Chapter 1

Introduction
Typically, there are three different methods of user authentication:

1) “What you know”such as passwords and PINs,

2) “What you have”such as ID cards and token and finally

3) “Who you are”such as biometrics including voice, iris and handwriting.

Passwords are the main and most common method of remote authentication.
However, they have their own frustrating challenges. In today’s connected world, a
person is registered in multiple web services, each requiring a specific type of password.
Users are asked to avoid common and easy-to guess passwords [14]. Often the
administrators require a combination of letters, special symbols and numbers. This has led
users to reuse a few passwords [16]. In fact, the majority of users have three or fewer
passwords that they use for all of their online logins.

This is quite a dangerous practice. If any of those “master” passwords is

compromised or shared, then the user has to recover from theft of passwords on multiple
services. Unfortunately, those reused passwords have low-entropy and are therefore easy
to guess[23]. However, the restrictions on the choice of passwords makes it really hard
for an average person to remember all of their passwords. Password managers appeared to
be the solution in this regard. They serve as a digital vault where we can store all of our
passwords and never rely on human memory to remember them. This allows us to use a
unique password for each web service. Generally, there are three different types of such
password managers.

The first category are desktop password managers where user passwords are
stored locally on the user’s computing device. Examples in this category are Mozilla
Firefox, Apple MacOS Keychain, RoboForm [21]. These password managers offer no
mobility, and in today’s world this is a considerable drawback. The second category
stores user passwords online on third-party cloud servers (e.g., LastPass [19] and Firefox
Sync [18]). They offer mobility, but the user has to trust the third party. Any attack on the
cloud servers could be catastrophic to the user.
 \ The third category stores passwords on either user phones or dedicated USB
devices. KeePass [2] is a well-known and open source example of phone-based password
managers. In USB devices, examples include SplashID Key Safe [5] and Victorinox
Slim[8]. However, they pose some mobility issues. The USB has to be carried at all times
and physically protected. Karole et al.([17]) conducted a study that found users prefer the
third category over the online category of password management. They discuss users’
inclination towards phone-based password managers. In all the above categories, the user
is asked to set a master password initially.

A key is derived using this master password and is used to encrypt all passwords
before storage. This, however, poses a serious security threat. If this master password is
compromised (e.g., offline dictionary attacks) then all of user’s passwords are
compromised. Basically, at the bottomline, all user log-ins depend on one single
password.This does not provide the security level that we intended to achieve.In this
work, we introduce a novel approach. Our phonebased online password manager
combines all three methods of authentication. We call our solution “Sesame”in honor of
the story of “Ali Baba and the Forty Thieves”. Sesame is a phone application that
encrypts each user password with a fresh randomly chosen key and stores the encrypted
passwords locally and a backup in a cloud of the user’s choice.

The encryption keys are stored on Sesame servers in an encrypted format. To

retrieve the keys, we require user authentication using their voice. Speaker recognition
and speech recognition are applied to the user’s voice to confirm user authenticity and
what they said. Then only the keys related to the service name the user asked for are sent
back to the phone. The application displays usernames and passwords only for the
requested web service. Our solution combines the best of all previous approaches. Since
each password is encrypted with a new key, users can enjoy the mobility of an online
solution with no security compromise.

The keys are stored in an encrypted format on Sesame servers and only can be
decrypted with a master password. owever, the server only releases the keys to Sesame
application when the user’s biometric (voice) is confirmed. The users enjoy the
convenience of speaking to Sesame servers to retrieve a password without typing. We
implemented our solution on Android platform and the application is now publicly
available at no fee on Google Play.
1.1 Existing System
The majorityof users have three or fewer passwords that they use for
allof their online log-ins [15], [7]. This is quite a dangerous practice. If any
of those “master” passwords is compromised orshared, then the user has to
recover from theft of passwords onmultiple services. Unfortunately, those
reused passwords havelow-entropy and are therefore easy to guess. Password
managers appeared to be the solution in thisregard. They serve as a digital
vault where we can storeall of our passwords and never rely on human
memory toremember them. This allows us to use a unique password foreach
web service. Generally, there are three different typesof such password
managers. The first category are desktoppassword managers where user
passwords are stored locallyon the user’s computing device. The second
categorystores user passwords online on third-party cloud servers. The
thirdcategory stores passwords on either user phones or dedicatedUSB
devices.

In all the above categories, the user is asked to set a masterpassword

initially. A key is derived using this master passwordand is used to encrypt
all passwords before storage. This, however,poses a serious security threat.

1.1.1 Disadvantages
 Therestrictions on the choice of passwords makes it really hardfor an
average person to remember all of their passwords.
 Password managers offer no mobility.
 User has to trust the third party. Any attack on thecloud servers could
be catastrophic to the user.
 The USBhas to be carried at all times and physically protected.
  If this master passwordis compromised (e.g., offline dictionary
attacks) then all ofuser’s passwords are compromised.

1.2 Proposed System

In this work, we introduce a novel approach. Our phonebasedonline password
manager combines all three methodsof authentication. Sesame is a phone application that
encrypts each user password with afresh randomly chosen key and stores the encrypted
passwordslocally and a backup in a cloud of the user’s choice. Theencryption keys are
stored on Sesame servers in an encryptedformat. To retrieve the keys, we require user
authenticationusing their voice. Speaker recognition and speech recognitionare applied to
the user’s voice to confirm user authenticity andwhat they said. Then only the keys
related to the service namethe user asked for are sent back to the phone. The
applicationdisplays usernames and passwords only for the requested webservice.
In our framework, we distribute data storage. User’s sensitivedata (e.g.,
passwords) are encrypted with a new key andstored both on the device’s storage and
backed up in a cloud of user’s choice. This information does not reveal anything
aboutsensitive data since no key is reused (providing maximumsecurity). On the other
hand, the keys are stored in Sesameservers. The users need not have any trust in Sesame
serverssince:
1) The keys themselves reveal nothing about user’s dataand
2) The keys are encrypted with a key that is protected bya key derived from the
master password.
Therefore, even inthe unlikely event that the cloud and Sesame servers collude,no
information about user data is revealed without the masterpassword. This distribution of
storage provides a very highlevel of user privacy.

