IMLEMENTATION OF IMPROVED BLACK AND

WHITE METHOD TO PREVENT SHOULDER

SURFING
A PROJECT REPORT
Submitted by
C.Bharathi priya
S.Cht!aa
R.Pa"ithra
in the partial fulfillment for the award of the degree
of
BACHELOR OF ENGINEERING
in
COMPUTER SCIENCE AND ENGINEERING
VELAMMAL INSTITUTE OF TECHNOLOG#
ANNA UNIVERSIT#$CHENNAI %&&&'(
APRIL '&)*
1
ANNA UNIVERSIT# CHENNAI$%&&&'(
BONAFIDE CERTIFICATE
Certified that this project report IMPLEMENTATION OF IMPROVED
BLACK AND WHITE METHOS TO PREVENT SHOULDER SURFING+
is the bonafide or! of ,C.BHARATHI PRI#A-S.CHETNAA and
R.PAVITHRA+ ho carried o"t the project or! "nder #$ s"per%ision&
SIGNATURE SIGNATURE
HEAD OF THE DEPARTMENT SUPERVISOR
2
ABSTRACT
'hen a "ser interacts ith a co#p"tin( s$ste# to enter a secret passord)
sho"*der s"rfin( attac!s are of (reat concern& To cope ith this prob*e#) pre%io"s
#ethods pres"#ed *i#ited co(niti%e capabi*ities of a h"#an ad%ersar$ as a
deterrent) b"t there as a pitfa** ith the ass"#ption& In this paper) e sho that
h"#an ad%ersaries) e%en itho"t a recordin( de%ice) can be #ore effecti%e at
ea%esdroppin( than e+pected) in partic"*ar b$ e#p*o$in( co(niti%e strate(ies and
b$ trainin( the#se*%es& O"r no%e* approach ca**ed co%ert attentiona* sho"*der
s"rfin( indeed can brea! the e** !non PIN entr$ #ethod pre%io"s*$ e%a*"ated to
be sec"re a(ainst sho"*der s"rfin(& Another contrib"tion in this paper is the for#a*
#ode*in( approach b$ adaptin( the predicti%e h"#an perfor#ance #ode*in( too*
for sec"rit$ ana*$sis and i#pro%e#ent& 'e a*so de%ise a defense techni,"e in the
#ode*in( paradi(# to deteriorate se%ere*$ the percept"a* perfor#ance of the
ad%ersaries hi*e preser%in( that of the "ser& To the best of o"r !no*ed(e) this is
the first or! to #ode* and defend the ne for# of attac! thro"(h h"#an
perfor#ance #ode*in(& Rea* attac! e+peri#ents and "ser st"dies are a*so
cond"cted&
TABLE OF CONTENTS
3
CHAPTER TITLE PAGE NO.
LIST OF FIGURES..............-.
LIST OF ABBREVATIONS............-/
) INTRODUCTION
).) Abo"t the Project 00000000000&&-1
' S#STEM ANAL#SIS
'.) E+istin( s$ste#000000000000&&-2
'.' Proposed s$ste#000000000000&-2
'./ S$ste# Desi(n 000000000000&&&3-
/ RE0UIREMENTS SPECIFICATION
/.) Introd"ction0000000000000033
/.' 4ardare and Softare specification 000&&&&33
/./ Techno*o(ies Used 00000000000&35
/.*Techno*o(ies Used 0000000000&&&&35
/.*.) 6a%a00000000000000&&&35
/.*.).) Introd"ction to ja%a0000000&&&&&&35
/.*.).' 'or!in( of ja%a 00000000&&&&&&37
* S#STEM DESIGN
/.( 8*oc! Dia(ra#0000000000000&75

( S#STEM DESIGN 1 DETAILED
(.) Mod"*es000000000000000093
(.' Mod"*e e+p*anation00000000000&&95
4
% CODING AND TESTING
%.) Codin(0000000000000000&& 99
%.' Codin( standards 000000000000&99
%./ Test proced"re0000000000000&&9.
%.* Test data and o"tp"t 00000000000 91
REFERENCES..................5
SNAP SHOTS

LIST OF FIGURES
* S$ste# Desi(n
5
(.' Patterns of the peer:peer ed(es
(.' Patterns of the ser%ice:pro%ider ed(es
(.' Disco%erin( #issin( *in!s in internet

LIST OF ABBREVATIONS
6
JDK 6a%a De%e*op#ent Too*!it.
JMF 6a%a Media ;ra#eor!.
TCP Trans#ission Contro* Protoco*.
IP Internet Protoco*.
HTTP 4$per Te+t Transfer Protoco*

