Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
ANDROID BASED SECURE NOTES USING CEND
NIK MUHAMAD FARHAN BIN MOKHTAR
BACHELOR OF COMPUTER SCIENCE
(NETWORK SECURITY)
UNIVERSITY of SULTAN ZAINAL ABIDIN
2018
2
ANDROID BASED SECURE NOTES USING CEND
NIK MUHAMAD FARHAN BIN MOKHTAR
Bachelor of Computer Science (Network Security)
Faculty of Informatics and Computing
University of Sultan Zainal Abidin, Terengganu, Malaysia
2018
3
DECLARATION
I hereby declare that this report is based on my original work except for quotations and
citations, which have been duly acknowledged. I also declare that it has not been previously
or concurrently submitted for any other degree at University of Sultan Zainal Abidin or other
institutions.
________________________________
Nik Muhamad Farhan Bin Mokhtar
Date : ..................................................
4
CONFIRMATION
I have read this report and in my point of view, this project has fulfilled a condition to be
awarded a Bachelor of Computer Science (Network Security) with Honors
________________________________
Name : Madam Aida Binti Mahiddin
Date : ..................................................
5
DEDICATION
Regarding my project, first of all, I would like to thanks for the one who gives me the idea
and help me to expand the idea, and she is my project supervisor, Madam Aida Binti
Mahiddin. Without guidance, support and help from him, maybe this report will not be
accomplished. Not to forget, I also like to thanks all my panels for the precious comment and
suggestions pertaining to this project. Last but not least, I would like to extend my thanks to
my parents and friends that always support and encourage me to complete this project
6
ABSTRACT
This is proposal for system “Android Based Secure Notes Using CEND. This application will
be explained later in details. But here, we will explain the general use or concept of this
application. The general concept of this application its build based on a problem that user
want to write the important notes in private and no one can see that except user itself. User
can save as a normal notes, and can save as a secure notes or private notes such as financial
details, password bank, website login or medical info from anyone else that might use or read
the notes and make sure that your notes can be protect from anyone. By the end of this study,
it is expected that from this application is will ease the more secure notes and friendly user.
As a problem mention, this application is introduced to solve and secure the notes. The
method used in order to build this application is by using Android Studio, One-Time
Password (OTP), and MySQL.
7
CONTENT
CHAPTER 1 INTRODUCTION PAGES
1.1 Project Background 9
1.2 Problem statement 10
1.3 Objectives 10
1.4 Scope
1.4.1 Scope of Admin 10
1.4.2 Scope of User 11
1.5 Limitation of Work 11
1.6 Expected Result 11
1.7 Report Organization 12
CHAPTER 2 LITERATURE REVIEW
2.1 Introduction 13
2.2 Project and Research
2.2.1 Android application for event management 13-14
2.2.2 A Visual One-Time Password Authentication Scheme Using
Mobile Device
14-15
2.2.3 Event Management System 15-16
2.2.4 Graphical Password as an OTP 17
2.2.5 One Time Password Using Sphere Angle Based Random
Password
17-18
2.2.6 Survey and Analysis of Android Authentication Using
Application Locker
18-19
2.2.7 Virtual Notepad: Handwriting in Immersive VR 19
2.2.8 Android Based Secure Event Management System Using
One-Time Password(OTP)
20
2.2.9 Advocate Notepad: An Android Application 20-21
2.3 Summary 22
8
CHAPTER 3 METHODOLOGY
3.1 Introduction 23
3.2 The System Development Life Cycle (SDLC) 24
3.3 System Development Methodology
3.3.1 Planning Phase 25
3.2.2 Analysis Phase 25
3.3.3 Design Phase 26
3.3.4 Implementation Phase 26
3.3.5 Testing Phase 27
3.4 Framework Design 27-28
3.5 Process Model
3.5.1 Context Diagram (CD) 28-29
3.5.2 Data Flow Diagram (DFD) 30
3.5.3 Entity Relationship Diagram (ERD) 31
3.6 Algorithm
3.6.1 One-Time Password (OTP) Process 32-34
3.6.2 Can Encrypt No Decrypt (CEND) Technique 35-36
3.7 System Requirement and Specification
3.7.1 Hardware Requirement 36-37
3.7.2 Software Requirement 37
3.8 Summary 38
9
CHAPTER 1
INTRODUCTION
1.1 Project Background
Android Based Secure Notes Using CEND is a notepad application that stores your notes in a
secure manner using One-Time Password(OTP) authentication and CEND encryption and
provides quick & easy access. Notes can be identified using a separate title instead of just the
first line of the note. Secure Notes stores all your data on the device instead of uploading your
personal information to the internet. Secure Notes is easy to use and provides a simple
interface. Secure Notes is a secure and easy to use notepad application.