1.2.1 Advantages
 Our solution combines the best of all previous approaches.
 Since each password is encrypted with a new key, users canenjoy the mobility of
an online solution with no securitycompromise.
 The keys are stored in an encrypted format onSesame servers and only can be
decrypted with a master password.
 The server only releases the keys to Sesameapplication when the user’s biometric
(voice) is confirmed.
 Theusers enjoy the convenience of speaking to Sesame serversto retrieve a
password without typing.
 The keys themselves reveal nothing about user’s data.
 The keys are encrypted with a key that is protected bya key derived from the
master password.
 Instead of requiring the user to type in theirmaster password every time, we
benefit from biometrics.
 Chapter 2

Literature Survey
Audio-Visual Emotion Recognition using Gaussian Mixture Models for Face and Voice

Audio-Visual Emotion Recognition using Gaussian Mixture Models for Face and Voice

Emotion expression associated with human communication is known to be a multimodal

process. In this work, we investigate the way that emotional information is conveyed by
facial and vocal modalities, and how these modalities can be effectively combined to
achieve improved emotion recognition accuracy. In particular, the behaviors of different
facial regions are studied in detail. We analyze an emotion database recorded from ten
speakers (five female, five male), which contains speech and facial marker data. Each
individual modality is modeled by Gaussian Mixture Models (GMMs). Multiple
modalities are combined using two different methods: a Bayesian classifier weighting
scheme and support vector machines that use post classification accuracies as features.
Individual modality recognition performances indicate that anger and sadness have
comparable accuracies for facial and vocal modalities, while happiness seems to be more
accurately transmitted by facial expressions than voice. The neutral state has the lowest
performance, possibly due to the vague definition of neutrality. Cheek regions achieve
better emotion recognition accuracy compared to other facial regions. Moreover,
classifier combination leads to significantly higher performance, which confirms that
training detailed single modality classifiers and combining them at a later stage is an
effective approach.

Advantage:

1. It effectively combined to achieve improved emotion recognition accuracy.

2. It used a large database (IEMOCAP) with multiple speakers.

Disadvantage:

1. The neutral state has the lowest performance.

Session Passwords for Android Mobiles

S. Archana, T. Meena, A. S. Vaishnavi& A. BazilaBanu

The mobiles that are marketed today are developed with extended features that include
the data storage. To protect the data most people make use of the textual passwords or
Graphical passwords in spite of its high security issues such as eavesdropping, dictionary
attacks, social engineering and shoulder surfing. Hence as a milestone in the field of
security, the experts developed the idea of Session password that has come into existence.
This paper involves the implementation of two techniques that combine the texts and
colors to generate session passwords. One of the techniques involve a 6*6 alphanumeric
matrix while the other includes a color palette along with a numeric matrix that are
unlocked using the concepts of play fair cipher cryptographic method for the high rate of
security in android mobiles.

Advantage:

1. It have ability to provide Authentication, Session passwords.

2. It have feature to provide strong Security.

Disadvantage:

1. Its choices are frequently more expensive than those of the cost-aware approach.

Authentication Schemes for Session Passwords using Color and Images

M SREELATHA, M SHASHI, M ANIRUDH, MD SULTAN AHAMER, V MANOJ

KUMAR

Textual passwords are the most common method used for authentication. But textual
passwords are vulnerable to eves dropping, dictionary attacks, social engineering and
shoulder surfing. Graphical passwords are introduced as alternative techniques to textual
passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address
this problem, text can be combined with images or colors to generate session passwords
for authentication. Session passwords can be used only once and every time a new
password is generated. In this paper, two techniques are proposed to generate session
passwords using text and colors which are resistant to shoulder surfing. These methods
are suitable for Personal Digital Assistants.

Advantage:

1. These techniques generate session passwords and are resistant to dictionary attack,
brute force attack and shoulder-surfing.
2. These schemes are completely new to the users and the proposed authentication
techniques should be verified extensively for usability and effectiveness.

Disadvantage:

1. The major drawback of this approach is that such systems can be expensive and
the identification process can be slow.

Design and Implementation of Improved Authentication System for Android Smartphone

Users

Kwang Il Shin, Jae Yong Lee, JiSoo Park, Jong Hyuk Park

The devices most often used for IT services are changing from PCs and laptops to
smartphones and tablets. These devices need to be small for increased portability. These
technologies are convenient, but as the devices start to contain increasing amounts of
important personal information, better security is required. Security systems are rapidly
being developed, as well as solutions such as remote control systems. However, even with
these solutions, major problems could still result after a mobile device is lost. In this
thesis, we present our upgraded Lock Screen system, which is able to support
authentication for the user’s convenience and provide a good security system for
smartphones. We also suggest an upgraded authentication system for Android
smartphones.

Advantage:

1. It have ability to provide Lock Screen, authentication.

2. It have feature of Android, smartphone.

Disadvantage:
 1. Sometime its complex due to some set of rule.

SOUND MORPHING WITH GAUSSIAN MIXTURE MODELS

Federico Boccardi, Carlo Drioli

In this work a sound transformation model based on Gaussian Mixture Models is

introduced and evaluated for audio morphing. To this aim, the GMM is used to build the
acoustic model of the source sound, and a set of conversion functions, which rely on the
acoustic model, is used to transform the source sound. The method is experimented on a
set of monophonic sounds and results show that it provides promising features.

Advantage:

1. For sound purpose it use sound morphing framework based on GMM.

2. The information on the dynamics of the process, obtained by augmenting the
model’s dimension, improve the quality of conversion because of the improved
modelling of time evolution

Disadvantage:

1. Its choices are frequently more expensive than those of the cost-aware approach.

OPASS Authentication Schemes Using Android Mobile Application in Providing Web

Security

P. Shailaja

Popular form of authentication for user is through text password because of its
effortlessness and convenience .On the other hand these passwords can be hacked by
using malicious software and threads. Firstly, as users maintain several accounts on
different websites they choose weak passwords which are easier to remember and they
use same passwords for different websites. Reusing the same password for different
websites may cause user to lose his information, if one account of user is hacked then
hacker can gain access to all other accounts of user. Entering the passwords into public
computers may not be safe if the attacker uses malicious software like keystroke logger to
get user’s password. In this paper we design opass (one time password) authentication
scheme for providing security to websites using an android mobile application. In this
scheme we are using an android mobile and SMS (short message service) to prevent
attacks while reusing passwords and stealing of passwords and to provide web security.

Advantage:

1. It have ability to provide authentication protocol, web security

2. It have some feature Opass Browser.

Disadvantage:

1. Sometimes it have network problem arise.

Authentication Scheme for Session Password using matrix Colour and Text

Mr. Sagar A. Dhanake, Mr. Umesh M. Korade, Mr.Chetan P. Shitole, Mr. Sagar B.
Kedar, Prof. V. M. Lomte

The most common method used for authentication is Textual passwords. But textual
passwords are in risk to eves dropping, dictionary attacks, social engineering and shoulder
surfing. Graphical passwords are introduced as alternative techniques to textual
passwords. Most of the graphical schemes are helpless to shoulder surfing. To address
this problem, text can be combined with images or colors to generate session passwords
for authentication. Session passwords can be used only once and every time a new
password is generated. In this paper, two techniques are proposed to generate session
passwords using text and colors which are resistant to shoulder surfing. These methods
are suitable for Personal Digital Assistants.