CHAPTER )
INTRODUCTION
Ai23
The #ain ai# of this project is to pre%ent h"#an sho"*der s"rfin( attac! and to estab*ish
a sec"re transaction beteen the #obi*e App and Ser%er b$ i#p*e#entin( the i#pro%ed 8'
#ethod&
7
Sy!4p5i53
'hen a "ser enters a persona* identification n"#ber<PIN= as a n"#eric passord in
#obi*e or stationar$ s$ste#s) inc*"din( s#art phones) tab*et co#p"ters) a"to#ated te**er
#achines <ATM=) and point of sa*e <PoS= ter#ina*s) a direct obser%ation attac! based on sho"*der
s"rfin( beco#es (reat concern& The PIN entr$ can be obser%ed b$ nearb$ ad%ersaries) #ore
effecti%e*$ in a croded p*ace& Since the sa#e PIN is "s"a**$ chosen b$ a "ser for %ario"s
p"rposes and "sed repeated*$) a co#pro#ise of the PIN #a$ ca"se the "ser a (reat ris!& To cope
ith this prob*e#) hich is beteen the "ser and the s$ste#) cr$pto(raphic pre%ention
techni,"es are hard*$ app*icab*e beca"se h"#an "sers are *i#ited in their capacit$ to process
infor#ation& Instead) there ha%e been a*ternati%e approaches considerin( the as$##etr$ beteen
the "ser and the s$ste#& A#on( the#) the PIN entr$ as e*e(ant beca"se of its si#p*icit$ and
int"iti%eness> in each ro"nd) a re("*ar n"#eric !e$pad is co*ored at rando#) ha*f of the !e$s in
b*ac! and the other ha*f in hite) hich e i** ca** the 8' #ethod& A "ser ho !nos the
correct PIN di(it can anser its co*or b$ pressin( the separate co*or !e$ be*o& The basic 8'
#ethod is ai#ed to resist a h"#an sho"*der s"rfin( attac!) not s"pported b$ a recordin( de%ice)
hi*e its probabi*istic e+tension considers a recordin( attac! in part& The 8' #ethod is sti**
considered to be sec"re a(ainst h"#an ad%ersaries d"e to the *i#ited co(niti%e capabi*ities of
h"#ans&
CHAPTER '
S#STEM ANAL#SIS
'.) E6ISTING S#STEM
In sho"*der s"rfin( attac!s) ad%ersaries sho"*d #o%e their e$e fi+ations rapid*$ on the
"ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e infor#ation) e&(&) the
*a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$ infor#ation) e&(&) a
"ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired infor#ation& If the ti#e period
a**oed for those processes is too short or its #e#or$ re,"ire#ent e+ceeds the h"#an *i#it) then
sho"*der s"rfin( sho"*d fai*& To e+tend and effecti%e*$ "se the a**oed ti#e period) the e+istin(
8
idea is to e#p*o$ co%ert attention& If an ad%ersar$ s"ppresses saccadic e$e #o%e#ents d"rin(
%is"a* perception) she can earn #ore te#pora* chances for %is"a* infor#ation processin( ithin
the c"rrent %is"a* an(*e& This is tr"e e%en hi*e cond"ctin( co%ert attentiona* shifts to a sti#"*"s
inside the %is"a* an(*e and carr$in( o"t para**e* #otor operations itho"t saccadic e$e
#o%e#ents& To red"ce the #e#or$ re,"ire#ent) o"r idea is to e#p*o$ percept"a* (ro"pin(& If an
ad%ersar$ e+tracts si(nificant %is"a* re*ations fro# *oer:*e%e* feat"res) e&(&) co*or of s,"ares b$
i(norin( the indi%id"a* di(its) and (ro"ps the# into hi(her:*e%e* str"ct"res) e&(&) a *ar(er po*$(on
in the sa#e co*or) based on the Gesta*t princip*es) she can red"ce the n"#ber of %is"a* objects
stored in the short:ter# #e#or$& So in Co%ert attentiona* sho"*der s"rfin() three #ain operations
s"ch as co%ert attention) percept"a* (ro"pin() and para**e* #otor operation) are co#bined
to(ether for deri%in( a PIN di(it& In each ro"nd) attended objects are *ined for easier
"nderstandin( of co%ert attention& Co%ert attentiona* sho"*der s"rfin( can brea! the 8' #ethod
thro"(h the #ode*in(:based ana*$sis&
'.' PROPOSED S#STEM
'e propose i#pro%ed 8' #ethod b$ e+tendin( 8' #ethod) in hich o"r proposed
a*(orith# "ses rando#*$ (enerated fo"r di(its in hich each di(it b*oc!) is co#bined ith the
co#bination of to ) to pre%ent the attentiona* sho"*der s"rfin( attac! b$ e+tractin( the PIN di(it
after a** the "ser iterations (ot co#p*eted&
To resist co%ert attentiona* sho"*der s"rfin() it o"*d be effecti%e to interr"pt the
ad%ersar$ d"rin( percept"a* (ro"pin( itho"t chan(in( the "ser tas! si(nificant*$& One
possibi*it$ is to !eep the 8' #ethod) b"t rando#iAe the orderin( of the di(its in each ro"nd so
that percept"a* (ro"pin( cannot be done in the a$ e proposed& In this case) hoe%er) the "ser
tas! re,"ires the added saccadic e$e #o%e#ent hi*e searchin( for the *ocation of the tar(et di(it
in e%er$ ro"nd can *ead to *on(er PIN entr$ ti#e& Another possibi*it$ is to !eep the n"#eric
!e$pad in the re("*ar *a$o"t) b"t prod"ce #ore percept"a* (ro"ps so that the ad%ersar$ is
fr"strated& Toard si#i*arit$ in the tas! of percept"a* (ro"pin() e #a!e co*or (ro"ps *oo!
si#i*ar <neither the sa#e nor opposite= in their shape beca"se co*or #"st be distin("ishab*e b$
the "ser& Toard co#p*e+it$) e #a!e co*or (ro"ps *oo! o%er*appin( <not separate=) so that
ad%ersaries e+perience se%ere diffic"*ties not on*$ in ho*din( the (ro"ps in BSTM b"t a*so in
9
separatin( the#& The f"nda#enta* idea for co#binin( si#i*arit$ and co#p*e+it$) is to sp*it
%is"a**$ e%er$ n"#eric !e$ into to ha*%es) so as to be fi**ed ith to distinct co*ors
si#"*taneo"s*$ hereas each co*or fi**s ha*f of the a%ai*ab*e !e$s) i&e&) fi%e o"t of ten !e$s& So
there e+ist fo"r co*or (ro"ps on the n"#eric !e$pad and to co*ors for e%er$ n"#eric !e$& The
ad%ersar$ ho *a"nches co%ert attentiona* sho"*der s"rfin( #a$ need to percei%e fo"r co*or
(ro"ps and attend to one of the# for the ne+t ro"nd) hi*e the "ser on*$ needs to anser either of
the to co*ors that fi** hisCher PIN di(it !e$ in each ro"nd& A"thentication Ser%ices are a*so
pro%ided b$ this #ethod&
CHAPTER /
RE0UIREMENT SPECIFICATIONS
/.) INTRODUCTION
The re,"ire#ents specification is a technica* specification of re,"ire#ents for the
softare prod"cts& It is the first step in the re,"ire#ents ana*$sis process it *ists the re,"ire#ents
of a partic"*ar softare s$ste# inc*"din( f"nctiona*) perfor#ance and sec"rit$ re,"ire#ents& The
