Final Fyp Print

(1)

FINAL YEAR PROJECT

FINGERPRINT WEB AUTHENTICATION SYSTEM (FWAS)

BY IVNEET SINGH

TP023861

UC2F0907CMT BSc (Hons) in IT: System Security University of Innovation and Technology

A project submitted in partial fulfillment of award of the Bachelor of Science (Honors) in

Information Technology: System Security

SUPERVISED BY:

(2)

Acknowledgement

I would like to express my heartfelt appreciation to the many people who have helped me in the completion of this challenging project. Such a project could have been an herculean task to complete however with the visionary approach of my supervisor Mrs. Indah Nadialenny Mohd Ismail who was dextrous in guiding me in the right direction proved to be fruitful not only in completing this project but also in my own personal and intellectual development too.

I would also like to convey my deepest gratitude to Biometric Ideal Test Organisation in providing me with their fingerprint database for my research and to Mr. Anil K.Jain for providing his Phd. as a free open source online research that inheritably helped my research to attain the epitome of success.

(3)

1.0 Introduction

1.1 Topic of the System:

Fingerprint web authentication system (FWAS) is basically focused on fingerprint access control which will be used for university websites login. This system will help in solving the problems faced by most of universities like unauthorized access by the students using university staff member’s accounts. Universities use intranet and extranet also to provide services to students like online library, student webmail and attendance. These websites are also used by the university staff members like lecturers, academics and examination departments. For the staff member’s special permissions and services are allocated as compare to students like updating assignments, results and examination papers. This project involves the development of the system which will scan the fingerprints of the users and will authenticate them. The users need to be involved for their fingerprint scanning; they need to scan their fingerprints using the fingerprint scanner. This system might help university to resolve their security issue regarding website login and unauthorized access. This project will be designed and might be implemented to university website. The rules and regulations for the university will be taken care before implementation of this system

1.2 Purpose for developing a system:

The main purpose of fingerprint web authentication system is to implement secure login technique which will minimize the security risk from the current system. In the current system if the student gets access to the username and password for the examination department then it can easily get access to all confidential data.

Target User : The target users for this system are university full time and part time lecturers and other staff members of the university like examination department, academics and administration department

(8)

1.3 Problem Content and Rationale:

These days most of the universities are facing some problems related to internet or web security. Most general security issue is when there is common websites for both students and staff logins universities face problem regarding unauthorized access by the students. Now days some university decided to even upload exam papers on university websites which are only limited to some staff members like senior lecturer or examination department like APIIT intranet system.

One of the problem as presented by (Albinson, 2004) is that Internet accounts get compromised. Now days many internet accounts have been compromised due to hacking, people use common and similar passwords for all accounts. Hackers trap the users by using some techniques like phishing and key loggers. Key loggers can track the internet activities including the username and password. So by using biometric technology such as fingerprint scanning the hackers / intruders cannot get access to the fingerprint image because the image is converted into binary codes and which cannot be deciphered.

Username and passwords may not fall into the wrong hands due to hackers: users may use their phone numbers, passports number or family name as their password which can be easily picked up. The unauthorized users need not be a hacker in order to get access. The fingerprint is the only tool that can authenticate user.

The problem listed in (Cybercriminals Target Online Banking Customers, 2010) Frauds happening all around the internet due to phishing: Banking and credit card frauds are more famous among the fraud list. All this came into picture after the internet banking and online credit card usage was implemented for the internet users. On the internet many phishing page are uploaded to get the data for the banking customers. So by using biometric technology such as fingerprint scanning it is not easy to design phishing page to capture the image of the fingerprint as compared to username, passwords or credit card numbers.

(9)

Sometimes internet users forget their account user-name and passwords, as they manage many accounts for different purposes like social networking, email accounts, banking account, university accounts or company accounts. Implementing the fingerprint scanning would enable such users to access their various accounts with minimal hassle.

1.4 Rationale for carrying out the project

The reason for developing this system is to secure university websites from unauthorized access. This system will be able to minimize security risks to university current system and help staff members for fast and easy access to their accounts. This system will deliver a better and secure way to login into the university websites. This system can also help in preventing the problems relating to internet security like accounts get compromised or sometimes user forget their passwords. By implementing this type of system the universities can upload and share confidential data within the network.

1.5 Objective of the System:

The basic requirement is to develop a system that can security risks and authenticate the genuine users through a fingerprint web-authentication system (FWAS) using biometric technology. This system will be mainly for university websites. Before developing this system researcher need to understand the problem area of the current system and should able to face the challenges to make the system work fully functional. This system will not only prevent unauthorized access but also helps in solving various problems regarding internet security. As developer will minimize the scope of the project to university website login but can also use this systems in online banking, shopping websites, military or any other websites that contains confidential data. This system will provide internet security to keep the system and information safe from malicious software’s, need to maintain privacy and protect sensitive and confidential information.

1.6 Scope of the System:

This system will be mainly focused on university website to provide security. The users need to login into their accounts using fingerprint web authentication system, users need to scan their

(10)

fingerprint to get access to their accounts. This system also helps in solving the problems in the current system.

 To minimize the security risks from the current system (University website).  To improve security for internet users using fingerprint recognizing.

 To prevent the happening of fraudulent activities such as hacking of accounts passwords and misuse them

 To obtain fast and accurate authentication results in cost effective manner. 1.7 Nature of Challenge:

Attaining device: As the system is based on fingerprint biometric authentication, developer needs to buy the biometric device which can scan the finger prints of the users. The device should have software development kit so that by using that kit developer can store the fingerprints in form of digital data in database.

