Graphical Password
Transcript of Graphical Password
DECLARATION
We the students of Azad College of Engineering and Technology, hereby declare that
this project titled “GRAPHICAL PASSWORD FOR DATA
SECURITY” is being submitted to the Department of Computer Science and
Engineering, Azad College of Engineering and Technology affiliated to JNTU,
Hyderabad, For the award of B.Tech (CSE) degree is a record of bonafide work done
by us at CMTES and it has not been submitted to any other Institute or University for
the award of any degree or prize.
NAME OF THE STUDENTS
AJITH KRISHNAN. R
MOHAMMED ARSHAD
MOHAMMED YAMEEN
NEHA
ACKNOWLEDGEMENT
The satisfaction that accompanies that the successful completion of any task
would be incomplete without the mention of people whose ceaseless
cooperation made it possible, whose constant guidance and encouragement
crown all efforts with success.
We are grateful to our project guide Ms. Asha Kamala for the guidance,
inspiration and constructive suggestions that helpful us in the preparation of this
project.
We would like to express our deep gratitude to the Mr. Mohd Basid Ali Ahmed,
Head of the department of CSE branch, Mr. S.Sreekanth, principal of Azad
College of engineering & technology, for his timely co-operation while carrying
out the project
We also thank our colleagues who have helped in successful completion of the
project.
Table of Contents
INTRODUCTION .............................................................................................................. 1
1.1 PROJECT OVERVIEW ..................................................................................... 3
ORGANISATION PROFILE ............................................................................................. 4
SYSTEM DEVELOPMENT PHASE ................................................................................. 5
3.1 INTRODUCTION .................................................................................................... 5
3.2 OBJECTIVE OF THE PROJECT ............................................................................ 6
SYSTEM ANALYSIS ........................................................................................................ 7
4.1 INTRODUCTION .................................................................................................... 7
4.2 EXISTING SYSTEM ............................................................................................... 8
4.3 PROPOSED SYSTEM: ............................................................................................ 8
4.4 HARDWARE AND SOFTWARE SPECIFICATION ............................................. 9
4.5 FEATURES OF SOFTWARE USED .................................................................... 10
SOFTWARE REQUIREMENT SPECIFICATION ......................................................... 15
5.1 INTRODUCTION .................................................................................................. 15
5.2 COMPONENTS OF SRS ....................................................................................... 15
5.3 FUNCTIONAL REQUIREMENTS ....................................................................... 16
5.4 OTHER NON FUNCTIONAL REQUIREMENTS ............................................... 17
5.5 EXTERNAL INTERFACE REQUIREMENTS ..................................................... 19
5.6 CONCLUSION ....................................................................................................... 19
SYSTEM DESIGN ........................................................................................................... 20
6.1 INTRODUCTION .................................................................................................. 20
6.2 DATA FLOW DIAGRAMS ................................................................................... 20
TESTING AND IMPLEMENTATION............................................................................ 29
7.1 INTRODUCTION .................................................................................................. 29
7.2 STRATEGIC APPROACH TO SOFTWARE TESTING ...................................... 29
CONCLUSION ................................................................................................................. 39
BIBILOGRAPHY ............................................................................................................. 40
APPENDIX ....................................................................................................................... 40
UML DIAGRAMS ....................................................................................................... 41
TABLES ....................................................................................................................... 52
SCREENS ..................................................................................................................... 53
GLOSSARY ................................................................................................................. 79
INTRODUCTION
Graphical Password for Data Security 1
CHAPTER 1
INTRODUCTION
Access to computer systems is most often based on the use of
alphanumeric passwords. However, users have difficulty remembering a password
that is long and random appearing. Instead, they create short, simple, and in secure
passwords. Graphical passwords have been designed to try to make passwords
more memorable and easier for people to use and, therefore, more secure. Using a
graphical password, users click on images rather than type alphanumeric
characters. A key area in security research is authentication, the determination of
whether a user should be allowed access to a given system or resource.
Traditionally, alphanumeric passwords have been used for authentication, but they
are known to have security and usability problems. Today other methods,
including graphical passwords, are possible alternatives.
This paper reports on research aimed to design a new kind of graphical
password system, empirically test its usability, and compare it to alphanumeric
passwords. In this concept an image would appear on the screen, and the user
would click on a few chosen regions of it. If the correct regions were clicked in,
the user would be authenticated.
Memory of passwords and efficiency of their input are two key human
factors criteria. Memorability has two aspects: (1) how the user chooses and
encodes the password and (2) what task the user does when later retrieving the
password. In a graphical password system, a user needs to choose memorable
locations in an image. Choosing memorable locations depends on the nature of the
image itself and the specific sequence of click locations.
In a graphical password system based on recognition, the user has to be
able only to recognize previously seen images, making a binary choice of whether
the image is known or not known. This is done by comparing the previously used
Graphical Password for Data Security 2
image with the image chosen. A pixel by pixel comparison is done to verify the
image before the location verification is done. The application then proceeds to
provide security for data. To perform data protection the user is prompted with
text input and a transaction password. The data is encoded using ASCII
conversion and made unreadable. A container is then prompted into which the
encoded data is hidden. Appropriate binary bookmarks are used to identify the
location and length of the hidden data and password. These bookmarks are used
by the receiver to retrieve the data.
The application proposes to strengthen data security with the use of
graphical passwords and steganography using appending data in binary streams.
Replace the existing system of typed passwords.
Generate passwords from images.
Use the same image but vary generated passwords.
Protect Data in any container
Data Security
This project was done at CMTES INFORMATICS LIMITED, Secunderabad. The
software is developed using VB.NET as front end and SQL Server as the back-
end.
Graphical Password for Data Security 3
1.1 PROJECT OVERVIEW
Graphical passwords have been designed to try to make passwords more
memorable and easier for people to use and, therefore, more secure. Using a
graphical password, users click on images rather than type alphanumeric
characters. A key area in security research is authentication, the determination of
whether a user should be allowed access to a given system or resource.