Advantage:

1. It have ability to provide Authentication, dictionary attack, shoulder surfing, pair-

based, hybrid textual authentication scheme, draw-a- secret.
2. It have some feature session passwords, authentication scheme.

Disadvantage:
 1. The graphical passwords which includes shoulder-surfing and are very expensive
to implement.

GAUSSIAN MIXTURE MODELS FOR EXTRACTION OF MELODIC LINES FROM

AUDIO RECORDINGS

MatijaMarolt

The presented study deals with extraction of melodic line(s) from polyphonic audio
recordings. We base our work on the use of expectation maximization algorithm, which is
employed in a two-step procedure that finds melodic lines in audio signals. In the first
step, EM is used to find regions in the signal with strong and stable pitch (melodic
fragments). In the second step, these fragments are grouped into clusters according to
their properties (pitch, loudness...). The obtained clusters represent distinct melodic lines.
Gaussian Mixture Models, trained with EM are used for clustering. The paper presents
the entire process in more detail and gives some initial results.

Advantage:

1. It have signal with strong and stable pitch.

2. It have some feature Gaussian Mixture Models, trained with EM are used for
clustering.

Disadvantage:

1. The features in these studies could be applied to its problem.

A Comparative Study of Graphical and Alphanumeric Passwords for Mobile Device

Authentication

Mohd Anwar and Ashiq Imran

Mobile devices such as smartphones and tablets are widely used to perform security
critical and privacy sensitive activities, such as mobile banking, mobile health care,
mobile shopping, etc. Screen locks are used in mobile devices to protect sensitive
information. Graphical password and alphanumeric password are two common types of
screen locking schemes. The alphanumeric password scheme has shown some security
and usability drawbacks. For example, a user may pick an easy to remember
alphanumeric password that may also be easy to guess. On the contrary, if as user picks a
password that is hard to guess it may also be hard to remember. Several alternative
password mechanisms have been introduced. Graphical password is one of them, and it is
based on pictures or patterns. However, graphical password is also vulnerable to certain
types of attack. In this paper, we study an alphanumeric password method (i.e., PIN) and
a graphical password method (i.e., pattern) in order to unravel security and usability
issues related to mobile device authentication. The study uses observation and survey data
to compare these two authentication methods on following criteria: creation time,
memorability, and login time and login success rate. In addition, we also measure how the
screen size of a mobile device affects usability and security aspects of screen locks by
measuring differences on creation time, memorability, login time, login success rate for
Android smartphone and tablet.

Advantage:

1. This technic are widely used to perform security critical and privacy sensitive
activities.
2. It have some feature Screen locks are used in mobile devices to protect sensitive
information.

Disadvantage:

1. Its choices are frequently more expensive than those of the cost-aware approach.

SECUDROID - A Secured Authentication in Android Phones Using 3D Password

Ms. Chandra Prabha K M.E. Ph.D 1, Mohamed Nowfel22 E S, Jr., Gowtham V3,
Dhinakaran V4

The devices used most often for IT services are changing from PCs and laptops to android
supported mobile devices and tablets. These devices are in the need of hand held for
increased portability. These technologies are more convenient than others, but as the
devices start to contain enormous amount of important personal information, a good
security mechanism is required. Security systems and authentication techniques such as
remote control systems have been rapidly developing since 2006. Although these
solutions were proposed to be viable, major problems could still result when the device
itself is stolen. In this report, we present our upgraded Lock Screen System, Biometric
scheme and Graphical Password scheme which support authentication for the user’s
convenience and provide a good security measure for smart phones. We also propose an
upgraded authentication schemes for Android smart phones to enhance the security.
Initially the user enters 3D Virtual Environment and they are free to use that environment
and they will select the objects. After that step, the user will enter the Textual
Environment and enter the textual password. Then the user has to enter the Graphical
environment and they have to enter the pattern in the picture. Finally they will enter in to
the Biometric Environment and fingerprint is registered. Then all the inputs are stored in
the database. After that all inputs are compared to the stored results. Then the user is
authenticated in to the mobile phone. By using this Multifactor Authentication in the
Single 3D Virtual Environment, We provide enhanced Security.

Advantage:

1. It have ability to provide Virtual Environment, Authentication.

2. It have some feature, Smart phones,Android.

Disadvantage:

1. Timing attacks can be very effective if the 3D virtual environment is poorly

designed.
2. If there are many users using 3D Passwords then much space will be required to
store these in database. So it may affect the speed.
Chapter 3
System Requirement Specification
System Requirement Specification (SRS) is a central report, which frames the
establishment of the product advancement process. It records the necessities of a
framework as well as has a depiction of its significant highlight. A SRS is essentially an
association's seeing (in composing) of a client or potential customer's framework
necessities and conditions at a specific point in time (generally) before any genuine
configuration or improvement work. It's a two-way protection approach that guarantees
that both the customer and the association comprehend alternate's necessities from that
viewpoint at a given point in time.
The composition of programming necessity detail lessens advancement exertion,
as watchful audit of the report can uncover oversights, mistaken assumptions, and
irregularities ahead of schedule in the improvement cycle when these issues are less
demanding to right. The SRS talks about the item however not the venture that created it,
consequently the SRS serves as a premise for later improvement of the completed item.
The SRS may need to be changed, however it does give an establishment to proceeded
with creation assessment.
In straightforward words, programming necessity determination is the beginning
stage of the product improvement action. The SRS means deciphering the thoughts in the
brains of the customers – the information, into a formal archive – the yield of the
prerequisite stage. Subsequently the yield of the stage is a situated of formally determined
necessities, which ideally are finished and steady, while the data has none of these
properties.

3.1 Software and Hardware Requirements

3.1.1. Software Requirements
Coding Language : Java, Java swing, Socket.
Platform : Windows XP and above.
Simulator : Eclipse.

3.1.2 Hardware Requirements

Processors : Pentium IV or later versions.
RAM : 512 MB and above.
Storage : 20GB.