re,"ire#ents a*so pro%ide "sa(e scenarios fro# a "ser) an operationa* and an ad#inistrati%e
perspecti%e& The p"rpose of softare re,"ire#ents specification is to pro%ide a detai*ed o%er%ie
of the softare project) its para#eters and (oa*s& This describes the project tar(et a"dience and
its "ser interface) hardare and softare re,"ire#ents& It defines ho the c*ient) tea# and
a"dience see the project and its f"nctiona*it$&
10
/.' HARDWARE AND SOFTWARE SPECIFICATION
/.'.) HARDWARE RE0UIREMENTS
4ard Dis! > 1-G8 and Abo%e
RAM > 5G8 and Abo%e
Processor > Penti"# IB and Abo%e
Android 5&5 > Min 3&
/.'.' SOFTWARE RE0UIREMENTS
'indos operatin( s$ste# DP and abo%e
6DE 3&.
To#cat .&-
M$s,*
/.( TECHNOLOGIES USED
/.(.) JAVA
It is a P*atfor# Independent& 6a%a is an object:oriented pro(ra##in( *an("a(e de%e*oped
initia**$ b$ 6a#es Gos*in( and co**ea("es at S"n Micros$ste#s& The *an("a(e) initia**$ ca**ed
11
Oa! <na#ed after the oa! trees o"tside Gos*in(Fs office=) as intended to rep*ace CGG) a*tho"(h
the feat"re set better rese#b*es that of Objecti%e C&
/.(.).) INTRODUCTION TO JAVA
6a%a has been aro"nd since 3223) de%e*oped b$ a s#a** tea# of S"n Micros$ste#s
de%e*opers in a project ori(ina**$ ca**ed the Green project& The intent of the project as to
de%e*op a p*atfor#:independent softare techno*o($ that o"*d be "sed in the cons"#er
e*ectronics ind"str$& The *an("a(e that the tea# created as ori(ina**$ ca**ed Oa!&
The first i#p*e#entation of Oa! as in a PDA:t$pe de%ice ca**ed Star Se%en <H/= that
consisted of the Oa! *an("a(e) an operatin( s$ste# ca**ed GreenOS) a "ser interface) and
hardare& The na#e H/ as deri%ed fro# the te*ephone se,"ence that as "sed in the tea#Fs
office and that as dia*ed in order to anser an$ rin(in( te*ephone fro# an$ other phone in the
office&
Aro"nd the ti#e the ;irst Person project as f*o"nderin( in cons"#er e*ectronics) a
ne craAe as (ainin( #o#ent"# in A#erica@ the craAe as ca**ed I'eb s"rfin(&I The 'or*d
'ide 'eb) a na#e app*ied to the InternetFs #i**ions of *in!ed 4TMJ doc"#ents as s"dden*$
beco#in( pop"*ar for "se b$ the #asses& The reason for this as the introd"ction of a (raphica*
'eb broser ca**ed Mosaic) de%e*oped b$ ncSA& The broser si#p*ified 'eb brosin( b$
co#binin( te+t and (raphics into a sin(*e interface to e*i#inate the need for "sers to *earn #an$
conf"sin( UNID and DOS co##ands& Na%i(atin( aro"nd the 'eb as #"ch easier "sin(
Mosaic&
It has on*$ been since 3229 that Oa! techno*o($ has been app*ied to the 'eb& In 3229)
to S"n de%e*opers created the first %ersion of 4ot 6a%a) and then ca**ed 'eb R"nner) hich is a
(raphica* broser for the 'eb that e+ists toda$& The broser as coded entire*$ in the Oa!
*an("a(e) b$ this ti#e ca**ed 6a%a& Soon after) the 6a%a co#pi*er as reritten in the 6a%a
*an("a(e fro# its ori(ina* C code) th"s pro%in( that 6a%a co"*d be "sed effecti%e*$ as an
app*ication *an("a(e& S"n introd"ced 6a%a in Ma$ 322K at the S"n 'or*d 2K con%ention&
12
'eb s"rfin( has beco#e an enor#o"s*$ pop"*ar practice a#on( #i**ions of co#p"ter
"sers& Unti* 6a%a) hoe%er) the content of infor#ation on the Internet has been a b*and series of
4TMJ doc"#ents& 'eb "sers are h"n(r$ for app*ications that are interacti%e) that "sers can
e+ec"te no #atter hat hardare or softare p*atfor# the$ are "sin() and that tra%e* across
hetero(eneo"s netor!s and do not spread %ir"ses to their co#p"ters& 6a%a can create s"ch
app*ications&
/./.).) WORKING OF JAVA
;or those ho are ne to object:oriented pro(ra##in() the concept of a c*ass i** be
ne to $o"& Si#p*istica**$) a c*ass is the definition for a se(#ent of code that can contain both
data <ca**ed attrib"tes= and f"nctions <ca**ed #ethods=&
'hen the interpreter e+ec"tes a c*ass) it *oo!s for a partic"*ar #ethod b$ the na#e of
#ain) hich i** so"nd fa#i*iar to C pro(ra##ers& The #ain #ethod is passed as a para#eter an
arra$ of strin(s <si#i*ar to the ar(%LM of C=) and is dec*ared as a static #ethod&
To o"tp"t te+t fro# the pro(ra#) e e+ec"te the print*n #ethod of S$ste#&o"t) hich is
ja%a?s o"tp"t strea#& UNID "sers i** appreciate the thoer$ behind s"ch a strea#) as it is act"a**$
standard o"tp"t& ;or those ho are instead "sed to the 'inte* p*atfor#) it i** rite the strin(
passed to it to the "ser?s pro(ra#&
6a%a consists of to thin(s >
Pro(ra##in( *an("a(e
P*atfor#
/./.).' THE JAVA PROGRAMMING LANGUAGE
6a%a is a hi(h:*e%e* pro(ra##in( *an("a(e that is a** of the fo**oin(>
Si#p*e
13
Object:oriented
Distrib"ted
Interpreted
Rob"st
Sec"re
Architect"re:ne"tra*
Portab*e
4i(h:perfor#ance
M"*tithreaded
D$na#ic
The code and can brin( abo"t chan(es hene%er fe*t necessar$& So#e of the standard needed
to achie%e the abo%e:#entioned objecti%es are as fo**os>
6a%a is "n"s"a* in that each 6a%a pro(ra# is both co i#p*ied and interpreted& 'ith a co#pi*er)
$o" trans*ate a 6a%a pro(ra# into an inter#ediate *an("a(e ca**ed Ja"a 7yt 8495 N the
p*atfor# independent codes interpreted b$ the 6a%a interpreter& 'ith an interpreter) each 6a%a
b$te code instr"ction is parsed and r"n on the co#p"ter& Co#pi*ation happens j"st once@
interpretation occ"rs each ti#e the pro(ra# is e+ec"ted& This fi("re i**"strates ho it or!s >
14
Fi:./.)
Oo" can thin! of 6a%a b$te codes as the #achine code instr"ctions for the 6a%a Birt"a*
Machine <6BM=& E%er$ 6a%a interpreter) hether it?s a 6a%a de%e*op#ent too* or a 'eb
broser that can r"n 6a%a app*ets) is an i#p*e#entation of 6BM& That 6BM can a*so be
i#p*e#ented in hardare& 6a%a b$te codes he*p #a!e rite once) r"n an$hereP possib*e&
Oo" can co#pi*e $o"r 6a%a pro(ra# into b$te codes on an$ p*atfor# that has a 6a%a
co#pi*er& The b$te codes can then be r"n on an$ i#p*e#entation of the 6B#& ;or e+a#p*e)
that sa#e 6a%a pro(ra# can e r"n on 'indos NT) So*aris and Macintos

