IMLEMENTATION OF IMPROVED BLACK AND

WHITE METHOD TO PREVENT SHOULDER

SURFING
A PROJECT REPORT
Submitted by
[Link] priya
[Link]!aa
[Link]"ithra
in the partial fulfillment for the award of the degree
of
BACHELOR OF ENGINEERING
in
COMPUTER SCIENCE AND ENGINEERING
VELAMMAL INSTITUTE OF TECHNOLOG#
ANNA UNIVERSIT#$CHENNAI %&&&'(
APRIL '&)*
1
ANNA UNIVERSIT# CHENNAI$%&&&'(
BONAFIDE CERTIFICATE
Certified that this project report IMPLEMENTATION OF IMPROVED
BLACK AND WHITE METHOS TO PREVENT SHOULDER SURFING+
is the bonafide or! of ,[Link] PRI#[Link] and
[Link]+ ho carried o"t the project or! "nder #$ s"per%ision&
SIGNATURE SIGNATURE
HEAD OF THE DEPARTMENT SUPERVISOR
2
ABSTRACT
'hen a "ser interacts ith a co#p"tin( s$ste# to enter a secret passord)
sho"*der s"rfin( attac!s are of (reat concern& To cope ith this prob*e#) pre%io"s
#ethods pres"#ed *i#ited co(niti%e capabi*ities of a h"#an ad%ersar$ as a
deterrent) b"t there as a pitfa** ith the ass"#ption& In this paper) e sho that
h"#an ad%ersaries) e%en itho"t a recordin( de%ice) can be #ore effecti%e at
ea%esdroppin( than e+pected) in partic"*ar b$ e#p*o$in( co(niti%e strate(ies and
b$ trainin( the#se*%es& O"r no%e* approach ca**ed co%ert attentiona* sho"*der
s"rfin( indeed can brea! the e** !non PIN entr$ #ethod pre%io"s*$ e%a*"ated to
be sec"re a(ainst sho"*der s"rfin(& Another contrib"tion in this paper is the for#a*
#ode*in( approach b$ adaptin( the predicti%e h"#an perfor#ance #ode*in( too*
for sec"rit$ ana*$sis and i#pro%e#ent& 'e a*so de%ise a defense techni,"e in the
#ode*in( paradi(# to deteriorate se%ere*$ the percept"a* perfor#ance of the
ad%ersaries hi*e preser%in( that of the "ser& To the best of o"r !no*ed(e) this is
the first or! to #ode* and defend the ne for# of attac! thro"(h h"#an
perfor#ance #ode*in(& Rea* attac! e+peri#ents and "ser st"dies are a*so
cond"cted&
TABLE OF CONTENTS
3
CHAPTER TITLE PAGE NO.
LIST OF FIGURES..............-.
LIST OF ABBREVATIONS............-/
) INTRODUCTION
).) Abo"t the Project 00000000000&&-1
' S#STEM ANAL#SIS
'.) E+istin( s$ste#000000000000&&-2
'.' Proposed s$ste#000000000000&-2
'./ S$ste# Desi(n 000000000000&&&3-
/ RE0UIREMENTS SPECIFICATION
/.) Introd"ction0000000000000033
/.' 4ardare and Softare specification 000&&&&33
/./ Techno*o(ies Used 00000000000&35
/.*Techno*o(ies Used 0000000000&&&&35
/.*.) 6a%a00000000000000&&&35
/.*.).) Introd"ction to ja%a0000000&&&&&&35
/.*.).' 'or!in( of ja%a 00000000&&&&&&37
* S#STEM DESIGN
/.( 8*oc! Dia(ra#0000000000000&75

( S#STEM DESIGN 1 DETAILED
(.) Mod"*es000000000000000093
(.' Mod"*e e+p*anation00000000000&&95
4
% CODING AND TESTING
%.) Codin(0000000000000000&& 99
%.' Codin( standards 000000000000&99
%./ Test proced"re0000000000000&&9.
%.* Test data and o"tp"t 00000000000 91
REFERENCES..................5
SNAP SHOTS

LIST OF FIGURES
* S$ste# Desi(n
5
(.' Patterns of the peer:peer ed(es
(.' Patterns of the ser%ice:pro%ider ed(es
(.' Disco%erin( #issin( *in!s in internet

LIST OF ABBREVATIONS
6
JDK 6a%a De%e*op#ent Too*!it.
JMF 6a%a Media ;ra#eor!.
TCP Trans#ission Contro* Protoco*.
IP Internet Protoco*.
HTTP 4$per Te+t Transfer Protoco*

