The Automated System for General

Administration using QR Code

D.S.Zingade1, Vishal Jangade 2, Ankita Varade3, Mansi Sable4, Swati Shirsat5
deeplakshmisach@gmail.com,vjangade128@gmail.com,varadeankita@gmail.com,sablemansi12@gmail.com,
swatishirsat2812@gmail.com
B.E. Computer Dept., AISSM’S IOIT,Kenndy Road,Pune

Abstract — The keystroke logging is referred to
as key logging in which the strokes of keyboard are
captured, which means that the keys pressed on the
keyboard are recorded. Except this the action of the
person are observed and which are unknown to the
person. There are various kinds of root kits which
are present in PC's and the user behavior is been
observed which make PC's entrusted device. When
we need to focus on large network computer security
is main subject of concern. There are large number
of key log methods that ranges from hardware and
software methods to acoustic analysis. Fortunately
there are preventive measures to search and destroy
key loggers or keep them at bay these we can keep
away our self from malware attacks as well as
shoulder suffering attacks we implemented
sophisticated method for security using QR code.
Here we have demonstrated two protocols for visual
authentication purpose which are term as OTP
based protocol and password based protocol. Here
we show how visualization can improve security as
well as convenience by proposing two visual
verification convention, one for password based
authentication other one is one time password.
Keywords- Key logging; Authentication; QR
Code; Two Protocols.
INTRODUCTION
Computer security is the crucial factor which is to be
considered with respective to large networks. Computer
security is also known as cyber security, is nothing but
securing the information from thefts or any other
malware attack. A key logger is a type of software that
is considered as spyware which has the ability to record
the keystroke after pressing the keys. Any e-mail
information and messages can be recorded at anytime
by the key logger. Key logger tool is mostly used by the
employers who make use of computer in banking
system, hospitality to make sure that their password or
another information is secured. Key loggers are of
different types: hardware and software key logger
devices, monitors the physical keystroke of computer
users. There are some key loggers who can record the
URL sites and also the mail address. In the act of key
logger. The password of the user is being known
whenever the person sign-in for any purpose. Such a
key loggers are also present in personal computers.
There are many situation where we have to use public
computers for transaction or any other purpose, so in
this case the password is most likely to be stolen, to
avoid this act of hacking password. We can propose a
visual keyboard, which consists of shuffled keypad.
Whenever a user sign’s in shoulder suffering attack may
occur to prevent this attack. Shuffled visual keypad
technique is proposed. There are many other technique
to prevent this attack. In this paper, we have proposed a
system which make use of two protocols: one is one
time password and other is password based
authentication. We have also shown visualization can
improve security.
OBJECTIVE
 New scheme for detecting QR code generation.
 To identify user information and then decrypt
QR and send to particular user.
 To reduce time required for verified certificate.
 Minimize the effort required for filling the
form
LITERATURE SURVEY
Designing Leakage-Resilient Password Entry On Touch
screen Mobile Devices, Author Q. Ya. Han, Y. Li, J.
Zhou, and R.H. Deng n, J,2013 In this paper, we
propose a user authentication scheme named cover-pad
for password entry on touch screen mobile devices.
The Quest to Replace Passwords: A Framework for
Comparative Evaluation of Authentication Schemes,
Authors J. Bonneau, C. Herley, P.C. Van Web
Oorschot, and F. Stajano 2012 Authors have evaluated

