A

project Report
On

“Three Level Authentication For Safe Lockers”

Submitted to
JAWAHARLAL NEHRU TECHNOLOGY UNIVERSITY, ANANTAPUR,
ANANTAPURAMU.
In partial fulfilment of the requirements for the award of the degree of
BACHELOR OF TECHNOLOGY
In
COMPUTER SCIENCE AND ENGINEERING
By

K. S. Jahnavi 19F41A0540
B. Sai Chaitanya 19F41A0514
A. Dorababu 19F41A0505
A. Reddeppa 19F41A0509

Under the Guidance of

Mr.S.Gnana Murthi, ME, ASSISTANT PROFESSOR
DEPARTMENT OF COMPUTER SCIENCE ENGINEERING

2022-2023
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
KUPPAM ENGINEERING COLLEGE
(Approved by AICTE and Affiliated to JNTUA, Anantaputamu)
Accredited by NAAC & ISO 9001-2008 Certified
KES Nagar, Kuppam-517425, Chittoor District

i
 KUPPAM ENGINEERING COLLEGE
(Approved by AICTE and Affiliated to JNTUA, Anantaputamu)
Accredited by NAAC & ISO 9001-2008 Certified
KES Nagar, Kuppam-517425, Chittoor District

Certificate
This is to certify that this project report entitled “Three Level Authentication For Safe
Locker” is carried out by K.S.Jahnavi(19F41A0540), B.Sai Chaithanya(19F41A0514), A.
Dorababu(19F41A0505),A. Reddeppa(19F41A0509) in partial fulfilment of the requirement for the
Awarding of the degree of BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE AND
ENGINEERING during the academic year 2022-2023.

Internal Guide Head of the Department

Mr.S.Gnana Murthi ,ME Dr. K. LOGESH,M.Tech.,Ph.D.
Assistant Professor, Associate Professor &HOD,
Dept. of CSE, Dept. of CSE,
Kuppam Engineering College. Kuppam Engineering College.

Submitted for viva voce Examination held on________________________

Internal Examiner External Examiner

ii
 DECLARATION

We hereby declare that the project report entitled “Three Level Password Authentication For Safe Locker”
done by us under the guidance of Mr.S.Gnana Murthi,ME., Assistant Professor, is submitted to partial
Fulfilment of the requirements for the award of Bachelor of Technology in the department of Computer
Science and Engineering . This project has not formed the basis for the award of any degree, associate ship,
fellowship or any other similar titles.

Name of the student HallTicket Number Signature

K.S.Jahnavi 19F41A0540

B.Sai Chaitanya 19F41A0514

A.Dorababu 19F41A0505

A.Reddeppa 19F41A0509

iii
 ACKNOWLEDGMENT
An endeavor of a long period can be successful only with the advice of many well wishers. We take this
opportunity to express my deep gratitude and appreciation to all those who encouraged me for successfully
completion of the Project work.

We special thanks to Mr. K.Logesh , M.Tech ,Ph.D. , Associate Professor ,Head of the department of
Computer Science and Engineering, during the progress of Project work, for his timely suggestions and help
in spite of his busy schedule.

We are thankful to my Guide S.Gnana Murthi, ME, Associate Professor, Department of Computer
Science & Engineering, Kuppam Engineering College, Kuppam, for his valuable guidance and suggestions
in analyzing and testing throughout the period, till the end of Project work.

We would like to express my sincere gratitude to Principal Dr. Sudhakar Babu, ME, Ph.D, for his
valuable support and encouragement during Project work.

We wish to express my sincere thanks to Management of Kuppam Engineering College, Kuppam for
their consistent help and encouragement to complete the Project work.

Finally, we would like to express sincere thanks to Faculty Members of C.S.E Department, and Lab
Technicians, one and all who have helped me to complete the project work successfully.

With Regards

K.S.Jahnavi(19F41A0540)

B.SaiChaitanya(19F41A0514)

A.Dorababu(19F41A0505)

A.Reddeppa(19F41A0509)

iv
 ABSTRACT

Authentication process are very common mechanisms to confirm the legitimacy of someone’s or
something’s identity in digital and physical systems.

This project presents a new and robust authentication method based on users’ multiple devices. Due to
the popularity of mobile devices, users are becoming more likely to have more than one device (e.g.,
smartwatch, smartphone, laptop, tablet, smart-car, smart-ring, etc.). The authentication system presented here
takes advantage of these multiple devices to implement authentication mechanisms. In particular, the system
requires the devices to collaborate with each other in order for the authentication to succeed. This new
authentication process is robust against theft-based attacks on single device; an attacker would need to steal
multiple devices in order to compromise the authentication system.

The new authentication system comprises an authenticator and at least three level authentication using different
devices, where the user devices are associated with each other. To perform an authentication on a user device,
the user needs to respond a challenge by using his/her associated device. After describing how this
authentication process works, this project will discuss three different versions of the process that have been
implemented. In the first implementation, the authentication process is performed by using face recognition.
In the second implementation, voice recognition technology is used for challenge transmission. In the last
implementation, the usability with different platforms is exposed based on OTP generation. Furthermore, the
authentication process has been verified by using an automated process-verification to check whether the
process satisfies authenticity and secrecy properties. Finally, these implementations are tested and analysed to
demonstrate the performance variations over different versions of the system.

v
 Table Of Contents
DESCRIPTION PAGE NUMBER
CERTIFICATE ii
DECLARATION iii
ACKNOWLEDGEMENTS iv
ABSTRACT v
LIST OF TABLES viii
LIST OF FIGURES ix
1. INTRODUCTION 1
1.1 Background 2
1.1.1 Multi-Factor Authentication
1.2 An Overview of the New Authentication Method 3
1.3 Related Work 4
1.3.1 Authentication using something the user Knows 5
1.3.2 Authentication using something the user Is
1.3.3 Authentication using something the user Has 6
1.3.4 Multi Factor Authentication 7
1.3.5 Challenges-Response Mechanisms
2. LITERATURE REVIEW 8
3. SYSTEM ANALYSIS 16
3.1 Requirement Specification 17
3.1.1 Software Requirements
3.1.2 Hardware Requirements
3.2 Existing System 25
3.3 Proposed System 26
4. SYSTEM DESIGN 28
4.1 Architectural Diagram 29
4.2 E-R Diagram 30
4.3 UML Diagram 31
4.3.1 Class Diagram
4.3.2 Object Diagram 32
4.3.3 Deployment Diagram 33
4.3.4 Use Case Diagram
4.3.5 Sequence Diagram 34

vi
 4.3.6 State Machine Diagram 35
4.3.7 Activity Diagram 36
5. TESTING AND RESULTS 37
5.1 Testing 38
5.2 Results 42
5.2.1 Model Checking
5.2.2 Modelling the process 43
5.2.3 Experimental Setup 44
5.3 Implementation 50
5.3.1 Public Key Infrastructure Setup
5.3.2 Registration 51
5.3.3 Authentication Phase
5.4 Project Code 52
5.4.1 Arduino Code
5.4.2 Python Code 57
5.5 Screenshots 64
6. FUTURE WORK AND CONCLUSION 68
6.1 Future Work 69
6.1.1 Add/Remove Devices 69
6.1.2 Continuous Authentication
6.1.3 Future Experiments 70
6.1.4 Future Implementation
6.2 Conclusion 71
7. REFERENCES 72

vii
 List Of Tables
TABLE TITLE PAGE NUMBER
5.1 Test devices technical specification 44
5.2 Process implementation test configuration 46
5.3 Experimental results with first configuration 46
5.4 Experimental results with second configuration 47
5.5 Experimental results with test configuration 48
5.6 Experimental results described in test device 49
5.7 Implementation with different system configurations 49

viii
 List Of Figures
FIGURE TITLE PAGE NUMBER
3.1 Arduino Nano 18
3.2 Keypad 19
3.3 LCD 20
3.4 Servo Motor 21
3.5 GSM SIM800L 22
4.1.1 Architectural Diagram 29
4.1.2 Authentication using two devices 30
4.2 Block Diagram 31
4.3.1 Class Diagram 32
4.3.2 Object Diagram 32
4.3.3 Deployment Diagram 33
4.3.4 Usecase Diagram 34
4.3.5 Sequence Diagram 35
4.3.6 State Machine Diagram 35
4.3.7 Activity Diagram 36
5.2.2 Authentication time measurement 45
5.3 Implementation of the system design 51
5.5.1 Home page 64
5.5.2 Name module 64
5.5.3 Select user 64
5.5.4 Face recognition 65
5.5.5 Add user 65
5.5.6 Voice recognition 65

ix
Three Level Authentication for Safe Lockers

CHAPTER-1
INTRODUCTION

KEC/B.TECH/CSE/2022-23 1
Three Level Authentication for Safe Lockers

INTRODUCTION
Access control is a crucial component in many digital and physical systems in order to prevent
unauthorized access to sensitive information. Access control policies are designed to ensure appropriate access
to sensitive information and resources (e.g., smartphones, servers, smartwatches, operating systems, web
applications). Hence, authentication methods are the key mechanism to enforce access control policies as well
as protect access to secure systems.

1.1 Background

There are three standard approaches (factors) in authentication schemes:

• Authentication with something the user knows

• Authentication with something the user has

• Authentication with something the user is

A wide variety of authentication methods has been developed for access control systems. One of the most
popular techniques is using a username and a password for authentication. Another common approach for
extensive security is authentication with bio-metric identity (e.g.: fingerprint, retina). In addition to these
techniques, multi-factor authentication is also commonly accepted by enterprise organizations.

1.1.2 Multi-factor Authentication

Multi-factor authentication is another approach for implementing access control methods by using at
least two of three authentication factors. Introducing at least one more factor into the authentication process
increases the difficulty of credential falsification.

In some systems, a fingerprint (something the user is) and a password (something the user knows)
combination is used in order to implement multi-factor authentication. Similarly, using a debit card
(something the user has) and a pin number (something the user knows) is also common way to authenticate
the users into banking systems.

KEC/B.TECH/CSE/2022-23 2
Three Level Authentication for Safe Lockers

However, the great concern with these existing authentication methods is the vulnerability against theft-
based attacks . In each scheme, the attacker could steal the identity information, such as a username and a
password, a bio-metric identity or a token device, and access the users’ sensitive information.

1.2 An Overview of the New Authentication Method

The new authentication method presented in this project is an innovative way to authenticate users by using
users’ multiple devices. This method uses at least two pre-associated (paired) devices to authenticate. The user
devices need to cooperate with each other in order to respond to a challenge and successfully authenticate.
Using associated devices is a robust way to prevent theft-based attacks on authentication process. Theoretical
analysis has been done on the new authentication process in Jean-Baptiste Subils’ project . Additionally, a U.S.
Utility Patent Application regarding the new authentication method was filed April 22, 2015 .

This project argues that the presented authentication process can be easily implemented to solve real-life
authentication problems, and these implementations can have satisfactory performance. Furthermore, the
authentication process can be model checked by a model checker to ensure that it satisfies secrecy and
authenticity properties.

Throughout this project, terms “first device” and “device one” refer to the device that is attempting to
authenticate some system. Terms “second device” and “device two” refer to the device with which the user is
performing a task or a challenge to prove his/her identity. Also, the term “challenge” represents a required task
to complete authentication.

After defining the new authentication method, this project will discuss three different versions of the process
that have been designed and implemented. The main purpose of introducing the different set of
implementations is to demonstrate the new authentication process’s adaptability to different authentication
problems.

In the first implementation, the authentication process is performed by using two smartphones. Also, as a
challenge, a QR code is used. When the first device attempts to access the system, the system sends a QR code
to the device one. Then, the user needs to scan this QR code with his/her second smartphone in order to perform
the challenge. Finally, the authenticator system decides whether or not the authentication is successful.
Moreover, to demonstrate the authentication process with two smartphones and a QR code, an Android
application was developed and installed into the smartphones. Also, a web server application was developed
and deployed to represent the authenticator system.

KEC/B.TECH/CSE/2022-23 3
Three Level Authentication for Safe Lockers

In the second implementation, a different challenge transmission technique usage is demonstrated. Instead of
using a QR code, NFC technology is used for challenge transmission. Similar to the first implementation, two
smartphones, which run the Android application, and a web server application are used.

In the last implementation, the usability with different platforms is exposed. Instead of using smartphones, a
laptop computer and a smartphone combination is used. In this particular implementation, the laptop attempts
to access to sensitive information on some system. To perform an authentication, the authenticator system
sends a QR code to the laptop computer, and the user scans this QR code by using his/her smartphone. Finally,
the authenticator system grants or denies access to the laptop computer. Similarly to previous implementations,
the same Android and web server application was used in the smartphone and the authenticator server.
However, new client application have been designed and implemented for laptop computer.

