This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this chapter, the practical and development of template protection algorithm in MATLAB is explained in a sequential and logical order where step-by-step approach. The end of this chapter will be provided with the flow chart that may help to explain the methodology of the work in overall. The methodology will be started with the arrangement of the graphical user interfaces before the development of salting algorithm took place in the MATLAB GUI function.
3.2 Development of MATLAB GUI - "TemplateProtectionSystem" (TPS)
A graphical user interface (GUI) is a pictorial interface to a program. Before go more deeply on this GUI development, let's have some preview about MATLAB GUI. A graphical user interface provides the user with a familiar environment in which to work. It contains pushbuttons, toggle buttons, lists, menus, text boxes, and so forth, all of which are already familiar to the user, so that the developer can concentrate on the purpose of the application instead of the mechanics involved in doing things. A GUI-based program must be prepared for mouse clicks (or possible keyboard input) for any GUI element at any time. Such inputs are known as events, and a program that responds to events is said to be event driven.
The three principal elements required to start creating a MATLAB Graphical User Interface are:
Components. Each item on a MATLAB GUI (for examples; pushbuttons, labels, edit boxes) is a graphical component. The types of components include graphical controls (pushbuttons, toggle buttons, edit boxes, lists, sliders etc), static elements (test boxes), menus, toolbars, and axes. Graphical controls and text boxes are created by the function "uicontrol", and menus are created by the functions "uimenu" and "uicontextmenu". Toolbars are created by functions uitoolbar. Axes, which are used to display graphical data, are created by the function axes. In this project, the usage of uicontrol and function axes element was widely used during the coding of template protection system.
Containers. The components of a GUI must be arranged within a container, which is a window on the computer screen. The most common container is a figure. A figure is a window on the computer screen that has a title bar along the top, and that can optionally have menus attached. In the past, figures have been created automatically whenever the data has been plotted. However, empty figures can be created with the function figure, and it can be used to hold any combination of components and other containers. The other types of containers are panels (created by the function uipanel) and button groups (created by the function uibutton - group). Panels can contain components or other containers, but it do not have a title bar and cannot have menus attached. Button groups are special panels that can manage groups of radio buttons or toggle buttons to ensure that no more than one button in the group is on at any time. For this project, one container was created as the main figure called "TemplateProtectionSystem.fig".
Callbacks. There must be some way to perform an action if a user clicks a mouse on a button or types information on a keyboard. A mouse click or a key press is an event, and the MATLAB program must respond to each event if the program is to perform its function. For example, if a user clicks on a button, then that event must cause the MATLAB code that implements the function of the button to be executed. The code executed in response to an event is known as a callback. There must be a callback to implement the function of each graphical component on the GUI. Off course in the template protection system, there are about eight callbacks was used to handle all the events.
Template protection using salting method or TemplateProtectionSystem (TPS) was initially developed by creating a "TemplateProtectionSystem.fig" as the main program of this project. The figure was created by opening new GUI in MATLAB as shown in figure 3.0. When GUI was selected, MATLAB will ask the user to select which types of GUIDE template the user want to use, and for this project, the blank GUI (default) was chose as in figure 3.1. GUIDE is the GUI Development Environment. This tool allows a programmer to lay out the GUI, selecting and aligning the GUI components to be placed in it. Once the components are in place, it was edited their properties such as name, color, size, font, text to display, and so forth. When guide saves the GUI, it creates a working program, including skeleton functions where all the coding is modified to implement the behavior of the GUI. The working program was automatically named as "TemplateProtectionSystem.m" as the MATLAB m file. The guide tool and main working program is as shown in Figure 3.2 and Figure 3.3.
Figure 3.0: Creating new MATLAB GUI
Figure 3.1: Selection for GUIDE template
Tab Order Editor
Drag to Resize Design Area
Figure 3.2: The guide / TemplateProtectionSystem.fig tool window.
Figure 3.3: Main working program
The GUI for template protection system was created in two versions. The version A was created for administrator and programmer usage and version B was created for the general user. Between these two versions does not have so much differences, the thing that make it different is on the display of the generated salted hash password and some information about the logical data type comparison. For administrator and programmer usage, the generated salted hash was allowed to be display and for normal user, this generated salted hash was hiding for the security reason. In addition, TPS version A will give information about the logical data type based on Boolean operators and Matlab built in comparing strings function. The GUI components that were used for both versions are roughly about 4 Edit Text, 7 Static Text, 5 Push Button and 5 Axes. Most of the components are using callback to handles the events. Figure 3.4A and Figure 3.4B shows the created GUI components that will be used to handle each event in template protection system.