Traditionally, alphanumeric passwords have been used for authentication, but they
are known to have security and usability problems. Today other methods,
including graphical passwords, are possible alternatives. This paper reports on
research aimed to design a new kind of graphical password system, empirically
test its usability, and compare it to alphanumeric passwords. In this concept an
image would appear on the screen, and the user would click on a few chosen
regions of it. If the correct regions were clicked in, the user would be
authenticated.
The crucial points that the system emphasis on are listed in the following
The application proposes to strengthen data security with the use of graphical
passwords and steganography using appending data in binary streams.
Replace the existing system of typed passwords.
Generate passwords from images.
Use the same image but vary generated passwords.
Protect Data in any container
ORGANISATION PROFILE
Graphical Password for Data Security 4
CHAPTER 2
ORGANISATION PROFILE
CMTES is a 22 year old organization. CMTES is an ISO 9001:2000 Certified
organization, and a registered unit of software technology parks of India (STPI),
member of Hyderabad Software Exporters Association (HYSEA).
With the state of art infrastructure and well qualified & experienced team of more
than 250 skilled professionals, CMTES can be trusted to deliver the right solutions
to all its customers. The company offers services such as application development,
software maintenance, internal consulting and establishing software centers for a
wide range of clients
Its domain expertise lies in developing and maintaining machine critical systems
particularly in financial alliances. The company is also keen on having tie ups
with domestic software companies for providing high quality software
development services.
CMTES recognizes the traditional challenges in every project as well as the
circumstances and goals that make each project unique. Informatics is committed to
our vision and solutions that meet and exceed our client’s business requirement while
advancing technology and developing innovative approaches.
CMTES respect for those unchanging goals in the market place combined
with our use of technology to create innovative cost efficient solutions set us apart
from the other technology solutions providers. Informatics have provided successful
on site development on a variety of platform and languages for companies. We are
giving practices and providing profitable and practical solutions to the needs of the
customer. Informatics benefits their clients by turning their technological challenges
into opportunities that expand their reach and increases their ability to prosper.
SYSTEM DEVELOPMENT
PHASE
Graphical Password for Data Security 5
CHAPTER 3
SYSTEM DEVELOPMENT PHASE
3.1 INTRODUCTION
The information system is developed using the classical systems development
cycle (SDLC).the method is classically thought of as the set of activities that analyst,
designers and users carry out to develop and implement an information system.
The systems development life cycle method consists of the following activities.
Preliminary investigation
Determination of systems requirements
Design of system
Development of software
System testing
Implementation and evaluation
Considering the activities specified above, the procedures carried out for the project is
Detailed study of the overall system
Study of various types of data that flow through the system
Design of data files
Program development
Modification and implementation
Preparation of reports
End users initiate system projects. System development cycle consists of 4
phases. System analysis, system design, system implementation and system support.
System analysis deals with study of current system, its flows, definition of needs,
requirements and evaluation of alternative solutions. System analysis is the most
critical phase of information development. The purpose of preliminary study phase is
to study the initial feasibility of a project request. The next phase of the system
analysis is to define the end user requirements for a new system. The purpose of this
Graphical Password for Data Security 6
phase is to identify what the new and improved information must be able to do. The
next phase is to select a feasible solution from alternative information candidates. A
cost benefit analysis determines with the expected system developments and the
lifetime cost for the new system will be offset by the benefit of the new system.
3.2 OBJECTIVE OF THE PROJECT
The objectives are:
Password generation from images using region specific inputs.
Password verification of images using region specific inputs.
Image comparison.
Convert images from one format to another.
Secure data in any container
SYSTEM ANALYSIS
Graphical Password for Data Security 7
CHAPTER 4
SYSTEM ANALYSIS
4.1 INTRODUCTION
System study is s detailed study of various operations performed by system
and their relationships within and outside the system. System study gives the structure
and functioning of the system. System study is done in order to understand the
problem and emphasize what is needed from the system. In this step the main task
understands the need of the system. The information required for the user is also
determined in this phase. It can be done on the existing system only.
During the study phase a preliminary analysis is carried out in sufficient depth
to permit a technical and economic evaluation of proposed system. At the conclusion
of study phase a decision is made whether or not proceeds with a design phase. After
need for new information system has been identified, the system analyst performs an
initial investigations to define the problem in detail. The initial investigations
objective is to determine the request is valid or feasible before recommendations
reached to do nothing improve or modify the existing system or build a new one.
When the initial investigation is completed, the analyst receives a system proposal
summarizing the findings and recommendations analyst is sought for approval.
When approved, the proposal feasibility studies that describes and evaluates
candidate system and provides for the selection of good system that needs system and
provides for selection of good system that needs system performance requirements.
To do feasibility study, the economic, technical and behavioral features in system
developments has to be considered. First a project team is formed. The team develops
system flow charts to identify the characteristics of candidate system, evaluate the
performance and cost data and select best candidate system for job.
Graphical Password for Data Security 8
4.2 EXISTING SYSTEM
Access to computer systems is most often based on the use of
alphanumeric passwords. However, users have difficulty remembering a password
that is long and random appearing. Instead, they create short, simple, and in secure
passwords.
The main concerns are:
Passwords are keyboard input.
Although length is not fixed to a minimum level at least 6 alphanumeric
characters strengthen it.
Images are not used to generate keys or passwords
Data security using steganography is restricted to only images.
Size of data hidden has a length constraint when compared to the size of
the container.
4.3 PROPOSED SYSTEM: Graphical passwords have been designed to try to make passwords more
memorable and easier for people to use and, therefore, more secure. Using a
graphical password, users click on images rather than type alphanumeric
characters.
ADVANTAGES
Images can be used to generate password.
Image conversion to JPG supported.
Identify regions in images as source of passwords.
Provide strength of password on generating the points selected.
Provide password verification on checking the points and sequence in
which selected.
Compare images to verify the source of generated password.
Graphical Password for Data Security 9
4.4 HARDWARE AND SOFTWARE SPECIFICATION
HARDWARE SPECIFICATION
Processor : Intel Pentium IV, 2GHz
RAM : 512MB.
