Document

CRYPTOGRAPHY CONTENTS 1. Abstract 2. About project 2.1 Introduction 2.2 Purpose 2.3 Objective 2.4 Scope 2.5 Overview 2.6 Existing System 2.6.1 Disadvantages 2.7 Proposed System 2.7.1 Advantages 3. Project Requirements 3.1 Functional Requirements 3.2 Non-functional Requirements 4. Project Analysis 4.1 Data Flow Diagrams(DFDs) 4.2 UML 5. Project Design 5.1 Architecture 5.1.1 Introduction 5.2 Data Model 5.2.1 Introduction 5.2.2 Data Dictionary 5.3 Application Design 5.3.1 Introduction 5.3.2 Modules 5.3.3 User Interfaces 6. Project Development 6.1 Software Algorithm 6.2 Software Flow Diagrams 7. Testing 8. Conclusion

1

1. ABSTRACTIn the present system the network helps a particular organization to share the data by using external devices. The external devices are used to carry the data. The existing system cannot provide security, which allows an unauthorized user to access the secret files. It also cannot share a single costly printer. Many interrupts may occur with in the system. In this project the networking allows a company to share files or data with out using some external devices to carry the data. Similarly a company can share a single costly printer. Though it is advantageous we have numerous disadvantageous, some body writes a program and can make the costly printer to misprint the data. Similarly some unauthorized user may get access over the network and may perform any illegal functions like deleting some of the sensitive information like employee salary details, while they are in transactions. Security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be someway to protect the data from them and even if he hacks the information, he should not be able to understand whats the actual information in the file, which is the main intention of the project. The project is designed to protect the sensitive information while it is in transaction in the network. There are many chances that an unauthorized person can have an access over the network in someway and can access this sensitive information. The project uses the strong secured algorithms that enables and guarantees the security of the information in the network.

2

2. ABOUT PROJECT2.1 INTRODUCTION:

The Encryption and Decryption are two powerful security technologies that are widely used to protect the data from loss and inadvertent or deliberate compromise. Businesses today are focused on the importance of securing customer and business data. Increasing regulatory requirements are driving need for security of data. Cryptography is the technique used to secure the data while they are in transactions. Encryption and Decryption are two techniques used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. In this project the networking allows a company to share files or data with out using external devices. At the same time some unauthorized users may get access over the network and perform some illegal functions like deleting files while they are in transaction at that time encryption and decryption techniques are used to secure the data. The project uses the strong secured algorithms that enables and guarantees the security of information in the network.

2.2

PURPOSE:

The main purpose of the project is to secure the data while it is in transaction in the network. The project Data Encryption and Decryption shows how the sensitive information must be protected from unauthorized users by providing Cryptographic techniques which constitutes the algorithms for encryption and decryption that intends to ensure the secrecy and authenticity of messages.

2.3

OBJECTIVE:

The main objective of this article is to bring out key approaches that are involved in the Encryption and Decryption of data in the way to make an application secure by designing of the Encryption and Decryption algorithms. Encryption offers the looking of particular data, where Decryption is the process that unlocks the data.

2.4

SCOPE:

With the rapid development of Multimedia data management technologies over the internet there is need to concern about the internet there is need to concern about the security and privacy of information. In multimedia document, dissipation and sharing of data is becoming a common practice for internet based application and enterprises. As the internet forms the open source the present for all users security forms the critical issue. Hence the transfer of information over the internet forms the critical issue. At the present situations the cryptographic techniques are used for providing SECURITY. Cryptography constitutes Encryption and Decryption.

2.5

PROJECT PERSPECTIVE:

3

The project Data Encryption Techniques is totally enhanced with the features that enable us to feel the real-time environment. Todays world is mostly employing the latest networking techniques instead of using stand-alone pcs. Encryption or information scrambling, technology is an important security tool. By properly applying, it can provide a secure communication channel even when the underlying system and network infrastructure is not secure. This is particularly important when data passes through the shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data and especially passwords should be encrypted in order to protect it from unintended disclosure or modification.

2.6

EXISTING SYSTEM:

In the physical system the network helps a particular organization to share the data by using external devices. The external devices are used to carry data. The existing system cannot provide security, which allows an unauthorized user to access the secret files. It also cannot share a single costly printer, many interrupts may occur with in the system.

2.6.1

DISADVANTAGES:The existing system cannot provide security. It allows an unauthorized user to access the secret files.

2.7

PROPOSED SYSTEM:

In this system security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information, he/she should not be able to understand whats the actual information in the file, which is the main intention of the project.

2.7.1 ADVANTAGES:

The proposed system provides the security and it does not allow unauthorized users to access the secret files. As per the ISO standards the security parameters are: o o o o o Confidentiality Authentication Integrity Key distribution Access control

CONFIDENTIALITY:Confidentiality is the protection of transmitted data from passive attacks. It can protect the data from unauthorized disclosure.

AUTHENTICATION:-

4

A process used to verify the integrity of the transmitted data, especially a message. It is the process of proving ones identity to someone else.

INTEGRITY:The sender and the receiver want to ensure that the content of their communication is not altered during transmission.

KEY DISTRIBUTION:Key distribution is a term that refers to the means of delivering a key to the communicating parties, with out allowing others to see the key.

ACCESS CONTROL:It is a ability to limit and control the access to host systems and applications via communication links.