Figure 3.4A: The completed TPS in guide tool window (Version A)
Figure 3.4B: The completed TPS in guide tool window (Version B)
The algorithm of TPS was created once the GUI layout completed as in Figure 3.4 and Figure 3.5. The main idea on developing this TPS is divided into 3 sections, which are initial identification matching part based on template in database, protection part and authentication part to enable TPS user to view the selected person data. The next subchapter will explained about these three parts briefly.
3.3 Entering Template Protection System (TPS)
Additional login window was created before the user officially accessing the Template Protection System. This system login window will be the first security validation to make sure only TPS authorize user and administrator can access the system. During login event, staff identification number is needed as input to enter the system. If the input match with the password set in the database, then the Template Protection System will automatically appear in the new window. Users are allowed to make trial on inserting their staff ID not more than 2 times. If the wrong input was detected on the third trial, the login button will inactive and prohibited to enter TPS. The login window was created as in Figure 3.5:
Figure 3.5: Initial login window
The algorithm for this login event was develop by using branching statement where if-else statements was used with others MATLAB function. The inserted staffs ID will be match using comparing string function called strcmp. If the match was true, then the executing MATLAB function was called. For the executing function, evalin was applied to execute MATLAB expression in specified workspace. This login window was created for both TPS version. Unauthorized person may not be able to access the system if they don't have the staff ID.
3.4 Development of TPS Algorithms
3.4.1 Initial Identification Matching Part
As planned, the TPS user should insert the identification number and password of the selected person that want to be display, pressing ENTER button, than the system will check either the both particular are correct and matched to the template database or not. So, to develop that idea, the usage of Edit Text component was used to allow the user inserting those particular. The algorithm was created under the pushbutton "ENTER" callback which named as function pushbutton1_Callback (hObject, ~, ~) in MATLAB m files. To implement the matching process between the inserted particular with the template in TPS database, the comparing string function called strcmp was used during the if-else statement. Strcmp compares the string to each element of the cell array. For example, to make the only one identification number and password that can match to the certain template, both particular should be same as created in the algorithm. The sample of matching element was shown in Figure 3.6:
Figure 3.6: Initial identification matching algorithm for TPS
The matching process took place when strcmp ('860923435255', icnumber) compares string '860923435255' to the each element of cell array icnumber, where the string is a character vector (or a 1-by-1 cell array) and icnumber is a cell array of strings and act as input. The function returns the template path, a logical array that is the same size as icnumber and contains logical 1 (true) for those elements of icnumber that are a match, and logical 0 (false) for those elements that are not. This strcmp function is case sensitive in matching strings, so if the user inserts as not the same as the original identification number and password, it cannot match with any path of the template. For the identification number, the Edit Text box was tag as "icnumber" and handles the get (hObject) function. Get (hObject,'String') method will return the value of the property 'String' of the graphics object identified by hObject. This technique was same going with the password entry and matching process, the important is the tag name to identify the graphics objects with a user-specified label. The tag name for the Edit Text box to insert password is "password". Figure 3.7 shows the example of get (hObject) method that applied to identification number and password for receiving input from user.
Figure 3.7: Example method to get input from user
When the authorized user insert the correct identification number and password, and the ENTER pushbutton handle the event, the function axes was used to display the status of database matching. The user acceptance icon in 430x414x3 size jpeg format was used to display when the correct inserted particular was detected while the invalid user icon was used to display at the axes when any one of the particular was wrong and cannot be match with the template database.
For the security enhancement, the algorithm was created with the count method to make sure user cannot insert either identification number or password not more than three times. For further explanation about this, subchapter 220.127.116.11 will explain the limitation of input access. This initial identification matching part was finalize when the status icon display at the bottom of the password edit text box. The next part of TPS is the password strengthening area where in this part; the objective of this thesis took place, which is the development of salting password.
3.4.2 Password Strengthening Area
18.104.22.168 Salt key generator
After inserted clear text password and identification number was successfully matched with the template filename, the clear text password was proposed in this project to be strengthening to improve the security level during the authentication. As the main objective, salting method was applied in this part. For review, salt is a random string of data used to modify a password hash. Salt can be added to the hash to prevent a collision by uniquely identifying a user's password, even if another user in the system has selected the same password. Salt can also be added to make it more difficult for an attacker to break into a system by using password hash-matching strategies because adding salt to a password hash prevents an attacker from testing known dictionary words across the entire system.
