2factor Pro MZC

Project Report Factor Authentication
Two
Page | 4
TABLE OF CONTENTS
1. INTRODUCTION ........7 2. SYSTEM STUDY ........6

2.1 Study of existing system .....................6 2.2 Study of proposed system ....................6
3. SYSTEM ANALYSIS ............11

3.1 Feasibility study .................11 3.1.1 Operation feasibility ................11 3.1.2 Technical feasibility ........ 12 3.1.3 Economicalfeasibility.......13
4. SYSTEM SPECIFICATION .13

4.1 Hardware specification ...13 4.2 Software specification ........13 4.3 Languages used ..............13 4.3.1 Java ..................13 4.3.2 JSP....15 4.3.3 JavaScipt...18 4.3.4 J2ME.18 4.3.5 J2EE..23 4.3.6 MySQL.....24
Department of Computer Science, MZC
Two
Page | 5
5. SYSTEM DESIGN ........26

5.1 Logical Design .................27 5.2 Input Design ....................28 5.3 Output Design .................28 5.4 Physical Design.29 5.5 Modular Design.30 5.6 Database Design31 5.7 DFD...32
6. DETAILED DESIGN..............................................................35
6.1 Module Description ......................35 6.2 Table Design.............................................................................................37
7. STSTEM TESTING & IMPLEMENTATION......................39

7.1 System Tesing ..........39 7.1.1 Unit Testing ...............41 7.1.2 Module Level Testing ..................41 7.1.3 Integration & System Testing ...........41 7.1.4 Regression Testing..42 7.2 System Implementation..42 7.2.1 Implementation methods.43 7.2.2 Implementation plan44
8. FIGURES..................................................................................45
8.1 Data Flow Diagram ......45 8.2 Screen Shots .................48 8.2.1 Desktop part .................48 8.2.2 Website part .............53 8.2.3 Mobile part.....60
Two
Page | 6
9. CONCLUSION ...63 10. REFERENCES..64
1. INTRODUCTION
Two
Page | 5
Today security concerns are on the rise in all areas such as banks, governmental applications, healthcare industry, military organization, educational institutions, etc. Government organizations are setting standards, passing laws and forcing organizations and agencies to comply with these standards with non-compliance being met with wide-ranging consequences. There are several issues when it comes to security concerns in these numerous and varying industries with one common weak link being passwords. Most systems today rely on static passwords to verify the users identity. However, such passwords come with major management security concerns. Users end to use easy-to-guess passwords, use the same password in multiple accounts, write the passwords or store them on their machines, etc. Furthermore, hackers have the option of using many techniques to steal passwords such as shoulder surfing, snooping, sniffing, guessing, etc.Providing usable security mechanisms that take advantage of this wide spread use of mobile devices not only would increase the level of protection for critical information, but may also enhance the chances that security considerations will be embraced by the end users. Authentication using mobile devices is one way to bring such devices into the realm of security. However, previous research efforts that use mobile devices for authentication purposes, have employed weak authentication (i.e., only a username and password pair) using input and output features of such devices. Weak authentication is known for its vulnerability to several attacks, including shoulder surng, phishing, and key logging. Moreover, the compact size of mobile devices imposes constraints on their efficient and consistent usability. It is unreasonable to expect a user to enter a potentially long password into a mobile device several times a day. Likewise, we cannot expect users to use small screens of mobile devices as a proper output device for their daily transactions. We propose a two-factor authentication system that employs a mobile device to authenticate a user to a web server (i.e. an on-line banking site) through a potentially untrusted personal computer (i.e., a client). The rst factor is the combination of username and password that are usually required by web servers. The second factor is a one-time password that would be typed into the browser of the untrusted client and sent
Two
Page | 6
to the web server. In our implementation of OTPs, we provide the users with a list of randomly generated OTPs following SHA1 algorithm including security against shoulder surng attacks. Storing the long term credentials on the mobile device prevents from repetitive entry of potentially long username and passwords into a mobile device and enables the users to use long and possibly more complicated passwords for their accounts. Furthermore, using an OTP as a secondary authentication credential changes the whole authentication process from weak authentication to strong authentication, thus bringing more security for the users. We have implemented this authentication mechanism using JAVA Mobile Information Device Prole (MIDP) for J2ME on a relevant Mobile phone.
In addition to a description of this authentication protocol, we present the results of security and usability evaluations of our two-factor mobile authentication system. The security analysis evaluates the mobile authentication mechanism against an adversary model. Our analysis shows that the security of our devised method is improved over similar authentication approaches that use mobile devices, due to the addition of the OTP which leads to having a strong authentication mechanism. Further more, the results of our usability study show that our participants were willing to adopt the new technology once became aware of the potential threats to their passwords when using untrusted computers. Participants indicated they would accept a lower level of usability in return for the higher level of security of the mobile technology. However, for this new technology to be a complete replacement to conventional username/password based systems, it should be significantly simpler.
Security Evaluation of the Mobile Authentication Mechanism
Two
Page | 7
There are a variety of attacks that require to be considered while analyzing the security of our method and this method is secure against the following types of attacks. -Key Logging Attacks -Lost or Stolen Mobile Device -Lost or Stolen List of OTPs -Shoulder Surfing -Phishing Man-in-the-Middle Attack -Passive Man-in-the-Middle Attack -Active Man-in-the-Middle Attack - Denial of Service Attack
2. SYSTEM STUDY
System study aims at establishing requests for the system to be acquired, developed and installed. It involves studying and analyzing the ways of an organization currently processing the data to produce information. Analyzing the problem thoroughly forms the vital part of the system study. In system analysis, prevailing situation of Department of Computer Science, MZC
Two
Page | 5
problem is carefully examined by breaking them into sub problems. Problematic areas are identified and information is collected. Data gathering is essential to any analysis of requests. It is necessary that this analysis familiarizes the designer with objectives, activities and the function of the organization in which the system is to be implemented.
2.1 STUDY OF EXISTING SYSTEM

