Lockbox:Advanced password Encryption and

Management Tool

BY
A.GIRIJA
SUMA( 2020WA86521)
CONTENTS
 Introduction
 Literature review
 Software requirements and
specifications
 System design
INTRODUCTION
Title slide
Acknowledgment
Abstract
Objectives
Problem statement
Existing and proposed system
TITLE
 Lockbox: Advanced Password Encryption and
Management Tool
 CSIW ZG628T Dissertation code: CSIW ZG628T
 By Akkapantula. Girija Suma
 Under the supervision of Panduri. Naga Lakshmi
Durga Manohari (Senior Project Engineer)
Dissertation Work carried out at Wipro Limited,
Hyderabad BIRLA INSTITUTE OF TECHNOLOGY
AND SCIENCE Pilani (Rajasthan), India
September 2024
ACKNOWLEDGMENT
 I would like to express my appreciation to my
supervisor Mrs. Panduri. Naga Lakshmi Durga
Manohari for her valuable and constructive
suggestions during the planning and development of
this research work. I also thank my project
examiners Mr. Y. Ramprasad Reddy and Mr. G.C.
Praveen Kumar and all who provided facilities for this
project. I extend my gratitude to WIPRO and BITS
Pilani for this opportunity.
ABSTRACT
 The increasing reliance on digital platforms has led to the need
for secure password management. 'LockBox: Advanced
Password Encryption and Management Tool' provides a robust
and user-friendly solution. The project aims to mitigate risks
associated with password reuse and weak passwords by using
AES-256 encryption, improving user convenience, and
promoting best practices in Cybersecurity.
OBJECTIVES
 Enhance Security:

Use AES-256 encryption to protect passwords.

 Improve User Convenience:

User-friendly interface for easy password management across devices.

 Promote Best Practices:

- Encourage strong, unique passwords and raise security awareness.

 Cross-Platform Compatibility:

Seamless use on desktops, laptops, and mobile devices.

 Automation:
- Features for automatic password generation and form filling.

 Cost Efficiency:

Provide advanced features at low or no cost.

PROBLEM STATEMENT

 The proliferation of online services requiring

authentication has made password management a
challenge. Common practices like reusing passwords
pose significant security risks. Existing solutions are
often complex and lack comprehensive security
measures. LockBox aims to provide a secure, user-
friendly, and comprehensive solution.
EXISTING AND PROPOSED SYSTEMS
Existing system Proposed System
 Manual Management:  Advanced Encryption

Users create simple or reused Uses AES-256 encryption for

passwords, weakening secure password storage.
security.  User-Friendly Interface
 Complexity:
Clean, intuitive design for ease
Many tools are too complex of use.
for non-technical users.  Cross-Platform Compatibility
 Security Gaps:
Works seamlessly across
Not all managers offer end-to- desktops, laptops, and mobiles.
end encryption.  Automation
 Cross-Platform Issues: Features like automatic
Difficulty managing password generation and form
passwords across devices. filling.
LITERATURE REVIEW
 1. Bonneau & Preibusch (2010)  3.Chiasson, van Oorschot, & Biddle (2006)
• Focus: Web authentication systems and • Focus: Usability study of password managers.
market failures. • Findings: Users prefer easier-to-use tools, even if
• Findings: Password-based systems are less secure.
vulnerable due to user behavior (e.g., • Implication: Ensure "LockBox" is both secure and
password reuse) and lack of incentives for user-friendly.
stronger security.  4. Gaw & Felten (2006)
• Implication: Emphasize secure, user-friendly
• Focus: Strategies for managing multiple passwords.
design to address these vulnerabilities. • Findings: Users favor convenience over security,
often reusing passwords.
 2. Florêncio, Herley, & Van Oorschot (2014)
• Implication: Automate password management to
• Focus: Password management practices and minimize user effort while ensuring security.
administrative challenges.  5. Adams & Sasse (1999)
• Findings: Balancing security with usability is • Focus: User behavior and security compliance.
crucial; MFA and effective password • Findings: Users bypass cumbersome security
managers are recommended.
measures; involvement in design improves
• Implication: Balance stringent security compliance.
measures with ease of use in "LockBox." • Implication: Adopt a user-centered design
approach to enhance security and usability.
SOFTWARE REQUIREMENTS AND SPECIFICATIONS

 Software and Hardware requirements

 Functional requirements
 Non- Functional requirements
 Technology used
SOFTWARE AND HARDWARE REQUIREMENTS