After introducing particular implementations, the authentication process was verified by using an automated
security process verification tool . To check if the authentication process satisfied the authenticity and the
secrecy properties, a security process verification tool needed to be used. At first, the authentication process
was modeled using a high level process specification language. Then, the process was verified to show the
secrecy and the authenticity properties were not violated.

These implementations were tested and analyzed to demonstrate the performance variations over different
versions of the process. The different implementations compared in terms of execution time, battery usage,
network traffic and memory consumption. The most effective authentication performance was observed while
using two smartphones and NFC technology for challenge transmission. Using the NFC process instead of QR
code images significantly decreased the network traffic and battery usage. However, measured execution time
results were close to each other.

1.3 Related Work

Access control determines who can access system resources . There are two main parts of broad access
control definition, authorization and authentication. Authorization is the process of specifying access rights to
the resources. Further, authentication is the set of procedures that determines whether someone or something
should be allowed access to some system or resources .

Authentication methods are a very common way to confirm the legitimacy of someone’s or something’s
identity in digital and physical systems. The standard three factors in authentication techniques are something
the user knows (e.g., a password), something the user has (e.g., a hardware token device) and something the
user is (e.g., a fingerprint) [1]. In order to achieve an authentication, one of the factors can be used. Also, the

KEC/B.TECH/CSE/2022-23 4
Three Level Authentication for Safe Lockers

factors can be combined to create a multi-factor authentication. This chapter compares and contrasts closely
related common authentication methods with the new authentication process.

1.3.1 Authentication Using Something the User Knows

One of the most popular approaches is using something the user knows as an authentication factor.
Passwords are an example of authentication methods based on something the user knows. Furthermore, a
username and password authentication scheme is mainly used in online web applications (e.g., online banking
applications, social media platforms, mail clients).

Another approach to implement authentication mechanisms based on something the user know is
asking personal questions from the users, such as “What was the make of your first car,” “What is your first
pet’s name” ?

1.3.1.1 Advantages and Disadvantages

A major advantage of the traditional username and password scheme is that it is very easy to
implement. A wide variety of password encryption tools exist in order to store passwords in the systems.
Moreover, password authentication is relatively easy to use because users are accustomed to it .

Researchers have been studying the vulnerabilities of the username and password schemes. One of the
common problems with passwords is attackers can guess the password . Users are more likely to choose simple
passwords in order to better remember them in the future.

Spear phishing and social engineering is also another major attack model with passwords. The attacker
can send a fake email and ask for the username and/or password from the user . Also, another survey showed
that more than 70% of people would reveal their passwords for just a candy bar .

1.3.2 Authentication Using Something the User Is

Biometric identifiers, e.g., finger prints, voice prints, retina scans, are examples of an authentication
scheme based on something the user is. Before the authentication starts, the authenticator system needs to take
users’ biometric measurements in order to identify them. Then, when users want to access the system, the
authentication mechanism analyzes and verifies users’ identities . In order to identify users, systems can read
fingerprints, scan retinas, scan voices, read signatures.

KEC/B.TECH/CSE/2022-23 5
Three Level Authentication for Safe Lockers

1.3.2.1 Advantages and Disadvantages

Since users can forget passwords and lose hardware devices (e.g., hardware token, bank card),
something the user is based authentication mechanism could be used. Furthermore, these authentication
schemes are cost-effective; after setting up the authentication infrastructure, there is no need for extra device
utilization.

User identity theft is one of the major concerns with “something the user is” based authentication
mechanisms. The attacker could steal the fingerprints of users and authenticate the system. Similarly, the
attacker could also spoof voice samples, retina images or signatures of users .

The replay attack is also another vulnerability in the biometric authentication scheme . The attacker
could steal the fingerprint information from the authenticator device after a successful authentication.
Additionally, uniqueness is another concern for biometric authentication. Two different people could have the
same characteristics of their faces, signatures or voice prints .

1.3.3 Authentication Using Something the User Has

Some authentication schemes require a physical object in order to complete authentication. These
physical objects, known as “something the user has,” are factors of the authentication. Physical tokens are one
of the most popular examples of this scheme . RSA securId , Battle.net authenticator , yubico are instances of
implementation of the physical tokens.

Magnetic strip cards are another popular example similar to hardware tokens. Magnetic strip cards
(e.g., id cards, credit cards, smart card) are widely used to authenticate the users into the systems.

1.3.3.1 Advantages and Disadvantages

A wide variety of solutions has been introduced to identify the users with physical authenticator
devices. The popularity of studies on the something the user has authentication schemes leads to cost-effective
solutions to authentication problems.

Theft-based attacks is one of the major concerns in something the user has based authentication
mechanisms . A physical token device, such as an id card, or a credit card could be stolen by an attacker and
the attacker could easily access systems. In addition, another common attack model on token devices are the
replay attacks , in which, physical token devices or credit cards could be copied by an attacker and used to
gain access to systems.

KEC/B.TECH/CSE/2022-23 6
Three Level Authentication for Safe Lockers

Clock drift, battery and synchronization problems are other examples of physical token issues. In a
certain time period, users need to do maintenance in order to reuse their token devices .

1.3.4 Multi-factor Authentication

Multi-factor authentication mechanisms combine at least two of three authentication factors

(something the user knows, something the user has, something the user is). Automated Teller Machines
(ATMs) extensively uses the two-factor authentication scheme during the bank transactions. For example,
withdrawing money from ATM requires a bank or a credit card (something the user has) and a personal
identification number (PIN) (something the user knows). Another common example of multi-factor
authentication schemes is a combination of an RSA securID physical token and a password .

1.3.4.1 Advantages and Disadvantages

In the single factor authentication schemes, a token device can be stolen or a password can get
compromised. Introducing multiple authentication factors can diminish the attack surface. For example, if an
attacker compromises the hardware token in a two-factor authentication scheme using a password and a
hardware token, the system still remain inaccessible.

Although multi factor authentication schemes have improved the security compared to single factor
authentication schemes, the usability is a major concern . Users may need to carry additional devices (e.g.,
physical token) on them. Moreover, since there are multiple factors involved in authentication, extra steps need
to be performed in order to complete authentication. Users can get tired of performing extra steps and disable
the multi-factor authentication feature from systems.

1.3.5 Challenge-Response Mechanisms

Challenge-response mechanisms use one-time usable identifiers as an authentication factor. For

example, instead of using the same password, the authenticator system uses one-time passwords. One-time
passwords are the ideal example of challenge response mechanisms. In every authentication attempt, the
system generates a random password and sends it to the user. In addition to one-time passwords, using a
hardware token (e.g., mobile phone, physical token device) is another approach to implement challenge-
response mechanisms.

KEC/B.TECH/CSE/2022-23 7
Three Level Authentication for Safe Lockers

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is another
example of a challenge-response mechanism that tests whether the user is human or not .

1.3.5.1 Advantages and Disadvantages

Challenge-response mechanisms are robust against bot attacks on the system. Furthermore, many
challenge-response mechanisms (e.g., CPATCHA) are very popular and easy to implement.

Dictionary attacks are a common attack model on challenge-response mechanisms. If an attacker knows the
challenge and the response, a dictionary attack can be performed to predict one-time passwords. Furthermore,
there are many studies showing that CHAPCHA based mechanisms can get compromised by automated
systems .

KEC/B.TECH/CSE/2022-23 8
Three Level Authentication for Safe Lockers

CHAPTER-2
LITERATURE RIVIEW

KEC/B.TECH/CSE/2022-23 9
Three Level Authentication for Safe Lockers

Literature Review

[1] Umut Uludag and Anil K Jain. Attacks on Biometric Systems: a Case Study in Fingerprints. In
Electronic Imaging 2004, pages 622–633. International Society for Optics and Photonics, 2004.

In spite of numerous advantages of biometrics-based personal authentication systems over

traditional security systems based on token or knowledge, they are vulnerable to attacks that can
decrease their security considerably. In this paper, we analyze these attacks in the realm of a fingerprint
biometric system. We propose an attack system that uses a hill climbing procedure to synthesize the
target minutia templates and evaluate its feasibility with extensive experimental results conducted on
a large fingerprint database. Several measures that can be utilized to decrease the probability of such
attacks and their ramifications are also presented.

Disadvantages:

• System failures – scanners are subject to the same technical failures and limitations as all
other electronic identification systems such as power outages, errors and
environmental factors.

• Cost – it is true that fingerprint recognition systems are more cost effective than ever, but for
smaller organisations the cost of implementation and maintenance can still be a barrier to
implementation. This disadvantage is lessening as devices become more cost effective and
affordable.

• Exclusions – while fingerprints remain relatively stable over a person’s lifetime there are
sections of the population that will be excluded from using the system. For example, older
people with a history of manual work may struggle to register worn prints into a system or
people who have suffered the loss of fingers or hands would be excluded.

[2] Steven Furnell. An Assessment of Website Password Practices. Computers & Security, 26(7):445–
451, 2007.

KEC/B.TECH/CSE/2022-23 10
Three Level Authentication for Safe Lockers

Password-based authentication is frequently criticised on the basis of the ways in which the approach
can be compromised by end-users. However, a fundamental point in the defence of many users is that
they may not know any better, and lack appropriate guidance and support when choosing their passwords
and subsequently attempting to manage them. Given that such support could reasonably be expected to
come from the systems upon which the passwords are used, this paper presents an assessment of password
practices on 10 popular websites, examining the extent to which they provide guidance for password
selection, enforce restrictions on password choices, and support easy and effective recovery or reset if
passwords are forgotten. The findings reveal that the situation is extremely variable, with none of the
assessed sites performing ideally across all of the assessed criteria. Better efforts are consequently
required if password practices amongst the general populous are expected to improve.

Disadvantages:

• Passwords can be guessed: while passwords are at risk from brute force attacks and social
engineering, simply guessing is often effective too, when “123456” was the most popular password
of 2020!
• Passwords are hard to remember: the common wisdom is to have a different, unique password
for each account. But this quickly becomes a problem when you have multiple accounts and too
many combinations to remember. Secure online face verification means one password—your
face—that’ll you’ll never forget.

[3] Kim-Phuong L Vu, Robert W Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam Belin Tai, Joshua
Cook, and E Eugene Schultz. Improving Password Security and Memorability to Protect Personal
and Organizational Information. International Journal of Human Computer Studies, 65(8):744–757,
2007.

Personal information and organizational information need to be protected, which requires that only
authorized users gain access to the information. The most commonly used method for authenticating users
who attempt to access such information is through the use of username–password combinations.
However, this is a weak method of authentication because users tend to generate passwords that are easy
to remember but also easy to crack. Proactive password checking, for which passwords must satisfy
certain criteria, is one method for improving the security of user-generated passwords. The present study
evaluated the time and number of attempts needed to generate unique passwords satisfying different
restrictions for multiple accounts, as well as the login time and accuracy for recalling those passwords.

KEC/B.TECH/CSE/2022-23 11
Three Level Authentication for Safe Lockers

Imposing password restrictions alone did not necessarily lead to more secure passwords. However, the
use of a technique for which the first letter of each word of a sentence was used coupled with a
requirement to insert a special character and digit yielded more secure passwords that were more
memorable.

[4] Cagri Cetin, Jay Ligatti, Dmitry Goldgof, and Jean-Baptiste Subils. Systems and Methods for
Authentication Using Multiple Devices, April 22 2015. US Patent App. 14A079PRC.

A system and method of authentication using an authenticator computing device and at least two
registered user devices is described. In operation, the authenticator computing device receives a request
to access a resource from one of a plurality of user devices registered to a user. The authenticator
computing device generates an authentication challenge in response to the request and the authentication
challenge is then transmitted to a subset of the plurality of user devices. One or more of the user devices
then subsequently generates and transmits a response to the authentication challenge to the authenticator
computing device. The authenticator computing device then determines whether the responses received
from the one or more user devices in the subset constitutes a valid response and then grants one or more
of the user devices access to the resource if the responses received from the user devices constitutes a
valid response to the authentication challenge.

Disadvantages:

• Consumer friction. One of the major issues with multi-factor authentication is that it’s an
obstacle for people who want to login to their accounts as quickly and smoothly as possible. This
could cause customers to abandon the process during onboarding or leave the platform in
frustration.
• Bias and Inaccuracy. Poor implementation of authentication technology can lead to false
negatives due to inherent demographic biases in the biometric authentication system. Moreover,
most common biometric methods rely on partial information for identity verification. This can
lead to false rejects and false accepts, preventing some genuine users from accessing the system
and allowing malicious players in.
• Biometrics can be spoofed. Although biometrics are extremely hard to spoof, it is not
impossible. And once compromised, the data cannot be reset. This is a significant drawback as
passwords can be reset and changed.

