Color Scheme Authentication

7/21/2019 Color Scheme Authentication

1/25

MINI PROJECT 2014

Color Scheme Authentication

OPERATIONAL FEASIBILITY

The proposed system was found to feasible in all these different classifications of

the study and this led to the design of the system.

The important points to be studied before the design of the system are the software

engineering principles such as:

Rigor and formality

Separation of concerns

Modularity

Abstraction Anticipation of change

Generality

Incrementality

The above principles were carefully studied and implemented in various phases of

the proect! which will be discussed in the following sections.

Rigor and formality: Software "ngineering is a creative design activity! but it

must be practiced systematically. Rigor is a necessary complement to

creativity that increases our confidence in our developments. #ormality is

rigor at the highest degree. Rigorous documentation of development steps

helped proect management and assessment of timeliness.

Separation of concerns: To dominate comple$ity! separate the issue to

concentrate on one at a time. %&ivide ' con(uer) supports paralleli*ation of

efforts and separation of responsibilities. Go through phases one after the

other+as in water fall model,. -e did separation of concerns by separating

activities with respect to parts. This resulted in two parts of the proect which

made the tas (uite simple.

Modularity: A comple$ system may be divided into simpler pieces called

modules. A system that is composed of modules is called modular. The

concepts of cohesion and coupling are to be applied. -hen dealing with a


2/25

module we can ignore details of other modules. There are two modules in this

proect which handles server and client.

Abstraction: Identify the important aspects of a phenomenon and ignore its

details. It is a special case of separation of concerns. The type of abstraction

to apply depends on its purpose. #or e$ample: The comple$ity of

authentication process is hidden from the user.

Anticipation of change: Ability to support software evolution re(uires

anticipating potential future changes. It is the basis for software evolvability.

#or e$ample: #urther versions of encryption algorithm can easily be

implemented in the proposed system.

Generality: The principle of generality is closely related to the principle of

anticipation of change. It is important in designing software that is free from

unnatural restrictions and limitations. -hile solving a problem! try to discover

if it is an instance of a more general problem whose solution can be reused in

other cases. /arefully! balance generality against performance and cost!

sometimes a general problem is easier to solve than a special case. 0ur

system is more generalised to all classes of biometric data sets which

includes face recognition! iris! hand geometry etc.

Incrementality: An incremental software development process simplifiesverification. If you develop software by adding small increments of

functionality then! for verification! you only need to deal with the added

portion. If there are any errors detected then they are already partly isolated

so they are much easier to correct. A carefully planned incremental

development process can also ease the handling of changes in re(uirements.

To do this! the planning must identify use cases that are most liely to be

changed and put them towards the end of the development.process.

SYSTEM DESIGN AND ANALYSIS

INPUT DESIGN


3/25

MINI PROJECT 2014

The input design is very important for any application. The input design describes

how the software communicates within itself! to system that interested with it and with

human who use it. The input design is the process of converting the user1oriented

inputs into the computer1based format. The data is fed into the system using simple

interactive forms. The forms have been supplied with message so that user can enter

the data without facing any difficulty. The data is validated wherever it re(uires in the

proect.

OUTPUT DESIGN

0utputs are the most important and direct source in information to the consumer

and administrator. Intelligent output design will improve the system2s relationship with

user and help in decision maing. It has a conversation panel to display the connection

information! remote messages and information for user.

"fficient! intelligent output design should improve the system2s relationship with

the user and help in decisions maing. Since the reports are directing reffered by the

management for taing decision and to draw conclusion they must be designed with

almost care and the details in the reports must be simple! descriptive and clear to the

user. So while designing output the following things are to be considered.

EISTING SYSTEM

Traditonal method used for authentication is te$tual password. The

volunerabilities of this method lie eves dropping!dictionary attac! social enginnering

and shoulder suffering are well nown. Random and lengthy passwords can mae the

system secure. 3ut the main problem is the difficulty of remembering those passwords.

Studies have shown that users tend to pic short passwords or passwords that are easy

to remember. 4nfortunately! these passwords can be easily guessed or craced.