Volume: 3 Issue: 2 April - 2018 23

proposal for replacement of password for general
purpose user authentication on the internet using a
broadset. Our system protocol methodology and it set a
high milestone for future work authentication
. QR code. before scanning the QR code, authorized
SafeSlinger: An Easy-to-Use and Secure Approach for
Human Trust Establishment, Authors M. Farb, M.
Burman, G. Chandok, and J. McCune, A. Perrig 2011
Authors have proposed safeslinger system where the
public keys can be exchanged securely and privately by
the people on the basis of online communication.
Secured channel is been provided by the safeslinger
which offers us secrecy and authenticity which is been
used by users for file exchanged and secured
messaging.
GAnGS: Gather, Authenticates Group Securely,
Authors Chen, Chia-Hsin Owen, et al. 2008. In this
paper, they present Gangs the system was implemented
where information between mobile devices for
exchanging data securely at the same location when
they are physically present.
Short Signatures Without Random Oracles, authors Dan
Boneh, Xavier Boyen. Authors have described, a short
signature scheme under a chosen message attack which
is unforgettable without using random oracles. The
complexity assumption scheme is been used for the
security purpose which is strong Diffie-hellman
assumption.
PROPOSED METHODOLOGY
Step-1: Registration Process:
In this stage, the user will fill an online form provided
by the organization on their website. This online form
will be consisting of all required details for the
database. Information stored in database and displayed
to user.
Step 2:Login process key logger:
In this stage user will login using two type: first one is
simple way and second way we have to login using key
logger in that key logging we generate visual keypad
using that visual keypad we will enter our password and
authenticate user After successfully filling the online
form, the information will be stored in the database and
the webpage which will contain all the details of the
user will be shown to the user. The database will be
stored in the cloud.
Step-3: Generate QR code:
After successful registration of user the QR code is
generated by the system. unique 2D QR code will be
generated for each user.
Step-4: Sending confirmation mail containing
the QR code to the user:
A confirmation mail containing the unique 2D QR code
and secrete key which is used to decrypt that QR code
Volume: 3 Issue: 2 April - 2018
of the user will be sent to the user after the QR code is
generated successfully.
Step-5: Scan QR code:
A Smartphone application will be used for scanning the
login will be provided to the particular authorities
Step-6: Link retrieval and display link:
After scanning the QR code, data will be retrieved and
displayed to the user scanning the QR code.
Step-7 : Display information of the user:
the user have to click on the link and then the download
form
IMPLEMENTATION
1) Java
Java is set of computer software and specification
developed by Sun Microsystems, which was later
acquired by the Oracle Corporation, That provide a
system for developing application software and
deploying it in a cross-platform computing
environment. Java is used in verity of computing
platforms from embedded devices and mobile
phones to enterprise servers and supercomputers.
Which they are less common than standalone java
application, java applets run in secure, sandboxed
environments to provide many features of native
applications and can be embedded in HTML
pages.
2) XAMPP
XAMPP is a free and open source cross-platform web
server solution stack package developed by Apache
Friends, consisting mainly of the Apache HTTP Server,
MariaDB database , and interpreters for scripts written
in the PHP and Perl programming languages . XAMPP
stands for Cross-Platform (X), Apache (A), MariaDB
(M), PHP (P) and Perl (P). It is a simple, lightweight
Apache distribution that makes it extremely easy for
developers to create a local web server for testing and
deployment purposes. Everything needed to set up a
web server – server application (Apache), database
(MariaDB), and scripting language (PHP) – is included
in an extractable file. XAMPP is also cross-platform,
which means it works equally well on Linux, Mac and
Windows. Since most actual web server deployments
use the same components as XAMPP, it makes
transitioning from a local test server to a live server
extremely easy as well.
3) Android studio
Android Studio is the official integrated development
environment (IDE) for Google 's Android operating
system , built on Jet Brains ' IntelliJ IDEA software and
designed specifically for Android development. It is
available for download on Windows, macros and Linux
based operating systems. It is a replacement for the
24
Eclipse Android Development Tools (ADT) as primary
IDE for native Android application development.
4) eclipse
Eclipse is an integrated development environment
(IDE) used in computer programming , and is the most
widely used Java IDE. It contains a base workspace and
an extensible plug-in system for customizing the
environment. Eclipse is written mostly in Java and its
primary use is for developing Java applications, but it
may also be used to develop applications in other
programming languages via plug-ins, including Ada ,
ABAP, C , C++ ,C# , COBOL , D , Fortran , Haskell ,
JavaScript , NATURAL, Perl and may more . It can
also be used to develop documents with Latex (via a
Eclipse plug-in) and packages for the software
Mathematics . Development environments include the
Eclipse Java development tools (JDT) for Java and
Scala, Eclipse CDT for C/C++, and Eclipse PDT for
PHP, among others.
5) MySQL
MySQL is an open source relational database
management system (RDBMS), in July 2013. It was
worlds second most widely used RDBMS, and the most
widely used open-source client-server model RDBMS. Fig.1Architecture Diagram
It is named after co-founder Michael Wideness’s
daughter, My. The SQL abbreviation stands for AES ALGORITHM
Structured Query Language. The MySQL development
project has made its source code available under the Initialization
terms of GNU General Public License, as well as under Password, key, Time, salt:string
a verity of proprietary agreements. MySQL was owned Time-get_time
and sponsored by a single for-profit firm, the Swedish Input-password
company MySQL AB. Key- salt+time
Encryption
Chipertext-AES encrypt(password, key)
SYSTEM ARCHITECTURE Output(chipertext)
Decryption
In this system, user will register and then at the time of Key-salt-time
registration user will be provided username and for as much tolerance given time
password. At the time of login OTP will be generated if key = get_time
and which will be provided to through the email when key- salt+time
the user is going to enter his password during login the plaintext-AES decrypt(chipertext, key)
shuffle keypad technique will be used and system will end if
generated QR code. to the information filled by the end for
user. This QR code will be send to the user's mail. At Output(plaintext)
the same time the general administration will scan the
QR code of the user and he/she will decrypt and verify
the information. After the verification process, the user
will be able to download the particular document he/she
has requested for.