5

3.3.1

PROJECT REQUIREMENTSFUNCTIONAL REQUIREMENTS:

Security is the term that comes into picture when some important or some sensitive information must be protected from an unauthorized users. Today, the maximum of the worlds population is using computers to access their required information in some form of the networked systems. Some are accessing through the worlds famous Internet and some through the different networks like LAN, WAN etc. The two types of securities are: 1. System Security 2. Network Security

System Security:Protecting the data and files with in the system.

Network Security:Protecting sensitive information while it is in the transaction in the network. If there is no security, then there are many chances that an unauthorized person can have access over the network in some way and can access this sensitive information. For example: Sys1 Sys2

Third person In the above diagram that sys1 and sys2 are transmit the data simultaneously. Here, third person will comes into picture, sys1 transmit the data to the third person correctly and the third person will transmit the data sys2 is wrong. In this we protect the data and the data will send to the system correctly. The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization lock for storing sensitive documents. An example of the latter is personnel screening procedures used during the hiring process. The first and foremost, security for this sensitive information especially the case for a shared system, such as time-sharing system, is even more accurate for systems that can be accessed over a public telephone network, data network, or the Internet. To protect data and to thwart hackers is known as computer security. Secondly, the change that affected security is the introduction of distributed systems and the use of networks and communication facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission.

6

Before we proceed, there are some considerations how Information can be threatened to access from an unauthorized person, what we call as Security Threats. Some of them are shown as under:

Information Source

(a) Normalflow

Information Destination

(b) Interruption

(c) Interception

(d) Modification

7

(e) Fabricat ionThe figure (a) shown is the normal flow of the information describing how the actual data is sent from sender to receiver. The following respective figures are described as below:

Interruption: This is the type of security threat in which the sender thinks that he has successfully sent his file to the receiver. The receiver is unaware of the information and he might think that the sender has not yet sent the file. Interception: In this, an unauthorized party gains access to an asset. This is an attack on confidentiality. The unauthorized party could be a person, a program, or a computer. Examples include wiretapping to capture data in a network and the illicit copying of files or programs. Modification: In this, an unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of messages being transmitted in a network. Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file.The assets mentioned above may be one of the following: Hardware Software Data and Communication lines and Networks

Note: - Our project is limited to the assets - Software and Data. We are not at all concerned with Hardware and Communication lines and networks.

Attacks:

8

An assault on system security that derives from an intelligent threat. Security attacks can be categorized into:

1. Passive attack:A passive attack attempts to learn or make use of information but does not change the data. It can be classified into two types. They are Release of message contents Traffic analysis

Passive attacks are very difficult to detect because they do not involve any alteration of data. The emphasis in dealing with passive attacks is on prevention rather than detection.

2. Active attack:In active attacks, data is not only copied but also altered. It can be classified into four categories: Masquerade Replay Modification of message Denial of service

ENCRYPTION is a procedure that involves a mathematical transformation into scrambled gobbledygook, called Cipher text. The computational process (an algorithm) uses a key, actually just a big number associated with a password or pass phrase to compute or convert plaintext into cipher text with numbers or strings of characters. The resulting encrypted text is decipherable only by the holder of the corresponding key. This deciphering process is also called DECRYPTION. There are many different and incompatible encryption techniques available, and not all the software we need to use implants a common approach. One very important feature of a good encryption scheme is the ability to specify a key or password of some kind, and have the encryption method alter itself such that each key or password produces a different encrypted output, which requires unique Key or Password to decrypt. Ek [M] = C This can either be a symmetrical Key (both encrypt and decrypt use the same key) or Asymmetrical Key (Encryption and decryption uses different key). The Encryption Key, the public Key is significantly different from the Decryption Key, the Private Key such that attempting to derive the Private Key from the Public Key involves many hours of computing time making if impractical at the best. Decryption of the data is also the other module which is implemented at the receiver. When the encrypted data or a file is reached at the receiver then the data has to be decrypted so that the information can be viewed by the Client/User. DK [EK[m]] =M

9

There are two approaches to Encrypt and Decrypt the data: 1. 2. Private or Symmetric key Encryption Public or Asymmetric Key Encryption

Private Key Encryption:In Private Key encryption, a single key is used for both the encryption and decryption of the data; this key is called private key. In this approach, the business partners who are involved in the transactions should keep the key secret. The private key approach has limitations in terms of generating and Maintaining separate private keys for each customer.

LIMITATIONS:

The organization has to maintain a separate key for each customer. It should maintain many numbers of keys when the potential of business transactions increases. The exchange of a secret key should be very confidential, otherwise hackers can misuse it.

Public or Asymmetric key Encryption:Public key Encryption is one that contains two keys: o o Public Key Private Key

They are used for Encryption and decryption of the data. Public key is freely available key that is used for the Encryption and private key is the master key used for decryption of the encrypted data. The private key is not exposed to the outside world and it is kept secret. Key generation tools are used to generate this pair of keys. Public key encryption is critical for the development of secure, distributed application. It provides the best and most efficient mechanism to maintain the confidentiality of data. It is a proven encryption approach that provides key distribution among the shared parties.

Cipher text KB+ (m) Plaintext message Encryption Algorithm A Decryption Algorithm B Plaintext message

10

m = K B+ = K B- =

KB-(KB+ (m)) public encryption key private decryption key

BENEFITS: It guarantees the confidentiality of data transfer across untrusted networks. Public Key Encryption is best suited for an organization that has a huge number of customers and many applications are deployed to support secure transactions. Public Key Cryptography is a proven approach for commercial applications/E-economics sites that are using credit card transactions over the internet.