Cooperation of users or participants: Before the development of the system developer need to do a research which includes surveys and questionnaires. While conducting the survey and questionnaire the cooperation of the participants is must.

Authentication: System should verify the genuine user and should be able to minimize security risk .The verification between human and machine should be claimed. The fake user cannot be authenticated. Previously authentication system uses username and passwords or digital signatures. But now new method of authentication is introduced for web-logins.

Authorization: The authorization to the genuine user is must. Each and every user has different permissions but if the user is genuine and system allows the access to user for other account. System need to verify the account information before authorizing any user.

(11)

2 Project management

2.0 Project plan

The detailed research is required to meet the aims and objectives of the system. 2.1 Evaluating and experimenting biometric system

Developer need to conduct and experiment, analyze and evaluate biometric systems. The experiment will be based on working mechanism of biometric systems. Through this experiment the developer will understand various biometric communication systems such as whether it is based on client/server or some are also based on peer to peer architecture. By analyzing it developer will able to decide which communication architecture is going to be used for the proposed system.

2.2 Experimenting with different API

Developer need to do experiment on various programming API. The API also depends upon the device which is used for developing the system. Selection of the API is very important part for developing biometric systems because using the API we can develop the system. To enable the system to work on different platform developer need to choose API this can support platform independence.

2.3 Testing the Prototype

Different type of testing will be conducted to test the prototype. For example – stress testing will be done to check the performance and availability of the system when the numbers of clients are high or low. Then other testing will be done to check the output of the system by entering different values.

Deliverables

After achieving the aims and objectives of the proposed system the system might represent a better performance and the system that is highly available for the user even if the users are increased. The system might be implemented to the university website and there will be more than 160 users for this system. Developer need to make sure about the performance and availability of the system.

(12)

2.4 Resources

Developer need to find the resources which can be helpful in developing the system.

E-Resources

Access to following main websites for collecting research material:  IEEE-http//:www.ieeexplore.ieee.org/

 A fingerprint matching algorithm using phase-only correlation

(IEICE TRANS.FUNDAMENTALS.VOL.E87-A, NO.3 MARCH 2004)  FINGERPRINT RECOGNIZATION

www.biometrics.gov

 A simple matching algorithm for fingerprint minutiae Data sets in accordance with DIN V 66400

(Lisa Thalheim)

Books

 Encyclopedia of biometrics, by Stan Z. Li, Anil K.Jain

 Security and access control using biometric technologies by Robert Newman

Researcher might conduct survey among the users of the system i.e. university lecturers. The survey will be designed and distributed among the lecturers within the university. Researcher might conduct an interview with the company based on biometric and voice recognition technology for gathering technical information regarding the system. This might help researcher in gathering technical information regarding the biometric technology.

(13)

2.5 Development Plan

Problem Identification phase: In this phase developer will identify the problem area for the

system. As developer needs to do a research on problem area as proposed system is based on fingerprint web-authentication system. Developer needs to analyse the current system and the problems faced in that system. The problem area that developer will focus is based on university websites.

Requirement phase: In this phase developer will start requirement and data gathering using

survey and interview. Developer needs to analyse the requirement for the project which would require the developer to do research and strengthen the understanding on the following areas of knowledge, both domain and as well as technical research areas, without which the developer will not be able to deliver a good academic project. Developer will conduct an online survey with the university lecturers as they will be the users for the proposed system. An interview will be conducted with project manager of CTI group regarding technical knowledge with current system.

Specification phase: In this phase developer will decide the specification of the system. Now developer needs to do a research on the biometric hardware devices available for the system, the developer need to do a research for the specification of the device that is required to develop the system. Developer needs to be very careful about specification because if any error is made within this process, it can create a problem in development of the system. For the development of the system the developer need to know about the current architecture of the system.

Design phase: In this part the developer will design the database and interface of the system.

The system interface should be friendly and developer should also consider human computer interface during the development of the system. The database should be highly normalized and as the proposed system is web based the developer should design web based interface.

Implementation phase: In this phase developer will start coding for the system; developer

(14)

development of the system. This process will take longer time as developer needs to do coding for the project.

Testing phase: After development of the system is successfully completed developer will now

test the system find errors or bugs. The testing for this system might cover several stages like stress testing, black box testing, grey box testing and white box testing. If there are any errors or bugs the developer will try to fix them in this phase.

Deployment phase: In this phase the system is being moved to a working environment, the

development of the system might take place in that environment as there can be some errors in the system while implementing to a new environment. Once the system is ready to use it will be monitored to find out any kind of error or future requirements for the system.

(15)

3 Domain research

3.0 Introduction to Biometrics

Biometric authentication is one of the technical improvements in information technology and looks set to change the way for majority of people. Security in the present context has become the harbinger of innovation and has evolved the need for genuine authentication is pertinent. Personal use of biometric systems is being an issue for authentication and security. Mostly finger print recognition is used for authentication. This paper is organized as follows: by now, the reader should have a clear idea about what this project is all about and section one which consisted for the current problem incurred by the internet users and need for the system followed by the study of objective , level of challenge and project planning , section two consists of literature review followed by domain and technical research .Section three will illustrate how primary research (survey and the interview)and investigation was done and which methodological choices were made.