PROPOSED SYSTEM

-e propose a new authentication scheme %/olor Scheme Authentication ).

Instead of ust words we propose a system in which authentication is done using colors

and numbers. 4sers can give values from 5 to 6 for the given 6 colors. 4sres can even


4/25

give same value for two different colors.this maes the authentication method ris free

of shoulder attac! dictionary attac!eves dropping etc. That is evolved if the logic every

user uses for giving values for colors is simple.

&uring registration! user should rate colors. The user should rate colors from 5 to

6and he can remember it as %R7803GI9). Same rating can given to different colors.

&uring the login phase! when the user enters his user name an interface is displayed

based on the colors selected by the user. The login interphase consists of grid of si*e

6$6. This contains digit 516 placed randomly in grid cells. The interface also contains

strips of colors. The color grid consists of pairs of colors. "ach pair of color represents

the row and the colomn of the grid.


5/25

MINI PROJECT 2014


6/25

The login interface having the color grid and number grid of 6$6 having numbers

5 to 6 randomly placed in the grid. &epending on the ratings given to colors! we get the

session passwords. As discussed above! the first color of every pair in color grid

represents row and second represents colomn of the number grid. The number in the

intersection of the row and colomn of the grid is part of the session password. The first

pair has red and yellow colors. The red color rating is 5 and yellow color rating is ;. So

the first letter of session password is 5strow and ;rdcolomn intersecting element i.e! ;.

The same method is followed for other pairs of colors. So the password is %;char+MA?, uncheced

4name >char+MA?, 4ncheced

Sec( >char+MA?, 4ncheced

Ans >char+MA?, 4ncheced

"id >char+MA?, 4ncheced

9hno >char+MA?, 4ncheced

7ac >char+MA?, 4ncheced

3lue >char+MA?, 4ncheced

Red >char+MA?, 4ncheced

0range >char+MA?, 4ncheced

8ellow >char+MA?, 4nchecedGreen >char+MA?, 4ncheced

3rown >char+MA?, 4ncheced

>iolet >char+MA?, 4ncheced


7/25

MINI PROJECT 2014

SYSTEM RE!UIREMENTS

"ar#$are Re%uirement&

9rocessor : Intel or AM& processor computer RAM : @


8/25

interface designers!integrated debugger!and many other tools to mae it easier to

develop applications based on version .D of the cE language and version .D of the

.Cet framewor.

ASP)NET 'rame $or*

The .Cet languages: these include visual basic! cE! script . Cet ! E and c.

The /ommon7anguage Runtime +/7R,: this is the engine that e$ecutes

all .Cet programs and provides automatic services for these applications!such as

security checing!memory management! and optimi*ation.

The .Cet frame wor class library : the class library collects thousands

of pieces of prebuilt functionality that you can %snap in) to your applications.These

feature sare sometimes organised into technology sets ! such as A&0.C"T+the

technology for creating database applications,and windows forms+the technology for

creating destop user interfaces,.

AS9.C"T:this is the engine that hosts the web applications you create

with .Cet and supports almost any feature from the .Cet class library.AS9.C"T also

includes a set ofwebspecific services!lie secure authentication and data storage.

>isual studio :this optional development tool consists of a rich set of

productivity and system development life cycle +S&7/,models have been created:

waterfall!fountain!spiral!build and fi$!rapid prototyping!incremental and synchroni*edand stabilise.

BAC+ END

S!L Ser,er -../

Microsoft SF7server is a relational database server ! developed by

Microsoft : it is a software product whose primary function is to store and retrieve data

as re(uested by other software applications !be it those on the same computer or those

running onanother computer across anetwor.There are atleast a do*en different

editions of Microsoft SF7server aimed at different audiences and for different worloads

+ranging from small applications that store and retrieve data on the same computer!to

millions of users and computers that access hugeamounts of data from the internet at

the same time,.