15
Java program
Complier
Interpreter Interpreter
Interpreter

PC$C42pati7; S<! U;tra S4;ari5 P4=r 2a8i!t45h
Wi!94=5 NT Sy5t2 >


/./.)./ THE JAVA PLATFORM
A p*atfor# is the hardare or softare en%iron#ent in hich a pro(ra# r"ns& The 6a%a
p*atfor# differs fro# #ost other p*atfor#s in that it?s a softare:on*$ p*atfor# that r"ns on top
of other) hardare:based p*atfor#s& Most other p*atfor#s are described as a co#bination of
hardare and operatin( s$ste#&
The 6a%a p*atfor# has to co#ponents :
The 6a%a Birt"a* Machine <6BM=
The 6a%a App*ication Pro(ra##in( Interface <6a%a API=
Oo"?%e a*read$ been introd"ced to the 6BM& It?s the base for the 6a%a p*atfor# and is
ported onto %ario"s hardare:based p*atfor#s&
The 6a%a API is a *ar(e co**ection of read$:#ade softare co#ponents that pro%ide #an$
"sef"* capabi*ities) s"ch as (raphica* "ser interface <GUI= id(ets& The 6a%a API is (ro"ped into
16
*ibraries ?pa8@a:5A of re*ated co#ponents& The fo**oin( fi("re depicts a 6a%a pro(ra#) s"ch as
an app*ication or app*et) that?s r"nnin( on the 6a%a p*atfor#& As the fi("re shos) the 6a%a API
and Birt"a* Machine ins"*ates the 6a%a pro(ra# fro# hardare dependencies&
;i(&7&7
As a p*atfor#:independent en%iron#ent) 6a%a can be a bit s*oer than nati%e code&
4oe%er) s#art co#p*iers) ee*:t"ned interpreters) and j"st:in:ti#e b$te co#p*i*ers can brin(
6a%a?s perfor#ance c*ose to that of nati%e code itho"t threatenin( protabi*it$&

/.(.).' WORKING OF JAVA
;or those ho are ne to object:oriented pro(ra##in() the concept of a c*ass i** be
ne to $o"& Si#p*istica**$) a c*ass is the definition for a se(#ent of code that can contain both
data and f"nctions&
'hen the interpreter e+ec"tes a c*ass) it *oo!s for a partic"*ar #ethod b$ the na#e of
#ain) hich i** so"nd fa#i*iar to C pro(ra##ers& The #ain #ethod is passed as a para#eter an
arra$ of strin(s <si#i*ar to the ar(%LM of C=) and is dec*ared as a static #ethod&
To o"tp"t te+t fro# the pro(ra#) e e+ec"te the print*n #ethod of S$ste#&o"t) hich
is ja%a?s o"tp"t strea#& UNID "sers i** appreciate the theor$ behind s"ch a strea#) as it is
act"a**$ standard o"tp"t& ;or those ho are instead "sed to the 'inte* p*atfor#) it i** rite the
strin( passed to it to the "ser?s pro(ra#&
17
/./.* APACHE TOMCAT SERVER
Apache To#cat <for#er*$ "nder the Apache 6a!arta Project@ To#cat is no a top *e%e*
project= is a eb container de%e*oped at the Apache Softare ;o"ndation& To#cat i#p*e#ents
the ser%*et and the 6a%aSer%er Pa(es <JSP= specifications fro# S"n Micros$ste#s) pro%idin( an
en%iron#ent for 6a%a code to r"n in cooperation ith a eb ser%er& It adds too*s for confi("ration
and #ana(e#ent b"t can a*so be confi("red b$ editin( confi("ration fi*es that are nor#a**$
XM:for#atted& 8eca"se To#cat inc*"des its on 4TTP ser%er interna**$) it is a*so considered a
standa*one eb ser%er&
E!"ir4!2!t
To#cat is a eb ser%er that s"pports ser%*ets and 6SPs& To#cat co#es ith the 6asper co#pi*er
that co#pi*es 6SPs into ser%*ets&
The To#cat ser%*et en(ine is often "sed in co#bination ith an Apache eb ser%er or other eb
ser%ers& To#cat can a*so f"nction as an independent eb ser%er& Ear*ier in its de%e*op#ent) the
perception e+isted that standa*one To#cat as on*$ s"itab*e for de%e*op#ent en%iron#ents and
other en%iron#ents ith #ini#a* re,"ire#ents for speed and transaction hand*in(& 4oe%er) that
perception no *on(er e+ists@ To#cat is increasin(*$ "sed as a standa*one eb ser%er in hi(h:
traffic) hi(h:a%ai*abi*it$ en%iron#ents&
Since its de%e*opers rote To#cat in 6a%a) it r"ns on an$ operatin( s$ste# that has a 6BM&
Pr49<8t Bat<r5
To#cat 7&+ <initia* re*ease=
18
i#p*e#ents the Ser%*et 5&5 and 6SP 3&3 specifications
ser%*et re*oadin(
basic 4TTP f"nctiona*it$ To#cat 9&+
i#p*e#ents the Ser%*et 5&7 and 6SP 3&5 specifications
ser%*et container redesi(ned as Cata*ina
6SP en(ine redesi(ned as 6asper
Co$ote connector
6a%a Mana(e#ent E+tensions <6MD=) 6SP and Str"ts:based ad#inistration
To#cat K&+
i#p*e#ents the Ser%*et 5&9 and 6SP 5&- specifications
red"ced (arba(e co**ection) i#pro%ed perfor#ance and sca*abi*it$
nati%e 'indos and Uni+ rappers for p*atfor# inte(ration
faster 6SP parin(
Hi5t4ry
To#cat started off as a ser%*et specification i#p*e#entation b$ 6a#es D"ncan Da%idson) a
softare architect at S"n& 4e *ater he*ped #a!e the project open so"rce and p*a$ed a !e$ ro*e in
its donation b$ S"n to the Apache Softare ;o"ndation&
19
Da%idson had initia**$ hoped that the project o"*d beco#e open:so"rced and) since #ost
open:so"rce projects had OFRei**$ boo!s associated ith the# feat"rin( an ani#a* on the co%er)
he anted to na#e the project after an ani#a*& 4e ca#e "p ith To#cat since he reasoned the
ani#a* represented so#ethin( that co"*d ta!e care of and fend for itse*f& 4is ish to see an
ani#a* co%er e%ent"a**$ ca#e tr"e hen OFRei**$ p"b*ished their To#cat boo! ith a to#cat on
the co%er
Ja"a Bat<r5 a!9 4pti4!5
Orac*e1i introd"ced the "se of 6a%a as a proced"ra* *an("a(e ith a 6a%a Birt"a*
Machine <6BM= in the database <ori(ina**$ ca**ed 6Ser%er=& 6BM inc*"des s"pport for 6a%a stored
proced"res) #ethods) tri((ers) Enterprise 6a%a8eansQ <E68s=) COR8A) and 4TTP& The
Acce*erator is "sed for project (eneration) trans*ation) and co#pi*ation) and can a*so be "sed to
dep*o$Cinsta** shared *ibraries& The inc*"sion of 6a%a ithin the Orac*e database a**os 6a%a
de%e*opers to *e%era(e their s!i**s as Orac*e app*ication de%e*opers& 6a%a app*ications can be
dep*o$ed in the c*ient) App*ication Ser%er) or database) dependin( on hat is #ost appropriate&
Orac*e data areho"sin( options for OJAP and data #inin( pro%ide a 6a%a API& These
app*ications are t$pica**$ c"sto# b"i*t "sin( Orac*e?s 6De%e*oper&
6;TVi=
A #"*ti#edia ho#e p*atfor#) or MP4) is an interacti%e di(ita* te*e%ision #idd*eare
s$ste# that a**os the reception and e+ec"tion of interacti%e 6a%a app*ications on a te*e%ision
set& Interacti%e te*e%ision) a*so !non as ITB) enab*es peop*e to not on*$ %ie te*e%ision b"t a*so
interact ith its content& The acti%ities that "sers can interact ith inc*"de infor#ation ser%ices)
(a#es) %otin() e:#ai*) SMS or shoppin(& M4P app*ications #a$ #a!e "se of an additiona*
ret"rn channe* that s"pports Internet Protoco*&
MP4 co#es in to presentations) DB8:4TMJ app*ications and the #ore pop"*ar DB8:6
app*ications) a*so !non as D*ets& An D*et interface a**os an e+terna* so"rce to initiate and ha*t
an app*ication& This abi*it$ is cr"cia* for a set:top bo+ en%iron#ent) hich in t"rn is an essentia*
co#ponent of interacti%e te*e%ision&
20
D*ets "s"a**$ re,"ire a brief #an"a* on ho to insta** the softare and ho it or!s& It
describes detai*s abo"t the *atest %ersion of the softare) the -&7&.&) a*tho"(h there ha%e been
p*ans to chan(e the feat"res and ho the$ or!&Rbr CSRbr CSThe #an"a* t$pica**$ ta*!s abo"t the
director$ str"ct"re one sho"*d (et hen don*oadin( and "nAippin( the fi*e) abo"t ho to start
the softare) ho to r"n it) abo"t the re#ote contro*) the shortc"t !e$s and the settin(s fi*e& The
infor#ation is #eant to he*p an$ ne "ser to start "sin( the e#"*ator) b"t #ore infor#ation can
a*so be fo"nd on*ine) especia**$ re*ated to co#ponents and tro"b*eshootin( an$ prob*e#s&
C4!Bi:<ri!: 6;TVi=
C4!Bi:<ri!: th 8ha!!;5 that ar a"ai;a7;
An$ TB i** ha%e a *ist of channe*s a%ai*ab*e) and D*eTBie a*so offers this
f"nctiona*it$& Un*i!e a rea* TB) $o" need to te** it hat channe*s are a%ai*ab*e and $o" can do this
b$ editin( the confi(Cchanne*s&+#*fi*e& The defa"*t %ersion of this fi*e *oo!s *i!e this>
<?xml version="1.0" encoding="ISO-8859-1"?>
<CH!!"#S>
<CH!!"#>
<!$">0<%!$">
<$"&I>con'ig%de'()l*+g.,-g<%$"&I>
<%CH!!"#>
<%CH!!"#S>
As $o" can see) each channe* definition consists of to parts& The R NAMES e*e#ent
contains the channe* na#e or n"#ber that i** be assi(ned to this channe*& The
R MEDIAS e*e#ent te**s&
D*eTBie hat it sho"*d disp*a$ in the bac!(ro"nd hen that channe* is se*ected& This
can either be a 6PEG i#a(e <hich sho"*d be /5- pi+e*s ide b$ K/. pi+e*s hi(h= or it can be an
ABI fi*e if $o" prefer a #o%in( bac!(ro"nd& P*ease note that on*$ so#e t$pes of ABI fi*e are
s"pported : see the section on "sin( %ideo ith D*eTBie for #ore detai*s&
21
'hen $o" first start D*eTBie) it i** disp*a$ the channe* *isted first in the channe*s&+#*
fi*e& In %ersion -&7&. of D*eTBie it is not possib*e to chan(e the channe* "sin( the !e$s on the
re#ote&
I!tr49<8ti4! B4r 6AMPP3
DBi!iti4!5 4B 6AMPP 4! th W73
H DAMPP <or= is a free and open so"rce cross:p*atfor# eb ser%er pac!a(e)
Consistin( #ain*$ of the Apache 4TTP Ser%er) M$STJ database)
and interpreters for scripts had ritten in the P4P and Per* pro(ra##in( *an("a(es&
I!tr49<8ti4!
At the be(innin( it is i#portant to anser h$ to choose DAMPP a#on( so #an$
ser%er pac!a(es a%ai*ab*eU 'e**) there are to stron( ad%anta(es of it& ;irst : itFs confi("ration is
so eas$) that e%en a chi*d can do it& It partic"*ar*$ is #ini#iAed to "nAip archi%e and r"n set"p
batch& Second : DAMPP is e+tre#e*$ portab*eV Mo%in( it fro# one director$ or dri%e to another
re,"ires on*$ one r"n of set"pW+a#pp&bat& Oo" can e%en insta** it on US8 stic! and ha%e $o"r
pri%ate eb ser%er a*on( ith $o"r apps (o an$here ith $o" and to be a%ai*ab*e on an$
co#p"ter@ $o" p*"( $o"r US8 stic! toV
As I read other 'i!i artic*es on ho #an$ prob*e#s peop*e ha%e ith insta**in( and confi("rin(
other ser%ers or ser%er pac! I thin! it can be si#p*ier than ith DAMPP&
Differences beteens set"p %ersion <EDE= and set"p:*ess %ersion <XIP= are at *east ,"estionab*e
<ha*f the siAe for the first one= and I sti** canFt fi("re o"t ho do the achie%e itU >= 8"t for this
t"toria* and for ad%anta(es of portabi*it$ e i** "se XIP %ersion&
I!5ta;;i!: 6AMPP
'e**&&& there is act"a**$ no insta**ation& 6"st "nAip archi%e (rabbed fro# Apache
;riends ebsite to a director$ of $o"r choice) e+ec"te 5t<pCDa2pp.7at inside "nAipped fo*der
once and anser to a fe si#p*e ,"estions <inc*"din( one) if $o" ant to #a!e DAMPP portab*e
: i&e& p"t on a US8 stic!=&
22
After that) e+ec"te Da2ppC84!tr4;.D to r"n an$ eb ser%er co#ponent <*i!e Apache) M$STJ=
$o" need or to insta** it as s$ste# ser%ice& If $o" pass this step) $o" can open $o"r broser and
point it to localhost to see DAMPP e*co#e pa(e) hich consist of so#e #od"*es for chec!in( C
(rantin( sec"rit$ to $o"r ebapps r"n "nder this ser%er& If e%er$thin( is do"b*e chec!ed and a**
iss"es a** so*%ed) $o" #a$ de*ete contents of httpd s"bfo*der in $o" DAMPP director$&
I!5ta;;i!: #ii