KEC/B.TECH/CSE/2022-23 12
Three Level Authentication for Safe Lockers

• High implementation cost. To balance a secure system with user convenience, sophisticated
hardware and integrations are required. This makes it costly to implement multi-factor
authentication systems.

[5] Hung-Yu Chien, Jinn-Ke Jan, and Yuh-Min Tseng. An Efficient and Practical Solution to Remote
Authentication: Smart Card. Computers & Security, 21(4):372–375, 2002.

In recent years, a new technology has come into picturefor remote user authentication (RUA) in which
the remote server verifies the legitimacy and authenticity of a user over an insecure communication
channel using biometrics. Because of their computational cost and convenient portability for thepurpose
of authentication, remote user authentication scheme based on smart cards is widely adopted. Mutual
authentication and communication privacy are considered as the essential requirements in today's client-
server architecture. Therefore in this paper, a survey on RUA scheme is done by analyzing and classifying
the existing schemes accordingly. The existing schemes have several security pitfalls and are vulnerable
to many attacks. Thus they fail to serve all the purposes of an ideal RUA scheme. An ideal RUA scheme
should inherit all the security advantages of the existing schemes. In this paper, all possible goals and
attacks are defined that an ideal RUA scheme should achieve and withstand respectively. Thus the main
contribution of the paper is to come up with an ideal RUA scheme while keeping the merits of the well-
known smart card based authentication schemes.

Disadvantages:

• Extended network perimeter/vendor coordination: The additional hardware, software and

network changes to the existing system's maintenance, as well as coordination with a third-
party system (such as s government body), to obtain and send information seamlessly can be
challenging.
• Budgets: These need to be planned and set aside for various project phases for a timely,
successful adoption of the technology. There is a general myth that multifactor authentication
is overkill and hard to fit into a budget, which needs to be clarified with prospective customers.
• Operational hurdles: These may include issues such as voice authentication being affected by
noise, short utterances, more than one voice during enrollment or authentication, bandwidth
availability for app-based usage, and more.
• Security policy and compliance: Even after deployment, people need a push to start using the
new voice biometric system. Overcoming resistance to change to the new technology, removing

KEC/B.TECH/CSE/2022-23 13
Three Level Authentication for Safe Lockers

alternate systems, and including clear visual instructions and documentation assist in a
successful rollout.

[6] Geoff Brown. The Use of Hardware Tokens for Identity Management. Information Security
Technical Report, 9(1):22–25, 2004.

Contrasts smart cards with time- and event-based tokens for identity management. Considers
security requirements of the systems. Draws attention to an issue with the key generation process for the
most popular token on the market. With all security there are trade-offs between the level of security and
the convenience of use. Passwords, hardware tokens, biometrics - all represent the identity of the user in
a coded form. With current technology, hardware tokens are a practical compromise to realise good
security at reasonable cost and ease of use. This note explores some of the more popular tokens on the
market and looks at their suitability for identity management.A white paper from Secure Computing
Corporation will give the reader an excellent overview of the subject – just do not take too much notice
of the frequent mention of their products. This is a fast-moving area and the white paper is now two years
old. We will attempt to cover some of the situations that have changed in that time.

Disadvantages:

• Compromised Secret Key: One of the major cons of relying on tokens is that it relies on just one
key. Yes, JWT uses only one key, which if handled poorly by a developer/administrator, would
lead to severe consequences that can compromise sensitive information.It’s essential for businesses
to seek professional help coupled with robust security mechanisms while planning to add JWT to
their authentication mechanism to ensure the highest level of security.

• Data Overhead: The overall size of a JWT is quite more than that of a normal session token, which
makes it longer whenever more data is added to it. So, if you’re adding more information in the
token, it will impact the overall loading speed and thus hamper user experience.

• Shorter Lifespan: Short-lived JWT are harder for users to work with. These tokens require
frequent reauthorization, which can be annoying at times, especially for the clients.

[7] Guomin Yang, Duncan S Wong, Huaxiong Wang, and Xiaotie Deng. Two-factor Mutual
Authentication Based on Smart Cards and Passwords. Journal of Computer and System Sciences,
74(7):1160–1172, 2008.

KEC/B.TECH/CSE/2022-23 14
Three Level Authentication for Safe Lockers

One of the most commonly used two-factor user authentication mechanisms nowadays is based on
smart-card and password. A scheme of this type is called a smart-card-based password authentication
scheme. The core feature of such a scheme is to enforce twofactor authentication in the sense that the
client must have the smart-card and know the password in order to gain access to the server. In this paper,
we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic
construction framework for smart-card-based password authentication. We show that a secure password
based key exchange protocol can be efficiently transformed to a smartcard-based password authentication
scheme provided that there exist pseudorandom functions and target collision resistant hash functions.
Our construction appears to be the first one with provable security. In addition, we show that two recently
proposed schemes of this kind are insecure.

Disadvantages:

• Factors can get lost: There is no certainty that your authentication factors will be available when
you need them. Typically, you are locked out of your account after one mistake is made.
• False Security: Two-factor authentication provides a level of security, but it’s typically exaggerated.
For example, if you were locked out of a service because you lost a factor, you’re basically in the
same predicament as a hacker attempting to gain access to your account. If you can reset your
account without an access factor, then a hacker can, too.

KEC/B.TECH/CSE/2022-23 15
Three Level Authentication for Safe Lockers

CHAPTER-3
SYSTEM ANALYSIS

KEC/B.TECH/CSE/2022-23 16
Three Level Authentication for Safe Lockers

System Analysis

3.1 Requirement Specification

For the development of this project both hardware and software were required. The hard required is any
machine compatible for running the software and resources required.

3.1.1 Software Requirements

● Operating System Windows 10 or Windows 11

● Anaconda Navigator: Anaconda Navigator enables you to run specific Python programs without
using command-line commands and quickly manage conda packages, environments, and channels.
Moreover, both Anaconda Cloud and a local Anaconda Repository are searchable by Navigator.

● Arduino IDE: The Arduino IDE is an open-source software, which is used to write and upload
code to the Arduino boards. The IDE application is suitable for different operating systems such as
Windows, Mac OS X, and Linux. It supports the programming languages C and C++.

3.1.2 Hardware Requirements

• ARDUINO NANO

NANO Version 3 is the open source smallest Embedded Development board based on Atmega328
SMD Package Microcontroller. It is a Surface mount Breadboard Friendly board integrated with Mini
USB Port. DC Power Jack is not available on this Board, so power can be given through Mini USB
Cable. It automatically sense and switch to the higher potential source of power, there is no need for
the power select jumper.

Specifications:-

• Microcontroller Atmel ATmega328 SMD Package

KEC/B.TECH/CSE/2022-23 17
Three Level Authentication for Safe Lockers

• Operating Voltage (logic level) 5V

• Input Voltage (recommended) 7-12 V
• Input Voltage (limits) 6-20 V
• Digital I/O Pins 14 (of which 6 provide PWM output)
• Analog Input Pins 8
• DC Current per I/O Pin 40 mA
• Flash Memory 32 KB (of which 2KB used by bootloader)
• SRAM 2 KB
• EEPROM 1 KB
• Clock Speed 16 MHz
• Dimensions 0.70” x 1.70”

3.1 Arduino Nano

• KEYPAD

4×3 Matrix Membrane Keypad is high-quality soft touch feeling button keypad with 100 million life-
stroke lifespans and good resistance to environmental conditions. It is a high-quality product at very
low cost for your application needs.

This 12-button keypad provides a useful human interface component for microcontroller projects.
Convenient adhesive backing provides a simple way to mount the keypad in a variety of applications.

KEC/B.TECH/CSE/2022-23 18
Three Level Authentication for Safe Lockers

The Keypad 4×3 features a total of 12 buttons in Matrix form. This is a membrane keypad with no
moving parts. A female 7-pin berg connector is require for interfacing it with your microcontroller
circuits.

Specifications of 4x3 Matrix Membrane Type Keypad -12 Keys:-

• Length of cable + connector: 93mm

• 7-pin 0.1″ pitch connector
• Weight: 7.5 grams
• Keypad dimensions: 68.5mm x 76.5mm x 1mm

4×3 Matrix Membrane Keypad Features:-

• Ultra-thin design & adhesive backing provides easy integration to any project
• Excellent price-performance ratio
• Easy communication with any microcontroller
• Sticker can peel off for adhesive mounting.
• Used widely in industrial and home electronic equipments, instrument, etc.
• This allows a microcontroller to ‘scan’ the 7 output pins to see which of the 12 buttons is
being pressed

3.2 Keypad

KEC/B.TECH/CSE/2022-23 19
Three Level Authentication for Safe Lockers

• LCD

This is a basic 16 character by 2 line Alphanumeric display. White text on Blue background.
Utilizes the extremely common HD44780 parallel interface chipset . Interface code is freely available.
You will need Minimum 6 general I/O pins to interface to this LCD screen. Includes LED backlight.
Works in 4bit and 8 bit Mode.

Features:

• 16 Characters x 2 Lines
• Blue Backlight
• 5x7 Dot Matrix Character + Cursor
• HD44780 Equivalent LCD Controller/driver Built-In
• 4-bit or 8-bit MPU Interface
• Standard Type
• Works with almost any Microcontroller

3.3 LCD

KEC/B.TECH/CSE/2022-23 20
Three Level Authentication for Safe Lockers

• SERVO MOTOR

A servo motor is a type of motor that can rotate with great precision. Normally this type of
motor consists of a control circuit that provides feedback on the current position of the motor shaft,
this feedback allows the servo motors to rotate with great precision. If you want to rotate an object at
some specific angles or distance, then you use a servo motor. It is just made up of a simple motor which
runs through a servo mechanism. If motor is powered by a DC power supply then it is called DC servo
motor, and if it is AC-powered motor then it is called AC servo motor. For this tutorial, we will be
discussing only about the DC servo motor working. Apart from these major classifications, there are
many other types of servo motors based on the type of gear arrangement and operating characteristics.
A servo motor usually comes with a gear arrangement that allows us to get a very high torque servo
motor in small and lightweight packages. Due to these features, they are being used in many
applications like toy car, RC helicopters and planes, Robotics, etc.

Servo motors are rated in kg/cm (kilogram per centimeter) most hobby servo motors are rated
at 3kg/cm or 6kg/cm or 12kg/cm. This kg/cm tells you how much weight your servo motor can lift at
a particular distance. For example: A 6kg/cm Servo motor should be able to lift 6kg if the load is
suspended 1cm away from the motors shaft, the greater the distance the lesser the weight carrying
capacity. The position of a servo motor is decided by electrical pulse and its circuitry is placed beside
the motor.

3.4 Servo motor

KEC/B.TECH/CSE/2022-23 21
Three Level Authentication for Safe Lockers

• GSM SIM800L

Whether you want to monitor your home from afar or activate the sprinkler system in your
garden with a missed call; then the SIM800L GSM/GPRS module can serve as a solid launching
point.The SIM800L GSM/GPRS module is a miniature GSM modem that can be used in a variety of
IoT projects. You can use this module to do almost anything a normal cell phone can do, such as
sending SMS messages, making phone calls, connecting to the Internet via GPRS, and much more.

To top it all off, the module supports quad-band GSM/GPRS networks, which means it will work
almost anywhere in the world.

Hardware Overview
At the heart of the module is a SIM800L GSM cellular chip from Simcom.
The operating voltage of the chip ranges from 3.4V to 4.4V, making it an ideal candidate for direct
LiPo battery supply. This makes it an excellent choice for embedding in projects with limited space.

3.5 GSM SIM800L

All the necessary data pins of the SIM800L GSM chip are broken out to a 0.1″ pitch headers, including
the pins required for communication with the microcontroller over the UART. The module supports
baud rates ranging from 1200 bps to 115200 bps and features automatic baud rate detection.

The module requires an external antenna in order to connect to the network. So the module usually
comes with a helical antenna that can be soldered to it. The board also has a U.FL connector If you
wish to keep the antenna at a distance from the board.

KEC/B.TECH/CSE/2022-23 22
Three Level Authentication for Safe Lockers

There’s a SIM socket on the back! Any 2G Micro SIM card will work perfectly. The proper way to
insert the SIM card is typically engraved on the surface of the SIM socket.

