EVENT ATTENDANCE SYSTEM USING ONE-TIME PASSWORD(OTP) · 2018. 5. 28. · The attendance system is...
57
EVENT ATTENDANCE SYSTEM USING ONE-TIME PASSWORD(OTP) NURUL FARHANA BINTI BASAR BACHELOR OF COMPUTER SCIENCE (NETWORK SECURITY) UNIVERSITI SULTAN ZAINAL ABIDIN 2018
Transcript of EVENT ATTENDANCE SYSTEM USING ONE-TIME PASSWORD(OTP) · 2018. 5. 28. · The attendance system is...
EVENT ATTENDANCE SYSTEM USING
ONE-TIME PASSWORD(OTP)
NURUL FARHANA BINTI BASAR
BACHELOR OF COMPUTER SCIENCE
(NETWORK SECURITY)
UNIVERSITI SULTAN ZAINAL ABIDIN
2018
EVENT ATTENDANCE SYSTEM USING ONE-TIME PASSWORD (OTP)
NURUL FARHANA BINTI BASAR
Bachelor of Computer Science (Network Security)
Faculty of Informatics and Computing
Universiti Sultan Zainal Abidin, Terengganu, Malaysia
MAY 2018
i
DECLARATION
I hereby declare that this report is based on my original work except for quotations and
citations, which have been duly acknowledged. I also declare that it has not been previously
or concurrently submitted for any other degree at Universiti Sultan Zainal Abidin or other
institutions.
________________________________
Name: ..................................................
Date: ..................................................
ii
SUPERVISOR ENDORSEMENT
I have read this project report, and in my opinion, this report fulfils the requirement for
CSB 35102 Academic Project Proposal for Degree of Computer Science (Network Security).
________________________________
Supervisor name: Dr Mohamad Afendee Bin Mohamed
Date: ..................................................
iii
DEDICATION
Assalamualaikum w.b.t, firstly I would like to express my gratitude to Allah the Almighty for
his grace and the Mercy in completing my project.
Then, I would like to thank my supervisor for this Final Year Project, Dr. Mohamad Afendee
Bin Mohamed for being a responsible and supporting lecturer to guide and aid me towards
the accomplishment of this project. Thank you for brainstorming the ideas along the solution
together for me illustrate the main idea and help in understanding my project more.
Next, I would like to appreciate to all member of panels for their valuable feedback and their
comment on improving my project for better purpose especially during my project
presentation. All the comments and feedback help me improve a lot of my presentation skills
and my project progress.
Last but not least, a lot of thanks to my beloved family and friends for never ending support,
encouragement and advice for brightening my spirit to complete this final year project. A
great thanks again for all of those who are involved in my Final Year Project.
iv
ABSTRACT
In universities, there are many events that have been organized to the student. This
event helps the student to improve their knowledge and skill. By attending the event, student
shows that they are not only academically concerned but also curriculum-oriented. Merit is
important to universities students as their point to stay in college. Most of these events are
awarded with merit, so students who are attentive to their merits may attend events held by
universities to improve their merits. Normally, the event attendance is using manual
recording by using a piece of paper and pen. This way is not systematically enough and not
efficient. There are many problems arise when using the manual recording. This manual
recording consumes more time because the attendees need to queue for a long time just to
sign the attendance. Besides, the event organizer also might spend hours checking and
waiting the attendees to sign at the door with a piece of paper or spreadsheet. As an
alternative to overcome the difficulties, Event Attendance System for Students Using
One-Time Password (OTP) is being developed so that there is no use of manual recording.
The event organizer does not need to provide paper and pen to do the manual recording. The
time also will be saved because the students do not need to queue just to sign the attendance.
This proposed system is using One-Time Password (OTP) and also Quick Response (QR)
code. OTP is a password that is valid for only one login session. While QR code is the
trademark for a type of matrix barcode (or two-dimensional barcode) which contains the
information about the item to which it is attached. The attendance system is based on web
system and also mobile application. OTP is being used when student want to register for a
first time. When the students are done doing the registration, they will be given a password or
code that valid only once to connect them to the system. For recording the attendance, this
system implemented QR code. Once the students have scanned the QR code that being
displayed at the event, their attendance will be saved to the database automatically. As a
conclusion, event attendance system for student using OTP will be more efficient, accurate
and systematic than manual recording. This system also will contribute in improving the
event attendance system for students because of having the security element and also the
good authentication technique.
v
No Content Page
0
DECLARATION
SUPERVISOR ENDORSEMENT
DEDICATION
ABSTRACT
TABLE OF CONTENTS
LIST OF FIGURES
LIST OF TABLES
LIST OF ABBREVIATIONS / TERMS /SYMBOLS
i
ii
iii
iv
v-vi
vii
vii
viii
1
CHAPTER 1: INTRODUCTION
1.1 Project Background
1.2 Problem Statement
1.3 Objectives
1.4 Scopes
1.5 Limitation of works
1.6 Expected Result
1
2
2
3-4
4
4
2
CHAPTER 2: LITERATURE REVIEW
2.1 Introduction
2.2 Project and Research
2.3 Summary of Research Paper
5
6-19
19-26
3
CHAPTER 3: METHODOLOGY
3.1 Introduction
3.2 System Requirement and Specification
3.2.1 Hardware
27
28
28
vi
3.2.2 Software
3.3 System Design
3.3.1 Framework Design
3.3.2 Process Model
3.3.3 Data Model
3.4 Algorithms
3.5 Summary
29
30
30-31
32-36
37
38-40
40
4
CHAPTER 4: RESULTS AND DISCUSSION
4.1 Implementation and Output
4.1.1 Deployment / Configuration
4.1.2 Interfaces
4.2 Summary
41
42-45
46
6
REFERENCES
47-48
vii
LIST OF FIGURES
Figure Title Page
3.3.1.1 and 3.3.1.2 Framework Design
30-31
3.3.2.1 Context Diagram (CD)
32-33
3.3.2.2 Data Flow Diagram (DFD) Level 0
33-34
3.3.2.3
Data Flow Diagram (DFD) Level 1
34-36
3.3.3.1 Entity Relationship Diagram (ERD)
37
4.1.1 Event Homepage
41
4.1.2 Admin Login Page
41
4.1.3 Admin Interface (Add Event)
42
4.1.4 Admin Interface (Update Event)
42
4.1.5 Admin Interface (Delete Event)
43
4.1.6 User Interface (View event and participate the event)
43
4.1.7 User Interface (Event Participation Detail)
44
4.1.8 Feedback Interface
44
LIST OF TABLES
TABLE
TITLE PAGE
2.2.7.1 Summary comparison between time-based vs event-
based OTP.
14
2.3.1 Summary of research paper 19-26
3.2.1.1 List of hardware requirement
28
3.2.2.1 List of Software Requirement
29
viii
LIST OF ABBREVIATIONS / TERMS / SYMBOLS
CD
Context Diagram
DFD Data Flow Diagram
ERD Entity Relationship Diagram
FYP Final Year Project
OTP One-Time Password
QR Code Quick Response Code
1
CHAPTER 1
INTRODUCTION
1.1 Project Background
Traditionally, event attendance for students has been tedious, troublesome and slow,
as it uses the manual and traditional way of monitoring the attendance of the students as
regards to the event they will be attending. The attendees need to queue to wait for their turns
in order to check their name and matric number, also their sign using pen and paper as a
proof of their attendance in the event. The queues of students in registration area cause delay
of monitoring the attendance. Manual recording usage is still applicable although they are not
systematic and efficient enough to record the attendance of students in the event. But now,
almost every event attendance system can be modernized. No more use of manual recording
using pen and paper.