In developing the algorithm, salt was created in the separate MATLAB m files. The m file was named as random string. This algorithm was created to generate random string that will represent as a salt key. Random string was created as figure 3.8:
Figure 3.8: Random String (salt key) Algorithm
The algorithm was developed by using the selection scale of ASCII code. ASCII stands for American Standard Code for Information Interchange. Computers can only understand numbers, so an ASCII code is the numerical representation of a character such as 'a' or '@' or an action of some sort. Figure 3.9 shows the completed ASCII table for the reference and better understanding about the character selection on the random string algorithm.
Figure 3.9: ASCII Table
Referring to Figure 3.8, the selection of ASCII character was made at the fifth line of the m files (line 5) where "LetterStore = char (97:122)" coding will decide which part of ASCII table will be selected as a generated string. For this case, only lower case letter want to be used to generate string, so referring to Figure 3.9, the character decimal from number 97 until 122 was chose where the character is a until z to concatenate during the first hashing . After the character range was set, the randomization took place on line 7 (Figure 3.8) where the string was picked randomly in the range of a to z. The length of random string was set to 20 character per generate. This random string algorithm is flexible because the length to generate string can be change easily by changing the (*rand (1, 20)) value on the coding. This generator was named as function RS1 and will be call in the main TPS GUI m file to combine with the clear text password and first hashing later. The character decimal from number 91 until 99 was chose where the character is [ to c to concatenate after the second hashing. The symbol character was picked to be randomizing as a salt key to make the final salted hash password stronger. This second salts was named as function RS2 that will be call in the main TPS algorithm after the second hashing.
22.214.171.124 Password Hashing
Although the salt key algorithm was ready to be concatenate, the salt was not concatenate directly to the clear text password. To make the password more protected, the clear text input password was converted first into a message digest using any of several common hash algorithms. The hashing algorithm was named as "function h = hash (inp,meth)" in MATLAB m files.
In hash algorithm, the input (inp) was set to be supported with char, uint8, logical, double, single, int8, int16, uint16, int32, uint32, int64 and uint64. If the input is a string or uint8 variable, it is hashed as usual for a byte stream. Other classes are converted into their byte-stream values. The h is the hash digest output in hexadecimal notation. To make this algorithm more variety, the hash algorithm (meth) was prepared in many types such as MD2, MD5, SHA-1, SHA-256, SHA-384, or SHA-512. These varieties make the administrator flexible to choose which type of hashing want to be used. Table 3.0 shows the details and differences between those types of hash function.
Table 3.0: Cryptographic hash function
Bitwise operation and shift rotation
Bitwise operation and shift rotation
Bitwise operation and shift rotation
Bitwise operation and shift rotation
Bitwise operation and shift rotation
In the hash function algorithm, TPS administrator can select any one of the hash algorithm to be used by changing the "meth" to MD2, MD5, SHA1, SHA256, SHA384, or SHA512 types. This flexible selection was created by using java package called "java.securty". "java.security.MessageDigest.getInstance (String algorithm)" was imported to the hash function MATLAB m files where this method will compute the input into the selected hash algorithm. This MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA. Message digests are secure one-way hash functions that take random-sized data and output a fixed-length hash value. A MessageDigest object starts out initialized. The data is processed through it using the update methods. At any point reset can be called to reset the digest. Once all the data to be updated has been updated, one of the digest methods should be called to entire the hash computation. The digest method can be called formerly for a given number of updates. After digest has been called, the MessageDigest object is reset to its early state.
Once the hash function algorithm was completely develop, the "h = hash (inp,meth)" function was called under the pushbutton4_callback at the main TPS m files algorithm for further arrangement.
126.96.36.199 Salted Hash Password
Salted Hash password was developed under the pushbutton4_callback. Pushbutton4_callback is represented as the instruction button to generate salted hash password in the TPS. As planned, once the button pressed by the user, the earlier inserted clear text password will be converting to salted hash password that will be used during the template encryption and authentication process to display the user private data on the template.
To improve the security level and the secrecy of hashed password, salt key was not directly concatenate with the clear text password. Template protection system used two level of hashing along with the salt key. The inserted clear text password will be convert to hash first by calling the "h = hash (password,meth)" function and then this hashed password was concatenated with generated random string by using "generatedsaltedpassword = strcat(RS, h)" method. This will produced salt with hash password or called as salted hash password. The salt string was concatenated at the beginning of hash password. The arrangement of salted hash password not ended at this point only. The salted hash password was hashed again by using hash function algorithm. For this second level of hashing, the hash function algorithm was duplicate and rename the second function with "h2 = hash2 (inp,meth)". To import the second function to the main TPS coding, it cannot be the exactly same name with the first hash function. In second level hashing, the input is not clear text password anymore, but the salted hash password will be as the input. Figure 3.10 demonstrate the arrangement of the salted hash password for both level of hashing.