Biometrics is defined as behavioural uniqueness that can be used to verify to identify an individual, which can include fingerprint verification, retinal scanning, face recognition, iris, and signature verification. Biometric system is authenticates users by its biological characteristics and behaviour characteristic that can be fingerprint, iris, face and voice. (Ruud Bolle, 2001)

There are some traditional techniques used for authentication

 Manually tokens (Anil Jain, 2000): It refers to identification process in form of human intervention , means a person will make a decision for deciding whether the identify is approved or not E.g.: On airports the authentication is done manually by verifying passports , now the airport immigration authority takes decision regarding the traveller authentication is verified or not.

 Automated tokens (Anil Jain, 2000) : These token does not involve human intervention for identification. E.g. verification system like ATM, smart cards and magnetic strip cards.

(16)

"Authentication is something you have, something you know, and something you are when you add biometrics" (Charles Kolodgy, 2001) (Lewis, 2001-2002)

 Something you know (a password or personal identification number, PIN)  Something you own (an identity card, pass, or token), and

 Who you are (one of the distinctive characteristics unique to you)

3.1 Comparison between identification techniques

Tokens Can be fake and can be used without knowing to original holders. E.g. Someone can "steal an identity" and create a new fake ID using any others personal information.

Passwords Can be cracked or obtained using hacking techniques or tools like password cracking.

Can be told. If the password is told to a person they can get into your account and can misuse your personal information.

It can be forgotten which can cause problem for an organization you are working for E.g. you are working in a organization you need to gain access to company email account urgently, forgetting password can cause you in trouble that time.

Biometrics Cannot be fake Cannot be cracked

Dealing with accuracy sometimes causes problem in biometric device like having a cut on finger, burn or excessive rubbing on hard surface can bring damage to your finger then it might not be possible that you can be authenticated by biometric system that time.

(17)

3.2 Comparison between each biometric technology

Methods Strength Weakness Suitable

applications Finger print Stable over time

uniqueness Needs to training user resistance Workstation access control , ATM , airline tickets , physical access control , information system control

Face Universally present Cultural and religious issues

physical access control

Iris Stable over time

uniqueness Needs to training user resistance ATM , airline tickets , physical access control

Retina Stable over time

uniqueness

Slow read time user resistance

physical access control ,

information system control

Hand geometry Low failure to enroll

small template Size of device

childish finger growth

physical access control ,

information system control, time attendance

Voice Less training

excellent user acceptance

Changes and unstable over time

Mobile phone banking

Signature High user acceptance less training

Enrollment task long & unstable over time

Portable device stylus input

(18)

3.3 Fingerprint technology

Fingerprint identification is one of the most well know biometrics because of the uniqueness and consistency over time. The fingerprint has been used from past century for the identification purpose but now it has become advanced using biometric technology and computing capabilities. The fingerprint technology has become so popular because of the ease of use and several sources (ten dingers) available for collection.

This literature review also addresses on some areas like social and legal issues regarding fingerprint technology. Human factor that relates to biometric technology and some security issues for fingerprint biometric technology. The issue effecting biometric technology are presented as by (Green, 2005) as follows:

Social issues

There are several social issues that affect fingerprint biometric technology like misunderstanding the usage of the device of technology. Hesitation is also one of the issues relating to biometric, new users sometime hesitate to use new technology.

Security concerns

No system that tend to be entirely secure there are some intrusiveness in the system including fingerprint technology. But implementing fingerprint biometric system can be somewhat secure as compare to stealing and copying passwords, there is a level of security. Mainly passwords can be broken by using some software but using fingerprints for authentication will be considered more secure and reliable.

Privacy Concerns

The privacy concerns can be leaving the fingerprints all over the place on daily basis work that user do. But when a user is involved in using fingerprint technology user might worry about the privacy.

Third party involvement in data

Other than privacy the concern for the fingerprint is that when the fingerprints are scanned they are stored in the digital format and are stored in the database. The data store in the database can

(19)

Health concern

The health concern for the fingerprint is related to the safety of fingerprint technology. While user interaction there is a direct contact between user and device sensor , user might fear of electric shock or spreading germs or might experience some kind of pain while using the device.

The graph shows user uncomfortable using biometric technology

Human Factors Gender Factor:

As per gender woman have slim and smaller fingers with long nails as compared to males. Due to the change the fingerprint scanning device may not be able to capture a good sample or authenticate well. The shape and size differs with regards to gender.

Age factor:

As people age increases the fingerprint becomes lighter and there is elasticity in skin. Such a problem can result with poor acquisition of fingerprint and will not be able to match with the original samples. It also varies from the sensor and hardware that is being used.

Occupational factor:

As some of people do labor jobs, they might deal with lifting up heavy things and working with chemical which may result in wearing of fingerprints. This might cause problem for the

60 120 140 95 110 0 20 40 60 80 100 120 140 160

Fingerprint Iris Scan Retina Scan Voice Recognition Handwritting recognition Nu mb er of res pon den ts

(20)

fingerprint scanner to match it or capture the sample. But there are some sensors available which use the second layer of the skin to be captured.

Secondary Research

Developer needs to do feasibility study on the current biometric fingerprint system available in the market before proceeding towards the development of the proposed system. Developer need to find and analyze the requirements for the system and gather information about the systems. Developer need to analyze the resources required to develop the system. As there is much information available on internet regarding biometrics but developer need to be careful before using that information because the information mentioned can be wrong. While referring the source developer need to see the website or domain from which the information is being taken, the information that was gather from internet should be authenticated and verified. The developer can refer to journals, papers and university website because they are very reliable.

