Graphical Password

DECLARATION

We the students of Azad College of Engineering and Technology, hereby declare that

this project titled “GRAPHICAL PASSWORD FOR DATA

SECURITY” is being submitted to the Department of Computer Science and

Engineering, Azad College of Engineering and Technology affiliated to JNTU,

Hyderabad, For the award of B.Tech (CSE) degree is a record of bonafide work done

by us at CMTES and it has not been submitted to any other Institute or University for

the award of any degree or prize.

NAME OF THE STUDENTS

AJITH KRISHNAN. R

MOHAMMED ARSHAD

MOHAMMED YAMEEN

NEHA

ACKNOWLEDGEMENT

The satisfaction that accompanies that the successful completion of any task

would be incomplete without the mention of people whose ceaseless

cooperation made it possible, whose constant guidance and encouragement

crown all efforts with success.

We are grateful to our project guide Ms. Asha Kamala for the guidance,

inspiration and constructive suggestions that helpful us in the preparation of this

project.

We would like to express our deep gratitude to the Mr. Mohd Basid Ali Ahmed,

Head of the department of CSE branch, Mr. S.Sreekanth, principal of Azad

College of engineering & technology, for his timely co-operation while carrying

out the project

We also thank our colleagues who have helped in successful completion of the

project.

Table of Contents

INTRODUCTION .............................................................................................................. 1

1.1 PROJECT OVERVIEW ..................................................................................... 3

ORGANISATION PROFILE ............................................................................................. 4

SYSTEM DEVELOPMENT PHASE ................................................................................. 5

3.1 INTRODUCTION .................................................................................................... 5

3.2 OBJECTIVE OF THE PROJECT ............................................................................ 6

SYSTEM ANALYSIS ........................................................................................................ 7

4.1 INTRODUCTION .................................................................................................... 7

4.2 EXISTING SYSTEM ............................................................................................... 8

4.3 PROPOSED SYSTEM: ............................................................................................ 8

4.4 HARDWARE AND SOFTWARE SPECIFICATION ............................................. 9

4.5 FEATURES OF SOFTWARE USED .................................................................... 10

SOFTWARE REQUIREMENT SPECIFICATION ......................................................... 15

5.1 INTRODUCTION .................................................................................................. 15

5.2 COMPONENTS OF SRS ....................................................................................... 15

5.3 FUNCTIONAL REQUIREMENTS ....................................................................... 16

5.4 OTHER NON FUNCTIONAL REQUIREMENTS ............................................... 17

5.5 EXTERNAL INTERFACE REQUIREMENTS ..................................................... 19

5.6 CONCLUSION ....................................................................................................... 19

SYSTEM DESIGN ........................................................................................................... 20

6.1 INTRODUCTION .................................................................................................. 20

6.2 DATA FLOW DIAGRAMS ................................................................................... 20

TESTING AND IMPLEMENTATION............................................................................ 29

7.1 INTRODUCTION .................................................................................................. 29

7.2 STRATEGIC APPROACH TO SOFTWARE TESTING ...................................... 29

CONCLUSION ................................................................................................................. 39

BIBILOGRAPHY ............................................................................................................. 40

APPENDIX ....................................................................................................................... 40

UML DIAGRAMS ....................................................................................................... 41

TABLES ....................................................................................................................... 52

SCREENS ..................................................................................................................... 53

GLOSSARY ................................................................................................................. 79

INTRODUCTION

Graphical Password for Data Security 1

CHAPTER 1

INTRODUCTION

Access to computer systems is most often based on the use of

alphanumeric passwords. However, users have difficulty remembering a password

that is long and random appearing. Instead, they create short, simple, and in secure

passwords. Graphical passwords have been designed to try to make passwords

more memorable and easier for people to use and, therefore, more secure. Using a

graphical password, users click on images rather than type alphanumeric

characters. A key area in security research is authentication, the determination of

whether a user should be allowed access to a given system or resource.

Traditionally, alphanumeric passwords have been used for authentication, but they

are known to have security and usability problems. Today other methods,

including graphical passwords, are possible alternatives.

This paper reports on research aimed to design a new kind of graphical

password system, empirically test its usability, and compare it to alphanumeric

passwords. In this concept an image would appear on the screen, and the user

would click on a few chosen regions of it. If the correct regions were clicked in,

the user would be authenticated.

Memory of passwords and efficiency of their input are two key human

factors criteria. Memorability has two aspects: (1) how the user chooses and

encodes the password and (2) what task the user does when later retrieving the

password. In a graphical password system, a user needs to choose memorable

locations in an image. Choosing memorable locations depends on the nature of the

image itself and the specific sequence of click locations.

In a graphical password system based on recognition, the user has to be

able only to recognize previously seen images, making a binary choice of whether

the image is known or not known. This is done by comparing the previously used


image with the image chosen. A pixel by pixel comparison is done to verify the

image before the location verification is done. The application then proceeds to

provide security for data. To perform data protection the user is prompted with

text input and a transaction password. The data is encoded using ASCII

conversion and made unreadable. A container is then prompted into which the

encoded data is hidden. Appropriate binary bookmarks are used to identify the

location and length of the hidden data and password. These bookmarks are used

by the receiver to retrieve the data.

The application proposes to strengthen data security with the use of

graphical passwords and steganography using appending data in binary streams.

Replace the existing system of typed passwords.

Generate passwords from images.

Use the same image but vary generated passwords.

Protect Data in any container

Data Security

This project was done at CMTES INFORMATICS LIMITED, Secunderabad. The

software is developed using VB.NET as front end and SQL Server as the back-

end.


1.1 PROJECT OVERVIEW

Graphical passwords have been designed to try to make passwords more

memorable and easier for people to use and, therefore, more secure. Using a


characters. A key area in security research is authentication, the determination of

whether a user should be allowed access to a given system or resource.

