the container.
4.3 PROPOSED SYSTEM:
Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters.
ADVANTAGES
Images can be used to generate password. Image conversion to JPG supported. Identify regions in images as source of passwords. Provide strength of password on generating the points selected. Provide password verification on checking the points and sequence in which selected. Compare images to verify the source of generated password.
Graphical Password for Data Security
8
4.4 HARDWARE AND SOFTWARE SPECIFICATION
HARDWARE SPECIFICATION
Processor RAM Hard Disk Capacity Keyboard Mouse DVD/CD ROM : Intel Pentium IV, 2GHz : 512MB. : 40GB : Standard 104 keys : Standard 3 Button : LG DVD RAM
SOFTWARE SPECIFICATION
Operating System Database System Architecture Programming Language : Win XP and Above : SQL Server 2008 : .NET Framework : VB.NET
Graphical Password for Data Security
9
4.5 FEATURES OF SOFTWARE USED
MICROSOFT .NET FRAMEWORK
Microsoft developed c# from grounds up to take advantage of its new .net framework is made up of four parts, the common language runtime, a set of programming languages, and the asp.net environment. The .net framework was designed with three goals in mind. First, it was intended to make windows applications much more reliable, while also providing an application with greater degree of security. Second, it was intended to simplify the development of web applications and services that not only work in the traditional sense but on mobile devices as well. Lastly, the framework was designed to provide a single set of libraries that would work with multiple languages.
COMMON LANGUAGE RUNTIME
One of the design goals of .NET framework was to unify the runtime engines so that all developers could work with a set of runtime engine services. The .NET framework’s solution is called the common language runtime (CLR). The CLR provides capabilities such as memory management, garbage collection, security, robust error handling to any language that works with the .NET framework. The CLR enables languages into interoperate with one another. Memory can be allocated by code written in one language and can be freed but code written in another language. Similarly, errors can be raised in one language and processed in another language.
.NET FRAMEWORK CLASS LIBRARY
The .NET framework provides many classes that help developers re-use code. The .NET libraries contain codes for programming topics such as threading, file I/O, database support, XML parsing, and data structures such as stacks and queues. This entire class library is available to programming languages that support .NET Framework. Because all languages that support the .NET framework. Because all languages now support the same runtime, they can re-use any class that works with the .NET framework. This means that any functionality available to one language will also be available to any other .NET language.
Graphical Password for Data Security
10
.NET PROGRAMMING LANGUAGES
VB.NET The Microsoft ® Visual Basic®.NET programming language is a high-level programming language for the Microsoft .NET framework. Although it is designed to be an approachable and easy to learn language, it is powerful enough to satisfy the needs of the experienced programmers. The visual basic .NET programming language is closely related to the visual basic .net programming language but the two languages are not the same. A discussion of the differences between visual basic .net and visual basic 6.0 is beyond the scope of this document The Visual Basic .NET programming language has a syntax that is similar to English, which promotes the clarity and readability of visual basic .net code. Wherever possible, meaningful words or phrases are used instead of abbreviations, acronyms, or special characters. Extraneous or unneeded syntax is generally allowed but not required The visual basic .net programming language can be either a strongly typed or a loosely typed language. Loose typing defers much of the burden of type checking until a program is already running. This includes not only the type checking of conversations but also of method calls ,meaning that binding of a method call can be deferred until run-time. This is useful when building prototypes or other programs in which speed of development of programs is much more important than the speed of execution of the program. The visual basic .net programming language also provides strongly typed semantics that performs all type checking at compile-time and disallows run-time binding of method calls. This guarantees maximum performance and helps ensure that type conversions are correct. This is useful when building production applications in which speed of execution and execution correctness is important.
FEATURES OF VB.NET
VB.NET is a program that is advanced version of VB 6.0. Microsoft is the company that developed this language.VB.NET is a good and powerful language. The main features of the VB.NET are
Graphical Password for Data Security
11
Windows forms designer: Microsoft visual basic®.NET enables you to build rich applications for Microsoft windows ® with unprecedented power and productivity using the new windows forms designer. Rapid Application Development: VB.NET delivers rapid Application Development (RAD) for the web with the Drag-and-Drop Web Forms Designer, Full VB. NET code behind forms, and HTML statement completion. XML web Services: VB.NET allows developers to build and consume a powerful, integrated XML web service that reduces development time by enabling software aggregation from any platform. Object Oriented Programming Language: VB.NET provides developers with a first-class object-oriented programming language with support for implementation inheritance, free threading, structured exception handling attribute-based programming language and much more. .NET Framework Access: VB.NET provides developers with full access to Microsoft .NET framework, a comprehensive library of classes and functionality for data access, security, XML support and more New Productivity Features: VB.NET includes new productivity features including control anchoring and docking d in-place menu editing to minimize time spent on building and deploying applications. Up-to-Date Assistance: VB.net provides continual up-to-date assistance in building robust application with the background compiler, task list, and dynamic help. VB.NET Upgrade Wizard: The VB.NET Upgrade Wizard will
automatically upgrade your VB6.0 Projects to take advantage of all the powerful features in VB.NET Develop For Devices: VB.NET lets developers build applications that target a vast array of handheld and wireless devices using Microsoft Mobile Internet Toolkit Unified Development Environment: VB.NET provides developers with the award winning Visual Studio.NET unified development environment, which includes features like the server Explorer, Visual Database Tools, Visual Studio Macros, Crystal Reports, cross-language debugger, component designer, auto-hide windows and much more.
Graphical Password for Data Security
12
SQL SERVER 2005
Relational database systems are the most important database systems used in the software industry today. One of the most outstanding systems is Microsoft SQL Server.SQL Server is a database management system developed and marketed by Microsoft. It runs exclusively under Windows NT, Windows 95/98, and Windows 2000 Server. The most important aspects of SQL Server 2008 are, SQL Server is easy to use SQL Server scales form a mobile laptop to symmetric multiprocessor system. SQL Server Provides data warehousing features that until now have only been available in oracle and other more expensive DBMS SQL Server is a relational database Management System. The SQL Server Relational language is called Transact SQL.SQL is a set oriented language. This means that SQL can query many rows from one or more tables using just one statement. This feature allows the use of this language at a logically higher level than procedural language. Another important property of SQL is its non-procedure durability .SQL contains two sub languages DDL and DML. SQL Server works as an extension of Windows NT/95/98. SQL Server is relatively easy to manage through the use of graphical computing environment for almost every task of the system and database administration.SQL Server uses services of Windows NT to offer new or extended database capabilities, such as sending and receiving messages and managing login security. The SQL Server administrator’s primary tool for interacting with the system is enterprise manager. The enterprise manager has two main purposes: Administration of the database objects. SQL Server Query Analyzer provides a graphical presentation of the execution plan of a query and an automatic component that suggests which index should be used for a selected query. This interactive component of SQL Server performs the task like: Generating and executing Transact SQL Statements. Storing the generated Transact –SQL Statements in a file. Analyzing execution plans for generated queries. Graphically illustrating the execution plan for a selected query.
Graphical Password for Data Security
13
A selected procedure is a special kind of batch written in a Transact SQL using SQL language and SQL extensions. It is saved on the database server to improve the performance and consistency of repetitive tasks.SQL server supports stored procedures and system procedures. Stored procedures can be used for the following purposes: to control access authorization, to create an audit trial of activities in database tables, to separate data definition and data manipulation statements concerning a database and all corresponding applications.
Graphical Password for Data Security
14
SOFTWARE REQUIREMENT SPECIFICATION
CHAPTER 5
SOFTWARE REQUIREMENT SPECIFICATION
5.1 INTRODUCTION
Purpose: The main purpose for preparing this document is to give a general insight into the analysis and requirements of the existing system or situation and for determining the operating characteristics of the system. Scope: This Document plays a vital role in the development life cycle (SDLC) and it describes the complete requirement of the system. It is meant for use by the developers and will be the basic during testing phase. Any changes made to the requirements in the future will have to go through formal change approval process.
DEVELOPERS RESPONSIBILITIES OVERVIEW:
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements
of the system?
Demonstrating the system and installing the system at client's location after
the acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work
on it and also the documents of the system.
Conducting any user training that might be needed for using the system. Maintaining the system for a period of one year after installation.
5.2 COMPONENTS OF SRS
Functionality Performance Design Constraints External Interface
Graphical Password for Data Security
15
5.3 FUNCTIONAL REQUIREMENTS
User Maintenance This module allows the registration of the sender and the receiver. The users are created with security accounts in the SQL Server database. Each user is associated with password. Only users having these accounts can access the application to protect or retrieve data. Image Conversion
Any image file can be loaded, previewed, altered and can be saved in the different file format rather than in the same form which it was loaded. A facility to identify different file formats including JPEG, TIFF, GIF, PNG etc. The source image and target format are prompted. Once converted the new formatted image is saved. Graph Password Generator
The module allows the user to generate password from image. The user has to specify the required image and click on the image to generate strokes. Each stroke provides a pair of co-ordinates X, Y location from the image. The coordinates in the pattern clicked and the number of strokes along with the image is redirected to the database. The source image can be deleted as the application does not have a direct dependency on the physical file. The receiver can retrieve the password from the SQLSERVER database. The information on the strokes and co-ordinates are available to the registered user. The receiver has to then provide the transaction password to unlock the protection and recover the data.
Data Protection And Un-Protection
The module allows the user to specify text content or file at runtime for whom data protection is sought. The user additionally has to provide a text password. These inputs are redirected to an ASCII encode function which converts the inputs to unreadable, non printable form. The user then specifies a Graphical Password for Data Security 16
container within which the encoded data has to be hidden. Binary streams are used to transfer the data of the container first, encoded data and password to a temporary container. Appropriate bookmarks are used to indicate the beginning of the data and the password. On completion of hiding the data the original file is removed and the temporary file is renamed to the original. Care has to be taken not to damage the data or the container on embedding the data. The container should also not hint the presence of data to the hacker. These bookmarks are used by the receiver to retrieve the hidden data. The bookmarks also help in differentiating whether data is present or not within the container. The module also provides extended support to remove the existing data and reuse the container to hide any other data. The module prompts to overwrite data if any existing data is found.