3.4 Review on similar systems

There are lots of products available in the market using bio metric technology. Before moving towards the project, the developer needs to find similar biometric fingerprint systems that have being already developed and need to review on these systems.

The proposed system (Fingerprint Web Authentication System) which is not yet been developed in the market but there are similar systems available in the market that are using fingerprint technology for the authentication.

(21)

3.4.1 Biometric Time Attendance Management Fingerprint System Overview

Lone wolf software, Inc was founded in 1991 which has evolved small computer resources to custom software with clients in multinational companies. The company has been developing systems of no just time and attendance but also for other management software’s. The Juno uses the best finger print technology which is highly rated in time attendance management system. It brings the manual work to automation and faster than before like it is used in automated time and attendance terminal. It is easy to maintain and use, need not require much training procedures before using this device. It allows the user to clock in and out with just a touch of a finger. It’s not only used for clock in and out but user can also view the previous records and other information like departments and current projects.

For the audio assistance and verbal conformation speakers are attached on the board. This product also comes with the internal bell system which uses the internal speakers for a beep like common start, break time and end time. This product is capable for holding more than 1,500 templates and 30,000 transactions which makes it the perfect for any size of the company.

3.4.2 Reason for developing such system

This system is fast replacing the traditional attendance registers. Huge number of employees works under one company and it’s very difficult to maintain each employee daily records manually like (attendance, time in and time out). Manually it takes so much time for the employees to mark the records. The old traditional system was not easy to maintain and was also so much time consuming, generating a report manually can take so much longer time using manual attendance system. Reasons for developing or using these types of systems are mentioned below:

 Security: Employees need to punch there finger on the sensor to enter the company and mark attendance, by this elimination of fake entry and a reduction of time theft. Moreover reduce the labor cost and saves lots of money.

(22)

 Accuracy: With increase in security this system also provides increase in accuracy. Besides from time theft, calculating mistakes cost can be reduced easily. The automation of report generating will be accurate. You will be able to monitor attendance, breaks and holiday hours; everything will be recorded correctly and fairly.

 Easy to Use: Automated attendance and management system are easy to use and implement. Employees can just log their attendance easily just with a touch of the finger and managers can.

3.4.3 Conclusion

This system is similar with the developers system as per the technology perspective, because this system is also using biometric fingerprint technology, but developers system is mainly based on the web authentication system. The backend working for the system above and developers system will be similar as in this system developer will be also storing the fingerprints of the users in the database that are going to use the system.

3.5 Bio-web system 3.5.1 Overview

Biometric security solution is company which provides biometric services to wide range of companies all around UK. This company deals with many biometric products like Biometric Hardware , fingerprint scanners, Iris cameras, biometric software and signature recognition. This company has been developing system for not only web-security but also for network login system, time attendance system and secure USB drives. Bio-web system developed for the web environment where it can also determine the hardware configurations available on the client machine. For this fingerprint reader or scanner is required at the client side.

(23)

The following are the process for Bio-web fingerprint authentication as user’s point of view:

 User should navigate to the login page and enable the active x control for fingerprint authentication.

 User needs to login the username and then will be redirected to the fingerprint authentication page. The user should place the finger on fingerprint reader to scan the image of the fingerprint.

 The users will submit the login details and fingerprint image to the biometric sever  The request will be sent to the server for verification of the fingerprint and username  If the user is verified then user is granted access to their accounts but if the match fails

then user is deemed invalid.

3.5.2 This system can be used following areas:

Intranet: Most of the critical areas of the intranet can be protected using fingerprint

authentication like in some organization they use attendance and payroll systems.

Extranet: Using fingerprint authentication can help users to minimize security risks as

sometimes user does not logout from the extranet, there can be timeout implemented and login will be using fingerprint authentication.

B2C applications: For B2C like online banking, the user can use for login into banking websites

(24)

3.6 Fingerprint matching

Two of the fundamentally important conclusions that have risen from research are:

1. A person's fingerprint will not naturally change structure after about one year since birth. 2. The fingerprints of individuals are unique. Even the fingerprints in twins are not the same. Each and every fingerprint consists of ridges and valleys. The upper skin segments of the finger are ridges and the lower skin segments are known as valleys. These ridges form points called minutia points, there points are formed by identifying ridge endings and ridge splits.

Fingerprints into five categories: whorl, right loop, left loop, arch, and tented arch. Matching

one fingerprint with another fingerprint the system needs to check arch, loop, whorl and delta.

Outlines of typical automated fingerprint recognition system

3.6.1 Steps involved in fingerprint matching

In scanning method the digital image is directly taken from the device by placing the finger on the surface of fingerprint reader. Some sensors like optical are based on frustrated total internal reflection technique used to capture the live finger prints mostly in forensic and government agencies use these kind of systems. Some of devices while solid state and sweep sensors based measures the difference in physical properties such as capacity or conducting friction ridges and valleys.

(25)

In the identification phase the user need to touch the sensor, for generating a few fingerprint image know as query print. The minutia points are extracted from the query print and then go for match into the database to find the similarity between the common minutia points. Sometimes due to some variations the fingerprint placement on the sensor or pressure applied to on the sensor, the points that are extracted from the fingerprint should be aligned before the matching takes place. Now the matcher will look for a number of pairs of matching minutiae.