Traditionally, alphanumeric passwords have been used for authentication, but they

are known to have security and usability problems. Today other methods,

including graphical passwords, are possible alternatives. This paper reports on

research aimed to design a new kind of graphical password system, empirically

test its usability, and compare it to alphanumeric passwords. In this concept an

image would appear on the screen, and the user would click on a few chosen

regions of it. If the correct regions were clicked in, the user would be

authenticated.

The crucial points that the system emphasis on are listed in the following

The application proposes to strengthen data security with the use of graphical

passwords and steganography using appending data in binary streams.

Replace the existing system of typed passwords.

Generate passwords from images.

Use the same image but vary generated passwords.

Protect Data in any container

ORGANISATION PROFILE


CHAPTER 2

ORGANISATION PROFILE

CMTES is a 22 year old organization. CMTES is an ISO 9001:2000 Certified

organization, and a registered unit of software technology parks of India (STPI),

member of Hyderabad Software Exporters Association (HYSEA).

With the state of art infrastructure and well qualified & experienced team of more

than 250 skilled professionals, CMTES can be trusted to deliver the right solutions

to all its customers. The company offers services such as application development,

software maintenance, internal consulting and establishing software centers for a

wide range of clients

Its domain expertise lies in developing and maintaining machine critical systems

particularly in financial alliances. The company is also keen on having tie ups

with domestic software companies for providing high quality software

development services.

CMTES recognizes the traditional challenges in every project as well as the

circumstances and goals that make each project unique. Informatics is committed to

our vision and solutions that meet and exceed our client’s business requirement while

advancing technology and developing innovative approaches.

CMTES respect for those unchanging goals in the market place combined

with our use of technology to create innovative cost efficient solutions set us apart

from the other technology solutions providers. Informatics have provided successful

on site development on a variety of platform and languages for companies. We are

giving practices and providing profitable and practical solutions to the needs of the

customer. Informatics benefits their clients by turning their technological challenges

into opportunities that expand their reach and increases their ability to prosper.

SYSTEM DEVELOPMENT

PHASE


CHAPTER 3

SYSTEM DEVELOPMENT PHASE

3.1 INTRODUCTION

The information system is developed using the classical systems development

cycle (SDLC).the method is classically thought of as the set of activities that analyst,

designers and users carry out to develop and implement an information system.

The systems development life cycle method consists of the following activities.

Preliminary investigation

Determination of systems requirements

Design of system

Development of software

System testing

Implementation and evaluation

Considering the activities specified above, the procedures carried out for the project is

Detailed study of the overall system

Study of various types of data that flow through the system

Design of data files

Program development

Modification and implementation

Preparation of reports

End users initiate system projects. System development cycle consists of 4

phases. System analysis, system design, system implementation and system support.

System analysis deals with study of current system, its flows, definition of needs,

requirements and evaluation of alternative solutions. System analysis is the most

critical phase of information development. The purpose of preliminary study phase is

to study the initial feasibility of a project request. The next phase of the system

analysis is to define the end user requirements for a new system. The purpose of this


phase is to identify what the new and improved information must be able to do. The

next phase is to select a feasible solution from alternative information candidates. A

cost benefit analysis determines with the expected system developments and the

lifetime cost for the new system will be offset by the benefit of the new system.

3.2 OBJECTIVE OF THE PROJECT

The objectives are:

Password generation from images using region specific inputs.

Password verification of images using region specific inputs.

Image comparison.

Convert images from one format to another.

Secure data in any container

SYSTEM ANALYSIS


CHAPTER 4

SYSTEM ANALYSIS

4.1 INTRODUCTION

System study is s detailed study of various operations performed by system

and their relationships within and outside the system. System study gives the structure

and functioning of the system. System study is done in order to understand the

problem and emphasize what is needed from the system. In this step the main task

understands the need of the system. The information required for the user is also

determined in this phase. It can be done on the existing system only.

During the study phase a preliminary analysis is carried out in sufficient depth

to permit a technical and economic evaluation of proposed system. At the conclusion

of study phase a decision is made whether or not proceeds with a design phase. After

need for new information system has been identified, the system analyst performs an

initial investigations to define the problem in detail. The initial investigations

objective is to determine the request is valid or feasible before recommendations

reached to do nothing improve or modify the existing system or build a new one.

When the initial investigation is completed, the analyst receives a system proposal

summarizing the findings and recommendations analyst is sought for approval.

When approved, the proposal feasibility studies that describes and evaluates

candidate system and provides for the selection of good system that needs system and

provides for selection of good system that needs system performance requirements.

To do feasibility study, the economic, technical and behavioral features in system

developments has to be considered. First a project team is formed. The team develops

system flow charts to identify the characteristics of candidate system, evaluate the

performance and cost data and select best candidate system for job.


4.2 EXISTING SYSTEM

Access to computer systems is most often based on the use of

alphanumeric passwords. However, users have difficulty remembering a password

that is long and random appearing. Instead, they create short, simple, and in secure

passwords.

The main concerns are:

Passwords are keyboard input.

Although length is not fixed to a minimum level at least 6 alphanumeric

characters strengthen it.

Images are not used to generate keys or passwords

Data security using steganography is restricted to only images.

Size of data hidden has a length constraint when compared to the size of

the container.

4.3 PROPOSED SYSTEM: Graphical passwords have been designed to try to make passwords more

memorable and easier for people to use and, therefore, more secure. Using a


characters.

ADVANTAGES

Images can be used to generate password.

Image conversion to JPG supported.

Identify regions in images as source of passwords.

Provide strength of password on generating the points selected.

Provide password verification on checking the points and sequence in

which selected.

Compare images to verify the source of generated password.


4.4 HARDWARE AND SOFTWARE SPECIFICATION

HARDWARE SPECIFICATION

Processor : Intel Pentium IV, 2GHz

RAM : 512MB.

