A MINI PROJECT REPORT ON KEYPASS PASSWORD PROTECTION MANAGER Submitted To Jawaharlal Nehru Technological University in partial fulfillment of the

Requirements for the award of BACHELOR OF TECHNOLOGY IN INFORMATION TECHNOLOGY Head of the Department

DEPARTMENT OF INFORMATION TECHNOLOGY

CERTIFICATE This is to certify that the mini project entitled KEYPASS PASSWORD PROTECTION MANAGER Has been successfully completed by In the partial fulfillment of the requirements for the Degree of BACHELOR OF TECHNOLOGY In Information Technology This work was carried out by them under our Supervision and guidance during the academic year 2008-2009

INTERNAL GUIDE

HEAD OF THE DEPARTMENT

EXTERNAL EXAMINER

DECLARATION

ACKNOWLEDGEMENT

ABSTRACT KEY PASS PASSWORD PROTECTION MANAGER

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you

should use different passwords for each account. Because if you use only one password everywhere and someone get this password you have a problem. A serious ID problem to the owner of the. The thief would have access to your e-mail account, homepage, etc. Unimaginable. This system is a password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted. A facility to update and change information is provided.

Modules: 1. Login & Security 2. ID & Password Manager 3. Encryption 4. Decryption 5. Report Generation.

TABLE OF CONTENTS 1. INTRODUCTION.........................................................................................................5

1.1 Purpose .................................................................................................................................. 1.2 Intended Audience and Reading Suggestions........................................................................ 1.3 Product Scope........................................................................................................................ 1.4 Project Scope.......................................................................................................................... 1.5 References.............................................................................................................................. 2.1Product Perspective................................................................................................................ 2.2 Product Functions................................................................................................................. 2.3User Classes and Characteristics............................................................................................ 2.4Operating Environment.......................................................................................................... 2.5Design and Implementation Constraints................................................................................ 5 5 5 5 6 6 7 7 8 8

2. Overall Description.......................................................................................................6

2.6User Documentation.............................................................................................................. 9

3. External Interface Requirements................................................................ 9

3.1User Interfaces....................................................................................................................... 9 3.2Hardware Interfaces............................................................................................................... 9 3.3Software Interfaces................................................................................................................ 9

4. System Features.......................................................................................................... 10 5. OTHER NON FUNCTIONAL REQUIREMENTS................................................ 11

5.1Performance Requirements.................................................................................................. 5.2Safety Requirements............................................................................................................ 5.3Product Security Requirements............................................................................................ 5.4Software Quality Attributes................................................................................................. ........................................................................................................................... .................................................................................................................................................. 8. TESTING.............................................................................................................................. 11 11 11 11 42 42 42

9. Bibiliography

1. INTRODUCTION 1.1 Purpose

To provide security to highly confidential data such as ids and passwords that may span from PC applications to financial information. 1.2 Intended Audience and Reading Suggestions

Intended for Project Managers, Developers, End users and Quality Assurance Engineers. Suggested reading the document would be overall document description, product based information gathering followed by Infrastructure requirement. 1.3

Product Scope Language : Java

1.4

Project Scope

Provides registration to public in order to access the application. The user can change his password. Registered users can store critical and confidential data in a secured form. Unprotect and Retrieve data as and when necessary. The data can be retrieved anytime, from anywhere and any number of times. Protection provided to the stored data using the DES algorithm.