CHAPTER )
INTRODUCTION
Ai23
The #ain ai# of this project is to pre%ent h"#an sho"*der s"rfin( attac! and to estab*ish
a sec"re transaction beteen the #obi*e App and Ser%er b$ i#p*e#entin( the i#pro%ed 8'
#ethod&
7
Sy!4p5i53
'hen a "ser enters a persona* identification n"#ber<PIN= as a n"#eric passord in
#obi*e or stationar$ s$ste#s) inc*"din( s#art phones) tab*et co#p"ters) a"to#ated te**er
#achines <ATM=) and point of sa*e <PoS= ter#ina*s) a direct obser%ation attac! based on sho"*der
s"rfin( beco#es (reat concern& The PIN entr$ can be obser%ed b$ nearb$ ad%ersaries) #ore
effecti%e*$ in a croded p*ace& Since the sa#e PIN is "s"a**$ chosen b$ a "ser for %ario"s
p"rposes and "sed repeated*$) a co#pro#ise of the PIN #a$ ca"se the "ser a (reat ris!& To cope
ith this prob*e#) hich is beteen the "ser and the s$ste#) cr$pto(raphic pre%ention
techni,"es are hard*$ app*icab*e beca"se h"#an "sers are *i#ited in their capacit$ to process
infor#ation& Instead) there ha%e been a*ternati%e approaches considerin( the as$##etr$ beteen
the "ser and the s$ste#& A#on( the#) the PIN entr$ as e*e(ant beca"se of its si#p*icit$ and
int"iti%eness> in each ro"nd) a re("*ar n"#eric !e$pad is co*ored at rando#) ha*f of the !e$s in
b*ac! and the other ha*f in hite) hich e i** ca** the 8' #ethod& A "ser ho !nos the
correct PIN di(it can anser its co*or b$ pressin( the separate co*or !e$ be*o& The basic 8'
#ethod is ai#ed to resist a h"#an sho"*der s"rfin( attac!) not s"pported b$ a recordin( de%ice)
hi*e its probabi*istic e+tension considers a recordin( attac! in part& The 8' #ethod is sti**
considered to be sec"re a(ainst h"#an ad%ersaries d"e to the *i#ited co(niti%e capabi*ities of
h"#ans&
CHAPTER '
S#STEM ANAL#SIS
'.) E6ISTING S#STEM
In sho"*der s"rfin( attac!s) ad%ersaries sho"*d #o%e their e$e fi+ations rapid*$ on the
"ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e infor#ation) e&(&) the
*a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$ infor#ation) e&(&) a
"ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired infor#ation& If the ti#e period
a**oed for those processes is too short or its #e#or$ re,"ire#ent e+ceeds the h"#an *i#it) then
sho"*der s"rfin( sho"*d fai*& To e+tend and effecti%e*$ "se the a**oed ti#e period) the e+istin(
8
idea is to e#p*o$ co%ert attention& If an ad%ersar$ s"ppresses saccadic e$e #o%e#ents d"rin(
%is"a* perception) she can earn #ore te#pora* chances for %is"a* infor#ation processin( ithin
the c"rrent %is"a* an(*e& This is tr"e e%en hi*e cond"ctin( co%ert attentiona* shifts to a sti#"*"s
inside the %is"a* an(*e and carr$in( o"t para**e* #otor operations itho"t saccadic e$e
#o%e#ents& To red"ce the #e#or$ re,"ire#ent) o"r idea is to e#p*o$ percept"a* (ro"pin(& If an
ad%ersar$ e+tracts si(nificant %is"a* re*ations fro# *oer:*e%e* feat"res) e&(&) co*or of s,"ares b$
i(norin( the indi%id"a* di(its) and (ro"ps the# into hi(her:*e%e* str"ct"res) e&(&) a *ar(er po*$(on
in the sa#e co*or) based on the Gesta*t princip*es) she can red"ce the n"#ber of %is"a* objects
stored in the short:ter# #e#or$& So in Co%ert attentiona* sho"*der s"rfin() three #ain operations
s"ch as co%ert attention) percept"a* (ro"pin() and para**e* #otor operation) are co#bined
to(ether for deri%in( a PIN di(it& In each ro"nd) attended objects are *ined for easier
"nderstandin( of co%ert attention& Co%ert attentiona* sho"*der s"rfin( can brea! the 8' #ethod
thro"(h the #ode*in(:based ana*$sis&
'.' PROPOSED S#STEM
'e propose i#pro%ed 8' #ethod b$ e+tendin( 8' #ethod) in hich o"r proposed
a*(orith# "ses rando#*$ (enerated fo"r di(its in hich each di(it b*oc!) is co#bined ith the
co#bination of to ) to pre%ent the attentiona* sho"*der s"rfin( attac! b$ e+tractin( the PIN di(it
after a** the "ser iterations (ot co#p*eted&
To resist co%ert attentiona* sho"*der s"rfin() it o"*d be effecti%e to interr"pt the
ad%ersar$ d"rin( percept"a* (ro"pin( itho"t chan(in( the "ser tas! si(nificant*$& One
possibi*it$ is to !eep the 8' #ethod) b"t rando#iAe the orderin( of the di(its in each ro"nd so
that percept"a* (ro"pin( cannot be done in the a$ e proposed& In this case) hoe%er) the "ser
tas! re,"ires the added saccadic e$e #o%e#ent hi*e searchin( for the *ocation of the tar(et di(it
in e%er$ ro"nd can *ead to *on(er PIN entr$ ti#e& Another possibi*it$ is to !eep the n"#eric
!e$pad in the re("*ar *a$o"t) b"t prod"ce #ore percept"a* (ro"ps so that the ad%ersar$ is
fr"strated& Toard si#i*arit$ in the tas! of percept"a* (ro"pin() e #a!e co*or (ro"ps *oo!
si#i*ar <neither the sa#e nor opposite= in their shape beca"se co*or #"st be distin("ishab*e b$
the "ser& Toard co#p*e+it$) e #a!e co*or (ro"ps *oo! o%er*appin( <not separate=) so that
ad%ersaries e+perience se%ere diffic"*ties not on*$ in ho*din( the (ro"ps in BSTM b"t a*so in
9
separatin( the#& The f"nda#enta* idea for co#binin( si#i*arit$ and co#p*e+it$) is to sp*it
%is"a**$ e%er$ n"#eric !e$ into to ha*%es) so as to be fi**ed ith to distinct co*ors
si#"*taneo"s*$ hereas each co*or fi**s ha*f of the a%ai*ab*e !e$s) i&e&) fi%e o"t of ten !e$s& So
there e+ist fo"r co*or (ro"ps on the n"#eric !e$pad and to co*ors for e%er$ n"#eric !e$& The
ad%ersar$ ho *a"nches co%ert attentiona* sho"*der s"rfin( #a$ need to percei%e fo"r co*or
(ro"ps and attend to one of the# for the ne+t ro"nd) hi*e the "ser on*$ needs to anser either of
the to co*ors that fi** hisCher PIN di(it !e$ in each ro"nd& A"thentication Ser%ices are a*so
pro%ided b$ this #ethod&
CHAPTER /
RE0UIREMENT SPECIFICATIONS
/.) INTRODUCTION
The re,"ire#ents specification is a technica* specification of re,"ire#ents for the
softare prod"cts& It is the first step in the re,"ire#ents ana*$sis process it *ists the re,"ire#ents
of a partic"*ar softare s$ste# inc*"din( f"nctiona*) perfor#ance and sec"rit$ re,"ire#ents& The