3.2 System Requirements

3.2.1 Functional Requirements
The Functional Requirements Definition reports and tracks the fundamental data needed
to successfully characterize business and practical necessities. The Functional
Requirements Definition report is made amid the Planning Phase of the undertaking. Its
target group is the undertaking supervisor, task group, venture support, customer/client,
and any partner whose data/regard into the necessities definitions procedure is required.
The practical prerequisites incorporate the accompanying:

3.2.2 Non Functional Requirements

 Reliability
The framework ought to be dependable and solid in giving the functionalities.
When a client has rolled out a few improvements, the progressions must be made
unmistakable by the framework. The progressions made by the Programmer ought
to be unmistakable both to the Project pioneer and in addition the Test designer.
 Security
Aside from bug following the framework must give important security and must
secure the entire procedure from smashing. As innovation started to develop in
quick rate the security turned into the significant concern of an association. A
great many dollars are put resources into giving security. Bug following conveys
the greatest security accessible at the most noteworthy execution rate conceivable,
guaranteeing that unapproved clients can't get to imperative issue data without
consent. Bug following framework issues diverse validated clients their mystery
passwords so there are limited functionalities for all the clients.
 Maintainability
The framework observing and upkeep ought to be basic and target in its approach.
There should not be an excess of occupations running on diverse machines such
that it gets hard to screen whether the employments are running without lapses.
 Performance
 The framework will be utilized by numerous representatives all the while. Since
the framework will be facilitated on a solitary web server with a solitary database
server out of sight, execution turns into a noteworthy concern. The framework
ought not succumb when numerous clients would be utilizing it all the while. It
ought to permit quick availability to every last bit of its clients. For instance, if
two test specialists are all the while attempting to report the vicinity of a bug, then
there ought not be any irregularity at the same time.
 Portability
The framework should to be effectively versatile to another framework. This is
obliged when the web server, which s facilitating the framework gets adhered
because of a few issues, which requires the framework to be taken to another
framework.
 Scalability
The framework should be sufficiently adaptable to include new functionalities at a
later stage. There ought to be a typical channel, which can oblige the new
functionalities.
 Flexibility
Flexibility is the capacity of a framework to adjust to changing situations and
circumstances, and to adapt to changes to business approaches and rules. An
adaptable framework is one that is anything but difficult to reconfigure or adjust
because of diverse client and framework prerequisites. The deliberate division of
concerns between the trough and motor parts helps adaptability as just a little bit
of the framework is influenced when strategies or principles change.

1.3 The Java Programming Language

Java was conceived by James Gosling, Patrick Naughton, Chris wrath, Ed Frank,
and Mike Sheridan at Sun Micro system. It is a platform independent programming
language that extends its features wide over the network. Java2 version introduces a new
components than are possible with AWT

• It’s a light weight package, as they are not implemented by platform-specific code.
• Related classes are contained in javax.swing and its sub packages, such as
javax.swing.tree
• Components explained in the swing have more capabilities than those of AWT.
 The Java programming language is a high-level language that can be characterized by
all of the following buzzwords

• Simple
• Architecture neutral
• Object oriented
• Portable
• Distributed
• High performance
• Interpreted
• Multithreaded
• Robust
• Dynamic
• Secure

With most programming languages, we either compile or interpret a program so

that we can run it on our computer. The Java programming language is unusual in that a
program is both compiled and interpreted. With the compiler, first we translate a program
into an intermediate language called Java byte codes.
Java byte codes are the platform-independent codes interpreted by the interpreter
on the Java platform. The interpreter parses and runs each Java byte code instruction on
the computer. Compilation happens just once; interpretation occurs each time the program
is executed. The following figure illustrates how this works.
+
 Fig 5.1 Java Programming Language Execution

We can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a
Web browser that can run applets, is an implementation of the Java VM. Java byte codes
help make “write once, run anywhere” possible. You can compile your program into byte
codes on any platform that has a Java compiler. The byte codes can then be run on any
implementation of the Java VM. That means that as long as a computer has a Java VM,
the same program written in the Java programming language can run on Windows 2000, a
Solaris workstation, or on an iMac.
 Fig 5.2 Sample program execution

3.4 The Java Platform

A platform is the hardware or software environment in which a program runs.

We’ve already mentioned some of the most popular platforms like Windows 2000, Linux,
Solaris, and MacOS. Most platforms can be described as a combination of the operating
system and hardware. The Java platform differs from most other platforms in that it’s a
software-only platform that runs on topof other hardware-based platforms.
The Java platform has two components:
• The Java Virtual Machine (JVM)
• The Java Application Programming Interface (Java API)

We’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as
packages.

The figure 5.3 depicts a program that’s running on the Java platform. As the figure shows,
the Java API and the virtual machine insulate the program from the hardware.

Fig 5.3 Java Interpreter Architecture

Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a
bit slower than native code. However, smart compilers, well-tuned interpreters, and just-
in-time byte code compilers can bring performance close.

3.1 JAVA SERVER PAGES

JavaServer Pages(JSP) are a technology that helpssoftware

developers createdynamically generated web pages based on HTML,XML, or other
document types. Released in 1999 bySun Microsystems,JSP is similar to PHP, but it uses
the Java programming language. To deploy and run JavaServer Pages, a compatible web
server with aservlet container, such as Apache Tomcat or Jetty, is required.

Architecturally, JSP may be viewed as a high-levelabstraction of Java servlets.

JSPs are translated into servletsat runtime each JSP, servlet is cached and re-used until the
original JSP is modified.

JSP can be used independently or as the view component of a server-side model–

view–controller design, normally withJavaBeans as the model and Java servlets (or a
framework such as Apache Struts) as the controller. This is a type of Model
2 architecture.

JSP allows Java code and certain pre-defined actions to be interleaved with static
web markup content, with the resulting page being compiled and executed on the server
to deliver a document. The compiled pages, as well as any dependent Java libraries, use
Java bytecode rather than a native software format. Like any other Java program, they
must be executed within a Java virtual machine (JVM) that integrates with the server's
host operating system to provide an abstract platform-neutral environment.

JSPs are usually used to deliver HTML and XML documents, but through the use
of OutputStream, they can deliver other types of data as well.

The Web container creates JSP implicit objects like pageContext, ServletContext,

session, request & response.
 Fig 3.1: jsp model

A JavaServer Pages compiler is a program that parses JSPs, and transforms

them into executable Java Servlets. A program of this type is usually embedded into
the application server and run automatically the first time a JSP is accessed, but pages
may also be recompiled for better performance, or compiled as a part of the buildprocess
to test for errors. Some JSP containers support configuring how often the container
checks JSP file timestamps to see whether the page has changed. Typically, this
timestamp would be set to a short interval (perhaps seconds) during software
development, and a longer interval (perhaps minutes, or even never) for a deployed Web
application.