Hard Disk Capacity : 40GB

Keyboard : Standard 104 keys

Mouse : Standard 3 Button

DVD/CD ROM : LG DVD RAM

SOFTWARE SPECIFICATION

Operating System : Win XP and Above

Database : SQL Server 2008

System Architecture : .NET Framework

Programming Language : VB.NET


4.5 FEATURES OF SOFTWARE USED

MICROSOFT .NET FRAMEWORK

Microsoft developed c# from grounds up to take advantage of its new .net

framework is made up of four parts, the common language runtime, a set of

programming languages, and the asp.net environment. The .net framework was

designed with three goals in mind. First, it was intended to make windows

applications much more reliable, while also providing an application with greater

degree of security. Second, it was intended to simplify the development of web

applications and services that not only work in the traditional sense but on mobile

devices as well. Lastly, the framework was designed to provide a single set of

libraries that would work with multiple languages.

COMMON LANGUAGE RUNTIME

One of the design goals of .NET framework was to unify the runtime engines

so that all developers could work with a set of runtime engine services. The .NET

framework’s solution is called the common language runtime (CLR). The CLR

provides capabilities such as memory management, garbage collection, security,

robust error handling to any language that works with the .NET framework. The CLR

enables languages into interoperate with one another. Memory can be allocated by

code written in one language and can be freed but code written in another language.

Similarly, errors can be raised in one language and processed in another language.

.NET FRAMEWORK CLASS LIBRARY

The .NET framework provides many classes that help developers re-use

code. The .NET libraries contain codes for programming topics such as threading, file

I/O, database support, XML parsing, and data structures such as stacks and queues.

This entire class library is available to programming languages that support .NET

Framework. Because all languages that support the .NET framework. Because all

languages now support the same runtime, they can re-use any class that works with

the .NET framework. This means that any functionality available to one language will

also be available to any other .NET language.


.NET PROGRAMMING LANGUAGES

VB.NET

The Microsoft ® Visual Basic®.NET programming language is a high-level

programming language for the Microsoft .NET framework. Although it is designed to

be an approachable and easy to learn language, it is powerful enough to satisfy the

needs of the experienced programmers. The visual basic .NET programming language

is closely related to the visual basic .net programming language but the two languages

are not the same. A discussion of the differences between visual basic .net and visual

basic 6.0 is beyond the scope of this document

The Visual Basic .NET programming language has a syntax that is similar to

English, which promotes the clarity and readability of visual basic .net code.

Wherever possible, meaningful words or phrases are used instead of abbreviations,

acronyms, or special characters. Extraneous or unneeded syntax is generally allowed

but not required

The visual basic .net programming language can be either a strongly typed or

a loosely typed language. Loose typing defers much of the burden of type checking

until a program is already running. This includes not only the type checking of

conversations but also of method calls ,meaning that binding of a method call can be

deferred until run-time. This is useful when building prototypes or other programs in

which speed of development of programs is much more important than the speed of

execution of the program. The visual basic .net programming language also provides

strongly typed semantics that performs all type checking at compile-time and

disallows run-time binding of method calls. This guarantees maximum performance

and helps ensure that type conversions are correct. This is useful when building

production applications in which speed of execution and execution correctness is

important.

FEATURES OF VB.NET

VB.NET is a program that is advanced version of VB 6.0. Microsoft is the company

that developed this language.VB.NET is a good and powerful language.

The main features of the VB.NET are


Windows forms designer: Microsoft visual basic®.NET enables you to build

rich applications for Microsoft windows ® with unprecedented power and

productivity using the new windows forms designer.

Rapid Application Development: VB.NET delivers rapid Application

Development (RAD) for the web with the Drag-and-Drop Web Forms

Designer, Full VB. NET code behind forms, and HTML statement

completion.

XML web Services: VB.NET allows developers to build and consume a

powerful, integrated XML web service that reduces development time by

enabling software aggregation from any platform.

Object Oriented Programming Language: VB.NET provides developers

with a first-class object-oriented programming language with support for

implementation inheritance, free threading, structured exception handling

attribute-based programming language and much more.

.NET Framework Access: VB.NET provides developers with full access to

Microsoft .NET framework, a comprehensive library of classes and

functionality for data access, security, XML support and more

New Productivity Features: VB.NET includes new productivity features

including control anchoring and docking d in-place menu editing to minimize

time spent on building and deploying applications.

Up-to-Date Assistance: VB.net provides continual up-to-date assistance in

building robust application with the background compiler, task list, and

dynamic help.

VB.NET Upgrade Wizard: The VB.NET Upgrade Wizard will

automatically upgrade your VB6.0 Projects to take advantage of all the

powerful features in VB.NET

Develop For Devices: VB.NET lets developers build applications that target

a vast array of handheld and wireless devices using Microsoft Mobile Internet

Toolkit

Unified Development Environment: VB.NET provides developers with the

award winning Visual Studio.NET unified development environment, which

includes features like the server Explorer, Visual Database Tools, Visual

Studio Macros, Crystal Reports, cross-language debugger, component

designer, auto-hide windows and much more.


SQL SERVER 2005

Relational database systems are the most important database systems used in

the software industry today. One of the most outstanding systems is Microsoft SQL

Server.SQL Server is a database management system developed and marketed by

Microsoft. It runs exclusively under Windows NT, Windows 95/98, and Windows

2000 Server. The most important aspects of SQL Server 2008 are,

SQL Server is easy to use

SQL Server scales form a mobile laptop to symmetric multiprocessor

system.

SQL Server

Provides data warehousing features that until now have only been

available in oracle and other more expensive DBMS

SQL Server is a relational database Management System. The SQL Server

Relational language is called Transact SQL.SQL is a set oriented language. This

means that SQL can query many rows from one or more tables using just one

statement. This feature allows the use of this language at a logically higher level than

procedural language. Another important property of SQL is its non-procedure

durability .SQL contains two sub languages DDL and DML.