Due to the problems that arise, this paper has proposed a system which is Event
Attendance System Using One-Time Password (OTP). It comes with web based system and a
mobile application to record the attendance of students at the event systematically, accurately
and effectively. It implemented security element and algorithm approach which are One -
Time Password (OTP) and Quick Response Code (QR code). The registration is based on
One-Time Password. For recording the attendance, this system implements QR code. This
system acts as platform to monitor and manage the student attendance in the event efficiently
so that the students can be given with merit on every event that they are attended. The merit
also will be easy to calculate with this system. Then, with this application, the student
attendance can be recorded efficiently and easy to monitor.
2
1.2 Problem Statement
The problem that occurs makes this application develop which are:
i. The event attendance for student is taken manually using a pen and a piece of paper
that needed the student to check their name, matric no and do their sign at the right
place as a proof of their attendance in the event.
ii. The use of manual recording consumes more time because the attendees need to
queue for a long time just to sign the attendance. Sometimes, congestion occurs at the
attendance counter.
iii. The students that have been registered might absent and cheating by asking their
friends to sign for them to just get the merit point without attending the event.
Because of this problem, a system and an application may be needed in order to record the
event attendance of the students more accurately without have to record it manually. No more
use of paper and pen. One-time password will be given on each registration that has been
made by the students while QR code will be displaying at the event hall. This system will
record the attendance of the student automatically and saved into the databases when the
students are scanning the QR code using their smartphone. This system saved time, more
efficient and also systematic.
1.3 Objectives
The objective is important to achieve the goal. The main objectives for this project are:
i. To study the feasibility of One-Time Password (OTP) and Quick Response Code
(QR code) technology in Event Attendance System.
ii. To develop the Event Attendance System for Students using One-Time Password
(OTP) and Quick Response Code (QR code).
iii. To evaluate the usability of Event Attendance System using One-Time Password.
3
1.4 SCOPE
1.4.1 Scope of User
This application involves the admin and user.
1. Admin
- Insert, Create, Update and Delete the information of event
- Generate new code to verify and record attendance of the students
- View the details of student that have made the registration
2. End User
- Get up to date about new event and upcoming event that will be held
- Update the attendance to the event
- View the information related to event
- Scan the QR code that is being displayed
1.4.2 System Scope
The scope of system is:
1.4.2.1 User Registration
In the student registration form, the student has to enter phone number. The users only
register once using SMS verification and do not needs to login after complete the verification.
1.4.2.2 Event Management System
Event Management System is a system which manages information of an event.
- This system shows event in the interface.
- Admin is allowed to add new event into the database
- Admin is able to edit event information in the database
- Admin is allowed to delete event information in the database
4
1.4.2.3 College event
The student can able to keep up to date the event management activities while admin can
keep update the new event and manage the college activity and event.
1.4.2.4 Event Attendance
Student can able to scan the QR code as their proof attending the event while Admin can
able to view and display the name of the students attending the event
1.5 Limitation of Work
Every application has their limitations which are:
i. Wi-Fi or Data Connectivity. This application can be access only when there is a Wi-Fi
connection or any data connectivity for performing client server process, OTP and QR
code authentication.
1.6 Expected Result
i. A secure event management application using OTP and QR code.
ii. Provide an easy access for the admin and student involve reaching for the
information about the event.
5
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
This chapter will discuss and portrays the literature review for the Event Attendance
System for Students Using One-Time Password (OTP) that being developed. Firstly,
we need to understand what literature review is. A literature review is about past
research or recent research or what need to search or seek the truth for the purpose
portraying or illustrate the research problem, solutions and the importance of seeking
a solution. A literature review is not about information gathering. In a given subject or
chosen topic area, the literature review shows in-depth grasp and summarize prior
research that linked to the research subject. Literature review involves the process of
reading journals, articles, book and research paper and later on analyzing, evaluating,
and summarizing scholarly materials about a specific topic. It can be guideline to
develop a new system so that the new system can provide a better and more functional
than the existing systems. The discussions about the new system are done based on
the literature review guidelines.
6
2.2 Project and Research
2.2.1 Event Management System
This paper [1] proposed to maintain the College Event information and organize the event
and to send the Student Registration time through sums with verification code to the student
using mobile application based on Android App. The Application is mainly focused on Event
based service to the company, College network in mobile application. This application also
helps to maintain the users account and its various details. The main advantage of using this
application is it reduces the direct communication to student and avoids the mall function of
the student to event join and participating for android to android where ever it is. The
database design and coding techniques has highly enhanced and optimized. This makes the
application an overall user friendly and easy for naive users. This application being as a
platform to know the events, to apply for the events, and this application automatically
generates Token Number to the students via SMS during the registration of students
including scheduled timings. To understand use of this application, consider the flow of
actions happening, by this application college can register the students, after registering,
college can login, after login, college can post the Technical fest / event details including
name, logo, address, venue of the event, date, event conducting time, cost of events to
participate etc. students who are participating in the event can view details posted by the
colleges. Below is the module description for this project:
Admin Login: In the Admin login form, the administrator has to enter the username
and password to login into the event management system menu form.
Main Menu: In the event management system main menu form, the menus are split
into event details, registration, token details and reports.
Event Details: In the event details form, it includes the event id, event name, event
organizer, and event fee and event contact number.
Student Registration: In the student registration form, the student has to enter the
student name, department, college name, email identification and the phone number.
The student details are allowed to store in the centralized database with an automatic
generated event id.
Token details: In the token details form, once the user enters the event id and clicks
the search button. The submitted query will be processed with the server and the event
name is displayed in the page screen.
7
As mentioned above, the event management system is useful for the students that help the
user to provide information regarding the event that are conducted in college. This project
also proposed a scope for future enhancements which are to add additional functions to
Android application such as improved user interface is deployment on the Android market
and to develop the event management application for the Blackberry OS using principles of
code reuse.
2.2.2 Android Application for Event Management System
This paper [2] discusses android application for event management system. The proposed
system is an application that is designed to manage and handle the events of an organization.
Mobile registration is the next generation of registration that leads attractive way of event
details delivery especially used in an organization. The application provides portability as it is
used on a mobile device and can be carried anywhere. Since the application is used on
android device, it improves connectivity between the participants and the coordinators, thus
the institution will be to provide with more transparent system altogether. Not only does the
connectivity improve, the application also decreases a substantial amount of paperwork that
is otherwise needed for the daily tasks in an institution. It is a useful tool that can be used by
all the members of the institution, anywhere, anytime on an Android mobile device. Since the
mobile device makes all the tasks, there is no paperwork involved and it provides direct
access to the participants and coordinators. Direct access, here, means that the participants
can clarify their event details with the coordinators irrespective of where they are at a given
time. To design proposed project, smart phones with android operating system are chosen
because navigation rate of android OS is 70 percent. It is open source and free ware. The
application is consistent with all Android versions ranging from Gingerbread 2.3 to Lollipop
5.0.1, so that students who cannot afford to buy high end mobiles and institutes located in
remote, rural area can also take the advantage of this application. The projects aim at
designing an event app which could effectively manage the events in an organization. This
application contains the database which has the details of the participants, their name, and the
events they are willing to participate, their registration id, and event details like day, venue,
time, etc. Participants instead of registering in the websites or using paperwork, they can
simply use this mobile application to register.
8
After the comparisons done by the administrator they are provided with the unique id. The
advantage of application is that the existing system has been taken and made portable by
creating an application that can be used on a mobile device, both by participants and
organizers. Convenience is not only the key advantage for portability, it also reduces the
amount of paperwork by a substantial margin. Basically, the main objective of android based
event management system is to obtain the advantages on hand-held devices like mobile
devices which allow accessing the events at anywhere and anytime by the participants. The
application will not only help the participants to obtain notifications from the admin, but it
will also help the organizers by providing a convenient system to communicate with the
participants and inform them about upcoming submissions and events.