1.5

References 1) Java a) Java Black Book b) JSP2.0 Dream tech Publication c) JSP Work Publications d) www.w3schools.com a) Databases in Java, Worth b) Database, C.J Dates

2) Database

2. Overall Description

2.1Product Perspective
In the present scenario every person is associated with some id and password. It may pertain to accessing the PC, the web, emails, financial institutions, access to credit cards, ATMs etc. Most often a person tries to remember them in order to use it. It is always known that a person or individual confuses between passwords of different ids. Some individuals in order to avoid confusion also adapt to use a common password for all ids. Both of the above can either lead to misplaced password or forgotten password or easily hacked when the single password is known. Some individuals even try to save critical information in books or registers or electronic diaries and carry them along. The possibility of this carrier being lost or damaged is high. In the present scenario certain passwords can be recovered after a procedural delay. In some cases the password can not be reset easily and the user has to forgo or close the account permanently as in the case of mails. The project is to maintain a centralized server that, stores critical information and be accessible to the user from anywhere, anytime. The server can now remember any

amount of ids and passwords irrespective of even their lengths. Highly useful when data such as a credit card, debit card number etc that have larger number of digits or characters cannot be remembered easily. In order to provide higher level security the data is stored in an unreadable format. To provide this scenario the server implements the DES algorithm using the visual studio. Similarly whenever the data needs to be unprotected and used the decryption ensures that the data is recovered without any loss or alterations.

2.2 Product Functions

2.3User Classes and Characteristics

The application can be used by general public, organizations etc without having to be specific to any community. The user who has registered only has access to this application.

1 ) .
higher.

Register a user. Store information with security. Retrieve information as and when required. Multi-tier architecture enables less maintenance as only the server is of importance. Generate report either on a single user id or list of Ids. Keys are auto generated, associated with password ensures the protection level is Length of the keys altered each time to suite user needs. The user need not remember the keys instead only filenames. Both the key and password within the application is maintained encrypted. The details of the account, key, protected file is stored into the database but not the actual password.

2.4Operating Environment
Software Requirements: Operating System Language Front End Backend Web server : : : : : Windows OS (2000 or higher) Java HTML, JSP Ms-Access Tomcat

Hardware Requirements (Minimum) Processor Ram Hard Disk Monitor : : : : PIV 512 Mb 40 GB Space VGA Color (256)

2.5Design and Implementation Constraints

The application is designed using JSP. Hence all the design or screens are done using web pages. The constraints are that JVM should be available and running for the application to execute. As the database is in Ms-Access, Ms-Office should be installed. Tomcat should be installed and running.

2.6User Documentation
The product is provided with built-in manual that would help the end user use the system for functioning.

3. External Interface Requirements

3.1User Interfaces
The application provides with keyboard shortcuts and a facility to use the mouse to trigger the required actions. They act as shortcuts and provide an easy navigation within the software. Output data to the user including errors and exceptions are displayed through message boxes and dialogs using HTML.

3.2Hardware Interfaces
The application concentrates on the multi tier scenario and has no dependency on the network or protocols. When executed on a standalone machine no additional peripheral requirements are needed.

3.3Software Interfaces
The incoming data to the product would be raw text data and outgoing data would be binary. Ms-access, JVM and Tomcat are the needed software interfaces.

4. System Features
1. Login & Security The module deals with authentication of the users using the application. There are basically two types of users Administrator & the public. Each of the above users are associated with user id and password. The user id is unique to each user. The users login with the specified id and password to access their schema information. Additional facility to change their password is also provided. 2. ID & Password Manager This module deals with storing as many IDs and correlated passwords into the database. Each user can have more than one id stored. The password is sent to the Blowfish encryption module to have it encrypted or converted to cipher text before it can be stored in the database. Each id acts as the primary key for that password. The id is then used to retrieve the associated password later. 3. DES Encryption DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although the effective key strength is only 56 bits, as explained below). It takes a 64-bit block of plaintext as input and outputs a 64-bit block of cipher text. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the cipher text. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially. 4. DES Decryption DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although the effective key strength is only 56 bits, as explained below). It takes a 64-bit block of plaintext as input and outputs a 64-bit block of cipher text. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher.

DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the cipher text. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially 5. Report Generation The module allows the users of the application to view the following reports :1. Password for a particular user id. 2. Tabulated listing of all user account and related passwords.