Image Comparison Using Pixel By Pixel Method
The easiest way to compare at the first point is to compare the size of the source and target images. If they match the image data (pixels) should be checked for uniform format (bitmap). A conversion module converts from other formats to bitmap format. As various images have different number of bytes per pixel it is necessary to determine the bytes per pixel (8/16/24/32/48/64 and RGB/Gray scale). Loop thru both the images to pickup pixel by pixel comparing each time. The images are assumed to be in the form of large rectangular dimensions or matrix for this. Only when all the pixels in the corresponding matrix are identical the comparison returns a true value else it returns false.
5.4 OTHER NON FUNCTIONAL REQUIREMENTS
PERFORMANCE REQUIREMENTS As the application handles images and binary data, a high resolution monitor and a RAM of at least 1 GB would enhance the performance.
Graphical Password for Data Security
17
SAFETY REQUIREMENTS No harm is expected from the use of the product either to the OS or any data that resides on the client system. PRODUCT SECURITY REQUIREMENTS The product is protected from un-authorized users from using it. The system allows only authenticated users to work on the application. The users of the system are network users (Sender & Receiver). SOFTWARE QUALITY ATTRIBUTES The product is user friendly as it windows forms based. As it is developed in .Net it is highly interoperable with OS that have provided support for MSIL (Server side). The system requires less maintenance as the backend is an RDBMS and supports high security. TESTING REQUIREMENTS The application performs the following testing, a) White box testing is performed across the modules; Checking line by line all possible paths to trace errors. Valid, Invalid and null inputs are given to test it. b) Black box testing is done in modules; to test database connectivity. ADO.Net is used to communicate with the database which uses providers [driver]. These are tested as black boxes by providing inputs whose outputs are known but not the business or functional logic. c) Unit Testing is done to check each module performs as expected. In modules where there is a dependency, the O/P of one module is sent as I/P of another and both flow of data and time delays checked. d) System testing is done integrating all the modules and necessary hardware. This ensures that the application as a whole doesn’t fail when tested on infrastructure dependency.
Graphical Password for Data Security
18
DESIGN CONSTRAINTS The application requires a central server, similar to the one provided by the ISP. Although the OS is not a dependent factor, any OS that supports MSIL is a must. The backend database should be installed and available [service].
5.5 EXTERNAL INTERFACE REQUIREMENTS
USER INTERFACES The application is provided with keyboard shortcuts, and a facility to use the mouse to trigger the required actions. They act as shortcuts and provide an easy navigation within the software. Appropriate error handling is done using Exceptions in-order to isolate abnormal results or conditions. Alerts/Message boxes and dialogs are used by the application to communicate with the user. HARDWARE & COMMUNICATION INTERFACES The application concentrates on using text, images and binary containers (audio, video etc) and can be deployed over the internet/intranet. SOFTWARE INTERFACES The incoming data to the product would be raw text data and images. The outgoing data would be the text and images. A database is maintained to store the text and URL information about the images. Ms-access is the database with a version of minimum 2003 as requirement. MSIL should be present on the communicating ends.
5.6 CONCLUSION
The application can now be used in various organization and industries where users or staff communicates over the network. The application provides security in making the data unavailable to a hacker. Organizations/Staff can now secure data in various containers other than images.
Graphical Password for Data Security
19
SYSTEM DESIGN
CHAPTER-6
SYSTEM DESIGN
6.1 INTRODUCTION
Software design sits at the technical kernel of the software engineering process and is applied regardless of the development paradigm and area of application. Design is the first step in the development phase for any engineered product or system. The designer’s goal is to produce a model or representation of an entity that will later be built. Beginning, once system requirement have been specified and analyzed, system design is the first of the three technical activities design, code and test that is required to build and verify software. The importance can be stated with a single word “Quality”. Design is the place where quality is fostered in software development. Design provides us with representations of software that can assess for quality. Design is the only way that we can accurately translate a customer’s view into a finished software product or system. Software design serves as a foundation for all the software engineering steps that follow. Without a strong design we risk building an unstable system – one that will be difficult to test, one whose quality cannot be assessed until the last stage.
6.2 DATA FLOW DIAGRAMS
. The development of DFD’S is done in several levels. Each process in lower level diagrams can be broken down into a more detailed DFD in the next level. The lop-level diagram is often called context diagram. It consists a A data flow diagram is graphical tool used to describe and analyze movement of data through a system. These are the central tool and the basis from which the other components are developed. The transformation of data from input to output, through processed, may be described logically and independently of physical components associated with the system. These are known as the logical data flow diagrams. The physical data flow diagrams show the actual implements and movement of data between people, departments and workstations. Graphical Password for Data Security A full 20
description of a system actually consists of a set of data flow diagrams. Using two familiar notations Yourdon, Gane and Sarson notation develops the data flow diagrams. Each component in a DFD is labeled with a descriptive name. Process is further identified with a number that will be used for identification purpose single process bit, which plays vital role in studying the current system. The process in the context level diagram is exploded into other process at the first level DFD. The idea behind the explosion of a process into more process is that understanding at one level of detail is exploded into greater detail at the next level. This is done until further explosion is necessary and an adequate amount of detail is described for analyst to understand the process. Larry Constantine first developed the DFD as a way of expressing system requirements in a graphical from, this lead to the modular design. A DFD is also known as a “bubble Chart” has the purpose of clarifying system requirements and identifying major transformations that will become programs in system design. So it is the starting point of the design to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in the system.
DFD SYMBOLS:
In the DFD, there are four symbols 1. A square defines a source(originator) or destination of system data 2. An arrow identifies data flow. information flows 3. A circle or a bubble represents a process that transforms incoming data flow into outgoing data flows. 4. An open rectangle is a data store, data at rest or a temporary repository of data It is the pipeline through which the
Graphical Password for Data Security
21
Process that transforms data flow.
Source or Destination of data
Data flow
Data Store
CONSTRUCTING A DFD: Several rules of thumb are used in drawing DFD’S: 1. Process should be named and numbered for an easy reference. Each name should be representative of the process. 2. The direction of flow is from top to bottom and from left to right. Data traditionally flow from source to the destination although they may flow back to the source. One way to indicate this is to draw long flow line back to a source. An alternative way is to repeat the source symbol as a destination. Since it is used more than once in the DFD it is marked with a short diagonal. 3. When a process is exploded into lower level details, they are numbered. 4. The names of data stores and destinations are written in capital letters. Process and dataflow names have the first letter of each work capitalized Graphical Password for Data Security 22
A DFD typically shows the minimum contents of data store. Each data store should contain all the data elements that flow in and out. Questionnaires should contain all the data elements that flow in and out. Missing interfaces redundancies and like is then accounted for often through interviews. SAILENT FEATURES OF DFD’S 1. The DFD shows flow of data, not of control loops and decision are controlled considerations do not appear on a DFD. 2. The DFD does not indicate the time factor involved in any process whether the dataflow take place daily, weekly, monthly or yearly. 3. The sequence of events is not brought out on the DFD
UNIFIED MODELING LANGUAGE
The unified modeling language allows the software engineer to express an analysis model using the modeling notation that is governed by a set of syntactic semantic and pragmatic rules.A UML system is represented using five different views that describe the system from distinctly different perspective. Each view is defined by a set of diagram, which is as follows. User Model View This view represents the system from the users perspective. The analysis representation describes a usage scenario from the end-users perspective. Structural model view In this model the data and functionality are arrived from inside the system. This model view models the static structures. Behavioral Model View It represents the dynamic of behavioral as parts of the system, depicting the interactions of collection between various structural elements described in the user model and structural model view.
Graphical Password for Data Security
23
Implementation Model View In this the structural and behavioral as parts of the system are represented as they are to be built. Environmental Model View In this the structural and behavioral aspects of the environment in which the system is to be implemented are represented. UML is specifically constructed through two different domains they are UML Analysis modeling which focuses on the user model and structural model views of the system UML design modeling, which focuses on the behavioral modeling, implementation modeling and environmental model views.
INTRODUCTION TO THE UNIFIED MODIFIED LANGUAGE Building a model for a software system prior to its construction
is as essential as having a blueprint for building a large building. Good models are essential for complexity of the modeling techniques. A modeling language must include: Model elements- fundamental modeling concepts and semantics Notation-visual rendering of model elements Guidelines-expression of usage within trade The use of visual notation to represent or model a problem can provide us several benefits relating to clarity, familiarity, maintenance, and simplification. The main reason for modeling is the reduction of complexity. The Unified Modeling Language (UML) is a set of notations and conventions used to describe and model an application. The UML is intended to be a universal language for modeling systems, meaning that it can express models of many different kinds and purposes, just as a programming language or a natural language can be used in different ways. A model” is an abstract representation of a system , Graphical Password for Data Security 24 communication among project teams. As the
systems
increases, so does the importance of good
constructed to understand the system prior to building or modifying it. The term “system” is used here in a broad sense to include any process or structure. For example, the organizational structure of a corporation , health services, computer software, instruction of any sort (including computers) , the national economy, and so forth all would be termed “Systems”. The unified modeling language is a language for specifying,
constructing, visualizing, and documenting the software system and its components. The UML is a graphical language with sets of rules and semantics. The rules and semantics of a model are expressed in English, in a form known as “object constraint language”(OCL).OCL is a specification language that uses simple logic for specifying the properties of a system. The UML is not intended to be a visual programming language in the sense of having all the necessary visual and semantic support to replace programming languages. However, the UML does have a tight mapping to a family of object-oriented languages, so that you can get the best of both worlds. The primary goals in the design of the UML were as follows: 1. Provide users ready-to-use, expensive visual modeling languages so they can develop and exchange meaningful models. 2. Provide extendibility and specialization mechanisms to extend the core concepts. 3. Be independent of particular programming languages and development process. 4. Provide a formal basis for understanding the modeling language. 5. Encourage the growth of the OO tools market. 6. Support higher level development concepts. 7. Integrate best practices and methodologies.
Graphical Password for Data Security
25
UML is a language used to: “Visualize” the software system well-defined symbols. Thus a developer or tool can unambiguously interpret a model written by another developer, using UML “Specify the software system and help building precise, unambiguous and complete models. “Construct” the models of the software system that can directly communicate with a variety of programming languages. “Document” models of the software system during its development stages.