I ass"#e that $o"F%e a*read$ (rabbed Aip fi*e containin( neest edition of Oii& If $o"
are a*read$ fa#i*iar ith Oii) $o" #a$ obe$ demos fo*der) b"t it #i(ht be ise to r"n at *east
once a requirements to see) if $o"r fresh DAMPP insta**ation satisf$ a** $o"rs and OiiFs needsU
;or this p"rpose) cop$ contents of archi%e to httpd s"bfo*der in $o" DAMPP director$ and (o to
localhost in $o"r eb broser&
If e%er$thin( is fine) $o" #a$ #o%e Oii o"tside eb accessib*e director$) as it is
ad%ised in doc"#entation) and "pdate bootstrap inde+&php fi*e in $o"r ebapps to point to
correct fi*e& In #$ sit"ation I p"t contents of an archi%e in the sa#e director$ as httpd s"bfo*der
<i&e& #ain DAMPP fo*der= and rena#e framework director$ to yii& Therefore #$ bootstrap fi*e
*oo!s *i!e this>
COMPANIES3$
Usin( an e$eOS so*"tion for $o"r co#pan$ can pro%ide $o" *ots of benefits& ;ro#
portin( $o"r e+istent apps to $o"r ne s$ste# to pro%ide $o" a ,"a*it$ s"pport) $o" i** be ab*e
to choose beteen the best ser%ices to pro%ide $o"r co#pan$ the perfect so*"tion&
PUBLIC3$
;or p"b*ic en%iron#ents) e$eOS can pro%ide a s$ste# here) once a "ser has si(ned "p)
heCshe can access the netor! fro# an$ of the p"b*ic points) ha%in( hisCher persona* des!top and
fi*es& A sin(*e e$eOS Ser%er can hand*e h"ndreds of tho"sands of "sersV Oo" can %isit p"b*ic
en%iron#ent
O=! C;4<9 Oprati!: Sy5t2 With EyOS
23
A c*o"d OS si#p*$ refers to an operatin( s$ste# <or an interface fi**ed ith a co#p*ete
s"ite of des!top app*ications= that resides on the 'eb and $o" can access to it an$ti#e) an$here
as *on( as $o" ha%e an Internet connection&
'hi*e there are p*ent$ of c*o"d OS o"t there that $o" can si(n "p and "se for free) there #i(ht be
instances here $o" ant to ha%e $o"r on dedicated c*o"d OS& ;irst of a**) si(nin( "p a free
acco"nt ith third:part$ c*o"d OS often #eans that $o" ha%e *i#ited fi*e stora(e space and a**
$o"r data are stored in other peop*e?s ser%er& Ne+t) the connection speed is dependent on the
n"#ber of acti%e "sers at an$ ti#e& The #ore pop"*ar the site is) the s*oer it i** (et hen $o"
are "sin( it&
If hat $o" ant is $o"r on dedicated 'eb OS that $o" can "se to #ana(e $o"r on*ine st"ff)
and a*so to pro%ide an en%iron#ent to co**aborate ith $o"r co**ea("esCpartners) then e$eOS is
the softare for $o"&
E$eOS is free and open so"rce c*o"d OS softare that $o" can insta** on $o"r on 'eb ser%er&
One thin( that I *i!e abo"t e$eOS is its s#a** fi*e siAe and ease of insta**ation& The ho*e
pac!a(e is on*$ 5&KM8 in siAe) and the insta**ation re,"ired a*#ost Aero confi("ration <e**)
there are sti** se%era* steps in%o*%ed= and an$one ho !no ho to "se a ;TP pro(ra# can (et it
"p and r"nnin( in no ti#e&
). I!tr49<8ti4!
).) P<rp45
In co#p"ter sec"rit$) sho"*der s"rfin( refers to "sin( direct ober%ation techni,"es) s"ch as
*oo!in( o%er so#eoneFs sho"*der) to (et infor#ation& It is co##on*$ "sed to obtain
passords) PIN sec"rit$ codes) and si#i*ar data& Sho"*der s"rfin( can a*so be done at a distance
"sin( binoc"*ars or other %ision:enhancin( de%ices& Ine+pensi%e) #iniat"re c*osed:circ"it
te*e%ision ca#eras can be concea*ed in cei*in(s) a**s or fi+t"res to obser%e data entr$& To
pre%ent sho"*der s"rfin() it is ad%ised to shie*d paperor! or the !e$pad fro# %ie b$ "sin(
oneFs bod$ or c"ppin( oneFs hand& To cope ith this prob*e#) hich is beteen the "ser and the
s$ste#) cr$pto(raphic pre%ention techni,"es are hard*$ app*icab*e beca"se h"#an "sers are
*i#ited in their capacit$ to process infor#ation& Instead) there ha%e been a*ternati%e approaches
24
considerin( the as$##etr$ beteen the "ser and the s$ste#& O"r no%e* approach ca**ed co%ert
attentiona* sho"*der s"rfin( indeed can brea! the e** !non PIN entr$ #ethod pre%io"s*$
e%a*"ated to be sec"re a(ainst sho"*der s"rfin(& Another contrib"tion in this paper is the for#a*
#ode*in( approach b$ adaptin( the predicti%e h"#an perfor#ance #ode*in( too* for sec"rit$
ana*$sis and i#pro%e#ent& 'e a*so de%ise a defense techni,"e in the #ode*in(
Pr4E8t S84p
'hen a "ser enters a persona* identification n"#ber<PIN= as a n"#eric passord in
#obi*e or stationar$ s$ste#s) inc*"din( s#art phones) tab*et co#p"ters) a"to#ated te**er
#achines <ATM=) and point of sa*e <PoS= ter#ina*s) a direct obser%ation attac! based on sho"*der
s"rfin( beco#es (reat concern& The PIN entr$ can be obser%ed b$ nearb$ ad%ersaries) #ore
effecti%e*$ in a croded p*ace& Since the sa#e PIN is "s"a**$ chosen b$ a "ser for %ario"s
p"rposes and "sed repeated*$) a co#pro#ise of the PIN #a$ ca"se the "ser a (reat ris!& To cope
ith this prob*e#) hich is beteen the "ser and the s$ste#) cr$pto(raphic pre%ention
techni,"es are hard*$ app*icab*e beca"se h"#an "sers are *i#ited in their capacit$ to process
infor#ation& Instead) there ha%e been a*ternati%e approaches considerin( the as$##etr$ beteen
the "ser and the s$ste#& A#on( the#) the PIN entr$ as e*e(ant beca"se of its si#p*icit$ and
int"iti%eness> in each ro"nd) a re("*ar n"#eric !e$pad is co*ored at rando#) ha*f of the !e$s in
b*ac! and the other ha*f in hite) hich e i** ca** the 8' #ethod& A "ser ho !nos the
correct PIN di(it can anser its co*or b$ pressin( the separate co*or !e$ be*o& The basic 8'
#ethod is ai#ed to resist a h"#an sho"*der s"rfin( attac!) not s"pported b$ a recordin( de%ice)
hi*e its probabi*istic e+tension considers a recordin( attac! in part& The 8' #ethod is sti**
considered to be sec"re a(ainst h"#an ad%ersaries d"e to the *i#ited co(niti%e capabi*ities of
h"#ans& So o"r ai# of this project is to pre%ent h"#an sho"*der s"rfin( attac! and to estab*ish a
sec"re transaction beteen the #obi*e App and Ser%er b$ i#p*e#entin( the i#pro%ed 8'
#ethod&
'. O"ra;; D58ripti4!
25
'.) Pr49<8t Pr5p8ti"
In sho"*der s"rfin( attac!s) ad%ersaries sho"*d #o%e their e$e
fi+ations rapid*$ on the "ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e
infor#ation) e&(&) the *a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$
infor#ation) e&(&) a "ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired
infor#ation& If the ti#e period a**oed for those processes is too short or its #e#or$
re,"ire#ent e+ceeds the h"#an *i#it) then sho"*der s"rfin( sho"*d fai*& To e+tend and effecti%e*$
"se the a**oed ti#e period) the e+istin( idea is to e#p*o$ co%ert attention& If an ad%ersar$
s"ppresses saccadic e$e #o%e#ents d"rin( %is"a* perception) she can earn #ore te#pora*
chances for %is"a* infor#ation processin( ithin the c"rrent %is"a* an(*e& This is tr"e e%en hi*e
cond"ctin( co%ert attentiona* shifts to a sti#"*"s inside the %is"a* an(*e and carr$in( o"t para**e*
#otor operations itho"t saccadic e$e #o%e#ents& To red"ce the #e#or$ re,"ire#ent) o"r idea
is to e#p*o$ percept"a* (ro"pin(& If an ad%ersar$ e+tracts si(nificant %is"a* re*ations fro# *oer:
*e%e* feat"res) e&(&) co*or of s,"ares b$ i(norin( the indi%id"a* di(its) and (ro"ps the# into
hi(her:*e%e* str"ct"res) e&(&) a *ar(er po*$(on in the sa#e co*or) based on the Gesta*t princip*es)
she can red"ce the n"#ber of %is"a* objects stored in the short:ter# #e#or$& So in Co%ert
attentiona* sho"*der s"rfin() three #ain operations s"ch as co%ert attention) percept"a* (ro"pin()
and para**e* #otor operation) are co#bined to(ether for deri%in( a PIN di(it& In each ro"nd)
attended objects are *ined for easier "nderstandin( of co%ert attention& Co%ert attentiona*
sho"*der s"rfin( can brea! the 8' #ethod thro"(h the #ode*in(:based ana*$sis&
'.' Pr49<8t Fat<r5
26
The internationa* standard for PIN #ana(e#ent) ISO 2K.9) #andates) the PIN entr$ de%ice sha**
be desi(ned or insta**ed so that the c"sto#er can pre%ent others fro# obser%in( the PIN %a*"e as
it is bein( entered& There ha%e been a n"#ber of st"dies of de%e*opin( pre%ention #ethods in
softare for te+t"a* passords) (raphica* passords and PINs & The$ co##on*$ re*$ on indirect
!e$ entr$ to resist sho"*der s"rfin( and re*ated attac!s& 'e ha%e *earned that) hoe%er) it is
cha**en(in( to desi(n a sec"re and at the sa#e ti#e "sab*e #ethod& It is *i!e*$ that sec"rit$
enforce#ent res"*ts in hi(h*$ co#p*e+ and error:prone proced"res) hi*e its re*a+ation for
"sabi*it$ can *ead to sec"rit$ breaches& 4oe%er 8' #ethod as sti** considered as a sec"re
#ethod a(ainst sho"*der s"rfin( b"t ad%ersaries sho"*d #o%e their e$e fi+ations rapid*$ on the
"ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e infor#ation) e&(&) the
*a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$ infor#ation) e&(&) a
"ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired infor#ation& If the ti#e period
a**oed for those processes is too short or its #e#or$ re,"ire#ent e+ceeds the h"#an *i#it) then
sho"*der s"rfin( sho"*d fai*& The co(niti%e co#p*e+it$ ana*$sis and its e+peri#ents (i%en in L3M
sho on*$ that the nai%e sho"*der s"rfers co"*d not fo**o and re#e#ber a** the di(its for the
ne+t ro"nd a(ainst the 8' #ethod& 4oe%er) if it is possib*e to e+tend and effecti%e*$ "se the
a**oed ti#e period and to red"ce the #e#or$ re,"ire#ent) ad%ersaries can beco#e #ore
effecti%e than e+pected&
'./ U5r C;a555 a!9 Chara8tri5ti85
Jo(ic&Nei(hbSensor&ja%a fi*e is "sed for to #a!e a Sensor in #"*ti (ro"p&
Jo(ic& sensorM"*Sender&ja%a fi*e is "sed &co##"nicate beteen Sensor nodes&
Jo(ic&sin!ser%er&ja%a is "sed to connect that sensor node and sin! node&
Protection& Sensor&f+ fi*e is sho the sensor node desi(n "sin( ja%af+&
Protection& Sin!&f+ fi*e is sho the sin! node desi(n "sin( ja%af+&
27
'.* D5i:! a!9 I2p;2!tati4! C4!5trai!t5
'.(.) C4!5trai!t5 i! A!a;y5i5
Constraints as Infor#a* Te+t
Constraints as Operationa* Restrictions
Constraints Inte(rated in E+istin( Mode* Concepts
Constraints as a Separate Concept
Constraints I#p*ied b$ the Mode* Str"ct"re