LIMITATIONS: Public Key Encryption is relatively expensive, and is not suited to encrypting large volumes of data. Though the Web services needs encryption data that is exchanged among services, traditional public key cryptography is not an exact fit to the Web services model; In the Web services model we need only a set of services parameters to be encrypted. The encryption of whole XML documents causes parsing problems when it is decrypted. So, we have to apply the encryption strategies that are design for XML.

CRYPTOGRAPHIC COMPONENTS

Plaintext, p

Encryptio n algorithm

Cipher text, c Channe l

Decrypti on algorithm

Plaintext

Encryption Key, K EK[p]=C

Trudy

Decryption Key, K DK[EK[p]] =P

DES ALGORITHM S_DES (Simplified Data Encryption standard):

11

The S-DES encryption algorithm takes an 8-bit block of plaintext and a 10-bit key as input and produces an 8-bit block of cipher text as output. The S-DES decryption algorithm takes an 8-bit block of cipher text and the same 10-bit key used to produce that cipher text as input and produces the original 8-bit block of plaintext. The encryption algorithm involves five functions: an initial permutation (IP); a complex function labeled fk, which involves both permutation and substitution operations and depends on a key input; a simple permutation function that switches (SW) the two halves of the data; the function fk again; and finally a permutation function that is the inverse of the initial permutation. The function fk takes as input not only the data passing through the encryption algorithm, but also an 8-bit key. The algorithm could have been designed to work with a 16-bit key, consisting of two 8-bit sub keys, one used for each occurrence of fk. Alternatively, a single 8-bit key could have been used, with the same key used twice in the algorithm. A compromise is to use a 10-bit key from which two 8-bit sub keys are generated, as depicted in the figure. In this case, the key is first subjected to a permutation (P10). Then a shift operation is performed. The output of the shift operation then passes through a permutation function that produces an 8-bit output (P8) for the first sub keys (K1). The output of the shift operation also feeds into another shift and another instance of P8 to produce the second sub key (K2). We can concisely express the encryption algorithm as a composition of functions: (IP)-1 * fk2 * SW * fk1 * IP This can also be written as Cipher text= (IP)-1(fk2 (SW (fk1 (IP (plain text))))) Where K1=P8 (shift (P10 (key))) K2 =P8 (shift (shift (P10 (key)))) Decryption is also shown in the figure and is essentially the reverse of encryption: Plain text= (IP)-1(fk1 (SW (fk2 (IP (cipher text)))))

12

S-DES Key Generation:S-DES depends on the use of a 10-bit key shared between sender and receiver. From this key, two 8-bit sub keys are produced for use in particular stages of the encryption and decryption algorithm. First, permute the key in the following fashion. Let the 10-key be designated as (k1,k2,k3,k4,k5,k6,k7,k8,k9,k10). Then the permutation P10is defined as P10(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k3,k5,k2,k7,k4,k0,k1,k9,k8,k6) P10 can be concisely defined by the following display:

This table is read from left to right; each position in the table gives the identity of the input bit that produces the produces the output bit in that position. So the first output bit is bit 3 of the input; the second output bit is bit 5 of the input, and so on. Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following rule:

13

The result is sub key 1 (K1). We then go back to the pair of 5-bit strings produced by the two LS-1 function perform a circular left shift of 2 bit positions on each string.

S-DES Encryption:Encryption involves the sequential applications of five functions. examine each of these. We

14

Initial and Final Permutations:The input to the algorithm is an 8-bit block of plain text, which we first permute using the IP function: IP 2 6 3 1 4 8 5 7

This retains all 8 bits of the plaintext but mixes them up. At the end of the algorithm, the inverse permutation is used: It is easy to show by example that the second permutation is indeed the reverse of the first; that is, (IP)-1(IP(X)) =X.

The Function fkThe most complex company of S-DES is the function fk, which consists of a combination of permutation and substitution functions. The functions can be expressed as follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8bit input to fk, and let F be a mapping from 4-bit string to 4-bit string.

15

Then we let fk (L, R) = (L XOR F(R, SK), R) where SK is a sub key and XOR is the bit-by-bit exclusive-OR function. Expansion/Permutation: And it uses two so-called s-boxes, S0 and S1. Here is S0

E/P 4 1 2 3 2 3 4 1

IP-1 4 1 3 5 7 2 8 6

And here is S0:

And here is S1:

16

The first 4 bits are fed into the S-box S0 to produce a 2-bit output, and the remaining 4 bits are fed into S1 to produce another 2-bit output. The S-boxes operates as follows. The first and fourth input bits are treated as a two bit number that specify a row of the S-box, and the second and third input bits specify a column of the S-box. The entry in that row and column, in base 2, is the 2bit output. Next, the 4 bits produced by S0 and S1 undergo a further permutation as Follows: P4 2 4 3 1

The output of the P4 is the output of the function F.

The Switch Function:The function fk only alters the leftmost 4 bits of the input. The switch function (SW) interchanges the left and right 4 bits so that the second instance of fk operates on a different 4 bits. In this second instance, the E/P, S0, S1, and P4 functions are the same. The key input is K2.

S-DES Decryption:As with any, decryption uses the same algorithm as encryption, except that the application of the sub keys is reserved.

