Vin U Full Report

1
INTEGRATION OF SOUND SIGNATURE AND GRAPHICLEPASSWORD AUTHENTICATION SYSTEM IN ARMY
INTRODUCTION
Department of MCA
P.E.S.C.E Mandya
2012
2
CHAPTER 1
1.
INTRODUCTION
Passwords are used for (a) Authentication (Establishes that the user is who theysay they are). (b) Authorization (The process used to decide if theauthenticated person is allowed to access specificinformation or functions) and(c) Access Control (Restriction of access-includes authentication & authorization). Mostly user select password that is predictable. This happens with both graphical and text based passwords. Users tend to choose memorable password, unfortunately it means that the passwords tend to follow predictable patterns that are easier for attackers to guess. While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since users cannot easily remember such random passwords. Number of graphical password systems have been developed, Study shows that text-based passwords suffers with both security and usability problems. According to a recent news article, a security team at a company ran a network password cracker and within 30 seconds and they identified about 80% of the passwords . It is well know that the human brain is better at recognizing and recalling images than text, graphical passwords exploit this human characteristic. Here a graphical password system with a supportive sound signature to increase the remembrance of the password is discussed. In proposed work a click-based graphical password scheme called Cued Click Points (CCP) is presented. In this system a password consists of sequence of some images in which user can select one click-point per image. In addition user is asked to select a sound signature corresponding to each click point this sound signature will be used to help the user in recalling the click point on an image. System showed very good Performance in terms of speed, accuracy, and ease of use. Users preferred CCP to Pass Points, saying that selecting and remembering only one point per image was easier and sound signature helps considerably in recalling the click points.
The module contain
Department of MCA
P.E.S.C.E Mandya
2012
3
1. User profile Vector(master) 2. Create Detailed Vector

3. Compare User Profile/login Vector
PREVIOUS WORK Considerable work has been done in this area,The best known of these systems are Passfaces . Brostoff and Sasse carried out an empirical study of Passfaces, which illustrates well how a graphical password recognition system typically operates. Blonder-style passwords are based on cued recall. A user clicks on several previously chosen locations in a single image to log in. As implemented by Passlogix Corporation (Boroditsky), the user chooses several predefined regions in an image as his or her password. To log in the user has to click on the same regions. The problem with this scheme is that the number of predefined regions is small, perhaps a few dozens in a picture. The password may have to be up to 12 clicks for adequate security, again tedious for the user. Another problem of this system is the need for the predefined regions to be readily identifiable. In effect, this requires artificial, cartoon-like images rather than complex, real-world scenes. Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users click one point on each of 5 images rather than on five points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point (at which point they can cancel their attempt and retry from the beginning). It also makes attacks based on hotspot analysis more challenging. As shown in Figure 1, each click results in showing a next-image, in effect leading users down a path as they click on their sequence of points. A wrong click leads down an incorrect path, with an explicit indication of authentication failure only after the final click. Users can choose their images only to the extent that their click-point dictates the next image. If they dislike the resulting images, they could create a new password involving different click-points to get different images.:
PROPOSED WORK In the proposed work we have integrated sound signature to help in recalling the password. No Department of MCA P.E.S.C.E Mandya 2012
4
system has been devolved so far which uses sound signature in graphical password authentication. Study says that sound signature or tone can be used to recall facts like images, text etc. In daily life we see various examples of recalling an object by the sound related to that object . 3.1. Profile VectorsThe proposed system creates user profile as followsMaster vector (User ID, Sound Signature frequency, Tolerance) Detailed Vector - (Image, Click Points) As an example of vectors Master vector (Smith , 2689, 50) Detailed Vector( ) Image Click points 1 (123,678) 2 (176,134) 3 (450,297) 4 (761,164)
Department of MCA
P.E.S.C.E Mandya
2012
5
LITERATURE SURVEY
Department of MCA
P.E.S.C.E Mandya
2012
6
CHAPTER : 2
LITERATURE SURVEY
2.1 Project Survey
We have proposed a approach which uses sound signature to recall graphical password click points. No previously developed system used this approach this system is helpful when user is logging after a long time. In future systems other patterns may be used for recalling purpose like touch of smells, study shows that these patterns are very useful in recalling the associated objects like images or text. The module contain User profile Vector(master), Create Detailed Vector, Compare User Profile/login Vector ,The module has a security features with Password facility to ensure validity of user, Intelligent validation for each entry, User defined data access, and Data security. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. We present the results of an initial user study which revealed positive results. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to Pass Points saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. We also suggest that CCP provides greater security than Pass Points because the number of images increases the workload for attackers or a sequence of images. The next image displayed is based on the previous click-point so users receive immediate implicit feedback as to whether they are on the correct path when logging in. CCP offers both improved usability and security.
2.2 OVERVIEW OF .NET TECHNOLOGY

The .Net framework is a new computing platform that simplifies application development in the
Department of MCA
P.E.S.C.E Mandya
2012
7
highly distributed environment of the Internet. The .NET framework is designed to fulfill the following objectives:
Provide a consistent object-oriented programming environment whether object code is stored and executed locally, but internet distributed, or executed remotely. To provide a code-execution environment that minimizes software deployment and versioning conflicts. To provide a code-execution environment that guarantees safe execution of code, including code created by an unknown or semi-trusted third party. To provide a code-execution environment that eliminates the performance problems of scripted or interpreted environments. To make the developer experience consistent across widely varying types of applications,
such as windows-based applications and web-based applications. The .NET framework has two main components: the common language runtime and the .NET framework class library. The common language runtime is the foundation of the .NET framework. You can think of the runtime as an agent that manages code at execution time, providing core services such as memory management, thread management, and remoting, while also enforcing strict type safety and other forms of code accuracy that ensure security and robustness.Code that targets the runtime is known as managed code, while code that does not target the runtime is known as unmanaged code. The class library, the other main component of the .NET framework, is a comprehensive, objectoriented collection of reusable types that you can use to develop applications ranging from traditional command-line or graphical user interface applications to applications based on the latest innovations provided by ASP.NET, such as web forms and XML web services.
Department of MCA
P.E.S.C.E Mandya
2012
8
Windows Application BASE
Web Applications
Console Application
CLASS
LIBRARY
CLR
CTS
CLS
Fig:2.1 .Net Framework
Fig2.1: .Net Framework Deliver solutions anywhere, anytime, and on any device Migrate legacy solutions develop using the tools and languages of choice better develop, deliver, and maintain solution produce Secured, stable, and manageable solutions
2.3 COMMON LANGUAGE RUNTIME (CLR)