The general concept of this application is user want to write the important notes in private
and no one can see that except user itself. User can save as a normal notes, and can save as a
secure notes or private notes such as financial details, password bank, website login or
medical info from anyone else that might use or read the notes and make sure that your notes
can be protect from anyone. as a problem mention, this application is introduced to solve and
secure the notes.
10
1.2 Problem Statement
The problem that occurs that makes this type of application will be developed are :
i. People tend to forget their password if they are not using that application in a long
time.
ii. The old application notes are not using internet as their platform thus make it difficult
to reach for information.
iii. The admin can see user password in database.
1.3 Objective
i. To study the workability of One-Time Password (OTP) in securing this application in
helping to secure notes.
ii. To design and develop an application that will have a single session security
measurement.
iii. To implement a secure notes application by using OTP and CEND
1.4 Scope
1.4.1 Scope of Admin
i. Admin can manage information in database
ii. Admin can delete data from database
11
1.4.2 Scope of User
i. User can create new notes that will be held
ii. Assign a specific notes to write
iii. Insert and update all information and activity that will be held
1.5 Limitation of Work
i. Android device. Only android smartphone users can use this application
ii. Wifi or data connectivity. This application can be access only when there is a wifi
connection or any data connectivity.
1.6 Expected Result
i. A secure notes application using OTP and technique CEND.
ii. Provide an easy access for the admin involve to reach for the information.
iii. Admin cannot decrypt the password in database and it more secure for user.
12
1.7 Report Organization
This report is divided into several chapters. Each chapter will represent every step was
taken and matters relating to the completion of the application. Chapter 1 Introduction are
discussing the project background and the problems that occur in the existing system. The
objectives and the scope of the new application that will be build are also explained in this
chapter.
In Chapter 2 of Literature Review, it describes the research about the existing system.
Basically, the difficulties and other problems are analysed for improvements. Methods,
techniques, equipment, and appropriate technologies are studied to develop the application.
Chapter 3 are discussing the methodology to be used in the project. The methodology
will act as a guide for the development process and also helps to make sure the project will
run smoothly as planned. In this chapter also include system requirement and specification
that will be used to assist the development of the project. Furthermore, in this chapter also
have system design and modeling, the flow of the application that will represent in the form
of figures such as context diagram, and data flow diagram. System framework also will be
shown here.
13
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
This chapter will provide the literature review for the system that will be developed. Firstly
we need to understand what literature review is. A literature review is a process of reading,
analyzing, evaluating, and summarizing scholarly materials about a specific topic. It can be a
guideline to develop a new system so that the new system can provide a better and more
functional than the existing systems. The discussion about the new system is done based on
the literature review guidelines.
2.2 Project and Research
2.2.1 Android application for event management
Nowadays, Android has become popular among smartphone users. Basically, Android is an
operating system based on Linux kernel, and originally designed for smartphones and tablet
computers. Android also can be implemented in Java programming language using Android
Software Development Kit (SDK). The SDK has API libraries and set of developer tools
which are necessary to build, test, and debug an Android application. This paper discusses the
intent to solve the problems of propagating news and information, and also alleviate the
problem of traditional event managing procedures such as lots of paperwork, or long queue at
the registration desk. The objective of this project is to develop an android application which
will provide an interesting news and events so that users will be able to manage their event
smoothly. Furthermore, this application will be focusing on solving problems of event
14
registration and management by using QR code, and also providing news, information of the
events, and project ideas which are the given senior project topics for university students.
This application will be using Android OS, JSON (JavaScript Object Notation) as its data-
exchange language, PHP (Hypertext Preprocessor) as its scripting language for web
development, CodeIgniter as a framework that will be used, MySQL Database as database
management system and QR Code (Quick Response Code). Besides, the advantages of this
application are that this application will provide significant information and news of many
interesting events from the event provider and will help the event providers by using QR code
in verification to verify the participant’s identity and confirm participation with just one scan
which will provide more convenience to everyone involved. The limitation of this project is
that anyone that using OS other than Android will not be able to use this kind of application.