5. OTHER NON FUNCTIONAL REQUIREMENTS

5.1Performance Requirements
No external factor influences performance as the application is standalone. Higher memory is recommended for faster execution. However when executed from intranet or internet good bandwidth, less congestion and shortest route to reach the server would enhance the performance.

5.2Safety Requirements
No harm is expected from the use of the product either to the OS or any data.

5.3Product Security Requirements

The product is protected from un-authorized users from using it. The system allows only authenticated users to work on the application. The users of the system are registered users.

5.4Software Quality Attributes

The product is user friendly as it is developed using web pages. The application is reliable and ensures its functioning maintaining the users and their confidential data. As it is developed in java it is interoperable on any OS. The system requires minimum maintenance.

6. SOFTWARE DESIGN UML DIAGRAMS USE CASE DIAGRAM: A use case is a set of scenarios that describes an interaction between a user and a system. A use case diagram displays the relationship among actors and use cases. The two main components of a use case diagram are use cases and actors.

CLASS DIAGRAM: A class diagram is a type of static structure diagram that describes the structure of a system by showing the systems classes ,their attributes and the relationships between the classes.

SEQUENCE DIAGRAM: A sequence diagram demonstrates the behavior of objects in a use case by describing the objects and the messages they pass. The diagrams are read left to right and descending.

Sequence diagram for login:

Sequence diagram for change password:

Sequence diagram for protect data:

Sequence diagram for unprotect data:

ACTIVITY DIAGRAM:

Activity diagrams describe the workflow behavior of a system. Activity diagrams are similar to State diagrams because activities are the state of doing something. The diagrams describe the state of activities by showing the sequence of activities performed.

Activity diagram for change password (A)

Activity diagram for protect data(B)

7.SCREENSHOTS

Home page

Fig 1 The homepage will be appeared as above

Fig.2 When we click on contact us button in the Fig 1 ,the above screen appears displaying the contact details

Fig 3 When we click on register button in Fig 2 the above screen Fig 3 appears , where the user has to fill the required fields to register himself.

Fig 4 The registration is successful for the user Arvind.

Fig 5 After registration of a user is successful, he has to login with the correct user Id and password. In this screen an invalid password is entered.

Fig 6 As the invalid password is entered the above screen Fig 6 is displayed.

Fig 7 When the correct user Id and password are provided the above screen fig 7 appears.

Fig 8 To change password click on change password icon in Fig 7, the Fig 8 appears where the user has to provide the details that are asked.

Fig 9 If the original password does not match with the password that is given in Fig 8,the above screen Fig 9 appears saying that password is mismatch, Try again.

Fig 10 Now give the identical password.

Fig 11 Now the password is reset for account Arvind.

Fig 12 To generate keys click on the Generate key option , the above screen appears, where we have to specify a key file name in .txt form.

Fig 13 The key is generated successfully, if the given key file name doesnt exist.

Fig 14 To protect the data click on Protect Data option, then the above screen appears where the account id should be provided giving the description of the account in the account description field and the password to protect is the password which we want to protect, the protection date will be generated automatically and the master key is the key file name that is given during the generating key and the protected file is the location given where we want to store the file.

Fig 15 After giving all the details the password is protected successfully.

Fig 16 To recover the data click on the unprotect data option and the above screen appears where we need to give our account Id and master Key.

Fig 17 As the given master key is invalid the above screen appears.

Fig 18 Give the correct Master Key.

Fig 19 The password is recovered.

Fig 20 To view keys click on view keys option, then it gives the list of accounts that has been created by the user with the description and key. Arvind has created an account suresh@gmail.com which is displayed in the above screen.

8. TESTING
8.1 PURPOSE: The purpose of testing is to assess product quality. It helps to strengthen and stabilize the architecture early in the development cycle. We can verify through testing, the various interactions, integration of components and the requirements which were implemented. It provides timely feedback to resolve the quality issues, in a timely and cost effective manner. The test workflow involves the following: Verifying the interactions of components. Verifying the proper integration of components. Verifying that all requirements have been implemented correctly. Identifying and ensuring that all discovered defects are addressed before the software is deployed.