Base Class Library Support
Thread Support Type Checker Security Engine IL to Native Compilers Code Manager
Common Language Runtime

Com Marshaler Exception Manager Debug Engine Garbage Collector
Department of MCA
Class Loader P.E.S.C.E Mandya
2012
9
Fig:2.2 Common Language The heart of .net Framework isCommon Language Runtime (CLR). All .NET compliant
languages run in a common, managed runtime execution environment. With the CLR, you can rely on code that is accessed from different languages. There is a huge benefit. One coder can write one module in C# and another can access and use it from VB.NET. Automatically object management, the .NET languages take care of memory issues automatically. These are few listed benefits which you get from CLR.
Runtime(CLR)
2.4 ASP.NET
ASP.NET is more than the next version of Active Server Pages (ASP); it provides a unified Web development model that includes the services necessary for developers to build enterprise-class Web applications. While ASP.NET is largely syntax compatible with ASP, it also provides a new programming model and infrastructure for more scalable and stable applications that help provide greater protection. ASP.NET is a compiled, .NET-based environment; we can author applications in any .NET compatible language, including Visual Basic .NET, C#, and Jscript .NET. Additionally, the entire .NET Framework is available to any ASP.NET application. Developers can easily access the benefits of these technologies, which include the managed common language runtime environment, type safety, inheritance, and so on. Developers can use Web Forms or XML Web services when creating an ASP.NET application, or combine these in any way they see fit. Each is supported by the same infrastructure that allows you to use authentication schemes; caches
Department of MCA
P.E.S.C.E Mandya
2012
10
frequently used data, or customize your applications configuration, to name only a few possibilities. Web Forms allow you to build powerful forms-based Web pages. When building these pages, you can use ASP.NET server controls to create common UI elements, and program them for common tasks. An XML Web service provides the means to access server functionality remotely. Using XML Web services, businesses can expose programmatic interfaces to their data or business logic, which in turn can be obtained and manipulated by client and server applications. XML Web services enable the exchange of data in client-server or server-server scenarios, using standards like HTTP and XML messaging to move data across firewalls. XML Web services are not tied to a particular component model, and running on any operating system can access XML Web services.
2.5 ADO.NET ADO.NET Object model

ADO.NET provides consistent access to data sources such as Microsoft SQL Server, as well as data sources exposed through OLE DB and XML. Data-sharing consumer applications can use ADO.NET to connect to these data sources and retrieve, manipulate, and update data. ADO.NET cleanly factors data access from data manipulation into discrete components that can be used separately or in tandem. ADO.NET includes .NET Framework data providers for connecting to a database, executing commands, and retrieving results. Those results are either processed directly, or placed in an ADO.NET DataSet object in order to be exposed to the user in an ad-hoc manner, combined with data from multiple sources, or remoted between tiers. The ADO.NET DataSet object can also be used independently of a .NET Framework data provider
Department of MCA
P.E.S.C.E Mandya
2012
11
to manage data local to the application or sourced from XML. The ADO.NET classes are found in System.Data.dll, and are integrated with the XML classes found in System.Xml.dll. When compiling code that uses the System.Data namespace, reference both System.Data.dll and System.Xml.dll. For an example of compiling an ADO.NET application using a command line compiler. ADO.NET provides functionality to developers writing managed code similar to the functionality provided to native COM developers by ADO. For a discussion of the differences between ADO and ADO.NET, see ADO.NET for the ADO Programmer.
ADO.NET Object Model
Fig:2.3 ADO .Net Object Model
CONNECTING TO A DATA SOURCE

In ADO.NET you use a Connection object to connect to a specific data source by supplying necessary authentication information in a connection string. The connection object you use depends on the type of data source.
Department of MCA
P.E.S.C.E Mandya
2012
12
DbConnection object: the .NET Framework Data Provider for OLE DB includes an OleDbConnection object, the .NET Framework Data Provider for SQL Server includes a SqlConnection object, the .NET Framework Data Provider for ODBC includes an OdbcConnection object, and the .NET Framework Data Provider for Oracle includes an OracleConnection object.
COMMANDS AND PARAMETERS

After establishing a connection to a data source, you can execute commands and return results from the data source using a DbCommand object. You can create a command using one of the command constructors for the .NET Framework data provider you are working with. Constructors can take optional arguments, such as an SQL statement to execute at the data source, a DbConnection object, or a DbTransaction object. You can also configure those objects as properties of the command. You can also create a command for a particular connection using the CreateCommand method of a DbConnection object. The SQL statement being executed by the command can be configured using the CommandText property.
DataAdapters and DataReaders

You can use the ADO.NET DataReader to retrieve a read-only, forward-only stream of data from a database. Results are returned as the query executes, and are stored in the network buffer on the client until you request them using the Read method of the DataReader. Using the DataReader can increase application performance both by retrieving data as soon as it is available, and (by default) storing only one row at a time in memory, reducing system overhead. A DataAdapter is used to retrieve data from a data source and populate tables within a DataSet. The DataAdapter also resolves changes made to the DataSet back to the data source. The DataAdapter uses the Connection object of the .NET Framework data provider to connect to a data source, and it uses Command objects to retrieve data from and resolve changes to the data source. Each .NET Framework data provider included with the .NET Framework has a DbDataReader and Department of MCA P.E.S.C.E Mandya 2012
13
a DbDataAdapter object: the .NET Framework Data Provider for OLE DB includes an OleDbDataReader and an OleDbDataAdapter object, the .NET Framework Data Provider for SQL Server includes a SqlDataReader and a SqlDataAdapter object, the .NET Framework Data Provider for ODBC includes an Odbc DataReader and an OdbcDataAdapter object, and the .NET Framework Data Provider for Oracle includes an OracleDataReader OracleDataAdapter object.
THE DATASET
DataSets in ADO .NET are objects that store data in a memory cache, allowing access to the data even with the application disconnected from the databases. The structure of a System.Data.DataSet is similar to that of a relational database. It is organized in a hierarchical object mode of tables, rows, columns, constraints, and relationships. A DataSet can be typed or untyped. Typed DataSets derive its table and column structure from a schema file and is easier to program. Either a typed or untyped dataset can be used in applications. ADO.NET gives better support to typed datasets. A DataSet is located in System.Data NameSpace. DataSets are memory structures that do not contain any data by default. DataSets will have to be filled with data. This can be done in several ways.
Microsoft SQL Server (RDBMS)