Lastly, this application can be access everywhere, anytime as everybody has their own
smartphone.
2.2.2 A Visual One-Time Password Authentication Scheme Using Mobile Device
This paper discussed the use of passwords for user authentication because it has become
ubiquitous in our everyday lives. However, due to a variety of security problems associated
with a password, password theft is becoming a common occurrence nowadays. As a result,
many organization is moving towards adopting alternative solutions like one-time passwords,
which are only valid for a single session. However, many of one-time password schemes are
suffer from a number of drawbacks in terms of their methods of generalization or delivery. So
this paper will present the design of a challenge-response visual one-time password
authentication scheme that is to be used in conjunction with the camera on a mobile device.
As already known, static password approaches are particularly vulnerable as these passwords
15
can easily be stolen by an adversary via a variety of means. As a result, the one-time
password is used globally by many companies. There are a number of common ways in
which OTPs can be generated and distributed. But, it has been contended that a number of
these methods suffer from various drawbacks. For instance, sending an OTP via SMS to a
user’s mobile phone cannot be considered to be secure because the security of the cellular
networks already has several potential attacks that can be conducted on these services. So this
paper proposes a challenge-response visual OTP authentication scheme that uses the camera
on a mobile device to obtain the OTP. The advantage of this approach is that it does not
suffer from common OTP issues concerning mobile phone reception, hash chain complexities
or time synchronization mechanism. The expected result of this mechanism purpose is that
the visual OTP scheme is to be able to send a challenge over a public channel for the user to
obtain a session key that can be used as an OTP, while safeguarding the user’s long-term
secret key so that the user does not need to remember by password. The limitation of this
work is that image will have to be displayed at a certain size in order for the mobile device’s
camera to be able to accurately capture the information contained within the challenge image.
Lastly, the proposed scheme relies on the human visual system. This means that it does not
cater for the blind or visually impaired, and cannot be used by an individual with a visual
disability.
2.2.3 Event Management System
This paper proposed the project Event Management System to maintain the College Event
information and organize the event and to send the Student Registration time through sums
with a verification code to the student using mobile application based on Android App. The
main advantage of using this application is it reduces the direct communication to the student
16
and avoid the malfunction of the student to event join and participating for android to android
where ever it is. The database design and coding techniques have highly enhanced and
optimized that makes this application an overall user-friendly and easy for naïve users. Below
is the module description for this project:
• Admin Login: In the admin login form, the administrator has to enter the username
and password to login into the event management system menu form.
• Main Menu: In the event management system main menu form, the menus are split
into event details, registration, token details, and reports.
• Event Details: In the event details form, it includes the event ID, event name, event
organizer, event fee, and event contact number.
• Student Registration: In the student registration form, the student has to enter the
student name, department, college name, email identification and the phone number. The
student details are allowed to store in the centralized database with an automatic generated
event ID.
• Token Details: In the token details form, once the user enters the event ID and clicks
the search button. The submitted query will be processed by the server and the event name is
displayed in the page screen.
As described above, the event management system is useful for the students that help the user
to provide information regarding the event that is conducted in college. This project also
proposed a scope for future enhancements that are, adding additional functions to Android
Application such as improved user interfaces is deployment on the Android market and also
to develop the event management application for the Blackberry OS using the principle of
code reuse.
17
2.2.4 Graphical Password as an OTP
The most common computer authentication method is to use alphanumerical usernames and
passwords. This method has been shown to have significant drawbacks. For example, users
tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to
guess, then it is often hard to remember. To address this problem, some researchers have
developed authentication methods that use pictures as passwords known as graphical
password. This paper provides additional layer of security to normal textual password by
using graphical password for authenticating the user. As graphical passwords are vulnerable
to shoulder surfing attack hence one-time generated password is sent to users mobile. Using
the instant messaging service available in internet, user will obtain the One Time Password
(OTP). The OTP will be the information of the items present in the image to be clicked by the
user. The users will authenticate themselves by clicking on various items in the image based
on the information sent to them. Additionally, it provides accessibility to visually impaired
people.