Architectural views and diagrams of the UML The UML Meta model elements are organized into diagrams. Different diagrams are used for different purposes depending on the angle from which you are viewing the system. The different views are called “architectural views”.
Architectural views facilitate the organization of knowledge, and diagrams enable the communication of knowledge. Then knowledge itself is within the model or set of models that focuses on the problem and solution. The architectural views and their diagrams are summarized below:
The “user model view” encompasses a problem and solution from the preservative of those individuals whose problem the solution addresses. The view presents the goals and objectives of the problem owners and their requirements of the solution. This view is composed of “use case diagrams”.
These diagrams describe the functionality provided by a system to external actors. It contains actors, use cases, and their relationships. The “Structural model view” encompasses the static, or structural, aspects of a problem and solution. This view is also known as the static or logical view. This view is composed of the following diagrams
Graphical Password for Data Security
26
The “Class diagrams” describe the static structure of a system, or how it is declared rather than how it behaves. These diagrams contain classes and associations. The “object diagrams” describe the static structure of a system at a particular time during its life. These diagrams contain objects and links. The “behavioral model view” encompasses the dynamic or behavioral aspects of a problem and solution. The view is also known as the dynamic, process, concurrent or collaborative view. This view is composed of the following diagrams: The “Sequence diagrams” render the specification of behavior. These diagrams describes the behavior provided by a system to interactions. These diagrams contain classes that exchange messages with in an interaction arranged in time sequence. In generic form, These diagrams describe a set of message exchange sequences among a set of classes. In instance form(scenarios), these diagrams describe one actual message exchange sequence among objects of those classes. The “Collaboration diagrams” render how behavior is realized by components with in a system. These diagrams contain classes,
associations, and their message exchanges with in a collaboration to accomplish a purpose. In generic form, these diagrams describe a set of classes and associations involved in message exchange sequences. In instance form(scenarios), these diagrams describe a set of objects of those classes links confirming to the associations, and one actual message exchange sequence that inconsistent those objects and links. The “State chart diagrams” render the states and responses of a class participating in behavior, and the life cycle of an object. These diagrams describe the behavior of a class in response to external stimuli. with the generic form and uses
Graphical Password for Data Security
27
The “Activity diagrams” render the activities of a class participating in behavior. These diagrams describe the behavior of a class in response to internal processing rather than external events. Activity diagrams
describe the processing activities within a class. The “Implementation model view” encompasses the structural and behavioral aspects of the solution’s realization. This view is also known as the component or development view and is composed of “component diagrams”. These diagrams describe the organization of and dependencies among software implementation components. These diagrams contain components and their relationships. The “Environment model view” encompasses the structural and behavioral aspects of the domain in which a solution must be realized. This view is also known as the deployment or physical view. This view is composed of “deployment diagrams”. These diagrams describe the
configuration of processing resources elements and the mapping of software implementation components onto them. These diagrams contain nodes, components and their relationships.
UML DIAGRAMS Every complex system is best approached through a small set of nearly independent views of a model; no single viewer is sufficient. Every model may be expressed at different levels of fidelity. The best models are connected to reality. The UML defines nine graphical diagrams. 1. Class diagram 2. Object diagram 3. Use-case diagram 4. Behavior diagrams 5. Interaction diagrams 6. Sequence diagram 7. Collaboration diagram
Graphical Password for Data Security
28
SYSTEM TESTING AND IMPLEMENTATION
CHAPTER 7
TESTING AND IMPLEMENTATION
7.1 INTRODUCTION
Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. In fact, testing is the one step in the software engineering process that could be viewed as destructive rather than constructive. A strategy for software testing integrates software test case design methods into a well-planned series of steps that result in the successful construction of software. Testing is the set of activities that can be planned in advance and conducted systematically. The underlying motivation of program testing is to affirm software quality with methods that can economically and effectively apply to both strategic to both large and small-scale systems.
7.2 STRATEGIC APPROACH TO SOFTWARE TESTING
The software engineering process can be viewed as a spiral. Initially system engineering defines the role of software and leads to software requirement analysis where the information domain, functions, behavior, performance, constraints and validation criteria for software are established. Moving inward along the spiral, we come to design and finally to coding. To develop computer software we spiral in along streamlines that decrease the level of abstraction on each turn. A strategy for software testing may also be viewed in the context of the spiral. Unit testing begins at the vertex of the spiral and concentrates on each unit of the software as implemented in source code. Testing progresses by moving outward along the spiral to integration testing where the focus is on the design and the construction of the software architecture. Talking another turn on outward on the spiral we encounter validation testing where requirements established as part of software
requirements analysis are validated against the software that has been constructed.
Finally we arrive at system testing, where the software and other system elements are tested as a whole.
Graphical Password for Data Security
29
UNIT TESTING
MODULE TESTING
Component
SUB-SYSTEM TESING
Testing
SYSTEM TESTING
Integration Testing
ACCEPTANCE TESTING
User Testing
UNIT TESTING
Unit testing focuses verification effort on the smallest unit of software design, the module. The unit testing we have is white box oriented and some modules the steps are conducted in parallel.
WHITE BOX TESTING
This type of testing ensures that All independent paths have been exercised at least once All logical decisions have been exercised on their true and false sides All internal data structures have been exercised to assure their validity.
To follow the concept of white box testing we have tested each form .we have created independently to verify that Data flow is correct, All conditions are exercised to check their validity, All loops are executed on their boundaries.
Graphical Password for Data Security
30
BASIC PATH TESTING
Established technique of flow graph with Cyclomatic complexity was used to derive test cases for all the functions. The main steps in deriving test cases were: Use the design of the code and draw correspondent flow graph. Determine the Cyclomatic complexity of resultant flow graph, using formula: V (G) =E-N+2 or V (G) =P+1 or V (G) =Number of Regions Where V (G) is Cyclomatic complexity, E is the number of edges, N is the number of flow graph nodes, P is the number of predicate nodes. Determine the basis of set of linearly independent paths. TESTING CONDITIONAL In this part of the testing each of the conditions were tested to both true and false aspects. And all the resulting paths were tested. So that each path that may be generate on particular condition is traced to uncover any possible errors. DATA FLOW TESTING This type of testing selects the path of the program according to the location of definition and use of variables. This kind of testing was used only when some local variable were declared. The definition-use chain method was used in this type of testing. These were particularly useful in nested statements. LOOP TESTING In this type of testing all the loops are tested to all the limits possible. The following exercise was adopted for all loops:
Graphical Password for Data Security
31
All the loops were tested at their limits, just above them and just below them. All the loops were skipped at least once. For nested loops test the inner most loop first and then work outwards. For concatenated loops the values of dependent loops were set with the help of connected loop. Unstructured loops were resolved into nested loops or concatenated loops and tested as above. Each unit has been separately tested by the development team itself and all the input have been validated.
TEST CASES
Module: Login Filename: form1.vb
Test
Input
Received Output
Actual Output
Description
Valid login
User Id, password
Login success
Login success
Test Passed! Control Transferred to Menu
Invalid login
User Id, password
Login Failed
Login Failed
Test Passed! Try Again
Invalid Login
Null, Null
Login Failed
Login Failed
Test Passed! Try Again
Graphical Password for Data Security
32
Module: Convert File Filename: Convert.vb Test Case Conversion Input Source img, target img Actual Output Success Obtained Output Success Description Test Passed. Image converted from source to target format Conversion Source img, target img,format Failed Failed Test Passed. Invalid Image, Format type does not match. Try again. Module: Slideshow Filename: slideshow.vb
Graphical Password for Data Security
33
Test Case Slide show
Input Source folder
Actual Output Success
Obtained Output Success
Description Test Passed. Display images one by one based on user input (prev / next) or timer interval.
Slide show
Source folder
Failed
Failed
Test Passed. No images in current directory.
Module: Pixel by Pixel using Hash Comparison Filename: hash.vb Test Case Input Actual Output Obtained Output Description
Compare Images
Source & Target Images
Success
Success
Test Passed. Hash generated, display compare status.
Compare Images
Source & Target Images
Failed
Failed
Test Passed. Invalid image format, Vary in size, File not found. Try Again
Graphical Password for Data Security
34
Module: Change Password Filename: Form2.java
Test
Input
Received Output
Actual Output
Description
Valid Password, Password updating
Old Pwd, New Success Pwd & Conf Pwd
Success
Test Passed! Password Changed
Invalid Password, Password updating Failed
Old Pwd, New Failed Pwd & Conf Pwd
Failed
Test Passed! Old Pwd incorrect or new Pwd & conf Pwd mismatch
Module: Append Binary Filename: steganoz.vb
Test
Input
Received Output
Actual Output
Description
Container, Graphical Password for Data Security 35
Stegano hide
Password, data Success to hide
Success
Test Passed! New image created with appended hidden data
Hide data Fail
Container, Failed Password, data to hide > length of image
Failed
Test Passed! Try again. Invalid image or container format or file doesn’t exist
Retrieve data
Container, Password
Success
Success
Test Passed! Data retrieved from container.
Retrieve data Fail
Image, Password,
Failed
Failed
Test Passed! Image did not contain any data
Retrieve data Fail
Image, Password,
Failed
Failed
Test Passed! Password incorrect
Graphical Password for Data Security
36
Future Scope
The application can be enhanced to the networks, enabling comparison between images on different terminals. Display the number of pixels that are identical and those not. Use biometric devices to secure data.
Limitations: The server hosting SQLSERVER should be online through out. The server should contain the user accounts of the sender and receiver without providing DBA permissions.
CONCLUSION
The application can now be used by network users to secure and transfer their data. The users of the network, irrespective of their application being used can use this application to secure transmitted and received data. Applications such as FTP, emails, attachments, SMS, messenger for chat etc can now use the secure data for communication. The application is not focused for any industry or community. It can be used by both intranet and internet users. When in Intranet the application can be used by employees or staff of an organization to communicate securely.
IMPLEMENTATION
Implementation is the stage of the project when the theoretical is turned into a working system. At this stage the main work load and the latest upheaval shifts to the user departments. If the implementation stage is not clearly planned and controlled, it can cause chaos. The term implantation has different meanings, ranging from the conversion of the basic application to a compatible replacement of a computer system.