Hard Disk Capacity : 40GB
Keyboard : Standard 104 keys
Mouse : Standard 3 Button
DVD/CD ROM : LG DVD RAM
SOFTWARE SPECIFICATION
Operating System : Win XP and Above
Database : SQL Server 2008
System Architecture : .NET Framework
Programming Language : VB.NET
Graphical Password for Data Security 10
4.5 FEATURES OF SOFTWARE USED
MICROSOFT .NET FRAMEWORK
Microsoft developed c# from grounds up to take advantage of its new .net
framework is made up of four parts, the common language runtime, a set of
programming languages, and the asp.net environment. The .net framework was
designed with three goals in mind. First, it was intended to make windows
applications much more reliable, while also providing an application with greater
degree of security. Second, it was intended to simplify the development of web
applications and services that not only work in the traditional sense but on mobile
devices as well. Lastly, the framework was designed to provide a single set of
libraries that would work with multiple languages.
COMMON LANGUAGE RUNTIME
One of the design goals of .NET framework was to unify the runtime engines
so that all developers could work with a set of runtime engine services. The .NET
framework’s solution is called the common language runtime (CLR). The CLR
provides capabilities such as memory management, garbage collection, security,
robust error handling to any language that works with the .NET framework. The CLR
enables languages into interoperate with one another. Memory can be allocated by
code written in one language and can be freed but code written in another language.
Similarly, errors can be raised in one language and processed in another language.
.NET FRAMEWORK CLASS LIBRARY
The .NET framework provides many classes that help developers re-use
code. The .NET libraries contain codes for programming topics such as threading, file
I/O, database support, XML parsing, and data structures such as stacks and queues.
This entire class library is available to programming languages that support .NET
Framework. Because all languages that support the .NET framework. Because all
languages now support the same runtime, they can re-use any class that works with
the .NET framework. This means that any functionality available to one language will
also be available to any other .NET language.
Graphical Password for Data Security 11
.NET PROGRAMMING LANGUAGES
VB.NET
The Microsoft ® Visual Basic®.NET programming language is a high-level
programming language for the Microsoft .NET framework. Although it is designed to
be an approachable and easy to learn language, it is powerful enough to satisfy the
needs of the experienced programmers. The visual basic .NET programming language
is closely related to the visual basic .net programming language but the two languages
are not the same. A discussion of the differences between visual basic .net and visual
basic 6.0 is beyond the scope of this document
The Visual Basic .NET programming language has a syntax that is similar to
English, which promotes the clarity and readability of visual basic .net code.
Wherever possible, meaningful words or phrases are used instead of abbreviations,
acronyms, or special characters. Extraneous or unneeded syntax is generally allowed
but not required
The visual basic .net programming language can be either a strongly typed or
a loosely typed language. Loose typing defers much of the burden of type checking
until a program is already running. This includes not only the type checking of
conversations but also of method calls ,meaning that binding of a method call can be
deferred until run-time. This is useful when building prototypes or other programs in
which speed of development of programs is much more important than the speed of
execution of the program. The visual basic .net programming language also provides
strongly typed semantics that performs all type checking at compile-time and
disallows run-time binding of method calls. This guarantees maximum performance
and helps ensure that type conversions are correct. This is useful when building
production applications in which speed of execution and execution correctness is
important.
FEATURES OF VB.NET
VB.NET is a program that is advanced version of VB 6.0. Microsoft is the company
that developed this language.VB.NET is a good and powerful language.
The main features of the VB.NET are
Graphical Password for Data Security 12
Windows forms designer: Microsoft visual basic®.NET enables you to build
rich applications for Microsoft windows ® with unprecedented power and
productivity using the new windows forms designer.
Rapid Application Development: VB.NET delivers rapid Application
Development (RAD) for the web with the Drag-and-Drop Web Forms
Designer, Full VB. NET code behind forms, and HTML statement
completion.
XML web Services: VB.NET allows developers to build and consume a
powerful, integrated XML web service that reduces development time by
enabling software aggregation from any platform.
Object Oriented Programming Language: VB.NET provides developers
with a first-class object-oriented programming language with support for
implementation inheritance, free threading, structured exception handling
attribute-based programming language and much more.
.NET Framework Access: VB.NET provides developers with full access to
Microsoft .NET framework, a comprehensive library of classes and
functionality for data access, security, XML support and more
New Productivity Features: VB.NET includes new productivity features
including control anchoring and docking d in-place menu editing to minimize
time spent on building and deploying applications.
Up-to-Date Assistance: VB.net provides continual up-to-date assistance in
building robust application with the background compiler, task list, and
dynamic help.
VB.NET Upgrade Wizard: The VB.NET Upgrade Wizard will
automatically upgrade your VB6.0 Projects to take advantage of all the
powerful features in VB.NET
Develop For Devices: VB.NET lets developers build applications that target
a vast array of handheld and wireless devices using Microsoft Mobile Internet
Toolkit
Unified Development Environment: VB.NET provides developers with the
award winning Visual Studio.NET unified development environment, which
includes features like the server Explorer, Visual Database Tools, Visual
Studio Macros, Crystal Reports, cross-language debugger, component
designer, auto-hide windows and much more.
Graphical Password for Data Security 13
SQL SERVER 2005
Relational database systems are the most important database systems used in
the software industry today. One of the most outstanding systems is Microsoft SQL
Server.SQL Server is a database management system developed and marketed by
Microsoft. It runs exclusively under Windows NT, Windows 95/98, and Windows
2000 Server. The most important aspects of SQL Server 2008 are,
SQL Server is easy to use
SQL Server scales form a mobile laptop to symmetric multiprocessor
system.
SQL Server
Provides data warehousing features that until now have only been
available in oracle and other more expensive DBMS
SQL Server is a relational database Management System. The SQL Server
Relational language is called Transact SQL.SQL is a set oriented language. This
means that SQL can query many rows from one or more tables using just one
statement. This feature allows the use of this language at a logically higher level than
procedural language. Another important property of SQL is its non-procedure
durability .SQL contains two sub languages DDL and DML.
SQL Server works as an extension of Windows NT/95/98. SQL Server is
relatively easy to manage through the use of graphical computing environment for
almost every task of the system and database administration.SQL Server uses services
of Windows NT to offer new or extended database capabilities, such as sending and
receiving messages and managing login security. The SQL Server administrator’s
primary tool for interacting with the system is enterprise manager. The enterprise
manager has two main purposes: Administration of the database objects. SQL Server
Query Analyzer provides a graphical presentation of the execution plan of a query
and an automatic component that suggests which index should be used for a selected
query. This interactive component of SQL Server performs the task like:
Generating and executing Transact SQL Statements.