3.2 JAVA SERVLET

The servlet is a Java programming language class used to extend the capabilities

of a server. Although servlets can respond to any types of requests, they are commonly
used to extend the applications hosted byweb servers, so they can be thought of as Java
applets that run onservers instead of in web browsers.These kinds of servlets are
theJava counterpart to other dynamic Web content technologies such
asPHP and ASP.NET.
 Fig 3.2: Life of a jsp file

Three methods are central to the life cycle of a servlet. These are init(), service(),
and destroy(). They are implemented by every servlet and are invoked at specific times by
the server.

 During the initialization stage of the servlet life cycle, the web container initializes
the servlet instance by calling the init() method, passing an object implementing
thejavax.servlet.ServletConfig interface. This configuration object allows the servlet
to access name-value initialization parameters from the web application.
 After initialization, the servlet instance, can service client requests. Each request is
serviced in its own separate thread. The web container calls the service() method of
the servlet for every request. The service() method determines the kind of request
being made and dispatches it to an appropriate method to handle the request. The
developer of the servlet must provide an implementation for these methods. If a
request is made for a method that is not implemented by the servlet, the method of the
parent class is called, typically resulting in an error being returned to the requester.
 Finally, the web container calls the destroy() method that takes the servlet out of
service. The destroy() method, like init(), is called only once in the lifecycle of a
servlet.
The following is a typical user scenario of these methods.

1. Assume that a user requests to visit a URL.

 The browser then generates an HTTP request for this URL.
 This request is then sent to the appropriate server.
2. The HTTP request is received by the web server and forwarded to the servlet
container.
 The container maps this request to a particular servlet.
 The servlet is dynamically retrieved and loaded into the address space of
the container.
3. The container invokes the init() method of the servlet.
 This method is invoked only when the servlet is first loaded into memory.
 It is possible to pass initialization parameters to the servlet so that it may
configure itself.
4. The container invokes the service() method of the servlet.
 This method is called to process the HTTP request.
 The servlet may read data that have been provided in the HTTP request.
 The servlet may also formulate an HTTP response for the client.
5. The servlet remains in the container's address space and is available to process any
other HTTP requests received from clients.
 The service() method is called for each HTTP request.
6. The container may, at some point, decide to unload the servlet from its memory.
 The algorithms by which this decision is made are specific to each
container.
7. The container calls the servlet's destroy() method to relinquish any resources such as
file handles that are allocated for the servlet; important data may be saved to a
persistent store.
8. The memory allocated for the servlet and its objects can then be garbage collected.

3.3 ANDROID DESCRIPTION

Attendance is an app for teachers that want to take attendances in their classes
using their phones. With Attendance you can create courses, terms and course
occurrences; create groups of students with different schedules; add students to groups;
and finally take attendances. Attendance status can be configured for each occurrence and
are Present, absent. Export attendance data to CSV and HTML. In a future release, it will
be possible to export to Excel, Markdown, Dokuwiki; and also e-mail students and a
bunch of other planned features. Android App on mobile attendance is a simple to use
Attendance Log. You can setup Categories along with Sub-Categories. Once on the
Attendance Manager Screen a simple click in the box automatically updates the running
total of attendance for that person.
One useful scenario is for college teachers to take attendance of the students
during theirexcursions. Attendance records - an important feature for any coach, teacher,
trainer or tutor. Add extensive student details for each student, including email, home
phone number and much more.
Easily generate random teams and groups of up to 60+ students per group.Android
is a software stack for mobile devices that includes an operating system, middleware and
key applications. The Android SDK provides the tools and APIs necessary to begin
developing applications on the Android platform using the Java programming language.
The android mobile operating system is based on the Linux kernel. Google and other
members of the Open Handset Alliance collaborated on Android's development and
release. The Android Open Source Project (AOSP) is tasked with the maintenance and
further development of Android.

Features

 Application framework enabling reuse and replacement of components

 Dalvik virtual machine optimized for mobile devices

 Integrated browser based on the open source Web Kit engine
 Optimized graphics powered by a custom 2D graphics library; 3D graphics
based on the OpenGL ES 1.0 specification (hardware acceleration optional)
 SQLite for structured data storage
 Media support for common audio, video, and still image formats (MPEG4,
H.264, MP3, AAC, AMR, JPG, PNG, GIF)
 GSM Telephony (hardware dependent)
 Bluetooth, EDGE, 3G, and Wi-Fi (hardware dependent)
 Camera, GPS, compass, and accelerometer (hardware dependent)
  The rich development environment, including a device emulator, tools for
debugging, memory and performance profiling, and a plugin for the Eclipse
IDE

3.4 APPLICATION

Android applications are written in the Java programming language. The

Android SDK tools compile the code—along with any data and resource files—into
an Android package, an archive file with an .apk suffix. All the code in a
single .apk file is considered to be one application and is the file that Android-
powered devices use to install the application.
Once installed on a device, each Android application lives in its own security sandbox:

 The Android operating system, is a multi-user Linux system in which each

application is a different user.

 By default, the system assigns each application a unique user ID (the ID isused

only by the system and is unknown to the application). The system sets permissions for
all the files in an application so that only the user ID assigned to that application can
access them.

 Each process has its own virtual machine (VM), so an application's code runs in
isolation from other applications.

 By default, every application runs in its own Linux process. Android starts the
process when any of the application's components need to be executed, then shuts down
the process when it's no longer needed or when the system must recover memory for
other applications.

In this way, the Android system implements the principle of least privilege. That
is, each application, by default, has access only to the components that it requires to do its
work and no more. This creates a very secure environment in which an application cannot
access parts of the system for which it is not given permission.
 However, there are ways for an application to share data with other applications
and for an application to access system services:

 It's possible to arrange for two applications to share the same Linux user ID, in
which case they are able to access each other's files. To conserve system resources,
applications with the same user ID can also arrange to run in the same Linux process and
share the same VM (the applications must also be signed with the same certificate).

 An application can request permission to access device data, such as the user's
contacts, SMS messages, the mountable storage (SD card), camera, Bluetooth, and more.
All application permissions must be granted by the user at install time.

That covers the basics regarding how an Android application exists within the system.
The rest of this document introduces you to:

 The core framework components that define your application.

 The manifest file in which you declare components and required device features
for your application.

3.5 MYSQL

Structured Query Language is aspecial-purpose programming languagedesigned

for managing data held in a relational database management system (RDBMS).Originally
based uponrelational algebra and tuple relational calculus, SQL consists of a data
definition language and a data manipulation language. The scope of SQL includes data
insert, query, update and delete, schemacreation and modification, and data access
control. Although SQL is often described as, and to a great extent is, adeclarative
language (4GL), it also includesprocedural elements.