1st hashing, clear text password + hash algorithm
2nd hashing, salted hash + hash algorithm
Figure 3.10: Arrangement of Salted Hash Password
The salted hash password was be hashed for second time to maintain the confidentiality of the hash password. The overall arrangement steps to produce the salted hash password are shown in Figure 3.11. The briefly analysis on the differences between using only one level of hashing with two level hashing was made in the chapter four of this thesis.
Figure 3.11: Overall arrangement steps producing salted hash password
188.8.131.52 Authentication of Generated Salted Hash Password
After the salted hash password was successfully generated, this particular will be the requirement during the final step to protect the template. As the symbolic of protection, encryption algorithm was used along with the generated salted hash. Here the "Protect Template" button took place where the callback was named as "function encrypt_button_Callback(hObject, ~, handles)" in TPS algorithm. Protect Template button can only functioning after the user generate salted hash password.
Under encrypt button function; the original template was encrypted using "imageProcess" algorithm. The template encryption or known as "EncImg" was link with "imageProcess" algorithm and "keyGen" algorithm. Keygen algorithm took place in the early of TPS, during the matching process when the user inserted the identification number and password. Each time the template matched with the identification number and password, the row size of image template will set all to zeros first, and then the row will be multiply with column. Then, the key was divided with vector size of 8 to produce the final key value of first row size. This key size will be used during the encryption and decryption process. On the encryption side, the command used to interrupt the template is EncImg = imageProcess(Img,key) and to decrypt back the protected template, DecImg = imageProcess(EncImg,key) was used.
The most important part in this project is to display the template or in other words to decrypt the template when the user insert the generated salted hash password. All the coding and instruction was developed under function decryptbutton_Callback(hObject, ~, ~). There are some differences in developing comparison scheme this part between TPS version A and version B. For version A, the inserted generated salted hash password is compared by using MATLAB comparing string function, logical data types Boolean expression, and test operation function as shown in Figure 3.12. By using these three methods, the accuracy of matching process is display at the MATLAB command window and workspace for references and system accuracy test. For version B, the input for allowing private template to be display will be match using MATLAB comparing string function as shown in Figure 3.13.
Figure 3.12: Authentication Algorithm to display template (for TPS version A)
Figure 3.13: Authentication Algorithm to display template (for TPS version B)
In MATLAB, strings and substrings can be compared accurately in several ways such as two strings or parts of two strings can be compared for equality, two individual characters can be compared for equality, and strings can be examined to determine whether each character is a letter or whitespace . There are four Matlab functions to compare to strings as a whole like strcmp, strcmpi, strncmp and strncmpi. A few studies have been made and for this TPS project, strcmp function was chosen to compare two strings as a whole for equality. strcmp determines if two strings are identical, including any leading and trailing blanks, and return a true (1) if the strings are identical. Otherwise, it returns a false (0). The advantages of using strcmp are because it can determine the case of letters, and treats 'c' as different to 'C', which give more accuracy for the password authentication. Like the others three MATLAB functions, function strcmpi determines if two strings but it are identical ignoring case, while function strncmp and strncmpi determines if the first n characters of two strings are identical, and ignoring case. strcmp function were used widely in TPS algorithm for both version. Basically Matlab have a few more function that returns a logical result. Table 3.1 shows the rest of MATLAB operations that return a logical true or false. Most mathematics operations are not supported on logical values.
Table 3.1: MATLAB Function that returns a logical result
Setting value toÂ trueÂ orÂ false
Numeric to logical conversion
& (and), | (or), ~ (not),Â xor,Â any,Â all
Short-circuit AND and OR
==Â (eq),Â ~=Â (ne),Â <Â (lt),Â >Â (gt),Â <=Â (le),Â >=Â (ge)
AllÂ is* functions,Â cellfun
strcmp,Â strncmp,Â strcmpi,Â strncmpi
In TPS version A, besides the usage of strcmp function, Boolean or logical expression also has been used for additional analysis and authentication accuracy test as shown in Figure 3.12. Boolean or known as relational operators in MATLAB are operators with two numerical or string operands that yield logical result, depending on the relationship between the two operands . Table 3.2 shows the list of relational operators that able to compare the arithmetic expressions, variables, or strings in MATLAB.