INSTALLATION
Graphical Password for Data Security 37
For the installation of the software the setup of the software has to be created which will help us to install all the components used in the project and with the help of which only the work can run successfully. The setup wizard will setup the product. This will automatically includes all files to setup kit. The database entry and updating should be done manually. Since we place the files in the network server there is a chance to miss the files, so we keep backup copies of setup files to compact disk and run the file setup.
Graphical Password for Data Security
38
CONCLUSION
CHAPTER 9
CONCLUSION
As the saying goes “Necessity is the mother of all inventions”, a need for manipulating system administration tasks was recognised. Accordingly, highly interactive GUI based software was developed to solve the problem.
Functionalities in “GRAPHICAL PASSWORDS FOR DATA SECURITY” enable user-friendly interfaces and simplified approach towards the execution of various services. The application was successfully designed, developed and tested. All the given objectives were met with satisfaction The application developed is designed in such a way that any further enhancements can be done with ease. The system has the capability for easy integration with other systems. New modules can be added to the existing system with less effort. Future systems will be facilitating employers with online transaction through credit card services.
Graphical Password for Data Security
39
BIBILOGRAPHY
BIBILOGRAPHY
The books referred during the development of the system are specified below.
Complete reference of .Net VB .Net language reference Programming Windows An Introduction to Database Systems Database Management Systems Software Engineering, A Practitioner’s Approach
-By JOSE, MOJICA -By Steven Roman -By Charles Petzold, 2002 -By Date. C. J., 1994 -By Raghu Ramakrishnan, -By Roger .S. Pressman
Websites:
www.w3schools.com www.learnvisualstudio.net www.microsoft.msdn.com
Graphical Password for Data Security
40
APPENDIX
UML DIAGRAMS
APPENDIX-1 UML DIAGRAMS USE CASE DIAGRAM
Graphical Password for Data Security
41
CLASS DIAGRAM
Graphical Password for Data Security
42
SEQUENCE DIAGRAM – 1
Graphical Password for Data Security
43
SEQUENCE DIAGRAM - 2
Graphical Password for Data Security
44
SEQUENCE DIAGRAM – 3
Graphical Password for Data Security
45
SEQUENCE DIAGRAM – 4
Graphical Password for Data Security
46
COLLABORATION DIAGRAM – 1
COLLABORATION DIAGRAM – 2
Graphical Password for Data Security
47
COLLABORATION DIAGRAM – 3
COLLABORATION DIAGRAM – 4
Graphical Password for Data Security
48
ACTIVITY DIAGRAM
Graphical Password for Data Security
49
STATE CHART DIAGRAM
Graphical Password for Data Security
50
DEPLOYEMENT DIAGRAM
Graphical Password for Data Security
51
TABLES
APPENDIX – 2 TABLES
Table name: Graphpwd
Column name transid pwdx pwdy img fpwd floc
Data type
Varchar(50) Varchar(max) Varchar(max) Varchar(max) Varchar(50) Varchar(max)
Description Transaction id X coordinates Y coordinates Image File password File location
Constraints Primary key
Table name: useraccount
Column name userid pwd
Data type
Varchar(50) Varchar(50)
Description User ID Password
Constraints Primary key
Graphical Password for Data Security
52
SCREENS
APPENDIX -3 SCREENS
LOGIN
Graphical Password for Data Security
53
CHANGE PASSWORD
Graphical Password for Data Security
54
MENU
Graphical Password for Data Security
55
SLIDE SHOW MANUAL MODE
Graphical Password for Data Security
56
SLIDE SHOW AUTO MODE
Graphical Password for Data Security
57
IMAGE CONVERTION
Graphical Password for Data Security
58
IMAGE CONVERTION
Graphical Password for Data Security
59
IMAGE CONVERTION
Graphical Password for Data Security
60
IMAGE COMPARISON
Graphical Password for Data Security
61
IMAGE COMPARISON
Graphical Password for Data Security
62
IMAGE COMPARISON
Graphical Password for Data Security
63
GENERATE PASSWORD
Graphical Password for Data Security
64
Graphical Password for Data Security
65
GENERATE PASSWORD
Graphical Password for Data Security
66
GENERATE PASSWORD
Graphical Password for Data Security
67
HIDING DATA USING STEGANOGRAPHY
Graphical Password for Data Security
68
STEGANOGRAPHY
Graphical Password for Data Security
69
GRAPHICAL LOGIN
Graphical Password for Data Security
70
GRAPHICAL LOGIN
Graphical Password for Data Security
71
GRAPHICAL LOGIN
Graphical Password for Data Security
72
GRAPHICAL LOGIN
Graphical Password for Data Security
73
RETRIEVING HIDDEN DATA USING STEGANOGRAPHY
Graphical Password for Data Security
74
STEGANOGRAPHY
Graphical Password for Data Security
75
STEGANOGRAPHY
Graphical Password for Data Security
76
STEGANOGRAPHY
Graphical Password for Data Security
77
GLOSSARY
APPENDIX – 4
GLOSSARY
SRS UML CLR RAD CAD SQL TPL Software Requirement Specification Unified Modeling Language Common Language Runtime Rapid Application Development Context Analysis Diagram Structured Query Language Third Party Liability
Graphical Password for Data Security
79
We the students of Azad College of Engineering and Technology, hereby declare that this project titled
“GRAPHICAL
PASSWORD
FOR
DATA
SECURITY” is being submitted to the Department of Computer Science and
Engineering, Azad College of Engineering and Technology affiliated to JNTU, Hyderabad, For the award of B.Tech (CSE) degree is a record of bonafide work done by us at CMTES and it has not been submitted to any other Institute or University for the award of any degree or prize.
NAME OF THE STUDENTS AJITH KRISHNAN. R MOHAMMED ARSHAD MOHAMMED YAMEEN NEHA
ACKNOWLEDGEMENT
The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation made it possible, whose constant guidance and encouragement crown all efforts with success. We are grateful to our project guide Ms. Asha Kamala for the guidance, inspiration and constructive suggestions that helpful us in the preparation of this project. We would like to express our deep gratitude to the Mr. Mohd Basid Ali Ahmed, Head of the department of CSE branch, Mr. S.Sreekanth, principal of Azad College of engineering & technology, for his timely co-operation while carrying out the project We also thank our colleagues who have helped in successful completion of the project.
Table of Contents
INTRODUCTION .............................................................................................................. 1 1.1 PROJECT OVERVIEW ..................................................................................... 3
ORGANISATION PROFILE ............................................................................................. 4 SYSTEM DEVELOPMENT PHASE................................................................................. 5 3.1 INTRODUCTION .................................................................................................... 5 3.2 OBJECTIVE OF THE PROJECT ............................................................................ 6 SYSTEM ANALYSIS ........................................................................................................ 7 4.1 INTRODUCTION .................................................................................................... 7 4.2 EXISTING SYSTEM ............................................................................................... 8 4.3 PROPOSED SYSTEM: ............................................................................................ 8 4.4 HARDWARE AND SOFTWARE SPECIFICATION ............................................. 9 4.5 FEATURES OF SOFTWARE USED .................................................................... 10 SOFTWARE REQUIREMENT SPECIFICATION ......................................................... 15 5.1 INTRODUCTION .................................................................................................. 15 5.2 COMPONENTS OF SRS ....................................................................................... 15 5.3 FUNCTIONAL REQUIREMENTS ....................................................................... 16 5.4 OTHER NON FUNCTIONAL REQUIREMENTS ............................................... 17 5.5 EXTERNAL INTERFACE REQUIREMENTS ..................................................... 19 5.6 CONCLUSION ....................................................................................................... 19 SYSTEM DESIGN ........................................................................................................... 20 6.1 INTRODUCTION .................................................................................................. 20 6.2 DATA FLOW DIAGRAMS ................................................................................... 20 TESTING AND IMPLEMENTATION............................................................................ 29 7.1 INTRODUCTION .................................................................................................. 29 7.2 STRATEGIC APPROACH TO SOFTWARE TESTING ...................................... 29 CONCLUSION ................................................................................................................. 39 BIBILOGRAPHY ............................................................................................................. 40 APPENDIX ....................................................................................................................... 40 UML DIAGRAMS ....................................................................................................... 41 TABLES ....................................................................................................................... 52 SCREENS ..................................................................................................................... 53 GLOSSARY ................................................................................................................. 79
INTRODUCTION
CHAPTER 1
INTRODUCTION
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random appearing. Instead, they create short, simple, and in secure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource. Traditionally, alphanumeric passwords have been used for authentication, but they are known to have security and usability problems. Today other methods, including graphical passwords, are possible alternatives. This paper reports on research aimed to design a new kind of graphical password system, empirically test its usability, and compare it to alphanumeric passwords. In this concept an image would appear on the screen, and the user would click on a few chosen regions of it. If the correct regions were clicked in, the user would be authenticated. Memory of passwords and efficiency of their input are two key human factors criteria. Memorability has two aspects: (1) how the user chooses and encodes the password and (2) what task the user does when later retrieving the password. In a graphical password system, a user needs to choose memorable locations in an image. Choosing memorable locations depends on the nature of the image itself and the specific sequence of click locations.
In a graphical password system based on recognition, the user has to be able only to recognize previously seen images, making a binary choice of whether the image is known or not known. This is done by comparing the previously used Graphical Password for Data Security 1
image with the image chosen. A pixel by pixel comparison is done to verify the image before the location verification is done. The application then proceeds to provide security for data. To perform data protection the user is prompted with text input and a transaction password. The data is encoded using ASCII conversion and made unreadable. A container is then prompted into which the encoded data is hidden. Appropriate binary bookmarks are used to identify the location and length of the hidden data and password. These bookmarks are used by the receiver to retrieve the data. The application proposes to strengthen data security with the use of graphical passwords and steganography using appending data in binary streams. Replace the existing system of typed passwords. Generate passwords from images. Use the same image but vary generated passwords. Protect Data in any container Data Security
This project was done at CMTES INFORMATICS LIMITED, Secunderabad. The software is developed using VB.NET as front end and SQL Server as the backend.