2.2.3 UNIVERSITY SEMINARS ATTENDANCE CHECKING SYSTEM USING QR
CODE IMAGE SCANNER
This paper [3] discussed about seminars at universities or at any other organizations that
required having checking attendance list for their participant. From this way, teachers and
students can register their name for specified seminar at the same time that they attend in the
seminar hall. This new technique can be done by using QR Code Image scanner and Mobile
Smart Phone, which scan the displayed QR Code image on the seminars Screen, before
seminars Start. There are many drawbacks when using old system or manual system. One of
these drawbacks that can be seen through using old system is that the attendees must wait till
the sheet list of names reached to their desk. Moreover, in some cases the list of the names
may lose, and all the participants lose their registration process. Another weakness point in
this old technique is that required that sometimes there are not enough spaces for other people
to write put in their names, which means lack of spaces. Also to those problems that face
current registration process there are some other main important issues that face this system:
1. Most of the universities in Kurdistan Region of Iraq (KRG), from example University
of Sulaimani, it is required as an obligation that their teaching staff must attend
seminars for collecting points for their QoS.
2. In some faculties, their QoS center still work with lots of papers and documents. Also,
each teacher that is a member of teaching the community in the faculty must name
which is stored in the QoS Database.
9
3. The number of paper works may exceed more than hundred teachers profile in some
colleges or faculties, and some them of the have more than five departments. Also, in
each department there are lots of teachers.
In the new proposed system, university academic staff must have their mobile smartphones
have been registered into the university's database. Thus, it is required that the information of
each university member staff mobile phone must be stored including MAC Address and
Phone number. All this information will be stored in the central database that contains all the
academic data, for instance, teachers and employee’s personal information. Also, there will
be a QR Code image will be displayed on seminars screen before the seminar starts about 5 to
10 minutes. Moreover, this opportunity will be given due to give sometimes for attendees to
scan the displayed QR code. This process of scanning the QR system can be held through
mobile applications that specified for scanning and decoding the Image. The purpose of doing
image scanning in beginning and the end of seminars is to restrict the attendees to stick to the
seminars to the end of the session. This is because of many attendees leave the seminars just
5-10 minutes of starting seminars, which, in fact, the seminars session will last to 1 hour to
1hour and a half. There are also purposes of quality assurance (QAS) system. This system is
applied to all teachers in the many education organizations. So, it is required from them to
collect points as passive and active. With passive points, they must attend as many seminars
as possible to collect many points. In this research, it has been concluded that the number of
smartphone users is increased in different countries and continents. This is the main reason
that leads developers and research to include most of their software development
smartphones as mobile technologies. The researcher has investigated that using QR Code
scanning through Smartphones for absent checking is valuable. Thus, due to capabilities to
hold and interpret data according the owner of the mobile devices. It means that every teacher
in the university will have their encoded data. So, the researcher reached to a point in
research to restrict to make fraud with seminar attendances and to make the restriction that
attendees must stick to the seminars session time completion. This paper also proposed future
work that will be possible to enlarge this system to cover a wider area of QAS for example,
teachers can check their point on a daily basis or weekly or even monthly. This will help
them to track their lack of points.
10
2.2.4 One-Time Password via SMS
This paper [4] describes a method of implementing two factor authentication using
mobile phones. The proposed system involves using a mobile phone as a software token
for One Time Password generation. SMS-based OTP is one of the most user friendly
multi-factor authentication mechanisms today that does not require an additional device.
One time passwords, or OTP, are used (as the name indicates) for a single session or
transaction. OTP SMS provides a 2 stage security while utilizing Internet Banking. By
using a one-time password that is sent to our mobile phone in addition to our user ID and
static password, you have a high level security. The passwords generated by the OTP
SMS are one time passwords. Meaning that the OTP SMS password we have used for one
of our transactions can't be used for a second time by us or another person. One-time
passwords sent over SMS (text messages) were designed to prevent replay attacks and
add an additional layer of log on security. A unique password or code is sent to the user
via text, and that code must be entered along with a traditional username and password
combination to allow access to a site or authorize a transaction. OTP over SMS is a form
of multi-factor authentication. There are basically three types of one-time passwords. The
first uses a mathematical algorithm to generate a new password based on the previous
password. The second is based on time synchronization between the authentication server
and the user providing the password. The third uses a mathematical algorithm, but the
new password is based on a challenge and a counter. Below is a list of these five different
solutions, which serves as a representative sample of all the different solutions that exist
which are SMS authentication with Session ID verification, One-time password from PC
to SMS, One-time password from SMS to PC, SIM strong authentication via mobile
phone and Software token in the mobile phone. This paper also shows the implementation
issue on how the software generates a one-time password. First the user registers in the
system control panel software that is installed on a server. Then the user by pressing the
request key (on the software installed on mobile embedded) one-time password request is
sent to the server. After a few moments the user request is received by the server and then
it will be checked and user authentication process begins. After approval of the user
identity, the server responds to user requests and the user password requested will code
by encryption algorithms, and it sent to the user. Software installed on the user's phone
has received one-time password and then decode it and show it to the user. And the end,
the user types the password received in own panel. Server processes the user OTP
11
password and in the case the accuracy that allows the user to login to the user’s page. For
conclusion, in this paper, they have presented an application for one-time password
generation and transaction between server and mobile handset. The advantage of this
application compared to the similar software is using of highly complex and non-return
encryption algorithm, which relationship between user and network security is fully
guaranteed and the high flexibility of the software, enabling it to different communication
methods such as SMS and USSD.
2.2.5 Two Factor Authentication Using Smartphone Generated One Time Password
This paper [5] explains a method of how the two factor authentication implemented using
SMS OTP or OTP generated by Smartphone- One Time Password to secure user accounts.
The proposed method guarantees authenticating online banking features are secured also this
method can be useful for e-shopping & ATM machines. The proposed system involves
generating and delivering a One Time Password to mobile phone. Smartphone can be used as
token for creating OTP or OTP can be send to mobile phone in form of SMS. The generated
OTP is valid for only for short period of time and it is generated and verified using Secured
Cryptographic Algorithm. A typical solution is based on giving the user a hardware token
that generates one-time-passwords, i.e. passwords for single session or transaction usage.
Moreover, token also have disadvantages which include the cost of purchasing, issuing, and
managing the tokens or cards. In this paper, we propose a securely generated and verified
OTP using smartphone. Installing third-party applications allows mobile phones to provide
expanded new services other than communication. The use of mobile phone as a software
token will make it easier for the customer to deal with multiple two-factor authentication
systems and will also reduce the cost of manufacturing, distributing and maintaining millions
of hardware tokens. Sometimes OTP is sent to user mobile phone as a SMS with Transaction
details. For system design and implementation, they propose a computer-based software
token. This is supposed to replace existing hardware token devices. The System involves
generation of Secured OTP using Cryptographic algorithm and delivering it to user’s mobile
in the form of SMS or user can able to create his own OTP using smartphone and validating
the OTP using same Cryptographic algorithm. The proposed system is secured and consists
of two parts: (1) the server software, (2) the client software: Client application on PC for
transaction & android application on smartphone for creating OTP. Two factor authentication
12
methods have recently been introduced to meet the needs of organizations for providing
stronger authentication options to its users. The proposed work focuses on the
implementation of two-factor authentication methods using mobile phones. It provides an
overview of the various parts of the system and the capabilities of the system. The proposed
system has two option of running, either using a free and fast connection-less method or a
slightly more expensive SMS based method. This paper also discussed about future
deployments that include a more user friendly GUI, extending the algorithm to work on
various mobile phone platforms. In addition to the use of Bluetooth and WLAN features on
mobile phones for better security and cheaper token generation.
2.2.6 TrustOTP: Transforming Smartphones into Secure One-Time Password (OTP)
Tokens
Nowadays, in this era of technology, there is an increasing number of enterprise employees
who need to remotely access the corporate networks and by the end of 2015, more than 1.3
billion workers worldwide will routinely work beyond the traditional office environment.