Storing the generated Transact –SQL Statements in a file.
Analyzing execution plans for generated queries.
Graphically illustrating the execution plan for a selected query.
Graphical Password for Data Security 14
A selected procedure is a special kind of batch written in a Transact SQL
using SQL language and SQL extensions. It is saved on the database server to
improve the performance and consistency of repetitive tasks.SQL server supports
stored procedures and system procedures. Stored procedures can be used for the
following purposes: to control access authorization, to create an audit trial of
activities in database tables, to separate data definition and data manipulation
statements concerning a database and all corresponding applications.
SOFTWARE REQUIREMENT
SPECIFICATION
Graphical Password for Data Security 15
CHAPTER 5
SOFTWARE REQUIREMENT SPECIFICATION
5.1 INTRODUCTION
Purpose: The main purpose for preparing this document is to give a general insight
into the analysis and requirements of the existing system or situation and for
determining the operating characteristics of the system.
Scope: This Document plays a vital role in the development life cycle (SDLC) and it
describes the complete requirement of the system. It is meant for use by the
developers and will be the basic during testing phase. Any changes made to the
requirements in the future will have to go through formal change approval process.
DEVELOPERS RESPONSIBILITIES OVERVIEW:
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements
of the system?
Demonstrating the system and installing the system at client's location after
the acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work
on it and also the documents of the system.
Conducting any user training that might be needed for using the system.
Maintaining the system for a period of one year after installation.
5.2 COMPONENTS OF SRS
Functionality
Performance
Design Constraints
External Interface
Graphical Password for Data Security 16
5.3 FUNCTIONAL REQUIREMENTS
User Maintenance
This module allows the registration of the sender and the receiver. The
users are created with security accounts in the SQL Server database. Each user is
associated with password. Only users having these accounts can access the
application to protect or retrieve data.
Image Conversion
Any image file can be loaded, previewed, altered and can be saved in the
different file format rather than in the same form which it was loaded. A facility to
identify different file formats including JPEG, TIFF, GIF, PNG etc. The source
image and target format are prompted. Once converted the new formatted image is
saved.
Graph Password Generator
The module allows the user to generate password from image. The user
has to specify the required image and click on the image to generate strokes. Each
stroke provides a pair of co-ordinates X, Y location from the image. The co-
ordinates in the pattern clicked and the number of strokes along with the image is
redirected to the database. The source image can be deleted as the application does
not have a direct dependency on the physical file. The receiver can retrieve the
password from the SQLSERVER database. The information on the strokes and
co-ordinates are available to the registered user. The receiver has to then provide
the transaction password to unlock the protection and recover the data.
Data Protection And Un-Protection
The module allows the user to specify text content or file at runtime for
whom data protection is sought. The user additionally has to provide a text
password. These inputs are redirected to an ASCII encode function which
converts the inputs to unreadable, non printable form. The user then specifies a
Graphical Password for Data Security 17
container within which the encoded data has to be hidden. Binary streams are used
to transfer the data of the container first, encoded data and password to a
temporary container. Appropriate bookmarks are used to indicate the beginning of
the data and the password. On completion of hiding the data the original file is
removed and the temporary file is renamed to the original. Care has to be taken
not to damage the data or the container on embedding the data. The container
should also not hint the presence of data to the hacker. These bookmarks are used
by the receiver to retrieve the hidden data. The bookmarks also help in
differentiating whether data is present or not within the container. The module
also provides extended support to remove the existing data and reuse the container
to hide any other data. The module prompts to overwrite data if any existing data
is found.
Image Comparison Using Pixel By Pixel Method
The easiest way to compare at the first point is to compare the size of the
source and target images. If they match the image data (pixels) should be checked
for uniform format (bitmap). A conversion module converts from other formats to
bitmap format. As various images have different number of bytes per pixel it is
necessary to determine the bytes per pixel (8/16/24/32/48/64 and RGB/Gray
scale). Loop thru both the images to pickup pixel by pixel comparing each time.
The images are assumed to be in the form of large rectangular dimensions or
matrix for this. Only when all the pixels in the corresponding matrix are identical
the comparison returns a true value else it returns false.
5.4 OTHER NON FUNCTIONAL REQUIREMENTS
PERFORMANCE REQUIREMENTS
As the application handles images and binary data, a high resolution monitor and a
RAM of at least 1 GB would enhance the performance.
Graphical Password for Data Security 18
SAFETY REQUIREMENTS
No harm is expected from the use of the product either to the OS or any data that
resides on the client system.
PRODUCT SECURITY REQUIREMENTS
The product is protected from un-authorized users from using it. The system
allows only authenticated users to work on the application. The users of the
system are network users (Sender & Receiver).
SOFTWARE QUALITY ATTRIBUTES
The product is user friendly as it windows forms based. As it is developed in .Net
it is highly interoperable with OS that have provided support for MSIL (Server
side). The system requires less maintenance as the backend is an RDBMS and
supports high security.
TESTING REQUIREMENTS
The application performs the following testing,
a) White box testing is performed across the modules; Checking line by line
all possible paths to trace errors. Valid, Invalid and null inputs are given to
test it.
b) Black box testing is done in modules; to test database connectivity.
ADO.Net is used to communicate with the database which uses providers
[driver]. These are tested as black boxes by providing inputs whose
outputs are known but not the business or functional logic.
c) Unit Testing is done to check each module performs as expected. In
modules where there is a dependency, the O/P of one module is sent as I/P
of another and both flow of data and time delays checked.
d) System testing is done integrating all the modules and necessary hardware.
This ensures that the application as a whole doesn’t fail when tested on
infrastructure dependency.
Graphical Password for Data Security 19
DESIGN CONSTRAINTS
The application requires a central server, similar to the one provided by the
ISP. Although the OS is not a dependent factor, any OS that supports MSIL is a
must. The backend database should be installed and available [service].