 Software Requirements  Hardware Requirements

The "LockBox" system requires the following  The following hardware specifications
software platforms, frameworks, and tools: are necessary to run the "LockBox"
system efficiently:
 Operating System:
Windows 7 or higher, macOS, or Linux
 Processor: Dual-Core 2.0 GHz or
higher
 Web Server:
XAMPP (Apache, MySQL, PHP)  RAM: 4 GB minimum (8 GB
 Programming Languages: recommended)
HTML, CSS, JavaScript, PHP  Storage: 120 GB HDD or SSD
 Database: MySQL
 Encryption Libraries: OpenSSL for AES-256  Display: 1280 x 800 resolution or
encryption higher
 Browsers:  Network: Broadband internet
Google Chrome, Mozilla Firefox, Microsoft connection for secure data transmission
Edge
 Development Environment:  Backup Storage: External hard drive
Integrated Development Environment (IDE) or cloud storage service for data
such as Visual Studio Code or PHPStorm backups
FUNCTIONAL REQUIREMENTS
 1. User Authentication
Secure Login: Two-Factor Authentication (2FA)
Account Creation: Unique user accounts
 2. Password Storage & Management
Encrypted Storage: Secure password database
Organization: Categories or folders
Retrieval: Secure password retrieval options
 3. Password Generation
Strong Passwords: Random, user-defined criteria
Clipboard Integration: Securely copy passwords
 4. Auto-Fill Integration
Browser Integration: Auto-fill in login forms
Security: Fill only on secure, verified sites
 5. User Interface
User-Friendly: Easy navigation and access to features
Dashboards: Efficient password management
 6. Backup and Recovery
Backup: Secure option to back up password data
Recovery: Restore passwords from backup in case of data loss
NON FUNCTIONAL REQUIREMENTS
 1. Performance
Response Time: ≤ 2 seconds for actions (login, retrieval, generation)
Database Capacity: Handle up to 10,000 user accounts efficiently
 2. Usability
Ease of Use: Designed for users with minimal technical knowledge
Intuitive UI: Clear instructions and tooltips
 3. Reliability
Uptime: 99.9% availability
Backup & Recovery: Reliable with no data loss
 4. Security
Encryption: AES-256 for stored passwords and sensitive data
Data Transmission: Secured with TLS/SSL protocols
 5. Scalability
Design: Efficient scaling for future expansions and integrations
 6. Compatibility
Browsers: Compatible with Chrome, Firefox, Edge
Operating Systems: Windows, macOS, Linux
Mobile: Seamless on Android and iOS
TECHNOLOGY USED

The "LockBox" project employs a range of technologies that provide security, performance, and
usability:
 AES-256 Encryption: Chosen for its industry-standard security, AES-256 ensures that all stored
passwords and sensitive data are protected from unauthorized access.
 PHP and MySQL: The use of PHP for server-side scripting and MySQL for database management
offers a robust and scalable environment for the password management system.
 XAMPP: This open-source web server solution allows for easy deployment and testing of the
application in a local environment, ensuring that the system is stable before broader deployment.
 HTML, CSS, Bootstrap, and JavaScript: These front-end technologies are used to create a
responsive, user-friendly interface that works across multiple devices and browsers.
 OpenSSL: This library is utilized for implementing encryption, ensuring that all data is securely
transmitted and stored.
 By combining these technologies, the "LockBox" project ensures a high level of security,
performance, and user satisfaction.
 This structure covers the essential aspects of the Software Requirement Specification (SRS) for the
"LockBox" project, ensuring that all necessary details are clearly defined. If you need further
elaboration or adjustments, feel free to ask
SYSTEM DESIGN

 System design introduction

 System Architecture
 Date Flow
 Sequence Activity
 Flow chart
SYSTEM DESIGN CHAPTER
 Introduction:
The system design chapter provides a detailed description of the architectural and functional
components of the "LockBox: Advanced Password Encryption and Management" project. The
purpose of this chapter is to outline how the system is structured, how it operates, and how it
integrates with other systems to achieve its goals. The design is focused on creating a secure, user-
friendly, and efficient password management tool that addresses the growing need for robust
password protection.

 External Interactions:
 Web Browsers: The system integrates with major web browsers (e.g., Chrome, Firefox) to provide
auto-fill capabilities for login forms. This interaction ensures seamless user experience and
enhances security by automatically inserting encrypted passwords into secure login fields.
 Cloud Storage Services: For backup and recovery purposes, the system can interact with cloud
storage services. This ensures that users' encrypted password databases are securely backed up
and can be restored if needed.
 Authentication Services: The system may interact with external authentication services for two-
factor authentication (2FA) to provide an additional layer of security during user login.
SYSTEM ARCHITECTURE
User Interface (UI):
 The UI is the front-end component where users interact with the system. It is designed to be intuitive and
responsive, allowing users to manage their passwords easily.
 Technologies: HTML, CSS, JavaScript, Bootstrap
 Application Logic:
 The application logic is the core component that handles the processing of user inputs, password
encryption and decryption, and interaction with the database.
 Technologies: PHP, JavaScript
 Database:
 The database is where encrypted passwords and other user data are securely stored. The system uses a
relational database (MySQL) to manage this data efficiently.
 Technologies: MySQL
 Encryption Module:
 The encryption module is responsible for securely encrypting and decrypting user passwords using AES-256
encryption. This ensures that passwords are stored securely and can only be accessed by authorized users.
 Technologies: OpenSSL
 Web Server:
 The web server hosts the application and handles requests from users. It also manages data flow between
the front end and the back end.
 Technologies: Apache (part of XAMPP)
 Backup and Recovery System:
 This component handles the secure backup of encrypted password databases and provides recovery
options in case of data loss.
 Technologies: Integration with cloud storage services
DATA FLOW