Features

Even though this module is incredibly small only 1 square inch it contains a surprising number of features.
Some of them are as follows:

LED Status Indicators

The SIM800L module has an LED that indicates the status of your cellular network. It will blink at
different rates depending on the state it is in.

Blink every 1s

The chip is running but hasn’t made a connection to the cellular network yet.

KEC/B.TECH/CSE/2022-23 23
Three Level Authentication for Safe Lockers

Blink every 2s

The GPRS data connection you requested is active.

Blink every 3s

The module has made contact with the cellular network and can send/receive voice and SMS.

KEC/B.TECH/CSE/2022-23 24
Three Level Authentication for Safe Lockers

3.2 Existing System

In existing system most users are using password authentication. This authentication system validates
user for accessing the system only when they have input correct password. Passwords have been used
throughout history to verify someone's identity by checking if they possess the knowledge required (i.e., a
password) to access something. passwords were stored in a database as plain text. When you wanted to sign-
in, a gatekeeper application would ask you for your password. It would take whatever you typed in and check
if it was equal to whatever it had stored in the database and if true, you were granted access.

Disadvantages :

• Easy passwords can be cracked: The end users behaviour such as choosing passwords that are easy
to remember introduces the majority of the password weaknesses. For a hacker, these passwords can
easily be cracked or guessed. Surveys show that frequent passwords are the word password, personal
names of family members, names of pets, and dictionary words.

• Random passwords cant be remembered: A random password should not have a content, context,
and should not be familiar. It can only be learned by using it over and over again. However, since
repetition is a weak way of remembering, users often completely ignore the recommendations for
pseudo-random passwords.

• Remembering Multiple Passwords: The more passwords a person has to remember, the chances for
remembering any specific password decreases. Having multiple passwords also increases the chance
of interference among similar passwords. This is especially true for systems that are not used
frequently.

• Problems with passwords that needs to be continuously changed: Computer systems require
frequent password changes, to make the system robust from various attacks. Users must think of new
passwords that conform to all of the organizations requirements but that are also easy to remember.
System-enforced password policies, however, cannot guarantee password secrecy.

KEC/B.TECH/CSE/2022-23 25
Three Level Authentication for Safe Lockers

3.3 Proposed System

In this project, we proposed a smart locker, which is mainly based on IOT. We mainly introduce a smart
locker with face detection and voice recognition approach. After completion of face and voice recognition an
OTP is sent to the registered user mobile number, the lock will open only when the OTP is entered correctly.
If the user did not enter correct details then the lock would not open.

First the user has to register him/her with the locker. We introduce a face detection approach. Here we
have a face detector to detect the face of the user. The image of the registered user will be stored in the server
through the registration process of the user. If the face exists, then an unlock request of the locker will send.
Then the system will count the number of faces. If the count is 1 then the system will go to the next step. Then
it proceeds to next step that is voice recognition. If voice recognition is successful then an OTP is sent to
registered user mobile number. The user will enter the unlock OTP. Server will verify the OTP. If the OTP that
is send to the user and the OTP that is stored in the server is matched, then the locker will be unlocked. If any
mismatch is happened, then the system will capture an image of the intruder and send it to the server. The face
count approach will help to reduce the chance of any kind of inconvenience to occur by any unauthorized user.
This approach will ensure the security and authenticity of the locker.

Components required for Implementing the Proposed System

This proposed Smart locker system has been implemented by using the combination of some hardware
and software. In this proposed system Atmega328 microcontroller based Arduino Nano board has been used
for decision-making purpose. For locking and unlocking function 4*4 keypad has been used. The mobiles
connected with Internet to send data into the server. The keypad is used to send OTP to the server through
microcontroller. Here, a LCD (Liquid Crystal Display) is used to identify the sent OTP on the mail and given
OTP to the controller is correct. The matrix 4*4 keypad functions according to matrix. This keypad has four
columns and four rows. Every row is set to zero logic and every column is set to one. If one button is pressed,
then the row will be connected to column and change the previous column’s status into low. By scanning the
column by sending one to rows, the exact column value can be identified.

KEC/B.TECH/CSE/2022-23 26
Three Level Authentication for Safe Lockers

Advantages:

• It’s More Secure: While passwords are still widely used to screen out unauthorized users, they are
insecure and impractical. Phishing attacks are getting increasingly sophisticated, making it easy for
hackers to obtain your login credentials. They can also be either guessed, tracked with keylogging
surveillance, or cracked through brute force attack.

• It’s User Friendly: Most identity verification technologies come with a learning curve. However,
facial recognition simply requires a person to stand in front of a camera or screen to be scanned. No
need for downtime to learn how to use it.

• It’s Convenient: Even if you have robust password policies such as using password generator
software, changing them regularly, and requiring two-factor authentication if a person loses access to
their generator or forgets their password, they have to go through a process of recovery, then coming
up with a different (previously unused) password.

KEC/B.TECH/CSE/2022-23 27
Three Level Authentication for Safe Lockers

CHAPTER-4
SYSTEM DESIGN

KEC/B.TECH/CSE/2022-23 28
Three Level Authentication for Safe Lockers

System Design

4.1. Architectural diagram

This chapter introduces the system design of the new authentication process. Unlike the traditional
authentication techniques (e.g., username and password, bio-metric identity, RSA securId), this new
authentication method requires at least two associated (paired) devices to complete the authentication process.

This new authentication method is a one-factor authentication mechanism. Furthermore, this technique uses
at least two user devices as the “what the user has” factor of authentication. Instead of using additional devices
(e.g., hardware token, id-card), using user devices is a cost-effective solution to implement this authentication
process. Therefore, the authentication process implementations are easy to deploy into systems.

The association of multiple devices with a user is an innovative way to prevent device theft. All user devices
need to be granted a private key or create their own private key, during the registration phase. In this regard,
all of the associated devices need to participate in the authentication process. For example, if two smartphones
are associated with a particular user and one of them is stolen, the attacker needs the private key of the other
device to authenticate the stolen device.

The public key infrastructure (PKI) has been used to ensure confidentiality and integrity of shared information
during the authentication process . The device pairing process is an essential part to sharing public keys of the
devices. The device pairing process should be done in registration phase and the registration should be
performed before the authentication starts.

Figure 4.1.1. Architectural diagram

KEC/B.TECH/CSE/2022-23 29
Three Level Authentication for Safe Lockers

During the current investigation and analysis of the process, the following assumptions have been made:

• The public key infrastructure is sound and robust against network-based attacks (e.g.: man in the middle,
eavesdropping, masquerading).

• The device registration process was completed properly and the devices were paired with each other and
the user.

Figure 3.1 provides an overview of the authentication process with two devices. In the first step, the
authentication process starts with an access request from the first device. Then in the second step, the
authenticator server generates an authentication challenge and sends it to the first device. In the third step, the
first device transmits the challenge to the second device. In the fourth step, the second device generates a
response and sends this response to the authenticator server. Finally, in the fifth step, if the received
authentication challenge is valid, the server sends a successful access acknowledgment to the access requesting
device.

Figure 4.1.2. An example of the authentication process using two devices.

4.2. E-R Diagram

An entity–relationship model describes interrelated things of interest in a specific domain of knowledge.

A basic ER model is composed of entity types and specifies relationships that can exist between entities.

KEC/B.TECH/CSE/2022-23 30
Three Level Authentication for Safe Lockers

4.2. Block diagram

4.3 UML Diagram

Unified Modeling Language (UML) is a general purpose modelling language. The main aim of UML is to
define a standard way to visualize the way a system has been designed. It is quite similar to blueprints used
in other fields of engineering.UML is not a programming language, it is rather a visual language. We use
UML diagrams to portray the behavior and structure of a system.
There are different types of UML diagrams :

4.3.1 Class Diagram

The most widely use UML diagram is the class diagram. It is the building block of all object oriented
software systems. We use class diagrams to depict the static structure of a system by showing system’s
classes,their methods and attributes. Class diagrams also help us identify relationship between different
classes or objects.

KEC/B.TECH/CSE/2022-23 31
Three Level Authentication for Safe Lockers

4.3.1 Class diagram

4.3.2 Object Diagram

An Object Diagram can be referred to as a screenshot of the instances in a system and the relationship that
exists between them. Since object diagrams depict behaviour when objects have been instantiated, we are
able to study the behaviour of the system at a particular instant. An object diagram is similar to a class
diagram except it shows the instances of classes in the system. We depict actual classifiers and their
relationships making the use of class diagrams. On the other hand, an Object Diagram represents specific
instances of classes and relationships between them at a point of time.

4.3.2 Object Diagram

KEC/B.TECH/CSE/2022-23 32
Three Level Authentication for Safe Lockers

4.3.3 Deployment Diagram

Deployment Diagrams are used to represent system hardware and its software. It tells us what hardware
components exist and what software components run on them. We illustrate system architecture as
distribution of software artifacts over distributed targets. An artifact is the information that is generated by
system software. They are primarily used when a software is being used, distributed or deployed over
multiple machines with different configurations.

4.3.3 deployment diagram

4.3.4 Use Case Diagrams
Use Case Diagrams are used to depict the functionality of a system or a part of a system. They are widely
used to illustrate the functional requirements of the system and its interaction with external agents(actors).
A use case is basically a diagram representing different scenarios where the system can be used. A use case
diagram gives us a high level view of what the system or a part of the system does without going into
implementation details.

KEC/B.TECH/CSE/2022-23 33
Three Level Authentication for Safe Lockers

4.3.4 Usecase diagram

4.3.5 Sequence Diagram

A sequence diagram simply depicts interaction between objects in a sequential order i.e. the order in which
these interactions take place. We can also use the terms event diagrams or event scenarios to refer to a
sequence diagram. Sequence diagrams describe how and in what order the objects in a system function.
These diagrams are widely used by businessmen and software developers to document and understand
requirements for new and existing systems.

KEC/B.TECH/CSE/2022-23 34
Three Level Authentication for Safe Lockers

4.3.5 Sequence diagram

4.3.6 State Machine Diagrams
A state diagram is used to represent the condition of the system or part of the system at finite instances of
time. It’s a behavioral diagram and it represents the behavior using finite state transitions. State diagrams
are also referred to as State machines and State-chart Diagrams . These terms are often used
interchangeably. So simply, a state diagram is used to model the dynamic behavior of a class in response to
time and changing external stimuli.

4.3.6. State chart diagram

KEC/B.TECH/CSE/2022-23 35
Three Level Authentication for Safe Lockers

4.3.7 Activity Diagrams

We use Activity Diagrams to illustrate the flow of control in a system. We can also use an activity diagram
to refer to the steps involved in the execution of a use case. We model sequential and concurrent activities
using activity diagrams. So, we basically depict workflows visually using an activity diagram. An activity
diagram focuses on condition of flow and the sequence in which it happens. We describe or depict what
causes a particular event using an activity diagram.

4.3.7 Activity Diagram

KEC/B.TECH/CSE/2022-23 36
Three Level Authentication for Safe Lockers

CHAPTER-5
TESTING AND RESULTS

KEC/B.TECH/CSE/2022-23 37
Three Level Authentication for Safe Lockers

Testing and Results

5.1 Testing

• Alpha Testing

Alpha testing is conducted in the organization and tested by a representative group of end-users at the
developer's side and sometimes by an independent team of testers. Alpha testing is simulated or real
operational testing at an in-house site. It comes after the unit testing, integration testing, etc. Alpha
testing used after all the testing are executed. It can be a white box, or Black-box testing depends on
the requirements - particular lab environment and simulation of the actual environment required for
this testing.

Alpha testing follows the following process:

1. Requirement Review: Review the design of the specification and functional requirement
2. Test Development: Test development is base on the outcome of the requirement review. Develop
the test cases and test plan.
3. Test case design: Execute the test plan and test cases.
4. Logging Defects: Logging the identified and detected bug found in the application.
5. Bug Fixation: When all the bugs are identified and logged, then there is a need to fix the bug.
6. Retesting: When all the issues are solved, and fixed retesting is done.

• Beta Testing

Beta testing is performed by real users of the software application in a real environment. Beta
testing is one of the types of User Acceptance Testing. A Beta version of the software, whose
feedback is needed, is released to a limited number of end-users of the product to obtain feedback
on the product quality. Beta testing helps in minimization of product failure risks and it provides
increased quality of the product through customer validation. It is the last test before shipping a
product to the customers. One of the major advantages of beta testing is direct feedback from
customers.