2.2.5 One Time Password Using Sphere Angle Based Random Password
The one time passwords (OTPs) are widely used in the various application to protect the bot or
autobot from repeated access without human interaction to the online portals. The OTPs are
usually sent over the mobile phone numbers, from where the user read, fill and submit the one
time password, which is later verified on the server side and the next step is taken
according to the requirement. These message based OTPs are prone to the various autobot/bot
based repeated access attacks because it is easier to read the message automatically fromt the
phone. Also it can be easily submitted using automatic form submission script. In this paper,
we have proposed a new image based OTP which can be sent to the user's phone using MMS
18
or various other social or chatting applications. The image based OTP provides more harden
protection from the bot/autobot. Than the ordinary text-based OTPs. The OTP is generated
using the elevation angle and azimuth angle followed by radius value matrix, which provides
a robust environment to generate the unique OTP every time. The OTP is the converted into
the image using ASCII character identity based visual encoding which will be forwarded to the
user later. The new technique can be used on various web portals require OTP on service.
2.2.6 Survey and Analysis of Android Authentication Using Application Locker
Android Smart phones have gained immense popularity over the years and is undoubtedly more
popular than other operating system phones. Following the similar lines android wear was
introduced. Steadily android wear is making its way into our daily lives. It helps keep track of
the sleep you have, helps you reach fitness goals, keeps track of phone and helps users have
easy authentication. Due to the usage of smart lock which enables phone to be unlocked as long
as connected to the android wear, this leads to almost no security on both the ends as android
wear before Android 5.0 has no lock. We aim to produce the existing authentication methods
in android phones and wear and the threats that plague both kinds of devices. As authentication
is one of the major building blocks of security, through research we aim at designing a system
for android phones which will be able to protect the sensitive data on devices which will be at
risk through smart lock using encryption techniques. In this proposed system, the user would
be able to decide which applications are needed to be secured when he is using smart lock. This
application will enable lock for those user chosen applications as soon as the smart phone
device is connected to android wear and similarly disables the lock when connection is disabled
between the devices and communication between devices is made secure using encryption
algorithms. This application does not interfere with easy phone authentication which users
19
demand but it makes sure data is protected and users are authenticated with the help of multiple
authentication layering.
2.2.7 Virtual Notepad: Handwriting in Immersive VR
Writing is a ubiquitous everyday activity. We jot down ideas and memos, scribble comments
in the margins of a book or an article, annotate blueprints and design plans. Using computers,
we type documents, complete forms and enter database queries. However, writing, taking notes
or entering text in immersive VEs is almost impossible. Cut off from conventional text input
devices, such as keyboards, immersed participants are unable to effectively communicate
textual information in VEs [1, 2]. Consider the following scenario: While walking through a
virtual building and evaluating its design, the architect notices a flaw. Currently, this user is
forced to exit the virtual environment in order to note observations or to access design plans.
This is inconvenient, and important information and insights may be lost during the transition
between the real and virtual workspace. Furthermore, on some occasions the architect may
want to sketch design ideas or correct design plans while still experiencing the VE. However,
the virtual workspace in which users are able to evaluate and experience phenomena of interest
is currently separate from the workplace in which they perform their actual work. We present
Virtual Notepad, a collection of interface tools that allows the user to take notes, annotate
documents and input text simply by writing with a pen, while still in an immersive VE. Using
a spatially-tracked, pressure-sensitive graphics tablet, pen and handwriting recognition
software, Virtual Notepad explores handwriting input as a modality for interaction in
immersive VEs. This paper reports details of the Virtual Notepad interface and interaction
techniques, discusses implementation and design issues, reports the results of initial evaluation
and overviews possible applications of virtual handwriting.
20
2.2.8 Android Based Secure Event Management System Using One-Time Password(OTP)
Today many events take places in our beloved country Malaysia. This is happened based on
community needs. For example is, people, need to get married, people want to gain knowledge,
the activist wants to held campaign on something that can give benefit to people and much
more. So, a proper plan must be made before an event takes place to make sure that when the
day comes, the event will run smoothly without any obstacles. Believe it or not, until now most
all of the events that take places are done manually by using a piece of paper that has ink on it.
The question is how can this happen in this era of technology? Actually, technology such as a
smartphone can give a massive impact in our daily life. With a proper use, people can have
benefited from it.
Moreover, in co-operating with Android and OTP (One-time password), the smartphone will
be more attractive, secure and very handy by developing applications. So in this case, we can
use Android tools to build an application that can manage any event and OTP as a single session
security measure. This application will be called “Android-based Event Management
Application Secured with OTP” whereas this application can easily organize an event and
securely secured by OTP that will be created by admin via online. Furthermore, the tentative
of the whole event will be organized by the admin and everyone that involved can view and
see how, where and when the event will be held. Thus, everyone can access the information of
the event that takes place anytime within 24/7 hours.