5.5 EXTERNAL INTERFACE REQUIREMENTS
USER INTERFACES
The application is provided with keyboard shortcuts, and a facility to use
the mouse to trigger the required actions. They act as shortcuts and provide an
easy navigation within the software. Appropriate error handling is done using
Exceptions in-order to isolate abnormal results or conditions. Alerts/Message
boxes and dialogs are used by the application to communicate with the user.
HARDWARE & COMMUNICATION INTERFACES
The application concentrates on using text, images and binary containers
(audio, video etc) and can be deployed over the internet/intranet.
SOFTWARE INTERFACES
The incoming data to the product would be raw text data and images. The
outgoing data would be the text and images. A database is maintained to store the
text and URL information about the images. Ms-access is the database with a
version of minimum 2003 as requirement. MSIL should be present on the
communicating ends.
5.6 CONCLUSION
The application can now be used in various organization and industries where
users or staff communicates over the network. The application provides security
in making the data unavailable to a hacker. Organizations/Staff can now secure
data in various containers other than images.
SYSTEM DESIGN
Graphical Password for Data Security 20
CHAPTER-6
SYSTEM DESIGN
6.1 INTRODUCTION
Software design sits at the technical kernel of the software engineering
process and is applied regardless of the development paradigm and area of
application. Design is the first step in the development phase for any engineered
product or system. The designer’s goal is to produce a model or representation of
an entity that will later be built. Beginning, once system requirement have been
specified and analyzed, system design is the first of the three technical activities -
design, code and test that is required to build and verify software.
The importance can be stated with a single word “Quality”. Design is the
place where quality is fostered in software development. Design provides us with
representations of software that can assess for quality. Design is the only way that
we can accurately translate a customer’s view into a finished software product or
system. Software design serves as a foundation for all the software engineering
steps that follow. Without a strong design we risk building an unstable system –
one that will be difficult to test, one whose quality cannot be assessed until the last
stage.
6.2 DATA FLOW DIAGRAMS . The development of DFD’S is done in several levels. Each process in
lower level diagrams can be broken down into a more detailed DFD in the next
level. The lop-level diagram is often called context diagram. It consists a A data
flow diagram is graphical tool used to describe and analyze movement of data
through a system. These are the central tool and the basis from which the other
components are developed. The transformation of data from input to output,
through processed, may be described logically and independently of physical
components associated with the system. These are known as the logical data flow
diagrams. The physical data flow diagrams show the actual implements and
movement of data between people, departments and workstations. A full
Graphical Password for Data Security 21
description of a system actually consists of a set of data flow diagrams. Using two
familiar notations Yourdon, Gane and Sarson notation develops the data flow
diagrams. Each component in a DFD is labeled with a descriptive name. Process
is further identified with a number that will be used for identification purpose
single process bit, which plays vital role in studying the current system. The
process in the context level diagram is exploded into other process at the first level
DFD.
The idea behind the explosion of a process into more process is that
understanding at one level of detail is exploded into greater detail at the next level.
This is done until further explosion is necessary and an adequate amount of detail
is described for analyst to understand the process. Larry Constantine first
developed the DFD as a way of expressing system requirements in a graphical
from, this lead to the modular design.
A DFD is also known as a “bubble Chart” has the purpose of clarifying
system requirements and identifying major transformations that will become
programs in system design. So it is the starting point of the design to the lowest
level of detail. A DFD consists of a series of bubbles joined by data flows in the
system.
DFD SYMBOLS:
In the DFD, there are four symbols
1. A square defines a source(originator) or destination of system data
2. An arrow identifies data flow. It is the pipeline through which the
information flows
3. A circle or a bubble represents a process that transforms incoming data
flow into outgoing data flows.
4. An open rectangle is a data store, data at rest or a temporary repository of
data
Graphical Password for Data Security 22
Process that transforms data flow.
Source or Destination of data
Data flow
Data Store
CONSTRUCTING A DFD:
Several rules of thumb are used in drawing DFD’S:
1. Process should be named and numbered for an easy reference. Each name
should be representative of the process.
2. The direction of flow is from top to bottom and from left to right. Data
traditionally flow from source to the destination although they may flow
back to the source. One way to indicate this is to draw long flow line back
to a source. An alternative way is to repeat the source symbol as a
destination. Since it is used more than once in the DFD it is marked with a
short diagonal.
3. When a process is exploded into lower level details, they are numbered.
4. The names of data stores and destinations are written in capital letters.
Process and dataflow names have the first letter of each work capitalized
Graphical Password for Data Security 23
A DFD typically shows the minimum contents of data store. Each data
store should contain all the data elements that flow in and out. Questionnaires
should contain all the data elements that flow in and out. Missing interfaces
redundancies and like is then accounted for often through interviews.
SAILENT FEATURES OF DFD’S
1. The DFD shows flow of data, not of control loops and decision are
controlled considerations do not appear on a DFD.
2. The DFD does not indicate the time factor involved in any process whether
the dataflow take place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD
UNIFIED MODELING LANGUAGE
The unified modeling language allows the software engineer to express an
analysis model using the modeling notation that is governed by a set of
syntactic semantic and pragmatic rules.A UML system is represented using
five different views that describe the system from distinctly different
perspective. Each view is defined by a set of diagram, which is as follows.
User Model View
This view represents the system from the users perspective. The analysis
representation describes a usage scenario from the end-users perspective.
Structural model view
In this model the data and functionality are arrived from inside the system.
This model view models the static structures.
Behavioral Model View
It represents the dynamic of behavioral as parts of the system, depicting the
interactions of collection between various structural elements described in the
user model and structural model view.
Graphical Password for Data Security 24
Implementation Model View
In this the structural and behavioral as parts of the system are represented as
they are to be built.
Environmental Model View
In this the structural and behavioral aspects of the environment in which the
system is to be implemented are represented.
UML is specifically constructed through two different domains they are
UML Analysis modeling which focuses on the user model and
structural model views of the system
UML design modeling, which focuses on the behavioral modeling,
implementation modeling and environmental model views.