Moreover, around the same time, more mobile devices are being widely used to perform
business transactions by mobile workers. But usually, enterprise have traditionally used two-
factor authentication to secure employee’s remote access to corporate resources. Due to this,
OTP is widely adopted by the enterprise in their two-factor authentication solutions. Time-
based OTP (TOTP) and HMAC-based OTP (HOTP) that is event based are the most popular
OTP used. Software-based OTP solutions cannot guarantee the confidentiality of the
generated passwords or even the seed when the mobile OS is compromise. Moreover, they
also suffer from denial-of-service attacks when the mobile OS crashes. In the other hand,
hardware-based OTP token can solve these security problems in the software-based OTP,
however, it is inconvenient for the users to carry physical tokens with them. So in summary,
this paper [6] proposed a new design of secure OTP Tokens using smartphones which
provides the flexibility of the software tokens and hardware tokens. It's also capable of
prevent all type of attacks from the malicious mobile OS and still can continue to display the
OTP even if the mobile crashes. This new design also will provide trusted graphical user
interface that display the OTP on the same screen. This new design is already being
implemented with TrustOTP prototype and the evaluation results show that TrustOTP can
work efficiently using just a small amount of power consumption.
13
2.2.7 Time versus Event Based One-Time Password
In this paper [7], the researcher compares the two main approaches to one-time passwords
(OTP) which are time-based OTP and event-based OTP. Their main conclusion is that they
are very similar from both a security and usability perspective (with each having slight
advantages of a different nature). It is a well-known fact that plain password-based
authentication is highly problematic. Beyond the fact that many users are not aware of the
adversarial threats that exist and therefore engage in insecure behaviour, it is often impossible
for a user to remember all of her passwords. A number of different authentication
mechanisms are used today in order to alleviate this problem. One-time-password
authentication (or OTP) is just one of these mechanisms. In this method, login is performed
using a different, essentially random password each time. The passwords are generated by a
device, most commonly a hardware token associated with the user, and so the password is not
based on the user’s memory. This greatly increases security. Furthermore, by adding a
personal secret PIN or password that the user needs to provide in order to authenticate, strong
two-factor authentication is achieved. There are two main approaches to OTP. In the first
approach, called time-based OTP, the one-time password changes at frequent intervals (say,
every two minutes). In the second approach, called event-based OTP, the one-time password
is generated by pressing a button on the OTP device. The cryptographic mechanism
underlying both approaches is the same. Each one-time password is generated by applying a
random-looking cryptographic function to a unique series value. In the time-based case, the
value is the current time. In the event-based case, the value is a sequence number that is
incremented with each button click. We stress that each device is initialized with a secret key
that makes prediction of the one-time passwords infeasible to an outside attacker. The
researcher also stress that the current time and sequence numbers are not secret and the
security rests on the inability to predict the output of the cryptographic function on the
current number due to the secret key. Lastly, the researcher concludes that both OTP
approaches greatly enhance security beyond password-based authentication. From both a
security and usability perspective, time-based and event-based OTP mechanisms have
distinct relative advantages and ultimately we regard them as being equally effective. Below
is the summary of comparison between time-based versus event-based OTP.
14
Table 2.2.7.1 Summary comparison between time-based vs event-based OTP.
Security Convenience
Time-based OTP Pro: OTP values are valid for a
short period of time
Con: OTP values can be
obtained easily by a by-stander
Pro: The OTP value can be simply
read off the screen
Con: The OTP value may change
while it is being entered
Event-based OTP Pro: An attacker would need
undetected physical access to the
device
Con: An OTP value is valid
until a new OTP value is used
Pro: The OTP value is generated at
the user’s request; no value change
after a short amount of time
Con: The user must press a button
to generate the OTP value
2.2.8 Development of the online student attendance monitoring system (SAMS™) based
on QR-codes and mobile devices
This paper [8] thus outlines the development of an online student attendance monitoring
system (named (𝑆𝐴𝑀𝑆𝑇𝑀)) based on QR codes and mobile devices. This design was chosen
due to its simplicity and cost-effectiveness. The only equipment required by the user
(lecturers and students) is a mobile internet device such as a tablet computer or a smartphone.
This paper describes the overall architecture as well as the flow of its implementation in the
class room. The method of surveying the effectiveness and user feedback of the system is
also discussed. The main advantage of the system is a more accurate and quicker method of
recording and monitoring student attendance. With this system, it will be quantitatively easier
to discern the students based on their diligence in attending classes, and thus also predict their
performance due to the correlation between attendance and academic performance. The
researcher propose a QR-code based system, in combination with mobile devices to display
and scan the QR-codes. This thus removes the need for any additional hardware, noting that
in Malaysia there is high ownership of mobile internet-capable devices, especially in the form
of smart-phones as well as high mobile internet usage, with an increasing aerial coverage and
penetration over time. This paper also discussed the early anecdotal and response to this plan
as well as initial performance tests and comparison with other systems. For the design of the
15
online Student Attendance Monitoring System (𝑆𝐴𝑀𝑆𝑇𝑀), the researcher utilizes two
technologies widely used at present, namely the Internet-enabled mobile devices and QR
codes. Student interaction with the system is through a unique QR code that is reserved for
each student. A QR code (quick response code) is basically a two dimensional bar code. The
QR codes that are generated for each student can be displayed using a smartphone or printed if
the student does not have a smart phone. When students attend classes, the code will be
scanned by lecturers using mobile devices such as smartphones and tablets. The scanned QR
codes will directly interact with the web-based (𝑆𝐴𝑀𝑆𝑇𝑀) system and record the student
attendance. The Student Attendance Monitoring System (𝑆𝐴𝑀𝑆𝑇𝑀) itself consists of two
main components the (𝑆𝐴𝑀𝑆𝑇𝑀) server and the (𝑆𝐴𝑀𝑆𝑇𝑀) app. Access to the system is via
a user name and corresponding password. This is for security and also enables access for
different categories of users to the online system, for example a lecturer or system
administrator. The main page also offers a hint if a user forgets the user name or password.
After the student information has been updated, a unique QR code can be generated for each
student. The QR code is sent via email. Once all students have received their QR codes, it can
thus be used to record their attendance. The (𝑆𝐴𝑀𝑆𝑇𝑀) app is a dedicated software
application intended for better integration of QR code scanning with the (𝑆𝐴𝑀𝑆𝑇𝑀) systems
as a whole. An initial performance test has been performed by measuring the response time of
scanning QR codes on commercial mobile devices over various networks. The tests were
performed using a Ninetology Black Pearl II smartphone over Wi-Fi and HSDPA as well as
using a Samsung Galaxy Note II device over 4G LTE. The response time depends on many
factors such as the screen size (larger screens may take longer), mobile device processing
speed, network speed, camera speed and user handling. In conclusion, with this system, the
technology that is presently widely used can be utilised so that students can benefit more
from lessons by their presence without burdening the instructors.
2.2.9 A Students Attendance System Using QR code
This paper [9] proposes a system that is based on a QR code, which is being displayed for
students during or at the beginning of each lecture. The students will need to scan the code in
order to confirm their attendance. The paper explains the high level implementation details of
the proposed system. It also discusses how the system verifies student identity to eliminate
16
false registrations. With the widespread of smartphones among university students, this paper
addresses the problem of such a waste in the lecture time and proposes a system that offers to
reduce it. The proposed solution offers a QR code for the students to scan it via a specific
smartphone application. The code along with the student identity taken by the application will
confirm the students’ attendance. This way, the system will save not only time but also
efforts that were supposed to be put by instructors during each lecture. It will speed up the
process of taking attendance and leave much time for the lecture to be given properly. The
proposed system also takes care of preventing unauthorized attendance registration using
multi-factor authentication. The proposed system lies between online learning and traditional
learning as a facilitation for the attendance record-keeping process, in a way that enriches the
lecture time so that it can better be utilized in giving useful materials rather than wasting the
time taking attendance. The system requires a simple login process by the class instructor
through its Server Module to generate an encrypted QR code with specific information.