re,"ire#ents a*so pro%ide "sa(e scenarios fro# a "ser) an operationa* and an ad#inistrati%e
perspecti%e& The p"rpose of softare re,"ire#ents specification is to pro%ide a detai*ed o%er%ie
of the softare project) its para#eters and (oa*s& This describes the project tar(et a"dience and
its "ser interface) hardare and softare re,"ire#ents& It defines ho the c*ient) tea# and
a"dience see the project and its f"nctiona*it$&
10
/.' HARDWARE AND SOFTWARE SPECIFICATION
/.'.) HARDWARE RE0UIREMENTS
4ard Dis! > 1-G8 and Abo%e
RAM > 5G8 and Abo%e
Processor > Penti"# IB and Abo%e
Android 5&5 > Min 3&
/.'.' SOFTWARE RE0UIREMENTS
'indos operatin( s$ste# DP and abo%e
6DE 3&.
To#cat .&-
M$s,*
/.( TECHNOLOGIES USED
/.(.) JAVA
It is a P*atfor# Independent& 6a%a is an object:oriented pro(ra##in( *an("a(e de%e*oped
initia**$ b$ 6a#es Gos*in( and co**ea("es at S"n Micros$ste#s& The *an("a(e) initia**$ ca**ed
11
Oa! <na#ed after the oa! trees o"tside Gos*in(Fs office=) as intended to rep*ace CGG) a*tho"(h
the feat"re set better rese#b*es that of Objecti%e C&
/.(.).) INTRODUCTION TO JAVA
6a%a has been aro"nd since 3223) de%e*oped b$ a s#a** tea# of S"n Micros$ste#s
de%e*opers in a project ori(ina**$ ca**ed the Green project& The intent of the project as to
de%e*op a p*atfor#:independent softare techno*o($ that o"*d be "sed in the cons"#er
e*ectronics ind"str$& The *an("a(e that the tea# created as ori(ina**$ ca**ed Oa!&
The first i#p*e#entation of Oa! as in a PDA:t$pe de%ice ca**ed Star Se%en <H/= that
consisted of the Oa! *an("a(e) an operatin( s$ste# ca**ed GreenOS) a "ser interface) and
hardare& The na#e H/ as deri%ed fro# the te*ephone se,"ence that as "sed in the tea#Fs
office and that as dia*ed in order to anser an$ rin(in( te*ephone fro# an$ other phone in the
office&
Aro"nd the ti#e the ;irst Person project as f*o"nderin( in cons"#er e*ectronics) a
ne craAe as (ainin( #o#ent"# in A#erica@ the craAe as ca**ed I'eb s"rfin(&I The 'or*d
'ide 'eb) a na#e app*ied to the InternetFs #i**ions of *in!ed 4TMJ doc"#ents as s"dden*$
beco#in( pop"*ar for "se b$ the #asses& The reason for this as the introd"ction of a (raphica*
'eb broser ca**ed Mosaic) de%e*oped b$ ncSA& The broser si#p*ified 'eb brosin( b$
co#binin( te+t and (raphics into a sin(*e interface to e*i#inate the need for "sers to *earn #an$
conf"sin( UNID and DOS co##ands& Na%i(atin( aro"nd the 'eb as #"ch easier "sin(
Mosaic&
It has on*$ been since 3229 that Oa! techno*o($ has been app*ied to the 'eb& In 3229)
to S"n de%e*opers created the first %ersion of 4ot 6a%a) and then ca**ed 'eb R"nner) hich is a
(raphica* broser for the 'eb that e+ists toda$& The broser as coded entire*$ in the Oa!
*an("a(e) b$ this ti#e ca**ed 6a%a& Soon after) the 6a%a co#pi*er as reritten in the 6a%a
*an("a(e fro# its ori(ina* C code) th"s pro%in( that 6a%a co"*d be "sed effecti%e*$ as an
app*ication *an("a(e& S"n introd"ced 6a%a in Ma$ 322K at the S"n 'or*d 2K con%ention&
12
'eb s"rfin( has beco#e an enor#o"s*$ pop"*ar practice a#on( #i**ions of co#p"ter
"sers& Unti* 6a%a) hoe%er) the content of infor#ation on the Internet has been a b*and series of
4TMJ doc"#ents& 'eb "sers are h"n(r$ for app*ications that are interacti%e) that "sers can
e+ec"te no #atter hat hardare or softare p*atfor# the$ are "sin() and that tra%e* across
hetero(eneo"s netor!s and do not spread %ir"ses to their co#p"ters& 6a%a can create s"ch
app*ications&
/./.).) WORKING OF JAVA
;or those ho are ne to object:oriented pro(ra##in() the concept of a c*ass i** be
ne to $o"& Si#p*istica**$) a c*ass is the definition for a se(#ent of code that can contain both
data <ca**ed attrib"tes= and f"nctions <ca**ed #ethods=&
'hen the interpreter e+ec"tes a c*ass) it *oo!s for a partic"*ar #ethod b$ the na#e of
#ain) hich i** so"nd fa#i*iar to C pro(ra##ers& The #ain #ethod is passed as a para#eter an
arra$ of strin(s <si#i*ar to the ar(%LM of C=) and is dec*ared as a static #ethod&
To o"tp"t te+t fro# the pro(ra#) e e+ec"te the print*n #ethod of S$ste#&o"t) hich is
ja%a?s o"tp"t strea#& UNID "sers i** appreciate the thoer$ behind s"ch a strea#) as it is act"a**$
standard o"tp"t& ;or those ho are instead "sed to the 'inte* p*atfor#) it i** rite the strin(
passed to it to the "ser?s pro(ra#&
6a%a consists of to thin(s >
Pro(ra##in( *an("a(e
P*atfor#
/./.).' THE JAVA PROGRAMMING LANGUAGE
6a%a is a hi(h:*e%e* pro(ra##in( *an("a(e that is a** of the fo**oin(>
Si#p*e
13
Object:oriented
Distrib"ted
Interpreted
Rob"st
Sec"re
Architect"re:ne"tra*
Portab*e
4i(h:perfor#ance
M"*tithreaded
D$na#ic
The code and can brin( abo"t chan(es hene%er fe*t necessar$& So#e of the standard needed
to achie%e the abo%e:#entioned objecti%es are as fo**os>
6a%a is "n"s"a* in that each 6a%a pro(ra# is both co i#p*ied and interpreted& 'ith a co#pi*er)
$o" trans*ate a 6a%a pro(ra# into an inter#ediate *an("a(e ca**ed Ja"a 7yt 8495 N the
p*atfor# independent codes interpreted b$ the 6a%a interpreter& 'ith an interpreter) each 6a%a
b$te code instr"ction is parsed and r"n on the co#p"ter& Co#pi*ation happens j"st once@
interpretation occ"rs each ti#e the pro(ra# is e+ec"ted& This fi("re i**"strates ho it or!s >
14
Fi:./.)
Oo" can thin! of 6a%a b$te codes as the #achine code instr"ctions for the 6a%a Birt"a*
Machine <6BM=& E%er$ 6a%a interpreter) hether it?s a 6a%a de%e*op#ent too* or a 'eb
broser that can r"n 6a%a app*ets) is an i#p*e#entation of 6BM& That 6BM can a*so be
i#p*e#ented in hardare& 6a%a b$te codes he*p #a!e rite once) r"n an$hereP possib*e&
Oo" can co#pi*e $o"r 6a%a pro(ra# into b$te codes on an$ p*atfor# that has a 6a%a
co#pi*er& The b$te codes can then be r"n on an$ i#p*e#entation of the 6B#& ;or e+a#p*e)
that sa#e 6a%a pro(ra# can e r"n on 'indos NT) So*aris and Macintos