DATA ENCRYPTION STANDARDThe most widely used encryption scheme is based on Data Encryption Standard (DES) adapted in 1977 by the National Bureau of Standards, now National Institute of Standards and Technology (NIST), as Federal Information processing standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption. The DES enjoys widespread use. It has also been the subject of much controversy concerning how secure the DES is. In the late 1960s, IBM setup a research project in computer cryptography led by Horst Feistel. The project concluded in 1971 with the development of algorithm with the designation LUCIFER, which was sold to Lloyds of London for use in a cashdispensing system, also developed by IBM. LUCIFER is a Feistel block cipher that operates on blocks of 64 bits, using a key size of 128 bits. In 1973, the National Bureau of Standards (NBS) issued a request for proposals for a national cipher standard. IBM submitted the results of its TuchmanMeyer project. This was by far the best algorithm proposed and was adopted in 1977 as the Data Encryption Standard. Before its adoption as a standard, the proposed DES was subjected to intense criticism, which has not subsided to this day. Two areas drew the critics fire. First,

17

the key length in IBMs original LUCIFER algorithm was 128 bits, but that of the proposed system was only 56 bits, an enormous reduction in key size of 72 bits. Critics feared that this key length was too short to withstand Brute Force attacks. The second area of concern was that the design criteria for the internal structure of DES, the S-boxes, were classified. Thus users could not be sure that the internal structure of DES was free of any hidden weak points that would enable NSA decipher messages without benefit of the key. Subsequent events, particularly the recent work on differential cryptanalysis, seem to indicate that DES has a very strong internal structure. Furthermore, according to IBM participants, the only changes that were made to the proposal were changes to the S-boxes, suggested by NSA that removed vulnerabilities identified the course of the evaluation process.

DES ENCRYPTION:The overall scheme for DES encryption is illustrated in Figure below. As with any encryption scheme, there are two inputs to the encryption function: the plain text to be encrypted and the key. In this case, the plain text must be 64 bits in length and the key is 56 bits in length. Looking at the left hand side of the figure, we can see the processing of the plain text proceeds in three phases. First, the 64-bit plain text passes through an initial permutation (IP) that rearranges the bits to produce the permuted input. This is

followed by a phase consisting of 16 rounds of the same function, which involves

18

both permutation and substitution functions. The output of the last (sixteen) round consists of 64 bits that are a function of the input plain text and the key. The left and right halves of the output are swapped to produce the Pre-output. Finally, the preoutput is passed through a permutation (IP-1) that is the inverse of the initial permutation function, to produce the 64-bit cipher text. With the exception of the initial and final permutations, DES has the exact structure of Feistel cipher, as shown in the figure. The right-hand portion of fig above shows the way in which the 56-bit key is used. Initially, the key is passed through a permutation function. Then, for each of the 16 rounds, a sub key (Ki) is produced by the combination of a left circular shift and a permutation. The permutation function is the same for each round, but a different sub key is produced because of the repeated iteration of the key bit.

Initial Permutation:Tables as shown in tables below define the initial permutation and its inverse. The tables are to be interpreted as follows. The input to a table consists of 64 bits numbered from 1 to 64. The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the position of a numbered input bit in the output, which also consists of 64 bits. To see that these two permutation functions are needed in the inverse of each other, consider the following 64-bit input M: M1 M9 M17 M25 M33 M41 M49 M57 M2 M10 M18 M26 M34 M42 M50 M58 M3 M11 M19 M27 M35 M43 M51 M59 M4 M12 M20 M28 M36 M44 M52 M60 M5 M13 M21 M29 M37 M45 M53 M61 M6 M14 M22 M30 M38 M46 M54 M62 M7 M15 M23 M31 M39 M47 M55 M63 M8 M16 M24 M32 M40 M48 M56 M64

Where Mi is a binary digit. Then the permutation X = IP (M) is as follows: M58 M60 M62 M64 M57 M59 M61 M63 M50 M52 M54 M56 M49 M51 M53 M55 M42 M44 M46 M48 M41 M43 M45 M47 M34 M36 M38 M40 M33 M35 M37 M39 M26 M28 M30 M32 M25 M27 M29 M31 M18 M20 M22 M24 M17 M19 M21 M23 M10 M12 M14 M16 M9 M11 M13 M15 M2 M4 M6 M8 M1 M3 M5 M7

If we then take the inverse permutation Y= IP-1 (IP (M)), it can be seen that the original ordering of the bits is restored.

19

Details of Single Round:

Figure: show the internal structure of a single round. Again, begin by focusing on the left hand side of the diagram. A left and right half of each 64-bit intermediate value is treated as separate 32-bit quantities, labeled L (left) and R (right). The overall processing at each round can be summarized in the following formulas: Li = Ri-1 Ri = Li-1 XOR F (Ri-1, Ki)

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the R bits. Resulting 48 bits are XOR ed with Ki. This 48-bit result passes through a substitution function that produces a 32-bit output, which is permuted as defined by table. The role of the S-boxes in the function F is illustrated in Figure. The substitution consists of a set of eight S-boxes each of which accepts 6 bits as input and produces 4 bits as output. The first and last bits of the input to box S i form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for Si. The middle four bits select one of the sixteen columns. The decimal value in

20

the cell selected by the row and column is then converted to its 4-bit representation to produce the output.

R (32) ) bits)

E K48 Bits

(48) ) bits)

+

S1

S2

S

S4

S5

S6

S7

S8

P32 Bits

Calculation of F(R, K) Each row of an S-box defines a general reversible substitution. Figure may be useful in understanding the mapping. The figure shows the substitution for row 0 of box S1.