In feature extraction from a fingerprint image is characterized into three levels. Level 1: Feature capture macro details such as friction ridge flow, pattern type and singular points. Level 2: Feature refers to minutiae such as ridge bifurcations and endings. Level 3: Feature includes attributes of the ridges such as ridge path deviation, width, shape, pores, edge contour and

A fingerprint matching finds a match between two fingerprints, which can be high from the same fingerprint or low for other fingerprints. Fingerprint matching is difficult pattern recognition problem due to the variations in the fingerprint, different variations from the same fingerprint or similarity between the two fingerprints. The variations are caused due to pressure and placement of the finger on the surface of fingerprint reader some other variations can be with different conditions like skin dryness or cuts. The similarity can be large as there are only three types of fingerprint patterns arch, loop and whorl. There are four different type of

(26)

algorithm used for fingerprint matching: image correlation, phase matching, skeleton matching and minutiae matching. Minutiae based matching is commonly used because this technique has been used from many centuries by the forensic experts. The minutiae based representation provides effective loading and same finger as a match. A system false rate and false non match rate depends on the operating threshold , when there is large number of threshold for false match rate at very high false non match rate for a fingerprint matching system it is impossible to remove both the error for false match rate and false non match rate simultaneously.

Example of fingerprint and two minutiae

3.6.2 Minutiae matching:

The minutiae based fingerprint is used widely as this scans the fingerprint card and then extracts the minutiae from the fingerprint and search, compare or lists the minutiae against other fingerprints. The minutiae based matching system usually return the number of matched minutiae on a fingerprint to both query and reference to generate similarity scores. At typical good-quality fingerprint image contains about 20-70 minutiae points. According to forensic science if two fingerprint have minimum 12 matched minutiae they are considered to have come from the same finger. More the minutiae in a fingerprint match more the higher similarity scores.

(27)

In the enrolment process of fingerprint the minutia points are located according to their positions to each other in the directions recorded. Then the minutia points recorded are stored in form of template for authentication of the person later on. For the matching of the fingerprint image the minutia points are extracted and compared with the saved template. The minutia points are then compared with registered template and try to find out as many points for a authentication.

Verification using minutia points

3.6.3 Pattern Matching

The pattern matching is not only done on the basis of the fingerprint points but also some characteristics include like ridge thickness, curves, density. The pattern based algorithm is not widely used due to increased depth of data in a pattern. The pattern based algorithm and minutia based method suffer the same difficulties varying fingerprint quality. In the pattern based the image is taken from the sensor and is store in the database as template. Then the image is cropped in form of square with a fixed region and directions. The cropped region is then compressed and store in the database for match.

(28)

The verification begins when another fingerprint image is capture by the sensor and is sent for the match. The registered small image from the template is then compared with the fingerprint image to find the degree of the template match.

(29)

3.6.4 Difference between minutia based and pattern based

Minutia Pattern

Definition Analyzing the points where the ridges on the fingerprint splits or ends

Analyzing the graphical comparison on the fingerprint image

How it works The device captures the image and then fingerprint image is identified from the core, loop, arch, whorl and ridges. The directions are marked and compared with the other image. These points are known as minutia

Graphical centre of the image is taken cropped at the fixed size distance and compressed for a subsequent match. The more difference between the graphical images less chance for the fingerprint match.

Template size As small as 120 bytes average size is 350 bytes

500-700 bytes when compressed

Search speed Depends to template size , smaller the template size faster the search speed results

Depends to template size , smaller the template size faster the search speed results

Sensitivity to physical changes

Less sensitive as only 30% of minutia is required for the match. Cuts and arch usually do not effect on the match

If the arch or cut on the finger , the new template may be required

Sensitivity to time

Less sensitive to change over time Sensitivity to the physical changes and placement of the finger on the sensors

(30)

4 Primary Research

4.0 Introduction:

Primary research focuses on data gathering methods for the target users; this section includes the collection of information from the target users. The information will be used in the development of fingerprint system, to quote Nobel Prize winner physiologist Albert Szent-Gyorgyi, “Research is to see what everybody else has seen and to think what nobody else has thought”. Primary data is the data which is being collected by you and is more reliable and up to date. It’s the data that has been created first time and there is no other previous source available.

To do a research many facts finding techniques will be carried out by the researcher. 4.1 Fact Finding Techniques

To study the system analyst need to have all relevant information and facts required for that system. For each and every project to be successful depends upon the accuracy of data collected or available. There are several methods and techniques used to collect the accurate information or data available. These methods and techniques are termed as fact finding techniques or methods. When these facts are represented in the form of quantitative termed as data. Interview, survey, questionnaire, recording views and observation are some fact finding techniques.

Data gathering is very important stage in system development life cycle. There are two basic types of fact finding techniques and that are:-

 The qualitative research includes participant observation, interviews and focus group. Using this technique provides the quality of data which can be analysed easily as it is based on expert views and judgment.

 The quantitative research includes controlled questionnaires, surveys and experiments. Using this technique of data is been gathered and much time is required to analyse the data. The accuracy of data is very accurate.

For the data gathering the developer decided to use both fact finding techniques. For qualitative research developer decided to conduct an interview and for quantitative research developer decided to conduct survey.

(31)

4.1.1 Interview

“An investigation may take six months. A quick interview, profile, a day”

Interview is the method use to collect information for a group of people or individuals. Before conducting an interview analysts need to select the people related to the system. The interview is generally done face to face but before that it’s important to take permission and arrange a prior appointment. We need to choose a suitable place and time for the interview which is comfortable for the respondent.