2.2.9 Advocate Notepad: An Android Application
Smartphones are steadily gaining popularity with an estimated 1.6 billion mobile device users
by 2013.With the advancement of technology, creation of new android based application plays
an important role in making common man life easy and smart. A number of Android
applications are developing in the market by a rapid rate. Managing common man task in
21
various fields like entertainment, lifestyle, business, social, games etc. with these applications
is today’s demand. Motivated with this, a free Android app named Advocate Notepad is
proposed and developed in this paper for advocates to help them in maintaining the records of
the cases on day to day basis with the details of the nature of the proceedings conducted on a
particular day. Common man can use this App to know and learn about basic Laws that help
common people to get rid of being exploited by one way or another. This app helps user in
knowing basic Laws like air pollution, water pollution, waste management, chemical safety,
forest resources under environment law. Time to time Reminders to advocates about their cases
is an additional feature incorporated in the app. Therefore, an android application is proposed
in this paper to incorporate technology in the field of Law for advocates and common man.
This android application will play a key role in providing a simple, systematic and speedier life
to the advocates. This will help the advocates in raising their standards of working and in
providing a better service to their clients while saving their time and resources.The proposed
app will provide all information regarding day-to-day cases, client’s personal information,
completed and ongoing cases, basic Laws and Rights at their fingertips anytime, anywhere.
Searching, notifications, setting reminder are other features that will enhance the importance
of this app for advocates. The objective of the app also focus in resolving the problem of
violation and exploitation of common man fundamental rights by providing them the basic
knowledge of Laws and Rights such as penalties or punishments associated with exploitation
of rules and regulations.
22
2.3 Summary
In this chapter, it discusses the articles or paper that related to the development of this project.
Based on the paper above we can find that some paper related to Android application, notepad
application, about one-time password (OTP), and also related to the databases which the
techniques or method there will be the guideline and idea for this new project.
23
CHAPTER 3
METHODOLOGY
3.1 Introduction
This chapter will explain the methodology that will be used in this project. The
project methodology should be systematic and able to solve all the problems arising in the
system analysis to ensure that this project is complete and able to work well. There are many
types of methodology that can be applied and used in the development of the system such as
waterfall methodology, spiral methodology, system development life cycle(SDLC)
methodology, joint application development (JAD) methodology and agile development
methodology.
The approach must be chosen correctly so that it is suitable for the development of the
project. It is an important step of development since it will guide researchers through the
project development. In this project, we decide to use to use one of the methodology, it is
System Development Life Cycle(SDLC) methodology. Details for every phase that is
involved in this project development will be explained.
24
3.2 The System Development Life Cycle (SDLC)
In this project, we apply System Development Life Cycle(SDLC), is a term used in
system engineering information system and software engineering to describe a process for
planning, analysis, design, implementation, testing and integration and maintenance. This is
step in the development process. Which a beginning of the operation and end of the
operation.
Figure 3.2.1: System Development Life Cycle (SDLC)
Figure 3.2.1 shows the 6 phases involved in system development life cycle (SDLC). Planning
the project, collect requirement or analysis, design the project based on list of requirement or
analysis that we get, implement the project, testing and maintenance the system.
25
3.3 System Development Methodology
Methodology in this system generated based on system development life cycle
(SDLC) methodology namely 6 phases of development. This is steps to develop the system
such as planning, analysis, design, implementation, testing and integration and maintenance.
3.3.1 Planning Phase
The project starts with the brainstorming an idea what problem to be solved.
Objective on this paper is constructed based on what we want to archived. The goal for this
project is to design a notepad application and apply network security in this application such
as One Time Password (OTP) for the authentication and Can Encrypt No Decrypt (CEND)
technique modify from MD5 technique. This new technique will be used in this system that
no one know password users.
3.3.2 Analysis Phase
In this phase, application that need to used and all requirement that are needed to
develop to the new application have been observed and analyse from many articles and
journals that related to the Android Notepad Application, One-Time Password (OTP), and
MD5 technique form the internet to gain better understanding of the concept that will be
applied in this project.
