SOFTWARE REQUIREMENTS

SPECIFICATION (SRS)

ON

MULTILEVEL PASSWARD ATUTETICATION SYSTEM

YEAR: -2022 – 2023
Vishal RD2217B49
Yamasani Pavan Kumar Reddy RD2217A24
Chauhan Apurva Hasmukhla RD2221B15

PROJECT OVERVIEW
The project is an authentication system that validates user for
accessing the system only when they have input correct password. The
project involves multi-levels of user authentication. There are varieties
of password systems available, many of which have failed due to bot
attacks while few have sustained it but to a limit. In short, almost all the
passwords available today can be broken to a limit. Hence this project is
aimed to achieve the highest security in authenticating users.

The password difficulty increases with each level. Users have to

input correct password for successful login. Users would be given
privilege to set passwords according to their wish. The project
comprises of text password respectively. This way there would be
negligible chances of bot or anyone to crack passwords even if they
have cracked the first level or second level, it would be impossible to
crack the third one and so on. Hence while creating the technology the
emphasis was put on the use of innovative and untraditional methods.
Many users find the most widespread text‐based password systems
unfriendly, so in the case of three level password we tried creating a
simple user interface and providing users with the best possible
comfort in solving password.
PURPOSE AND SCOPE

Clearly, the main highlight of this project is to implement the

security system by using multi-level authentication password
which involves the user and system. The scope is involved the
user scope and also system scope.
Firstly, for user’s scope, the user is able to register the
application as a user. Besides, the users are also able to provide
data regarding the registration form. The data is collected when
the users done registered. This system is focusing on a firm or
industry or institute where it will accessible only to some higher
designation holding people, who need to store and maintain
the crucial and confidential data secure.

2. Product and Service Description

The main purpose of this phase is to determine project’s goal
and how the overall system for multi-level authentication can
be function. In this phase analysis of the user’s requirement is
carried out. In addition, this phase is made to identify the scope
for the users and system and the observations is made on the
current system. All possible requirements of the system are
recorded in this phase and documented in a requirement
specification.

Assumptions
In this paper, proposed multifactor authentication scheme
which is the combination of existing authentication
techniques/methods. There is text-based password, pattern
based password and one time password. In this paper, I will
compare those existing approaches and find the best
approaches to be apply in this multi-level authentication
scheme.

Constraints
System design phase is one of the most important phase in
development. This phase will tell how the system would look
like and how it works. During this phase, the software’s overall
structure is defined and logical system of the product is
developed in this phase. It helps in specifying hardware and
application requirements and also helps in defining overall
application architecture. It describes desired features and
operations in detail and may include use case diagram,
architecture model or other documentation to know more
details about the flow of the system

3. Requirements
The primary goal of this phase is to identify the project's goal and
how the overall system for three level authentication will work. This
stage involves evaluating the user's requirements. Additionally, this
phase aims to determine the size of the present system, observations
are made on the users and the system. During this stage, a requirement
specification is created and contains all potential system needs.

3.1 Functional Requirements

• Input test cases must be free of compile and run-time errors.
• Applications should not stop working and should be able to run for a
long time.
• Databases should be interconnected and hosted on high performance
computers.
• There are different systems for client-side and server-side processing
to avoid all sorts of security issues.

3.1.1 Encryption / Storage of a Password

• All new passwords will be encrypted using a newly generated shared
key on the user-side.
• The shared key will also be encrypted using the public key of the
authorized manager/administrator.
• The cyphertext will be stored in the database along with the
encrypted shared key

3.1.2 Authorizing A User for a Password

• As administrator of the password, the shared key of the password as
well as the public key of the new user will be obtained.
• Decrypt the shared key with the new user's public key, and re-encrypt
with the new user's private key.
• Send the encrypted shared key for the new user to the server.

3.1.3 Decryption of a Password

• There will be a shared key to decrypt the cipher text including the
password to retrieve, and the shared key itself is stored in the
database 
as an encrypted copy with the authorized personnel's public key in the
database.
• When an authorized representative requests a password, the server
sends the encrypted text to the user along with the encrypted shared
key. The user decrypts the encrypted key using the personnel’s private
key to obtain the shared key, then used to decrypt the encrypted
password containing the desired password in plaintext on the specified
user side.
• This way, all information will be secure in case of a compromised
server.

3.2 User Interface Requirements

1.Registration: Users must first register and fill in their details in the
registration form.
2.Password setup: In registration, the user must enter all three levels
of
 passwords according to the requirements. Below are the three levels
of
password settings.
A. First level: The first level is a normal text-based password system.
B. Second Level: The second level is a picture-based password.
C. Third level: The third level is a graphical-based password scheme.
3.Login: Once registered, the user can login and he can see all three
security levels. All three security levels must be remembered for
future
logins.
4.Authentication: When the user starts entering the first level
password,
it validates the first level, then proceeds to the second level, and so
on.

3.2 Non-Functional Requirement

3.2.1 Usability
• The system should be available in working hours of the users.
• The system should be accessible from any computer who has network
connection in the company.

3.2.2 Reliability
• The database information should be kept by the system all the time.
• The system should not fail on the application side. To avoid losing
 information, there should be recovery mechanisms in case of a
database
error so that the information is not lost.
• System should be available at least in all the work hours.
• The system should be able to display an informational message when
a system component is not working properly.

3.2.3 Performance
• The system should sustain the load and not stall all of the user’s
system
memory when it is in use.
• Any network connection speed will do, but at least a 128Kbit
connection
is recommended
• A new user with no experience with the system should be able to
master
the system's capabilities within an hour.