Graphical Password for Data Security
2
1.1 PROJECT OVERVIEW
Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource. Traditionally, alphanumeric passwords have been used for authentication, but they are known to have security and usability problems. Today other methods, including graphical passwords, are possible alternatives. This paper reports on research aimed to design a new kind of graphical password system, empirically test its usability, and compare it to alphanumeric passwords. In this concept an image would appear on the screen, and the user would click on a few chosen regions of it. If the correct regions were clicked in, the user would be authenticated.
The crucial points that the system emphasis on are listed in the following The application proposes to strengthen data security with the use of graphical passwords and steganography using appending data in binary streams. Replace the existing system of typed passwords. Generate passwords from images. Use the same image but vary generated passwords. Protect Data in any container
Graphical Password for Data Security
3
ORGANISATION PROFILE
CHAPTER 2
ORGANISATION PROFILE
CMTES is a 22 year old organization. CMTES is an ISO 9001:2000 Certified organization, and a registered unit of software technology parks of India (STPI), member of Hyderabad Software Exporters Association (HYSEA). With the state of art infrastructure and well qualified & experienced team of more than 250 skilled professionals, CMTES can be trusted to deliver the right solutions to all its customers. The company offers services such as application development, software maintenance, internal consulting and establishing software centers for a wide range of clients Its domain expertise lies in developing and maintaining machine critical systems particularly in financial alliances. The company is also keen on having tie ups with domestic software companies for providing high quality software development services.
CMTES recognizes the traditional challenges in every project as well as the circumstances and goals that make each project unique. Informatics is committed to our vision and solutions that meet and exceed our client’s business requirement while advancing technology and developing innovative approaches. CMTES respect for those unchanging goals in the market place combined with our use of technology to create innovative cost efficient solutions set us apart from the other technology solutions providers. Informatics have provided successful on site development on a variety of platform and languages for companies. We are giving practices and providing profitable and practical solutions to the needs of the customer. Informatics benefits their clients by turning their technological challenges into opportunities that expand their reach and increases their ability to prosper.
Graphical Password for Data Security
4
SYSTEM DEVELOPMENT PHASE
CHAPTER 3
SYSTEM DEVELOPMENT PHASE
3.1 INTRODUCTION
The information system is developed using the classical systems development cycle (SDLC).the method is classically thought of as the set of activities that analyst, designers and users carry out to develop and implement an information system. The systems development life cycle method consists of the following activities. Preliminary investigation Determination of systems requirements Design of system Development of software System testing Implementation and evaluation Considering the activities specified above, the procedures carried out for the project is Detailed study of the overall system Study of various types of data that flow through the system Design of data files Program development Modification and implementation Preparation of reports
End users initiate system projects. System development cycle consists of 4 phases. System analysis, system design, system implementation and system support. System analysis deals with study of current system, its flows, definition of needs, requirements and evaluation of alternative solutions. System analysis is the most critical phase of information development. The purpose of preliminary study phase is to study the initial feasibility of a project request. The next phase of the system analysis is to define the end user requirements for a new system. The purpose of this
Graphical Password for Data Security
5
phase is to identify what the new and improved information must be able to do. The next phase is to select a feasible solution from alternative information candidates. A cost benefit analysis determines with the expected system developments and the lifetime cost for the new system will be offset by the benefit of the new system.
3.2 OBJECTIVE OF THE PROJECT
The objectives are: Password generation from images using region specific inputs. Password verification of images using region specific inputs. Image comparison. Convert images from one format to another. Secure data in any container
Graphical Password for Data Security
6
SYSTEM ANALYSIS
CHAPTER 4
SYSTEM ANALYSIS
4.1 INTRODUCTION
System study is s detailed study of various operations performed by system and their relationships within and outside the system. System study gives the structure and functioning of the system. System study is done in order to understand the problem and emphasize what is needed from the system. In this step the main task understands the need of the system. The information required for the user is also determined in this phase. It can be done on the existing system only. During the study phase a preliminary analysis is carried out in sufficient depth to permit a technical and economic evaluation of proposed system. At the conclusion of study phase a decision is made whether or not proceeds with a design phase. After need for new information system has been identified, the system analyst performs an initial investigations to define the problem in detail. The initial investigations objective is to determine the request is valid or feasible before recommendations reached to do nothing improve or modify the existing system or build a new one. When the initial investigation is completed, the analyst receives a system proposal summarizing the findings and recommendations analyst is sought for approval. When approved, the proposal feasibility studies that describes and evaluates candidate system and provides for the selection of good system that needs system and provides for selection of good system that needs system performance requirements. To do feasibility study, the economic, technical and behavioral features in system developments has to be considered. First a project team is formed. The team develops system flow charts to identify the characteristics of candidate system, evaluate the performance and cost data and select best candidate system for job.
Graphical Password for Data Security
7
4.2 EXISTING SYSTEM
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random appearing. Instead, they create short, simple, and in secure passwords.
The main concerns are:
Passwords are keyboard input. Although length is not fixed to a minimum level at least 6 alphanumeric characters strengthen it. Images are not used to generate keys or passwords Data security using steganography is restricted to only images. Size of data hidden has a length constraint when compared to the size of the container.
4.3 PROPOSED SYSTEM:
Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters.
ADVANTAGES
Images can be used to generate password. Image conversion to JPG supported. Identify regions in images as source of passwords. Provide strength of password on generating the points selected. Provide password verification on checking the points and sequence in which selected. Compare images to verify the source of generated password.
Graphical Password for Data Security
8
4.4 HARDWARE AND SOFTWARE SPECIFICATION
HARDWARE SPECIFICATION
Processor RAM Hard Disk Capacity Keyboard Mouse DVD/CD ROM : Intel Pentium IV, 2GHz : 512MB. : 40GB : Standard 104 keys : Standard 3 Button : LG DVD RAM
SOFTWARE SPECIFICATION
Operating System Database System Architecture Programming Language : Win XP and Above : SQL Server 2008 : .NET Framework : VB.NET
Graphical Password for Data Security
9
4.5 FEATURES OF SOFTWARE USED
MICROSOFT .NET FRAMEWORK
Microsoft developed c# from grounds up to take advantage of its new .net framework is made up of four parts, the common language runtime, a set of programming languages, and the asp.net environment. The .net framework was designed with three goals in mind. First, it was intended to make windows applications much more reliable, while also providing an application with greater degree of security. Second, it was intended to simplify the development of web applications and services that not only work in the traditional sense but on mobile devices as well. Lastly, the framework was designed to provide a single set of libraries that would work with multiple languages.
COMMON LANGUAGE RUNTIME
One of the design goals of .NET framework was to unify the runtime engines so that all developers could work with a set of runtime engine services. The .NET framework’s solution is called the common language runtime (CLR). The CLR provides capabilities such as memory management, garbage collection, security, robust error handling to any language that works with the .NET framework. The CLR enables languages into interoperate with one another. Memory can be allocated by code written in one language and can be freed but code written in another language. Similarly, errors can be raised in one language and processed in another language.
.NET FRAMEWORK CLASS LIBRARY
The .NET framework provides many classes that help developers re-use code. The .NET libraries contain codes for programming topics such as threading, file I/O, database support, XML parsing, and data structures such as stacks and queues. This entire class library is available to programming languages that support .NET Framework. Because all languages that support the .NET framework. Because all languages now support the same runtime, they can re-use any class that works with the .NET framework. This means that any functionality available to one language will also be available to any other .NET language.
Graphical Password for Data Security
10
.NET PROGRAMMING LANGUAGES
VB.NET The Microsoft ® Visual Basic®.NET programming language is a high-level programming language for the Microsoft .NET framework. Although it is designed to be an approachable and easy to learn language, it is powerful enough to satisfy the needs of the experienced programmers. The visual basic .NET programming language is closely related to the visual basic .net programming language but the two languages are not the same. A discussion of the differences between visual basic .net and visual basic 6.0 is beyond the scope of this document The Visual Basic .NET programming language has a syntax that is similar to English, which promotes the clarity and readability of visual basic .net code. Wherever possible, meaningful words or phrases are used instead of abbreviations, acronyms, or special characters. Extraneous or unneeded syntax is generally allowed but not required The visual basic .net programming language can be either a strongly typed or a loosely typed language. Loose typing defers much of the burden of type checking until a program is already running. This includes not only the type checking of conversations but also of method calls ,meaning that binding of a method call can be deferred until run-time. This is useful when building prototypes or other programs in which speed of development of programs is much more important than the speed of execution of the program. The visual basic .net programming language also provides strongly typed semantics that performs all type checking at compile-time and disallows run-time binding of method calls. This guarantees maximum performance and helps ensure that type conversions are correct. This is useful when building production applications in which speed of execution and execution correctness is important.
FEATURES OF VB.NET
VB.NET is a program that is advanced version of VB 6.0. Microsoft is the company that developed this language.VB.NET is a good and powerful language. The main features of the VB.NET are
Graphical Password for Data Security
11
Windows forms designer: Microsoft visual basic®.NET enables you to build rich applications for Microsoft windows ® with unprecedented power and productivity using the new windows forms designer. Rapid Application Development: VB.NET delivers rapid Application Development (RAD) for the web with the Drag-and-Drop Web Forms Designer, Full VB. NET code behind forms, and HTML statement completion. XML web Services: VB.NET allows developers to build and consume a powerful, integrated XML web service that reduces development time by enabling software aggregation from any platform. Object Oriented Programming Language: VB.NET provides developers with a first-class object-oriented programming language with support for implementation inheritance, free threading, structured exception handling attribute-based programming language and much more. .NET Framework Access: VB.NET provides developers with full access to Microsoft .NET framework, a comprehensive library of classes and functionality for data access, security, XML support and more New Productivity Features: VB.NET includes new productivity features including control anchoring and docking d in-place menu editing to minimize time spent on building and deploying applications. Up-to-Date Assistance: VB.net provides continual up-to-date assistance in building robust application with the background compiler, task list, and dynamic help. VB.NET Upgrade Wizard: The VB.NET Upgrade Wizard will
automatically upgrade your VB6.0 Projects to take advantage of all the powerful features in VB.NET Develop For Devices: VB.NET lets developers build applications that target a vast array of handheld and wireless devices using Microsoft Mobile Internet Toolkit Unified Development Environment: VB.NET provides developers with the award winning Visual Studio.NET unified development environment, which includes features like the server Explorer, Visual Database Tools, Visual Studio Macros, Crystal Reports, cross-language debugger, component designer, auto-hide windows and much more.