15
Java program
Complier
Interpreter Interpreter
Interpreter

PC$C42pati7; S<! U;tra S4;ari5 P4=r 2a8i!t45h
Wi!94=5 NT Sy5t2 >


/./.)./ THE JAVA PLATFORM
A p*atfor# is the hardare or softare en%iron#ent in hich a pro(ra# r"ns& The 6a%a
p*atfor# differs fro# #ost other p*atfor#s in that it?s a softare:on*$ p*atfor# that r"ns on top
of other) hardare:based p*atfor#s& Most other p*atfor#s are described as a co#bination of
hardare and operatin( s$ste#&
The 6a%a p*atfor# has to co#ponents :
The 6a%a Birt"a* Machine <6BM=
The 6a%a App*ication Pro(ra##in( Interface <6a%a API=
Oo"?%e a*read$ been introd"ced to the 6BM& It?s the base for the 6a%a p*atfor# and is
ported onto %ario"s hardare:based p*atfor#s&
The 6a%a API is a *ar(e co**ection of read$:#ade softare co#ponents that pro%ide #an$
"sef"* capabi*ities) s"ch as (raphica* "ser interface <GUI= id(ets& The 6a%a API is (ro"ped into
16
*ibraries ?pa8@a:5A of re*ated co#ponents& The fo**oin( fi("re depicts a 6a%a pro(ra#) s"ch as
an app*ication or app*et) that?s r"nnin( on the 6a%a p*atfor#& As the fi("re shos) the 6a%a API
and Birt"a* Machine ins"*ates the 6a%a pro(ra# fro# hardare dependencies&
;i(&7&7
As a p*atfor#:independent en%iron#ent) 6a%a can be a bit s*oer than nati%e code&
4oe%er) s#art co#p*iers) ee*:t"ned interpreters) and j"st:in:ti#e b$te co#p*i*ers can brin(
6a%a?s perfor#ance c*ose to that of nati%e code itho"t threatenin( protabi*it$&

/.(.).' WORKING OF JAVA
;or those ho are ne to object:oriented pro(ra##in() the concept of a c*ass i** be
ne to $o"& Si#p*istica**$) a c*ass is the definition for a se(#ent of code that can contain both
data and f"nctions&
'hen the interpreter e+ec"tes a c*ass) it *oo!s for a partic"*ar #ethod b$ the na#e of
#ain) hich i** so"nd fa#i*iar to C pro(ra##ers& The #ain #ethod is passed as a para#eter an
arra$ of strin(s <si#i*ar to the ar(%LM of C=) and is dec*ared as a static #ethod&
To o"tp"t te+t fro# the pro(ra#) e e+ec"te the print*n #ethod of S$ste#&o"t) hich
is ja%a?s o"tp"t strea#& UNID "sers i** appreciate the theor$ behind s"ch a strea#) as it is
act"a**$ standard o"tp"t& ;or those ho are instead "sed to the 'inte* p*atfor#) it i** rite the
strin( passed to it to the "ser?s pro(ra#&
17
/./.* APACHE TOMCAT SERVER
Apache To#cat <for#er*$ "nder the Apache 6a!arta Project@ To#cat is no a top *e%e*
project= is a eb container de%e*oped at the Apache Softare ;o"ndation& To#cat i#p*e#ents
the ser%*et and the 6a%aSer%er Pa(es <JSP= specifications fro# S"n Micros$ste#s) pro%idin( an
en%iron#ent for 6a%a code to r"n in cooperation ith a eb ser%er& It adds too*s for confi("ration
and #ana(e#ent b"t can a*so be confi("red b$ editin( confi("ration fi*es that are nor#a**$
XM:for#atted& 8eca"se To#cat inc*"des its on 4TTP ser%er interna**$) it is a*so considered a
standa*one eb ser%er&
E!"ir4!2!t
To#cat is a eb ser%er that s"pports ser%*ets and 6SPs& To#cat co#es ith the 6asper co#pi*er
that co#pi*es 6SPs into ser%*ets&
The To#cat ser%*et en(ine is often "sed in co#bination ith an Apache eb ser%er or other eb
ser%ers& To#cat can a*so f"nction as an independent eb ser%er& Ear*ier in its de%e*op#ent) the
perception e+isted that standa*one To#cat as on*$ s"itab*e for de%e*op#ent en%iron#ents and
other en%iron#ents ith #ini#a* re,"ire#ents for speed and transaction hand*in(& 4oe%er) that
perception no *on(er e+ists@ To#cat is increasin(*$ "sed as a standa*one eb ser%er in hi(h:
traffic) hi(h:a%ai*abi*it$ en%iron#ents&
Since its de%e*opers rote To#cat in 6a%a) it r"ns on an$ operatin( s$ste# that has a 6BM&
Pr49<8t Bat<r5
To#cat 7&+ <initia* re*ease=
18
i#p*e#ents the Ser%*et 5&5 and 6SP 3&3 specifications
ser%*et re*oadin(
basic 4TTP f"nctiona*it$ To#cat 9&+
i#p*e#ents the Ser%*et 5&7 and 6SP 3&5 specifications
ser%*et container redesi(ned as Cata*ina
6SP en(ine redesi(ned as 6asper
Co$ote connector
6a%a Mana(e#ent E+tensions <6MD=) 6SP and Str"ts:based ad#inistration
To#cat K&+
i#p*e#ents the Ser%*et 5&9 and 6SP 5&- specifications
red"ced (arba(e co**ection) i#pro%ed perfor#ance and sca*abi*it$
nati%e 'indos and Uni+ rappers for p*atfor# inte(ration
faster 6SP parin(
Hi5t4ry
To#cat started off as a ser%*et specification i#p*e#entation b$ 6a#es D"ncan Da%idson) a
softare architect at S"n& 4e *ater he*ped #a!e the project open so"rce and p*a$ed a !e$ ro*e in
its donation b$ S"n to the Apache Softare ;o"ndation&
19
Da%idson had initia**$ hoped that the project o"*d beco#e open:so"rced and) since #ost
open:so"rce projects had OFRei**$ boo!s associated ith the# feat"rin( an ani#a* on the co%er)
he anted to na#e the project after an ani#a*& 4e ca#e "p ith To#cat since he reasoned the
ani#a* represented so#ethin( that co"*d ta!e care of and fend for itse*f& 4is ish to see an
ani#a* co%er e%ent"a**$ ca#e tr"e hen OFRei**$ p"b*ished their To#cat boo! ith a to#cat on
the co%er
Ja"a Bat<r5 a!9 4pti4!5
Orac*e1i introd"ced the "se of 6a%a as a proced"ra* *an("a(e ith a 6a%a Birt"a*
Machine <6BM= in the database <ori(ina**$ ca**ed 6Ser%er=& 6BM inc*"des s"pport for 6a%a stored
proced"res) #ethods) tri((ers) Enterprise 6a%a8eansQ <E68s=) COR8A) and 4TTP& The
Acce*erator is "sed for project (eneration) trans*ation) and co#pi*ation) and can a*so be "sed to
dep*o$Cinsta** shared *ibraries& The inc*"sion of 6a%a ithin the Orac*e database a**os 6a%a
de%e*opers to *e%era(e their s!i**s as Orac*e app*ication de%e*opers& 6a%a app*ications can be
dep*o$ed in the c*ient) App*ication Ser%er) or database) dependin( on hat is #ost appropriate&
Orac*e data areho"sin( options for OJAP and data #inin( pro%ide a 6a%a API& These
app*ications are t$pica**$ c"sto# b"i*t "sin( Orac*e?s 6De%e*oper&
6;TVi=
A #"*ti#edia ho#e p*atfor#) or MP4) is an interacti%e di(ita* te*e%ision #idd*eare
s$ste# that a**os the reception and e+ec"tion of interacti%e 6a%a app*ications on a te*e%ision
set& Interacti%e te*e%ision) a*so !non as ITB) enab*es peop*e to not on*$ %ie te*e%ision b"t a*so
interact ith its content& The acti%ities that "sers can interact ith inc*"de infor#ation ser%ices)
(a#es) %otin() e:#ai*) SMS or shoppin(& M4P app*ications #a$ #a!e "se of an additiona*
ret"rn channe* that s"pports Internet Protoco*&
MP4 co#es in to presentations) DB8:4TMJ app*ications and the #ore pop"*ar DB8:6
app*ications) a*so !non as D*ets& An D*et interface a**os an e+terna* so"rce to initiate and ha*t
an app*ication& This abi*it$ is cr"cia* for a set:top bo+ en%iron#ent) hich in t"rn is an essentia*
co#ponent of interacti%e te*e%ision&
20
D*ets "s"a**$ re,"ire a brief #an"a* on ho to insta** the softare and ho it or!s& It
describes detai*s abo"t the *atest %ersion of the softare) the -&7&.&) a*tho"(h there ha%e been
p*ans to chan(e the feat"res and ho the$ or!&Rbr CSRbr CSThe #an"a* t$pica**$ ta*!s abo"t the
director$ str"ct"re one sho"*d (et hen don*oadin( and "nAippin( the fi*e) abo"t ho to start
the softare) ho to r"n it) abo"t the re#ote contro*) the shortc"t !e$s and the settin(s fi*e& The
infor#ation is #eant to he*p an$ ne "ser to start "sin( the e#"*ator) b"t #ore infor#ation can
a*so be fo"nd on*ine) especia**$ re*ated to co#ponents and tro"b*eshootin( an$ prob*e#s&
C4!Bi:<ri!: 6;TVi=
C4!Bi:<ri!: th 8ha!!;5 that ar a"ai;a7;
An$ TB i** ha%e a *ist of channe*s a%ai*ab*e) and D*eTBie a*so offers this
f"nctiona*it$& Un*i!e a rea* TB) $o" need to te** it hat channe*s are a%ai*ab*e and $o" can do this
b$ editin( the confi(Cchanne*s&+#*fi*e& The defa"*t %ersion of this fi*e *oo!s *i!e this>
<?xml version="1.0" encoding="ISO-8859-1"?>
<CH!!"#S>
<CH!!"#>
<!$">0<%!$">
<$"&I>con'ig%de'()l*+g.,-g<%$"&I>
<%CH!!"#>
<%CH!!"#S>
As $o" can see) each channe* definition consists of to parts& The R NAMES e*e#ent
contains the channe* na#e or n"#ber that i** be assi(ned to this channe*& The
R MEDIAS e*e#ent te**s&
D*eTBie hat it sho"*d disp*a$ in the bac!(ro"nd hen that channe* is se*ected& This
can either be a 6PEG i#a(e <hich sho"*d be /5- pi+e*s ide b$ K/. pi+e*s hi(h= or it can be an
ABI fi*e if $o" prefer a #o%in( bac!(ro"nd& P*ease note that on*$ so#e t$pes of ABI fi*e are
s"pported : see the section on "sin( %ideo ith D*eTBie for #ore detai*s&
21
'hen $o" first start D*eTBie) it i** disp*a$ the channe* *isted first in the channe*s&+#*
fi*e& In %ersion -&7&. of D*eTBie it is not possib*e to chan(e the channe* "sin( the !e$s on the
re#ote&
I!tr49<8ti4! B4r 6AMPP3
DBi!iti4!5 4B 6AMPP 4! th W73
H DAMPP <or= is a free and open so"rce cross:p*atfor# eb ser%er pac!a(e)
Consistin( #ain*$ of the Apache 4TTP Ser%er) M$STJ database)
and interpreters for scripts had ritten in the P4P and Per* pro(ra##in( *an("a(es&
I!tr49<8ti4!
At the be(innin( it is i#portant to anser h$ to choose DAMPP a#on( so #an$
ser%er pac!a(es a%ai*ab*eU 'e**) there are to stron( ad%anta(es of it& ;irst : itFs confi("ration is
so eas$) that e%en a chi*d can do it& It partic"*ar*$ is #ini#iAed to "nAip archi%e and r"n set"p
batch& Second : DAMPP is e+tre#e*$ portab*eV Mo%in( it fro# one director$ or dri%e to another
re,"ires on*$ one r"n of set"pW+a#pp&bat& Oo" can e%en insta** it on US8 stic! and ha%e $o"r
pri%ate eb ser%er a*on( ith $o"r apps (o an$here ith $o" and to be a%ai*ab*e on an$
co#p"ter@ $o" p*"( $o"r US8 stic! toV
As I read other 'i!i artic*es on ho #an$ prob*e#s peop*e ha%e ith insta**in( and confi("rin(
other ser%ers or ser%er pac! I thin! it can be si#p*ier than ith DAMPP&
Differences beteens set"p %ersion <EDE= and set"p:*ess %ersion <XIP= are at *east ,"estionab*e
<ha*f the siAe for the first one= and I sti** canFt fi("re o"t ho do the achie%e itU >= 8"t for this
t"toria* and for ad%anta(es of portabi*it$ e i** "se XIP %ersion&
I!5ta;;i!: 6AMPP
'e**&&& there is act"a**$ no insta**ation& 6"st "nAip archi%e (rabbed fro# Apache
;riends ebsite to a director$ of $o"r choice) e+ec"te 5t<pCDa2pp.7at inside "nAipped fo*der
once and anser to a fe si#p*e ,"estions <inc*"din( one) if $o" ant to #a!e DAMPP portab*e
: i&e& p"t on a US8 stic!=&
22
After that) e+ec"te Da2ppC84!tr4;.D to r"n an$ eb ser%er co#ponent <*i!e Apache) M$STJ=
$o" need or to insta** it as s$ste# ser%ice& If $o" pass this step) $o" can open $o"r broser and
point it to localhost to see DAMPP e*co#e pa(e) hich consist of so#e #od"*es for chec!in( C
(rantin( sec"rit$ to $o"r ebapps r"n "nder this ser%er& If e%er$thin( is do"b*e chec!ed and a**
iss"es a** so*%ed) $o" #a$ de*ete contents of httpd s"bfo*der in $o" DAMPP director$&
I!5ta;;i!: #ii