SQL was one of the first commercial languages forEdgar F. Codd's relational

model, as described in his influential 1970 paper, "A Relational Model of Data for Large
Shared Data Banks." Despite not entirely adhering to the relational model as described by
Codd, it became the most widely used database language.
 SQL became a standard of the American National Standards Institute(ANSI) in
1986, and of the International Organization for Standardization(ISO) in 1987. Since then,
the standard has been enhanced several times with added features. Despite these
standards, code is not completely portable among different database systems, which can
lead to vendor lock-in. The difference makers do not perfectly adhere to the standard, for
instance by adding extensions, and the standard itself is sometimes ambiguous.

3.6 NET BEANS IDE

NetBeans IDE is the official IDE for Java 8. With its editors, code analyzers, and
converters, you can quickly and smoothly upgrade your applications to use new Java 8
language constructs, such as lambdas, functional operations, and method references.
Batch analyzers and converters are provided to search through multiple
applications at the same time, matching patterns for conversion to new Java 8 language
constructs.With its constantly improving Java Editor, many rich features and an extensive
range of tools, templates and samples, NetBeans IDE sets the standard for developing
with cutting edge technologies out of the box. An IDE is much more than a text editor.
The NetBeans Editor indent lines, matches words and brackets, and highlight source code
syntactically and semantically. It also provides code templates, coding tips, and
refactoring tools. The editor supports many languages from Java, C/C++, XML and
HTML, to PHP, Groovy, Javadoc, JavaScript and JSP. Because the editor is extensible,
you can plug in support for many other languages. Keeping a clear overview of large
applications, with thousands of folders and files, and millions of lines of code, is a
daunting task. NetBeans IDE provides different views of your data, from multiple project
windows to helpful tools for setting up your applications and managing them efficiently,
letting you drill down into your data quickly and easily, while giving you versioning tools
via Subversion, Mercurial, and Get integration out of the box.When new developers join
your project, they can understand the structure of your application because your code is
well-organized.
Design GUIs for Java SE, HTML5, Java EE, PHP, C/C++, and Java ME
applications quickly and smoothly by using editors and drag-and-drop tools in the
IDE. For Java SE applications, the NetBeans GUI Builder automatically takes care of
correct spacing and alignment, while supporting in-place editing, as well. The GUI
builder is so easy to use and intuitive that it has been used to prototype GUIs live at
customer presentations.The cost of buggy code increases the longer it remains unfixed.
NetBeans provide static analysis tools, especially integration with the widely used
FindBugs tool, for identifying and fixing common problems in Java code. In addition, the
NetBeans Debugger lets you place breakpoints in your source code, add field watches,
step through your code, run into methods. The NetBeans Profiler provides expert
assistance for optimizing your application's speed and memory usage, and makes it easier
to build reliable and scalable Java SE, JavaFX and Java EE applications. NetBeans IDE
includes a visual debugger for Java SE applications, letting you debug user interfaces
without looking into source code. Take GUI snapshots of your applications and click on
user interface elements to jump back into the related source code. 

Fig 3.3: Snap Shot of Net Beans

Fig 3.4. Snap Shot of Net Beans Faculty Details

 Fig 3.5. Snap Shot of Net Beans Login Details

Fig 3.6. Snap Shot of Net Beans Student Attendance

Fig 3.7. Snap Shot of Net Beans Sem Subjects

3.7 APACHE

The Apache HTTP Server is a web server software notable for playing a key role
in the initial growth of the World Wide Web. In 2009 it became the first web
serversoftware to surpass the 100 million web site milestone. Apache is developed
andmaintained by an open community of developers under the auspices of the
ApacheSoftware Foundation. Since April 1996 Apache has been the most popular
HTTPserver software in use. As of November 2010 Apache served over 59.36% of
allwebsites and over 66.56% of the first one million busiest websites.

3.8 NAVICAT PREMIUM

Navicat Premium is a multi-connections database administration tool allowing
you to connect to MySQL, MariaDB, SQL Server, and SQLite, Oracle and PostgreSQL
databases simultaneously within a single application, making database administration to
multiple kinds of database so easy.
Navicat Premium combines the functions of other Navicat members and supports
most of the features in MySQL, MariaDB, SQL Server, SQLite, Oracle and PostgreSQL
including Stored Procedure, Event, Trigger, Function, View, etc.
Navicat Premium enables you to easily and quickly transfer data across various
database systems, or to a plain text file with the designated SQL format and encoding.
Also, batch job for different kind of databases can also be scheduled and run at a specific
time. Other features include Import/ Export Wizard, Query Builder, Report Builder, Data
Synchronization, Backup, Job Scheduler and more. Features in Navicat are sophisticated
enough to provide professional developers for all their specific needs, yet easy to learn for
users who are new to database server.
Establish a secure SSH session through SSH Tunnelling in Navicat. You can
enjoy a strong authentication and secure encrypted communications between two hosts.
The authentication method can use a password or public / private key pair. And, Navicat
comes with HTTP Tunnelling while your ISPs do not allow direct connections to their
database servers but allow establishing HTTP connections. HTTP Tunnelling is a method
for connecting to a server that uses the same protocol (http://) and the same port (port 80)
as a webserver does.
Chapter 4

System Design
The system design process builds up general framework building design. Programming
outline includes speaking to the product framework works in a shape that may be changed
into one or more projects. The prerequisite indicated by the end client must be put in a
systematical manner. Outline is an inventive procedure; a great configuration is the way
to viable framework. The framework "Outline" is characterized as "The procedure of
applying different systems and standards with the end goal of characterizing a procedure
or a framework in adequate point of interest to allow its physical acknowledgment".
Different configuration components are taken after to add to the framework. The
configuration detail portrays the components of the framework, the segments or
components of the framework and their appearance to end-clients.

4.1 Design Consideration

The reason for the design is to arrange the arrangement of the issue determined by the
necessities report. This stage is the initial phase in moving from issue to the arrangement
space. As such, beginning with what is obliged; outline takes us to work towards how to
fulfil those needs. The configuration of the framework is maybe the most basic
component influencing the nature of the product and has a noteworthy effect on the later
stages, especially testing and upkeep. Framework outline depicts all the significant
information structure, document arrangement, yield and real modules in the framework
and their Specification is chosen.