9/25

MINI PROJECT 2014

SF7server @DD6 was released on august !@DD6 and aims to mae data

management self turing !self organi*ing !and self maintaining with the development of

SF7 server alwaya on technologies!to provide near *ero down time.SF7sever @DD6

also includes support for structured and semi structured data. Microsoft!SF7server

@DD6 can be a data storage bac end for different varieties of data :

$ml!email!timeHcalendar!file!document!spatial etc as well as perform search !(uery

!analysis!sharing and synchroni*ation across all data types

IMPLEMENTATION

Implementation is the stage of the proect when the theoretical design is turned

into a woring system. This is the final and important phase in the life cycle. It is actually

a process of converting a new system into an operational one.

Ta&* o' im0lementation

It is a process of bringing a developed system into components which are to be

tested ina structured and planned manner. The software should be delivered to the

users and they should have confidence that the system wor efficiently and effectively!

The more comple$ the system being implemented the more involved will be the

system analysis and design efforts re(uired for implementation.

The system carrying three modules has been implemented with confirmed

effectiveness!detection and correction of errors and maing necessary all decisions on

their true or false side changes so as to satisfy the re(uirements.

The system is using very few software pacages lie .Cet and it use the bac end

as SF7.This will very useful to store the information of the user and also easily can

transmit the data to the other user securely. This is the main advantage of the system.

-ith the system is implementing the resources can be get in very low cost.

Front En# Im0lementation

-e have designed the front end using .Cet framewor version .D. It is user

friendly and easy to use. the necessary forms re(uested for the proect could easily be

built with this. -e have created three forms in the user side. -e have drag and drop

options for placing necessary buttons on the form. There are many inbuilt pacages


10/25

visual studio to mae the design phase attaractive we ust have to import them to the

program code. since for performing all these activities we use visual studio @D5D..Cet is

the suited language for implementing our proect.

Mo#ule ,ice Im0lementation

Mainly we have @ main modules in our proect

Admin Module

4ser Module

A#min Mo#ule&

"ncryption

Authentication

Randomi*ation

U&er Mo#ule&

Sign up

7og in

Recovery

A#min mo#ule im0lementation

It consists of "ncryption! Authentication and Randomi*ation. These are done on

the coding part.

#unction for encryption is given

PublicstringEncrypt (stringplaintext, stringkey) {

byte[] clearBytes =

System.Text.Enc!ing."nic!e.#etBytes(plainText)$


11/25

MINI PROJECT 2014

Pass%r!&eri'eBytesp!b = ne%Pass%r!&eri'eBytes(key, ne%

byte[] { x*, x+, x-, xe, x, x!, x/, x, x+, x/,

x, x/, x+ 0)$

byte[] encrypte!&ata = Encrypt(clearBytes, p!b.#etBytes(1),

p!b.#etBytes(-))$

return2n'ert.TBaseString(encrypte!&ata)$

0

Publicstaticbyte[] Encrypt(byte[] clear&ata, byte[] key, byte[]

34)

{

5emryStreamms = ne%5emryStream()$

6i7n!aelalg = 6i7n!ael.2reate()$

alg.8ey = key$

alg.34 = 34$

2ryptStreamcs = ne%2ryptStream(ms, alg.2reateEncryptr(),

2ryptStream5!e.9rite)$

cs.9rite(clear&ata, , clear&ata.:engt;)$

cs.2lse()$

byte[] encrypte!&ata = ms.T


12/25

Encr10tion al2orithm

Ri3n#ael4& Al2orithm

Rindael +pronounced rain1dahl, is the algorithm that has been selected

by the 4.S. Cational Institute of Standards and Technology +CIST, as the candidate for

the Advanced "ncryption Standard +A"S,. It was selected from a list of five finalists! that

were themselves selected from an original list of more than 5< submissions. Rindael

will begin to supplant the &ata "ncryption Standard +&"S, 1 and later Triple &"S 1 over

the ne$t few years in many cryptography applications. The algorithm was designed by

two 3elgian cryptologists! >incent Rimen and Joan &aemen! whose surnames arereflected in the cipherKs name. Rindael has its origins in S(uare! an earlier collaboration

between the two cryptologists.