'.(.' C4!5trai!t5 i! D5i:!
Deter#ination of the In%o*%ed C*asses
Deter#ination of the In%o*%ed Objects
Deter#ination of the In%o*%ed Actions
Deter#ination of the Re,"ire C*a"ses
G*oba* actions and Constraint Rea*iAation
'.(./ C4!5trai!t5 i! I2p;2!tati4!
A hierarchica* str"ct"rin( of re*ations #a$ res"*t in #ore c*asses and a #ore
co#p*icated str"ct"re to i#p*e#ent& Therefore it is ad%isab*e to transfor# the hierarchica*
re*ation str"ct"re to a si#p*er str"ct"re s"ch as a c*assica* f*at one& It is rather strai(htforard to
transfor# the de%e*oped hierarchica* #ode* into a bipartite) f*at #ode*) consistin( of c*asses on
the one hand and f*at re*ations on the other& ;*at re*ations are preferred at the desi(n *e%e* for
reasons of si#p*icit$ and i#p*e#entation ease& There is no identit$ or f"nctiona*it$ associated
ith a f*at re*ation& A f*at re*ation corresponds ith the re*ation concept of entit$:re*ationship
#ode*in( and #an$ object oriented #ethods&
/. Sy5t2 Fat<r5
28
A so"rce *ocation pri%ac$:preser%in( sche#e that creates a c*o"d of fa!e pac!ets aro"nd
the so"rce node) %aries traffic ro"tes) and chan(es the pac!ets? appearance at each hop& It can
pro%ide a stron( protection a(ainst 4otspot:Jocatin( attac! ith #"ch *ess ener($ cost
co#parin( to (*oba*:ad%ersar$ based sche#es&
*. EDtr!a; I!trBa8 RF<ir2!t5
*.)U5r I!trBa85
3& A** the contents in the project are i#p*e#ented "sin( Graphica* User Interface
<GUI= in 6a%a thro"(h 6a%a;D concepts&
5& E%er$ concept"a* part of the projects is ref*ected "sin( the 6a%a;D&
7& S$ste# (ets the inp"t and de*i%ers thro"(h the GUI based&
*.' Har9=ar I!trBa85
Ethr!t
Ethernet on the ASC9-- s"pports TCPCIP) Ad%anced Peer:to:Peer Netor!in( <APPN=
and ad%anced pro(ra#:to:pro(ra# co##"nications <APPC=&
ISDN
Oo" can connect $o"r ASC9-- to an Inte(rated Ser%ices Di(ita* Netor! <ISDN= for
faster) #ore acc"rate data trans#ission& An ISDN is a p"b*ic or pri%ate di(ita* co##"nications
netor! that can s"pport data) fa+) i#a(e) and other ser%ices o%er the sa#e ph$sica* interface&
A*so) $o" can "se other protoco*s on ISDN) s"ch as IDJC and D&5K&
*./S4Bt=ar I!trBa85
This softare is interacted ith the 4ttp protoco*& This protoco* is r"nnin( in to#cat port
n"#ber <defa"*t 1-=&
C422<!i8ati4! I!trBa85
29
3& TCPCIP protoco*&
5& JAN settin(s&
(. Othr N4!B<!8ti4!a; RF<ir2!t5
(.)PrB4r2a!8 RF<ir2!t5
The perfor#ance of the ire*ess #esh netor!) to e+ec"te this project on JAN or ifi
co##"nication channe*& So e need to one or #ore than one #achine to e+ec"te the de#o&
Machine needs the eno"(h hard dis! space to insta** the softare and r"n o"r project&
(.'SaBty RF<ir2!t5
3& The softare #a$ be safet$:critica*& If so) there are iss"es associated ith its inte(rit$
*e%e*
5& The softare #a$ not be safet$:critica* a*tho"(h it for#s part of a safet$:critica*
s$ste#& ;or e+a#p*e) softare #a$ si#p*$ *o( transactions&
7& If a s$ste# #"st be of a hi(h inte(rit$ *e%e* and if the softare is shon to be of that
inte(rit$ *e%e*) then the hardare #"st be at *east of the sa#e inte(rit$ *e%e*&
9& There is *itt*e point in prod"cin( FperfectF code in so#e *an("a(e if hardare and
s$ste# softare <in idest sense= are not re*iab*e&
K& If a co#p"ter s$ste# is to r"n softare of a hi(h inte(rit$ *e%e* then that s$ste# sho"*d
not at the sa#e ti#e acco##odate softare of a *oer inte(rit$ *e%e*&
.& S$ste#s ith different re,"ire#ents for safet$ *e%e*s #"st be separated&
/& Otherise) the hi(hest *e%e* of inte(rit$ re,"ired #"st be app*ied to a** s$ste#s in the
sa#e en%iron#ent&
(./S8<rity RF<ir2!t5
Do not b*oc! the so#e a%ai*ab*e ports thro"(h the indos firea**
30
K&9 S4Bt=ar 0<a;ity Attri7<t5
F<!8ti4!a;ity> are the re,"ired f"nctions a%ai*ab*e) inc*"din( Interoperabi*it$ and
sec"rit$
R;ia7i;ity> #at"rit$) fa"*t to*erance and reco%erabi*it$
U5a7i;ity> ho eas$ it is to "nderstand) *earn) and operate the softare S$ste#
EBBi8i!8y> perfor#ance and reso"rce beha%ior&
Mai!tai!a7i;ity> Maintainin( the softare&
P4rta7i;ity> can the softare easi*$ be transferred to another en%iron#ent)
Inc*"din( insta** abi*it$
CHAPTER *
Ar8hit8t<r Dia:ra2
31