During the interview the information collected is quite accurate and reliable as we can clear and cross check the doubts during interview. Conducting an interview also helps to clear the gaps and misunderstanding regarding the problems. The interview is further categorized as structured interview and unstructured interview. The structured interview is the formal interview where definite questioned are asked and discussion is done on specific information whereas unstructured interview is more like a casual conversation where topics beyond the areas are covered.

The interview can be conducted for various purposes and with variety of goals in the mind. The successful interview should follow certain steps.

 Introduction

 Background of the project  Fact gathering

 Verifying the information gathered

 Make sure to confirm the information gathered from the interviewee  Clarification

For the data gathering developer selected to conduct an interview. Like other fact finding techniques interview has its own advantages and disadvantages. But according to developer the interviews was best suitable for the scenario as the proposed system was not yet designed before and developer needed an expert’s view and suggestions to develop the system. The advantages and disadvantages of the interview will be discussed further.

(32)

4.1.2 Who to Interview

The most important task for developer was to select the interviewee. Before data gathering developer need to choose the appropriate person for an interview. This includes the selecting of interviewees; need to understand what is expected from the person who has to be interviewed at the specific level and need to understand how to verify the information received.

Advantages of interviewing

 Allow participant not restricted to the predetermined categories and also use his or her own words

 Provides high reliability and accuracy for the information

 Allow the evaluator to get into more details and insure that participants understand the questions the way they intended.

 Interviewers use their knowledge and interpersonal skills to explore more in details and many new ideas generate.

Disadvantages of interviewing

 Sometime participant say more what they are intended to say.

 The interview may be more reactive to personalities and interpersonal dynamics.

 Conducting interviews can me more expensive and time consuming as it qualitative interviewing involves significant skill and experience.

 Analyzing qualitative interview is much more time-consuming than analyzing quantitative data

4.1.3 Justification for choosing Interview

Interviews are conducted face to face with individual or a small group. It is better to have small group or individual for the interview so that everybody gets a chance to contribute. Interview is used for data gathering process although it takes much time for the process but it is very useful as the information gathered is reliable and accurate. During the interview we can focus on the interest or specialized area of the interviewee.

(33)

4.1.4 How the Interview been done

The developer designed the questions for the interview and gave them to the interviewee i.e. Mr

Y. The interview was recorded for the referencing purposes. It was assured that the information collected will be kept confidential.

4.2 Survey

This technique is used when we have to extract the information from number of people. This is done when it is impractical to meet all the people face to face. Adopting this method requires very skilful analysts. The survey questions should be framed in the logical manner. The survey questions should be simple and clear, making sure that user should able to understand properly. This method is very useful for attaining information from the people who are going to use the system. The questionnaire can be email or distributed among the people, this is the cheapest source of fact finding.

(34)

5 Secondary research

5.0 Methodology 5.1 Waterfall Model

In earlier days of software development, the source code was written and then debugged. No formal analysis and design was followed. As written codes and debugging process became problematic when complex software systems were required. Since these system requirements should be well understood, which provides a model for development of the system. This model is known as the waterfall model. It is an approach for the development of the system that emphasizes completing of each phase before proceeding to next phase.

Sometimes combination of certain phases freezes the development at that point of time. If the change is being identified in the product then a formal process is followed to make changes. The graphical representation of the model is downwards flow as of a waterfall. Each phase includes the documentation and phases below the design phase include software as part of their output. Moving from each phase to another phase is followed by holding a formal review that is attended by supervisors. The review provides by the supervisors helps in project progress. At some critical points in the waterfall model some baselines are established, by the process need to finishes in order to move forward.

There are difference between hardware and software that waterfall model does not address. As sometimes hardware & software does not requires no fabrication. If the drawing model is complete the final product exists. Many of the software development methodologies have evolved from attempts to optimize the waterfall model for software. Like software prototyping helps in understanding the requirements of the typical hardware production which understanding is critical for waterfall model.

(35)

Advantages of waterfall methodology:

 Easy to implement as it is a linear model  Minimum amount of resources required

 Each and every phase is documented well, it is easy for developer to understand the system

Disadvantages of waterfall methodology:

 User cannot go back to the phase and makes changes if they have already completed the phase.

 Any changes in the requirement can cause lots of confusion in the project.

 Till the final phase is not completed the working model of the project is not ready for the client.

(36)

Comparing the Waterfall Model

Description. The waterfall model consists of several phases for the development of system.

Before proceeding to each phase need to make sure those requirements for the pervious phase are completed. For comparison of waterfall model to other models, the most important attributes of this model are as follows:

 A formal method.

 Uses top-down development  Steps are combined

 Each phase includes starting and ending point.

Where to Use the Waterfall Model

The waterfall model should be used where the requirements for the system are well defined and understood.

5.2 Incremental Model

Description:

The incremental model overlaps the sections of waterfall method to compensate the length of waterfall model projects by producing usable functionality earlier. Incremental model is basically used in small projects as it may start the project with some general objectives. As small portion of these objectives are also defined as requirements that are used further in implementation of the projects. But in small complex project use of the general objectives as requirements is uncomfortable for the management to use for the development of the systems because some modules of the project will be completed long before other requirements. Implementing reviews and audit for this type of system will be more difficult, as there can be a tendency to push the difficult requirements to future to demonstrate early success of management.

(37)

Incremental Model

Where to Use the Incremental Model

If developing a whole system at once is too risky, then we consider incremental development model.