Databases and the Internet have enabled worldwide collaboration and information sharing by extending the reach of database applications throughout organizations and communities. Both small businesses and global enterprises have users all over the world who require access to data 24 hours a day. Without this data access, revenue and customers can be lost, penalties can be owed, and bad press can have a lasting effect on customers and a companys reputation. Building a high availability IT infrastructure is critical to the success and well being of all enterprises in todays fast moving economy.
Department of MCA
P.E.S.C.E Mandya
2012
14
The following five points explains what the critical high availability solution areas are, why and what Oracles offerings in each of these areas are. SQL SERVER is one of the leading database management systems (DBMS) because it is the only Database that meets the uncompromising requirements of todays most demanding information systems. From complex decision support systems (DSS) to the most rigorous online
transaction processing (OLTP) application, even application that require simultaneous DSS and OLTP access to the same critical data, SQL Server leads the industry in both performance and capability SQL SERVER is a truly portable, distributed, and open DBMS that delivers unmatched
performance, continuous operation and support for every database. SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially
designed for online transactions processing and for handling large database application. SQL SERVER with transactions processing option offers two features which contribute to
very high level of transaction processing throughput, like The row level.
2.6 An Overview of .NET Framework

First and foremost, .NET is a framework that covers all the layers of software development from the operating system up. It provides the richest level of integration among presentation technologies, component technologies, and data technologies ever seen on a Microsoft platform. Secondly, the entire architecture has been created to make it as easy to develop Internet applications as it is to develop for the desktop environment. DOT NET actually "wraps" the operating system, insulating software developed with .NET from most operating system specifics such as file handling and memory allocation.
Department of MCA
P.E.S.C.E Mandya
2012
15
This prepares for a possible future in which the software developed for .NET is portable to a wide variety of hardware and operating system foundations. (Beta one of Visual Studio.NET supports all versions of Windows 2000 plus Windows NT4, Windows 9x, and Windows. The major components of the .NET framework are shown in the below diagram:
Fig 2.4 The .NET Framework Overview The framework starts all the way down at the memory management and component loading level, and goes all the way up to multiple ways of rendering user and program interfaces. In between, there are layers that provide just about any system-level capability that a developer would need. At the base is the Common Language Runtime, often abbreviated to CLR. This is the heart of the .NET framework, the engine that drives key functionality. It includes, for example, a common system of data types. These common types, plus a standard interface convention, make crosslanguage inheritance possible. In addition to allocation and management of memory, the CLR also does reference counting for objects, and handles garbage collection. The middle layer includes the next generation of standard system services such as ADO.NET and XML. These services are brought under the control of the framework, making them universally available and standardizing their usage across languages. The top layer includes user and program interfaces. Windows Forms (often informally referred to
Department of MCA
P.E.S.C.E Mandya
2012
16
as Win Forms) are a new way to create standard Win32 desktop applications, based on the Windows Foundation Classes (WFC) produced for J++. Web Forms provide a powerful, formsbased UI for the web. Web Services, which are perhaps the most revolutionary, provide a mechanism for programs to communicate over the Internet using SOAP. Web Services provide an analog of COM and DCOM for object brokering and interfacing, but based on Internet technologies so that allowance is made for integration even with non-Microsoft platforms. Web Forms and Web Services, comprise the Internet interface portion of .NET, and are implemented through a section of the .NET Framework referred to as ASP.NET. All of these are available to any language that is based on the .NET platform. For completeness, there is also a console interface that allows creation of character-based applications (not shown in the diagram 2.4).
Common Language Runtime

Let's start with a definition. A runtime is an environment in which programs are executed. The Common Language Runtime is therefore the environment in which we run our .NET applications that have been compiled to a common language, namely Microsoft Intermediate Language (MSIL), often referred to simply as IL. Runtimes have been around even longer than DOS, but the Common Language Runtime (CLR) is as advanced over traditional runtimes as a light bulb is over a candle. Here's a quick diagrammatic summary of the major pieces of the CLR. As shown in the figure, that small part in the middle, called Execution Support contains most of the capabilities normally associated with a language runtime (such as the VBRUNxxx.DLL runtime used with Visual Basic). The rest is new, at least for Microsoft platforms. Understanding the CLR is key to understanding the rest of .NET, hence, here is a short introduction.
Department of MCA
P.E.S.C.E Mandya
2012
17
Fig 2.5 The Common Language Runtime Language interoperability is the ability of the code to interact with code that is written using a different programming language. Language interoperability can help maximum code reuse and, therefore, improve the efficiency of the development process. Because developers use a wide variety of tools and technologies, each of which might support different features and types, it has historically been difficult to ensure language interoperability. However, language compilers and tools that target the common language runtime benefit from the runtimes built-in support for language interoperability. To ensure that you can develop managed code that can be fully used by developers using any programming language, a set of language features and rules for using them called the Common Language Specification (CLS) has been defined. Components that follow these rules and expose only CLS features are considered CLS compliant. If your component uses only CLS features in the API that it exposes to other code (including derived classes), the component is guaranteed to be accessible from any programming language that supports the CLS. Components that adhere to the CLS rules and use only the features included in the CLS are said to be CLS-compliant components.
Common Type Systems