Most systems today rely on static passwords to verify the users identity which can affect security management. Passwords are known to be one of the easiest targets of hackers whom uses many techniques to steal passwords such as shoulder surfing, snooping, sniffing, guessing, etc. Users tend to use easy-to-guess passwords, use same password in multiple accounts, write passwords or store them on their machines, etc.
2.2 STUDY OF PROPOSED SYSTEM

The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. The proposed system involves using a mobile phone as a software token for One Time Password generation. The generated One Time Password is valid for only a short user defined time period and is generated by factors that are unique the user .
3. SYSTEM ANALYSIS
The primary goal of the system analyst is to improve the efficiency of the existing system. For that the study of specification of the requirements is very essential. For the development of the new system, a preliminary survey of the existing system will be conducted. Investigation is done whether the up gradation of the system into an
Two
Page | 5
application program could solve the problems and eradicate the inefficiency of the existing system.
3.1 FEASIBILITY STUDY

The initial investigation points to the question whether the project is feasible. A feasibility is conducted to identify the best system that meets the all the requirements. This includes an identification description, an valuation of the proposed systems and selection of the best system for the job. The requirements of the system are specified with a set of constraints such as system objectives and the description of the out puts. It is then duty of the analyst to evaluate the feasibility of the proposed system to generate the above results. Three key factors are to be considered during the feasibility study.
3.1.1 Operation Feasibility An estimate should be made to determine how much effort and care will go into the developing of the system including the training to be given to the user. Usually, people are reluctant to changes that come in their progression. The computer initialization will certainly affected the turn over, transfer and employee job status. Hence an additional effort is to be made to train and educate the users on the new way of the system.
3.1.2 Technical Feasibility The main consideration is to be given to the study of available resources of the organization where the software is to be implemented. Here the system analyst evaluates the technical merits of the system giving emphasis on the performance, Reliability, maintainability and productivity.
Two
Page | 5
By taking the consideration before developing the proposed system, the resources availability of the organization was studied. The organization was immense computer facilities equipped with sophisticated machines and the software hence this technically feasible.
3.1.3 Economic Feasibility Economic feasibility is the most important and frequently used method for evaluating the effectiveness of the proposed system. It is very essential because the main goal of the proposed system is to have economically better result along with increased efficiency. Cost benefit analysis is usually performed for this purpose. It is the comparative study of the cost verses the benefit and savings that are expected from the proposed system. Since the organization is well equipped with the required hard ware, the project was found to be economically.
Two
Page | 13
4. SYSTEM SPECIFICATION
4.1 HARDWARE SPECIFICATION

Processor Primary Memory Storage : Pentium IV OR Above : : 256 MB RAM 40 GB Hard Disk
4.2 SOFTWARE SPECIFICATION