During the class, or at its beginning, the instructor displays an encrypted QR code to the
students. The students can then scan the displayed QR code using the system Mobile Module,
provided to them through the smartphone market by the university. Along with the student’s
facial image captured by the mobile application at the time of the scan, the Mobile Module
will then communicate the information collected to the Server Module to confirm attendance.
The whole process should take less than a minute for any student as well as for the whole
class to complete their attendance confirmation. Smartphones may communicate with the
server via either the local Wi-Fi coverage offered by the institution or through the internet.
the system is composed of two modules which are the Server and the Mobile Modules. The
Server Module performs the following tasks which mediates students’ attendance requests
with the eLearning system, generates a QR code for the instructor, runs Identity check and
runs Location check. The Mobile Module is the part that students usually install on their
smart phones. The proposed system will need three steps from each student. These steps are
opening the application, capturing the face, and scanning the QR code. The system uses
multi-factor authentication to authenticate students. As conclusion, the researchers have
proposed a way to automate this process using the students’ devices rather than the
instructor’s device. The proposed system allows fraud detection based on the GPS locations
as well as the facial images taken for each student.
17
2.2.10 Android Application for Event Management and Information Propagation
This paper [10] intends to solve the problems of propagating news and information, and also
alleviate the problem of traditional event managing procedures such as lots of paper work, or
long queue at the registration desk. The objective of this project is to develop an android
application which provides interesting news and events. Moreover, users will be able to
manage their event participation, such as reserving their seats in events, registering at the
event site, and so on. More importantly, this application uses QR code to provide an easy
way to verify participants’ identity in an event. This application focuses on solving problems
of event registration and management by using QR code, and also providing news,
information of events, and project ideas which are the given senior project topics for
university students. First of all, users will be able to reserve and manage their event
participation via this application, also receive the QR code to participate in each event after
reservation. Additionally, this application provides significant information and news of many
interesting events from the event provider. In conclusion, this application will help the event
providers by using QR code in verification. Moreover, it will provide significant information
of each event and project topics to users to be able to reach from anywhere, any time. This
application system consists of two main components which are front-end system and back-
end system. The Front-end System is the information displaying section which queries the
data from the remote database and also able to send data to be stored in the database.
Moreover, the staff side front-end system will send the participant information to the server
to verify their identity. The Back-end System is the database management section which
always interacts with the front-end system. Additionally, it will send the required data to
the front-end system whenever the request is sent. This application consists of six main
modules which are Authentication System, Member Management System, News
Management System, Event Management System, Project Ideas Management System, and
Administrator Management System. As conclusion, this application will provide significant
information of events in order to be easily reached by users and will be able to manage their
event participation. Additionally, this application can be used from everywhere, anytime.
More importantly, integrating QR code will provide more convenience to handle events
because it able to complete authentication in one scan.
18
2.2.11 QR code based secure OTP distribution scheme for authentication in
Net-Banking
In this paper [11], the researcher is presenting a new authentication scheme for secure OTP
distribution in net banking through QR codes and email. One Time Passwords (OTP) is
passwords which are valid only for a session to validate the user within
a specified amount of time. Hence for each session the user will be validated using new OTP.
They are also helpful in preventing replay attacks, phishing attacks and other attacks on basic
static passwords. QR codes are used to store textual information in the form of images that
can be read by any smart device including most mobile phones. QR codes can be considered
as two-dimensional bar codes. System consists of a web service that will generate alpha-
numerical OTPs using pseudo-random numbers and current timestamp. Use of timestamp
further assures security and uniqueness of OTP. The alpha-numerical password string is then
encrypted using Advanced Encryption Standard (AES). The key for the algorithm will be
ATM pin of the user since it is unique for every user and can be obtained by Bank Server in
every login session through account number. The AES algorithm is used here since not only
it provides higher security but also it improves performance in such critical systems. The
encrypted string is then converted to QR image by the Bank Server. It is then sent to the
concerned user using email as transmission medium via SMTP. User then downloads the QR
code image and uploads it in standard application that is made available to him by net-
banking provider. The application provides space for QR image to be uploaded and user then
enters his ATM pin which is used to decrypt the string read from QR code. The validation of
the pin is carried out by sending request to the bank server. If the ATM pin is entered
correctly, application displays the OTP that was generated for the session. User then enters
the OTP for net-banking and completes authentication. Then any type of transaction can be
carried out online on the service provider website. Proposed scheme has higher degree of
complexity than all existing systems and clearly the time required to crack the scheme will be
more than the useful lifetime of OTPs. OTPs are generated for a session
and have a short lifetime. It’s not possible to use the OTP after their expiry. Popularity of QR
codes makes the method user friendly. the proposed system satisfies the high security
requirements of the online users and protects them against various security attacks. Also the
system does not require any technical pre-requisite and this makes it very user-friendly.
Hence, QR code proves to be versatile at the same time beneficial for both the customers in
terms of security and vendors in terms of increasing their efficiency.
19
2.2.12 Online Banking Authentication System using Mobile-OTP with QR code
In this paper [12], the researcher proposes a new Online Banking Authentication system. This
authentication system used Mobile OTP with the combination of QR-code which is a variant
of the 2D barcode. The researcher propose Online Banking Authentication System use
Mobile OTP, one of the OTP generate device which has same security as the existing OTP
and with the convenience of mobile features, and the used of semi-permanent. This reduction
in acquisition costs as well as easy to download the brother deployment, if the introduction of
financial. In addition, user does not require a separate cost except for the initial download
costs.
2.3 Summary of the Research paper
Table 2.3.1 Summary of research paper
Author Title Description Advantage Disadvantage
M.Mahalakshmi
, S.Gomathi and
S.Krithika
(2016)
Event
Management
System
The main idea of this
project is used to
maintain the College
Event information and
organize the event.
To send the Student
Registration time
through sums with
verification code to
the student using
mobile application
based on Android
App.
It reduces the direct
communication to
student
Avoid the mall
function of the student
to event join and
participating for
android to android
where ever it is.
Need internet
connection for
some
applications
20
R Deepika1, R
Gayathri2, T
Saravanakumar3
, K
Vigneshwaran4,
K Vignesh5,
(2016)
Android
Application for
Event
Management
System
-The proposed system
is an application that
is designed to manage
and handle the events
of an organization.
-The projects aim at
designing an event
app which could
effectively manage the
events in an
organization.
-the main objective is
to obtain the
advantages on hand-
held devices like
mobile devices which
allow accessing the
events at anywhere
and anytime by the
participants.
-The existing system
has been taken and
made portable by
creating an application
that can be used on a
mobile device,
both by participants
and organizers.
-The application will
help the participants to
obtain notifications
from the admin.
-It will also help the
organizers by
providing a
convenient system to
communicate with the
participants and
inform them about
upcoming submissions
and events.
-It reduces the amount
of paperwork by a
substantial margin.
-
21
Miran Hikmat
Mohammed,
Baban, (2015)
University
Seminars
Attendance
Checking System
Using
QR Code Image
Scanner
In the new proposed
system, teachers and
students can register
their name for
specified seminar at
the same time that
they attend in the
seminar hall.
-This new technique
can be done by using
QR Code Image
scanner and Mobile
Smart Phone, which
Scan the displayed QR
Code image on the
seminars Screen,
before seminars Start.
-using QR Code
scanning through
Smartphones for
absent checking is
valuable.
-Thus, due to
capabilities to hold
and interpret data
according the owner
of the mobile devices.
-Teachers
cannot check
their point on a
daily basis or
weekly or even
monthly.
-They cannot
track their lack
of points.