21

The operation of the S-boxes is worth further comment. Ignore for the moment the contribution of the key (Ki). If you examine the expansion table, you see that the 32 bits of input are split into groups of 4 bits, and then become groups of 6 bits by taking the outer bits from the two adjacent groups. For example, if part of the input word is .efgh ijkl mnop this becomes defrghi hijklm imnopq The outer two bits of each group select one of four possible substitutions. Then a 4-bit output value is substituted for the particular 4-bit input. The 32-bit output from the eight S-boxes is then permuted, so that on the next round the output from each B-box immediately affects as many others as possible.

KEY GENERATION:Returning to fig, we see that a 64-bit key used as input to the algorithm. The bits of the key are numbered from 1 through 64; every eight bit is ignored, as indicated by the lack of shading in table. This is first subjected to a permutation governed by table labeled Permuted Choice One. The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0. At each round, Ci-1 and Di-1 are separately separated to a circular shift, or rotation of 1 or 2 bits, as governed by Table. These shifted values serve as input to the next round. They also serve as input to Permuted Choice Two, which produces a 48-bit output that serves as input to the function F (Ri-1, Ki)

DES ENCRYPTION:As with any decryption uses the same algorithm as encryption, except that the application of the sub keys is reserved. RSA ALGORITHM The RSA algorithm is named after Ron Rivest, AdiL Shamir and Len Adleman, who invented it in 1977. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.

Contents Key generation algorithm Encryption Decryption Digital signing Signature verification Notes on practical application Summary of RSA Computational efficiency and the Chinese Remainder Theorem Theory and proof of the RSA algorithm A very simple example

22

Key Generation Algorithm:

1. Generate two large random primes, p and q, of approximately equal size suchthat their product n = PQ is of the required bit length, e.g. 1024 bits. 2. Compute n = p.q and () phi = (p-1)(q-1). 3. Choose an integer e, 1 < e < phi, such that gcd (e, phi) = 1.

4. Compute the secret exponent d, 1 < d < phi, such that 5.ed 1 (mod phi). The public key is (n, e) and the private key is (n, d). The values of p, q, and phi should also be kept secret.

a. n is known as the modulus. b. e is known as the public exponent or encryption exponent c. d is known as the secret exponent or decryption exponent.EncryptionSender A does the following: 1. Obtains the recipient B's public key (n, e). 2. Represents the plaintext message as a positive integer m 3. Computes the cipher text c = m^e mod n. 4. Sends the cipher text c to B.

DecryptionRecipient B does the following: 1. Uses his private key (n, d) to compute m = c^d mod n.

2. Extracts the plaintext from the integer representative m.Summary of RSA n = pq where p and q are distinct primes. phi, = (p-1)(q-1) e < n such that gcd(e, phi)=1 d = e^-1 mod phi. c = m^e mod n. m = c^d mod n.

A very simple example of RSA encryptionThis is an extremely simple example using numbers you can work out on a pocket calculator (those of you over the age of 35 can probably even do it by hand on paper).

1.

Select primes p=11, q=3. 23

2. n=pq=11.3=33 phi = (p-1)(q-1) = 10.2 = 20 3. Choose e=3Check gcd (e, p-1) = gcd (3, 10) = 1 (i.e. 3 and 10 have no common factors except 1), and check gcd (e, q-1) = gcd (3, 2) = 1 therefore gcd (e, phi) = gcd (e, (p-1)(q-1)) = gcd (3, 20) = 1

4.

Compute d such that Ed 1 (mod phi) i.e. compute d = e^-1 mod phi = 3^-1 mod 20 i.e. Find a value for d such that phi divides (ed-1) i.e. find d such that 20 divides 3d-1. Simple testing (d = 1, 2) gives d = 7 Check: ed-1 = 3.7 - 1 = 20, which is divisible by phi. 5. Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7). This is actually the smallest possible value for the modulus n for which the RSA algorithm works. Now say we want to encrypt the message m = 7, c = m^e mod n = 7^3 mod 33 = 343 mod 33 = 13. Hence the cipher text c = 13. To check decryption we compute m' = coda mod n = 13^7 mod 33 = 7. Note that we don't have to calculate the full value of 13 to the power 7 here. We can make use of the fact that a = bC mod n = (b mod n). (C mod n) mod n so we can break down a potentially large number into its components and combine the results of easier, smaller calculations to calculate the final value. One way of calculating m' is as follows: m' = 13^7 mod 33 = 13^(3+3+1) mod 33 = 13^3.13^3.13 mod 33 = (13^3 mod 33).(13^3 mod 33).(13 mod 33) mod 33 = (2197 mod 33).(2197 mod 33).(13 mod 33) mod 33 = 19.19.13 mod 33 = 4693 mod 33 = 7. Now if we calculate the cipher text c for all the possible values of m (0 to 32), we get M 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 C 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4 M 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 C 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32 Note that all 33 values of m (0 to 32) map to a unique code c in the same range in a sort of random manner. In this case we have nine values of m that map to the same value of c - these are known as unconcealed messages. M = 0 and 1 will always do this for any N, no matter how large. But in practice, higher values shouldn't be a problem when we use large values for N. If we wanted to use this system to keep secrets, we could let A=2, B=3, Z=27. (We specifically avoid 0 and 1 here for the reason given above). Thus the plaintext message "HELLOWORLD" would be represented by the set of integers m1, m2, ...

24

{9,6,13,13,16,24,16,19,13,5} Using our table above, we obtain cipher text integers c1, c2, ... {3,18,19,19,4,30,4,28,19,26} Note that this example is no more secured than using a simple Caesar substitution cipher, but it serves to illustrate a simple example of the mechanics of RSA encryption.