26
3.3.3 Design Phase
Thirdly, the development continues with design phase. Based on analysis that has
been done on the previous phase, some specification on architecture design on the application
have been identified. Context diagram (CD), Entity Relation Diagram(ERD), and Data Flow
Diagram (DFD) are designed for a better understanding of the flow of the application
process. The design on this project Android Based Secure Notes Using CEND will be
explained in the algorithm section. These entire diagrams also will be as guideline to develop
this application.
3.3.4 Implementation Phase
In this phase, when all design has been approved, the implementation phase begins.
This is phase development model. This phase where we start to develop application and
generate the coding using Java, PHP language, One-Time Password (OTP) for authentication
and technique Can Encrypt No Decrypt (CEND). The method and technique will be applied
into the coding. To develop this application, there are programming tools are used such as
Android Studio to do embedded programming part, PHP programming and database MySQL.
Besides, XAMPP server is used for the localhost server. This phase is critical phase where
the user part need to make sure the objective meet.
The development starts with the first module which is registration module. The
application should be able to allows user to register and log into the application. The users
need to insert name, username, email, phone number. The users need to insert phone number
to get authentication from the application by message. If users successfully get the code via
message and log in, the user will be count as success to use this application. User should be
able to add notes, edit notes and delete notes in the application.
27
3.3.5 Testing Phase
When the full implementation phase is complete, the application is going to tested
using testing phase. The application is conducted to test for error and ensure the module
function well as a whole application. Any error or bugs will be fixed and repeated testing the
system until all module efficiency function.
3.4 Framework Design
Figure 3.4.1 shows the general Framework Design for the Android Based Secure Notes Using
CEND. Figure 3.6.1 shows the whole process or workflow for the new application. This
application has two main users that are admin and user.
For admin, the admin will get the report that user register and used this application. For
admin no need to register. Admin need to enter username and password that data saved in
database. The password that admin used will be the “unique key” for the admin. The static
password will only be used for admin. All the data will be saved in the database platform,
MySQL.
For user, user needs to register to this application by using OTP. The user needs to insert
phone number to get the code to register for the application. If user that involves successfully
get the code via message, the user will be count as success to use this application. After that,
user needs to enter a name, username, email, and phone number. After completing the
registration, user can add new notes, update and delete anytime, anywhere. To use the
application, the user does not need to enter any password because OTP provides one session
login.
28
Figure 3.4.1 : Process One-Time Password (OTP)
3.5 Process Model
3.5.1 Context Diagram (CD)
Figure 3.5.1.1 shows the Context Diagram (CD) of the application. CD is a diagram that
defines the boundary between the systems and showing entities that interact with it. As
shown in figure 3.5.1.1 below, only user have to register to this application. Admin and user
have login into the application.
For admin, admin no need register into the application, but the admin must login into the
application. The password that admin use (static password) will be a “unique key” or ID for
the admin. After that, the admin can see the report who use this application.
29
As for the user, user need register into the application by using country code and phone
number by using a method called One-Time-Password (OTP). After that, user will be given a
six digits code as a ticket to enter into the application or event that have been created by the
admin. The six digits code will be sent via message. After that user will fill in their name,
username, email, and phone number. User will only have one-time login session as the
application using One-time-Password (OTP) for the user. After completing the registration,
user can add new notes, update and delete anytime,
Figure 3.5.1.1 : Context Diagram (CD)
30
3.5.2 Data Flow Diagram (DFD)
Data Flow Diagram (DFD) is a graphical representation of the flow data through an
information system. It shows how a system’s environmental entities, processes, and data are
interconnected and also the data is stored in the databases. It also shows what kind of
information will be input to and output from the system, where the data will come from and
go to and where the data will be stored. Figure 3.5.2.1 below shows the DFD that consist of
two entities and four processes.
The first process that is register and login for user. Registration and login information will be
saved in both data store admin and user. The second process is log in into application. The
third process is user can create new notes, update notes and delete notes. After user create the
new notes, that notes will be stored in the data store for the notes. The next process is update
the notes and delete the notes. Admin can view report that user use this application from data
store.
Figure 3.5.2.1 : Data Flow Diagram (DFD)
31
3.5.3 Entity Relationship Diagram (ERD)
ER-modelling is a data modelling technique used in software engineering to produce a
conceptual data model of an information system. Diagrams created using this ER-modelling
technique are called Entity Relationship Diagram, or ER diagrams or ERD. ERD illustrates
the logical structure of databases. ER diagrams often use symbols to represent three different
types of information such as boxes are commonly used to represent entities, Diamonds are
normally used to represent relationships and ovals are used to represent attributes.