4.2 System Architecture

The architectural configuration procedure is concerned with building up a fundamental\
basic system for a framework. It includes recognizing the real parts of the framework and
interchanges between these segments. The beginning configuration procedure of
recognizing these subsystems and building up a structure for subsystem control and
correspondence is called construction modelling outline and the yield of this outline
procedure is a portrayal of the product structural planning.
The proposed architecture for this system is given below. It shows the way this system is
designed and brief working of the system.
 User Record Speech Sesame
Server

Encryption

RSA Key Generation

UDI Generation

Color pattern Key

Generation (CPK)

K1 Generation AES Encryption

Generating ePk Generating eSk

Speech Sample

Update to
Verification public cloud Public cloud

CPK Color pattern

code
K1
Application
Decryption process
folder
ESK, EPK

Access Application

4.3 Use Case Diagram

A use case chart is a kind of behavioral graph made from a Use-case examination.
Its object is to present a graphical diagram of the usefulness gave by a framework
regarding performers, their objectives (spoke to as utilization cases), and any conditions
between those utilization cases. Use case chart gives us the data about how that clients
and utilization cases are connected with the framework. Use cases are used amid
prerequisites elicitation and examination to speak to the usefulness of the framework. Use
cases concentrate on the conduct of the framework from an outside perspective.
 A use case depicts a capacity gave by framework that yields an obvious result for
a performer. A performing artist portrays any element that collaborates with the system.
The performers are outside the limit of the framework, while the use cases are inside the
limit of the framework. On-screen characters are spoken to with stick figures, use cases
with ovals, and the limit of the framework with a container encasing the use cases.

Registration

Record speech

Generate color pattern

Request for speech sample

User

Request key

Select application

Set password

Start encrypted speech sample

Store encrypted application Pass

Send encrypted application Pass

Send encrypted speech sample Sesame

server

Generate UID

Store encrypted keys

Public
cloud Send encrypted keys
4.4 Sequence Diagram
A sequence diagram is an integrated Modelling Language is a sort of communication
diagram that shows procedures work with each other and in what request. Sequence
diagrams are some of the time called occasion follow diagrams, occasion situations, and
timing diagram. Sequence diagrams are utilized to formalize the conduct of the
framework and to picture the correspondence among articles. They are valuable for
recognizing extra questions that takes part in the utilization cases. A sequence diagram
speaks to the associations that happen among these articles.
 User Sesame server Public cloud

Encrypted sample
Record speech
speech
Encrypt
Generate UID

Generate RAS UID

key

Generate color
pattern key

Keys UID, ePk, eSk

Generate k1

AES encrypt Request sample

speech

Application
password

Encrypted speech
Decrypt sample

Capture speech
sample

Verify Request key

Capture color
pattern Send encrypted key

AES decryption Request for pass

Decrypt

Access Encrypted pass

application

Encrypt Send details

4.5 Data Flow Diagram
The DFD is straightforward graphical formalism that can be utilized to speak to a
framework as far as the info information to the framework, different preparing did on this
information and the yield information created by the framework. A DFD model uses an
exceptionally predetermined number of primitive images to speak to the capacities
performed by a framework and the information stream among the capacities.
The principle motivation behind why the DFD method is so famous is most likely
in light of the way that DFD is an exceptionally basic formalism- It is easy to comprehend
and utilization. Beginning with the arrangement of abnormal state works that a
framework performs, a DFD display progressively speaks to different sub capacities.
Actually, any various leveled model is easy to get it.
The human personality is such that it can without much of a stretch see any
progressive model of a framework in light of the fact that in a various leveled model,
beginning with an extremely straightforward and unique model of framework, distinctive
points of interest of a framework are gradually presented through the diverse orders. A
data-flow diagram (DFD) is a graphical representation of the "stream" of information
through a data framework. DFDs can likewise be utilized for the perception of
information handling.
DFD L0

User

Speech sample
CPK

Public cloud Sesame Server

ESK, EPK UID,
Speech sample
DFD L1

Encrypted
Record speech Speech Speech
Speech Sesame
User Encryption
Server
Sample Sample
Sample
UID

PK, K1, SK, CPK UID

RAS Key
Generation
Generation
PK, SK

Color Pattern key generationCPK AES Encryption

UID, ESK, EPK

K1 key generation K1 Upload to public cloud

Application Pass

Encrypted
Select Application Set Pass Encrypt Upload Details Details
DFD L1

Send encrypted application Sesame

User
Server

Capture speech sample Request Encrypted speech sample

Decrypt sesame sample

Verify speech sample Request key UID Public

cloud

ESK, EPK
Send encrypted key

Color Pattern KEY CPK Decryption ESK, EPK

Process

Application nam
K1
App
Folder Select application Request for Key
Chapter 5

IMPLEMENTATION

The implementation phase of any project development is the most important phase as it
yields the final solution, which solves the problem at hand. The implementation phase
involves the actual materialization of the ideas, which are expressed in the analysis
document and developed in the design phase. Implementation should be perfect mapping
of the design document in a suitable programming language in order to achieve the
necessary final product. Often the product is ruined due to incorrect programming
language chosen for implementation or unsuitable method of programming. It is better for
the coding phase to be directly linked to the design phase in the sense if the design is in
terms of object oriented terms then implementation should be preferably carried out in a
object oriented way.
The implementation stage in a system project in its own right. It involves
I. Careful planning
II. Investigation of the current system and the constraints on implementation.
III. Training of staff in the newly developed system.

Implementation of any software is always preceded by important decisions regarding

selection of the platform, the language used, etc. these decisions are often influenced by
several factors such as real environment in which the system works, the speed that is
required, the security concerns, and other implementation specific details. There are three
major implementation decisions that have been made before the implementation of this
project. They are as follows:
1. Selection of the platform (Operating System).
2. Selection of the programming language for development of the application.
3. Coding guideline to be followed.

5.1 Methodologies

• We use speaker recognition for user authentication.

• In this regard, the first time that a user installs the
Sesame application we ask for a voice sample of 10
seconds for user enrolment.
• This sample is processed on the server side and a
Gaussian Mixture Model (GMM) is derived.
• A unique user ID (uid) is assigned to the user and sent
back to the application.
• In addition, the application generates a pair of public key,
private key (pk, sk) along with a 256bit encryption key
(Ke).
• Then the user is asked to enter a master password (MP).
• Using a technique similar to PBKDF2 (Password Based
Key Derivation Functions version 2) three keys
(K1,K2,K3) are extracted.
• The application creates a file (“Keys.txt”) and stores
(uid,K1, EncK2 (Ke), EncK2 (pk), EncK3 (sk)), where
Enck(x) represents symmetric encryption of x under key
k.
• We use AES 256 bits in CBC (Cipher block chaining)
mode along with a randomly chosen initial vector (iv) for
each encryption.
• This file (“Keys.txt”) is stored on the user’s cloud.
• In the application’s folder uid,K1,K2,Ke, pk and EncK3
(sk) are stored.
 • No information about keys is sent to Sesame servers and
more importantly K3 and MP are never
stored/transmitted any where.
• To compute the key triplet, we use HMAC − SHA (Secure
Hash Algorithm) 256.
• We encode any integer n used in HMAC as 32 bits
integers in big-endian representation.
• We set a pseudo random key (PRK) to be PRK =
ComputePRK(MP, INT 32 BE(uid), c).
• HMAC based PBKDF2, where MP is used as the key for
HMAC and uid is the input message.
• The output of this function is 256 bits long.
• This function calculates HMAC of inputs in iterations.
• The number of iterations used in PBKDF2 is a constant c.