Mohsen
Gerami-Satar
Ghiasvand
(2016)
One-Time
Passwords via
SMS
-This paper describes
a method of
implementing two
factor authentication
using mobile phones.
-The proposed system
involves using a
mobile phone as a
software token for
One Time Password
generation.
-Have a high level
security
-Prevent replay
attacks and
add an additional layer
of log on security.
-Use of highly
complex and
non-return encryption
algorithm
The shorter the
OTP message,
the easier it is
to be hacked.
22
Sagar Acharya1,
Apoorva
Polawar2,
P.Y.Pawar3,
(2013)
Two Factor
Authentication
Using
Smartphone
Generated One
Time Password
-This paper explains a
method of how the
two factor
authentication
implemented using
SMS OTP or OTP
generated by
Smartphone- One
Time Password to
secure user accounts. -
-The proposed method
guarantees
authenticating online
banking features are
secured
-The proposed system
involves generating
and delivering a One
Time Password to
mobile phone.
Smartphone can be
used as token for
creating OTP or OTP
can be send to mobile
phone in form of
SMS.
-The generated OTP is
valid for only for short
period of time and it is
generated and verified
using Secured
Cryptographic
Algorithm.
-The use of mobile
phone as a software
token will make it
easier for the customer
to deal with multiple
two-factor
authentication systems
-Reduce the cost of
manufacturing,
distributing and
maintaining millions
of hardware tokens.
-They have to
install OTP
generation
software in all
clients mobile,
the time in
both mobile
and server has
to be always
synchronized,
if client
purchase a new
mobile, the
mobile have to
be registered
and installed
with the OTP
generation
software,
updated
software have
to re-installed
in all client
mobile.
23
He Sun1,2,3, Kun
Sun1, Yuewu
Wang2, and
Jiwu Jing2,
(2015)
TrustOTP:
Transforming
Smartphones into
Secure
One-Time
Password Tokens
-In this paper, the
researcher present
TrustOTP, a secure
one-time password
solution that can
achieve both the
flexibility of software
tokens and the
security of hardware
tokens by using ARM
TrustZone technology.
- They provide a
trusted graphical user
interface that displays
the OTP on the same
screen shared with the
Rich OS.
- They implement a
TrustOTP prototype
and the evaluation
results show that
TrustOTP can work
efficiently with small
power consumption.
-Can prevent all types
of attacks from the
malicious mobile OS
and continue to
display the OTP even
if the mobile OS
crashes. -It is flexible
to support various
OTP algorithms and
multiple OTP
instances on one
smartphone.
-It requires no changes
of the mobile OS and
has
small impacts on the
mobile OS's
performance.
-when the
mobile
operating
system is
compromised,
it cannot
guarantee the
confidentiality
of the
generated
OTPs or even
the seeds.
24
A. A. ABD.
RAHNI11,2,*, N.
ZAINAL1,2, M.
F. ZAINAL
ADNA1, N. E.
OTHMAN3, M.
F. BUKHORI1,2,
(2015)
Development of
The Online
Student
Attendance
Monitoring
System(𝑆𝐴𝑀𝑆𝑇𝑀)
Based on QR-
Codes and Mobile
Devices.
-They propose a QR-
code based system, in
combination with
mobile devices to
display and scan the
QR-codes. This thus
removes the need for
any additional
hardware.
-This design was
chosen due to its
simplicity and cost-
effectiveness.
The main advantage
of the system is a
more accurate and
quicker method of
recording and
monitoring
student attendance.
-With this system, it
will be quantitatively
easier to discern
the students based on
their diligence in
attending classes.
-
Fadi Masalha,
Nael Hirzallah,
(2014)
A Students
Attendance
System Using QR
Code
-This paper proposes a
system that is based
on a QR code, which
is being displayed for
students during or at
the beginning of each
lecture.
-The students will
need to scan the code
in order to confirm
their attendance.
- The proposed system
allows fraud detection
based on the GPS
locations as well as
the facial images
taken for each student.
-The system will save
not only time but also
efforts that were
supposed to be put by
instructors during
each lecture.
-It will speed up the
process of taking
attendance and leave
much time for the
lecture to be given
properly.
-
25
Phanuphong
Hathaiwichian,
Lapas
Siriwittayacharo
en
Apinat
Wongwachirawa
nich, and
Chaiyong
Ragkhitwetsagul
(2014)
Android
Application for
Event
Management and
Information
Propagation
-This project
alleviates theproblem
of traditional event
managing procedures
such as lots of
paper work, or long
queue at the
registration desk.
-The objective is to
develop an android
application which
provides interesting
news and events.
-This application uses
QR code to provide an
easyway to verify
participants’ identity
in an event.
-This application can
be used from
everywhere, anytime.
-information of events
in order to be
easily reached by
users and will be able
to manage their event
participation.
-
Abhas
Tandon1,Rahul
Sharma2,
Sankalp
Sodhiya3,P.M.D
urai Raj
Vincent4 ,
(2013)
QR Code based
secure OTP
distribution
scheme for
Authentication in
Net-Banking.
In this paper, the
researcher is
presenting a new
authentication scheme
for secure OTP
distribution in net
banking through QR
codes and email.
-The system does not
require any technical
pre-requisite and this
makes it very user-
friendly.
- QR code proves to
be versatile at the
same time beneficial
for both the customers
in terms of security
and vendors’ in
terms of increasing
their efficiency.
OTPs are
generated for a
session
and have a
short lifetime.
It’s not
possible to use
the OTP after
their expiry.
26
Young Sil Lee*,
Nack Hyun
Kim**, Hyotaek
Lim***,
HeungKuk
Jo***, Hoon Jae
Lee*** (2015)
Online Banking
Authentication
System
using Mobile-
OTP with QR-
code
In this paper, they
propose a new Online
Banking
Authentication
system.
This authentication
system used Mobile
OTP with the
combination of QR-
code which is a
variant of the 2D
barcode.
One of the
OTP generate device
which has same
security as the existing
OTP. This reduce in
acquisition costs
Barcode is fast, easy,
accurate and
automatic data
collection method.
Barcode
enables products to be
tracked efficiently and
accurately at
speeds net possible
using manual data
entry system.
-
27
CHAPTER 3
METHODOLOGY
3.1 Introduction
In this chapter, it will clearly define the flow of application with the methodology being used
in this project. The methodology is the description in the thesis to achieve the object which is
describing the way doing or the design for carrying out research of the development of a
procedure. Methodology is used to ensure the systematic process of developing the project
and perform theoretical analysis of the methods applied to a field of studies. The
methodology also must be able to solve all the problems arising in the system analysis to
ensure that this project is complete and able to work well. For this project, waterfall
methodology has been chosen. The phases of waterfall model are requirement analysis,
system design, implementation, testing, deployment and maintenance. In requirement
analysis, all possible requirements of the system to be developed are captured in this phase
and documented in a requirement specification doc. For system design, the requirement
specifications from first phase are studied in this phase and system design is prepared.
System design helps in specifying hardware and system requirements and also helps in
defining overall system architecture. It involves the Context Diagram (CD), Data Flow Data
(DFD) and Entity Relationship Diagram (ERD). The next phase is implementation. With
inputs from system design, the system is first developed in small programs called units,
which are integrated in the next phase. Each unit is developed and tested for its functionality
which is referred to as Unit Testing. Then, testing phase is occurring. All the units developed
in the implementation phase are integrated into a system after testing of each unit. Post
integration the entire system is tested for any faults and failures. After testing is done, the
system is being deployed. Last is maintenance to measure the effectiveness of the system.
28
3.2 System Requirement and Specification
System requirement is needed to achieve this project and assist the development of the
project that involves system requirement in hardware and software. All of these elements are
important in the process of development of this project. List of hardware and software are
shown as below:
3.2.1 Hardware Requirement
Table 3.2.1.1 below shows the list of hardware that are used in this project. Five types of
hardware are needed upon completing the application.