The Rindael algorithm is a new generation symmetric bloc cipher that supports ey

si*es of 5@6! 5L@ and @


13/25


14/25

;,AddRoundey

The Su9B1te& &te0

In the Sub3ytesstep! each byte in the state is replaced with its entry in a fi$ed 61bit

looup table! S bijO S(aij).

In the Sub3ytes step! each byte in the matri$ is updated using an 61bit substitution bo$!

the Rindael S1bo$. This operation provides the non1linearity in the cipher. The S1bo$ used is

derived from the multiplicative inverse over GF+28,! nown to have good non1linearity properties.

To avoid attacs based on simple algebraic properties! the S1bo$ is constructed by combining

the inverse function with an invertible affine transformation. The S1bo$ is also chosen to avoid

any fi$ed points +and so is a derangement,! and also any opposite fi$ed points.

The Shi't Ro$& &te0


15/25

MINI PROJECT 2014

In the ShiftRows step! bytes in each row of the state are shifted cyclically to the left.

The number of places each byte is shifted differs for each row.

The ShiftRows step operates on the rows of the state it cyclically shifts the bytes in

each row by a certain offset. #or A"S! the first row is left unchanged. "ach byte of the

second row is shifted one to the left. Similarly! the third and fourth rows are shifted by

offsets of two and three respectively. #or the bloc of si*e 5@6 bits and 5L@ bits the

shifting pattern is the same. In this way! each column of the output state of the

ShiftRows step is composed of bytes from each column of the input state. +Rindael

variants with a larger

bloc si*e have slightly different offsets,. In the case of the @


16/25

&uring this operation! each column is multiplied by the nown matri$ that for the 5@6 bit

ey.

The multiplication operation is defined as: multiplication by 5 means

leaving unchanged! multiplication by @ means shifting byte to the left and multiplication

by ; means shifting to the left and then performing $or with the initial unshifted value.

After shifting! a conditional $or with D$53 should be performed if the shifted value is

larger than D$##.

In more general sense! each column is treated as a polynomial over

G#+@6, and is then multiplied modulo $5 with a fi$ed polynomial c+$, O D$D; P $; $@

$ D$D@. The coefficients are displayed in their he$adecimal e(uivalent of the binary

representation of bit polynomials from G#+@,Q$. The Mi$/olumns step can also be

viewed as a multiplication by a particular M&S matri$ in a finite field. This process is

described further in the article Rindael mi$ columns.

The A##Roun#+e1 &te0


17/25

MINI PROJECT 2014

In the AddRoundey step! each byte of the state is combined with a byte of the round

subey using the ?0R operation +,. In the AddRoundey step! the subey is combined

with the state. #or each round! a subey is derived from the main ey using RindaelKs

ey schedule each subey is the same si*e as the state. The subey is added by

combining each byte of the state with the corresponding byte of the subey using

bitwise ?0R.

U&er mo#ule im0lementation

4ser module consists of ; modules

Sign up

7og in

Recovery

Si2n u0

Sign up module is the main part of the proect. This module is used to sign up color

scheme authentication. The signup includes username! email id! security (uestion and

answer along with password. 4nless user don2t sign up user cannot login.

Lo2in

The login module is nothing but the processes of logging of a signed up user usingcolor scheme authentication. The user has to login using color scheme authentication

to get to his account.

Reco,er1

The Recovery module does the recovery of the user account in case user forgets the

password. This is done by using a custom security (uestion and answer. 0nce the user

passes this process he will be redirect to page from which the user can get bac

access to his account.

TESTING

Testing is the vital to the success of the system.System itesting maes a logical

assumption that if all the part of the system are correct!the goal will be successfully


18/25

achieved.System testing is the stage of implementation that we aimed at assuring that

the system wors accurately and efficiently before live operation commences.

Software testing is a critical element of software (u(lity assurance represents the

ultimate review of specification!design and coding.The user tests the developed system

and changes are made according to there needs.The testing phase involves the testing

of developed system using various inds of data.