CHAPTER 6

TESTING
Testing is an important phase in the development life cycle of the product. This is
the phase, where the remaining errors, if any, from all the phases are detected. Hence
testing performs a very critical role for quality assurance and ensuring the reliability of
the software.
During the testing, the program to be tested was executed with a set of test cases
and the output of the program for the test cases was evaluated to determine whether the
program was performing as expected. Errors were found and corrected by using the
below stated testing steps and correction was recorded for future references. Thus, a
series of testing was performed on the system, before it was ready for implementation.
It is the process used to help identify the correctness, completeness, security, and
quality of developed computer software. Testing is a process of technical investigation,
performed on behalf of stake holders, i.e. intended to reveal the quality-related
information about the product with respect to context in which it is intended to operate.
This includes, but is not limited to, the process of executing a program or application
with the intent of finding errors.
The quality is not an absolute; it is value to some person. With that in mind,
testing can never completely establish the correctness of arbitrary computer software;
Testing furnishes a ‘criticism’ or comparison that compares the state and behaviour of the
product against specification. An important point is that software testing should be
distinguished from the separate discipline of Software Quality Assurance (SQA), which
encompasses all business process areas, not just testing.
There are many approaches to software testing, but effective testing of complex
products is essentially a process of investigation not merely a matter of creating and
following routine procedure.
Although most of the intellectual processes of testing are nearly identical to that
of review or inspection, the word testing is connoted to mean the dynamic analysis of the
product-putting the product through its paces. Some of the common quality attributes
include capability, reliability, efficiency, portability, maintainability, compatibility and
usability.

A good test is sometimes described as one, which reveals an error; however, more
recent thinking suggest that a good test is one which reveals information of interest to
someone who matters within the project community.

6.1 Types of Testing

6.1.1 Unit Testing
Individual component are tested to ensure that they operate correctly. Each
component is tested independently, without other system component. This system was
tested with the set of proper test data for each module and the results were checked with
the expected output. Unit testing focuses on verification effort on the smallest unit of the
software design module. This is also known as MODULE TESTING. This testing is
carried out during phases, each module is found to be working satisfactory as regards to
the expected output from the module.
6.1.2 Integration Testing
Integration testing is another aspect of testing that is generally done in order to uncover
errors associated with flow of data across interfaces. The unit-tested modules are grouped
together and tested in small segment, which make it easier to isolate and correct errors.
This approach is continued unit I have integrated all modules to form the system as a
whole.
6.1.3 System Testing
System testing is actually a series of different tests whose primary purpose is to fully
exercise the computer-based system. System testing ensures that the entire integrated
software system meets requirements. It tests a configuration to ensure known and
predictable results. An example of system testing is the configuration oriented system
integration testing. System testing is based on process description and flows, emphasizing
pre-driver process and integration points
6.1.4 Performance Testing
The performance testing ensure that the output being produced within the time limits and
time taken for the system compiling, giving response to the users and request being send
to the system in order to retrieve the results.

6.1.5 Validation Testing

The validation testing can be defined in many ways, but a simple definition is that.
Validation succeeds when the software functions in a manner that can be reasonably
expected by the end user.
Black Box testing
Black box testing is done to find the following
 Incorrect or missing functions
 Interface errors
 Errors on external database access
 Performance error
 Initialization and termination error
White Box Testing
This allows the tests to
 Check whether all independent paths within a module have been exercised
at least once
 Exercise all logical decisions on their false sides
 Execute all loops and their boundaries and within their boundaries
 Exercise the internal data structure to ensure their validity
 Ensure whether all possible validity checks and validity lookups have been
provided to validate data entry.

6.1.6 Acceptance Testing

This is the final stage of testing process before the system is accepted for operational use.
The system is tested within the data supplied from the system procurer rather than
simulated data

CHAPTER 7

Result Analysis
 Conclusion
In this work, we treated the problem of secure password managers. Password
managers are more common than before and enable us to choose strong passwords for
each of our web services. We develop and implement a convenient yet very secure digital
vault that can protect users’ private data.Improvements in user experience and
performance are future work. In addition, integrating another biometric modality
(handwriting) is left for future work. The idea presented here can be generalized for
secure cloud storage of any type of data. This generalization is left as future work.
 References
[1] Cookeyah. available online at. http://virtualwallet.cookeyah.com/.

[2] Keepass. available online at. http://keepass.info/download.html, 2014.

[3] Mobile technology fact sheet. available online at. http://www. pewinternet.org/fact-
sheets/mobile-technology-fact-sheet/, 2014.

[4] Openssl project. available online at. https://www.openssl.org/.

[5] Splashid key safe. available online at. http://www.splashdata.com/ splashid/keysafe/,

2014.
[6] Worldwide smartphone usage to grow 25% in 2014. available online at.
http://www.emarketer.com/Article/ Worldwide-Smartphone-Usage-Grow-25-
2014/1010920, 2014.

[7] Anne Adams and Martina Angela Sasse. Users are not the enemy. Communications
of the ACM, 42(12):40–46, 1999.

[8] Victorinox Swiss Army. Victorinox slim. available online at. http:
//www.swissknifeshop.com/victorinox-slim-flash, 2014.

[9] Speech at Carnegie Mellon University. Open source toolkit for speech recognition.
available online at. http://cmusphinx.sourceforge.net/wiki/.

[10] Security Lab at CSULB. Sesame. available online at. https://play.google.

com/store/apps/details?id=net.sesamepass&hl=en.

[11] Roland Auckenthaler, Michael Carey, and Harvey Lloyd-Thomas. Score

normalization for text-independent speaker verification systems. Digital Signal
Processing, 10(1):42–54, 2000.

[12] RSA Laboratories B. Kaliski. Pkcs #5: Password-based cryptography specification

version 2.0. available online at. https://www.ietf.org/rfc/rfc2898.txt, 2000.