5.3 Boehm Spiral Model

Description: The spiral model is a process for software development. The spiral sometimes uses

the top-down and bottom up technique it can be the combination of waterfall model and prototype. It combines both design phase and prototyping. The incremental model can be viewed as a spiral model because it illustrates one of the strengths of incremental model as the resources remain constant as the system size increases. The size of the spiral corresponds to the size of the system, while the distance between the coils and the spiral indicates resources.

(38)

Steps involved in spiral

 Requirements are defined in detail which also involves the interviewing the users

 The important phase in spiral model is creating preliminary design of the system which helps the users and developer to understand the system, this phase also helps in identifying the problems and solutions towards it.

 The prototype is constructed from the preliminary design which represents the characteristics of the system

 Then evaluating the prototype in terms of weakness, strength and risks.  Coming up with new requirements

 Planning and design for second prototype  Implementing and testing the second prototype

Advantages

 Estimations are more realistic as most of the requirements are analyzed in details

 It is easier to make changes in the systems as compared to others.

Disadvantages

 limiting re-usability

 Requires dedication and information management  Not similar for each type of application

 High risk for cost and time

When to Use the Boehm Spiral Model

The Bohme model has become very popular with the aerospace and engineering projects. This model is basically use in the defences engineering project as they are very risky in nature. But the business projects are more conservative. But sometime spiral model is applicable for many business projects in which success is not graduate or it may require very much computation like some business uses decision support systems.

(39)

Strengths and weaknesses of the waterfall, incremental, and Boehm Spiral model

5.4 Prototyping

Description: Prototyping is the part of the process which helps in building the model of the

system. It is included in analysis and system development. This process helps the developer to build a design for a system to know exactly how the system will work. During the requirement and analysis phase there is a need to gather the data required for the system. Prototyping is sometimes intangible but still helps in enhancement of the project. The feedback that is received from the users after developing the physical design of the system can help us in evaluate the

(40)

response of the users to this system and then manipulation can be done to the system according to the requirements. Prototyping comes in many form it’s not only the physical design but can be the as low as paper sketch to any engineering design tools. Still now also some of the organization uses the paper sketch as the prototyping but some of them uses some computer aided software engineering tools to build a prototype.

When to Use Prototyping with the Waterfall

As it was mentioned in the description above of Boehm spiral that it may use waterfall which can be very useful in the project when the it is required to demonstrate the technical feasibility and technical risk is very high. It can also be used to better understand the users requirements which can limit resource cost by understanding problem are before utilizing further resources.

Advantages of prototyping

 It reduces the time in the development  It reduces the development cost

 For the prototyping process it requires user involvement  Helps the developer in future enhancements

Disadvantages of prototyping

 Much analysis not done in prototyping

 The expectations for the users are made according to the prototype  Even developers can also be attached to the prototype

Strengths of Prototyping

 Focused on the functionality of the project in early stage

 The process involved provides perfect requirement definition

 This model also provides risk control.

 Documentation focuses on the end product not the evolution of the product.

(41)

 Bad documentation

 Sometimes using this technique may produce the system with poor performance. 5.5 Clean room

Description: The basic idea to use this technique is to control the cost by detecting bugs as early

as possible, when they are less costly to remove. Rather than documenting everything for the software design and requirements it uses off-line review techniques to better understand develop the software before it is executed. In this technique the programmers are not allowed to perform trails and errors while execution of the software, the software should execute successfully first-time. The testing uses statistical examination to focus on the errors of the software that cause failures.

The conclusion is that much time is spent to verify the program as less time is given for designing and coding. The program testing must be done side by side as its much reliable than following traditional life cycle models.

When to Use Cleanroom

Clean room can be combined with other models like incremental, spiral and waterfall to produce complex systems. This technique provides better results and high quality software instead of direct productivity increases. This technique requires semantic design model, full procedures and unit testing before the product is released in the market.

Strengths of Cleanroom

 The errors are recognized in the early stage

 Provides high quality software and reliable products

Weaknesses of Cleanroom

 It requires complete user requirements , only after that we can start developing the system

(42)

5.6 Object-Oriented

Description:

The object oriented approach is to focus on real world objects in the software development. It is basically based on the idea that human limitation cannot manage more than seven concepts and single time. Grady Brooch suggests that, “The principles of software engineering can help us decompose systems so that we never simultaneously deal with more than seven entities”. The object oriented also includes object oriented analysis, object oriented design and object oriented programming.

Where to Use object – oriented

Use Object – oriented in projects where

 It can be used where the functional complexity of the software is lesser concern.

 Object oriented techniques can be used for implementing the technology as it also provides adequate tools which are very helpful.

 Using object oriented techniques the organization can change its development methods.

Strengths of Object-Oriented:

 There is lower maintenance cost as this technique emboldens a complete solution.

 The model states the user's sight of certainty.

Weaknesses of Object-Oriented

 Using object oriented techniques can be difficult for the developers with the structured back ground.

(43)

5.7 Justification for chosen methodology

FWAS is a system that can be implemented in any other universities with minimum requirements. Developer choose waterfall methodology for developing the system because this methodology includes portioning a large system into a manageable smaller ones and organizing the details into an understandable by utilizing a top-down approach. This methodology provides measurable, reviewable and definable product specification. At the end, the process draws on more system personnel resources as well as user involvement. It increases involvement and communication between system and users. It also allows allocation of simpler tasks to junior personnel which mean each and every group member is equally distributed among tasks. A great impact of this methodology is that the total time and cost are greatly reduced, if system developed by this methodology is implemented in the organization. It also includes developing and maintaining the system specification, especially for the outputs.