Remember that calculating m^e mod n is easy, but calculating the inverse c^-e mod ^n is very difficult, well, for large n's anyway. However, if we can factor n into its prime factors p and q, the solution becomes easy again, even for large n's. Obviously, if we can get hold of the secret exponent d, the solution is easy, too.

3.2

CONFIGURATION (NON-FUNCTIONAL REQURIMENTS): Hardware requirements:Processor Hard disk RAM Monitor Mouse Keyboard Mother board Pentium-III(1.80GHz) 20GB 128MB ZENITH ZENITH ZENITH

Network devices:LAN

Software requirements:Application logic Database logic Business logic Web server : : : : HTML, JavaScript. Oracle 9i.

Java, JDBC, JSP. Tomcat 5.5.

JSP Architecture:JSPs are built on top of SUNs servlet technology. JSPs are essential an HTML page with special JSP tags embedded. These JSP tags can contain Java code. The JSP file extension is .jsp rather than .htm or .html. The JSP engine parses the .jsp and creates a Java servlet source file. It then compiles the source file into a class file; this is done the first time and this why the JSP is probably slower the first time it is accessed. Any time after this the special compiled servlet is executed and is therefore returns faster.

25

1. The user goes to a web site made using JSP. The user goes to a JSP page (ending with .jsp). The web browser makes the request via the Internet. 2. The JSP request gets sent to the Web server. 3. The Web server recognizes that the file required is special (.jsp), therefore passes the JSP filed to the JSP Servlet Engine. 4. If the JSP file has been called the first time, the JSP file is parsed, otherwise go to step 7. 5. The next step is to generate a special Servlet from the JSP file. The entire HTML required is converted to println statements. 6. The Servlet source code is compiled into a class. 7. The Servlet is instantiated, calling the init and service methods. 8. HTML from the Servlet output is sent via the Internet. 9. HTML results are displayed on the users web browser. JSP Tags: There are four main tags: 1. Declaration tag 2. Expression tag 3. Directive Tag 4. Scriplet tag 5. Action tag

26

Declaration tag ( ) This tag allows the developer to declare variables or methods. Before the declaration you must have . Code placed in this tag must end in a semicolon ( ; ). Declarations do not generate output so are used with JSP expressions or scriptlets. For Example, Expression tag ( ) This tag allows the developer to embed any Java expression and is short for out.println(). A semicolon ( ; ) does not appear at the end of the code inside the tag. For example, to show the current date and time. Date : Directive tag () There are three main types of directives: 1) page processing information for this page. 2) Include files to be included. 3) Tag library tag library to be used in this page. Directives do not produce any visible output when the page is requested but change the way the JSP Engine processes the page.

Page directiveThis directive has 11 optional attributes that provide the JSP Engine with special processing information.

27

Include directiveAllows a JSP developer to include contents of a file inside another. Typically include files are used for navigation, tables, headers and footers that are common to multiple pages. Two examples of using include files: This includes the html from privacy.html found in the include directory into the current jsp page. or Include a navigation menu (jsp file) found in the current directory. Include files are discussed in more detail in the later sections of this tutorial.

28

Tag Lib directiveA tag lib is a collection of custom tags that can be used by the page. Custom tags were introduced in JSP 1.1 and allow JSP developers to hide complex server side code from web designers. Scriptlet tag ( ) Between tags, any valid Java code is called a Scriptlet. This code can access any variable or bean declared. For example, to print a variable.

Comments()JSP comments start with , and are not included in the out put web page. If you need to include comments in the source of the output page, use the HTML comments, which start with .

ActionsJSP actions provide runtime instructions to the JSP containers. For example, a JSP action can include a file, forward a request to another page, or create an instance of a JavaBeans. include forward useBean plugin param

Include versus jsp:includeThe include directive adds the content of the included page at the time of compilation, while jsp:include action does it at included page at runtime. Jsp:include flexibility to JSP, because the decision about what page to include can be made based on the users actions or other events that may take place when the web application is already running. Syntax:

29

Implicit Objects There are 9 implicit objects in JSP request response out session exception page pageContext application config request: This variable points at HttpServletRequest. response: Use this variable to access the HttpServletResponse object. out: This variable represents the JSPWriter class, which has the same functionality as the PrintWriter class in servlets. JDBC Driver -> ODBC Driver -> Database There is some overhead associated with the translation work to go from JDBC to ODBC.

Advantages:

30

Almost any database for which ODBC driver is installed, can be accessed.

Disadvantages: Performance overhead since the calls have to go through the JDBC overhead bridge to the ODBC driver, then to the native db connectivity interface. The ODBC driver needs to be installed on the client machine. Considering the client-side software needed, this might not be suitable for applets.

Type 2 Driver: Native-API Driver This type of driver converts JDBC calls into calls to the client API for that database. Client -> JDBC Driver -> Vendor Client DB Library -> Database

Advantage:Better performance than Type 1 since no jdbc to odbc translation is needed.

Disadvantages: The vendor client library needs to be installed on the client machine. Cannot be used in internet due the client side software needed. Not all databases give the client side library.