The Common Type System (CTS) defines how types are declared, used, and managed in the runtime, and is also an important part of the runtimes support for cross-language integration. The CTS performs the following functions:
Department of MCA
P.E.S.C.E Mandya
2012
18
Establish a framework that helps enable cross-language integration, type safety, and high
performance code execution. Provides an object-oriented model that supports the complete implementation of many
programming languages. Define rules that languages must follow, which helps ensure that objects written in
different languages can interact with each other. The CTS also defines the rules that ensure that the data types of objects written in various
languages are able to interact with each other.
.Net Framework4.0
The Microsoft .NET Framework 4 provides the following new features and improvements: Improvements in Common Language Runtime (CLR) and Base Class Library (BCL) Performance improvement including better multicore support, background garbage collection, and profiler attach on server. New memory mapped file and numeric types. Easier debugging including dump debugging, Watson minidumps, mixed mode debugging for 64 bit and code contracts.. Innovations in the Visual Basic and C# languages, for example statement lambdas, implicit line continuations, dynamic dispatch, and named/optional parameters. Improvements in Data Access and Modeling
The .NET Framework 4 also offers significant performance gains for WF-based workflows. Improvements to Windows Communication Foundation (WCF) such as support for WCF Workflow Services enabling workflow programs with messaging activities, correlation support. Additionally, .NET Framework 4 provides new WCF features such as service
Department of MCA
P.E.S.C.E Mandya
2012
19
discovery, routing service, REST support, diagnostics, and performance Innovative new parallel-programming features such as parallel loop support, Task Parallel Library (TPL), Parallel LINQ (PLINQ), and coordination data structures which let developers harness the power of multi-core processors.
2.7 ASP.NET Technology

F Active Server Pages has been arguably the leading choice for web developers building dynamic Websites on Windows Web servers. ASP has gained popularity by offering the simplicity of flexible scripting via several languages. That, combined with the fact thats built into every Microsoft Windows-based Web server, has made ASP difficult act to follow. Early in 2002, Microsoft released its new technology for Internet development. Originally called ASP, it was finally released as ASP.NET, and represents a leap forward from ASP both in sophistication and productivity for developers can now choose between several fully-fledged programming languages. Development in ASP.NET requires not only an understanding of HTML and Web design, but also a firm grasp of the concepts of object-oriented programming and development. ASP.NET is a server side technology for developing web applications based on the Microsoft.Net Framework.
Advantages of ASP.NET
ASP.NET pages are compiled, not interpreted .Instead of reading and interpreting your code every time a dynamic page is requested, ASP.NET compiles dynamic pages into efficient binary files that the server can execute very quickly. This represents a big jump in performance when compared with the technologys interpreted predecessor, ASP. ASP.NET has full access to the functionality of the .NET Framework. Support for XML, Web Services, database interaction, email, regular expression and many other technologies are built right into .NET which saves you from having to reinvent the wheel. ASP.NET allows you to separate the server-side code in your pages from HTML layout.
Department of MCA
P.E.S.C.E Mandya
2012
20
Disadvantages of ASP.NET
ASP.NET is a Microsoft technology. While this isnt a problem in itself, it does mean that, at least for now, you need to use a Windows server to run an ASP.NET Website .If your organization uses Linux or some operating system for its Web servers, youre out of luck. Serious ASP.NET development requires an understanding of object-oriented programming.
Using C# with ASP.NET

C# is a simple, modern, object oriented and type-safe programming derived from C and C++. ASP.NET has been described as a technology and not a language. ASP.NET pages can be made from one of many languages. As C# comes free with ASP.NET so when you install ASP.NET you get C# as well. In other words, creating web pages using C# and using ASP.NET to derive it.
2.8 Features of C# Language

Simple Object-oriented Interoperability Type safe
SIMPLE No Pointers. Unsafe operations such as direct memory access are not allowed. In C# there is no use of :: or -> operator. Since it is on .NET it inherits the features of automatic memory management. Integers value such as 0 and 1 are no longer accepted as Boolean values. Boolean values are
Department of MCA
P.E.S.C.E Mandya
2012
21
pure true or false in C# of = operator and == operator. == operator is used for comparison operation and = is used for assignment operation. OBJECT-ORIENTED C# supports data encapsulation, polymorphism, interfaces, and inheritance. (int,float,double) are not objects in java but c# has introduced structures(structs) which enable the primitive type to become objects int i; String a = i.Tostring; //conversion or boxing
INTEROPERABILITY C# includes native support for the computer windows based applications. Allowing restricted use of native pointers. Users need not explicitly implement unknown and other computer interfaces those Features are built in. C# allows the users to use pointers as unsafe code blocks to manipulate your old code
TYPE-SAFE In c3 we cannot perform unsafe casts like convert to a Boolean. Value types are initialized to zeros and reference type objects are initialized to null by the compiler automatically. Arrays are zero based indexed and are bound checked. Overflow of types can be checked.
2.9 Introduction to SQL Server

SQL was invented and developed by IBM in early 1970s stands for structured query language.
Department of MCA
P.E.S.C.E Mandya
2012
22
IBM was able to demonstrate how to control relational database using SQL. The Structured Query Language (SQL) comprises one of the fundamental building blocks of modern database architecture. SQL defines the methods used to create and manipulate relational databases on all major platforms. At first glance, the language may see intimidating and complex but its really not all that bad. Requirements and provides innovative capabilities that increase employee effectiveness, integrate heterogeneous IT ecosystems and maximize capital and operating budgets. SQL Sever provides the enterprise data management platform your organization needs to adapt quickly in a fast-change environment. With the lowest implementation and maintenance costs in the industry. SQL Server delivers rapid return on your data management investment. SQL Server supports the rapid development of enterprise-class business applications that can give your company a critical competitive advantage. Benchmarked for scalability, speed and performance, SQL Server is a fully enterprise-class database product, providing core support for Extensible Mark-up Language (XML) and Internet queries. A table is a primary database object of sol that is used to store data. A table holds data in the form of rows and columns.
2.10 Features of SQL Server 2008