Front end Back end Operating system IDE : : : : Java , J2ME ,J2EE My SQL Windows Net beans
4.3 LANGUAGES USED
4.3.1 JAVA Java was conceived by James Gosling, Patrick Naughton, Chris Warth, Ed Frank and Mike Sheridan at Sun Microsystems Inc. in 1991.The primary motivation was the need for a platform-independent language that could be used to create software to be embedded in various consumer electronic devices, such as microwave ovens and remote controls. Java can be used to create two types of programs: applications and applets. An applet is an application designed to be transmitted over the Internet and executed by a Java-enabled web browser. An applet is actually a tiny Java program, dynamically downloaded across the network, just like an image, sound files, or video clip.
Two
Page | 14
Javas Magic: The Byte Code The key that allows Java to solve both the security and the portability problems just described is that the output of a Java compiler is not executable code. Rather, it is Byte code. Byte code is a highly optimized set of instruction designed to be executed by the Java run-time system, which is called the Java Virtual Machine (JVM).That is in its standard form, the JVM is an interpreter for Byte code. This may come as a bit of surprise. Translating a Java program into Byte code helps to makes it much easier to run a program in a wide variety of environments. The reason is straightforward: only the JVM needs to be implemented for each platform. Once the run-time package exists for a given system, any Java Program can run on it. Java Features Like all other Computer languages, the elements of java dont exist in isolation. Rather they work together to form the language as a whole. However, this interrelatedness can make it difficult to describe one aspect of java without involve several others .Object oriented programming is the core of java. Java is related to C++ which is a direct decent of C. Much of the character of Java is inherited from these two languages. From C java derives its syntax. Many of the javas object oriented features were influenced by C++. In fast several of Javas designing characteristics come from its predecessors. More over the creation of java is deeply rooted in the process of refinement and adaptation that has been occurring in computer programming languages for the past three decades. The key features of java are summed up as follows. Simple: - java was designed to be easy for the professional programmers to learn and use effectively. Source: - Java provides firewall security. Portable: - Java is portable language. Object-oriented: - Object oriented programming is the core of java. Robust: - Provide multiplatform environment. Multithreaded: - Programs that do many things simultaneously.
Two
Page | 15
Interpreted: - Java enables the creation of cross platform programs by compiling into an intermediate representation called java byte code. Distributed: - Java is designed for distributed environment of internet, because it handles TCP/IP protocol. Dynamic: - Java programs carry with them substantial amounts of run time type information that is used to verify and resolve access to object at runtime. This makes it possible to dynamic link code in an expedient manner.
4.3.2. JSP-JAVA SERVER PAGES JSP is now an integral part for developing web-based applications using Java, because of its ability to separate presentation from logic implementation by combining standard mark up text with scripting elements and object-oriented components. JSP provides excellent front-end technology for applications that are deployed over the web. A key element of the J2EE Application Model is the use of the web as a preferred mechanism for data delivery between the applications and the end user, relying on the web browser as a primary user interface for enterprise software. A proto typical web application can be composed from: Java Runtime Environment(s) running in the server (required). JSP page(s) that handle requests and generate the dynamic content. Servlet(s) that handle request and generate dynamic content. Server-side Java Beans components that encapsulate behaviour and state. Static HTML, DHTML, XHTML, XML and similar pages. Client-side Java Applets, Java Beans components and arbitrary Java class files. Java Runtime Environment(s) (downloadable via the plug-in) running in the client(s). The Java Server Pages specification inherits from the servlet specification the concepts of Applications, Contexts, Sessions, Requests and Responses.
Two
Page | 16
JSP is a java based technology that simplifies the process of developing dynamic web sites. With JSP, web designers and developers can quickly incorporate dynamic elements into web pages using embedded java and simple mark-up tags. These tags provide the HTML designer with a way to access data and business logic stored inside java objects. Java Server Pages are text files with the extension .jsp, which take the place of traditional HTML pages. JSP files contain traditional HTML along with embedded code that allows the developer to access data from the java code running on the server. JSP offers several benefits for dynamic content generation. As a Java-based technology, it enjoys all of the advantages that the Java language provides with respect to development and deployment. As an object-oriented language with strong typing, encapsulation, exception handling, and automatic memory management, use of Java leads to increased programmer productivity and more robust code. Because compiled Java byte code is portable across all platforms that support a JVM, use of JSP does not lock us into using a specific hardware platform, operating system, or server software. If a switch in any of these components becomes necessary, all JSP pages and associated Java classes can be migrated over as is. Because JSP is vendor-neutral, developers and system architects can select best of breed solutions at all stages of JSP deployment .JSP technology is the Java platform technology for building applications containing dynamic web content such as HTML, DHTML, XHTML, and XML. The Java Server Pages technology enables the authoring of web pages that create dynamic content easily but with maximum power and flexibility. The Java Server Pages technology offers a number of advantages: Write Once, Run Anywhere properties The Java Server Pages technology is platform independent, both in its dynamic Web pages, its Web servers, and its underlying server components. We can author JSP pages on any platform, run them on any Web server or Web enabled application server, and access them from any web browser. We can also build the server components on any platform and run them on any server. High quality tool support
Two
Page | 17
The Write Once, Run Anywhere properties of JSP allows the user to choose best-of-breed tools. Additionally, an explicit goal of the Java Server Pages design is to enable the creation of high portable tools. Reuse of components and tag libraries The Java Server Pages technology emphasizes the use of reusable components such as Java Bean components, Enterprise Java Beans components and tag libraries. These components can be used in interactive tools for component development and page composition. This saves considerable development time while giving the cross-platform power and flexibility of the Java programming language and other scripting languages. Separation of dynamic and static content The Java Server Pages technology enables the separation of static content from dynamic content that is inserted into the static template. This greatly simplifies the creation of content. This separation is supported by beans specifically designed for the interaction with server-side objects, and, specifically, by the tag extension mechanism. Support for scripting and actions The Java Server Pages technology supports scripting elements as well as actions. Actions permit the encapsulation of useful functionality in a convenient form that can also be manipulated by tools. Scripts provide mechanism to glue together this functionality in a per-page manner. Web access layer for N-tier enterprise application architecture The Java Server pages technology is an integral part of the Java 2Platform Enterprise Edition (J2EE), which brings Java technology to enterprise computing. We can now develop powerful middle-tier server applications, using a web site that uses Java Server Pages technology as a front end to Enterprise Java Beans components in a J2EE complaint.
4.3.3. JAVA SCRIPT
Two
Page | 18
JavaScript is use for validation purposes usually at the client-side, which do not require the server. It is a programming language integrated with HTML. JavaScript facilitates the developer with properties related to document windows, frames, forms, loaded documents and links. This scripting language also traps user events so programs can be developed for such events. This is an interpreter-based language and source code files are directly executed at runtime. JavaScript includes built-in objects related to the current windows and documents as well as objects such as Math, String, Date functions respectively. Since JavaScript is an object-based language, it supports instances, methods and properties. The browsers support JavaScript. In JavaScript, the document object refers to whatever web page the reader is currently looking through which is also the document that contains the JavaScript code. The links are objects within the document object. Date, button, checkbox, elements array from password are the other objects available. JavaScript statements are used to build loops into the script so that commands can be executed several times. Event handlers are those parts of language that tell JavaScript to send or to carry out some actions. The event handlers go into regular HTML tags. Can display custom dialog boxes on the screen, i.e. alert (), confirm () and prompt (). Have two data types Numbers and Strings. JavaScript has custom functions and allows user to write code to have user-defined functions. 4.3.4. J2ME Sun Microsystems defines J2ME as "a highly optimized Java run-time environment targeting a wide range of consumer products, including pagers, cellular phones, screen-phones, digital set-top boxes and car navigation systems."Announced in June 1999 at the JavaOne Developer Conference, J2ME brings the cross-platform functionality of the Java language to smaller devices, allowing mobile wireless devices to share applications. With J2ME, Sun has adapted the Java platform for consumer products that incorporate or are based on small computing devices.
Project Report Factor Authentication General J2ME architecture
Two
Page | 19
J2ME uses configurations and profiles to customize the Java Runtime Environment (JRE).As a complete JRE, J2ME is comprised of a configuration, which determines the JVM used, and a profile, which defines the application by adding domain-specific classes. The configuration defines the basic run-time environment as a set of core classes and a specific JVM that run on specific types of devices. The profile defines the application; specifically, it adds domain-specific classes to the J2ME configuration to define certain uses for devices. Configurations overview The configuration defines the basic run-time environment as a set of core classes and a specific JVM that run on specific types of devices. Currently, two configurations exist for J2ME, though others may be defined in the future: Connected Limited Device Configuration (CLDC) is used specifically with the KVM for 16-bit or 32-bit devices with limited amounts of memory. This is the configuration (and the virtual machine) used for developing small J2ME applications. Its size limitations make CLDC more interesting and challenging (from a development point of view) than CDC. CLDC is also the configuration that we will use for developing our drawing tool application. An example of a small wireless device running small applications is a Palm hand-held computer. Connected Device Configuration (CDC) is used with the C virtual machine (CVM) and is used for 32-bit architectures requiring more than 2 MB of memory An example of such a device is a Net TV box. Connected Limited Device Configuration (CLDC) CLDC was created by the Java Community Process, which has standardized this "portable, minimum-footprint. Java building block for small, resource-constrained devices," as defined on Sun Microsystems' Web site. The J2ME CLDC configuration provides for a virtual machine and set of core libraries to be used within an industrydefined profile. As mentioned in Section 2, a profile defines the applications for particular devices by supplying domain-specific classes on top of the base J2ME configuration. The K virtual machine (KVM), CLDC's reference implementation of a virtual machine, and its KJava profile run on top of CLDC. CLDC outlines the most