RESULT
We provided users data and information which is
needed for generation for particular document for which
QR Code is being generated and verified by the
administrator for which the following result is
generated.

Volume: 3 Issue: 2 April - 2018 25


CONCLUSION
In this paper, we proposed and analyze the use of two
visual authentication protocols, to show how
visualization can improve the security and overcome
attack using key logger technique. Moreover, we have
shown protocols that only reduces the attacks but also
improves the users experience. Here we have used
android application for keyloggger and QR code which
provides potential and feasibility in real world. For
future scope our system can be extended in many
direction for the future work.
REFERENCES
[1]4. J. Bonneau, C. Herley, P.C. Van Web Oorschot,
and F. Stajano, The Quest to Replace Passwords: A
Framework for Comparative Evaluation of
Authentication Schemes, Proc. IEEE Symp. Security
and Privacy (SP), pp. 553-567, 2012
Volume: 3 Issue: 2 April - 2018
[ 2 ] 5. M. Farb, M. Burman, G. Chandok, and J.
McCune, A. Perrig, SafeS- linger: An Easy-to-Use and
Secure Approach for Human Trust Establish- ment,
Technical Report CMU- CyLab-11-021, Carnegie
Mellon Univ., 2011.
[ 3 ] 7. M. Mannan and P.C. van Oorschot, Leveraging
Personal Devices for Stronger Password Authentication
from Untrusted Computers, J. Computer Security, vol.
19, no. 4, pp. 703-750, 2011.
[ 4 ] 10. Q. Ya. Han, Y. Li, J. Zhou, and R.H. Deng n, J,
Designing Leakage- Resilient Password Entry on
Touchscreen Mobile Devices, Proc. Eighth ACM
SIGSAC Symp. Information, Computer and Comm.
Security (ASIACCS), pp. 37-48, 2013.
[ 5 ] 12. Chen, Chia-Hsin Owen, et al. "GAnGS: gather,
authentication group securely." Proceedings of the 14th
ACM international conference on Mobile computing
and networking. ACM, 2008.
[ 6 ] Dan Boneh, Xavier Boyen"Short Signatures
Without Random Oracles"
[ 7 ] 6. M. Kumar, T. Gar_nkel, D. Boneh, and T.
Winograd, Reducing Shoulder-Sur_ng by Using Gaze-
Based Password Entry, Proc. ACM Third Symp. Usable
Privacy and Security (SOUPS), pp. 13-19, 2007.
[ 8 ]"Toward Snoop-based Kernel Integrity
Monitor"Hyungon Moon,Hojoon LeeJihoon ,
LeeKihwan Kim, Yunheung Paek,Brent Byunghoon
Kang
[ 9 ] 11. H. Yin, D. Song, M. Egele, C. Kruegel, and E.
Kirda, Panorama: Capturing System-Wide Information
Flow for Malware Detection and Analysis, Proc. ACM
Conf. Computer and Comm. Security (CCS), 2007.
[ 10 ]"YAGP: Yet Another Graphical Password
Strategy" Haichang Gao, Xuewu Guo, Xiaoping Chen,
Liming Wang, and Xiyang Liu
26