Policy Based Management Management is centralized, thereby reducing the need to configure each server separately. Backwards compatibility supports managing instances of SQL Server 2008, SQL Server 2005, and SQL Server 2000.
Department of MCA
P.E.S.C.E Mandya
2012
23
Data Compression Save disk storage. Enable compression option for individual tables or indexes. Compression can improve disk I/O and memory utilization.
Transparent Data Encryption Implements strong encryption keys and certificates to secure data. Does not increase the size of the database.
Data Auditing Enables compliance with security regulations. Simple configuration using SQL Server Management Studio. Minimal impact on performance because audit data is stored outside of SQL Server database files.
Dates and Times New data types: Date, Time, Date Time Offset
File Stream: New data type VarBinary(Max) FileStream for managing binary data.
Table Value Parameters: The ability to pass an entire table to a stored procedure.
Backup Compression Save storage space. Compressed backups can be stored on tape or on disk.
Department of MCA
P.E.S.C.E Mandya
2012
24
Simple configuration using SQL Server Management Studio. Default state of all backups on a server to be compressed can be configured.
2.11 MVC Architecture

The methodology to be followed is Model-View-Controller (MVC). Using this design pattern results in separation of the application data from the ways that the data can be accessed or viewed as well as from the mapping between system events (such as user interface events) and application behaviors. The MVC methodology consists of three component types. The Model represents the application data along with methods that operate on that data. The View component displays that data to the user. The Controller translates user actions such as mouse movement and keyboard input and dispatches operation on the Model. As a result, the Model will update the View to reflect changes to the data. The figure below the functions of each of these component types as well as the relationships between them.
Fig 2.6 MVC Architecture When this paradigm is used properly, the Model should have no involvement in translating the
Department of MCA
P.E.S.C.E Mandya
2012
25
format of input data. This translation should be performed by the Controller. In addition, the Model should not carry any responsibility for determining how the results should be displayed. The Model-View-Controller Model offers the following benefits Clarifies application design through separation of data modeling issues from data display and interaction Allows the same data to be viewed in many ways Allows the same data to be viewed by many users Enhances reusability by separating application functionality from presentation Increases flexibility, because data model, user interaction, and data display can be pluggable.
Department of MCA
P.E.S.C.E Mandya
2012
26
SYSTEM REQUIREMENT SPECIFICATION
CHAPTER : 3
SYSTEM REQUIREMENT SPECIFICATION

3.1 Software requirements specification
A software requirements specification (SRS) is a comprehensive description of the intended purpose and environment for software under development. The SRS fully describes what the software will do and how it will be expected to perform. Software Requirement Specification (SRS) is a fundamental document, which forms the foundation of the software development process. SRS describes the functionality, characteristics and constraints that are applicable for the application. The SRS can be defined as a condition of capacity needed by a user to solve a
Department of MCA
P.E.S.C.E Mandya
2012
27
problem or achieve an objective. SRS helps the events to understand their own needs. SRS provides a reference for validation of the final report. A high quality SRS is a perquisite to high quality software. A high quality SRS reduces the development cost.
Functional Requirements for Admin 1. User profile Vector(master) 2. Create Detailed Vector 3. Compare User Profile/login Vector Non-Functional Requirements
These are the requirements that are not directly concerned with specific functions delivered by the software. These include software interface requirements, hardware interface requirements which include all the software and hardware requirements. Many organizations focus on the functional aspect of the system-WHAT it does -rather than the non-functional - HOW it does it. Non-functional elements comprise everything from performance to security to usability. Without clear, early definition of non-functional requirements, it is possible that a system could be delivered which does exactly what the customer wants, but is difficult to use, slow, insecure, or is not scalable. Once again, this can lead to the development rework, although some non-functional areas are so integral to the design of the product, it can be difficult to correct them without starting the project again.
3.2 Hardware Requirements

Processor Intel Dual Core
Department of MCA
P.E.S.C.E Mandya
2012
28
RAM Hard Disk
512 MB and above 60 GB Hard Disk Space and above Table: 3.1 Hardware requirements
3.3
Software Requirements
Operating System Presentation Database Language Web Server Development kit
Windows XP and above ASP.NET SQL Server 2008 C# IIS [Internet Information Server] Visual Studio 2010
Table: 3.2 Software requirements
Department of MCA
P.E.S.C.E Mandya
2012
29
SYSTEM ANALYSIS
CHAPTER : 4
SYSTEM ANALYSIS
4.1 Existing system The advantages of the existing system are as follows:
It is very simple in nature & doesnt provide much functionality, thus reducing complexity of the system. Its provide simplicity in the password It doesnt require employees to know about computers at all i.e. it doesnt require training P.E.S.C.E Mandya 2012
Department of MCA
30
Because of manual work it doesnt require any investment in computers or any other Peripherals. The existing system it doesnt take too much of time to login a system
Disadvantages of existing system:

The main disadvantages of existing system is security problem. User is difficult to remembering a password. In existing system we didnt use c c p technique. In previous system only predefined points only we click otherwise it wont allow to login Password predictability is very high in previous system. Hacker can easily identify the passwords using some algorithm.
4.2 Proposed system

In the proposed work we have integrated sound signature to help in recalling the password. No system has been devolved so far which uses sound signature in graphical password authentication. Study says that sound signature or tone can be used to recall facts like images, text . In daily life we see various examples of recalling an object by the sound related to that object .
Advantages of the proposed system
Integration of sound signature is convenient and better way to use, because it brings safety and security User friendly and Compatible on all windows based systems Upgradeable with slight modification in coding. Easy application maintenance due to its robustness P.E.S.C.E Mandya 2012
Department of MCA
31
Menu driven navigation to facilitate simple and quick access to required functionality. A central database for all the data related to ensure data consistency Easier and faster data entry with menu support In proposed system to difficult to guess a password and hack a particular account
Department of MCA
P.E.S.C.E Mandya
2012
32
SYSTEM DESIGN
CHAPTER: 5
SYSTEM DESIGN
5.1 Introduction:
System design is process to design the system, here INTEGRATION OF SOUND SIGNATURE
AND GRAPHICLE PASSWORD AUTHENTICATION SYSTEM IN ARMY. It is a
reduction of an entire system by studying the various operations performed and their relationship within the system and the requirement of its success. One aspect of design is defining the boundaries of the system and determining whether or not the candidate system should consider other related system.
Department of MCA
P.E.S.C.E Mandya
2012
33
The idea of system has been more practical and necessary in computerizing the interrelationship and integration of operations, especially when using computers. Thus its a way of thinking organizations and their problems. An organizational consists of several interrelated and interlocking components. The most creative and challenging phase of the system life cycle is system design. The term design describes a final system and the process by which it is developed. It refers to the technical specifications that will be applied in implementing the candidate system. It also includes the construction of programs and program testing. The key question involved here is How the problem should be solved.
5.2 DATABASE
Database Design is an important and challenging task. Good Design requires although understanding of the data associated with an enterprise and how it issued, as well as good grasp of the features supported by the DBMS. Logical database design also known as database design or data modeling, studies basic properties nd interrelationship among data items, with the aim of providing faithful representation of such item in the basic data structure of a database application is to understand what database.The very first in designing business rules applied to the data.
Information the database must store for the given enterprise and what integrity constraints or
DATAFLOW DIAGRAM:
Registration Process
Login Trial
Get Unique ID
Read User ID
Select Sound Signature Select Tolerances Level Level
Fetch User Profile Vector Show Image from User Profile
Department of MCA
P.E.S.C.E Mandya
2012
34
Select Image
Detect Mouse Position on Image
Select & Click on Pass Point
Want More Image
If Mouse POS=User Profile
Play Sound Signature Play Random Sound