Two
Page | 20
basic set of libraries and Java virtual machine features required for each implementation of J2ME on highly constrained devices. CLDC targets devices with slow network connections, limited power (often battery operated), 128 KB or more of non-volatile memory, and 32 KB or more of volatile memory. Volatile memory is non-persistent and has no write protection, meaning if the device is turned off, the contents of volatile memory are lost. With non-volatile memory, contents are persistent and write protected. CLDC devices use non-volatile memory to store the run-time libraries and KVM, or another virtual machine created for a particular device. Volatile memory is used for allocating run-time memory. CLDC requirements CLDC defines the following requirements: Full Java language support (except for floating pointer support, finalization, and error handling) Full JVM support Security for CLDC Limited internationalization support Inherited classes -- all classes not specific to CLDC must be subsets of J2SE 1.3classes Classes specific to CLDC are in javax.microedition package and subpackages
Connected Device Configuration (CDC) Connected Device Configuration (CDC) has been defined as a stripped-down version of Java 2 Standard Edition (J2SE) with the CLDC classes added to it. Therefore, CDC was built upon CLDC, and as such, applications developed for CLDC devices also run on CDC devices. CDC, also developed by the Java Community Process, provides a standardized, portable, full-featured Java 2 virtual machine building block for consumer electronic and embedded devices, such as smartphones, two-way pagers, PDAs, home appliances, point-of-sale terminals, and car navigation systems. These devices run a 32bit microprocessor and have more than 2 MB of memory, which is needed to store the C
Two
Page | 21
virtual machine and libraries .While the K virtual machine supports CLDC, the C virtual machine (CVM) supports CDC.
Profiles overview The profile defines the type of devices supported by your application. Specifically, it adds domain-specific classes to the J2ME configuration to define certain uses for devices. Profiles are built on top of configurations. Two profiles have been defined for J2ME and are built on CLDC: KJava and Mobile Information Device Profile (MIDP). These profiles are geared toward smaller devices. A skeleton profile on which you create your own profile, the Foundation Profile, is available for CDC. However, for this tutorial, we will focus only on profiles built on top of CLDC for smaller devices. Target devices for J2ME applications developed using CLDC generally have the following Characteristics: 160 to 512 kilobytes of total memory available for the Java platform Limited power, often battery powered Network connectivity, often with a wireless, inconsistent connection and with limited bandwidth User interfaces with varying degrees of sophistication; sometimes with no interface at all Some devices supported by CLDC include wireless phones, pagers, mainstream personal digital assistants (PDAs), and small retail payment terminals. According to Sun Microsystems, target devices for CDC generally have the following characteristics: Powered by a 32-bit processor Two megabytes or more of total memory available for the Java platform Devices that require the full functionality of the Java 2 "Blue Book" virtual machine Network connectivity, often with a wireless, inconsistent connection and with limited bandwidth Department of Computer Science, MZC
Project Report Factor Authentication User interfaces with varying degrees of sophistication; sometimes with no interface Some devices supported by CDC include residential gateways, Smartphone and
Two
Page | 22
communicators, PDAs, organizers, home appliances, point-of-sale terminals, and car navigation systems.
Profile 1: KJava KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is built on top of the CLDC configuration. The KJava virtual machine, KVM, accepts the same byte codes and class file format as the classic J2SE virtual machine. KJava contains a Sun-specific API that runs on the Palm OS. The KJava API has a great deal in common with the J2SE Abstract Windowing Toolkit (AWT). However, because it is not a standard J2ME package, its main package is com.sun.kjava. We'll learn more about the KJava API later in this tutorial when we develop some sample applications. Profile 2: MIDP MIDP is geared toward mobile devices such as cellular phones and pagers. The MIDP, like KJava, is built upon CLDC and provides a standard run-time environment that allows new applications and services to be deployed dynamically on end-user devices.MIDP is a common, industry-standard profile for mobile devices that is not dependent on a specific vendor. It is a complete and supported foundation for mobile application development. MIDP contains the following packages, the first three of which are core CLDC packages, plus three MIDP-specific packages like * java.lang * java.io * java.util * javax.microedition.io * javax.microedition.lcdui * javax.microedition.midlet
Project Report Factor Authentication 4.3.5. J2EE
Two
Page | 23
Short for Java 2 Platform Enterprise Edition. J2EE is a platform-independent, Java-centric environment from Sun for developing, building and deploying Web-based enterprise applications online. The J2EE platform consists of a set of services, APIs, and protocols that provide the functionality for developing multitiered, Web-based applications. Some of the key features and services of J2EE: At the client tier, J2EE supports pure HTML, as well as Java applets or applications. It relies on Java Server Pages and servlet code to create HTML or other formatted data for the client. Enterprise JavaBeans (EJBs) provide another layer where the platform's logic is stored. An EJB server provides functions such as threading, concurrency, security and memory management. These services are transparent to the author. Java Database Connectivity (JDBC), which is the Java equivalent to ODBC, is the standard interface for Java databases. The Java servlet API enhances consistency for developers without requiring a graphical user interface.
4.3.6. MySQL MySQL database has become the world's most popular Open source database because of its consistency, fast performance, high reliability and ease of use. It has also become the database of choice for a new generation of applications built on the LAMP stack (Linux, Apache, MySQL, PHP / Perl / Python). MySQL runs on more than 20 platforms including Linux, Windows, OS/X, HP-UX, AIX, Netware, giving you the kind of flexibility that puts you in control. MySQL offers a comprehensive range of certified software, support, training and consulting.
Two
Page | 24
MySQL is a multithreaded, multi-user SQL Database Management System. My SQL's implementation of a relational database is an abstraction on top of a computers file system. The relational database abstraction allows collection of data items to be organized as a set of formally described tables. Data can be accessed or reassembled from these tables in many different ways, which do not require any reorganization of the database tables themselves. MySQL is popular for web applications such as MediaWiki or Drupal and act as the database component of the LAMP ,MAMP and WAMP platforms(Linux/Mac,Windows-Apache MySQL-PHP/Perl/Python), and for open -source bug tracking tools like Bugzilla Its popularity as a web application is closely tied with the popularity of PHP , which is often combined with MySQL and nicknamed Dynamic Duo .It is easy to find many references that combines the two in websites and books(PHP and MySQL for Dummies,PHP and MySQL Bible, Beginning PHP and MySQL etc).
Relational database speak SQL (Structured Query Language). SQL is a standard interactive programming language for getting information from and updating a relational database. Although SQL itself is both an ANSI and an ISO standard, many database products support SQL with proprietary extensions to the standard language. SQL queries take the form of a command language that lets you select, insert, update, find out the location of data, and so forth. My SQL Features: Cross platform support Stored procedures Triggers Cursors True VARCHAR support Updated views
Project Report Factor Authentication Very fast and much reliable for any type of application. Very lightweight application.
Two
Page | 25
Command line tool is very powerful and can be used to run SQL queries against database. Supports indexing and binary objects. Allows changing the structure of table while server is running. It has a wide user base. It is a very fast thread-based memory allocation system.
Two
Page | 26
5. SYSTEM DESIGN
System design is the solution to the creation of a new system. This phase is composed of several systems. This phase focuses on the detailed implementation of the feasible system. It emphasizes on translating design specifications to performance specification. System design has two phases of development logical and physical design. During logical design phase the analyst describes inputs (sources), out puts (destinations), databases (data sores) and procedures (data flows) all in a format that meats the uses requirements. The analyst also specifies the user needs and at a level that virtually determines the information flow into and out of the system and the data resources. Here the logical design is done through data flow diagrams and database design. The physical design is followed by physical design or coding. Physical design produces the working system by defining the design specifications, which tell the programmers exactly what the candidate system must do. The programmers write the necessary programs that accept input from the user, perform necessary processing on accepted data through call and produce the required report on a hard copy or display it on the screen.
5.1 LOGICAL DESIGN
Two
Page | 27
Logical design of an information system shows the major features and also how they are related to one another. The first step of the system design is to design logical design elements. This is the most creative and challenging phase and important too. Design of proposed system produces the details of the state how the system will meet the requirements identified during the system analysis that is, in the design phase we have to find how to solve the difficulties faced by the existing system. The logical design of the proposed system should include the details that contain how the solutions can be implemented. It also specifies how the database is to be built for storing and retrieving data, what kind of reports are to be created and what are the inputs to be given to the system. The logical design includes input design, output design, and database design and physical design.
Two
Page | 28
5.2 INPUT DESIGN