 User Login:
 The user initiates a login
request by entering their
credentials on the UI.
 The credentials are securely
transmitted to the
application logic via the web
server.
 The application logic verifies
the credentials against the
encrypted user data stored
in the database.
 If the credentials are correct,
the user is granted access to
the system; otherwise, an
error message is displayed.
 Password Storage:
 The user adds a new
password via the UI,
specifying the account
name, username, and
password.
 The password is sent to
the application logic,
which then calls the
encryption module to
encrypt the password
using AES-256.
 The encrypted password,
along with the account
name and username, is
stored in the database.
 Password Retrieval:
 The user requests to
view or use a stored
password.
 The application logic
retrieves the encrypted
password from the
database and calls the
encryption module to
decrypt it.
 The decrypted password
is displayed on the UI or
automatically filled into
the corresponding login
form via browser
integration.
SEQUENCE ACTIVITY
The sequence activity section outlines the order in
which actions are performed within the system for
various functionalities.
 Example: Password Storage Sequence:
 User Input:
 The user inputs the new password details
(account name, username, password) into
the UI.
 Encryption:
 The application logic sends the password to
the encryption module for AES-256
encryption.

 Database Storage:
 The encrypted password is stored in the
database along with the associated account
name and username.
 Confirmation:
 The system confirms successful storage of
the password to the user via the UI.
 Example: Password Retrieval Sequence:
 User Request:
 The user selects a stored password
from the UI to view or use.
 Database Query:
 The application logic queries the
database for the encrypted password.
 Decryption:
 The retrieved encrypted password is
sent to the encryption module for
decryption.
 Display or Auto-Fill:
 The decrypted password is either
displayed on the UI or auto-filled into
a login form via browser integration.
 Confirmation:
 The system confirms the successful
retrieval and use of the password to
the user.
Use Cases
The use case section describes specific
scenarios where users interact with the
"LockBox" system, illustrating how the
system responds to user actions.
Use Case 1: User Login
Actors: User, System
Scenario: A user attempts to log in to the
"LockBox" system.
Preconditions: The user must have a
registered account with the system.
Steps:
The user enters their username
and password.
The system validates the
credentials.
The system requests a second
authentication factor (e.g.,
OTP via SMS).
The user enters the OTP.
The system verifies the OTP and
grants access to the user
dashboard.
Postconditions: The user is logged in and
can access their stored passwords.
Use Case 2: Storing a New
Password
Actors: User, System
Scenario: A user stores a new
password in the system.
Preconditions: The user must be
logged in.
Steps:
The user selects the option to
add a new password.
The user enters the account
name, username, and
password.
The system encrypts the
password and stores it in
the database.
The system confirms
successful storage to the
user.
Postconditions: The new password
is securely stored in the system.
Use Case 3: Retrieving a Password
Actors: User, System
Scenario: A user retrieves a stored
password.
Preconditions: The user must be
logged in.
Steps:
The user selects a stored
password from the list.
The system retrieves the
encrypted password from
the database.
The system decrypts the
password and displays it or
auto-fills it into a login form.
The system confirms successful
retrieval to the user.
Postconditions: The user has
accessed the requested password.
7. Flowchart
Flowcharts provide a visual
representation of the processes
within the "LockBox" system,
illustrating the logic and flow of
operations.
Flowchart 1: User Login Process
Start: User enters username and
password.
Decision 1: Credentials validated?
Yes: Proceed to 2FA.
No: Display error message.
Decision 2: 2FA successful?
Yes: Grant access to user
dashboard.
No: Display error message.
End: User is logged in.
Flowchart 2: Password Storage
Process
Start: User inputs password
details.
Step 1: Encrypt password using
AES-256.
Step 2: Store encrypted password
in the database.
End: Confirm successful storage to
the user.
Flowchart 3: Password Retrieval
Process
Start: User requests password
retrieval.
Step 1: Retrieve encrypted
password from the database.
Step 2: Decrypt password using
AES-256.
Step 3: Display or auto-fill
password.
End: Confirm successful retrieval
to the user.
Top of Form
Bottom of Form
CONCLUSION
 In summary, our lock box management tool is engineered to
offer a secure and intuitive solution for password management.
With AYS256 encryption at its core, the tool guarantees the
protection of passwords while maintaining ease of use.
 The design is thoroughly detailed through flow charts and use
cases, which highlight its user-friendly features. Moreover, the
project is designed to be cost-efficient, with minimal financial
requirements for development.
 Our proposed six-week timeline further ensures a structured and
timely approach to completing the project. We trust this
presentation effectively communicates the key aspects of our
design and planning efforts.

.
THANK YOU