KEC/B.TECH/CSE/2022-23 38
Three Level Authentication for Safe Lockers

Characteristics of Beta Testing:

1. Beta Testing is performed by clients or users who are not employees of the company.
2. Reliability, security, and robustness are checked during beta testing.
3. Beta Testing commonly uses black-box testing.
4. Beta testing is carried out in the user’s location.
5. Beta testing doesn’t require a lab or testing environment.

Types of Beta Testing:

There are different types of beta testing:

1. Traditional Beta testing: Product is distributed to the target market and related data is
gathered in all aspects. This data can be used for Product improvement.
2. Public Beta Testing: Product is released publicly to the world through online channels and
data can be collected from anyone. Based on feedback, product improvements can be done. For
example, Microsoft conducted the largest of all Beta Tests for its operating system Windows 8
before officially releasing it.
3. Technical Beta Testing: Product is released to a group of employees of an organization and
collects feedback/data from the employees of the organization.
4. Focused Beta Testing: Software product is released to the market for collecting feedback on
specific features of the program. For example, important functionality of the software.
5. Post-release Beta Testing: Software product is released to the market and data is collected to
make improvements for the future release of the product.

• White box testing

This techniques analyze the internal structures the used data structures, internal design, code
structure, and the working of the software rather than just the functionality as in black box testing. It
is also called glass box testing or clear box testing or structural testing. White Box Testing is also
known as transparent testing, open box testing.
White box testing is a software testing technique that involves testing the internal structure
and workings of a software application. The tester has access to the source code and uses this
knowledge to design test cases that can verify the correctness of the software at the code level.

KEC/B.TECH/CSE/2022-23 39
Three Level Authentication for Safe Lockers

White box testing is also known as structural testing or code-based testing, and it is used to
test the software’s internal logic, flow, and structure. The tester creates test cases to examine the
code paths and logic flows to ensure that they meet the specified requirements.

Working process of white box testing:

• Input: Requirements, Functional specifications, design documents, source code.
• Processing: Performing risk analysis for guiding through the entire process.
• Proper test planning: Designing test cases so as to cover the entire code. Execute rinse-repeat
until error-free software is reached. Also, the results are communicated.
• Output: Preparing final report of the entire testing process.

White Box Testing Types

White box testing refers to a variety of testing methods that are used to assess the usability
of an application, a piece of code, or a specific software package. The following is a list −

• Unit testing − Unit testing is frequently the first type of application testing performed. As each
unit or block of code is developed, it is subjected to unit testing. The programmer is primarily
responsible for unit testing. As a software developer, you write a few lines of code, a single
function, or an object, then test it to ensure it works before moving on to the next step. Early in
the software development lifecycle, unit testing helps in the detection of the majority of issues.
Bugs discovered at this stage are less expensive and easier to fix.
• Testing for Memory Leaks − Memory leaks are one of the most common reasons for slow-
running apps. When you have a slow-running software application, you need a QA professional
who is skilled in detecting memory leaks. Apart from the aforementioned, both black box and
white box testing include a few forms of testing. Below is a list of them.
• White Box Penetration Testing − In this type of testing, the tester/developer has access to the
entire source code of the program, as well as extensive network information, IP addresses
involved, and all server information. The goal is to attack the code from several aspects in order
to expose security flaws.
• White Box Mutation Testing − White box mutation testing is frequently used to determine the
optimum coding strategies for growing a software solution.
• Black box

This testing is a type of software testing in which the functionality of the software is not known.
The testing is done without the internal knowledge of the products.

KEC/B.TECH/CSE/2022-23 40
Three Level Authentication for Safe Lockers

Black box testing can be done in the following ways:

1. Syntax-Driven Testing –
This type of testing is applied to systems that can be syntactically represented by some language. For
example- compilers, language that can be represented by context-free grammar. In this, the test cases
are generated so that each grammar rule is used at least once.
2. Equivalence partitioning –
It is often seen that many types of inputs work similarly so instead of giving all of them separately
we can group them and test only one input of each group. The idea is to partition the input domain
of the system into several equivalence classes such that each member of the class works similarly,
i.e., if a test case in one class results in some error, other members of the class would also result in
the same error.

Black Box Testing Types

The following are the several categories of black box testing:
1. Functional Testing
2. Regression Testing
3. Nonfunctional Testing (NFT)
Functional Testing: It determines the system’s software functional requirements.
Regression Testing: It ensures that the newly added code is compatible with the existing code. In
other words, a new software update has no impact on the functionality of the software. This is carried
out after a system maintenance operation and upgrades.
Nonfunctional Testing: Nonfunctional testing is also known as NFT. This testing is not functional
testing of software. It focuses on the software’s performance, usability, and scalability.

• Integration Testing

Integration testing is the technique in which individual components or modules are grouped
together and tested. It occurs after testing. The input for the integrated testing, are the modules that
have already been unit tested.

KEC/B.TECH/CSE/2022-23 41
Three Level Authentication for Safe Lockers

• System Testing

System testing is conducted on the entire system as a whole to check whether the system meets
its requirements or not. ‘Valar Morghulis’ was installed on different systems and any errors or bugs that
occurred were fixed.

• Acceptance Testing

User Acceptance is defined as a type of testing performed by the Client to certify the system
with respect to the requirements that was agreed upon. This testing happens in the final phase of
testing before moving the software application to the Market or Production environment.

5.2. Results

In this chapter, the new authentication process design presented will be examined, and the implementations
presented will be tested in detail. First, the authentication process was validated by using an automated
validation tool for Internet security process. Then, the implementations were tested by using different devices
and platforms to determine their performance.

5.2.1 Model Checking

In this section, the authentication process is modelled and verified. To verify that the authentication process
guarantees authenticity and secrecy of the communication between devices and the authenticator server, a
model checker must be used. Thus, AVISPA model checker was used to check authenticity and secrecy
properties. Automated Validation of Internet Security Process and Applications (AVISPA) is an automated
model checker for large scaled security process. The AVISPA automation tool supports four verification
backend tools :

• OFMC (On-the-fly model checker)

• CL-AtSe (Constraint Logic based Attack Searcher)

• SATMC (SAT-based Model-Checker)

• TA4SP (Tree based model checker)

KEC/B.TECH/CSE/2022-23 42
Three Level Authentication for Safe Lockers

Figure 5.2.1 HLPSL specification in Alice and Bob notation.

CL-AtSe and SATMC backend platforms are used to verify the bounded number of sessions and process
falsification. OFMC backend is useful for detecting guessing and replay attacks . TA4SP backend provides
unbounded security process verification by using tree-based languages .

5.2.2 Modelling the Process

In order to verify the authentication process with AVISPA, the process was modelled with HLPSL. High-Level
Process Specification Language (HLPSL) is a language for modelling and specifying security process. HLPSL
uses Alice and Bob notation to model

security process .

The authentication process was modelled by using HLPSL in Alice and Bob notation as shown in Figure 5.2.1.
The server represents the system that authenticates the devices.

Alice represents the first device and Bob represents the second device of the authentication process. Ka, Kb,
Ks are the public keys of the first device, the second device, and the server respectively. The inverse function
(inv) retrieves the private keys of the public keys.

There are two security goals exist in the AVISPA. To verify if the devices are being authenticated, the following
goals were specified:

• Authentication on the first device

KEC/B.TECH/CSE/2022-23 43
Three Level Authentication for Safe Lockers

• Authentication on device two

Furthermore, to verify if the authentication communication was kept secret, the following goal was specified:

• Secrecy of hashed message

5.2.3 Experimental Setup

The implementations of the authentication process use two devices and a web server application.
During the experiments, three different Android smartphones and two different laptop computers were used.
Table 5.1 shows the technical specifications of the devices, which are used during the experiments. One device
is a Samsung Galaxy S3 I9300, which has a

Quad-core 1.4 GHz processor, 1GB RAM, 16GB storage, a 2100mAh lithium ion battery, a

8MP camera and Android 4.4.4 operating system. The second mobile device is a LG Nexus

Table 5.1 Test devices’ technical specifications

Device name Technical specification

Samsung Galaxy S3 I9300 Quad-core 1.4 GHz CPU
1GB RAM
16GB storage
2100mAh lithium ion battery
8MP camera
Android 4.4.4 operating system
LG Nexus 4 Quad-core 1.5 GHz CPU
2GB RAM
16GB storage
2100mAh lithium ion battery
8MP camera
Android 4.4.4 operating system

KEC/B.TECH/CSE/2022-23 44
Three Level Authentication for Safe Lockers

Motorola Nexus 6 Quad-core 2.7 GHz CPU

3GB RAM
32GB storage
3320mAh lithium ion battery
13MP camera
Android 5.0 operating system
MacBook Pro 2.2 GHz Intel Core i7 CPU
8GB RAM
750GB storage
Mac OS X Yosemite operating system
Windows computer 2.1 GHz Intel Core i5 CPU
8GB RAM
250GB storage
Windows 7 operating system
4, which has a quad-core 1.5 GHz processor, 2GB RAM, 16GB storage, a 2100mAh lithium ion battery, a
8MP Camera and Android 4.4.4 operating system. The last smartphone is a Motorola Nexus 6, which has
Qualcomm Snapdragon 805 processor with 2.7GHz quad-core processor, 3GB RAM, 32GB storage, a
3320mAh lithium ion battery, a 13MP camera and android 5.0 operating system. The web server application
was run on a MacBook Pro, which has 8GB RAM, a 2.2 GHz Intel Core i7 processor and 750GB storage. The
other laptop computer is a Windows 7 machine, which has 8GB RAM, a 2.1 GHz Intel Core i5 processor and
250GB storage.

Figure 5.2.3 Authentication time measurement of the process.

KEC/B.TECH/CSE/2022-23 45
Three Level Authentication for Safe Lockers

For each process implementation, the same tests were performed. For each test, 20 iterations of the
authentication procedure were executed to measure the average authentication time, memory usage, network
consumption, and battery drain on each device. Authentication time was measured by summing up two
different timer functions not including human interaction time. The first timer starts at time T1 and ends at
time T3 as shown in Figure 5.1. Then the second timer starts at time T4 and ends at time T6. As a result,
execution time calculated as shown below:

ExecutionTime = (T3 − T1) + (T6 − T4)

The memory usage was measured by Android DDMS (Dalvik Debug Monitor Server) [49]. The sampling
frequency of the allocated memory on the heap was set to 10 seconds. The network consumption was measured
by the network traffic tool provided by Android DDMS. To measure battery consumption, a third-party tool
was used. During the experiments, mobile devices and computers never went to sleep. Target programs were
compiled with Eclipse Luna using required frameworks. The web server application implementation has a
total of 2184 lines of code (not including empty lines). The desktop application has a total of 1339 lines of
code (not including empty lines) and the Android mobile application has a total of 2467 lines of code without
empty lines.

Table 5.2. Process implementation test configurations

Test Test Test Test
configuration configuration configuration configuration
described in described in described in described in
Sub- Sub- Sub- Sub-
section 5.2.2.1 section 5.2.2.1 section 5.2.2.2 section 5.2.2.3
First Device Samsung Galaxy LG Nexus 4 Samsung Galaxy Laptop
S3 S3
Second LG Nexus 4 Samsung Galaxy LG Nexus 4 LG Nexus 6
Device S3
Challenge QR Code QR Code NFC QR Code
Table 5.3. Experimental results with the first configuration described in Subsection 5.2.3.1

Device Execution Network Usage Memory Usage Battery

Time (s) (bytes) (MB) Consumption
(Joule)

KEC/B.TECH/CSE/2022-23 46
Three Level Authentication for Safe Lockers

First Device 0.0754 4749.3 4.055 14.4

(Samsung S3)
Second Device 0.0754 476.2 9.380 4.1
(LG Nexus 4)
5.2.3 Results
Table 5.2 shows the different test configurations with multiple devices. These test configurations were
designed to evaluate the individual performance of each process implementation presented in Chapter 4.

5.2.3.1 Test: Device One: a Smartphone, Device Two: a Smartphone, Challenge Transmission by QR Code

The authentication process implementation presented in Subsection 4.4.1 was tested. Two Android
smartphones were used to represent the first and second devices. In this implementation, two sets of tests were
performed. First, the experiments were performed with a Samsung Galaxy S3 as the first device and an LG
Nexus 4 as the second device.

Then, the second experiments were performed with an LG Nexus 4 as the first device and a Samsung Galaxy
S3 as the second device.

Table 5.3 shows the test results with a Samsung Galaxy S3 as the first device and an LG Nexus 4 as the second
device. Similarly, Table 5.4 shows the results with an LG Nexus 4 as the first device and a Samsung Galaxy
S3 as the second device. Average execution time for one complete authentication is 0.0754 seconds with the
first configuration. To demonstrate the efficiency of the system, the time performance was measured with a
different set of Table 5.4.