The input design is the link between the information system and the user. It comprises the developing specification and procedures for data preparation and those steps are necessary to put transaction data into a usable form for processing data entry. The activity of putting data into the computer for processing can be achieved by inspecting the computer to read data from a written or printed document or it can occur by having people keying the data directly into the system. The design of input focuses on controlling the amount of input required, controlling errors, avoiding delay, avoiding extra steps and keeping the process simple. The system needs the data regarding the asset items, depreciation rates, asset transfer, physical verification for various validation, checking, calculation and report generation.. The error raising method is also included in the software, which helps to raise error message while wrong entry of input is done. So in input design the following things are considered.
What data should be given as input? How the data should be arranged or coded? The dialogue to guide the operating personnel in providing input. Methods for preparing input validations and steps to follow when error occur The samples of screen layout are given in the appendix.
5.3 OUTPUT DESIGN

Computer output is the most important and direct information source to the user. Output design is a process that involves designing necessary outputs in the form of reports that should be given to the users according to the requirements. Efficient,
Two
Page | 29
intelligible output design should improve the systems relationship with the user and help in decision making. Since the reports are directing referred by the management for taking decisions and to draw conclusions they must be designed with almost care and the details in the reports must be simple, descriptive and clear to the user. So while designing output the following things are to be considered. Determine what information to present Arrange the presentation of information in an acceptable format Decide how to distribute the output to intended receipts Depending on the nature and future use of output required, they can be displayed on the monitor for immediate need and for obtaining the hardcopy. The options for the output reports are given in the appendix.
5.4 PHYSICAL DESIGN