SQL Server works as an extension of Windows NT/95/98. SQL Server is

relatively easy to manage through the use of graphical computing environment for

almost every task of the system and database administration.SQL Server uses services

of Windows NT to offer new or extended database capabilities, such as sending and

receiving messages and managing login security. The SQL Server administrator’s

primary tool for interacting with the system is enterprise manager. The enterprise

manager has two main purposes: Administration of the database objects. SQL Server

Query Analyzer provides a graphical presentation of the execution plan of a query

and an automatic component that suggests which index should be used for a selected

query. This interactive component of SQL Server performs the task like:

Generating and executing Transact SQL Statements.

Storing the generated Transact –SQL Statements in a file.

Analyzing execution plans for generated queries.

Graphically illustrating the execution plan for a selected query.


A selected procedure is a special kind of batch written in a Transact SQL

using SQL language and SQL extensions. It is saved on the database server to

improve the performance and consistency of repetitive tasks.SQL server supports

stored procedures and system procedures. Stored procedures can be used for the

following purposes: to control access authorization, to create an audit trial of

activities in database tables, to separate data definition and data manipulation

statements concerning a database and all corresponding applications.

SOFTWARE REQUIREMENT

SPECIFICATION


CHAPTER 5

SOFTWARE REQUIREMENT SPECIFICATION

5.1 INTRODUCTION

Purpose: The main purpose for preparing this document is to give a general insight

into the analysis and requirements of the existing system or situation and for

determining the operating characteristics of the system.

Scope: This Document plays a vital role in the development life cycle (SDLC) and it

describes the complete requirement of the system. It is meant for use by the

developers and will be the basic during testing phase. Any changes made to the

requirements in the future will have to go through formal change approval process.

DEVELOPERS RESPONSIBILITIES OVERVIEW:

The developer is responsible for:

Developing the system, which meets the SRS and solving all the requirements

of the system?

Demonstrating the system and installing the system at client's location after

the acceptance testing is successful.

Submitting the required user manual describing the system interfaces to work

on it and also the documents of the system.

Conducting any user training that might be needed for using the system.

Maintaining the system for a period of one year after installation.

5.2 COMPONENTS OF SRS

Functionality

Performance

Design Constraints

External Interface


5.3 FUNCTIONAL REQUIREMENTS

User Maintenance

This module allows the registration of the sender and the receiver. The

users are created with security accounts in the SQL Server database. Each user is

associated with password. Only users having these accounts can access the

application to protect or retrieve data.

Image Conversion

Any image file can be loaded, previewed, altered and can be saved in the

different file format rather than in the same form which it was loaded. A facility to

identify different file formats including JPEG, TIFF, GIF, PNG etc. The source

image and target format are prompted. Once converted the new formatted image is

saved.

Graph Password Generator

The module allows the user to generate password from image. The user

has to specify the required image and click on the image to generate strokes. Each

stroke provides a pair of co-ordinates X, Y location from the image. The co-

ordinates in the pattern clicked and the number of strokes along with the image is

redirected to the database. The source image can be deleted as the application does

not have a direct dependency on the physical file. The receiver can retrieve the

password from the SQLSERVER database. The information on the strokes and

co-ordinates are available to the registered user. The receiver has to then provide

the transaction password to unlock the protection and recover the data.

Data Protection And Un-Protection

The module allows the user to specify text content or file at runtime for

whom data protection is sought. The user additionally has to provide a text

password. These inputs are redirected to an ASCII encode function which

converts the inputs to unreadable, non printable form. The user then specifies a


container within which the encoded data has to be hidden. Binary streams are used

to transfer the data of the container first, encoded data and password to a

temporary container. Appropriate bookmarks are used to indicate the beginning of

the data and the password. On completion of hiding the data the original file is

removed and the temporary file is renamed to the original. Care has to be taken

not to damage the data or the container on embedding the data. The container

should also not hint the presence of data to the hacker. These bookmarks are used

by the receiver to retrieve the hidden data. The bookmarks also help in

differentiating whether data is present or not within the container. The module

also provides extended support to remove the existing data and reuse the container

to hide any other data. The module prompts to overwrite data if any existing data

is found.

Image Comparison Using Pixel By Pixel Method

The easiest way to compare at the first point is to compare the size of the

source and target images. If they match the image data (pixels) should be checked

for uniform format (bitmap). A conversion module converts from other formats to

bitmap format. As various images have different number of bytes per pixel it is

necessary to determine the bytes per pixel (8/16/24/32/48/64 and RGB/Gray

scale). Loop thru both the images to pickup pixel by pixel comparing each time.

The images are assumed to be in the form of large rectangular dimensions or

matrix for this. Only when all the pixels in the corresponding matrix are identical

the comparison returns a true value else it returns false.

5.4 OTHER NON FUNCTIONAL REQUIREMENTS

PERFORMANCE REQUIREMENTS

As the application handles images and binary data, a high resolution monitor and a

RAM of at least 1 GB would enhance the performance.


SAFETY REQUIREMENTS

No harm is expected from the use of the product either to the OS or any data that

resides on the client system.

PRODUCT SECURITY REQUIREMENTS

The product is protected from un-authorized users from using it. The system

allows only authenticated users to work on the application. The users of the

system are network users (Sender & Receiver).

SOFTWARE QUALITY ATTRIBUTES

The product is user friendly as it windows forms based. As it is developed in .Net

it is highly interoperable with OS that have provided support for MSIL (Server

side). The system requires less maintenance as the backend is an RDBMS and

supports high security.

TESTING REQUIREMENTS

The application performs the following testing,

a) White box testing is performed across the modules; Checking line by line

all possible paths to trace errors. Valid, Invalid and null inputs are given to

test it.

b) Black box testing is done in modules; to test database connectivity.