INTRODUCTION TO THE UNIFIED MODIFIED LANGUAGE
Building a model for a software system prior to its construction
is as essential as having a blueprint for building a large building. Good
models are essential for communication among project teams. As the
complexity of the systems increases, so does the importance of good
modeling techniques.
A modeling language must include:
Model elements- fundamental modeling concepts and semantics
Notation-visual rendering of model elements
Guidelines-expression of usage within trade
The use of visual notation to represent or model a problem can provide us several
benefits relating to clarity, familiarity, maintenance, and simplification. The main
reason for modeling is the reduction of complexity. The Unified Modeling
Language (UML) is a set of notations and conventions used to describe and model
an application. The UML is intended to be a universal language for modeling
systems, meaning that it can express models of many different kinds and
purposes, just as a programming language or a natural language can be
used in different ways. A model” is an abstract representation of a system ,
Graphical Password for Data Security 25
constructed to understand the system prior to building or modifying it. The
term “system” is used here in a broad sense to include any process or
structure. For example, the organizational structure of a corporation , health
services, computer software, instruction of any sort (including computers) , the
national economy, and so forth all would be termed “Systems”.
The unified modeling language is a language for specifying,
constructing, visualizing, and documenting the software system and its
components. The UML is a graphical language with sets of rules and
semantics. The rules and semantics of a model are expressed in English, in
a form known as “object constraint language”(OCL).OCL is a specification
language that uses simple logic for specifying the properties of a system.
The UML is not intended to be a visual programming language in
the sense of having all the necessary visual and semantic support to replace
programming languages. However, the UML does have a tight mapping to a
family of object-oriented languages, so that you can get the best of both
worlds.
The primary goals in the design of the UML were as follows:
1. Provide users ready-to-use, expensive visual modeling languages so they can
develop and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core
concepts.
3. Be independent of particular programming languages and development
process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of the OO tools market.
6. Support higher level development concepts.
7. Integrate best practices and methodologies.
Graphical Password for Data Security 26
UML is a language used to:
“Visualize” the software system well-defined symbols. Thus a developer or tool
can unambiguously interpret a model written by another developer, using UML
“Specify the software system and help building precise, unambiguous and
complete models.
“Construct” the models of the software system that can directly
communicate with a variety of programming languages.
“Document” models of the software system during its development stages.
Architectural views and diagrams of the UML
The UML Meta model elements are organized into diagrams. Different diagrams
are used for different purposes depending on the angle from which you are
viewing the system. The different views are called “architectural views”.
Architectural views facilitate the organization of knowledge, and diagrams enable
the communication of knowledge. Then knowledge itself is within the model or
set of models that focuses on the problem and solution. The architectural
views and their diagrams are summarized below:
The “user model view” encompasses a problem and solution from
the preservative of those individuals whose problem the solution addresses. The
view presents the goals and objectives of the problem owners and their
requirements of the solution. This view is composed of “use case diagrams”.
These diagrams describe the functionality provided by a system to external actors.
It contains actors, use cases, and their relationships.
The “Structural model view” encompasses the static, or structural,
aspects of a problem and solution. This view is also known as the static or
logical view. This view is composed of the following diagrams
Graphical Password for Data Security 27
The “Class diagrams” describe the static structure of a system, or
how it is declared rather than how it behaves. These diagrams contain classes
and associations.
The “object diagrams” describe the static structure of a system at a
particular time during its life. These diagrams contain objects and links.
The “behavioral model view” encompasses the dynamic or behavioral
aspects of a problem and solution. The view is also known as the dynamic,
process, concurrent or collaborative view. This view is composed of the
following diagrams:
The “Sequence diagrams” render the specification of behavior. These
diagrams describes the behavior provided by a system to interactions.
These diagrams contain classes that exchange messages with in an interaction
arranged in time sequence. In generic form, These diagrams describe a set
of message exchange sequences among a set of classes. In instance
form(scenarios), these diagrams describe one actual message exchange
sequence among objects of those classes.
The “Collaboration diagrams” render how behavior is realized
by components with in a system. These diagrams contain classes,
associations, and their message exchanges with in a collaboration to
accomplish a purpose. In generic form, these diagrams describe a set of
classes and associations involved in message exchange sequences. In
instance form(scenarios), these diagrams describe a set of objects of those
classes links confirming to the associations, and one actual message
exchange sequence that inconsistent with the generic form and uses
those objects and links.
The “State chart diagrams” render the states and responses of a
class participating in behavior, and the life cycle of an object. These
diagrams describe the behavior of a class in response to external stimuli.
Graphical Password for Data Security 28
The “Activity diagrams” render the activities of a class participating
in behavior. These diagrams describe the behavior of a class in response
to internal processing rather than external events. Activity diagrams
describe the processing activities within a class.
The “Implementation model view” encompasses the structural
and behavioral aspects of the solution’s realization. This view is also
known as the component or development view and is composed of
“component diagrams”. These diagrams describe the organization of and
dependencies among software implementation components. These diagrams
contain components and their relationships.
The “Environment model view” encompasses the structural and
behavioral aspects of the domain in which a solution must be realized.
This view is also known as the deployment or physical view. This view is
composed of “deployment diagrams”. These diagrams describe the
configuration of processing resources elements and the mapping of
software implementation components onto them. These diagrams contain
nodes, components and their relationships.
UML DIAGRAMS
Every complex system is best approached through a small set of
nearly independent views of a model; no single viewer is sufficient.
Every model may be expressed at different levels of fidelity. The best models
are connected to reality. The UML defines nine graphical diagrams.
1. Class diagram
2. Object diagram
3. Use-case diagram
4. Behavior diagrams
5. Interaction diagrams
6. Sequence diagram
7. Collaboration diagram
SYSTEM TESTING
AND IMPLEMENTATION
Graphical Password for Data Security 29
CHAPTER 7
TESTING AND IMPLEMENTATION
7.1 INTRODUCTION
Software testing is a critical element of software quality assurance and
represents the ultimate review of specification, design and coding. In fact, testing is
the one step in the software engineering process that could be viewed as destructive
rather than constructive.
A strategy for software testing integrates software test case design methods
into a well-planned series of steps that result in the successful construction of
software. Testing is the set of activities that can be planned in advance and conducted
systematically. The underlying motivation of program testing is to affirm software
quality with methods that can economically and effectively apply to both strategic to
both large and small-scale systems.