The process of developing the program software is referred to as physical design. We have to design the process by identifying reports and the other outputs the system will produce. Coding the program for each module with its logic is performed in this step. Proper software specification is also done in this step.
Two
Page | 30
5.5 MODULAR DESIGN

A software system is always divided into several sub systems that makes it easier for the development. A software system that is structured into several subsystems makes it easy for the development and testing. The different subsystems are known as the modules and the process of dividing an entire system into subsystems is known as modularization or decomposition. A system cannot be decomposed into several subsystems in any way. There must some logical barrier, which facilitates the separation of each module. The separation must be simple but yet must be effective so that the development is not affected. The system under consideration has been divided into several modules taking in consideration the above-mentioned criteria. Modules are:-Administrator -Client -Server -Mobile -OTP Generation
Two
Page | 31
5.6 DATABASE DESIGN

The overall objective in the development of database technology has been to treat data as an organizational resource and as an integrated whole. DBMS allow data to be protected and organized separately from other resources. Database is an integrated collection of data. The most significant form of data as seen by the programmers is data as stored on the direct access storage devices. This is the difference between logical and physical data. Database files are the key source of information into the system. It is the process of designing database files, which are the key source of information to the system. The files should be properly designed and planned for collection, accumulation, editing and retrieving the required information. The organization of data in database aims to achieve three major objectives: Data integration. Data integrity. Data independence.
The proposed system stores the information relevant for processing in the MS SQL SERVER database. This database contains tables, where each table corresponds to one particular type of information. Each piece of information in table is called a field or column. A table also contains records, which is a set of fields. All records in a table have the same set of fields with different information. There are primary key fields that uniquely identify a record in a table. There are also fields that contain primary key from another table called foreign keys.
Two
Page | 32
5.7 DFD
The data flow diagram is used for classifying system requirements to major transformation that will become programs in system design. This is starting point of the design phase that functionally decomposes the required specifications down to the lower level of details. It consists of a series of bubbles joint together by lines. Bubbles: Represent the data transformations. Lines: Represents the logic flow of data. Data cant rigger events and can be processed to useful information. Systems analysis recognizes the central goal of data in organizations .This dataflow analysis tells a great deal about how organization objectives are accomplished. Dataflow analysis studies the use of data in each activity. It documents these finding in the DFDs. Dataflow analysis give the activities of a system from the view point of data where it originates , how they are used or hanged or where they go, including the stops along the way from their destination. The components of dataflow strategy span both the requirements and systems design. The first part is called dataflow analysis. As the name suggests, we didnt use the dataflow analysis tools exclusively for the analysis stage but also in the designing phase with documentation.
Notations used in Dataflow Diagram The logic dataflow diagrams can be drawn using four simple notations i.e., special symbols or icons and the annotation that associates them with a specific system .Since the choice of notation we follow, does not affect impede or catalyze the system process ; we used three symbols from YOURDON notation and one from Gain and Sarson notation as specified below.
Two
Page | 33
Element References
Symbols
Data Flow Process
Process
Data Store
Source/Sink
Description: Process: Describes how each input data is converted to output data Data Store: Describes the repositories of data in a system. Data Flow: Describes the data flowing between process, Data stores and external entities. Source: An external entity causing the origin of data. Sink: An external entity, which consumes the data
Project Report Factor Authentication Context Diagram
Two
Page | 34
The top level diagram is often called a context diagram. It contains a single process, but it plays a very important role in studying the current system. The context diagram defines the system that will be studied in the sense that it determines the boundaries. Anything that is not inside the process identified in the context diagram will not be part of the system study. It represents the entire software element as a single bubble with input and output data indicated by incoming and outgoing arrows respectively.
Types of Dataflow Diagram DFDs are of two types: 1. Physical DFD Structures analysis states that the current system should be first understood correctly. The physical DGD is a model of the current system and is used to ensure that the current system is clearly understood. Physical DFDs show actual devices, departments, peoples etc involved in the current system. 2. Logical DFD Logical DFDs are a model of the proposed system. They clearly show the requirements on which the new system should be built. Later during the design activity this is taken as the basis for drawing the system's structure charts.
6. DETAILED DESIGN
Two
Page | 35
6.1 MODULE DESCRIPTION
Administrator The bank administrator can add or remove - Branch details ,Account types, Accounts. Deposit and withdraw View all cash transactions Freeze accounts
Client
After registering with the organization, the client must install the OTP generation software from the server to his mobile. The client requests for OTP at the time of login. If the server passwords match and client is authorized, he is directed to his account where he can Transfer fund between accounts View account balance Server A server is implemented to generate the OTP on the organizations side. The server consists of a database containing the client identification information. Stored on both the server and clients mobile at registration time. Both parties generate the OTP at the same point of time.
Two
Page | 36
Mobile A J2ME program is developed and installed on the
mobile phone to generate the OTP. The program has an easy-to-use GUI that is developed using the Net Beans drag and drop interface.
OTP Generation SHA1 algorithm Factors used Username Password Date -Using the last two digits of the year and the date and month makes the OTP unique for that particular date. Hour, Minute
6.2 TABLE DESIGN