I ass"#e that $o"F%e a*read$ (rabbed Aip fi*e containin( neest edition of Oii& If $o"
are a*read$ fa#i*iar ith Oii) $o" #a$ obe$ demos fo*der) b"t it #i(ht be ise to r"n at *east
once a requirements to see) if $o"r fresh DAMPP insta**ation satisf$ a** $o"rs and OiiFs needsU
;or this p"rpose) cop$ contents of archi%e to httpd s"bfo*der in $o" DAMPP director$ and (o to
localhost in $o"r eb broser&
If e%er$thin( is fine) $o" #a$ #o%e Oii o"tside eb accessib*e director$) as it is
ad%ised in doc"#entation) and "pdate bootstrap inde+&php fi*e in $o"r ebapps to point to
correct fi*e& In #$ sit"ation I p"t contents of an archi%e in the sa#e director$ as httpd s"bfo*der
<i&e& #ain DAMPP fo*der= and rena#e framework director$ to yii& Therefore #$ bootstrap fi*e
*oo!s *i!e this>
COMPANIES3$
Usin( an e$eOS so*"tion for $o"r co#pan$ can pro%ide $o" *ots of benefits& ;ro#
portin( $o"r e+istent apps to $o"r ne s$ste# to pro%ide $o" a ,"a*it$ s"pport) $o" i** be ab*e
to choose beteen the best ser%ices to pro%ide $o"r co#pan$ the perfect so*"tion&
PUBLIC3$
;or p"b*ic en%iron#ents) e$eOS can pro%ide a s$ste# here) once a "ser has si(ned "p)
heCshe can access the netor! fro# an$ of the p"b*ic points) ha%in( hisCher persona* des!top and
fi*es& A sin(*e e$eOS Ser%er can hand*e h"ndreds of tho"sands of "sersV Oo" can %isit p"b*ic
en%iron#ent
O=! C;4<9 Oprati!: Sy5t2 With EyOS
23
A c*o"d OS si#p*$ refers to an operatin( s$ste# <or an interface fi**ed ith a co#p*ete
s"ite of des!top app*ications= that resides on the 'eb and $o" can access to it an$ti#e) an$here
as *on( as $o" ha%e an Internet connection&
'hi*e there are p*ent$ of c*o"d OS o"t there that $o" can si(n "p and "se for free) there #i(ht be
instances here $o" ant to ha%e $o"r on dedicated c*o"d OS& ;irst of a**) si(nin( "p a free
acco"nt ith third:part$ c*o"d OS often #eans that $o" ha%e *i#ited fi*e stora(e space and a**
$o"r data are stored in other peop*e?s ser%er& Ne+t) the connection speed is dependent on the
n"#ber of acti%e "sers at an$ ti#e& The #ore pop"*ar the site is) the s*oer it i** (et hen $o"
are "sin( it&
If hat $o" ant is $o"r on dedicated 'eb OS that $o" can "se to #ana(e $o"r on*ine st"ff)
and a*so to pro%ide an en%iron#ent to co**aborate ith $o"r co**ea("esCpartners) then e$eOS is
the softare for $o"&
E$eOS is free and open so"rce c*o"d OS softare that $o" can insta** on $o"r on 'eb ser%er&
One thin( that I *i!e abo"t e$eOS is its s#a** fi*e siAe and ease of insta**ation& The ho*e
pac!a(e is on*$ 5&KM8 in siAe) and the insta**ation re,"ired a*#ost Aero confi("ration <e**)
there are sti** se%era* steps in%o*%ed= and an$one ho !no ho to "se a ;TP pro(ra# can (et it
"p and r"nnin( in no ti#e&
). I!tr49<8ti4!
).) P<rp45
In co#p"ter sec"rit$) sho"*der s"rfin( refers to "sin( direct ober%ation techni,"es) s"ch as
*oo!in( o%er so#eoneFs sho"*der) to (et infor#ation& It is co##on*$ "sed to obtain
passords) PIN sec"rit$ codes) and si#i*ar data& Sho"*der s"rfin( can a*so be done at a distance
"sin( binoc"*ars or other %ision:enhancin( de%ices& Ine+pensi%e) #iniat"re c*osed:circ"it
te*e%ision ca#eras can be concea*ed in cei*in(s) a**s or fi+t"res to obser%e data entr$& To
pre%ent sho"*der s"rfin() it is ad%ised to shie*d paperor! or the !e$pad fro# %ie b$ "sin(
oneFs bod$ or c"ppin( oneFs hand& To cope ith this prob*e#) hich is beteen the "ser and the
s$ste#) cr$pto(raphic pre%ention techni,"es are hard*$ app*icab*e beca"se h"#an "sers are
*i#ited in their capacit$ to process infor#ation& Instead) there ha%e been a*ternati%e approaches
24
considerin( the as$##etr$ beteen the "ser and the s$ste#& O"r no%e* approach ca**ed co%ert
attentiona* sho"*der s"rfin( indeed can brea! the e** !non PIN entr$ #ethod pre%io"s*$
e%a*"ated to be sec"re a(ainst sho"*der s"rfin(& Another contrib"tion in this paper is the for#a*
#ode*in( approach b$ adaptin( the predicti%e h"#an perfor#ance #ode*in( too* for sec"rit$
ana*$sis and i#pro%e#ent& 'e a*so de%ise a defense techni,"e in the #ode*in(
Pr4E8t S84p
'hen a "ser enters a persona* identification n"#ber<PIN= as a n"#eric passord in
#obi*e or stationar$ s$ste#s) inc*"din( s#art phones) tab*et co#p"ters) a"to#ated te**er
#achines <ATM=) and point of sa*e <PoS= ter#ina*s) a direct obser%ation attac! based on sho"*der
s"rfin( beco#es (reat concern& The PIN entr$ can be obser%ed b$ nearb$ ad%ersaries) #ore
effecti%e*$ in a croded p*ace& Since the sa#e PIN is "s"a**$ chosen b$ a "ser for %ario"s
p"rposes and "sed repeated*$) a co#pro#ise of the PIN #a$ ca"se the "ser a (reat ris!& To cope
ith this prob*e#) hich is beteen the "ser and the s$ste#) cr$pto(raphic pre%ention
techni,"es are hard*$ app*icab*e beca"se h"#an "sers are *i#ited in their capacit$ to process
infor#ation& Instead) there ha%e been a*ternati%e approaches considerin( the as$##etr$ beteen
the "ser and the s$ste#& A#on( the#) the PIN entr$ as e*e(ant beca"se of its si#p*icit$ and
int"iti%eness> in each ro"nd) a re("*ar n"#eric !e$pad is co*ored at rando#) ha*f of the !e$s in
b*ac! and the other ha*f in hite) hich e i** ca** the 8' #ethod& A "ser ho !nos the
correct PIN di(it can anser its co*or b$ pressin( the separate co*or !e$ be*o& The basic 8'
#ethod is ai#ed to resist a h"#an sho"*der s"rfin( attac!) not s"pported b$ a recordin( de%ice)
hi*e its probabi*istic e+tension considers a recordin( attac! in part& The 8' #ethod is sti**
considered to be sec"re a(ainst h"#an ad%ersaries d"e to the *i#ited co(niti%e capabi*ities of
h"#ans& So o"r ai# of this project is to pre%ent h"#an sho"*der s"rfin( attac! and to estab*ish a
sec"re transaction beteen the #obi*e App and Ser%er b$ i#p*e#entin( the i#pro%ed 8'
#ethod&
'. O"ra;; D58ripti4!
25
'.) Pr49<8t Pr5p8ti"
In sho"*der s"rfin( attac!s) ad%ersaries sho"*d #o%e their e$e
fi+ations rapid*$ on the "ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e
infor#ation) e&(&) the *a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$
infor#ation) e&(&) a "ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired
infor#ation& If the ti#e period a**oed for those processes is too short or its #e#or$
re,"ire#ent e+ceeds the h"#an *i#it) then sho"*der s"rfin( sho"*d fai*& To e+tend and effecti%e*$
"se the a**oed ti#e period) the e+istin( idea is to e#p*o$ co%ert attention& If an ad%ersar$
s"ppresses saccadic e$e #o%e#ents d"rin( %is"a* perception) she can earn #ore te#pora*
chances for %is"a* infor#ation processin( ithin the c"rrent %is"a* an(*e& This is tr"e e%en hi*e
cond"ctin( co%ert attentiona* shifts to a sti#"*"s inside the %is"a* an(*e and carr$in( o"t para**e*
#otor operations itho"t saccadic e$e #o%e#ents& To red"ce the #e#or$ re,"ire#ent) o"r idea
is to e#p*o$ percept"a* (ro"pin(& If an ad%ersar$ e+tracts si(nificant %is"a* re*ations fro# *oer:
*e%e* feat"res) e&(&) co*or of s,"ares b$ i(norin( the indi%id"a* di(its) and (ro"ps the# into
hi(her:*e%e* str"ct"res) e&(&) a *ar(er po*$(on in the sa#e co*or) based on the Gesta*t princip*es)
she can red"ce the n"#ber of %is"a* objects stored in the short:ter# #e#or$& So in Co%ert
attentiona* sho"*der s"rfin() three #ain operations s"ch as co%ert attention) percept"a* (ro"pin()
and para**e* #otor operation) are co#bined to(ether for deri%in( a PIN di(it& In each ro"nd)
attended objects are *ined for easier "nderstandin( of co%ert attention& Co%ert attentiona*
sho"*der s"rfin( can brea! the 8' #ethod thro"(h the #ode*in(:based ana*$sis&
'.' Pr49<8t Fat<r5
26
The internationa* standard for PIN #ana(e#ent) ISO 2K.9) #andates) the PIN entr$ de%ice sha**
be desi(ned or insta**ed so that the c"sto#er can pre%ent others fro# obser%in( the PIN %a*"e as
it is bein( entered& There ha%e been a n"#ber of st"dies of de%e*opin( pre%ention #ethods in
softare for te+t"a* passords) (raphica* passords and PINs & The$ co##on*$ re*$ on indirect
!e$ entr$ to resist sho"*der s"rfin( and re*ated attac!s& 'e ha%e *earned that) hoe%er) it is
cha**en(in( to desi(n a sec"re and at the sa#e ti#e "sab*e #ethod& It is *i!e*$ that sec"rit$
enforce#ent res"*ts in hi(h*$ co#p*e+ and error:prone proced"res) hi*e its re*a+ation for
"sabi*it$ can *ead to sec"rit$ breaches& 4oe%er 8' #ethod as sti** considered as a sec"re
#ethod a(ainst sho"*der s"rfin( b"t ad%ersaries sho"*d #o%e their e$e fi+ations rapid*$ on the
"ser interface) partic"*ar*$ d"rin( preprocessin() to obtain the cha**en(e infor#ation) e&(&) the
*a$o"t of the !e$pad) in an on:ti#e processin( phase to catch the !e$ entr$ infor#ation) e&(&) a
"ser?s !e$ press@ and d"rin( post processin( to fi*ter the ac,"ired infor#ation& If the ti#e period
a**oed for those processes is too short or its #e#or$ re,"ire#ent e+ceeds the h"#an *i#it) then
sho"*der s"rfin( sho"*d fai*& The co(niti%e co#p*e+it$ ana*$sis and its e+peri#ents (i%en in L3M
sho on*$ that the nai%e sho"*der s"rfers co"*d not fo**o and re#e#ber a** the di(its for the
ne+t ro"nd a(ainst the 8' #ethod& 4oe%er) if it is possib*e to e+tend and effecti%e*$ "se the
a**oed ti#e period and to red"ce the #e#or$ re,"ire#ent) ad%ersaries can beco#e #ore
effecti%e than e+pected&
'./ U5r C;a555 a!9 Chara8tri5ti85
Jo(ic&Nei(hbSensor&ja%a fi*e is "sed for to #a!e a Sensor in #"*ti (ro"p&
Jo(ic& sensorM"*Sender&ja%a fi*e is "sed &co##"nicate beteen Sensor nodes&
Jo(ic&sin!ser%er&ja%a is "sed to connect that sensor node and sin! node&
Protection& Sensor&f+ fi*e is sho the sensor node desi(n "sin( ja%af+&
Protection& Sin!&f+ fi*e is sho the sin! node desi(n "sin( ja%af+&
27
'.* D5i:! a!9 I2p;2!tati4! C4!5trai!t5
'.(.) C4!5trai!t5 i! A!a;y5i5
Constraints as Infor#a* Te+t
Constraints as Operationa* Restrictions
Constraints Inte(rated in E+istin( Mode* Concepts
Constraints as a Separate Concept
Constraints I#p*ied b$ the Mode* Str"ct"re