3.2.4 Safety Requirements

To ensure the safety of the system, regular monitoring of the
system is performed to understand the proper functioning of the
system. An administrator should be there to ensure system security.
Administrator should be trained to handle extreme error cases

3.3 Maintainability

3.3.1 Maintenance
 The Changes made after the product has been delivered to the user
must not affect the primary operation of the system. Therefore,
applications should be developed to adapt to changes over time. Not all
problems are seen directly, but they emerge over time like any
other problem that needs to be solved

3.4 System Interface/Integration

3.4.1 Password Generation

1. Description and Priority
A Unique password will be created by the user. Passwords are used
for authenticating users.
2. Functional Requirements
System should provide a window for creation of password page.
System should be able to save the created user password.

3.4.2 User Login

1. Description and Priority
Only authorized users are able to access the system. The users can
be
given authorization only by the administrator. This is to ensure
security
to the system.
2. Functional Requirements
System should provide a login form.
System should provide necessary validation for input data.
System should respond with appropriate messages.

3.5 Hardware Interfaces

Processor: Password authentication system is supported on all devices
 running Android 6.0+ or IOS 8.0+.
RAM: The Minimum 1 GB RAM required in the device to run.
Memory: Minimum memory required for PAS is 50 MB.
Network: The mobile phones must be connected to the internet for
PAS
to work with the device.

3.6 Security
3.6.1 Protection
Security considerations should be part of the system to maximize
its potential. These issues also include access control, administration,
information storage, data integrity and reliability. Most security issues
are fairly common in the systems. Confidentiality is not necessary in
most situations, but can be useful in other cases. This action meets all
security requirements regardless of context. Any unauthorized user
should be prevented from accessing the system.
The Databases are strongly secured with password and all the
sensitive data are encoded using the latest MD5 protocol.
All data will be verified in the database whether it is accurate and
functions as per requirements. Also validate whether data is not
modified, or corrupted unexpectedly while accessing the Database.
Tests are done regularly to ensure stored data is unchanged and to
search for new bugs which may alter the files present in the Database.
4. User Scenarios / Use Cases
4.1Use Case diagram

Figure4.1.2:use case diagram

 Figure 4.1.2 shows the actor which is a user can register to the application.
After registration user can login. From this process, the user has to provide
their e-mail address and the password provided during registration. The
first login after creating an account is an single factor authentication login
where a correct combination of username and password are sufficient to
gain access to the account. But in the multilevel authentication, the process
need to extend after proceeding with login process. The user has to pass
pattern-lock authentication process where the user will be asked to select
pattern levels. For each and every user will have different levels with
unique pattern-lock, from where the user has to select any kind of pattern
they want. Lastly, the third process would be extends to generate one time
password authentication. The OTP will provide a random-code which has
generated by system, will send to registered user through mobile number,
it’s a six digit code, and advantage of this code is that it’s valid for current
login session only. After passing all the processes, then the login is
successful and the user can access the system.

4.2 DFD

Figure 4.2.1 : Registration phase

Figure 4.2.2: Authentication Phase

5. Deleted or Deferred Requirements
SME
Business
Req# Status Comments Pri Reviewed
Requirement
/Approved

1. Image verification pending Reviewed

Appendix A.
References

[1] Mughele Ese Sophia, 2015, THREE – LEVEL PASSWORD AUTHENTICATION

[2] Babich, A, 2012, Biometric Authentication, Type of Biometric Identifier [3] Gayathiri
Charathsandran, Text Password Survey: Transition from First Generation to Second
Generation
[4] A.T. Akinwale and F.T. Ibharalu, 2009, Password Authentication Scheme with
Secure Login Interface
[5] Priti Jadhao, Lalit Dole; 2013; Survey on Authenticate Password Technique
[6] Cynthia Kuo, Sasha Romanosky, Lorrie Faith Cranor; 2006; Human Selection of
Mnemonic Phrase-based Passwords

[7] Weining Yang, Ninghui Li, Omar Chowdhury, Aiping Xiong, Robert W. Proctor; 2016; An
Empirical Study of Mnemonic Sentence-based Password Generation

Strategies
[8] Lalu Varghese, Nadiya Mathew, Sumy Saju, Vishnu K Prasad, 2014, 3-Level Password
Authentication System

[9] Blonder G. (1996) In Lucent Technologies, Inc., Murray Hill, NJ, United States Patent
5559961

[10] Aakansha Gokhale, Vijaya Waghmare; 2014 A Study of Various Passwords

Authentication Techniques

[11] Dr. Swapna Borde, Gauri Satish Tambe, Suchita Ramdas Tambade; 2016; Two Level
Password Authentication System
[12] Ahmad Almulhem Computer Engineering Department King Fahd University of
Petroleum and Minerals Dhahran, Saudi Arabia, A Graphical Password Authentication
System.

[13] Sayli Chavan, Shardul Gaikwad, Prathama Parab, Govind Wakure; 2015; Graphical
Password Authentication System

[14]Chiasson, S., van Oorschot, P.C., Biddle, R. Graphical Password Authentication Using
Cued Click-points. ESORICS 2007.

Appendix B
Req Req desc Testcase status
. id
no
1 login Tc01,TC0 TC01:pass,TC02:pa
2 ss
2 authenticatio AT10,AT2 AT10:fail,AT20:pas
n 0 s

Requirement traceability matrix