Registration Table Table: regtb
Project Report Factor Authentication Primary key: Customer Id
Two
Page | 37
Column name cust_id fn ln addr mn ei un pw
Data type Int(15) Varchar(50) Varchar(50) Varchar(250) Int(10) Varchar(50) Varchar(15) Varchar(15)
Description Customer-Id First name Last name Address Mobile no Email_id User name Password
Account Details Table: acctdet Primary key: Account Number Foreign Key: Customer -Id
Column name acctno cust_id acctype minbal curtbal Data type Int(15) Int(15) Varchar(50) Double Double Description Account Number Last name Address User name Password
Staff Details Table: employee Primary key: Staff-Id
Project Report Factor Authentication Column name sid fn ln addr mn ei un pw Data type Int(15) Varchar(50) Varchar(50) Varchar(250) Int(10) Varchar(50) Varchar(15) Varchar(15) Description Staff-Id First name Last name Address Mobile no Email_id User name Password
Two
Page | 38
IFSC Codes Table: banks Primary key: ifsc

Column name ifsc Data type Varchar(15) Description IFSC codes
7. SYSTEM TESTING AND IMPLEMENTATION
7.1 SYSTEM TESTING

System testing is a critical aspect of Software Quality Assurance and represents the ultimate review of specification, design and coding. Testing is a process of executing a program with the intent of finding an error. A good test is one that has a probability of finding an as yet undiscovered error. The purpose of testing is to identify
Two
Page | 39
and correct bugs in the developed system. Nothing is complete without testing. Testing is the vital to the success of the system. In the code testing the logic of the developed system is tested. For this every module of the program is executed to find an error. To perform specification test, the examination of the specifications stating what the program should do and how it should perform under various conditions. Unit testing focuses first on the modules in the proposed system to locate errors. This enables to detect errors in the coding and logic that are contained within that module alone. Those resulting from the interaction between modules are initially avoided. In unit testing step each module has to be checked separately. System testing does not test the software as a whole, but rather than integration of each module in the system. The primary concern is the compatibility of individual modules. One has to find areas where modules have been designed with different specifications of data lengths, type and data element name. Testing and validation are the most important steps after the implementation of the developed system. The system testing is performed to ensure that there are no errors in the implemented system. The software must be executed several times in order to find out the errors in the different modules of the system. Validation refers to the process of using the new software for the developed system in a live environment i.e., new software inside the organization, in order to find out the errors. The validation phase reveals the failures and the bugs in the developed system. It will be come to know about the practical difficulties the system faces when operated in the true environment. By testing the code of the implemented software, the logic of the program can be examined. A specification test is conducted to check
Two
Page | 40
whether the specifications stating the program are performing under various conditions. Apart from these tests, there are some special tests conducted which are given below: Peak Load Tests: This determines whether the new system will handle the volume of activities when the system is at the peak of its processing demand. The test has revealed that the new software for the agency is capable of handling the demands at the peak time. Storage Testing: This determines the capacity of the new system to store transaction data on a disk or on other files. The proposed software has the required storage space available, because of the use of a number of hard disks. Performance Time Testing: This test determines the length of the time used by the system to process transaction data. In this phase the software developed Testing is exercising the software to uncover errors and ensure the system meets defined requirements. Testing may be done at 4 levels Unit Level Module Level Integration & System Regression
7.1.1 UNIT TESTING A Unit corresponds to a screen /form in the package. Unit testing focuses on verification of the corresponding class or Screen. This testing includes testing of control paths, interfaces, local data structures, logical decisions, boundary conditions, and error handling. Unit testing may use Test Drivers, which are control programs to co-ordinate
Two
Page | 41
test case inputs and outputs, and Test stubs, which replace low-level modules. A stub is a dummy subprogram. 7.1.2 MODULE LEVEL TESTING Module Testing is done using the test cases prepared earlier. Module is defined during the time of design.
7.1.3 INTEGRATION & SYSTEM TESTING
Integration testing is used to verify the combining of the software modules. Integration testing addresses the issues associated with the dual problems of verification and program construction. System testing is used to verify, whether the developed system meets the requirements.
Project Report Factor Authentication 7.1.4 REGRESSION TESTING
Two
Page | 42
Each modification in software impacts unmodified areas, which results serious injuries to that software. So the process of re-testing for rectification of errors due to modification is known as regression testing. Installation and Delivery: Installation and Delivery is the process of delivering the developed and tested software to the customer. Refer the support procedures.
Acceptance and Project Closure: Acceptance is the part of the project by which the customer accepts the product. This will be done as per the Project Closure, once the customer accepts the product; closure of the project is started. This includes metrics collection, PCD, etc.
7.2 SYSTEM IMPLEMENTATION