'.(.' C4!5trai!t5 i! D5i:!
Deter#ination of the In%o*%ed C*asses
Deter#ination of the In%o*%ed Objects
Deter#ination of the In%o*%ed Actions
Deter#ination of the Re,"ire C*a"ses
G*oba* actions and Constraint Rea*iAation
'.(./ C4!5trai!t5 i! I2p;2!tati4!
A hierarchica* str"ct"rin( of re*ations #a$ res"*t in #ore c*asses and a #ore
co#p*icated str"ct"re to i#p*e#ent& Therefore it is ad%isab*e to transfor# the hierarchica*
re*ation str"ct"re to a si#p*er str"ct"re s"ch as a c*assica* f*at one& It is rather strai(htforard to
transfor# the de%e*oped hierarchica* #ode* into a bipartite) f*at #ode*) consistin( of c*asses on
the one hand and f*at re*ations on the other& ;*at re*ations are preferred at the desi(n *e%e* for
reasons of si#p*icit$ and i#p*e#entation ease& There is no identit$ or f"nctiona*it$ associated
ith a f*at re*ation& A f*at re*ation corresponds ith the re*ation concept of entit$:re*ationship
#ode*in( and #an$ object oriented #ethods&
/. Sy5t2 Fat<r5
28
A so"rce *ocation pri%ac$:preser%in( sche#e that creates a c*o"d of fa!e pac!ets aro"nd
the so"rce node) %aries traffic ro"tes) and chan(es the pac!ets? appearance at each hop& It can
pro%ide a stron( protection a(ainst 4otspot:Jocatin( attac! ith #"ch *ess ener($ cost
co#parin( to (*oba*:ad%ersar$ based sche#es&
*. EDtr!a; I!trBa8 RF<ir2!t5
*.)U5r I!trBa85
3& A** the contents in the project are i#p*e#ented "sin( Graphica* User Interface
<GUI= in 6a%a thro"(h 6a%a;D concepts&
5& E%er$ concept"a* part of the projects is ref*ected "sin( the 6a%a;D&
7& S$ste# (ets the inp"t and de*i%ers thro"(h the GUI based&
*.' Har9=ar I!trBa85
Ethr!t
Ethernet on the ASC9-- s"pports TCPCIP) Ad%anced Peer:to:Peer Netor!in( <APPN=
and ad%anced pro(ra#:to:pro(ra# co##"nications <APPC=&
ISDN
Oo" can connect $o"r ASC9-- to an Inte(rated Ser%ices Di(ita* Netor! <ISDN= for
faster) #ore acc"rate data trans#ission& An ISDN is a p"b*ic or pri%ate di(ita* co##"nications
netor! that can s"pport data) fa+) i#a(e) and other ser%ices o%er the sa#e ph$sica* interface&
A*so) $o" can "se other protoco*s on ISDN) s"ch as IDJC and D&5K&
*./S4Bt=ar I!trBa85
This softare is interacted ith the 4ttp protoco*& This protoco* is r"nnin( in to#cat port
n"#ber <defa"*t 1-=&
C422<!i8ati4! I!trBa85
29
3& TCPCIP protoco*&
5& JAN settin(s&
(. Othr N4!B<!8ti4!a; RF<ir2!t5
(.)PrB4r2a!8 RF<ir2!t5
The perfor#ance of the ire*ess #esh netor!) to e+ec"te this project on JAN or ifi
co##"nication channe*& So e need to one or #ore than one #achine to e+ec"te the de#o&
Machine needs the eno"(h hard dis! space to insta** the softare and r"n o"r project&
(.'SaBty RF<ir2!t5
3& The softare #a$ be safet$:critica*& If so) there are iss"es associated ith its inte(rit$
*e%e*
5& The softare #a$ not be safet$:critica* a*tho"(h it for#s part of a safet$:critica*
s$ste#& ;or e+a#p*e) softare #a$ si#p*$ *o( transactions&
7& If a s$ste# #"st be of a hi(h inte(rit$ *e%e* and if the softare is shon to be of that
inte(rit$ *e%e*) then the hardare #"st be at *east of the sa#e inte(rit$ *e%e*&
9& There is *itt*e point in prod"cin( FperfectF code in so#e *an("a(e if hardare and
s$ste# softare <in idest sense= are not re*iab*e&
K& If a co#p"ter s$ste# is to r"n softare of a hi(h inte(rit$ *e%e* then that s$ste# sho"*d
not at the sa#e ti#e acco##odate softare of a *oer inte(rit$ *e%e*&
.& S$ste#s ith different re,"ire#ents for safet$ *e%e*s #"st be separated&
/& Otherise) the hi(hest *e%e* of inte(rit$ re,"ired #"st be app*ied to a** s$ste#s in the
sa#e en%iron#ent&
(./S8<rity RF<ir2!t5
Do not b*oc! the so#e a%ai*ab*e ports thro"(h the indos firea**
30
K&9 S4Bt=ar 0<a;ity Attri7<t5
F<!8ti4!a;ity> are the re,"ired f"nctions a%ai*ab*e) inc*"din( Interoperabi*it$ and
sec"rit$
R;ia7i;ity> #at"rit$) fa"*t to*erance and reco%erabi*it$
U5a7i;ity> ho eas$ it is to "nderstand) *earn) and operate the softare S$ste#
EBBi8i!8y> perfor#ance and reso"rce beha%ior&
Mai!tai!a7i;ity> Maintainin( the softare&
P4rta7i;ity> can the softare easi*$ be transferred to another en%iron#ent)
Inc*"din( insta** abi*it$
CHAPTER *
Ar8hit8t<r Dia:ra2
31