Graphical Password for Data Security
12
SQL SERVER 2005
Relational database systems are the most important database systems used in the software industry today. One of the most outstanding systems is Microsoft SQL Server.SQL Server is a database management system developed and marketed by Microsoft. It runs exclusively under Windows NT, Windows 95/98, and Windows 2000 Server. The most important aspects of SQL Server 2008 are, SQL Server is easy to use SQL Server scales form a mobile laptop to symmetric multiprocessor system. SQL Server Provides data warehousing features that until now have only been available in oracle and other more expensive DBMS SQL Server is a relational database Management System. The SQL Server Relational language is called Transact SQL.SQL is a set oriented language. This means that SQL can query many rows from one or more tables using just one statement. This feature allows the use of this language at a logically higher level than procedural language. Another important property of SQL is its non-procedure durability .SQL contains two sub languages DDL and DML. SQL Server works as an extension of Windows NT/95/98. SQL Server is relatively easy to manage through the use of graphical computing environment for almost every task of the system and database administration.SQL Server uses services of Windows NT to offer new or extended database capabilities, such as sending and receiving messages and managing login security. The SQL Server administrator’s primary tool for interacting with the system is enterprise manager. The enterprise manager has two main purposes: Administration of the database objects. SQL Server Query Analyzer provides a graphical presentation of the execution plan of a query and an automatic component that suggests which index should be used for a selected query. This interactive component of SQL Server performs the task like: Generating and executing Transact SQL Statements. Storing the generated Transact –SQL Statements in a file. Analyzing execution plans for generated queries. Graphically illustrating the execution plan for a selected query.
Graphical Password for Data Security
13
A selected procedure is a special kind of batch written in a Transact SQL using SQL language and SQL extensions. It is saved on the database server to improve the performance and consistency of repetitive tasks.SQL server supports stored procedures and system procedures. Stored procedures can be used for the following purposes: to control access authorization, to create an audit trial of activities in database tables, to separate data definition and data manipulation statements concerning a database and all corresponding applications.
Graphical Password for Data Security
14
SOFTWARE REQUIREMENT SPECIFICATION
CHAPTER 5
SOFTWARE REQUIREMENT SPECIFICATION
5.1 INTRODUCTION
Purpose: The main purpose for preparing this document is to give a general insight into the analysis and requirements of the existing system or situation and for determining the operating characteristics of the system. Scope: This Document plays a vital role in the development life cycle (SDLC) and it describes the complete requirement of the system. It is meant for use by the developers and will be the basic during testing phase. Any changes made to the requirements in the future will have to go through formal change approval process.
DEVELOPERS RESPONSIBILITIES OVERVIEW:
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements
of the system?
Demonstrating the system and installing the system at client's location after
the acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work
on it and also the documents of the system.
Conducting any user training that might be needed for using the system. Maintaining the system for a period of one year after installation.
5.2 COMPONENTS OF SRS
Functionality Performance Design Constraints External Interface
Graphical Password for Data Security
15
5.3 FUNCTIONAL REQUIREMENTS
User Maintenance This module allows the registration of the sender and the receiver. The users are created with security accounts in the SQL Server database. Each user is associated with password. Only users having these accounts can access the application to protect or retrieve data. Image Conversion
Any image file can be loaded, previewed, altered and can be saved in the different file format rather than in the same form which it was loaded. A facility to identify different file formats including JPEG, TIFF, GIF, PNG etc. The source image and target format are prompted. Once converted the new formatted image is saved. Graph Password Generator
The module allows the user to generate password from image. The user has to specify the required image and click on the image to generate strokes. Each stroke provides a pair of co-ordinates X, Y location from the image. The coordinates in the pattern clicked and the number of strokes along with the image is redirected to the database. The source image can be deleted as the application does not have a direct dependency on the physical file. The receiver can retrieve the password from the SQLSERVER database. The information on the strokes and co-ordinates are available to the registered user. The receiver has to then provide the transaction password to unlock the protection and recover the data.
Data Protection And Un-Protection
The module allows the user to specify text content or file at runtime for whom data protection is sought. The user additionally has to provide a text password. These inputs are redirected to an ASCII encode function which converts the inputs to unreadable, non printable form. The user then specifies a Graphical Password for Data Security 16
container within which the encoded data has to be hidden. Binary streams are used to transfer the data of the container first, encoded data and password to a temporary container. Appropriate bookmarks are used to indicate the beginning of the data and the password. On completion of hiding the data the original file is removed and the temporary file is renamed to the original. Care has to be taken not to damage the data or the container on embedding the data. The container should also not hint the presence of data to the hacker. These bookmarks are used by the receiver to retrieve the hidden data. The bookmarks also help in differentiating whether data is present or not within the container. The module also provides extended support to remove the existing data and reuse the container to hide any other data. The module prompts to overwrite data if any existing data is found.
Image Comparison Using Pixel By Pixel Method
The easiest way to compare at the first point is to compare the size of the source and target images. If they match the image data (pixels) should be checked for uniform format (bitmap). A conversion module converts from other formats to bitmap format. As various images have different number of bytes per pixel it is necessary to determine the bytes per pixel (8/16/24/32/48/64 and RGB/Gray scale). Loop thru both the images to pickup pixel by pixel comparing each time. The images are assumed to be in the form of large rectangular dimensions or matrix for this. Only when all the pixels in the corresponding matrix are identical the comparison returns a true value else it returns false.
5.4 OTHER NON FUNCTIONAL REQUIREMENTS
PERFORMANCE REQUIREMENTS As the application handles images and binary data, a high resolution monitor and a RAM of at least 1 GB would enhance the performance.
Graphical Password for Data Security
17
SAFETY REQUIREMENTS No harm is expected from the use of the product either to the OS or any data that resides on the client system. PRODUCT SECURITY REQUIREMENTS The product is protected from un-authorized users from using it. The system allows only authenticated users to work on the application. The users of the system are network users (Sender & Receiver). SOFTWARE QUALITY ATTRIBUTES The product is user friendly as it windows forms based. As it is developed in .Net it is highly interoperable with OS that have provided support for MSIL (Server side). The system requires less maintenance as the backend is an RDBMS and supports high security. TESTING REQUIREMENTS The application performs the following testing, a) White box testing is performed across the modules; Checking line by line all possible paths to trace errors. Valid, Invalid and null inputs are given to test it. b) Black box testing is done in modules; to test database connectivity. ADO.Net is used to communicate with the database which uses providers [driver]. These are tested as black boxes by providing inputs whose outputs are known but not the business or functional logic. c) Unit Testing is done to check each module performs as expected. In modules where there is a dependency, the O/P of one module is sent as I/P of another and both flow of data and time delays checked. d) System testing is done integrating all the modules and necessary hardware. This ensures that the application as a whole doesn’t fail when tested on infrastructure dependency.
Graphical Password for Data Security
18
DESIGN CONSTRAINTS The application requires a central server, similar to the one provided by the ISP. Although the OS is not a dependent factor, any OS that supports MSIL is a must. The backend database should be installed and available [service].
5.5 EXTERNAL INTERFACE REQUIREMENTS
USER INTERFACES The application is provided with keyboard shortcuts, and a facility to use the mouse to trigger the required actions. They act as shortcuts and provide an easy navigation within the software. Appropriate error handling is done using Exceptions in-order to isolate abnormal results or conditions. Alerts/Message boxes and dialogs are used by the application to communicate with the user. HARDWARE & COMMUNICATION INTERFACES The application concentrates on using text, images and binary containers (audio, video etc) and can be deployed over the internet/intranet. SOFTWARE INTERFACES The incoming data to the product would be raw text data and images. The outgoing data would be the text and images. A database is maintained to store the text and URL information about the images. Ms-access is the database with a version of minimum 2003 as requirement. MSIL should be present on the communicating ends.
5.6 CONCLUSION
The application can now be used in various organization and industries where users or staff communicates over the network. The application provides security in making the data unavailable to a hacker. Organizations/Staff can now secure data in various containers other than images.
Graphical Password for Data Security
19
SYSTEM DESIGN
CHAPTER-6
SYSTEM DESIGN
6.1 INTRODUCTION
Software design sits at the technical kernel of the software engineering process and is applied regardless of the development paradigm and area of application. Design is the first step in the development phase for any engineered product or system. The designer’s goal is to produce a model or representation of an entity that will later be built. Beginning, once system requirement have been specified and analyzed, system design is the first of the three technical activities design, code and test that is required to build and verify software. The importance can be stated with a single word “Quality”. Design is the place where quality is fostered in software development. Design provides us with representations of software that can assess for quality. Design is the only way that we can accurately translate a customer’s view into a finished software product or system. Software design serves as a foundation for all the software engineering steps that follow. Without a strong design we risk building an unstable system – one that will be difficult to test, one whose quality cannot be assessed until the last stage.
6.2 DATA FLOW DIAGRAMS
. The development of DFD’S is done in several levels. Each process in lower level diagrams can be broken down into a more detailed DFD in the next level. The lop-level diagram is often called context diagram. It consists a A data flow diagram is graphical tool used to describe and analyze movement of data through a system. These are the central tool and the basis from which the other components are developed. The transformation of data from input to output, through processed, may be described logically and independently of physical components associated with the system. These are known as the logical data flow diagrams. The physical data flow diagrams show the actual implements and movement of data between people, departments and workstations. Graphical Password for Data Security A full 20
description of a system actually consists of a set of data flow diagrams. Using two familiar notations Yourdon, Gane and Sarson notation develops the data flow diagrams. Each component in a DFD is labeled with a descriptive name. Process is further identified with a number that will be used for identification purpose single process bit, which plays vital role in studying the current system. The process in the context level diagram is exploded into other process at the first level DFD. The idea behind the explosion of a process into more process is that understanding at one level of detail is exploded into greater detail at the next level. This is done until further explosion is necessary and an adequate amount of detail is described for analyst to understand the process. Larry Constantine first developed the DFD as a way of expressing system requirements in a graphical from, this lead to the modular design. A DFD is also known as a “bubble Chart” has the purpose of clarifying system requirements and identifying major transformations that will become programs in system design. So it is the starting point of the design to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in the system.