Implementation includes all those activities that take place to convert from the old system to the new. The old system consists of manual operations, which is operated in a very different manner from the proposed new system. A proper implementation is essential to provide a reliable system to meet the requirements of the organizations. An improper installation may affect the success of the computerized system.
7.2.1 IMPLEMENTATION METHODS
Two
Page | 43
There are several methods for handling the implementation and the consequent conversion from the old to the new computerized system. The most secure method for conversion from the old system to the new system is to run the old and new system in parallel. In this approach, a person may operate in the manual older processing system as well as start operating the new computerized system. This method offers high security, because even if there is a flaw in the computerized system, we can depend upon the manual system. However, the cost for maintaining two systems in parallel is very high. This outweighs its benefits. Another commonly method is a direct cut over from the existing manual system to the computerized system. The change may be with in a week or with in a day. There are no parallel activities. However, there is no remedy in case of a problem. This strategy requires careful planning. A working version of the system can also be implemented in one part of the organization and the personnel will be piloting the system and changes can be made as and when required. But this method is less preferable due to the loss of entirety of the system.
Two
Page | 44
7.2.2 IMPLEMENTATION PLAN The implementation plan includes a description of all the activities that must occur to implement the new system and to put it into operation. It identifies the personnel responsible for the activities and prepares a time chart for implementing the system. The implementation plan consists of the following steps. List all files required for implementation. Identify all data required to build new files during the implementation. List all new documents and procedures that go into the new system.
The implementation plan should anticipate possible problems and must be able to deal with them. The usual problems may be missing documents; mixed data formats between current and files, errors in data translation, missing data etc.
Two
Page | 45
8. FIGURES
The different modules, forms and tables in our system are displayed here.
8.1 DATA FLOW DIAGRAM

The following dataflow diagrams show the control flow in our system. Fig 8.2: Level 1 of administrator Fig 8.3: Level 2 of administrator Fig 8.4: Level 1 of user Fig 8.5: Level 2 of user
Fig 8.1
Two
Page | 46
Fig 8.2
Fig 8.3
Fig 8.4
Two
Page | 47
Fig 8.5
Two
Page | 48
8.2 SCREEN SHOTS
8.2.1 DESKTOP PART
Fig 8.2.1.a Login Form
Two
Page | 49
Fig 8.2.1.b Users Registration Form
Two
Page | 50
Fig 8.2.1.c Staff process Form
Fig 8.2.1.d Registration completed Form
Two
Page | 51
Fig 8.2.1.e Transaction Form
Fig 8.2.1.f Transaction Form 2
Two
Page | 52
Fig 8.2.1.g New Account Form
Fig 8.2.1.h Confirmation Form
Two
Page | 53
8.2.2 WEBSITE PART
Fig 8.2.2.a Login1
Two
Page | 54
Fig 8.2.2.b Login2
Project Report Factor Authentication Fig 8.2.2.c Home Page
Two
Page | 55
Fig 8.2.2.d Fund Transfer Page
Two
Page | 56
Fig 8.2.2.e Fund Transfer1
Two
Page | 57
Fig 8.2.2.f View Balance
Two
Page | 58
Fig 8.2.2.g Fund Transfer2
Two
Page | 59
Fig 8.2.2.h IFSC Codes
Two
Page | 60
8.2.3 MOBILE PART
Fig 8.2.3.1 Application Login
Two
Page | 61
Fig 8.2.3.2 Option List
Fig 8.2.3.3 Login Department of Computer Science, MZC
Two
Page | 62
Fig 8.2.3.4 OTP Generation
Two
Page | 63
9. CONCLUSION
We have successfully completed our project Synchronized Two-factor Authentication Using Mobile Phones in the time span allotted and put together to form the main system. The modules were tested separately. Testing of the whole system has been done with sample data and output obtained according to the requirements. We have described our mobile two-factor authentication mechanism for the purpose of protecting long term credentials of users, particularly when they must authenticate while using an untrusted computer. This approach uses a combination of stored credentials on mobile devices and one-time passwords to assure the confidentiality of long term credentials. The main advantage of our mechanism is its comparatively stronger authentication to other existing approaches. The selection of JSP has greatly enhanced the capability and user friendliness of the system. Also the support of a powerful of database My SQL added to its merit.
10. REFERENCES
Two
Page | 64
TextBooks: [1] Addison-Wesley, Java(TM) Language Specification, The (3rd Edition) [2] John W. Muchow, Core J2ME Technology and MIDP [3} Deepak Alur , Dan Malks ,John Crupi, Core J2EE Patterns: Best Practices and Design Strategies
Websites: [1] google.com (google books) [2] www.javabeginner.com [3] www.w3schools.com [4] www.mysql.com

2factor Pro MZC

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

2factor Pro MZC

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2factor Pro MZC

Uploaded by

Copyright:

Available Formats

Project Report Factor Authentication

1. INTRODUCTION ........7 2. SYSTEM STUDY ........6

3. SYSTEM ANALYSIS ............11

4. SYSTEM SPECIFICATION .13

Department of Computer Science, MZC

Project Report Factor Authentication

5. SYSTEM DESIGN ........26

7. STSTEM TESTING & IMPLEMENTATION......................39

Department of Computer Science, MZC

Project Report Factor Authentication

9. CONCLUSION ...63 10. REFERENCES..64

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

Security Evaluation of the Mobile Authentication Mechanism

Department of Computer Science, MZC

Project Report Factor Authentication

Project Report Factor Authentication

2.1 STUDY OF EXISTING SYSTEM

2.2 STUDY OF PROPOSED SYSTEM

Department of Computer Science, MZC

Project Report Factor Authentication

3.1 FEASIBILITY STUDY

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

4.1 HARDWARE SPECIFICATION

4.2 SOFTWARE SPECIFICATION

4.3 LANGUAGES USED

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

4.3.3. JAVA SCRIPT

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication General J2ME architecture

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Project Report Factor Authentication 4.3.5. J2EE

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC

Department of Computer Science, MZC

Project Report Factor Authentication

5.1 LOGICAL DESIGN

Department of Computer Science, MZC

Project Report Factor Authentication

Department of Computer Science, MZC