Type 3 driver: Open Net Protocol DriverIt follows a three tier communication approach. It can interfere to multiple databases - Not vendor specific. The JDBC Client driver written in java, communicates with a middleware-net-server using a database independent protocol, and then this net server translates this request into database commands for that database. Thus the client driver to middleware communication is database independent. Client -> JDBC Driver -> Middleware-Net Server -> Any Database

Advantages: Since the communication between client and the middleware server is database independent, there is no need for the vendor db library on the client machine. Also the client to middleware neednt be changed for a new database. The Middleware Server (Can be a full fledged J2EE Application server) can provide typical middleware services like caching (connections, query results, and so on), load balancing, logging, auditing etc.. eg. for the above include jdbc driver features in Web logic. Can be used in internet since there is no client side software needed.

31

At client side a single driver can handle any database. (It works provided the middleware supports that database!!)

Disadvantages:Requires database-specific coding to be done in the middle tier. An extra layer added may result in a time-bottleneck. But typically this is overcome by providing efficient middleware services described above.

Type 4: Proprietary Net protocol driverType 4 drivers are entirely written in Java that communicates directly with vendor's database through socket connection. Here no translation or middleware layer, are required which improves performance. The driver converts JDBC calls into the vendor-specific database protocol so that client applications can communicate directly with the database server. Completely implemented in Java to achieve platform independence. e.g include the widely used Oracle thin driver oracle.jdbc.driver. OracleDriver which connect to jdbc: oracle: thin URL format. Client Machine -> Native protocol JDBC Driver -> Database server Advantages: These drivers don't translate the requests into db request to ODBC or pass it to client api for the db, nor do they need a middleware layer for request indirection. Thus the performance is considerably improved. Disadvantage: At client side, a separate driver is needed for each database. JAVAS SUPPORT FOR JDBC:Javas support for JDBC comes from a set of interfaces and classes defined in the java.sql package. These interfaces and classes are listed below. Interfaces: Interface Interface Interface Interface Interface Interface CallableStatement Connection DatabaseMetaData Driver PreparedStatement ResultSet

32

Interface ResultSetMetaData Interface Statement Classes: Class Class Class Class Class Class Date DriverManager DriverPropertyInfo Time TimeStamp Types

These interfaces are DBMS specific and are implemented in the driver specific to a DBMS by the driver vendor. These interfaces and classes defined many methods. These interfaces, classes and methods in them are so interconnected and interrelated that while discussing an interface or a class. Callable Statement Interface:Callable Statement interface extends Prepared Statement interface. Callable Statement interface can be used to execute stored SQL procedures in a database. These procedures may be taking some input parameters and giving some output values. Connection Interface:The connection interface is used to establish a connection to the database we want to access. The main use of Connection interface is to create Statement objects. Prepared Statement Interface:Prepared Statement interface extends Statement interface. Statement interface is used to pass parameters into SQL Statement. Prepared

Since it is extending the Statement interface, all the methods available in Statement interface are available to Prepared Statement interface. In addition, several other methods are available in Prepared Statement interface. Result Set Interface:As a result of execution of an SQL statement, one or more tables of data may be generated. The methods in the Result Set interface can be used to retrieve these data. The Result Set interface defines many more methods.

next () method reads the current row of data and positions the result set pointer to the next row. Initially, the result set pointer is on the first row. The next () method returns a false value if the currently pointing row is empty. getString(int index) method returns the string value stored in column with index number index from the row just read using the next() method. Columns are indexed 1, 2, 3, 4

33

get String (String colname) does the same operation like its counterpart String getString(int index). The only difference is that instead of referencing the column by its index number, the column is referenced by its name.

The getType methods are available for all Java data types in the Result Set interface. Statement Interface:The Statement interface is used to send SQL queries to the database and retrieve a set of data. SQL statements can be queries, updates, insertions, deletions etc. The Statement interface provides a number of methods.

Driver Manager Class:The Driver Manager class controls the loading of driver specific classes. Drivers are implemented as a set of .class files. Drivers are registered with the Driver Manager class either at initialization of Driver Manager or when an instance of a driver is created using the Driver Manager Class method register Driver. When Driver Manager Class is loaded, a section of static code is run and the class names of drivers listed in the java property named jdbc. Drivers are loaded. This system variable can be used to define a list of colon separated driver class names.

34

4. PROJECT ANALYSIS4.1 DATAFLOW DIAGRAMS (DFDs):

A data flow diagram is graphical tool used to describe and analyze movement of data through a system. These are the central tool and the basis from which the other components are developed. The transformation of data from input to output, through processed, may be described logically and independently of physical components associated with the system. These are known as the logical data flow diagrams. The physical data flow diagrams show the actual implements and movement of data between people, departments and workstations. A full description of a system actually consists of a set of data flow diagrams. Using two familiar notations Yourdon, Gain and Samson notation develops the data flow diagrams. Each component in a DFD is labeled with a descriptive name. Process is further identified with a number that will be used for identification purpose. The development of DFDs is done in several levels. Each process in lower level diagrams can be broken down into a more detailed DFD in the next level. The lop-level diagram is often called context diagram. It consists a single process bit, which plays vital role in studying the current system. The process in the context level diagram is exploded into other process at the first level DFD. The idea behind the explosion of a process into more process is that understanding at one level of detail is exploded into greater detail at the next level. This is done until further explosion is necessary and an adequate amount of detail is described for analyst to understand the process. Larry Constantine first developed the DFD as a way of expressing system requirements in a graphical from, this lead to the modular design. A DFD is also known as a bubble Chart has the purpose of clarifying system requirements and identifying major transformations that will become programs in system design. So it is the starting point of the design to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in the system. TYPES OF DATA FLOW DIAGRAMS Current Physical Current Logical New Logical New Physical