Get Click Points & Prepaire Login Vector
Nu of Image s<5
Create User Profile Vector
Compare Login & User Vector Logo n If d< D Impos ter
5.3 INTRODUCTION TO E-R CONCEPT

The E-R approach attempt to define a number of data classification objects. These fundamental data classification objects are : An Entity is a collection of distinguishable real world objects with common properties. An entity is represented by a rectangle in an E-R diagram. An entity is usually mapped to an actual table, and each row of the table corresponds to one of the distinguishable real world objects that makeup the entity, called an entity instance.
Department of MCA
P.E.S.C.E Mandya
2012
35
Database Table
A database is a collection of interrelated data stored with minimum redundancy to serve many users quickly and efficiently. The general objective of database design is to make the data access easy, inexpensive and flexible to the user.
Field Name UserName Select Image Position play Played Time Int int int
Data type Varchar(MAX)
Description Name of user integer Play that video in particular time Integer value
Table 5.1 : Log In
Field Name UserName Select Image Position Play Played Time DOB Sex int int int
Data type Varchar(50)
Description Username Select particular image position Video will be played Played time is displayed Enter a date of birth Enter a sex
Date Varchar(50)
Department of MCA
P.E.S.C.E Mandya
2012
36
Addres City Email
Varchar(MAX) Varchar(MAX) Varchar(MAX)
Enter a user addres Enter a user city Enter a user emailid
Table 5.2 : Registrationform
File Id Filname
Int char
Number of files in that database Which we uploaded that file name should be mentioned Choose a particular file location
File select
choose
Table 5.3 Upload Files
Field name Select field of files play Played time int int
Data type Varchar(50)
Description Patient ID Video is loaded We can puase video in correct
Department of MCA
P.E.S.C.E Mandya
2012
37
uploaded time Table 5.5 : File download
5.4 ACITIVITY DIAGRAM

Activity diagrams show a sequence of actions of actions, they must indicate the starting point of the sequences. The official UML name for the start point of the activity is initial state. It is the point at which you begin reading the action sequences. The initial state is drawn as a solid circle with a transaction line that connects it to the first action in the of the activities sequence of sequence actions. The activities are performed are represented in the soft bordered Rectangles,
Department of MCA
P.E.S.C.E Mandya
2012
38
where
as
the
validation
process
is
presented
in
hallow
diamond.
Department of MCA
P.E.S.C.E Mandya
2012
39
Fig5.2: Activity Diagram
Department of MCA
P.E.S.C.E Mandya
2012
40
5.5Use Case Diagram

Use cases are used during the analysis phase of a project to identify and partition system functionality. They separate the system into actors and use cases. Actors represent roles that can are played by users of the system. Those users can be humans, other computers, pieces of hardware, or even other software systems. The only criterion is that they must be external to the part of the system being partitioned into use cases. They must supply stimuli to that part of the system, and the must receive outputs from it.Use cases describe the behavior of the system when one of these actors sends one particular stimulus. This behavior is described textually. It describes the nature of the stimulus that triggers the use case; the inputs from and outputs to other actors, and the behaviors that convert the inputs to the outputs.
Department of MCA
P.E.S.C.E Mandya
2012
41
5.6 Sequence Diagram

A Sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how processes operate with one another and in what order.It is a construct of a Message Sequence Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and timing diagrams.
S eq u en ce D iag ram :
DataBase
Airforce/ Defence/ Navy Create an Account
Admin
Upload Files
Upload Files
View Uploaded Files
Download Files W ith Sound Signature
View User
Fig5.4: Sequence Diagram
Department of MCA
P.E.S.C.E Mandya
2012
42
5.7 CLASS DIAGRAM

A class diagram, also referred to as object modeling, is the main static analysis diagram. These diagrams show the static structure of the model.A class diagram is a collection of static modeling elements, such as classes and their relationships, connected as a graph to each other and to their contents.
Fig5.5: Class Diagram
Department of MCA
P.E.S.C.E Mandya
2012
43
SYSTEM TESTING
Department of MCA
P.E.S.C.E Mandya
2012
44
CHAPTER: 6
SYSTEM TESTING AND VALIDATION

Software testing plays a very critical role for quality assurance and for ensuring the reliability of software. During testing the program to be tested is executed with a set of test cases, and the output of the program for the test cases is evaluated to determine if the program is performing as it expected. A series of tests have to be performed for the user acceptance. Software testing is a critical element of software quality assurance and represents the ultimate reviews of Specification, Design and Coding. Preparation of test data itself plays a vital role in the system testing. While testing the system with the test data, errors were detected and rectified. A project is incomplete without successful testing. A program or system design is perfect only when communication between the user and the designer is complete and clear. A successful system design helps in efficient testing. Testing is vital to the success of a system. An elaborate test data is prepared and the system is tested using the test data. While testing, if errors are noted, corrections are made. The corrections need to be noted for future use. Both hardware and software securities must be ensured for the system to run smoothly in future.
Software Testing Strategies: White Box Testing