Table 3.2: Relational Operators
Not equal to
Greater than or equal to
Less than or equal to
The equivalence operator was widely used in TPS to make sure user inserting the exactly same as the generated salted hash password. Equivalence operator (==) returns a true value (1) when the two values being compared are equal, and false (0) when the two values being compared are different . Similarly, non-equivalence operator (~=) returns a false (0) when the two values being compared are equal, and a true (1) when the two values being compared are different. This Boolean operators have a weaknesses compare to comparing sting function in MATLAB. Since strings are really arrays of characters, relational operators can only compare two strings if they are of equal length. If they are of unequal lengths, the comparison operation will produce an error .
As additional prove to show a logical result between generated salted hash password with the inserted salted hash password during authentication, MATLAB test operations function (refer to Table 3.1) also have been used. The test operation functions have many types, and for this TPS, "isstrprop" was chose. Function "isstrprop" is to determine whether string is of specified category. isstrprop('str', 'category') returns a logical array the same size as str containing logical 1 (true) where the elements of str belong to the specified category, and logical 0 (false) where they do not. The str input can be a character array, cell array, or any MATLAB numeric type. If str is a cell array, then the return value is a cell array of the same shape as str. Alpha was picked as a category for this case to compare the character pattern between alphabetical and alphanumeric character. This test operation function will set true for those elements of str that is alphabetic.
The string comparison, relational operation, and test operations function was used along with the branching statements method. Branches are MATLAB statements that permit the algorithm to select and execute specific sections of code while skipping other sections of code . The if construct has the form where the control expressions are logical expressions that control the operation of the if construct. Refer to Figure 3.13, if isempty(saltedhash) is true (non-zero), then the program executes the statements in Block 1, and skips to the first executable statement following the end. Otherwise, the program checks for the status of strcmp (saltedhash,saltedhashpassword). If the comparing string function is equal or true (non-zero), then the program executes the statements in Block 2, and skips to the first executable statement following the end. If all control expression are zero, then the program executes the statements in the block associated with else clause.
184.108.40.206 Input Access Limitation
In order to strengthen the security of template protection system (TPS), input access limitation was created on each input requirement in the system. The limitation is made to limit the number of trial to insert the identification number, password, and generated salted password. User only can try inserting those particular not more than three times if they inserted the wrong input. To make this procedure enable, persistent variable was included in most of button callback function in TPS algorithm.
A persistent variable will used to count the number of clicks that have occurred. When a click occurs on the pushbutton, Matlab will call the function TemplateProtectionSystem with pushbutton1_Callback as the first argument. Then function TemplateProtectionSystem will call subfunction pushbutton1_Callback. "handles.count" was used as a counter each time the user click the ENTER push button as shown in Figure 3.14. The count was set to "1" in the initial opening GUI function, and each time user click the push button under the pushbutton callback, the count value will increasing and be display at the MATLAB command window for reference. For this TPS, the maximum count value was set into "2". When the third times the particular inserted, if it is still wrong, the system will sound the buzzer and the error dialog box will appear. The error dialog box was created by applying "errordlg" function in the algorithm and the buzzer warning sound was created by using "wavread" and "sound(y, Fs)" method. The button click counter also has been created under decryptbutton_Callback to limit the trial of inserting generated salted password to display the protected template.
Figure 3.14: Count the number of click method in TPS
The development of template protection system started by validating the identification number and clear text password of the person those want to be display in image template pattern. Both TPS version was completely developed as planned, and the salted hash arrangement has produced a strong password pattern. As developed, the inserted identification number and clear text password will be validating, looking for matching in the database. Then the user has to convert the clear text password by generating salted hash password. Once the template is protected, only the user that knows the correct generated salted hash password able access the information template by inserting the generated salted hash password and pressing the "Show User Data" button to view the information on the template. The flow chart to represent general TPS development and the overall operations for the template protection system are shows in Figure 3.15 and Figure 3.16
Design physical layout for Template Protection System in MATLAB GUIDE
Development of Template Protection System GUI functioning and template matching arrangement
Random string algorithm
Hashing password algorithm
Template Encryption Algorithm
Salted hash password and authentication arrangement in main GUI program
Setting input access limitation under event handling button
TPS VERSION A
Develop additional function for system accuracy test - logical data type method
MATLAB string comparison function
Relational operators / Boolean expression
MATLAB Test operational function
TPS VERSION B
Hiding generated salted hash password
Figure 3.15: General Template Protection System Development
Figure 3.16: TPS operational flow chart