Te&tin2 O93ecti,e&

Testing is the process of e$ecuting the program with the intention of

finding an error

A good test is one that has high probability of finding an as yet

undiscovered

A successful test is that which uncovers as1yet1undiscovered error

;hite 9o: te&tin2

-hite bo$ testing foccuses on the program control structure.In our proect whenuser enters his details!thesystem will chec the database and if it is valid then the whole

lines are from.And also when the message to the user the whole lines are reading from

the te$t area and it will display in the same format in the receiver side.These are all

indicates that the control structures wor efficiently. If there is any error it will display the

null pointer e$cepion in the console.

Blac* 9o: te&tin2

3lac bo$ testing is a method of software testing that tests the functionality of

application as opposed to its internal structures of worings+see white bo$

testing,.Specific nowledge of application2s codeHinternal structure and programming

nowledge in general is not re(uired.The tester is only aware of what the software is

supposed to do!but not how i.e.-hen he enters a certain input!he gets a crtain output

without being aware of how the output was produced in the first place.Test cases are


19/25

MINI PROJECT 2014

built around specifications and re(uirements!i.e.what the application is supposed to do.It

uses e$ternal descriptions of the software!including specifications!re(uirements!and

design to derive test cases.These tests can be functional or non1functional!though

usually functional.The designers selects valid and invalid inputs and determines the

correct output.There is no nowledge of the test obect2s internal structure.

Unit te&tin2

4nit testing is carried out to screen wise!each screen being identified as an

obect.Attention is diverted to individual modules! independently to one another to locate

errors in coding and logic

In unit testing

Module is tested to ensure that information properly flows into and

out of the program uder test.

7ocal data structures are e$amined to ensure that data stored

temporarily maintains its integrity during all steps in algorithm

e$ecution

3oundary condition is tested to ensure that module operates

properly at boundaries established to limit or restrict processing.

All independent paths through the control structures are e$ecuted

to ensure that all atatements in the module have been e$ecuted atleast once.

"rror handling paths are also tested.this tests focuses verification

effort on the smallest unit of software design modules.

Bere the module interfacs boundary conditions and all indipendent paths were

verified by inputting false data."ach single operation is tested individually for its correct

functionality.

Inte2ration te&tin2

Integration testing is a systematic techni(ue for constructing the program

structure while at the same time conducting tests to uncover errors asssociated with

interfacing.


20/25

4nit tested module were taen and single program structure was built that has been

dictated by the design.Incremental integration has adpoted here.The entire software

was developed and tested in small segments where errors were easily to locate and

rectify."ach database or table manipulation operation were separately tested and

combined to form a single program.After integation!the single program was tested again

with numerous test data to chec for its functionality.

The integration can be performed in two ways Top &own integration and 3ottom

4p integration

Al0ha te&tin2

A series of acceptance tests were conducted to enable the employees of the firm

to validate re(uirements.The end user conducted it.The suggestions!along with the

additional re(uirements of the end user were included in the proect.

Beta te&tin2

It is to be conducted by the end1user without the presence of the developer.It can

be conducted over a period of wees or month.Since it is a long time consuming

activity!it result is out of scope of this proect report.3ut its result will help to enhance the

product at later time.

Final te&tin2

-hen a system is developed! it is hoped that it performs properly.In practice!

however ! some errors always occur.The main purpose of testing an information system

is to find the errors and correct them.A successful test is one! which finds an error.

APPENDI A


21/25

MINI PROJECT 2014

USER MANUAL

1. Install .net and SF7 Server.

2. /reate database and tables on SF7 Server.

3. Run the program code on the visual studio.

4. /reate a new account as shown in figure.

5. A registered user can directly login by typing hisHher username and password as

shown in figure.

6. If verification is success then! heHshe can enter.

7. If the user lost his password they can retrieve it from the password recovery by

using security (uestion.

APPENDI B

SCREEN S"OTS


22/25

Fig 1 Sign up


23/25

MINI PROJECT 2014

Fig 2 Login


24/25

Fig 3 Passo!" R#$o%#!&


25/25

MINI PROJECT 2014

Fig 4 '#(au)*

Color Scheme Authentication

Documents

Transcript of Color Scheme Authentication