Fi:3 *.)
*.) SF<!8 Dia:ra23
32
33
*.' U5 Ca5 Dia:ra23
*./ A8ti"ity Dia:ra23
34
C4;;a74rati4! Dia:ra23
35
DataB;4= Dia:ra2
36
Level 0
Level 1
L"; '
37
M!"I#
$S#%
&''e((
mone)
t*ro+g*
mo,ile &-M
Mo,ile
$(er
&''e((ing
mo,ile &-M
Server
%egi(tration
Pro'e((
L"; /3
L"; *3
38
Server

Mo,ile
.ata,a
(e
Mo,ile
$(er
&''e((ing
mo,ile &-M
%egi(tration
Pro'e((
Mo,ile $(er
&''e((ing
mo,ile &-M
%egi(tration
Pro'e((
Server

Mo,ile
.ata,a
(e
39
Mo,ile
$(er
&''e((ing
Mo,ile &-M
%egi(tration
Pro'e((
Server
Mo,ile
.ata,a(
e
Provi/e(
a''e((
$ni0+e
PI1
Mat'*e/ 2a(*
val+e
#nter
amo+nt
Mone)
3it*/ra4al
C;a55 Dia:ra2
40
CHAPTER (
S#STEM DESIGN
(.) MODULES
User Re(istration Y 8' #ethod
I#pro%ed 8' #ethod
A"thentication Y Ser%ices
U5r R:i5trati4! G BW 2th493
User Re(istration is done and after that the "ser is ab*e to access the ATM app*ication in
their #obi*e phones& Once the User Re(istration is Co#p*ete) User i** be pro%ided ith a
Uni,"e PIN Sent to Their Respecti%e Mai* ID& Once it (ot %a*idated a User i** be ab*e to access
o"r App*ication b$ enterin( the Userna#e and Passord Chosen at the ti#e of Re(istration&
Then o"r app*ication i** pro%ide "sers its ser%ices& Then if the "ser i** (o ith ATM ser%ices)
"ser is as!ed to pro%ide the PIN di(it& At this ti#e) the 8' #ethod co#es in to p*a$& The 8'
#ethod partitions a set of ten di(its into to rando# ha*%es) of hich one is se*ected accordin(
to the "ser?s !e$ entr$ in each ro"nd& If the se*ected ha*%es ere #e#oriAed or ritten on a paper
for #) consec"ti%e ro"nds and reca**ed to deri%e their Gro"pin( Patterns) the sho"*der s"rfer
co"*d identif$ a sin(*e di(it of the PIN&
I2pr4"9 BW 2th493
In this Method e i#p*e#ent a ne Strate($ that i** co#p*ete*$ ne(*ect Sho"*der
S"rfin( e%en a 'e** Trained Percept"a* Gro"per co"*d not Crac! the PIN Di(it Entered b$ the
User in a Con%entiona* 'a$& Jet P denote a set of fo"r co*ors andCor patterns c"sto#iAab*e& Jet P
41
Z [b*ac!) b*"e) hite) $e**o\ or P Z [b*ac!) hite) dotted) dia(ona* stripes\) for a co*or b*ind
person& Ro"(h*$ spea!in() the i#pro%ed #ethod r"ns as fo**os> The s$ste# disp*a$s a set of ten
di(its) A Z [-) UUU) 2\) on the re("*ar n"#eric !e$pad ith to sp*it co*ors) chosen fro# P) in
each n"#eric !e$@ and the fo"r co*or !e$s be*o& A co*or is chosen at rando# fro# P and fi**s
fi%e rando# sp*its of distinct !e$s@ each sp*it co"*d be either "pper or *oer one& The re#ainin(
co*ors fi** fi%e sp*its) respecti%e*$) in the sa#e a$& The "ser attends to the PIN di(it and enters
either of its co*or thro"(h the co*or !e$& The "ser and the s$ste# repeat this proced"re for #
ro"nds that the PIN di(it is identified b$ intersection) and "nti* a** the PIN di(its are identified&
A<th!ti8ati4! G Sr"i853
Once the User Entered Pattern is #anip"*ated and a PIN is Identified) It i** be chec!ed
ith the Joca* Database pro%ided b$ Android OS "sin( STJ Jite& This Process is to pre%ent
"nanted Ser%er end process hand*in( p*a$f"* re,"ests& A One 'a$ 4ash is (enerated for the
Ba*idated PIN and is sent to Ser%er in p"b*ic channe* so that an acti%e attac!er can not e+tract the
PIN b$ #onitorin( the channe*& Once (ot A"thenticated b$ Ser%er a T"ic! Response to the
Mobi*e App i** redirect the "ser to the Ser%ices& In ATM Ser%ices Cash 'ithdraa*) Deposit
and ;"nd Transfer can be done sec"re*$ "sin( the concept of Birt"a* Mone$ hich is a*read$
e#p*o$ed b$ #an$ other App*ications S"ccessf"**$ in the 'eb& This red"ces the o%erhead
co#p*e+ities in the ser%er and i** Pro%ide the User an ease of access to the 8an!in( Ser%ices&
CHAPTER %
42
CODING AND TESTING
%.) CODING
Once the desi(n aspect of the s$ste# is fina*iAes the s$ste# enters into the codin( and
testin( phase& The codin( phase brin(s the act"a* s$ste# into action b$ con%ertin( the desi(n of
the s$ste# into the code in a (i%en pro(ra##in( *an("a(e& Therefore) a (ood codin( st$*e has to
be ta!en hene%er chan(es are re,"ired it easi*$ screed into the s$ste#&
%.' CODING STANDARDS
Codin( standards are ("ide*ines to pro(ra##in( that foc"ses on the ph$sica* str"ct"re and
appearance of the pro(ra#& The$ #a!e the code easier to read) "nderstand and #aintain& This
phase of the s$ste# act"a**$ i#p*e#ents the b*"eprint de%e*oped d"rin( the desi(n phase& The
codin( specification sho"*d be in s"ch a a$ that an$ pro(ra##er #"st be ab*e to "nderstand the
code and can brin( abo"t chan(es hene%er fe*t necessar$& So#e of the standard needed to
achie%e the abo%e:#entioned objecti%es are as fo**os>
Pro(ra# sho"*d be si#p*e) c*ear and eas$ to "nderstand&
Na#in( con%entions
Ba*"e con%entions
Script and co##ent proced"re
Messa(e bo+ for#at
E+ception and error hand*in(
43
%.'.) NAMING CONVENTIONS
Na#in( con%entions of c*asses) data #e#ber) #e#ber f"nctions) proced"res etc&) sho"*d be
5;B$958ripti"& One sho"*d e%en (et the #eanin( and scope of the %ariab*e b$ its na#e& The
con%entions are adopted for a5y <!9r5ta!9i!: of the intended #essa(e b$ the "ser& So it is
c"sto#ar$ to fo**o the con%entions& These con%entions are as fo**os>
C;a55 !a25
C*ass na#es are prob*e# do#ain e,"i%a*ence and be(in ith capita* *etter and ha%e #i+ed cases&
M27r F<!8ti4! a!9 Data M27r !a2
Me#ber f"nction and data #e#ber na#e be(ins ith a *oercase *etter
ith each s"bse,"ent *etters of the ne ords in "ppercase and the rest of *etters in *oercase&
%.'.' VALUE CONVENTIONS
Ba*"e con%entions ens"re %a*"es for %ariab*e at an$ point of ti#e& This in%o*%es the
fo**oin(>
Proper defa"*t %a*"es for the %ariab*es&
Proper %a*idation of %a*"es in the fie*d&
Proper doc"#entation of f*a( %a*"es&
%.'./ SCRIPT WRITING AND COMMENTING STANDARD
44
Script ritin( is an art in hich indentation is "t#ost i#portant& Conditiona* and *oopin(
state#ents are to be proper*$ a*i(ned to faci*itate eas$ "nderstandin(& Co##ents are inc*"ded to
#ini#iAe the n"#ber of s"rprises that co"*d occ"r hen (oin( thro"(h the code&
%.'.* MESSAGE BO6 FORMAT
'hen so#ethin( has to be pro#pted to the "ser) he #"st be ab*e to "nderstand it proper*$&
To achie%e this) a specific for#at has been adopted in disp*a$in( #essa(es to the "ser& The$ are
as fo**os>
D N User has perfor#ed i**e(a* operation&
V N Infor#ation to the "ser&
%./ TEST PROCEDURE
S#STEM TESTING
Testin( is perfor#ed to identif$ errors& It is "sed for ,"a*it$ ass"rance& Testin( is
an inte(ra* part of the entire de%e*op#ent and #aintenance process& The (oa* of the testin(
d"rin( phase is to %erif$ that the specification has been acc"rate*$ and co#p*ete*$ incorporated
into the desi(n) as e** as to ens"re the correctness of the desi(n itse*f& ;or e+a#p*e the desi(n
#"st not ha%e an$ *o(ic fa"*ts in the desi(n is detected before codin( co##ences) otherise the
cost of fi+in( the fa"*ts i** be considerab*$ hi(her as ref*ected& Detection of desi(n fa"*ts can be
achie%ed b$ #eans of inspection as e** as a*!thro"(h&
Testin( is one of the i#portant steps in the softare de%e*op#ent phase& Testin( chec!s for
the errors) as a ho*e of the project testin( in%o*%es the fo**oin( test cases>
Static ana*$sis is "sed to in%esti(ate the str"ct"ra* properties of the So"rce code&
45
D$na#ic testin( is "sed to in%esti(ate the beha%ior of the so"rce code b$ e+ec"tin( the
pro(ra# on the test data&
%.* TEST DATA AND OUTPUT
%.*.) UNIT TESTING
Unit testin( is cond"cted to %erif$ the f"nctiona* perfor#ance of each #od"*ar
co#ponent of the softare& Unit testin( foc"ses on the s#a**est "nit of the softare desi(n <i&e&=)
the #od"*e& The hite:bo+ testin( techni,"es ere hea%i*$ e#p*o$ed for "nit testin(&
%.*.' FUNCTIONAL TESTS
;"nctiona* test cases in%o*%ed e+ercisin( the code ith no#ina* inp"t %a*"es for
hich the e+pected res"*ts are !non) as e** as bo"ndar$ %a*"es and specia* %a*"es) s"ch as
*o(ica**$ re*ated inp"ts) fi*es of identica* e*e#ents) and e#pt$ fi*es&
Three t$pes of tests in ;"nctiona* test>
Perfor#ance Test
Stress Test
Str"ct"re Test
%.*./ PERFORMANCE TEST
It deter#ines the a#o"nt of e+ec"tion ti#e spent in %ario"s parts of the "nit) pro(ra#
thro"(hp"t) and response ti#e and de%ice "ti*iAation b$ the pro(ra# "nit&
46
%.*.* STRESS TEST
Stress Test is those test desi(ned to intentiona**$ brea! the "nit& A Great dea* can be
*earned abo"t the stren(th and *i#itations of a pro(ra# b$ e+a#inin( the #anner in hich a
pro(ra##er in hich a pro(ra# "nit brea!s&
%.*.( STRUCTURED TEST
Str"ct"re Tests are concerned ith e+ercisin( the interna* *o(ic of a pro(ra# and
tra%ersin( partic"*ar e+ec"tion paths& The a$ in hich 'hite:8o+ test strate($ as e#p*o$ed
to ens"re that the test cases co"*d G"arantee that a** independent paths ithin a #od"*e ha%e
been ha%e been e+ercised at *east once&
E+ercise a** *o(ica* decisions on their tr"e or fa*se sides&
E+ec"te a** *oops at their bo"ndaries and ithin their operationa* bo"nds&
E+ercise interna* data str"ct"res to ass"re their %a*idit$&
Chec!in( attrib"tes for their correctness&
4and*in( end of fi*e condition) ICO errors) b"ffer prob*e#s and te+t"a* errors in
o"tp"t infor#ation
%.*.% INTEGRATION TESTING
Inte(ration testin( is a s$ste#atic techni,"e for constr"ction the pro(ra# str"ct"re