ADO.Net is used to communicate with the database which uses providers

[driver]. These are tested as black boxes by providing inputs whose

outputs are known but not the business or functional logic.

c) Unit Testing is done to check each module performs as expected. In

modules where there is a dependency, the O/P of one module is sent as I/P

of another and both flow of data and time delays checked.

d) System testing is done integrating all the modules and necessary hardware.

This ensures that the application as a whole doesn’t fail when tested on

infrastructure dependency.


DESIGN CONSTRAINTS

The application requires a central server, similar to the one provided by the

ISP. Although the OS is not a dependent factor, any OS that supports MSIL is a

must. The backend database should be installed and available [service].

5.5 EXTERNAL INTERFACE REQUIREMENTS

USER INTERFACES

The application is provided with keyboard shortcuts, and a facility to use

the mouse to trigger the required actions. They act as shortcuts and provide an

easy navigation within the software. Appropriate error handling is done using

Exceptions in-order to isolate abnormal results or conditions. Alerts/Message

boxes and dialogs are used by the application to communicate with the user.

HARDWARE & COMMUNICATION INTERFACES

The application concentrates on using text, images and binary containers

(audio, video etc) and can be deployed over the internet/intranet.

SOFTWARE INTERFACES

The incoming data to the product would be raw text data and images. The

outgoing data would be the text and images. A database is maintained to store the

text and URL information about the images. Ms-access is the database with a

version of minimum 2003 as requirement. MSIL should be present on the

communicating ends.

5.6 CONCLUSION

The application can now be used in various organization and industries where

users or staff communicates over the network. The application provides security

in making the data unavailable to a hacker. Organizations/Staff can now secure

data in various containers other than images.

SYSTEM DESIGN


CHAPTER-6

SYSTEM DESIGN

6.1 INTRODUCTION

Software design sits at the technical kernel of the software engineering

process and is applied regardless of the development paradigm and area of

application. Design is the first step in the development phase for any engineered

product or system. The designer’s goal is to produce a model or representation of

an entity that will later be built. Beginning, once system requirement have been

specified and analyzed, system design is the first of the three technical activities -

design, code and test that is required to build and verify software.

The importance can be stated with a single word “Quality”. Design is the

place where quality is fostered in software development. Design provides us with

representations of software that can assess for quality. Design is the only way that

we can accurately translate a customer’s view into a finished software product or

system. Software design serves as a foundation for all the software engineering

steps that follow. Without a strong design we risk building an unstable system –

one that will be difficult to test, one whose quality cannot be assessed until the last

stage.

6.2 DATA FLOW DIAGRAMS . The development of DFD’S is done in several levels. Each process in

lower level diagrams can be broken down into a more detailed DFD in the next

level. The lop-level diagram is often called context diagram. It consists a A data

flow diagram is graphical tool used to describe and analyze movement of data

through a system. These are the central tool and the basis from which the other

components are developed. The transformation of data from input to output,

through processed, may be described logically and independently of physical

components associated with the system. These are known as the logical data flow

diagrams. The physical data flow diagrams show the actual implements and

movement of data between people, departments and workstations. A full


description of a system actually consists of a set of data flow diagrams. Using two

familiar notations Yourdon, Gane and Sarson notation develops the data flow

diagrams. Each component in a DFD is labeled with a descriptive name. Process

is further identified with a number that will be used for identification purpose

single process bit, which plays vital role in studying the current system. The

process in the context level diagram is exploded into other process at the first level

DFD.

The idea behind the explosion of a process into more process is that

understanding at one level of detail is exploded into greater detail at the next level.

This is done until further explosion is necessary and an adequate amount of detail

is described for analyst to understand the process. Larry Constantine first

developed the DFD as a way of expressing system requirements in a graphical

from, this lead to the modular design.

A DFD is also known as a “bubble Chart” has the purpose of clarifying

system requirements and identifying major transformations that will become

programs in system design. So it is the starting point of the design to the lowest

level of detail. A DFD consists of a series of bubbles joined by data flows in the

system.

DFD SYMBOLS:

In the DFD, there are four symbols

1. A square defines a source(originator) or destination of system data

2. An arrow identifies data flow. It is the pipeline through which the

information flows

3. A circle or a bubble represents a process that transforms incoming data

flow into outgoing data flows.

4. An open rectangle is a data store, data at rest or a temporary repository of

data


Process that transforms data flow.

Source or Destination of data

Data flow

Data Store

CONSTRUCTING A DFD:

Several rules of thumb are used in drawing DFD’S:

1. Process should be named and numbered for an easy reference. Each name

should be representative of the process.

2. The direction of flow is from top to bottom and from left to right. Data

traditionally flow from source to the destination although they may flow

back to the source. One way to indicate this is to draw long flow line back

to a source. An alternative way is to repeat the source symbol as a

destination. Since it is used more than once in the DFD it is marked with a

short diagonal.

3. When a process is exploded into lower level details, they are numbered.

4. The names of data stores and destinations are written in capital letters.

Process and dataflow names have the first letter of each work capitalized


A DFD typically shows the minimum contents of data store. Each data

store should contain all the data elements that flow in and out. Questionnaires

should contain all the data elements that flow in and out. Missing interfaces

redundancies and like is then accounted for often through interviews.

SAILENT FEATURES OF DFD’S

1. The DFD shows flow of data, not of control loops and decision are

controlled considerations do not appear on a DFD.

2. The DFD does not indicate the time factor involved in any process whether

the dataflow take place daily, weekly, monthly or yearly.

3. The sequence of events is not brought out on the DFD

UNIFIED MODELING LANGUAGE

The unified modeling language allows the software engineer to express an

analysis model using the modeling notation that is governed by a set of

syntactic semantic and pragmatic rules.A UML system is represented using

five different views that describe the system from distinctly different

perspective. Each view is defined by a set of diagram, which is as follows.