DFD SYMBOLS:
In the DFD, there are four symbols 1. A square defines a source(originator) or destination of system data 2. An arrow identifies data flow. information flows 3. A circle or a bubble represents a process that transforms incoming data flow into outgoing data flows. 4. An open rectangle is a data store, data at rest or a temporary repository of data It is the pipeline through which the
Graphical Password for Data Security
21
Process that transforms data flow.
Source or Destination of data
Data flow
Data Store
CONSTRUCTING A DFD: Several rules of thumb are used in drawing DFD’S: 1. Process should be named and numbered for an easy reference. Each name should be representative of the process. 2. The direction of flow is from top to bottom and from left to right. Data traditionally flow from source to the destination although they may flow back to the source. One way to indicate this is to draw long flow line back to a source. An alternative way is to repeat the source symbol as a destination. Since it is used more than once in the DFD it is marked with a short diagonal. 3. When a process is exploded into lower level details, they are numbered. 4. The names of data stores and destinations are written in capital letters. Process and dataflow names have the first letter of each work capitalized Graphical Password for Data Security 22
A DFD typically shows the minimum contents of data store. Each data store should contain all the data elements that flow in and out. Questionnaires should contain all the data elements that flow in and out. Missing interfaces redundancies and like is then accounted for often through interviews. SAILENT FEATURES OF DFD’S 1. The DFD shows flow of data, not of control loops and decision are controlled considerations do not appear on a DFD. 2. The DFD does not indicate the time factor involved in any process whether the dataflow take place daily, weekly, monthly or yearly. 3. The sequence of events is not brought out on the DFD
UNIFIED MODELING LANGUAGE
The unified modeling language allows the software engineer to express an analysis model using the modeling notation that is governed by a set of syntactic semantic and pragmatic rules.A UML system is represented using five different views that describe the system from distinctly different perspective. Each view is defined by a set of diagram, which is as follows. User Model View This view represents the system from the users perspective. The analysis representation describes a usage scenario from the end-users perspective. Structural model view In this model the data and functionality are arrived from inside the system. This model view models the static structures. Behavioral Model View It represents the dynamic of behavioral as parts of the system, depicting the interactions of collection between various structural elements described in the user model and structural model view.
Graphical Password for Data Security
23
Implementation Model View In this the structural and behavioral as parts of the system are represented as they are to be built. Environmental Model View In this the structural and behavioral aspects of the environment in which the system is to be implemented are represented. UML is specifically constructed through two different domains they are UML Analysis modeling which focuses on the user model and structural model views of the system UML design modeling, which focuses on the behavioral modeling, implementation modeling and environmental model views.
INTRODUCTION TO THE UNIFIED MODIFIED LANGUAGE Building a model for a software system prior to its construction
is as essential as having a blueprint for building a large building. Good models are essential for complexity of the modeling techniques. A modeling language must include: Model elements- fundamental modeling concepts and semantics Notation-visual rendering of model elements Guidelines-expression of usage within trade The use of visual notation to represent or model a problem can provide us several benefits relating to clarity, familiarity, maintenance, and simplification. The main reason for modeling is the reduction of complexity. The Unified Modeling Language (UML) is a set of notations and conventions used to describe and model an application. The UML is intended to be a universal language for modeling systems, meaning that it can express models of many different kinds and purposes, just as a programming language or a natural language can be used in different ways. A model” is an abstract representation of a system , Graphical Password for Data Security 24 communication among project teams. As the
systems
increases, so does the importance of good
constructed to understand the system prior to building or modifying it. The term “system” is used here in a broad sense to include any process or structure. For example, the organizational structure of a corporation , health services, computer software, instruction of any sort (including computers) , the national economy, and so forth all would be termed “Systems”. The unified modeling language is a language for specifying,
constructing, visualizing, and documenting the software system and its components. The UML is a graphical language with sets of rules and semantics. The rules and semantics of a model are expressed in English, in a form known as “object constraint language”(OCL).OCL is a specification language that uses simple logic for specifying the properties of a system. The UML is not intended to be a visual programming language in the sense of having all the necessary visual and semantic support to replace programming languages. However, the UML does have a tight mapping to a family of object-oriented languages, so that you can get the best of both worlds. The primary goals in the design of the UML were as follows: 1. Provide users ready-to-use, expensive visual modeling languages so they can develop and exchange meaningful models. 2. Provide extendibility and specialization mechanisms to extend the core concepts. 3. Be independent of particular programming languages and development process. 4. Provide a formal basis for understanding the modeling language. 5. Encourage the growth of the OO tools market. 6. Support higher level development concepts. 7. Integrate best practices and methodologies.
Graphical Password for Data Security
25
UML is a language used to: “Visualize” the software system well-defined symbols. Thus a developer or tool can unambiguously interpret a model written by another developer, using UML “Specify the software system and help building precise, unambiguous and complete models. “Construct” the models of the software system that can directly communicate with a variety of programming languages. “Document” models of the software system during its development stages.
Architectural views and diagrams of the UML The UML Meta model elements are organized into diagrams. Different diagrams are used for different purposes depending on the angle from which you are viewing the system. The different views are called “architectural views”.
Architectural views facilitate the organization of knowledge, and diagrams enable the communication of knowledge. Then knowledge itself is within the model or set of models that focuses on the problem and solution. The architectural views and their diagrams are summarized below:
The “user model view” encompasses a problem and solution from the preservative of those individuals whose problem the solution addresses. The view presents the goals and objectives of the problem owners and their requirements of the solution. This view is composed of “use case diagrams”.
These diagrams describe the functionality provided by a system to external actors. It contains actors, use cases, and their relationships. The “Structural model view” encompasses the static, or structural, aspects of a problem and solution. This view is also known as the static or logical view. This view is composed of the following diagrams
Graphical Password for Data Security
26
The “Class diagrams” describe the static structure of a system, or how it is declared rather than how it behaves. These diagrams contain classes and associations. The “object diagrams” describe the static structure of a system at a particular time during its life. These diagrams contain objects and links. The “behavioral model view” encompasses the dynamic or behavioral aspects of a problem and solution. The view is also known as the dynamic, process, concurrent or collaborative view. This view is composed of the following diagrams: The “Sequence diagrams” render the specification of behavior. These diagrams describes the behavior provided by a system to interactions. These diagrams contain classes that exchange messages with in an interaction arranged in time sequence. In generic form, These diagrams describe a set of message exchange sequences among a set of classes. In instance form(scenarios), these diagrams describe one actual message exchange sequence among objects of those classes. The “Collaboration diagrams” render how behavior is realized by components with in a system. These diagrams contain classes,
associations, and their message exchanges with in a collaboration to accomplish a purpose. In generic form, these diagrams describe a set of classes and associations involved in message exchange sequences. In instance form(scenarios), these diagrams describe a set of objects of those classes links confirming to the associations, and one actual message exchange sequence that inconsistent those objects and links. The “State chart diagrams” render the states and responses of a class participating in behavior, and the life cycle of an object. These diagrams describe the behavior of a class in response to external stimuli. with the generic form and uses
Graphical Password for Data Security
27
The “Activity diagrams” render the activities of a class participating in behavior. These diagrams describe the behavior of a class in response to internal processing rather than external events. Activity diagrams
describe the processing activities within a class. The “Implementation model view” encompasses the structural and behavioral aspects of the solution’s realization. This view is also known as the component or development view and is composed of “component diagrams”. These diagrams describe the organization of and dependencies among software implementation components. These diagrams contain components and their relationships. The “Environment model view” encompasses the structural and behavioral aspects of the domain in which a solution must be realized. This view is also known as the deployment or physical view. This view is composed of “deployment diagrams”. These diagrams describe the
configuration of processing resources elements and the mapping of software implementation components onto them. These diagrams contain nodes, components and their relationships.
UML DIAGRAMS Every complex system is best approached through a small set of nearly independent views of a model; no single viewer is sufficient. Every model may be expressed at different levels of fidelity. The best models are connected to reality. The UML defines nine graphical diagrams. 1. Class diagram 2. Object diagram 3. Use-case diagram 4. Behavior diagrams 5. Interaction diagrams 6. Sequence diagram 7. Collaboration diagram
Graphical Password for Data Security
28
SYSTEM TESTING AND IMPLEMENTATION
CHAPTER 7
TESTING AND IMPLEMENTATION
7.1 INTRODUCTION
Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. In fact, testing is the one step in the software engineering process that could be viewed as destructive rather than constructive. A strategy for software testing integrates software test case design methods into a well-planned series of steps that result in the successful construction of software. Testing is the set of activities that can be planned in advance and conducted systematically. The underlying motivation of program testing is to affirm software quality with methods that can economically and effectively apply to both strategic to both large and small-scale systems.
7.2 STRATEGIC APPROACH TO SOFTWARE TESTING
The software engineering process can be viewed as a spiral. Initially system engineering defines the role of software and leads to software requirement analysis where the information domain, functions, behavior, performance, constraints and validation criteria for software are established. Moving inward along the spiral, we come to design and finally to coding. To develop computer software we spiral in along streamlines that decrease the level of abstraction on each turn. A strategy for software testing may also be viewed in the context of the spiral. Unit testing begins at the vertex of the spiral and concentrates on each unit of the software as implemented in source code. Testing progresses by moving outward along the spiral to integration testing where the focus is on the design and the construction of the software architecture. Talking another turn on outward on the spiral we encounter validation testing where requirements established as part of software
requirements analysis are validated against the software that has been constructed.
Finally we arrive at system testing, where the software and other system elements are tested as a whole.
Graphical Password for Data Security
29
UNIT TESTING
MODULE TESTING
Component
SUB-SYSTEM TESING
Testing
SYSTEM TESTING
Integration Testing
ACCEPTANCE TESTING
User Testing
UNIT TESTING
Unit testing focuses verification effort on the smallest unit of software design, the module. The unit testing we have is white box oriented and some modules the steps are conducted in parallel.
WHITE BOX TESTING
This type of testing ensures that All independent paths have been exercised at least once All logical decisions have been exercised on their true and false sides All internal data structures have been exercised to assure their validity.