hi*e at the sa#e ti#e cond"ctin( tests to "nco%er errors associated ith interfacin(& i&e&)
inte(ration testin( is the co#p*ete testin( of the set of #od"*es hich #a!es "p the prod"ct& The
47
objecti%e is to ta!e "ntested #od"*es and b"i*d a pro(ra# str"ct"re tester sho"*d identif$ critica*
#od"*es& Critica* #od"*es sho"*d be tested as ear*$ as possib*e& One approach is to ait "nti* a**
the "nits ha%e passed testin() and then co#bine the# and then tested& This approach is e%o*%ed
fro# "nstr"ct"red testin( of s#a** pro(ra#s& Another strate($ is to constr"ct the prod"ct in
incre#ents of tested "nits& A s#a** set of #od"*es are inte(rated to(ether and tested) to hich
another #od"*e is added and tested in co#bination& And so on& The ad%anta(es of this approach
are that) interface dispenses can be easi*$ fo"nd and corrected&
The #ajor error that as faced d"rin( the project is *in!in( error& 'hen a** the
#od"*es are co#bined the *in! is not set proper*$ ith a** s"pport fi*es& Then e chec!ed o"t for
interconnection and the *in!s& Errors are *oca*iAed to the ne #od"*e and its
interco##"nications& The prod"ct de%e*op#ent can be sta(ed) and #od"*es inte(rated in as the$
co#p*ete "nit testin(& Testin( is co#p*eted hen the *ast #od"*e is inte(rated and tested&
%.( TESTING TECHNI0UES H TESTING STRATERGIES
%.(.) TESTING
Testin( is a process of e+ec"tin( a pro(ra# ith the intent of findin( an error& A (ood test
case is one that has a hi(h probabi*it$ of findin( an as:$et N"ndisco%ered error& A s"ccessf"* test
is one that "nco%ers an as:$et: "ndisco%ered error& S$ste# testin( is the sta(e of i#p*e#entation)
hich is ai#ed at ens"rin( that the s$ste# or!s acc"rate*$ and efficient*$ as e+pected before
*i%e operation co##ences& It %erifies that the ho*e set of pro(ra#s han( to(ether& S$ste#
testin( re,"ires a test consists of se%era* !e$ acti%ities and steps for r"n pro(ra#) strin() s$ste#
and is i#portant in adoptin( a s"ccessf"* ne s$ste#& This is the *ast chance to detect and correct
errors before the s$ste# is insta**ed for "ser acceptance testin(&
48
The softare testin( process co##ences once the pro(ra# is created and the
doc"#entation and re*ated data str"ct"res are desi(ned& Softare testin( is essentia* for
correctin( errors& Otherise the pro(ra# or the project is not said to be co#p*ete& Softare
testin( is the critica* e*e#ent of softare ,"a*it$ ass"rance and represents the "*ti#ate the re%ie
of specification desi(n and codin(& Testin( is the process of e+ec"tin( the pro(ra# ith the
intent of findin( the error& A (ood test case desi(n is one that as a probabi*it$ of findin( an $et
"ndisco%ered error& A s"ccessf"* test is one that "nco%ers an $et "ndisco%ered error& An$
en(ineerin( prod"ct can be tested in one of the to a$s>
%.(.).) WHITE BO6 TESTING
This testin( is a*so ca**ed as G*ass bo+ testin(& In this testin() b$ !noin( the
specific f"nctions that a prod"ct has been desi(n to perfor# test can be cond"cted that
de#onstrate each f"nction is f"**$ operationa* at the sa#e ti#e searchin( for errors in each
f"nction& It is a test case desi(n #ethod that "ses the contro* str"ct"re of the proced"ra* desi(n to
deri%e test cases& 8asis path testin( is a hite bo+ testin(&
8asis path testin(>
;*o (raph notation
C$c*o#etric co#p*e+it$
Deri%in( test cases
Graph #atrices Contro*
%.(.).' BLACK BO6 TESTING
49
In this testin( b$ !noin( the interna* operation of a prod"ct) test can be
cond"cted to ens"re that a** (ears #eshP) that is the interna* operation perfor#s accordin( to
specification and a** interna* co#ponents ha%e been ade,"ate*$ e+ercised& It f"nda#enta**$
foc"ses on the f"nctiona* re,"ire#ents of the softare&
The steps in%o*%ed in b*ac! bo+ test case desi(n are>
Graph based testin( #ethods
E,"i%a*ence partitionin(
8o"ndar$ %a*"e ana*$sis
Co#parison testin(
%.(.' SOFTWARE TESTING STRATEGIES3
A softare testin( strate($ pro%ides a road #ap for the softare de%e*oper& Testin( is a
set acti%it$ that can be p*anned in ad%ance and cond"cted s$ste#atica**$& ;or this reason a
te#p*ate for softare testin( a set of steps into hich e can p*ace specific test case desi(n
#ethods sho"*d be strate($ sho"*d ha%e the fo**oin( characteristics>
Testin( be(ins at the #od"*e *e%e* and or!s o"tardP toard the inte(ration of
the entire co#p"ter based s$ste#&
Different testin( techni,"es are appropriate at different points in ti#e&
The de%e*oper of the softare and an independent test (ro"p cond"cts testin(&
50
Testin( and Deb"((in( are different acti%ities b"t deb"((in( #"st be
acco##odated in an$ testin( strate($&
%.(.'.) INTEGRATION TESTING3
Inte(ration testin( is a s$ste#atic techni,"e for constr"ctin( the pro(ra#
str"ct"re hi*e at the sa#e ti#e cond"ctin( tests to "nco%er errors associated ith& Indi%id"a*
#od"*es) hich are hi(h*$ prone to interface errors) sho"*d not be ass"#ed to or! instant*$
hen e p"t the# to(ether& The prob*e# of co"rse) is p"ttin( the# to(etherP: interfacin(&
There #a$ be the chances of data *ost across on another?s s"b f"nctions) hen co#bined #a$ not
prod"ce the desired #ajor f"nction@ indi%id"a**$ acceptab*e i#pression #a$ be #a(nified to
"nacceptab*e *e%e*s@ (*oba* data str"ct"res can present prob*e#s&
%.(.'.' PROGRAM TESTING3
The *o(ica* and s$nta+ errors ha%e been pointed o"t b$ pro(ra# testin(& A
s$nta+ error is an error in a pro(ra# state#ent that in %io*ates one or #ore r"*es of the *an("a(e
in hich it is ritten& An i#proper*$ defined fie*d di#ension or o#itted !e$ords are co##on
s$nta+ error& These errors are shon thro"(h error #essa(es (enerated b$ the co#p"ter& A *o(ic
error on the other hand dea*s ith the incorrect data fie*ds) o"t:off:ran(e ite#s and in%a*id
co#binations& Since the co#pi*er s i** not ded"ct *o(ica* error) the pro(ra##er #"st e+a#ine
the o"tp"t& Condition testin( e+ercises the *o(ica* conditions contained in a #od"*e& The possib*e
t$pes of e*e#ents in a condition inc*"de a 8oo*ean operator) 8oo*ean %ariab*e) a pair of 8oo*ean
parentheses A re*ationa* operator or on arith#etic e+pression& Condition testin( #ethod foc"ses
51
on testin( each condition in the pro(ra# the p"rpose of condition test is to ded"ct not on*$
errors in the condition of a pro(ra# b"t a*so other a errors in the pro(ra#&
%.(.'./ SECURIT# TESTING3
Sec"rit$ testin( atte#pts to %erif$ the protection #echanis#s b"i*t in to a s$ste# e**) in
fact) protect it fro# i#proper penetration& The s$ste# sec"rit$ #"st be tested for in%"*nerabi*it$
fro# fronta* attac! #"st a*so be tested for in%"*nerabi*it$ fro# rear attac!& D"rin( sec"rit$) the
tester p*aces the ro*e of indi%id"a* ho desires to penetrate s$ste#&
%.(.'.* VALIDATION TESTING
At the c"*#ination of inte(ration testin() softare is co#p*ete*$ asse#b*ed as a
pac!a(e& Interfacin( errors ha%e been "nco%ered and corrected and a fina* series of softare test:
%a*idation testin( be(ins& Ba*idation testin( can be defined in #an$ a$s) b"t a si#p*e definition
is that %a*idation s"cceeds hen the softare f"nctions in #anner that is reasonab*$ e+pected b$
the c"sto#er& Softare %a*idation is achie%ed thro"(h a series of b*ac! bo+ tests that
de#onstrate confor#it$ ith re,"ire#ent& After %a*idation test has been cond"cted) one of to
conditions e+ists&
H The f"nction or perfor#ance characteristics confir# to specifications and are accepted&
H A %a*idation fro# specification is "nco%ered and a deficienc$ created&
De%iation or errors disco%ered at this step in this project is corrected prior to co#p*etion
of the project ith the he*p of the "ser b$ ne(otiatin( to estab*ish a #ethod for reso*%in(
deficiencies& Th"s the proposed s$ste# "nder consideration has been tested b$ "sin( %a*idation
52
testin( and fo"nd to be or!in( satisfactori*$& Tho"(h there ere deficiencies in the s$ste# the$
ere not catastrophic&
%.(.'.( USER ACCEPTANCE TESTING
User acceptance of the s$ste# is !e$ factor for the s"ccess of an$ s$ste#& The s$ste#
"nder consideration is tested for "ser acceptance b$ constant*$ !eepin( in to"ch ith prospecti%e
s$ste# and "ser at the ti#e of de%e*opin( and #a!in( chan(es hene%er re,"ired& This is done
in re(ardin( to the fo**oin( points&
Inp"t screen desi(n&
O"tp"t screen desi(n&
S4<r8 C49
53
S8r!5h4t53
54
55
56
57
58
59
60
REFERENCES
L3M D& 8ai) '& G") S& Che**appan) D& 'an() D& D"an) and 8& Ma) PAS> Predicate:based
a"thentication ser%ices a(ainst poerf"* passi%e ad%ersaries)P in Proc& IEEE Ann"& Co#p"t&
Sec"rit$ App*& Conf&) Dec& 5--1) pp& 977N995&
L5M D& 'einsha**) Co(niti%e a"thentication sche#es safe a(ainst sp$ are)P in Proc& IEEE
S$#p& Sec"rit$ Pri%ac$) Ma$ 5--.) pp& 52KN7--&
L7M P& D"nph$) A& P& 4einer) and N& Aso!an) A c*oser *oo! at reco(nition based (raphica*
passords on #obi*e de%ices)P in Proc& ACM S$#p& Usab*e Pri%ac$ Sec"rit$) 5-3-) pp& 3N35&
L9M '& S& Geis*er and 8& 6& S"per) Percept"a* or(aniAation of to di#ensiona* patterns)P
Ps$cho*& Re%&) %o*& 3-/) no& 9) pp& .//N/-1) 5---&
LKM T& ;& 8rad$) T& Eon!*e) and G& A& A*%areA) A re%ie of %is"a* #e#or$ capacit$> 8e$ond
indi%id"a* ite#s and toard str"ct"red representations)P6& Bision) %o*& 33) no& K) pp& 3N79) 5-33
61