User Model View

This view represents the system from the users perspective. The analysis

representation describes a usage scenario from the end-users perspective.

Structural model view

In this model the data and functionality are arrived from inside the system.

This model view models the static structures.

Behavioral Model View

It represents the dynamic of behavioral as parts of the system, depicting the

interactions of collection between various structural elements described in the

user model and structural model view.


Implementation Model View

In this the structural and behavioral as parts of the system are represented as

they are to be built.

Environmental Model View

In this the structural and behavioral aspects of the environment in which the

system is to be implemented are represented.

UML is specifically constructed through two different domains they are

UML Analysis modeling which focuses on the user model and

structural model views of the system

UML design modeling, which focuses on the behavioral modeling,

implementation modeling and environmental model views.

INTRODUCTION TO THE UNIFIED MODIFIED LANGUAGE

Building a model for a software system prior to its construction

is as essential as having a blueprint for building a large building. Good

models are essential for communication among project teams. As the

complexity of the systems increases, so does the importance of good

modeling techniques.

A modeling language must include:

Model elements- fundamental modeling concepts and semantics

Notation-visual rendering of model elements

Guidelines-expression of usage within trade

The use of visual notation to represent or model a problem can provide us several

benefits relating to clarity, familiarity, maintenance, and simplification. The main

reason for modeling is the reduction of complexity. The Unified Modeling

Language (UML) is a set of notations and conventions used to describe and model

an application. The UML is intended to be a universal language for modeling

systems, meaning that it can express models of many different kinds and

purposes, just as a programming language or a natural language can be

used in different ways. A model” is an abstract representation of a system ,


constructed to understand the system prior to building or modifying it. The

term “system” is used here in a broad sense to include any process or

structure. For example, the organizational structure of a corporation , health

services, computer software, instruction of any sort (including computers) , the

national economy, and so forth all would be termed “Systems”.

The unified modeling language is a language for specifying,

constructing, visualizing, and documenting the software system and its

components. The UML is a graphical language with sets of rules and

semantics. The rules and semantics of a model are expressed in English, in

a form known as “object constraint language”(OCL).OCL is a specification

language that uses simple logic for specifying the properties of a system.

The UML is not intended to be a visual programming language in

the sense of having all the necessary visual and semantic support to replace

programming languages. However, the UML does have a tight mapping to a

family of object-oriented languages, so that you can get the best of both

worlds.

The primary goals in the design of the UML were as follows:

1. Provide users ready-to-use, expensive visual modeling languages so they can

develop and exchange meaningful models.

2. Provide extendibility and specialization mechanisms to extend the core

concepts.

3. Be independent of particular programming languages and development

process.

4. Provide a formal basis for understanding the modeling language.

5. Encourage the growth of the OO tools market.

6. Support higher level development concepts.

7. Integrate best practices and methodologies.


UML is a language used to:

“Visualize” the software system well-defined symbols. Thus a developer or tool

can unambiguously interpret a model written by another developer, using UML

“Specify the software system and help building precise, unambiguous and

complete models.

“Construct” the models of the software system that can directly

communicate with a variety of programming languages.

“Document” models of the software system during its development stages.

Architectural views and diagrams of the UML

The UML Meta model elements are organized into diagrams. Different diagrams

are used for different purposes depending on the angle from which you are

viewing the system. The different views are called “architectural views”.

Architectural views facilitate the organization of knowledge, and diagrams enable

the communication of knowledge. Then knowledge itself is within the model or

set of models that focuses on the problem and solution. The architectural

views and their diagrams are summarized below:

The “user model view” encompasses a problem and solution from

the preservative of those individuals whose problem the solution addresses. The

view presents the goals and objectives of the problem owners and their

requirements of the solution. This view is composed of “use case diagrams”.

These diagrams describe the functionality provided by a system to external actors.

It contains actors, use cases, and their relationships.

The “Structural model view” encompasses the static, or structural,

aspects of a problem and solution. This view is also known as the static or

logical view. This view is composed of the following diagrams


The “Class diagrams” describe the static structure of a system, or

how it is declared rather than how it behaves. These diagrams contain classes

and associations.

The “object diagrams” describe the static structure of a system at a

particular time during its life. These diagrams contain objects and links.

The “behavioral model view” encompasses the dynamic or behavioral

aspects of a problem and solution. The view is also known as the dynamic,

process, concurrent or collaborative view. This view is composed of the

following diagrams:

The “Sequence diagrams” render the specification of behavior. These

diagrams describes the behavior provided by a system to interactions.

These diagrams contain classes that exchange messages with in an interaction

arranged in time sequence. In generic form, These diagrams describe a set

of message exchange sequences among a set of classes. In instance

form(scenarios), these diagrams describe one actual message exchange

sequence among objects of those classes.

The “Collaboration diagrams” render how behavior is realized

by components with in a system. These diagrams contain classes,

associations, and their message exchanges with in a collaboration to

accomplish a purpose. In generic form, these diagrams describe a set of

classes and associations involved in message exchange sequences. In

instance form(scenarios), these diagrams describe a set of objects of those

classes links confirming to the associations, and one actual message

exchange sequence that inconsistent with the generic form and uses

those objects and links.

The “State chart diagrams” render the states and responses of a

class participating in behavior, and the life cycle of an object. These

diagrams describe the behavior of a class in response to external stimuli.


The “Activity diagrams” render the activities of a class participating

in behavior. These diagrams describe the behavior of a class in response

to internal processing rather than external events. Activity diagrams

describe the processing activities within a class.

The “Implementation model view” encompasses the structural

and behavioral aspects of the solution’s realization. This view is also

known as the component or development view and is composed of

“component diagrams”. These diagrams describe the organization of and

dependencies among software implementation components. These diagrams

contain components and their relationships.