To follow the concept of white box testing we have tested each form .we have created independently to verify that Data flow is correct, All conditions are exercised to check their validity, All loops are executed on their boundaries.
Graphical Password for Data Security
30
BASIC PATH TESTING
Established technique of flow graph with Cyclomatic complexity was used to derive test cases for all the functions. The main steps in deriving test cases were: Use the design of the code and draw correspondent flow graph. Determine the Cyclomatic complexity of resultant flow graph, using formula: V (G) =E-N+2 or V (G) =P+1 or V (G) =Number of Regions Where V (G) is Cyclomatic complexity, E is the number of edges, N is the number of flow graph nodes, P is the number of predicate nodes. Determine the basis of set of linearly independent paths. TESTING CONDITIONAL In this part of the testing each of the conditions were tested to both true and false aspects. And all the resulting paths were tested. So that each path that may be generate on particular condition is traced to uncover any possible errors. DATA FLOW TESTING This type of testing selects the path of the program according to the location of definition and use of variables. This kind of testing was used only when some local variable were declared. The definition-use chain method was used in this type of testing. These were particularly useful in nested statements. LOOP TESTING In this type of testing all the loops are tested to all the limits possible. The following exercise was adopted for all loops:
Graphical Password for Data Security
31
All the loops were tested at their limits, just above them and just below them. All the loops were skipped at least once. For nested loops test the inner most loop first and then work outwards. For concatenated loops the values of dependent loops were set with the help of connected loop. Unstructured loops were resolved into nested loops or concatenated loops and tested as above. Each unit has been separately tested by the development team itself and all the input have been validated.
TEST CASES
Module: Login Filename: form1.vb
Test
Input
Received Output
Actual Output
Description
Valid login
User Id, password
Login success
Login success
Test Passed! Control Transferred to Menu
Invalid login
User Id, password
Login Failed
Login Failed
Test Passed! Try Again
Invalid Login
Null, Null
Login Failed
Login Failed
Test Passed! Try Again
Graphical Password for Data Security
32
Module: Convert File Filename: Convert.vb Test Case Conversion Input Source img, target img Actual Output Success Obtained Output Success Description Test Passed. Image converted from source to target format Conversion Source img, target img,format Failed Failed Test Passed. Invalid Image, Format type does not match. Try again. Module: Slideshow Filename: slideshow.vb
Graphical Password for Data Security
33
Test Case Slide show
Input Source folder
Actual Output Success
Obtained Output Success
Description Test Passed. Display images one by one based on user input (prev / next) or timer interval.
Slide show
Source folder
Failed
Failed
Test Passed. No images in current directory.
Module: Pixel by Pixel using Hash Comparison Filename: hash.vb Test Case Input Actual Output Obtained Output Description
Compare Images
Source & Target Images
Success
Success
Test Passed. Hash generated, display compare status.
Compare Images
Source & Target Images
Failed
Failed
Test Passed. Invalid image format, Vary in size, File not found. Try Again
Graphical Password for Data Security
34
Module: Change Password Filename: Form2.java
Test
Input
Received Output
Actual Output
Description
Valid Password, Password updating
Old Pwd, New Success Pwd & Conf Pwd
Success
Test Passed! Password Changed
Invalid Password, Password updating Failed
Old Pwd, New Failed Pwd & Conf Pwd
Failed
Test Passed! Old Pwd incorrect or new Pwd & conf Pwd mismatch
Module: Append Binary Filename: steganoz.vb
Test
Input
Received Output
Actual Output
Description
Container, Graphical Password for Data Security 35
Stegano hide
Password, data Success to hide
Success
Test Passed! New image created with appended hidden data
Hide data Fail
Container, Failed Password, data to hide > length of image
Failed
Test Passed! Try again. Invalid image or container format or file doesn’t exist
Retrieve data
Container, Password
Success
Success
Test Passed! Data retrieved from container.
Retrieve data Fail
Image, Password,
Failed
Failed
Test Passed! Image did not contain any data
Retrieve data Fail
Image, Password,
Failed
Failed
Test Passed! Password incorrect
Graphical Password for Data Security
36
Future Scope
The application can be enhanced to the networks, enabling comparison between images on different terminals. Display the number of pixels that are identical and those not. Use biometric devices to secure data.
Limitations: The server hosting SQLSERVER should be online through out. The server should contain the user accounts of the sender and receiver without providing DBA permissions.
CONCLUSION
The application can now be used by network users to secure and transfer their data. The users of the network, irrespective of their application being used can use this application to secure transmitted and received data. Applications such as FTP, emails, attachments, SMS, messenger for chat etc can now use the secure data for communication. The application is not focused for any industry or community. It can be used by both intranet and internet users. When in Intranet the application can be used by employees or staff of an organization to communicate securely.
IMPLEMENTATION
Implementation is the stage of the project when the theoretical is turned into a working system. At this stage the main work load and the latest upheaval shifts to the user departments. If the implementation stage is not clearly planned and controlled, it can cause chaos. The term implantation has different meanings, ranging from the conversion of the basic application to a compatible replacement of a computer system.
INSTALLATION
Graphical Password for Data Security 37
For the installation of the software the setup of the software has to be created which will help us to install all the components used in the project and with the help of which only the work can run successfully. The setup wizard will setup the product. This will automatically includes all files to setup kit. The database entry and updating should be done manually. Since we place the files in the network server there is a chance to miss the files, so we keep backup copies of setup files to compact disk and run the file setup.
Graphical Password for Data Security
38
CONCLUSION
CHAPTER 9
CONCLUSION
As the saying goes “Necessity is the mother of all inventions”, a need for manipulating system administration tasks was recognised. Accordingly, highly interactive GUI based software was developed to solve the problem.
Functionalities in “GRAPHICAL PASSWORDS FOR DATA SECURITY” enable user-friendly interfaces and simplified approach towards the execution of various services. The application was successfully designed, developed and tested. All the given objectives were met with satisfaction The application developed is designed in such a way that any further enhancements can be done with ease. The system has the capability for easy integration with other systems. New modules can be added to the existing system with less effort. Future systems will be facilitating employers with online transaction through credit card services.
Graphical Password for Data Security
39
BIBILOGRAPHY
BIBILOGRAPHY
The books referred during the development of the system are specified below.
Complete reference of .Net VB .Net language reference Programming Windows An Introduction to Database Systems Database Management Systems Software Engineering, A Practitioner’s Approach
-By JOSE, MOJICA -By Steven Roman -By Charles Petzold, 2002 -By Date. C. J., 1994 -By Raghu Ramakrishnan, -By Roger .S. Pressman
Websites:
www.w3schools.com www.learnvisualstudio.net www.microsoft.msdn.com
Graphical Password for Data Security
40
APPENDIX
UML DIAGRAMS
APPENDIX-1 UML DIAGRAMS USE CASE DIAGRAM
Graphical Password for Data Security
41
CLASS DIAGRAM
Graphical Password for Data Security
42
SEQUENCE DIAGRAM – 1
Graphical Password for Data Security
43
SEQUENCE DIAGRAM - 2
Graphical Password for Data Security
44
SEQUENCE DIAGRAM – 3
Graphical Password for Data Security
45
SEQUENCE DIAGRAM – 4
Graphical Password for Data Security
46
COLLABORATION DIAGRAM – 1
COLLABORATION DIAGRAM – 2
Graphical Password for Data Security
47
COLLABORATION DIAGRAM – 3
COLLABORATION DIAGRAM – 4
Graphical Password for Data Security
48
ACTIVITY DIAGRAM
Graphical Password for Data Security
49
STATE CHART DIAGRAM
Graphical Password for Data Security
50
DEPLOYEMENT DIAGRAM
Graphical Password for Data Security
51
TABLES
APPENDIX – 2 TABLES
Table name: Graphpwd
Column name transid pwdx pwdy img fpwd floc
Data type
Varchar(50) Varchar(max) Varchar(max) Varchar(max) Varchar(50) Varchar(max)
Description Transaction id X coordinates Y coordinates Image File password File location
Constraints Primary key
Table name: useraccount
Column name userid pwd
Data type
Varchar(50) Varchar(50)
Description User ID Password
Constraints Primary key
Graphical Password for Data Security
52
SCREENS
APPENDIX -3 SCREENS
LOGIN
Graphical Password for Data Security
53
CHANGE PASSWORD
Graphical Password for Data Security
54
MENU
Graphical Password for Data Security
55
SLIDE SHOW MANUAL MODE
Graphical Password for Data Security
56
SLIDE SHOW AUTO MODE
Graphical Password for Data Security
57
IMAGE CONVERTION
Graphical Password for Data Security
58
IMAGE CONVERTION
Graphical Password for Data Security
59
IMAGE CONVERTION
Graphical Password for Data Security
60
IMAGE COMPARISON
Graphical Password for Data Security
61
IMAGE COMPARISON
Graphical Password for Data Security
62
IMAGE COMPARISON
Graphical Password for Data Security
63
GENERATE PASSWORD
Graphical Password for Data Security
64
Graphical Password for Data Security
65
GENERATE PASSWORD
Graphical Password for Data Security
66
GENERATE PASSWORD
Graphical Password for Data Security
67
HIDING DATA USING STEGANOGRAPHY
Graphical Password for Data Security
68
STEGANOGRAPHY
Graphical Password for Data Security
69
GRAPHICAL LOGIN
Graphical Password for Data Security
70
GRAPHICAL LOGIN
Graphical Password for Data Security
71
GRAPHICAL LOGIN
Graphical Password for Data Security
72
GRAPHICAL LOGIN
Graphical Password for Data Security
73
RETRIEVING HIDDEN DATA USING STEGANOGRAPHY
Graphical Password for Data Security
74
STEGANOGRAPHY
Graphical Password for Data Security
75
STEGANOGRAPHY
Graphical Password for Data Security
76
STEGANOGRAPHY
Graphical Password for Data Security
77
GLOSSARY
APPENDIX – 4
GLOSSARY
SRS UML CLR RAD CAD SQL TPL Software Requirement Specification Unified Modeling Language Common Language Runtime Rapid Application Development Context Analysis Diagram Structured Query Language Third Party Liability
Graphical Password for Data Security
79