Figure 3.5.3.1 below shows the Entity Relationship Diagram (ERD) for this application. The
first entity is an admin. The admin will have two attributes that are admin ID, and password.
The admin ID will be the primary key. The second entity is user. User will have five
attributes that are user ID as a primary key, name, username, phone number, user email. The
admin can manage the application.
Figure 3.5.3.1 : Entity Relationship Diagram (ERD)
32
3.6 Algorithm
3.6.1 One-Time Password (OTP) Process
One-Time-Password (OTP) is a password that is valid for only one session whether on a
computer system or on digital devices. Android Based Secure Notes Using CEND are using
this type of an algorithm that computes a one-time password from shared secret key and the
current time. It works by combining the secret key with the current timestamp using a
cryptographic hash function to generate a one-time password or in a simple word is a “ticket”
or six digits code as a permission. This application that using Android Studio as a platform to
implement the OTP algorithm in it in order to use it.
Figure 3.6.1.1 : Example user need log in or register into application
33
Figure 3.6.1.2 : Example to enter country code and phone number
Figure 3.6.1.3: Example message get from application
34
Figure 3.6.1.4: Example to enter code after user already authenticate
Figure 3.6.1.5: Example user need to save profile
35
3.6.2 Can Encrypt No Decrypt (CEND) Technique
This CEND technique actually modify from MD5 technique. This is new algorithm to build
this application. The MD5 algorithm is a widely used hash function producing a 128-bit hash
value. Although MD5 was initially designed to be used as a cryptographic hash function, it
has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to
verify data integrity, but only against unintentional corruption.
Like most hash functions, MD5 is neither encryption nor encoding. It can be cracked by
brute-force attack and suffers from extensive vulnerabilities. But when use this new
algorithm CEND, is cannot be crack by others.
The letter are divided to two section. For the example we make ODD letter and EVEN letter.
MD5 ODD and another one MD5 EVEN. This letter need to match with this MD5 for get
valid password. ODD / EVEN will represent location for that letter. For the example letter
ABCDE. The ODD is letter ACE and location letter 1,3,5 and EVEN is BD letter and
location 2,4. We need MD5 (ACE) and MD5 (BD). So the password will have two MD5
need to match. This is new security algorithm
Example you have an algorithm :
MD5 ("ac2") = f4c70971a41b00a2b30ff2f05afd4bed
MD5 ("b13") = 9882d05cb24f7fd0d1cd0dcd1b86a8a1
So that keeps the database is the result of plus MD5 (ac2) + MD5 (b13)
f4c70971a41b00a2b30ff2f05afd4bed + 9882d05cb24f7fd0d1cd0dcd1b86a8a1
will be able to value that no one knows what his password. That is mean it cannot decrypt.
We make encryption at application. So if the data we store in server, the admin database
cannot know the password that we save it.
36
Figure 3.6.2.1 : Process Can Encrypt No Decrypt (CEND) Technique
3.7 System Requirement and Specification
System requirement is needed to achieve this project and assist the development of
the project that involves system requirement in hardware and software. All of this element is
important in the process of development of this project. List of hardware and software are
shown as below:
3.7.1 Hardware Requirement
Table 3.7.1.1 below shows the list of hardware that is used in this project. Five types
of hardware are needed upon completing the application.
No Hardware Type
1 Laptop Model Aspire 4349
2 Processor Intel® Celeron® CPU B815 @ 1.60GHz
3 Memory 8.00 GB RAM
37
4 Hard Disk 700 GB
5 Operating System Windows 10 Enterprise 64-bit
Table 3.7.1.1 : List of hardware requirements
3.7.2 Software Requirement
Table 3.8.2.1 shows the software that is used in this project development. Eight
software is used in order to build the application.
No Software Purpose
1 XAMPP Server Local server to run and test application
2 MySQL Database for the application
3 Android Studio IDE Android platform, design for Android
development
4 Java JDK For developing Java application and applets
Table 3.7.2.1 : List of software requirements
38
3.9 Summary
From this chapter, the requirement of the project, planning, and method are shown upon
completing this project. For the requirement of this project, we already stated above that are
hardware and software. To show the flow of the project and the process of this project,
context diagram, data flow diagram, entity relationship diagram are shown in order to
illustrate a better understanding about this project. Furthermore, this chapter also stresses out
the algorithm or method used that will be applied to this project.