Table 5.4 Experimental results with the second configuration described in Subsection 5.2.3.1

Device Execution Network Usage Memory Usage Battery

Time (s) (bytes) (MB) Consumption
(Joule)
First Device 0.0739 4674.3 10.2 11.3
(LG Nexus 4)
Second Device 0.0739 481.2 3.3 5
(Samsung S3)

KEC/B.TECH/CSE/2022-23 47
Three Level Authentication for Safe Lockers

smartphones, in which the first device was upgraded to a device with better resources (e.g., faster CPU, bigger
memory) as shown in Table 5.4. As a result, execution time was not

significantly affected by the specification of the device.

The network usage for the first device is approximately 10 times higher than the second device on each test.
Indeed, the server exchanges more data with the first device. There are three network communications between
the server and the first device and one of them contains an image. Between the server and the second device,
there is only one network communication, and this communication does not contain large data (e.g., an image).

The LG Nexus 4 consumes more memory than the Samsung Galaxy S3 in each test. Memory allocation is
managed by the Android operating system . Since the LG Nexus 4 has larger memory, the memory allocation
on runtime is larger for the LG Nexus 4 regardless of its role (e.g., the first or second device) in the
authentication system.

Since both smartphones are using the same battery, it is expected that they will have close battery consumption
results during the authentication process. The slight difference comes from the screen contrast setup of each
phone. Furthermore, the network consumption causes a slight difference between the first and second device
on the battery consumption. Since the first device uses more network, it also consumes more battery. To better
understand the battery drain, average battery consumption of the Android message application was measured
while sending a message. To send a message, this application consumes 7.4j energy with the Samsung Galaxy
S3.

Table 5.5. Experimental results described in Subsection 5.2.3.2

Device Execution Network Usage Memory Usage Battery
Time (s) (bytes) (MB) Consumption
(Joule)
First Device 0.0689 628.2 3.65 8.2
(Samsung S3)
Second Device 0.0689 476.2 8.992 5.6
(LG Nexus 4)
5.2.2.2 Test: Device One: a Smartphone, Device Two: a Smartphone, Challenge Transmission by NFC

The authentication process implementation presented in Subsection 4.4.2 was tested. Similar to the previous
implementation, this implementation also contains two Android smartphones to represent the first and second
devices. Furthermore, NFC technology was used to transmit the challenge. One set of tests was performed to

KEC/B.TECH/CSE/2022-23 48
Three Level Authentication for Safe Lockers

measure the performance differences while transmitting the challenge with NFC technology. The experiment
was performed with a Samsung Galaxy S3 as the first device and an LG Nexus 6 as the second

device.

Table 5.5 shows the experimental results for the specific implementation presented in Subsection 4.4.2. The
average execution time for one authentication process is 0.0689 seconds. Since only one device is being
authenticated during the authentication process, the same execution time was measured for both devices.

The network usage for the first device is approximately 30% greater than the second device. Sending a random
number instead of a QR code image for challenge transmission results closer network usage numbers for both
devices. Because the first device makes more network communications than the second device during the
authentication process, the battery usage is slightly higher in the first device.

5.2.2.3 Test: Device One: a Laptop Computer, Device Two: a Smartphone, Challenge Transmission by QR
Code

The last experiment was performed on the implementation presented in Subsection 4.4.3.Instead of using two
Android devices, a Windows laptop computer and an Android smart

Table 5.6. Experimental results described in Subsection 5.3.2.3

Device Execution Network Usage Memory Usage Battery

Time (s) (bytes) (MB) Consumption
(Joule)
First Device 0.0717 4987 80 16.9
(Windows
Computer)
Second Device 0.0717 520 22 6.1
(Motorola Nexus 6)
Table 5.7. Implementations with different system configurations

Implementation Implementation Implementation

system system system
configuration 1 configuration 2 configuration 3
First Device Smartphone Smartphone Laptop

KEC/B.TECH/CSE/2022-23 49
Three Level Authentication for Safe Lockers

Second Device Smartphone Smartphone Smartphone

Challenge QR Code NFC QR Code
phone (Motorola Nexus 6) were used for the authentication process. For challenge transmission, a QR code
image was used.

Table 5.6 presents the test results for the specific implementation presented in Subsection 4.4.3. Similar to the
previous tests, the execution time measured the same for the first and second device. QR code image dominates
the network usage on the first device. On the other hand, since the smartphone only sends a random number,
not the QR code, the network usage on the second device is noticeably lower than the first device.

The first device uses 80 MB and the second device uses 22 MB of memory space. Memory allocation is
entirely managed by the Windows and Android operating systems for the laptop computer and the smartphone
respectively. Hence, the monitored memory space is not related to application size.

5.3 Implementation

5.3.1 Public Key Infrastructure Setup

The asymmetric encryption was implemented for all communication steps in the authentication process. To
implement asymmetric encryption, RSA encryption algorithm was used in Java [40]. During the registration
process, the server shares its public key with the device. Then, the device creates its own public and private
key pair and sends the public key to the server. In every communication step, the server encrypts the data with
devices’ public key. Also, the devices decrypt the data with their private key as shown in Figure 5.3. For
example, in the second step in Figure 4.3, the server generates a random number and sends it to the first device.
The server encrypts this message with the first device’s public key. After the first device receives this encrypted
data, it decrypts by using its private key.

In order to prove the authenticity of the data in the system communication, a digital signature scheme was
used. In every communication step, the data are signed with the devices’ private key as shown Figure 5.3.
First, the server creates a hash function by using

KEC/B.TECH/CSE/2022-23 50
Three Level Authentication for Safe Lockers

Figure 5.3. Implementation of the system design.

SHA-1 hashing algorithm. SHA-1 is a cryptographic hash function . Then, in the second step, the server
encrypts the hash function with its own private key by using RSA encryption algorithm, which creates the
signature. Finally, the signature and the data are merged by the server and sent to the device as digitally signed
data. After the device receives the signed data, it needs to verify it. First, the signature is decrypted with the
server’s public key by using the same algorithm; then the device creates another hash code from the data.
Finally, if the two hash codes match with each other, the authenticity of the data is ensured.5.3.2 Registration
Phase

One particular registration process was implemented in order to perform the authentication process. In this
section, the registration phase implementation is explained in detail.

5.3.3 Authentication Phase

In this section, a different set of implementations of the authentication process will be presented. All these
implementations were embodied from the authentication process. Although these implementations were
designed with a different set of system configurations, they use the same shared modules.

KEC/B.TECH/CSE/2022-23 51
Three Level Authentication for Safe Lockers

5.4. Project Code

5.4.1 Arduino Code
#include <Wire.h>

#include <LiquidCrystal_I2C.h>

#include <Keypad.h>

#include <SoftwareSerial.h>

#include<Servo.h>

SoftwareSerial mySerial(3,2); //SIM800L Tx & Rx is connected to Arduino #3 & #2

Servo myServo;

#define Password_Length 4

int pos=0;

byte data_count = 0, master_count = 0;

bool Pass_is_good;

char customKey;

String values,Data;

bool flag=false;

const byte ROWS = 4;

const byte COLS = 3;

int Count=0;

char hexaKeys[ROWS][COLS] = {

{'1', '2', '3'},

{'4', '5', '6'},

{'7', '8', '9'},

{'*', '0', '#'}

};

byte rowPins[ROWS] = {12,11,10 ,8};

byte colPins[COLS] = {7,6,5};

Keypad customKeypad = Keypad(makeKeymap(hexaKeys), rowPins, colPins, ROWS, COLS);

LiquidCrystal_I2C lcd(0x27, 16, 2);

void GSM_setup()

lcd.clear();

lcd.setCursor(0,0);

KEC/B.TECH/CSE/2022-23 52
Three Level Authentication for Safe Lockers

lcd.print("your OTP Send to");

lcd.setCursor(0,1);

lcd.print("Your Phone");

delay(2000);

//Begin serial communication with Arduino and Arduino IDE (Serial Monitor)

//Serial.begin(9600);

//Begin serial communication with Arduino and SIM800L

mySerial.begin(9600);

Serial.println("Initializing...");

delay(1000);

mySerial.println("AT"); //Once the handshake test is successful, it will back to OK

updateSerial();

mySerial.println("AT+CMGF=1"); // Configuring TEXT mode

updateSerial();

mySerial.println("AT+CMGS=\"+919381279848\"");//change ZZ with country code and xxxxxxxxxxx with phone number to sms

updateSerial();

mySerial.print("Your OTP :"+values); //text content

updateSerial();

mySerial.write(26);

lcd.clear();

lcd.setCursor(0,0);

lcd.print("Enter Your OTP");

void updateSerial()

delay(500);

while (Serial.available())

mySerial.write(Serial.read());//Forward what Serial received to Software Serial Port

while(mySerial.available())

KEC/B.TECH/CSE/2022-23 53
Three Level Authentication for Safe Lockers

Serial.write(mySerial.read());//Forward what Software Serial received to Serial Port

void setup(){

Serial.begin(9600);

lcd.init();

lcd.backlight();

lcd.setCursor(5,0);

lcd.print(" 3-Level ");

lcd.setCursor(0,1);

lcd.print("Authentication");

myServo.attach(9);

myServo.write(0);

void loop()

while(Serial.available()>0)

values=Serial.readString();

lcd.clear();

lcd.setCursor(0,1);

lcd.print("OTP is Ready..!");

delay(1000);

GSM_setup();

flag=true;

Again:

if(flag==true)

do

//lcd.clear();

//lcd.setCursor(0,0);

KEC/B.TECH/CSE/2022-23 54
Three Level Authentication for Safe Lockers

//lcd.print("Enter Your OTP");

customKey = customKeypad.getKey();

if (customKey)

Data += customKey;

lcd.setCursor(0,1);

lcd.print(Data);

data_count++;

if(data_count==4){

data_count=0;

break;

}while(1);

if(values == Data){

lcd.clear();

lcd.setCursor(0,1);

//Serial.println("Hello");

lcd.print("Door is Opened");

//digitalWrite(Relay, HIGH);

for (pos = 0; pos <= 180; pos += 1) { // goes from 0 degrees to 180 degrees

// in steps of 1 degree

myServo.write(pos);

//lcd.print(pos);

// tell servo to go to position in variable 'pos'

delay(15); // waits 15 ms for the servo to reach the position

delay(3000);

//digitalWrite(Relay, LOW);

lcd.clear();

lcd.print("Door is Closed");

for (pos = 180; pos >= 0; pos -= 1) { // goes from 180 degrees to 0 degrees

myServo.write(pos);

KEC/B.TECH/CSE/2022-23 55
Three Level Authentication for Safe Lockers

//lcd.print(pos);// tell servo to go to position in variable 'pos'

delay(15); // waits 15 ms for the servo to reach the position

Data="";

flag=false;

else

lcd.clear();

lcd.setCursor(0,0);

lcd.print("InCorrect OTP");

Data="";

Count=Count+1;

if (Count<3)

lcd.setCursor(0,1);

lcd.print("Please Try Aganin..!!");

delay(2000);

lcd.clear();

lcd.print("Enter Your OTP");

goto Again;

else

lcd.clear();

lcd.setCursor(2,0);

lcd.print("Max Chances");

lcd.setCursor(0,1);

lcd.print("Completed..!!");

flag=false;

}}

KEC/B.TECH/CSE/2022-23 56
Three Level Authentication for Safe Lockers

5.4.2. Python code

from Detector import main_app,flag,pred

from create_classifier import train_classifer

from create_dataset import start_capture

import tkinter as tk

from tkinter import font as tkfont

from tkinter import messagebox,PhotoImage

import speech_recognition as sr

import serial

import time

import math

import random

r = sr.Recognizer()

digit="0123456789"

OTP =""

names = set()

class MainUI(tk.Tk):

def __init__(self, *args, **kwargs):

tk.Tk.__init__(self, *args, **kwargs)

global names

with open("nameslist.txt", "r") as f:

x = f.read()

z = x.rstrip().split(" ")

for i in z:

names.add(i)

self.title_font = tkfont.Font(family='Helvetica', size=16, weight="bold")

self.title("Face Recognizer")

self.resizable(False, False)

self.geometry("500x250")

self.protocol("WM_DELETE_WINDOW", self.on_closing)

self.active_name = None

container = tk.Frame(self)

container.grid(sticky="nsew")