The code testing strategy checks for the correctness of every statement in the program. To follow this testing strategy, there should be test cases that result in execution of every instruction in the program or module; that is every path in the program is tested. The tested cases should guarantee that independent paths within a module are executed at least once.
Black Box Texting:
Department of MCA
P.E.S.C.E Mandya
2012
45
To perform black box testing, the analyst examines the specifications stating what the program or module should do and how it should perform under various conditions. Then, test cases are developed for various conditions and submitted for processing. By examining the results, the analyst can examine whether the program performs according the specified requirements.
Testing Methodologies: Unit Testing

The source code is normally divided into modules, which in turn are divided into smaller units called units. These units have specific behavior. The test done on these units of code is called unit test. Unit test depends upon the language on which the project is developed. Unit tests ensure that each unique path of the project performs accurately to the documented specifications and contains clearly defined inputs and expected results. Each input form was tested for errors; all errors were detected in the development stage itself and corrected. One of the major errors, in this level is the data connectivity error i.e., connecting the front end application to the database which were tested and was achieved in this project.
Integration Testing
Testing two or more modules or functions together with the intent of finding interface defects between the modules or functions. On a larger level, integration testing can involve a putting together of groups of modules and functions with the goal of completing and verifying that the system meets the system requirements. The goal of this testing is to see if the modules can be integrated properly, the emphasis being on testing interfaces between modules .In this project there are two main modules which were developed and were tested for integration.
Department of MCA
P.E.S.C.E Mandya
2012
46
The Employee Registration which are posted in one form should be fetched as the employee details in the other form (EMPLOYEE MONTHLY SALARY). This testing of Integration was done and was achieved in this project.
User Acceptance Testing

User acceptance of a system is the key factor for the success of any system. The system under consideration is tested for user acceptance by constantly in touch with the prospective system user at time of developing and making changes wherever required is done in regard to the following point:

Input screen design Output screen design Menu driven system
Output Testing:
After performing the validation testing, the next steps are output testing of the proposed system, since no system could be useful if it does not produce the required output in the specific format. The outputs displayed by the systems are tested, by comparing with the format required by the user. Here the output format is considered in two ways: one is on screen and another in printed format.
Validation Testing:
At the culmination of integration testing, software is completely assembled as a package, interfacing errors have been covered and corrected and a final series of software test validation testing was carried out. Validation testing can be defined in many ways, but a simple definition is that validation succeeds when the software functions in a manner that can be reasonably expected by the end user. The validation test includes the validation of the fields of the records. Each field of the records in the modules is tested separately.
Department of MCA
P.E.S.C.E Mandya
2012
47
Each module is subjected to test run along with sample data. The individually tested modules are integrated into a single system. Testing involves executing the real data information is used in the program the existence of any program defect is inferred from the output. The texting should be planned so that all the requirements are individually tested. The other Validation is the username and password, Only if the person as an authorized he is allowed to enter into the system else he cannot enter. Each and every control which is used in our project is validated. For ex: The user is not allowed to enter character in place of numeric and vice versa. All the required fields should be entered by the user to navigate to the next form.
System Testing
System testing is actually a series of different tests whose primary purpose is to fully the computer based system. Although each test has a different purpose, all work should verify that all system elements have been properly integrated and perform allocated functions, being the most important test, the performance test is covered briefly below: exercise
Performance testing:
Performance testing is designed to test the run-time performance of software within the context of an integrated system. Performance testing occurs throughout all steps in the testing process. Even at the unit level, the performance of an individual module may be accessed as tests are conducted. However, it is not until all system elements are fully integrated that the true performance of a system can be ascertained. Website Cookie Testing Cookie is small information stored in text file on users hard drive by web server. This information is later used by web browser to retrieve information from that machine. Generally
Department of MCA
P.E.S.C.E Mandya
2012
48
cookie contains personalized user data or information that is used to communicate between different web pages. Cookies are nothing but the users identity and used to track where the user navigated throughout the web site pages. The communication between web browser and web server is stateless.
Test cases 1
Test case area Verification of database connection
Input Enter Login name Enter
Expected output Display an Error Message Cant connect database. Login Accept database
Actual result Accept database Accept database
Status Failed Passed
name(connect data base) Enter Patient ID Display an Error Accept Message Error in connection Connection string. Enter ID(valid connection string) Invalid user name Display message username Valid user name User Logged in and gets list of names. an string string connection string error Display an error invalid message invalid username User Logged in and gets list of names. Accept patient name Accept Patient Name Patient Accept connection Accept
Verification connection sting
of
Failed
Passed
Verification of Log In
Passed
6 Verification of Patient name Unknown Patient Name valid Patient Name
Passed
7 8
Display an Error Message Enter Exist name. Accept Patient Name
Failed Passed
Verification of Patient test
Not exist patient test
Display an Error Message Record
Display an Error Message Record does
Passed
Department of MCA
P.E.S.C.E Mandya
2012
49
does not exit.
not exit.
Exist test name 10 Verification 11 patient age of Invalid data type
Shows test result
Shows test result Display an Error Message Invalid data type
Passed
Display an Error Message Invalid data type
Passed
IMPLEMENTATION
Department of MCA
P.E.S.C.E Mandya
2012
50
CHAPTER: 7
IMPLEMENTATION
Implementation is the process of converting a new or a revised system design into an operational One. The objective is to put the new or revised system that has been tested into operational while holding costs, risks, and personal irritation to the minimum. A critical aspect of the implementation process is to ensure that there will be no disrupting the functioning of the organization. The best method for gaining control while implanting any new system would be to use well planned test for testing all new programs. Before production files are used to test live data, test files must be created on the old system, copied over to the new system, and used for the initial of each program. Another factor to be considered in the implementation phase is the acquisition of the hardware and software. Once the software is developed for the system and testing is carried out, it is then the process of making the newly designed system fully operational and consistent in performance . for this the following steps will be followed for the implementation of the system.
Implementation planning:
Department of MCA
P.E.S.C.E Mandya
2012
51
A through and logical thought should be put in for planning the implementation , which Involves sound knowledge in the following areas:
Personal needs Programming tools selected
System training plan Equipped installation plan System conversion plan System test plan
Department of MCA
P.E.S.C.E Mandya
2012
52
CONCLUSION
Department of MCA P.E.S.C.E Mandya 2012
53
CHAPTER: 8
CONCLUSION
We have proposed a system which uses sound signature to recall graphical password click points. No previously developed system used this approach this system is helpful when user is logging after a long time. In future systems other patterns may be used for recalling purpose like touch of smells, study shows that these patterns are very useful in recalling the associated objects like images or text. .
Department of MCA
P.E.S.C.E Mandya
2012
54
FUTURE ENHANCEMENT
55
CHAPTER: 9
FUTURE ENHANCEMENT
In future systems other patterns may be used for recalling purpose like touch of smells, study shows that these patterns are very useful in recalling the associated objects like images or text.
Department of MCA
P.E.S.C.E Mandya
2012
56
Department of MCA
P.E.S.C.E Mandya
2012
57
BIBLIOGRAPHY
BIBLIOGRAPHY
[1] Mathew MacDonald, Begining ASP.NET 3.5 in c# 2008, Second edition [2] Jason Beres,Et.Al, Mathew MacDonald ,Visual Basic .NET Programming BIBLE, Wiley Dreamtech India Pvt.Ltd, By Bill Evjen, [3] Bill Evjen, Rockford Lhotka, Billy Hollis, Bill Sheldon, Kent Sharkey, Tim Mccarthy,Rama Ramachandran, Professional Visual Basic 2005, Wiley Dreamtech Publications, Edition 2006. [4] Microsoft SQL Server 2008 Database Design And Implementation, Prentice Hall Of
Department of MCA
P.E.S.C.E Mandya
2012
58
Inadia, Second Edition By Microsoft Corporation. [5] Bible, Mridula Parihar Et Al, ASP.NET.Published By Hungry Minds, Inc,909 Third Avenue New York,NY 10022.
Websites:
http://www.w3schools.com/aspnet/ http://msdn.microsoft.com/en-us/aa336522 http://www.learnvisualstdio.net/asp.net2.0 http://www.msdn/asp.net2.0/defalut.aspx/ http://www.ieee.org http://www.sourcefordgde.com
Department of MCA
P.E.S.C.E Mandya
2012
59
SCREEN SHOTS
Home Page
Department of MCA
P.E.S.C.E Mandya
2012
60
Login Index page
Department of MCA
P.E.S.C.E Mandya
2012
61
Department of MCA
P.E.S.C.E Mandya
2012
62
Admin Login
Department of MCA
P.E.S.C.E Mandya
2012
63
Upload files
View User
Department of MCA
P.E.S.C.E Mandya
2012
64
Department of MCA
P.E.S.C.E Mandya
2012
65
Registration Index page
Department of MCA
P.E.S.C.E Mandya
2012
66
Airforce Registration
Department of MCA
P.E.S.C.E Mandya
2012
67
Airforce Login
Department of MCA
P.E.S.C.E Mandya
2012
68
Airforce Upload file
Department of MCA
P.E.S.C.E Mandya
2012
69
Airforce Download file
Defence registration
70
Department of MCA
P.E.S.C.E Mandya
2012
71
Defence login
Defence Upload file