Table 3.2.1.1: List of hardware requirement
No Hardware Type
1 Laptop model Acer-Aspire E5-476G
2 Processor Intel® Core™ i5-8250U CPU @ 1.60Ghz 1.80Ghz
3 Memory 4.00 GB
4 Hard Disk 1.00 TB
5 Operating System version Windows 10/64-bit
29
3.2.2 Software Requirement
Table 3.2.2.1 shows the software that are used in this project development. Ten software are
used in order to build the application.
Table 3.2.2.1: List of software requirement
Num. Software Purpose
1. XAMPP Server Local server to run and test application
2. PhpMyAdmin Database for the application
3. Android Studio IDE Android platform, design for Android
development
4. Notepad++ Cross-platform source code editor
5. QR Code Generator QR Code platform
6. Firebase One-Time-Password platform
7. Java JDK For developing Java application and applets
8. Google Chrome To download other requirements
9. Lucidchart.com and edraw To create CD, DFD, ERD
10. Microsoft Powerpoint 2016 To present the proposal
30
3.3 Framework Design of Event Attendance System Using One Time Password(OTP)
Figure 3.3.1.1: One Time Password (User Registration)
For this project, One Time Password is being used as user registration. Firstly, user must
enter country code and also phone number. Server will save the registered phone number.
Then, the database will do mobile phone number lookup. Once the database has found the
mobile phone number, it will tell the server that the mobile phone number is exist. Next,
server will send One-Time Password to the mobile phone in the form of SMS. After the
mobile phone has received the One-Time Password, user will enter the OTP to verify the user
registration. For more details about how One-Time-Password (OTP) works with Android will be
explain in the algorithm section.
Step 1: Enter country
code and phone number
31
Figure 3.3.1.2: QR Code Data Flow (Attendance recording)
After the user has registered, the user can access the event system and apps easily.They can
view which event is available, the information of event that they want to participate and many
more. When they go to some events, attendance will be taken based on scanning of QR code
that is displayed at the event . In this project, the attendance recording is based on QR Code
scanning. Figure 3.5.1.2 shows QR code algorithm for attendance recording. Database will
send random number to web system to generate QR code. Student will scan the QR code that
contain random number. Then, the mobile application will get IMEI number and random
number from scanning of QR code. IMEI (International Mobile Equipment Identity) is a
unique number to identify GSM, WCDMA, and iDEN mobile phones, as well as some
satellite phones. Next, mobile application will send the IMEI number and random number to
the server. After that, server will check either IMEI number exist or not. If exist, server will
check random number as well. Then, java session is created. Lastly, server will tell the
mobile application that authentication is okay and attendance will be record and save in the
database.
32
3.3.2 Process Model
3.3.2.1 Context Diagram
Figure 3.3.2.1 Context Diagram
As shown in figure 3.3.2.1, there is two entity involved which are admin and user. The admin
and user must register and login into the application.
For admin, after admin register into the application, admin must login with admin profile into
the application. If the login session success, all of the information that admin key in will be
save in the database. Password that admin use (static password) will be a “unique key” or ID
for the admin. After that, admin will be free to create any event, update and delete any
information.
As for user, user will register into the application by using country code and phone number
by using method called One-Time Password(OTP). After that, user will be given a six digits
code as a ticket to enter into the application or event that have been created by the admin. The
six digits’ code will be sent via message. User will only have one-time login session as the
application using One-Time Password (OTP) for the user. Apart from that, user can view all
of the information that admin updated into the application.
For user, there is user attendance. The user attendance is based on the QR code that will be
scan by user at the event that they are attending. The attendance wil be saved in the database.
33
This application also have feedback section that is provided for admin to check the event
feedback info. User will give feedback and only admin can view the feedback info.
3.3.2.2 Data Flow Diagram Level 0
Figure 3.3.2.2 Data Flow Diagram (DFD Level 0)
Data Flow Diagram (DFD) is a graphical representation of the flow data through an
information system. It shows how a system’s environmental entities, processes, and data are
interconnected and also the data is stored in the databases. It also shows what kind of
information will be input to and output from the system, where the data will come from and
go to and where the data will be stored. Figure 3.4.2.1 above shows the DFD that consist of
two entities and four processes. The two entities are admin and user while the other four
processes are register and log in, user attendance, create and update event, event information,
and event feedback.
34
The first process that is manage admin will involve admin. Admin to register and login into
the application. After admin register, admin profile will be save and the admin information
will be store in the login data store for admin. Second process will be the user attendance.
Only user will involve at this process as the user is the only one that need to scan QR code to
record their attendance when participating an event. After user has scan the QR code, all the
attendance database will be stored in the data store for authentication. Third process will be
managing event. Only admin will involve at this process as the admin is the only one that can
create and update the information. After admin already created the event, all the databases
about that event will be stored in the data store for event. The next process is about the event
information. At this point, only user will be involving to view the event information details.
All the event details will be retrieve from the database event that is already been stored. The
last process is all about the event feedback. Both entities that is admin and user will be
involve at this phase. User will be the one that comment about the event management and the
comment will be stored in the data store named feedback. Admin can view all the comments
by retrieving the data from the feedback data store.
3.3.2.3 Data Flow Diagram Level 1
i. Manage Admin
Figure 3.3.2.3.1 Add and Update Admin
Manage Admin account allows admin to add profile and update profile.
35
ii. Manage Attendance
Figure 3.3.2.3.2 Verify Code and Count Attendance of user
Manage attendance allows user to input code and verify attendance
iii. Manage Event
Figure 3.3.2.3.3 Add, Update and Delete Event
Manage Event allows admin to add info, update info and delete info about event.
36
iv. Manage Feedback
Figure 3.3.2.3.4 Add and Update Feedback
Manage Feedback allows user to add feedback and update feedback.
37
3.3.3 Entity Relationship Diagram
Figure 3.3.3.1 ERD model for Event Attendance System Using One Time Password(OTP)
contains five entities and have their attributes.
38
3.5 Algorithm
3.5.1 One-Time Password Algorithm
For this project, the algorithm used for user registration is One-Time Password. One Time
Password is a password that is valid for only one login session or transaction. OTP can be
send to a mobile phone in the form of SMS. The types of the algorithm used are Time –Based
One Time Password. The server side has synchronized clock which is will synchronize with
client’s OTP clocks. In time-based OTP, each OTP value is only valid for a short amount of
time. Furthermore, only a single one-time password appears on the screen at any one time
and so it is not possible to obtain future OTP values. In this project, user need to input
country and mobile number and One Time Password Server will generate One Time
Password code. In order to record the user registration, every user will generate random code
for authentication. Admin will monitor over the system from server side. The server will
generate one random code and authenticate the user registration. This approach provides
security element in preventing replay attacks, eavesdropping and any sensitive information
being stolen by the third party.
3.5.1 QR Code Algorithm
For this project, the algorithm used for recording user attendance is QR Code Algorithm. A
QR Code is a special type of barcode that can encode information like numbers, letters and
Kanji characters. There are seven steps in QR Code encoding process which are data analysis,
data encoding, error correction coding, structure final message, module placement in matrix,
data masking and format and version information.
A QR Code encodes a string of text. There are four modes for encoding text in QR code
which are numeric, alphanumeric, byte and Kanji. Each mode encodes the text as a string of
bits (1s and 0s), but each mode uses different method for converting the text into bits. While
UTF-8 can encode Kanji characters, it must use three or four bytes to do so. Shift JIS, on the
other hand, uses just two bytes to encode each Kanji character, so Kanji mode compresses
Kanji characters more efficiently. If the entire input string consists of characters in the
double-byte range of Shift JIS, use Kanji mode. It is also possible to use multiple modes
within the same QR code.