8.2 QUALITY: The common usage of the term quality refers to a number of things: principally it means the absence of defects, but more importantly, a fitness for a desired purpose. The ultimate goal of testing is to assess the quality of the end product. Quality assessments often consider process quality and organizational factors as well as direct product quality.

8.3 PRODUCT QUALITY: The role of testing is not to assure quality, but to assess it, and to provide timely feedback so that quality issues can be resolved in a timely and cost-effective manner.

8.4 TESTING IN THE ITERATIVE LIFECYCLE: Testing is not a single activity, nor is it a phase in the project during which we assess quality. If developers are to obtain timely feedback on evolving product quality, testing must occur throughout the lifecycle: we can test the broad functionality of early prototypes: we can test the stability, coverage and performance of the architecture while there is still an opportunity to fix it; and we can test the final product to assess its readiness for delivery to customers.

8.5 DIMENSIONS OF TESTING: To assess product quality, different kinds of tests, each one with a different focus, are needed. These tests can be categorized by several dimensions:

8.5.1Quality dimension: The major quality characteristic or attribute that is the focus of test. 8.5.2Stage of testing: The point in the lifecycle at which the test, usually limited to a single quality dimension. 8.5.3Type of testing: The specific test objective for an individual test, usually limited to a single quality dimension.

8.5.2 STAGES OF TESTING Testing is not a single activity, executed all at once. Testing is executed against different types of targets in different stages of the software development. Test stages progress from testing small elements of the system, such as components (unit testing), to testing completed systems (system testing). The four stages have the following purposes:

8.5.2.1Unit test: The smallest testable elements of the system are tested individually; typically at the same time those elements are implemented. 8.5.2.2Integration test: The integrated units (or components or subsystems) are tested. 8.5.2.3System test: the complete application and system (one or more applications) are tested. 8.5.2.4Acceptance test: The complete application (or system) is tested by end users (or representatives) for the purpose of determining readiness for deployment.

These stages occur throughout the lifecycle, with varying emphasis. An early conceptual prototype user in the inception phase to assess the viability of the product vision will be subjected to acceptance tests. Architectural prototype developed during the elaboration phase be subjected to integration and system tests to validate architectural integrity and performance of key architectural elements.

TEST CASES Module: Login Filename: login.vb Test Valid Login Input User Id, Password Received Output Login Success Act Output Login Success Desc Test Passed! Control Transferred to Menu Options Test Passed! Try Again Test Passed! Try Again

Invalid Login

User Id, Password Null,Null

Login Failed

Login Failed

Invalid Login

Login Failed

Login Failed

Module : change password Filename : register.vb Test Update Password Input Id,new pwd, conf pwd Info Received Output Act Output Success Success Desc Test Passed! Password updated

Module : Key Gen Filename : key.jsp Test Generate Key Input Key file Received Output Success Act Output Success Desc Test Passed! Key generated & saved to database Test Passed! Try Again, No path found

Generate Key

Key file

Failed

Failed

Module : Protect data Filename : protect.jsp Test Protect data Input Acct Id, Desc, pwd, key file, protection file Received Output Success Act Output Success Desc Test Passed! Data encrypted & Saved to db with user ID Test Passed! Incomplete data.

Protect data

Acct Id, Desc, pwd, key file, protection file

Failed

Failed

Module : Unprotect data Filename : uprotect.jsp Test Un Protect data Input Acct Id, key file, Received Output Success Act Output Success Desc Test Passed! Data dencrypted & displayed Test Passed! Invalid key

Un Protect data

Acct Id, key file,

Failed

Failed

9. BIBILIOGRAPHY: Reference: http://java.sun.com/products/jsp http://jspguru.com http://www.w3schools.com