72
Department of MCA
P.E.S.C.E Mandya
2012
73
Defence Download file
Department of MCA
P.E.S.C.E Mandya
2012
74
Navy Registration
Department of MCA
P.E.S.C.E Mandya
2012
75
Navy Login
Department of MCA
P.E.S.C.E Mandya
2012
76
Navy Upload file
Department of MCA
P.E.S.C.E Mandya
2012
77
Navy Download file
Department of MCA
P.E.S.C.E Mandya
2012

Vin U Full Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vin U Full Report

Uploaded by

Copyright:

Available Formats

1

INTEGRATION OF SOUND SIGNATURE AND GRAPHICLEPASSWORD AUTHENTICATION SYSTEM IN ARMY

The module contain

1. User profile Vector(master) 2. Create Detailed Vector

2.2 OVERVIEW OF .NET TECHNOLOGY

Windows Application BASE

Fig:2.1 .Net Framework

2.3 COMMON LANGUAGE RUNTIME (CLR)

Common Language Runtime

Class Loader P.E.S.C.E Mandya

2.5 ADO.NET ADO.NET Object model

Fig:2.3 ADO .Net Object Model

CONNECTING TO A DATA SOURCE

COMMANDS AND PARAMETERS

DataAdapters and DataReaders

Microsoft SQL Server (RDBMS)

2.6 An Overview of .NET Framework

Common Language Runtime

Common Type Systems

languages are able to interact with each other.

2.7 ASP.NET Technology

Using C# with ASP.NET

2.8 Features of C# Language

2.9 Introduction to SQL Server

2.10 Features of SQL Server 2008

2.11 MVC Architecture

SYSTEM REQUIREMENT SPECIFICATION

SYSTEM REQUIREMENT SPECIFICATION

3.2 Hardware Requirements

RAM Hard Disk

Operating System Presentation Database Language Web Server Development kit

Table: 3.2 Software requirements

Disadvantages of existing system:

4.2 Proposed system

Advantages of the proposed system

Select Sound Signature Select Tolerances Level Level

Fetch User Profile Vector Show Image from User Profile

Detect Mouse Position on Image

Select & Click on Pass Point

Want More Image

If Mouse POS=User Profile

Play Sound Signature Play Random Sound

Create User Profile Vector

Compare Login & User Vector Logo n If d< D Impos ter

5.3 INTRODUCTION TO E-R CONCEPT

Data type Varchar(MAX)

Table 5.1 : Log In

Data type Varchar(50)

Addres City Email

Varchar(MAX) Varchar(MAX) Varchar(MAX)

Enter a user addres Enter a user city Enter a user emailid

Table 5.2 : Registrationform

Table 5.3 Upload Files

Data type Varchar(50)

Description Patient ID Video is loaded We can puase video in correct

uploaded time Table 5.5 : File download

5.4 ACITIVITY DIAGRAM

Fig5.2: Activity Diagram

5.5Use Case Diagram

5.6 Sequence Diagram

Airforce/ Defence/ Navy Create an Account

View Uploaded Files

Download Files W ith Sound Signature