KEC/B.TECH/CSE/2022-23 57
Three Level Authentication for Safe Lockers

container.grid_rowconfigure(0, weight=1)

container.grid_columnconfigure(0, weight=1)

self.frames = {}

for F in (StartPage, PageOne, PageTwo, PageThree, PageFour):

page_name = F.__name__

frame = F(parent=container, controller=self)

self.frames[page_name] = frame

frame.grid(row=0, column=0, sticky="nsew")

self.show_frame("StartPage")

def show_frame(self, page_name):

frame = self.frames[page_name]

frame.tkraise()

#self.controller.show_frame("PageFive")

def on_closing(self):

if messagebox.askokcancel("Quit", "Are you sure?"):

global names

f = open("nameslist.txt", "a+")

for i in names:

f.write(i+" ")

self.destroy()

class StartPage(tk.Frame):

def __init__(self, parent, controller):

tk.Frame.__init__(self, parent)

self.controller = controller

#load = Image.open("homepagepic.png")

#load = load.resize((250, 250), Image.ANTIALIAS)

render = PhotoImage(file='homepagepic.png')

img = tk.Label(self, image=render)

img.image = render

img.grid(row=0, column=1, rowspan=4, sticky="nsew")

label = tk.Label(self, text=" Home Page ", font=self.controller.title_font,fg="#263942")

label.grid(row=0, sticky="ew")

button1 = tk.Button(self, text=" Add a User ", fg="#ffffff", bg="#263942",command=lambda:

self.controller.show_frame("PageOne"))

KEC/B.TECH/CSE/2022-23 58
Three Level Authentication for Safe Lockers

button2 = tk.Button(self, text=" Check a User ", fg="#ffffff", bg="#263942",command=lambda:

self.controller.show_frame("PageTwo"))

button3 = tk.Button(self, text="Quit", fg="#263942", bg="#ffffff", command=self.on_closing)

button1.grid(row=1, column=0, ipady=3, ipadx=7)

button2.grid(row=2, column=0, ipady=3, ipadx=2)

button3.grid(row=3, column=0, ipady=3, ipadx=32)

def on_closing(self):

if messagebox.askokcancel("Quit", "Are you sure?"):

global names

with open("nameslist.txt", "w") as f:

for i in names:

f.write(i + " ")

self.controller.destroy()

class PageOne(tk.Frame):

def __init__(self, parent, controller):

tk.Frame.__init__(self, parent)

self.controller = controller

tk.Label(self, text="Enter the name", fg="#263942", font='Helvetica 12 bold').grid(row=0, column=0, pady=10, padx=5)

self.user_name = tk.Entry(self, borderwidth=3, bg="lightgrey", font='Helvetica 11')

self.user_name.grid(row=0, column=1, pady=10, padx=10)

self.buttoncanc = tk.Button(self, text="Cancel", bg="#ffffff", fg="#263942", command=lambda:

controller.show_frame("StartPage"))

self.buttonext = tk.Button(self, text="Next", fg="#ffffff", bg="#263942", command=self.start_training)

self.buttoncanc.grid(row=1, column=0, pady=10, ipadx=5, ipady=4)

self.buttonext.grid(row=1, column=1, pady=10, ipadx=5, ipady=4)

def start_training(self):

global names

if self.user_name.get() == "None":

messagebox.showerror("Error", "Name cannot be 'None'")

return

elif self.user_name.get() in names:

messagebox.showerror("Error", "User already exists!")

return

elif len(self.user_name.get()) == 0:

KEC/B.TECH/CSE/2022-23 59
Three Level Authentication for Safe Lockers

messagebox.showerror("Error", "Name cannot be empty!")

return

name = self.user_name.get()

names.add(name)

self.controller.active_name = name

self.controller.frames["PageTwo"].refresh_names()

self.controller.show_frame("PageThree")

class PageTwo(tk.Frame):

def __init__(self, parent, controller):

tk.Frame.__init__(self, parent)

global names

self.controller = controller

tk.Label(self, text="Select user", fg="#263942", font='Helvetica 12 bold').grid(row=0, column=0, padx=10, pady=10)

self.buttoncanc = tk.Button(self, text="Cancel", command=lambda: controller.show_frame("StartPage"), bg="#ffffff",

fg="#263942")

self.menuvar = tk.StringVar(self)

self.dropdown = tk.OptionMenu(self, self.menuvar, *names)

self.dropdown.config(bg="lightgrey")

self.dropdown["menu"].config(bg="lightgrey")

self.buttonext = tk.Button(self, text="Next", command=self.nextfoo, fg="#ffffff", bg="#263942")

self.dropdown.grid(row=0, column=1, ipadx=8, padx=10, pady=10)

self.buttoncanc.grid(row=1, ipadx=5, ipady=4, column=0, pady=10)

self.buttonext.grid(row=1, ipadx=5, ipady=4, column=1, pady=10)

def nextfoo(self):

if self.menuvar.get() == "None":

messagebox.showerror("ERROR", "Name cannot be 'None'")

return

self.controller.active_name = self.menuvar.get()

self.controller.show_frame("PageFour")

def refresh_names(self):

global names

self.menuvar.set('')

self.dropdown['menu'].delete(0, 'end')

KEC/B.TECH/CSE/2022-23 60
Three Level Authentication for Safe Lockers

for name in names:

self.dropdown['menu'].add_command(label=name, command=tk._setit(self.menuvar, name))

class PageThree(tk.Frame):

def __init__(self, parent, controller):

tk.Frame.__init__(self, parent)

self.controller = controller

self.numimglabel = tk.Label(self, text="Number of images captured = 0", font='Helvetica 12 bold', fg="#263942")

self.numimglabel.grid(row=0, column=0, columnspan=2, sticky="ew", pady=10)

self.capturebutton = tk.Button(self, text="Capture Data Set", fg="#ffffff", bg="#263942", command=self.capimg)

self.trainbutton = tk.Button(self, text="Train The Model", fg="#ffffff", bg="#263942",command=self.trainmodel)

self.capturebutton.grid(row=1, column=0, ipadx=5, ipady=4, padx=10, pady=20)

self.trainbutton.grid(row=1, column=1, ipadx=5, ipady=4, padx=10, pady=20)

def capimg(self):

self.numimglabel.config(text=str("Captured Images = 0 "))

messagebox.showinfo("INSTRUCTIONS", "We will Capture 100 pic of your Face.")

x = start_capture(self.controller.active_name)

self.controller.num_of_images = x

self.numimglabel.config(text=str("Number of images captured = "+str(x)))

def trainmodel(self):

if self.controller.num_of_images < 100:

messagebox.showerror("ERROR", "No enough Data, Capture at least 100 images!")

return

train_classifer(self.controller.active_name)

messagebox.showinfo("SUCCESS", "The modele has been successfully trained!")

self.controller.show_frame("PageFour")

class PageFour(tk.Frame):

def __init__(self, parent, controller):

tk.Frame.__init__(self, parent)

self.controller = controller

label = tk.Label(self, text="Face Recognition", font='Helvetica 16 bold')

label.grid(row=0,column=0, sticky="ew")

button1 = tk.Button(self, text="Face Recognition", command=self.openwebcam, fg="#ffffff", bg="#263942")

#button2 = tk.Button(self, text="Emotion Detection", command=self.emot, fg="#ffffff", bg="#263942")

KEC/B.TECH/CSE/2022-23 61
Three Level Authentication for Safe Lockers

#button3 = tk.Button(self, text="Gender and Age Prediction", command=self.gender_age_pred, fg="#ffffff", bg="#263942")

button4 = tk.Button(self, text="Go to Home Page", command=lambda: self.controller.show_frame("StartPage"), bg="#ffffff",

fg="#263942")

#button5 = tk.Button(self, text="Voice-Recognition", command=self.openSpeech, fg="#ffffff", bg="#263942")

#button6 = tk.Button(self, text="Generate OTP", command=self.GenerateOTP, fg="#ffffff", bg="#263942")

button1.grid(row=1,column=0, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

#button2.grid(row=1,column=1, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

#button3.grid(row=2,column=0, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

button4.grid(row=1,column=1, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

#button5.grid(row=2,column=0, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

#button6.grid(row=2,column=1, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

def openwebcam(self):

status = main_app(self.controller.active_name)

#print(status)

#print(pred)

if(status==True):

print("hello")

button5 = tk.Button(self, text="Voice-Recognition", command=self.openSpeech, fg="#ffffff", bg="#263942")

button5.grid(row=2,column=0, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

#def gender_age_pred(self):

# ageAndgender()

#def emot(self):

# emotion()

def openSpeech(self):

with sr.Microphone() as source:

print("Speak:")

audio = r.listen(source)

try:

Speech =r.recognize_google(audio)

print("You said " + Speech)

if(Speech=='open the door'):

messagebox.showinfo("SUCCESS", "Your Voice has been successfully Matched...!!!!")

print("hello")

button6 = tk.Button(self, text="Generate OTP", command=self.GenerateOTP, fg="#ffffff", bg="#263942")

KEC/B.TECH/CSE/2022-23 62
Three Level Authentication for Safe Lockers

button6.grid(row=2,column=0, sticky="ew", ipadx=5, ipady=4, padx=10, pady=10)

else:

messagebox.showinfo("Sorry", "Your Voice has been Not Matched...!!!!")

self.controller.show_frame("PageFour")

except sr.UnknownValueError:

print("Could not understand audio")

except sr.RequestError as e:

print("Could not request results; {0}".format(e))

def GenerateOTP(self):

global OTP

for i in range(4):

OTP=OTP+digit[math.floor(random. random()*10)]

print("Your OTP is :",OTP)

otp=OTP

arduino = serial.Serial(port = 'COM7', timeout=0)

time.sleep(2)

while True:

print ("Enter 'Y' to Procced to Generate OTP")

var = str(input())

print(type(var))

var=var.upper()

if(var == 'Y'):

print("Anil")

arduino.write(str.encode(otp))

messagebox.showinfo("SUCCESS", "Your OTP Generated Successfully..!!")

app = MainUI()

app.iconphoto(False, tk.PhotoImage(file='icon.ico'))

app.mainloop()

KEC/B.TECH/CSE/2022-23 63
Three Level Authentication for Safe Lockers

5.5. Screenshots

5.5.1 Home page

The image 5.5.1 is home page where user can register newly if not existing user or the user can check his
details here if he/she is an existing user.

5.5.2 Name module

The image 5.5.2 is generated when user click on add an user option from 5.4.1. figure. Here the user can
enter his/her name to register.

5.5.3.select user

KEC/B.TECH/CSE/2022-23 64
Three Level Authentication for Safe Lockers

The 5.5.3 image generated when user selects check user from 5.4.1 figure. Here the user can select his/her
name to proceed with further authentication process.

5.5.4. Face recognition

The 5.5.4 image generated when an user selects his/her name from 5.4.3 figure.Here system proceeds with
first stage of authentication for safe locker.

5.5.5 add user

The image 5.5.5 is a module used to add new user and train the model with captured images.

KEC/B.TECH/CSE/2022-23 65
Three Level Authentication for Safe Lockers

5.5.6 voice recognition

The 5.5.6 image is generated once the face recognition is successfully completed. In this the user can select
voice recognition for further authentication.

KEC/B.TECH/CSE/2022-23 66
Three Level Authentication for Safe Lockers

KEC/B.TECH/CSE/2022-23 67
Three Level Authentication for Safe Lockers

CHAPTER-6
FUTURE WORK AND
CONCLUSION

KEC/B.TECH/CSE/2022-23 68
Three Level Authentication for Safe Lockers

Future Work and Conclusion

6.1 Future Work

In this chapter, several extensions will be addressed and future opportunities will bediscussed.

Although many authentication schemes are being introduced, most of them are vulnerable to theft-based
attacks. The new authentication process using two associated devices has been proposed to minimize attack
surface over theft-based attacks. Several real-life examples of the authentication process were designed and
implemented by using multiple sets of devices. Then, the authentication process was modeled with a high level
process specification language and verified by a model checker in order to indicate the soundness of its secrecy
and authenticity properties. Finally, the performance overhead of the process was evaluated to demonstrate the
performance differences between multiple implementations.

6.1.1 Add/Remove Devices

A particular registration method was implemented and used in all configurations to pair devices with each
other and the user. This registration phase can be done only once. To increase usability, it would be a very
useful feature to allow users to add or remove additional devices into the system after the first device pairing
process.

6.1.2 Continuous Authentication

Continuous authentication is an emerging topic in the security field. The main concern in standard user
authentication schemes (e.g., username/password) is that after a certain amount of time the user can become
inactive. However, asking for authentication within a period of time could be used to track activity of the user.