Fi:3 *.)
*.) SF<!8 Dia:ra23
32
33
*.' U5 Ca5 Dia:ra23
*./ A8ti"ity Dia:ra23
34
C4;;a74rati4! Dia:ra23
35
DataB;4= Dia:ra2
36
Level 0
Level 1
L"; '
37
M!"I#
$S#%
&''e((
mone)
t*ro+g*
mo,ile &-M
Mo,ile
$(er
&''e((ing
mo,ile &-M
Server
%egi(tration
Pro'e((
L"; /3
L"; *3
38
Server

Mo,ile
.ata,a
(e
Mo,ile
$(er
&''e((ing
mo,ile &-M
%egi(tration
Pro'e((
Mo,ile $(er
&''e((ing
mo,ile &-M
%egi(tration
Pro'e((
Server

Mo,ile
.ata,a
(e
39
Mo,ile
$(er
&''e((ing
Mo,ile &-M
%egi(tration
Pro'e((
Server
Mo,ile
.ata,a(
e
Provi/e(
a''e((
$ni0+e
PI1
Mat'*e/ 2a(*
val+e
#nter
amo+nt
Mone)
3it*/ra4al
C;a55 Dia:ra2
40
CHAPTER (
S#STEM DESIGN
(.) MODULES
User Re(istration Y 8' #ethod
I#pro%ed 8' #ethod
A"thentication Y Ser%ices
U5r R:i5trati4! G BW 2th493
User Re(istration is done and after that the "ser is ab*e to access the ATM app*ication in
their #obi*e phones& Once the User Re(istration is Co#p*ete) User i** be pro%ided ith a
Uni,"e PIN Sent to Their Respecti%e Mai* ID& Once it (ot %a*idated a User i** be ab*e to access
o"r App*ication b$ enterin( the Userna#e and Passord Chosen at the ti#e of Re(istration&
Then o"r app*ication i** pro%ide "sers its ser%ices& Then if the "ser i** (o ith ATM ser%ices)
"ser is as!ed to pro%ide the PIN di(it& At this ti#e) the 8' #ethod co#es in to p*a$& The 8'
#ethod partitions a set of ten di(its into to rando# ha*%es) of hich one is se*ected accordin(
to the "ser?s !e$ entr$ in each ro"nd& If the se*ected ha*%es ere #e#oriAed or ritten on a paper
for #) consec"ti%e ro"nds and reca**ed to deri%e their Gro"pin( Patterns) the sho"*der s"rfer
co"*d identif$ a sin(*e di(it of the PIN&
I2pr4"9 BW 2th493
In this Method e i#p*e#ent a ne Strate($ that i** co#p*ete*$ ne(*ect Sho"*der
S"rfin( e%en a 'e** Trained Percept"a* Gro"per co"*d not Crac! the PIN Di(it Entered b$ the
User in a Con%entiona* 'a$& Jet P denote a set of fo"r co*ors andCor patterns c"sto#iAab*e& Jet P
41
Z [b*ac!) b*"e) hite) $e**o\ or P Z [b*ac!) hite) dotted) dia(ona* stripes\) for a co*or b*ind
person& Ro"(h*$ spea!in() the i#pro%ed #ethod r"ns as fo**os> The s$ste# disp*a$s a set of ten
di(its) A Z [-) UUU) 2\) on the re("*ar n"#eric !e$pad ith to sp*it co*ors) chosen fro# P) in
each n"#eric !e$@ and the fo"r co*or !e$s be*o& A co*or is chosen at rando# fro# P and fi**s
fi%e rando# sp*its of distinct !e$s@ each sp*it co"*d be either "pper or *oer one& The re#ainin(
co*ors fi** fi%e sp*its) respecti%e*$) in the sa#e a$& The "ser attends to the PIN di(it and enters
either of its co*or thro"(h the co*or !e$& The "ser and the s$ste# repeat this proced"re for #
ro"nds that the PIN di(it is identified b$ intersection) and "nti* a** the PIN di(its are identified&
A<th!ti8ati4! G Sr"i853
Once the User Entered Pattern is #anip"*ated and a PIN is Identified) It i** be chec!ed
ith the Joca* Database pro%ided b$ Android OS "sin( STJ Jite& This Process is to pre%ent
"nanted Ser%er end process hand*in( p*a$f"* re,"ests& A One 'a$ 4ash is (enerated for the
Ba*idated PIN and is sent to Ser%er in p"b*ic channe* so that an acti%e attac!er can not e+tract the
PIN b$ #onitorin( the channe*& Once (ot A"thenticated b$ Ser%er a T"ic! Response to the
Mobi*e App i** redirect the "ser to the Ser%ices& In ATM Ser%ices Cash 'ithdraa*) Deposit
and ;"nd Transfer can be done sec"re*$ "sin( the concept of Birt"a* Mone$ hich is a*read$
e#p*o$ed b$ #an$ other App*ications S"ccessf"**$ in the 'eb& This red"ces the o%erhead
co#p*e+ities in the ser%er and i** Pro%ide the User an ease of access to the 8an!in( Ser%ices&
CHAPTER %
42
CODING AND TESTING
%.) CODING
Once the desi(n aspect of the s$ste# is fina*iAes the s$ste# enters into the codin( and
testin( phase& The codin( phase brin(s the act"a* s$ste# into action b$ con%ertin( the desi(n of
the s$ste# into the code in a (i%en pro(ra##in( *an("a(e& Therefore) a (ood codin( st$*e has to
be ta!en hene%er chan(es are re,"ired it easi*$ screed into the s$ste#&
%.' CODING STANDARDS
Codin( standards are ("ide*ines to pro(ra##in( that foc"ses on the ph$sica* str"ct"re and
appearance of the pro(ra#& The$ #a!e the code easier to read) "nderstand and #aintain& This
phase of the s$ste# act"a**$ i#p*e#ents the b*"eprint de%e*oped d"rin( the desi(n phase& The
codin( specification sho"*d be in s"ch a a$ that an$ pro(ra##er #"st be ab*e to "nderstand the
code and can brin( abo"t chan(es hene%er fe*t necessar$& So#e of the standard needed to
achie%e the abo%e:#entioned objecti%es are as fo**os>
Pro(ra# sho"*d be si#p*e) c*ear and eas$ to "nderstand&
Na#in( con%entions
Ba*"e con%entions
Script and co##ent proced"re
Messa(e bo+ for#at
E+ception and error hand*in(
43
%.'.) NAMING CONVENTIONS
Na#in( con%entions of c*asses) data #e#ber) #e#ber f"nctions) proced"res etc&) sho"*d be
5;B$958ripti"& One sho"*d e%en (et the #eanin( and scope of the %ariab*e b$ its na#e& The
con%entions are adopted for a5y <!9r5ta!9i!: of the intended #essa(e b$ the "ser& So it is
c"sto#ar$ to fo**o the con%entions& These con%entions are as fo**os>
C;a55 !a25
C*ass na#es are prob*e# do#ain e,"i%a*ence and be(in ith capita* *etter and ha%e #i+ed cases&
M27r F<!8ti4! a!9 Data M27r !a2
Me#ber f"nction and data #e#ber na#e be(ins ith a *oercase *etter
ith each s"bse,"ent *etters of the ne ords in "ppercase and the rest of *etters in *oercase&
%.'.' VALUE CONVENTIONS
Ba*"e con%entions ens"re %a*"es for %ariab*e at an$ point of ti#e& This in%o*%es the
fo**oin(>
Proper defa"*t %a*"es for the %ariab*es&
Proper %a*idation of %a*"es in the fie*d&
Proper doc"#entation of f*a( %a*"es&
%.'./ SCRIPT WRITING AND COMMENTING STANDARD
44
Script ritin( is an art in hich indentation is "t#ost i#portant& Conditiona* and *oopin(
state#ents are to be proper*$ a*i(ned to faci*itate eas$ "nderstandin(& Co##ents are inc*"ded to
#ini#iAe the n"#ber of s"rprises that co"*d occ"r hen (oin( thro"(h the code&
%.'.* MESSAGE BO6 FORMAT
'hen so#ethin( has to be pro#pted to the "ser) he #"st be ab*e to "nderstand it proper*$&
To achie%e this) a specific for#at has been adopted in disp*a$in( #essa(es to the "ser& The$ are
as fo**os>
D N User has perfor#ed i**e(a* operation&
V N Infor#ation to the "ser&
%./ TEST PROCEDURE
S#STEM TESTING
Testin( is perfor#ed to identif$ errors& It is "sed for ,"a*it$ ass"rance& Testin( is
an inte(ra* part of the entire de%e*op#ent and #aintenance process& The (oa* of the testin(
d"rin( phase is to %erif$ that the specification has been acc"rate*$ and co#p*ete*$ incorporated
into the desi(n) as e** as to ens"re the correctness of the desi(n itse*f& ;or e+a#p*e the desi(n
#"st not ha%e an$ *o(ic fa"*ts in the desi(n is detected before codin( co##ences) otherise the
cost of fi+in( the fa"*ts i** be considerab*$ hi(her as ref*ected& Detection of desi(n fa"*ts can be
achie%ed b$ #eans of inspection as e** as a*!thro"(h&
Testin( is one of the i#portant steps in the softare de%e*op#ent phase& Testin( chec!s for
the errors) as a ho*e of the project testin( in%o*%es the fo**oin( test cases>
Static ana*$sis is "sed to in%esti(ate the str"ct"ra* properties of the So"rce code&
45
D$na#ic testin( is "sed to in%esti(ate the beha%ior of the so"rce code b$ e+ec"tin( the
pro(ra# on the test data&
%.* TEST DATA AND OUTPUT
%.*.) UNIT TESTING
Unit testin( is cond"cted to %erif$ the f"nctiona* perfor#ance of each #od"*ar
co#ponent of the softare& Unit testin( foc"ses on the s#a**est "nit of the softare desi(n <i&e&=)
the #od"*e& The hite:bo+ testin( techni,"es ere hea%i*$ e#p*o$ed for "nit testin(&
%.*.' FUNCTIONAL TESTS
;"nctiona* test cases in%o*%ed e+ercisin( the code ith no#ina* inp"t %a*"es for
hich the e+pected res"*ts are !non) as e** as bo"ndar$ %a*"es and specia* %a*"es) s"ch as
*o(ica**$ re*ated inp"ts) fi*es of identica* e*e#ents) and e#pt$ fi*es&
Three t$pes of tests in ;"nctiona* test>
Perfor#ance Test
Stress Test
Str"ct"re Test
%.*./ PERFORMANCE TEST
It deter#ines the a#o"nt of e+ec"tion ti#e spent in %ario"s parts of the "nit) pro(ra#
thro"(hp"t) and response ti#e and de%ice "ti*iAation b$ the pro(ra# "nit&
46
%.*.* STRESS TEST
Stress Test is those test desi(ned to intentiona**$ brea! the "nit& A Great dea* can be
*earned abo"t the stren(th and *i#itations of a pro(ra# b$ e+a#inin( the #anner in hich a
pro(ra##er in hich a pro(ra# "nit brea!s&
%.*.( STRUCTURED TEST
Str"ct"re Tests are concerned ith e+ercisin( the interna* *o(ic of a pro(ra# and
tra%ersin( partic"*ar e+ec"tion paths& The a$ in hich 'hite:8o+ test strate($ as e#p*o$ed
to ens"re that the test cases co"*d G"arantee that a** independent paths ithin a #od"*e ha%e
been ha%e been e+ercised at *east once&
E+ercise a** *o(ica* decisions on their tr"e or fa*se sides&
E+ec"te a** *oops at their bo"ndaries and ithin their operationa* bo"nds&
E+ercise interna* data str"ct"res to ass"re their %a*idit$&
Chec!in( attrib"tes for their correctness&
4and*in( end of fi*e condition) ICO errors) b"ffer prob*e#s and te+t"a* errors in
o"tp"t infor#ation
%.*.% INTEGRATION TESTING
Inte(ration testin( is a s$ste#atic techni,"e for constr"ction the pro(ra# str"ct"re