Waterfall facilitates timelines by allowing project planning, management and control all within a single methodology. On the usability side, special emphasis is placed on analyzing user’s requirements. At the same time, the system’s data model is developed and a specification analysis is carried out. All this is done to match the system’s design to the needs of the user. It does not require any special skills and can be taught easily to any team member to embrace the methodology. This translates to speedy implementation and clear communication. The quality of the end product is controlled as the error rate is reduced by defining certain quality benchmarks in the beginning and measuring it constantly against current progress. Productivity is improved by encouraging on-time delivery, meeting business requirements, ensuring better quality, and utilizing human resources effectively. This means a high quality Online E-recruitment System can be deployed within a shorter turnaround time. Finally, Waterfall can be used freely without paying any license fees or royalties to any part.

(44)

6 Languages

6.0 ASP.Net

ASP.Net is the product of Microsoft. It is the extended version of active server pages; which helps in the web development model that includes basic services required for the developer to develop the web applications. (Sae-Chin, 2002) It can support various languages like VB, C++, C#, J# Jscript. Net frame work does not only limit itself to any one language which is the good about it. It works on the windows environment and also support to the web pages.

6.1 Java

It is a programming language used to develop the applications. It is easier to write and develop application using this language as compared to other languages. The limitation of this language is that it limits the developer to use only one language that is java. This language also contains the API which can develop the applications more easily and faster. It is platform independent the programs use java virtual machines for the abstraction and do not access the operating system directly.

Level J2EE .NET

1. Presentation and access

Java server pages are used to build tag-oriented dynamic web pages for accessing remote objects. Dynamic pages can also be built programmatically using servlets. Swing is used to build rich interactive GUI

.NET uses ASP.NET for dynamic HMTL pages. Windows forms are used for building rich and complex GUI and web services are used for programmatic access to remote business logic.

2. Business logic Enterprise JavaBeans hold the applications business logic- the code that implements the functionality of the system

.NET managed components are made for .NET environment and unlike COM components, are registered in the registry. COM queued components works asynchronously, e.g. in scenarios where the serve is not online all the time

(45)

3. Connectivity Java database connectivity provides access to tabular data. Java connector architecture allows J2EE components to access different enterprise information systems. JMS is a messaging standard which allows sending and receiving SMS asynchronously.

ADO.NET is used for accessing relational databases and provides integration with XML. An XML API provided for mapping .NET components to XML protocols such as SOAP and WSDL

4. Runtime Java runtime engine , which includes the java virtual machine, core java classes and support files

All.NET applications use single runtime engine, the common language runtime for all.

6.2 PHP

Level ASP.Net PHP

1. Speed Like all other .Net application asp.net applications are compiled which makes it more faster than PHP

PHP applications are interpreted, to have same effects like asp.net PHP accelerator must be installed on server side which most of companies avoid. 2. More language support Asp.net is written using object

oriented programming languages of our choice

PHP is simple scripting language in compare to other .Net applications like VB.Net, C# etc. These languages give more control and reusability. 3. Development

environment

Free development environment for Asp.Net id available called web matrix

This blows all other free development environments for PHP out of the water.

4. Part of .Net Using asp.net is very beneficial as it easy to understand and using asp.net also helps with the development of windows applications.

PHP has PHP-GTK, but it’s currently very immature compared to .NET

(46)

6.3 Justification for choosing the programming language

For developing fingerprint web authentication system developer have chosen ASP.Net as a programming language to develop the system because more hardware support is available for these languages, many API are available and much research is being done on these programming language ,it also supports trusted platform.

As survey was also conducted in June 2002 regarding which programming language will be useful in future. The survey was completed by 633 development managers; the survey showed that .NET had already gained a strong place in the IT industry. It also showed the ratio of projects using .Net to J2EE is 28% to 48.8 %, in future it will increase to 52.2% to 51.8%. Another survey was conducted in October 2002 with 600 developers as it resulted that more people where using .Net rather than Java. The ratio of using .Net to J2EE was 63% to 61%.As keep in mind for future implementation of the system developer decided to choose ASP.Net as a programming language to develop the system.

(47)

7 Survey

7.0 Introduction

The online survey was conducted among the lecturers and other staff members of the APIIT University. There are more than 150 lecturers available working within the university. The developer needs to design the survey online survey form and email survey forms for the university lecturers and other staff members. The developer conducted this online survey to know the usage of current system and the problems that users faced in the current system. The online survey was conducted with 88 lecturers as there were only 34 respondents for the survey form. The contribution of university lectures and other staff members helped the developer to complete the survey.

7.0.1 Objective

The main objective to conduct this survey was to know about the usage of current system and issues faced by the users in the current system. The developer will able to know about the level of authentication required by the users in the current system. From the survey developer will able to know about the usage of biometric technology by the lecturers and staff members of the university.

7.0.2 Survey Design

Fingerprint Web Authentication System

This survey is carried out as partial fulfillment for the cause of bachelor's degree research. The research is entitled as “Fingerprint Web Authentication System ". Objective of this survey is to collect data from the lectures working in the university and also to know importance of implementing security into university websites. The data is needed to know about the importance, security and usability of biometric systems. The Fingerprint Web Authentication System will authenticate the lecturers using their fingerprint while logging into the university website. This system will help in increase in security on websites as much confidential information is been available. I hereby declare that all your personal information will be kept confidential.