The “Environment model view” encompasses the structural and

behavioral aspects of the domain in which a solution must be realized.

This view is also known as the deployment or physical view. This view is

composed of “deployment diagrams”. These diagrams describe the

configuration of processing resources elements and the mapping of

software implementation components onto them. These diagrams contain

nodes, components and their relationships.

UML DIAGRAMS

Every complex system is best approached through a small set of

nearly independent views of a model; no single viewer is sufficient.

Every model may be expressed at different levels of fidelity. The best models

are connected to reality. The UML defines nine graphical diagrams.

1. Class diagram

2. Object diagram

3. Use-case diagram

4. Behavior diagrams

5. Interaction diagrams

6. Sequence diagram

7. Collaboration diagram

SYSTEM TESTING

AND IMPLEMENTATION


CHAPTER 7

TESTING AND IMPLEMENTATION

7.1 INTRODUCTION

Software testing is a critical element of software quality assurance and

represents the ultimate review of specification, design and coding. In fact, testing is

the one step in the software engineering process that could be viewed as destructive

rather than constructive.

A strategy for software testing integrates software test case design methods

into a well-planned series of steps that result in the successful construction of

software. Testing is the set of activities that can be planned in advance and conducted

systematically. The underlying motivation of program testing is to affirm software

quality with methods that can economically and effectively apply to both strategic to

both large and small-scale systems.

7.2 STRATEGIC APPROACH TO SOFTWARE TESTING

The software engineering process can be viewed as a spiral. Initially system

engineering defines the role of software and leads to software requirement analysis

where the information domain, functions, behavior, performance, constraints and

validation criteria for software are established. Moving inward along the spiral, we

come to design and finally to coding. To develop computer software we spiral in

along streamlines that decrease the level of abstraction on each turn.

A strategy for software testing may also be viewed in the context of the spiral.

Unit testing begins at the vertex of the spiral and concentrates on each unit of the

software as implemented in source code. Testing progresses by moving outward along

the spiral to integration testing where the focus is on the design and the construction

of the software architecture. Talking another turn on outward on the spiral we

encounter validation testing where requirements established as part of software

requirements analysis are validated against the software that has been constructed.

Finally we arrive at system testing, where the software and other system elements are

tested as a whole.


UNIT TESTING

Unit testing focuses verification effort on the smallest unit of software design,

the module. The unit testing we have is white box oriented and some modules the

steps are conducted in parallel.

WHITE BOX TESTING

This type of testing ensures that

All independent paths have been exercised at least once

All logical decisions have been exercised on their true and false sides

All internal data structures have been exercised to assure their validity.

To follow the concept of white box testing we have tested each form .we have created

independently to verify that Data flow is correct, All conditions are exercised to check

their validity, All loops are executed on their boundaries.

UNIT TESTING

MODULE TESTING

SUB-SYSTEM TESING

SYSTEM TESTING

ACCEPTANCE TESTING

Component

Testing

Integration Testing

User Testing


BASIC PATH TESTING

Established technique of flow graph with Cyclomatic complexity was used to

derive test cases for all the functions. The main steps in deriving test cases were:

Use the design of the code and draw correspondent flow graph.

Determine the Cyclomatic complexity of resultant flow graph, using formula:

V (G) =E-N+2 or

V (G) =P+1 or

V (G) =Number of Regions

Where V (G) is Cyclomatic complexity,

E is the number of edges,

N is the number of flow graph nodes,

P is the number of predicate nodes.

Determine the basis of set of linearly independent paths.

TESTING CONDITIONAL

In this part of the testing each of the conditions were tested to both true and

false aspects. And all the resulting paths were tested. So that each path that may be

generate on particular condition is traced to uncover any possible errors.

DATA FLOW TESTING

This type of testing selects the path of the program according to the location

of definition and use of variables. This kind of testing was used only when some local

variable were declared. The definition-use chain method was used in this type of

testing. These were particularly useful in nested statements.

LOOP TESTING

In this type of testing all the loops are tested to all the limits possible. The

following exercise was adopted for all loops:


All the loops were tested at their limits, just above them and just below

them.

All the loops were skipped at least once.

For nested loops test the inner most loop first and then work outwards.

For concatenated loops the values of dependent loops were set with the

help of connected loop.

Unstructured loops were resolved into nested loops or concatenated loops

and tested as above.

Each unit has been separately tested by the development team itself and all the input

have been validated.

TEST CASES

Module: Login

Filename: form1.vb

Test Input Received

Output

Actual Output Description

Valid login

User Id,

password

Login

success

Login success

Test Passed!

Control

Transferred to

Menu

Invalid

login

User Id,

password

Login

Failed

Login Failed

Test Passed! Try

Again

Invalid

Login

Null, Null

Login

Failed

Login Failed

Test Passed! Try

Again


Module: Convert File

Filename: Convert.vb

Test Case Input Actual Output Obtained Output Description

Conversion Source img,

target img

Success Success Test Passed.

Image

converted

from source

to target

format

Conversion

Source img,

target

img,format

Failed Failed Test Passed.

Invalid

Image,

Format type

does not

match. Try

again.

Module: Slideshow

Filename: slideshow.vb



Slide show Source

folder


Display images

one by one

based on user

input (prev /

next) or timer

interval.

Slide show

Source

folder


No images in

current

directory.

Module: Pixel by Pixel using Hash Comparison

Filename: hash.vb


Compare

Images

Source &

Target

Images


Hash generated,

display

compare status.

Compare

Images

Source &

Target

Images


Invalid image

format, Vary in

size, File not

found. Try

Again


Module: Change Password

Filename: Form2.java

Test Input Received

Output


Valid

Password,

Password

updating

Old Pwd, New

Pwd & Conf

Pwd

Success

Success

Test Passed!