hi*e at the sa#e ti#e cond"ctin( tests to "nco%er errors associated ith interfacin(& i&e&)
inte(ration testin( is the co#p*ete testin( of the set of #od"*es hich #a!es "p the prod"ct& The
47
objecti%e is to ta!e "ntested #od"*es and b"i*d a pro(ra# str"ct"re tester sho"*d identif$ critica*
#od"*es& Critica* #od"*es sho"*d be tested as ear*$ as possib*e& One approach is to ait "nti* a**
the "nits ha%e passed testin() and then co#bine the# and then tested& This approach is e%o*%ed
fro# "nstr"ct"red testin( of s#a** pro(ra#s& Another strate($ is to constr"ct the prod"ct in
incre#ents of tested "nits& A s#a** set of #od"*es are inte(rated to(ether and tested) to hich
another #od"*e is added and tested in co#bination& And so on& The ad%anta(es of this approach
are that) interface dispenses can be easi*$ fo"nd and corrected&
The #ajor error that as faced d"rin( the project is *in!in( error& 'hen a** the
#od"*es are co#bined the *in! is not set proper*$ ith a** s"pport fi*es& Then e chec!ed o"t for
interconnection and the *in!s& Errors are *oca*iAed to the ne #od"*e and its
interco##"nications& The prod"ct de%e*op#ent can be sta(ed) and #od"*es inte(rated in as the$
co#p*ete "nit testin(& Testin( is co#p*eted hen the *ast #od"*e is inte(rated and tested&
%.( TESTING TECHNI0UES H TESTING STRATERGIES
%.(.) TESTING
Testin( is a process of e+ec"tin( a pro(ra# ith the intent of findin( an error& A (ood test
case is one that has a hi(h probabi*it$ of findin( an as:$et N"ndisco%ered error& A s"ccessf"* test
is one that "nco%ers an as:$et: "ndisco%ered error& S$ste# testin( is the sta(e of i#p*e#entation)
hich is ai#ed at ens"rin( that the s$ste# or!s acc"rate*$ and efficient*$ as e+pected before
*i%e operation co##ences& It %erifies that the ho*e set of pro(ra#s han( to(ether& S$ste#
testin( re,"ires a test consists of se%era* !e$ acti%ities and steps for r"n pro(ra#) strin() s$ste#
and is i#portant in adoptin( a s"ccessf"* ne s$ste#& This is the *ast chance to detect and correct
errors before the s$ste# is insta**ed for "ser acceptance testin(&
48
The softare testin( process co##ences once the pro(ra# is created and the
doc"#entation and re*ated data str"ct"res are desi(ned& Softare testin( is essentia* for
correctin( errors& Otherise the pro(ra# or the project is not said to be co#p*ete& Softare
testin( is the critica* e*e#ent of softare ,"a*it$ ass"rance and represents the "*ti#ate the re%ie
of specification desi(n and codin(& Testin( is the process of e+ec"tin( the pro(ra# ith the
intent of findin( the error& A (ood test case desi(n is one that as a probabi*it$ of findin( an $et
"ndisco%ered error& A s"ccessf"* test is one that "nco%ers an $et "ndisco%ered error& An$
en(ineerin( prod"ct can be tested in one of the to a$s>
%.(.).) WHITE BO6 TESTING
This testin( is a*so ca**ed as G*ass bo+ testin(& In this testin() b$ !noin( the
specific f"nctions that a prod"ct has been desi(n to perfor# test can be cond"cted that
de#onstrate each f"nction is f"**$ operationa* at the sa#e ti#e searchin( for errors in each
f"nction& It is a test case desi(n #ethod that "ses the contro* str"ct"re of the proced"ra* desi(n to
deri%e test cases& 8asis path testin( is a hite bo+ testin(&
8asis path testin(>
;*o (raph notation
C$c*o#etric co#p*e+it$
Deri%in( test cases
Graph #atrices Contro*
%.(.).' BLACK BO6 TESTING
49
In this testin( b$ !noin( the interna* operation of a prod"ct) test can be
cond"cted to ens"re that a** (ears #eshP) that is the interna* operation perfor#s accordin( to
specification and a** interna* co#ponents ha%e been ade,"ate*$ e+ercised& It f"nda#enta**$
foc"ses on the f"nctiona* re,"ire#ents of the softare&
The steps in%o*%ed in b*ac! bo+ test case desi(n are>
Graph based testin( #ethods
E,"i%a*ence partitionin(
8o"ndar$ %a*"e ana*$sis
Co#parison testin(
%.(.' SOFTWARE TESTING STRATEGIES3
A softare testin( strate($ pro%ides a road #ap for the softare de%e*oper& Testin( is a
set acti%it$ that can be p*anned in ad%ance and cond"cted s$ste#atica**$& ;or this reason a
te#p*ate for softare testin( a set of steps into hich e can p*ace specific test case desi(n
#ethods sho"*d be strate($ sho"*d ha%e the fo**oin( characteristics>
Testin( be(ins at the #od"*e *e%e* and or!s o"tardP toard the inte(ration of
the entire co#p"ter based s$ste#&
Different testin( techni,"es are appropriate at different points in ti#e&
The de%e*oper of the softare and an independent test (ro"p cond"cts testin(&
50
Testin( and Deb"((in( are different acti%ities b"t deb"((in( #"st be
acco##odated in an$ testin( strate($&
%.(.'.) INTEGRATION TESTING3
Inte(ration testin( is a s$ste#atic techni,"e for constr"ctin( the pro(ra#
str"ct"re hi*e at the sa#e ti#e cond"ctin( tests to "nco%er errors associated ith& Indi%id"a*
#od"*es) hich are hi(h*$ prone to interface errors) sho"*d not be ass"#ed to or! instant*$
hen e p"t the# to(ether& The prob*e# of co"rse) is p"ttin( the# to(etherP: interfacin(&
There #a$ be the chances of data *ost across on another?s s"b f"nctions) hen co#bined #a$ not
prod"ce the desired #ajor f"nction@ indi%id"a**$ acceptab*e i#pression #a$ be #a(nified to
"nacceptab*e *e%e*s@ (*oba* data str"ct"res can present prob*e#s&
%.(.'.' PROGRAM TESTING3
The *o(ica* and s$nta+ errors ha%e been pointed o"t b$ pro(ra# testin(& A
s$nta+ error is an error in a pro(ra# state#ent that in %io*ates one or #ore r"*es of the *an("a(e
in hich it is ritten& An i#proper*$ defined fie*d di#ension or o#itted !e$ords are co##on
s$nta+ error& These errors are shon thro"(h error #essa(es (enerated b$ the co#p"ter& A *o(ic
error on the other hand dea*s ith the incorrect data fie*ds) o"t:off:ran(e ite#s and in%a*id
co#binations& Since the co#pi*er s i** not ded"ct *o(ica* error) the pro(ra##er #"st e+a#ine
the o"tp"t& Condition testin( e+ercises the *o(ica* conditions contained in a #od"*e& The possib*e
t$pes of e*e#ents in a condition inc*"de a 8oo*ean operator) 8oo*ean %ariab*e) a pair of 8oo*ean
parentheses A re*ationa* operator or on arith#etic e+pression& Condition testin( #ethod foc"ses
51
on testin( each condition in the pro(ra# the p"rpose of condition test is to ded"ct not on*$
errors in the condition of a pro(ra# b"t a*so other a errors in the pro(ra#&
%.(.'./ SECURIT# TESTING3
Sec"rit$ testin( atte#pts to %erif$ the protection #echanis#s b"i*t in to a s$ste# e**) in
fact) protect it fro# i#proper penetration& The s$ste# sec"rit$ #"st be tested for in%"*nerabi*it$
fro# fronta* attac! #"st a*so be tested for in%"*nerabi*it$ fro# rear attac!& D"rin( sec"rit$) the
tester p*aces the ro*e of indi%id"a* ho desires to penetrate s$ste#&
%.(.'.* VALIDATION TESTING
At the c"*#ination of inte(ration testin() softare is co#p*ete*$ asse#b*ed as a
pac!a(e& Interfacin( errors ha%e been "nco%ered and corrected and a fina* series of softare test:
%a*idation testin( be(ins& Ba*idation testin( can be defined in #an$ a$s) b"t a si#p*e definition
is that %a*idation s"cceeds hen the softare f"nctions in #anner that is reasonab*$ e+pected b$
the c"sto#er& Softare %a*idation is achie%ed thro"(h a series of b*ac! bo+ tests that
de#onstrate confor#it$ ith re,"ire#ent& After %a*idation test has been cond"cted) one of to
conditions e+ists&
H The f"nction or perfor#ance characteristics confir# to specifications and are accepted&
H A %a*idation fro# specification is "nco%ered and a deficienc$ created&
De%iation or errors disco%ered at this step in this project is corrected prior to co#p*etion
of the project ith the he*p of the "ser b$ ne(otiatin( to estab*ish a #ethod for reso*%in(
deficiencies& Th"s the proposed s$ste# "nder consideration has been tested b$ "sin( %a*idation
52
testin( and fo"nd to be or!in( satisfactori*$& Tho"(h there ere deficiencies in the s$ste# the$
ere not catastrophic&
%.(.'.( USER ACCEPTANCE TESTING
User acceptance of the s$ste# is !e$ factor for the s"ccess of an$ s$ste#& The s$ste#
"nder consideration is tested for "ser acceptance b$ constant*$ !eepin( in to"ch ith prospecti%e
s$ste# and "ser at the ti#e of de%e*opin( and #a!in( chan(es hene%er re,"ired& This is done
in re(ardin( to the fo**oin( points&
Inp"t screen desi(n&
O"tp"t screen desi(n&
S4<r8 C49
53
S8r!5h4t53
54
55
56
57
58
59
60
REFERENCES
L3M D& 8ai) '& G") S& Che**appan) D& 'an() D& D"an) and 8& Ma) PAS> Predicate:based
a"thentication ser%ices a(ainst poerf"* passi%e ad%ersaries)P in Proc& IEEE Ann"& Co#p"t&
Sec"rit$ App*& Conf&) Dec& 5--1) pp& 977N995&
L5M D& 'einsha**) Co(niti%e a"thentication sche#es safe a(ainst sp$ are)P in Proc& IEEE
S$#p& Sec"rit$ Pri%ac$) Ma$ 5--.) pp& 52KN7--&
L7M P& D"nph$) A& P& 4einer) and N& Aso!an) A c*oser *oo! at reco(nition based (raphica*
passords on #obi*e de%ices)P in Proc& ACM S$#p& Usab*e Pri%ac$ Sec"rit$) 5-3-) pp& 3N35&
L9M '& S& Geis*er and 8& 6& S"per) Percept"a* or(aniAation of to di#ensiona* patterns)P
Ps$cho*& Re%&) %o*& 3-/) no& 9) pp& .//N/-1) 5---&
LKM T& ;& 8rad$) T& Eon!*e) and G& A& A*%areA) A re%ie of %is"a* #e#or$ capacit$> 8e$ond
indi%id"a* ite#s and toard str"ct"red representations)P6& Bision) %o*& 33) no& K) pp& 3N79) 5-33
61