7.2 STRATEGIC APPROACH TO SOFTWARE TESTING
The software engineering process can be viewed as a spiral. Initially system
engineering defines the role of software and leads to software requirement analysis
where the information domain, functions, behavior, performance, constraints and
validation criteria for software are established. Moving inward along the spiral, we
come to design and finally to coding. To develop computer software we spiral in
along streamlines that decrease the level of abstraction on each turn.
A strategy for software testing may also be viewed in the context of the spiral.
Unit testing begins at the vertex of the spiral and concentrates on each unit of the
software as implemented in source code. Testing progresses by moving outward along
the spiral to integration testing where the focus is on the design and the construction
of the software architecture. Talking another turn on outward on the spiral we
encounter validation testing where requirements established as part of software
requirements analysis are validated against the software that has been constructed.
Finally we arrive at system testing, where the software and other system elements are
tested as a whole.
Graphical Password for Data Security 30
UNIT TESTING
Unit testing focuses verification effort on the smallest unit of software design,
the module. The unit testing we have is white box oriented and some modules the
steps are conducted in parallel.
WHITE BOX TESTING
This type of testing ensures that
All independent paths have been exercised at least once
All logical decisions have been exercised on their true and false sides
All internal data structures have been exercised to assure their validity.
To follow the concept of white box testing we have tested each form .we have created
independently to verify that Data flow is correct, All conditions are exercised to check
their validity, All loops are executed on their boundaries.
UNIT TESTING
MODULE TESTING
SUB-SYSTEM TESING
SYSTEM TESTING
ACCEPTANCE TESTING
Component
Testing
Integration Testing
User Testing
Graphical Password for Data Security 31
BASIC PATH TESTING
Established technique of flow graph with Cyclomatic complexity was used to
derive test cases for all the functions. The main steps in deriving test cases were:
Use the design of the code and draw correspondent flow graph.
Determine the Cyclomatic complexity of resultant flow graph, using formula:
V (G) =E-N+2 or
V (G) =P+1 or
V (G) =Number of Regions
Where V (G) is Cyclomatic complexity,
E is the number of edges,
N is the number of flow graph nodes,
P is the number of predicate nodes.
Determine the basis of set of linearly independent paths.
TESTING CONDITIONAL
In this part of the testing each of the conditions were tested to both true and
false aspects. And all the resulting paths were tested. So that each path that may be
generate on particular condition is traced to uncover any possible errors.
DATA FLOW TESTING
This type of testing selects the path of the program according to the location
of definition and use of variables. This kind of testing was used only when some local
variable were declared. The definition-use chain method was used in this type of
testing. These were particularly useful in nested statements.
LOOP TESTING
In this type of testing all the loops are tested to all the limits possible. The
following exercise was adopted for all loops:
Graphical Password for Data Security 32
All the loops were tested at their limits, just above them and just below
them.
All the loops were skipped at least once.
For nested loops test the inner most loop first and then work outwards.
For concatenated loops the values of dependent loops were set with the
help of connected loop.
Unstructured loops were resolved into nested loops or concatenated loops
and tested as above.
Each unit has been separately tested by the development team itself and all the input
have been validated.
TEST CASES
Module: Login
Filename: form1.vb
Test Input Received
Output
Actual Output Description
Valid login
User Id,
password
Login
success
Login success
Test Passed!
Control
Transferred to
Menu
Invalid
login
User Id,
password
Login
Failed
Login Failed
Test Passed! Try
Again
Invalid
Login
Null, Null
Login
Failed
Login Failed
Test Passed! Try
Again
Graphical Password for Data Security 33
Module: Convert File
Filename: Convert.vb
Test Case Input Actual Output Obtained Output Description
Conversion Source img,
target img
Success Success Test Passed.
Image
converted
from source
to target
format
Conversion
Source img,
target
img,format
Failed Failed Test Passed.
Invalid
Image,
Format type
does not
match. Try
again.
Module: Slideshow
Filename: slideshow.vb
Graphical Password for Data Security 34
Test Case Input Actual Output Obtained Output Description
Slide show Source
folder
Success Success Test Passed.
Display images
one by one
based on user
input (prev /
next) or timer
interval.
Slide show
Source
folder
Failed Failed Test Passed.
No images in
current
directory.
Module: Pixel by Pixel using Hash Comparison
Filename: hash.vb
Test Case Input Actual Output Obtained Output Description
Compare
Images
Source &
Target
Images
Success Success Test Passed.
Hash generated,
display
compare status.
Compare
Images
Source &
Target
Images
Failed Failed Test Passed.
Invalid image
format, Vary in
size, File not
found. Try
Again
Graphical Password for Data Security 35
Module: Change Password
Filename: Form2.java
Test Input Received
Output
Actual Output Description
Valid
Password,
Password
updating
Old Pwd, New
Pwd & Conf
Pwd
Success
Success
Test Passed!
Password
Changed
Invalid
Password,
Password
updating
Failed
Old Pwd, New
Pwd & Conf
Pwd
Failed
Failed
Test Passed!
Old Pwd
incorrect or
new Pwd &
conf Pwd
mismatch
Module: Append Binary
Filename: steganoz.vb
Test Input Received
Output
Actual Output Description
Container,
Graphical Password for Data Security 36
Stegano hide Password, data
to hide
Success Success Test Passed!
New image
created with
appended
hidden data
Hide data
Fail
Container,
Password, data
to hide >
length of
image
Failed
Failed
Test Passed!
Try again.
Invalid
image or
container
format or file
doesn’t exist
Retrieve data
Container,
Password
Success
Success
Test Passed!
Data
retrieved
from
container.
Retrieve data
Fail
Image,
Password,
Failed
Failed
Test Passed!
Image did
not contain
any data
Retrieve data
Fail
Image,
Password,
Failed
Failed
Test Passed!
Password
incorrect
Graphical Password for Data Security 37
Future Scope
The application can be enhanced to the networks, enabling comparison
between images on different terminals.
Display the number of pixels that are identical and those not.