Password

Changed

Invalid

Password,

Password

updating

Failed

Old Pwd, New

Pwd & Conf

Pwd

Failed

Failed

Test Passed!

Old Pwd

incorrect or

new Pwd &

conf Pwd

mismatch

Module: Append Binary

Filename: steganoz.vb

Test Input Received

Output


Container,


Stegano hide Password, data

to hide

Success Success Test Passed!

New image

created with

appended

hidden data

Hide data

Fail

Container,

Password, data

to hide >

length of

image

Failed

Failed

Test Passed!

Try again.

Invalid

image or

container

format or file

doesn’t exist

Retrieve data

Container,

Password

Success

Success

Test Passed!

Data

retrieved

from

container.

Retrieve data

Fail

Image,

Password,

Failed

Failed

Test Passed!

Image did

not contain

any data

Retrieve data

Fail

Image,

Password,

Failed

Failed

Test Passed!

Password

incorrect


Future Scope

The application can be enhanced to the networks, enabling comparison

between images on different terminals.

Display the number of pixels that are identical and those not.

Use biometric devices to secure data.

Limitations:-

The server hosting SQLSERVER should be online through out.

The server should contain the user accounts of the sender and receiver

without providing DBA permissions.

CONCLUSION

The application can now be used by network users to secure and transfer

their data. The users of the network, irrespective of their application being used

can use this application to secure transmitted and received data. Applications such

as FTP, emails, attachments, SMS, messenger for chat etc can now use the secure

data for communication. The application is not focused for any industry or

community. It can be used by both intranet and internet users. When in Intranet

the application can be used by employees or staff of an organization to

communicate securely.

IMPLEMENTATION

Implementation is the stage of the project when the theoretical is turned into a

working system. At this stage the main work load and the latest upheaval shifts to the

user departments. If the implementation stage is not clearly planned and controlled, it

can cause chaos. The term implantation has different meanings, ranging from the

conversion of the basic application to a compatible replacement of a computer

system.

INSTALLATION


For the installation of the software the setup of the software has to be created

which will help us to install all the components used in the project and with the help

of which only the work can run successfully. The setup wizard will setup the product.

This will automatically includes all files to setup kit. The database entry and updating

should be done manually. Since we place the files in the network server there is a

chance to miss the files, so we keep backup copies of setup files to compact disk and

run the file setup.

CONCLUSION


CHAPTER 9

CONCLUSION

As the saying goes “Necessity is the mother of all inventions”, a need for

manipulating system administration tasks was recognised. Accordingly, highly

interactive GUI based software was developed to solve the problem.

Functionalities in “GRAPHICAL PASSWORDS FOR DATA

SECURITY” enable user-friendly interfaces and simplified approach towards the

execution of various services. The application was successfully designed,

developed and tested. All the given objectives were met with satisfaction

The application developed is designed in such a way that any further

enhancements can be done with ease. The system has the capability for easy

integration with other systems. New modules can be added to the existing system

with less effort. Future systems will be facilitating employers with online

transaction through credit card services.

BIBILOGRAPHY


BIBILOGRAPHY

The books referred during the development of the system are specified below.

Complete reference of .Net -By JOSE, MOJICA

VB .Net language reference -By Steven Roman

Programming Windows -By Charles Petzold, 2002

An Introduction to Database Systems -By Date. C. J., 1994

Database Management Systems -By Raghu Ramakrishnan,

Software Engineering, A Practitioner’s Approach -By Roger .S. Pressman

Websites:

www.w3schools.com

www.learnvisualstudio.net

www.microsoft.msdn.com

http://www.w3schools.com/

http://www.learnvisualstudio.net/

http://www.microsoft.msdn.com/

APPENDIX

UML DIAGRAMS


APPENDIX-1

UML DIAGRAMS

USE CASE DIAGRAM


CLASS DIAGRAM


SEQUENCE DIAGRAM – 1


SEQUENCE DIAGRAM - 2






COLLABORATION DIAGRAM – 1






ACTIVITY DIAGRAM


STATE CHART DIAGRAM


DEPLOYEMENT DIAGRAM

TABLES


APPENDIX – 2

TABLES

Table name: Graphpwd

Table name: useraccount

Column name Data type Description Constraints

transid Varchar(50) Transaction id Primary key

pwdx Varchar(max) X coordinates

pwdy Varchar(max) Y coordinates

img Varchar(max) Image

fpwd Varchar(50) File password

floc Varchar(max) File location

Column name Data type Description Constraints

userid Varchar(50) User ID Primary key

pwd Varchar(50) Password

SCREENS


APPENDIX -3

SCREENS

LOGIN


CHANGE PASSWORD


MENU


SLIDE SHOW MANUAL MODE


SLIDE SHOW AUTO MODE


IMAGE CONVERTION


IMAGE CONVERTION


IMAGE CONVERTION


IMAGE COMPARISON


IMAGE COMPARISON


IMAGE COMPARISON


GENERATE PASSWORD



GENERATE PASSWORD


GENERATE PASSWORD


HIDING DATA USING STEGANOGRAPHY


STEGANOGRAPHY


GRAPHICAL LOGIN


GRAPHICAL LOGIN


GRAPHICAL LOGIN


GRAPHICAL LOGIN


RETRIEVING HIDDEN DATA USING STEGANOGRAPHY


STEGANOGRAPHY


STEGANOGRAPHY


STEGANOGRAPHY

GLOSSARY


APPENDIX – 4

GLOSSARY

SRS Software Requirement Specification

UML Unified Modeling Language

CLR Common Language Runtime

RAD Rapid Application Development

CAD Context Analysis Diagram

SQL Structured Query Language

TPL Third Party Liability

Date post:	27-Oct-2014
Category:	Documents
Upload:	ajith3000
View:	966 times
Download:	11 times

Graphical Password

Documents