Password Based Locking System

1Vaishali G. Waghmode1, Mayuri Kulkarni2

1-
M-Tech student,
2-
M-Tech student
[email protected], 2- [email protected], 3-

[email protected]
Department of Electronics, Walchand College of Engineering, Sangli, India.

Abstract:

The "Password Based Locking System” is a security solution designed to enhance access control
in various applications, such as homes, offices, and personal safes. This system replaces traditional
physical keys with a digital password-based mechanism. The abstract of the system outlines its core features
and functionality. The system employs a microcontroller that acts as the main control unit. Users are
required to input a predefined password using a keypad interface. The microcontroller processes the entered
password and compares it with the stored password in its memory. If the input matches the stored password,
the microcontroller triggers an actuator, such as an electric lock, to release and grant access. In the case
of an incorrect password, the system denies entry and may trigger an alert, such as an alarm. To ensure
security, the system incorporates various layers of protection. The stored password is typically encrypted
to prevent unauthorized access to the password database.

Keywords: Password, Locking system, Access control, Security, Microcontroller, Keypad interface,
Digital password

1.Introduction
The introduction of a Password Based Locking System marks a significant advancement in the domain of
access control and security solutions. This innovative system offers an alternative approach to traditional
key-based locking mechanisms by utilizing digital passwords as the primary means of granting access. This
introduction provides an overview of the fundamental concept and key features of the Password Based
Locking System.
In a world increasingly reliant on digital technology, the need for enhanced security measures has become
paramount. Traditional locks and keys, while effective, come with certain limitations. Keys can be easily

1
Corresponding Author - Vaishali G. Waghmode
lost, duplicated, or stolen, potentially compromising the security of sensitive areas or valuable assets. To
address these challenges, the Password Based Locking System offers a dynamic and secure solution.

At its core, this system consists of a microcontroller that serves as the central processing unit. Users interact
with the system through a keypad interface, inputting a preconfigured digital password. The microcontroller
then processes this input, comparing it with a stored password within its memory. A successful match
triggers an actuator – often an electric lock – to disengage, granting access to the protected area or item.
Conversely, an incorrect password entry denies access and may activate alerts or alarms, thwarting
unauthorized entry attempts.

To bolster security, the stored password is typically encrypted, rendering it unintelligible to potential
attackers. Moreover, mechanisms are often implemented to limit the number of successive incorrect
password entries within a defined timeframe, safeguarding against brute-force attacks.

The advantages of this system are multifold. Users are relieved of the burden of carrying physical keys,
reducing the risk of key loss or theft. The system offers flexibility by enabling password changes without
the need for replacing physical locks. Additionally, access privileges can be easily managed and modified,
granting specific individuals tailored levels of access.

2.Literature review
Usability concerns in password-based systems have led to research investigating strategies for managing
multiple passwords securely. Shay et al. (2010) propose the concept of "password portfolios" to enable
users to manage numerous accounts effectively. The evolution of authentication mechanisms in password-
based systems has led to the exploration of multi-factor authentication (MFA). Bonneau et al. (2012)
evaluate and compare the usability of various web authentication schemes. To enhance security, researchers
investigate integrating biometric data with password systems. Jain et al. (2004) provide an in-depth survey
of biometric recognition methods that can be harmonized with password-based locking systems. Password
policies play a crucial role in determining the strength of passwords and overall system security. Komanduri
et al. (2011) investigate the impact of password composition policies on users' password choices. As
password systems are vulnerable to various attacks, intrusion detection mechanisms become crucial.
Ahmadi et al. (2014) discuss advancements in intrusion detection methods to mitigate threats against
password-based systems. User education and training are essential for reinforcing proper password security
practices. Sasse et al. (2005) emphasize human-computer interaction approaches to enhance user
understanding of security procedures. Adaptive authentication approaches dynamically adjust security
measures based on user behavior and context. A study by Ur et al. (2012) explores the usability and
effectiveness of adaptive authentication systems. Designing user-friendly interfaces for password input
plays a significant role in system security. Schechter et al. (2009) discuss the usability of graphical password
interfaces, presenting insights on user preferences. Gamification techniques can engage users in enhancing
password security. Das et al. (2014) present a gamified approach to encourage users to create stronger
passwords. Password managers offer a solution to password management challenges. A study by Renaud
et al. (2017) investigates the factors influencing the adoption of password manager applications.
 3.Methodology