39
The next step is data encoding. In data encoding, there are four steps. First, choose the error
correction level. Second, determine the smallest version for the data. Third, add the mode
indicator and fourth, add the character count indicator. To choose the error correction level,
QR codes uses Reed Solomon error correction. This process creates error correction
codewords (bytes) based on the encoded data. A QR code reader can use these error
correction bytes to determine if it did not read the data correctly, and the error correction
codewords can be used to correct those errors. There are four levels of error correction: L
(recovers 7% of data), M (recovers 15% of data), Q (recovers 25% of data) and H (recovers
30% of data). Then, count the number of characters to be encoded to determine which is the
smallest version that can contain the number of characters for encoding mode and desired
error correction level. Then, we can add mode indicator which each encoding has a four-bit
mode indicator that identifies it. Next, add the character count indicator. The character count
indicator is a string of bits that represents the number of characters that are being encoded.
The character count indicator must be placed after the mode indicator. Furthermore, the
character count indicator must be a certain number of bits long, depending on the QR version.
The third step is error correction coding. As mentioned earlier, QR codes uses error
correction. This means that after create the string of data bits that represent the text, then use
those bits to generate error correction codewords using a process called Reed-Solomon error
correction. QR scanners read both the data codewords and the error correction codewords. By
comparing the two, the scanner can determine if it read the data correctly, and it can correct
errors if it did not read the data correctly.
The fourth step is structure final message. The data and error correction codewords generated
in the previous steps must now be arranged in the proper order. For large QR codes, the data
and error correction codewords are generated in blocks, and these blocks must be interleaved
according to the QR code specification.
The fifth step is module placement in matrix. After generating the data codewords and error
correction codewords and arranging them in the correct order, the bits must be place in the
QR code matrix. The codewords are arranged in the matrix in a specific way. During this
40
step, the patterns that are common to all QR codes will be place, such as the boxes on the
three corners.
The sixth step is data masking. Certain patterns in the QR code matrix can make it difficult
for QR code scanners to correctly read the code. To counteract this, the QR code
specification defines eight mask patterns, each of which alters the QR code according to a
particular pattern. We must determine which of these mask patterns results in the QR code
with the fewest undesirable traits. This is done by evaluating each masked matrix based on
four penalty rules. The final QR code must use the mask pattern that resulted in the lowest
penalty score.
The last step is format and version information. The final step is to add format and (if
necessary) version information to the QR code by adding pixels in particular areas of the
code that were left blank in previous steps. The format pixels identify the error correction
level and mask pattern being used in this QR code. The version pixels encode the size of the
QR matrix and are only used in larger QR codes.
3.6 Summary
In this chapter, the methodology chosen is Waterfall Model which is suitable for my project.
System requirement includes hardware and software which are needed and fulfils the project
requirement. Android studios as a platform to develop an application. Java Language is the
universal language used in this project. System Design is fundamental in building the project
to more clear about the system. This project accompanied by documentation for each
requirement, which enables to review it for validation. To show the flow of the project and
the process of this project, context diagram, data flow diagram, entity relationship diagram is
shown in order to illustrate a better understanding about this project. Furthermore, this
chapter also stress out the algorithm or method used that will be applied on this project.
41
CHAPTER 4
4.1 Introduction Implementation and Output
The implementation process is must need a method to carry out, execute the project after the
system design. The system being implemented into a real prototype or integrate software
based service for the end-user. After implementation, the system testing is executed to test the
whole system for the functionality and credibility of the system being developed. In this
process, the algorithm or technique being applied along with the development of the
application. This chapter discusses the implementation, deployment, and result of the entire
application after being developed.
4.1.1 Deployment and Configuration
In this stage, the deployment takes place on deploy the system requirements to enable
development of this project. The hardware requirement being setup and testing either it
suitable and compatible with the project requirement. This project deployment uses hybrid
mobile application that are built in a similar manner as websites. Both uses a combination of
technologies like HTML, CSS and JavaScript. In this project, Apache Cordova is used
because most hybrid mobile applications leverage Apache Cordova a platform that provides a
consistent set of JavaScript APIs to access device capabilities through plug-ins, which are
built with native code. The process deployment of XAMPP as a local host also used which
has Apache web server, PHPMyAdmin, and MySQL that need to configure and deploy to
develop an application. All the process conducted involving software and hardware
requirement based on system design to ensure all meet the expectation.
42
4.1.2 Interfaces
Figure 4.1.2.1 Homepage
Figure 4.1.2.2 Admin Login Page
43
Figure 4.1.2.3 Admin Interface (Add Event)
Figure 4.1.2.4 Admin Interface (Update Event)
44
Figure 4.1.2.5 Admin Interface (Delete Event)
Figure 4.1.2.6 User Interface (View event and participate the event)
45
Figure 4.1.2.7 User Interface (Event Participation Detail)
Figure 4.1.2.8 Feedback Interface
46
4.2 Summary
In this chapter whereby the implementation takes places. Implementation stage is where
process turn in system design into a prototype.
REFERENCES
[1] M.Mahalakshmi, S.Gomathi and S.Krithika, “Event Management System” International
Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-9333, March-
April 2016.
[2] R Deepika, R Gayathri, T Saravanakumar, K Vigneshwaran, K Vignesh, “Android
Application for Event Management System” International Conference on Systems, Science,
Control, Communication, Engineering and Technology 2016 [ICSSCCET 2016], February
2016.
[3] Miran Hikmat Mohammed, Baban, “UNIVERSITY SEMINARS ATTENDANCE
CHECKING SYSTEM USING QR CODE IMAGE SCANNER” International Journal of
Advance Research, IJOAR .org Volume 3, Issue 8, August 2015, Online: ISSN 2320-9194
[4] Mohsen Gerami, Satar Ghiasvand, “One-Time Passwords via SMS” Bulletin de la
Société Royale des Sciences de Liège, Vol.: 85, 2016, p. 106 – 113
[5] Sagar Acharya, Apoorva Polawar, P.Y.Pawar, “Two Factor Authentication Using
Smartphone Generated One Time Password” IOSR Journal of Computer Engineering (IOSR-
JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 11, Issue 2 (May. - Jun. 2013), PP 85-
90.
[6] He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing, “trustOTP: Transforming Smartphones
into Secure One-Time Password Tokens”, 2015.
47
[7] Andrew Y. Lindell, “Time versus Event Based One-Time Passwords” Aladdin
Knowledge Systems, 2007.
[8] A. A. ABD. RAHNI, N. ZAINAL, M. F. ZAINAL ADNA, N. E. OTHMAN, M. F.
BUKHORI, “DEVELOPMENT OF THE ONLINE STUDENT ATTENDANCE
MONITORING SYSTEM (𝑆𝐴𝑀𝑆𝑇𝑀) BASED ON QR-CODES AND MOBILE DEVICES”
Journal of Engineering Science and Technology Special Issue on UKM Teaching and
Learning Congress 2013, June (2015) 28 – 40
[9] Fadi Masalha, Nael Hirzallah, “A Students Attendance System Using QR Code”
(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 5,
No. 3, 2014
[10] Phanuphong Hathaiwichian, Lapas Siriwittayacharoen Apinat Wongwachirawanich,
and Chaiyong Ragkhitwetsagul, “Android Application for Event Management and
Information Propagation” The 2014 Third ICT International Student Project Conference
(ICT-ISPC2014).
[11] Abhas Tandon, Rahul Sharma, Sankalp Sodhiya, P.M.Durai Raj Vincent, “QR Code
based secure OTP distribution scheme for Authentication in Net-Banking” International
Journal of Engineering and Technology (IJET), ISSN : 0975-4024, Vol 5 No 3 Jun-Jul 2013.
[12] Young Sil Lee*, Nack Hyun Kim**, Hyotaek Lim***, HeungKuk Jo***, Hoon Jae
Lee***, “Online Banking Authentication System using Mobile-OTP with QR-code”, 2015.