In the proposed authentication process, if the system successfully authenticates the user, then that
authentication remains active until the defined session time. However, an attacker can steal the authenticated
device before the authentication session expires and get access to the system. To solve this problem, a
continuous authentication approach could be integrated into the proposed implementations. The system could
send a challenge to the first device every few minutes, and the user could perform this challenge with the
second device in order to keep authenticated.

KEC/B.TECH/CSE/2022-23 69
Three Level Authentication for Safe Lockers

6.1.3 Future Experiments

Various experiments have been performed on the proposed implementation to demonstrate the performance
overhead of the authentication system. During the experiments, the user interaction time was not considered.
Using human participants and measuring their challenge performing times could be a good way to evaluate
real authentication time with user interaction. Furthermore, similar experiments could be performed on other
authentication schemes (e.g., username and password, physical token, two-factor authentication) to illustrate
the performance advantages and disadvantages over different schemes.

6.1.4 Future Implementations

three particular implementations were presented. These authentication process implementations introduce
solutions to distinct authentication problems. However, it would be useful to demonstrate more
implementations to solve real life authentication problems.

Table 6.1 shows further possible implementations to solve common authentication problems in daily life.
One general problem with cars is if the car key is stolen, an attacker also can steal the car itself. However,
adopting the proposed authentication process could solve
Table 6.1. Further implementation ideas
Authenticator System First device Second device Challenge transmission
method
Car Smartwatch Smartphone NFC
Home door Smartphone Smartwatch QR code
Hotel door Smartring Smartwatch NFC
Garage door Car Smartphone Bluetooth
GPS navigator Car Smartphone Bluetooth
Military facility Smart necklace Smartwatch Bluetooth
Server Laptop Smartwatch Image
the problem without extra overhead cost. For example, the car can represent the authenticator system. When
the user gets close to the car, the car sends a challenge to the smartwatch, then the user taps the smartphone to
perform the challenge. Finally, the smartphone sends the challenge back to the car and the car unlocks the
doors and/or starts the car.

KEC/B.TECH/CSE/2022-23 70
Three Level Authentication for Safe Lockers

Another common problem is garage door or facility gate access. In this particular problem, the garage door
represents the authenticator system and the user’s car and smartphone act as the first and second devices. When
the car gets close to the garage door, the garage door sends a challenge to the car. Then, the smartphone reads
this challenge via bluetooth, and sends it back to the garage door. Finally, the garage authenticates the car and
opens the door.

Alternatively, this authentication process can be implemented with any other lock system. The lock can act as
the authenticator system and the user’s multiple devices (e.g., a smart ring and a smart military necklace, a
smart “dog tag”) can act as the first and second devices. When the user comes within a threshold proximity of
the lock, the smart ring will initiate the authentication process with the lock. Then, the lock sends a challenge
to the smart ring. The smart ring sends the challenge to the smart dog tag. In this particular implementation,
the process executes automatically, without user involvement, based on proximity to the lock.

Furthermore, more than two devices could be implemented during the authentication process. Two devices
might not be enough for theft protection, especially when authenticating users to more sensitive information,
such as, military source, intelligence agency source, etc. In this particular solution, a military base could house
an authenticator system, and a user could use a smartphone, a smartwatch and a smart ring all together in order
to complete authentication.

6.2. Conclusion
The authentication process implementations’ performances were analyzed in terms of execution time, network
usage, memory usage, and battery consumption in the previoussubsections.

The greatest performance differences were caused by the challenge transmission methodology. Instead of using
a QR code, sending only a random number as a challenge dramatically increased the performance of the
execution time and the network usage. Sound waves, infrared technology, or motion detection can also be used
as alternatives to a QR code in order to improve the performance of the authentication process.

In addition, the different device hardware specifications did not significantly effect the network usage.
However, the execution time performance slightly increased while using higher performance devices during
the authentication process. Moreover, the variety of the devices showed that the proposed authentication
process can be implemented by using even slower devices.

Finally, none of the configurations significantly effected the battery life of the devices during the authentication
process.

KEC/B.TECH/CSE/2022-23 71
Three Level Authentication for Safe Lockers

CHAPTER-7
REFERENCES

KEC/B.TECH/CSE/2022-23 72
Three Level Authentication for Safe Lockers

List of References
[1] Matt Bishop. Computer Security: Art and Science, volume 200. Addison-Wesley, 2012.

[2] Mark Stamp. Information Security: Principles and Practice. John Wiley & Sons, 2011.

[3] Anil K Jain, Patrick Flynn, and Arun A Ross. Handbook of Biometrics. Springer Science & Business
Media, 2007.

[4] Lawrence O’Gorman. Comparing Passwords, Tokens, and Biometrics for User Authentication.
Proceedings of the IEEE, 91(12):2021–2040, 2003.

[5] Jean-Baptiste Subils. Authentication Via Multiple Associated Devices. Master’s project, University of
South Florida, 2015. To appear.

[6] Cagri Cetin, Jay Ligatti, Dmitry Goldgof, and Jean-Baptiste Subils. Systems and Methods for
Authentication Using Multiple Devices, April 22 2015. US Patent App. 14A079PRC.

[7] Messaoud Benantar. Access Control Systems: Security, Identity Management and Trust Models.
Springer Science & Business Media, 2006.

[8] Steven Furnell. An Assessment of Website Password Practices. Computers & Security, 26(7):445–451,
2007.

[9] Kim-Phuong L Vu, Robert W Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam Belin Tai, Joshua Cook,
and E Eugene Schultz. Improving Password Security and Memorability to Protect Personal and
Organizational Information. International Journal of HumanComputer Studies, 65(8):744–757, 2007.

[10] Robert Morris and Ken Thompson. Password Security: A Case History. Communications of the ACM,
22(11):594–597, 1979.

[11] David L Jobusch and Arthur E Oldehoeft. A Survey of Password Mechanisms: Weaknesses and
Potential Improvements. part 1. Computers & Security, 8(7):587–604, 1989.

[12] David L Jobusch and Arthur E Oldehoeft. A Survey of Password Mechanisms: Weaknesses and
Potential Improvements. part 2. Computers & Security, 8(8):675–689, 1989.

[13] Passwords Revealed by Sweet Deal, April 2004.

http://news.bbc.co.uk/2/hi/technology/3639679.stm.
[14] Qinghan Xiao. Security Issues in Biometric Authentication. In Information Assurance Workshop, 2005.
IAW’05. Proceedings from the Sixth Annual IEEE SMC, pages 8–13. IEEE, 2005.

[15] Umut Uludag and Anil K Jain. Attacks on Biometric Systems: a Case Study in Fingerprints. In
Electronic Imaging 2004, pages 622–633. International Society for Optics and Photonics, 2004.
[16] Anil K Jain, Lin Hong, Sharath Pankanti, and Ruud Bolle. An Identity-Authentication System Using
Fingerprints. Proceedings of the IEEE, 85(9):1365–1388, 1997.
[17] Ravikanth Pappu, Ben Recht, Jason Taylor, and Neil Gershenfeld. Physical One-way Functions.
Science, 297(5589):2026–2030, 2002.

KEC/B.TECH/CSE/2022-23 73
Three Level Authentication for Safe Lockers

[18] EMC Corporation. RSA SecurID Hardware Tokens | Two-Factor Authentication, 2015.
http://www.emc.com/security/rsa-securid/rsa-securid-hardware-tokens.htm.

[19] Blizzard Entertainment. Battle.net Authenticator - Battle.net Support, 2015.

https://us.battle.net/support/en/article/battlenet-authenticator.

[20] Yubico. YubiKey Standard & Nano, 2015.

https://www.yubico.com/products/yubikeyhardware/yubikey-2/.

[21] Amos Fiat and Adi Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature
Problems. In Advances in Cryptology—CRYPTO’86, pages 186–194. Springer, 1987.
[22] Manik Lal Das, Ashutosh Saxena, and Ved P Gulati. A Dynamic ID-based Remote User Authentication
Scheme. Consumer Electronics, IEEE Transactions on, 50(2):629–631, 2004.
[23] Hung-Yu Chien, Jinn-Ke Jan, and Yuh-Min Tseng. An Efficient and Practical Solution to Remote
Authentication: Smart Card. Computers & Security, 21(4):372–375, 2002.
[24] Dwayne Mercredi, Joseph Robinson, and Joachim Vance. Token Authentication System, October 17
2005. US Patent App. 11/252,040.

[25] Yen Sung-Ming and Liao Kuo-Hong. Shared Authentication Token Secure Against Replay and Weak
Key Attacks. Information Processing Letters, 62(2):77–80, 1997.
[26] Geoff Brown. The Use of Hardware Tokens for Identity Management. Information Security Technical
Report, 9(1):22–25, 2004.

[27] Guomin Yang, Duncan S Wong, Huaxiong Wang, and Xiaotie Deng. Two-factor Mutual Authentication
Based on Smart Cards and Passwords. Journal of Computer and System Sciences, 74(7):1160–1172,
2008.
[28] Fadi Aloul, Syed Zahidi, and Wassim El-Hajj. Two Factor Authentication Using Mobile Phones. In
Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on,
pages 641–644. IEEE, 2009.
[29] Luis Von Ahn, Manuel Blum, Nicholas J Hopper, and John Langford. CAPTCHA: Using Hard AI
Problems for Security. In Advances in Cryptology—EUROCRYPT 2003, pages 294–311. Springer,
2003.

[30] Jeff Yan. Bot, Cyborg and Automated Turing Test. In Security Process, pages 190– 197. Springer, 2009.
[31] Philippe Golle. Machine Learning Attacks Against the Asirra CAPTCHA. In Proceedings of the 15th
ACM conference on Computer and communications security, pages 535–542. ACM, 2008.

[32] Elie Bursztein, Matthieu Martin, and John Mitchell. Text-based CAPTCHA Strengths and Weaknesses.
In Proceedings of the 18th ACM conference on Computer and communications security, pages 125–
138. ACM, 2011.

[33] Carlisle Adams and Steve Lloyd. Understanding Public-key Infrastructure: Concepts, Standards, and
Deployment Considerations. Sams Publishing, 1999.

[34] Mark Masse. REST API Design Rulebook. ” O’Reilly Media, Inc.”, 2011.

KEC/B.TECH/CSE/2022-23 74
Three Level Authentication for Safe Lockers

[35] Pivotal Software Inc. Overview of Spring Framework, 2012.

http://projects.spring.io/spring-framework/.

[36] Hibernate Object/Relational Mapping, 2014. http://hibernate.org/orm/what-is-anorm/.

[37] Alan Paller Dennis Kirby Bob Martin, Mason Brown. Improper Neutralization of Special Elements
used in an SQL Command (’SQL Injection’), 2011. http://cwe.mitre.org/top25/CWE-89.

[38] The Apache Software Foundation. Apache Maven Project, 2015. https://maven.apache.org/.

[39] The Apache Software Foundation. Apache Tomcat, 2015. http://tomcat.apache.org/.

[40] Rich Helton and Johennie Helton. Java Security Solutions. John Wiley & Sons, Inc., 2002.

[41] D. Eastlake, 3rd and P. Jones. US Secure Hash Algorithm 1 (SHA1), 2001.

[42] Oracle. Java Security (Java Platform SE 7) | Oracle Documentation, 2011.

http://docs.oracle.com/javase/7/docs/api/java/security/package-summary.html.

[43] Google Zxing | GitHub, 2014. https://github.com/zxing/zxing/.

[44] Gerald Madlmayr, Josef Langer, Christian Kantner, and Josef Scharinger. NFC Devices: Security and Privacy.
In Availability, Reliability and Security, 2008. ARES 08. Third International Conference on, pages 642–647. IEEE,
2008.
[45] Google. Near Field Communication | Android Developers.
https://developer.android.com/guide/topics/connectivity/nfc/index.html.

[46] The AVISPA Project, funded by the European Union in the Future and Emerging Technologies (FET Open)
programme, Project Number: IST-2001-39252., 2003. http://www.avispa-project.org/.

[47] Luca Vigan`o. Automated Security Process Analysis with the AVISPA Tool. Electronic Notes in Theoretical
Computer Science 155 (2006) 61–86, pages 64–66, 2006.

[48] David Basin Carlos Caleiro, Luca Vigan`o. Deconstructing Alice and Bob. Electronic Notes in Theoretical
Computer Science 135 (2005) 3–22, pages 19–20, 2005.

[49] Google. Using DDMS | Android Developers, 2012.

http://developer.android.com/tools/debugging/ddms.html.

[50] Patrick Dubroy. Memory Management for Android Apps. Google I/O Development Conference, https://www.
youtube.com/watch?v=CruQY 55HOk,2011.

KEC/B.TECH/CSE/2022-23 75