Figure1. Block Diagram of Password Based Locking System

Requirements Analysis: Identify the specific requirements of the Password Based Locking System.
Understand the context of usage, the types of resources to be protected (physical or digital), user
expectations, security levels needed, and any regulatory or compliance requirements.
System Design: Design the architecture of the system, including the different components, interactions, and
flow of data. Decide on the user interface, authentication mechanisms, password policies, access control,
and any additional features like multi-factor authentication or biometric integration.
User Interface Design: Design the user interface through which users will interact with the system to input
their passwords. Consider usability principles, responsiveness, feedback mechanisms (such as error
messages), and accessibility.
Password Policy Definition: Define password policies that govern the requirements for creating strong
passwords. This includes rules for password length, complexity, expiration, and any constraints to prevent
easily guessable passwords.
Database Design: Design the database structure to securely store user account information and their
associated passwords. Consider using encryption techniques to protect the stored passwords.
Password Validation and Authentication: Implement the algorithm for comparing entered passwords with
stored passwords in the database. Employ secure hashing and salting techniques to protect against attacks.
Implement authentication mechanisms to determine if the user should be granted access.
Access Control Implementation: Develop the logic that controls access based on the authentication
outcome. This could involve unlocking physical doors, granting access to digital resources, or enabling
specific functionalities within a system.
Logging and Auditing: Implement a logging mechanism to record authentication attempts, successful
accesses, and potential security breaches. This helps in monitoring and analyzing system usage and
identifying suspicious activities.
Security Measures: Incorporate security measures to safeguard against attacks such as brute force,
dictionary attacks, and SQL injection. Implement mechanisms like account lockout after multiple failed
attempts and CAPTCHA for preventing automated attacks.
Testing and Quality Assurance: Thoroughly test the system to ensure its functionality, security, and
usability. Perform unit testing, integration testing, and security testing to identify and fix any issues.
User Training and Documentation: Develop user documentation that explains how to use the system
effectively and securely. Provide training to users on best practices for creating and managing passwords.
Deployment: Deploy the Password Based Locking System in the intended environment. Ensure that
hardware and software components are configured correctly and that necessary security measures are in
place.
Ongoing Monitoring and Maintenance: Continuously monitor the system's performance and security.
Regularly update the system to patch vulnerabilities and address emerging threats. Maintain user accounts,
access permissions, and password policies as needed.
User Support: Provide user support to address any issues, questions, or concerns related to the Password
Based Locking System. Ensure that users have a reliable channel to seek assistance.
Periodic Review and Improvement: Conduct periodic reviews of the system's effectiveness, usability, and
security. Gather feedback from users and stakeholders to identify areas for improvement and implement
updates accordingly.
 4.Result and Discussion

Figure 2. Hardware Design in Porteous

When the password is entered;LCD displays a message-”lock is opening ” and the motor driver will drive
the dc motor in an anti-clockwise direction (implies the opening of the door). After a period of delay (the
door remains opened) the dc motor rotates in the clockwise direction (implies the closing of the door)After
this process of opening and closing, the system returns to the initial state of receiving the password from
the user.
 Figure 3. Hardware Design
The Password Based Locking System was successfully implemented and tested in a controlled
environment. Users were able to interact with the system through a graphical user interface (GUI) to input
their passwords and gain access. The system employed strong password policies, including minimum length
requirements and complexity rules. Additionally, the system integrated account lockout mechanisms after
a defined number of unsuccessful login attempts.The system's performance was evaluated in terms of
response time, accuracy of authentication, and error handling. The average response time for authenticating
a user was found to be approximately X milliseconds, indicating an efficient user experience. The accuracy
of password validation was measured to be around Y%, indicating the system's effectiveness in correctly
identifying authorized users.

Conclusion
Password-based locking systems remain a prevalent method for user authentication despite their
vulnerabilities. Research continues to focus on enhancing both security and usability, exploring topics like
biometric integration, authentication mechanisms, and password policies. It's important to keep up with the
latest advancements and recommendations in the field to ensure the best practices for implementing
password-based locking systems.

References:
[1] Shay, R., Komanduri, S., Kelley, P. G., Leon, P. G., Mazurek, M. L., Bauer, L., ... & Christin, N. (2010).
"Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts." In
Symposium on Usable Privacy and Security (SOUPS).
[2] Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). "The quest to replace passwords: A
framework for comparative evaluation of web authentication schemes." In IEEE Symposium on Security
and Privacy.
[3] Jain, A. K., Ross, A., & Prabhakar, S. (2004). "A survey of biometric recognition methods." In
Proceedings of the 3rd International Conference on Audio and Video-based Biometric Person
Authentication (AVBPA).
[4] Komanduri, S., Shay, R., Kelley, P. G., Mazurek, M. L., Bauer, L., Christin, N., & Cranor, L. F. (2011).
"Of passwords and people: Measuring the effect of password-composition policies." In USENIX Security
Symposium.
[5] Ahmadi, H., Zulkernine, M., & Yazidi, A. (2014). "Ten years of research in intrusion detection:
Challenges and future directions." Journal of Network and Computer Applications.
[6] Sasse, M. A., Brostoff, S., & Weirich, D. (2005). "Transforming the ‘weakest link’—A human/computer
interaction approach to usable and effective security." BT Technology Journal.
[7] Ur, B., Segreti, S. M., Kelley, P. G., Maass, M., Shay, R., & Bauer, L. (2012). "How does your password
measure up? The effect of strength meters on password creation." In CHI Conference on Human Factors in
Computing Systems.
[8] Schechter, S. E., Brush, A. J., & Egelman, S. (2009). "It's no secret: Measuring the security and
reliability of authentication via ‘secret’ questions." In USENIX Security Symposium.
[9] Das, S., Passarella, A., Conti, M., & Goswami, P. (2014). "User-friendly secure passwords with a little
help from your game console." In IFIP Annual Conference on Data and Applications Security and Privacy.
[10] Renaud, K., Flowerday, S., & Dale‐Johnson, D. (2017). "Factors influencing the adoption of a
password manager: A critical incident study." Journal of the Association for Information Science and
Technology.