Use biometric devices to secure data.
Limitations:-
The server hosting SQLSERVER should be online through out.
The server should contain the user accounts of the sender and receiver
without providing DBA permissions.
CONCLUSION
The application can now be used by network users to secure and transfer
their data. The users of the network, irrespective of their application being used
can use this application to secure transmitted and received data. Applications such
as FTP, emails, attachments, SMS, messenger for chat etc can now use the secure
data for communication. The application is not focused for any industry or
community. It can be used by both intranet and internet users. When in Intranet
the application can be used by employees or staff of an organization to
communicate securely.
IMPLEMENTATION
Implementation is the stage of the project when the theoretical is turned into a
working system. At this stage the main work load and the latest upheaval shifts to the
user departments. If the implementation stage is not clearly planned and controlled, it
can cause chaos. The term implantation has different meanings, ranging from the
conversion of the basic application to a compatible replacement of a computer
system.
INSTALLATION
Graphical Password for Data Security 38
For the installation of the software the setup of the software has to be created
which will help us to install all the components used in the project and with the help
of which only the work can run successfully. The setup wizard will setup the product.
This will automatically includes all files to setup kit. The database entry and updating
should be done manually. Since we place the files in the network server there is a
chance to miss the files, so we keep backup copies of setup files to compact disk and
run the file setup.
CONCLUSION
Graphical Password for Data Security 39
CHAPTER 9
CONCLUSION
As the saying goes “Necessity is the mother of all inventions”, a need for
manipulating system administration tasks was recognised. Accordingly, highly
interactive GUI based software was developed to solve the problem.
Functionalities in “GRAPHICAL PASSWORDS FOR DATA
SECURITY” enable user-friendly interfaces and simplified approach towards the
execution of various services. The application was successfully designed,
developed and tested. All the given objectives were met with satisfaction
The application developed is designed in such a way that any further
enhancements can be done with ease. The system has the capability for easy
integration with other systems. New modules can be added to the existing system
with less effort. Future systems will be facilitating employers with online
transaction through credit card services.
BIBILOGRAPHY
Graphical Password for Data Security 40
BIBILOGRAPHY
The books referred during the development of the system are specified below.
Complete reference of .Net -By JOSE, MOJICA
VB .Net language reference -By Steven Roman
Programming Windows -By Charles Petzold, 2002
An Introduction to Database Systems -By Date. C. J., 1994
Database Management Systems -By Raghu Ramakrishnan,
Software Engineering, A Practitioner’s Approach -By Roger .S. Pressman
Websites:
www.w3schools.com
www.learnvisualstudio.net
www.microsoft.msdn.com
APPENDIX
UML DIAGRAMS
Graphical Password for Data Security 41
APPENDIX-1
UML DIAGRAMS
USE CASE DIAGRAM
Graphical Password for Data Security 42
CLASS DIAGRAM
Graphical Password for Data Security 43
SEQUENCE DIAGRAM – 1
Graphical Password for Data Security 44
SEQUENCE DIAGRAM - 2
Graphical Password for Data Security 45
SEQUENCE DIAGRAM – 3
Graphical Password for Data Security 46
SEQUENCE DIAGRAM – 4
Graphical Password for Data Security 47
COLLABORATION DIAGRAM – 1
COLLABORATION DIAGRAM – 2
Graphical Password for Data Security 48
COLLABORATION DIAGRAM – 3
COLLABORATION DIAGRAM – 4
Graphical Password for Data Security 49
ACTIVITY DIAGRAM
Graphical Password for Data Security 50
STATE CHART DIAGRAM
Graphical Password for Data Security 51
DEPLOYEMENT DIAGRAM
TABLES
Graphical Password for Data Security 52
APPENDIX – 2
TABLES
Table name: Graphpwd
Table name: useraccount
Column name Data type Description Constraints
transid Varchar(50) Transaction id Primary key
pwdx Varchar(max) X coordinates
pwdy Varchar(max) Y coordinates
img Varchar(max) Image
fpwd Varchar(50) File password
floc Varchar(max) File location
Column name Data type Description Constraints
userid Varchar(50) User ID Primary key
pwd Varchar(50) Password
SCREENS
Graphical Password for Data Security 53
APPENDIX -3
SCREENS
LOGIN
Graphical Password for Data Security 54
CHANGE PASSWORD
Graphical Password for Data Security 55
MENU
Graphical Password for Data Security 56
SLIDE SHOW MANUAL MODE
Graphical Password for Data Security 57
SLIDE SHOW AUTO MODE
Graphical Password for Data Security 58
IMAGE CONVERTION
Graphical Password for Data Security 59
IMAGE CONVERTION
Graphical Password for Data Security 60
IMAGE CONVERTION
Graphical Password for Data Security 61
IMAGE COMPARISON
Graphical Password for Data Security 62
IMAGE COMPARISON
Graphical Password for Data Security 63
IMAGE COMPARISON
Graphical Password for Data Security 64
GENERATE PASSWORD
Graphical Password for Data Security 65
Graphical Password for Data Security 66
GENERATE PASSWORD
Graphical Password for Data Security 67
GENERATE PASSWORD
Graphical Password for Data Security 68
HIDING DATA USING STEGANOGRAPHY
Graphical Password for Data Security 69
STEGANOGRAPHY
Graphical Password for Data Security 70
GRAPHICAL LOGIN
Graphical Password for Data Security 71
GRAPHICAL LOGIN
Graphical Password for Data Security 72
GRAPHICAL LOGIN
Graphical Password for Data Security 73
GRAPHICAL LOGIN
Graphical Password for Data Security 74
RETRIEVING HIDDEN DATA USING STEGANOGRAPHY
Graphical Password for Data Security 75
STEGANOGRAPHY
Graphical Password for Data Security 76
STEGANOGRAPHY
Graphical Password for Data Security 77
STEGANOGRAPHY
GLOSSARY
Graphical Password for Data Security 79
APPENDIX – 4
GLOSSARY
SRS Software Requirement Specification
UML Unified Modeling Language
CLR Common Language Runtime
RAD Rapid Application Development
CAD Context Analysis Diagram
SQL Structured Query Language
TPL Third Party Liability