35

CURRENT PHYSICAL: In Current Physical DFD process label include the name of people or their positions or the names of computer systems that might provide some of the overall system-processing label includes an identification of the technology used to process the data. Similarly data flows and data stores are often labels with the names of the actual physical media on which data are stored such as file folders, computer files, business forms or computer tapes. CURRENT LOGICAL: The physical aspects at the system are removed as mush as possible so that the current system is reduced to its essence to the data and the processors that transforms them regardless of actual physical form. NEW LOGICAL: This is exactly like a current logical model if the user were completely happy with he user were completely happy with the functionality of the current system but had problems with how it was implemented typically through the new logical model will differ from current logical model while having additional functions, absolute function removal and inefficient flows recognized. NEW PHYSICAL: The new physical represents only the physical implementation of the new system. SAILENT FEATURES OF DFD s The DFD shows flow of data, not of control loops and decision are controlled considerations do not appear on a DFD. The DFD does not indicate the time factor involved in any process whether the dataflow take place daily, weekly, monthly or yearly. The sequence of events is not brought out on the DFD.

1. LOGIN DFD:

36

`

2. View Files DFD:

3. Send File DFD:

37

4. Decrypt DFD:

LANGUAGE (UML)

4.2

UNIFIED

MODELLING

UML is a language to specifying, visualizing and constructing the artifacts of software system as well as for business models. The UML notation is useful for graphically depicting object oriented analysis and object oriented design modules. Each UML diagram is designed for developers and customers to view a software system. From a different perspective and in varying degrees of abstraction. UML diagrams commonly created in visual modeling tools include : USE CASE DIAGRAM: Use case diagrams display the relationship among actors and use case. CLASS DIAGRAM: Class diagram models class structure and contents using design elements such as classes, packages and objects. It also displays relationships such as containment, inheritance, associations and others. INTERACTION DIAGRAMS SEQUENCE DIAGRAMS: Sequence diagrams displays the time sequence of the objects participating in the interaction. This consists of the vertical dimension and horizontal dimension. COLLABORATION DIAGRAMS:

38

Collaboration diagrams displays the interaction organized around the objects and their links to one another. Numbers are used to show the sequence of messages. STATE DIAGRAM: State diagrams display the sequences of states that an object of an interaction goes through during its life in response to received stimuli, together with its responses and actions.

ACTIVITY DIAGRAM: Activity diagrams displays a special state diagram where most of states are action states and most of the transitions are triggered by completion of the actions in the source states. This diagram focuses on flows driven by internal processing. PHYSICAL DIAGRAMS: COMPONENT DIAGRAM:

Component diagram displays the high level packaged structure of the code itself. Dependencies among components are shown, including source code components, binary code components, and executable components. Some components exist at compile time, at link time, at runtimes well as at more than one time. DEPLOYMENT DIAGRAM:

Deployment diagram displays the configuration of run-time processing elements and the software components, processes and objects that live on them. Software component instances represent run-time manifestations of code units.

USE CASE DIAGRAMS: A use case diagram is a set of scenarios that describing an interaction between a user and a system. A use case diagram displays the relation ship among actors and use cases. The two main components of the use case diagrams are use cases and actors.

39

Actor

Use Case

An actor is represents a user or another system that will interact with the system your modeling. A use case is an external view of the system that represents some action the user might perform in order to complete a task. They are helpful in exposing requirements and planning the project.

Login

Send

Server User View

USE CASE DIAGRAM

LOGIN

User name 40 Password

User Server

SEND FILE

41

Writes the data

Encrypts the data

Sends the data

User

Server

42

VIEW FILE

Reads the data

Decrypt the data User View the data Server

5. PROJECT DESIGN

43

5.1 CONFIGURATIONAL ARCHITECTURE: Architectural design is a creative process where we try to establish system organizations that will satisfy the functional and non functional requirements. Because it is a creative process the activities with in the process differ radically depending on the type of system being developed, the background and experience of the system architect, and the specific requirements of the system. The architecture of a software system may be based on a particular model or style. An architectural style is a pattern of system organization such as client - server organization or a layered architecture. The product of the architectural design process is an architectural design document. This may include a number of graphical representations of the system along with associated descriptive text. It should describe how the system is structured into sub systems, the approach adopted and how each sub system is structured into modules. 5.1.1 INTRODUCTION: Data intensive Internet applications can be understood in terms of three different functional components: Data Management Application Logic Presentation

The component that handles data management usually utilizes a DBMS for data storage. But application logic and presentation involve much more than just DBMS itself. SINGLE TIER ARCHITECTURE: Initially data intensive applications were combined into a single tier including DBMS, application logic user interface.

Client Application Logic

DBMS

SINGLE TIER ARCHITECTURE Single - tier architectures have an important drawback:

44

Users expect graphical interfaces that require much more computational power than dumb terminals. Centralized computation of the graphical displays of such interfaces require much more computational power than a single server has available, and thus single tier architecture do not scale to thousands of users. The commoditization of the pc and the availability of cheap client computers led to the development of two tier architecture. TWO TIER ARCHITECTURE: A two-tier application generally includes a Java client that connects directly to the database through Top Link. The two-tier architecture is most common in complex user interfaces with limited deployment. The database session provides Top Link support for two-tier applications.

Figure 2-4 Two-Tier Architecture

Although the two-tier architecture is the simplest Top Link application pattern, it is also the most restrictive, because each client application requires its own session. As a result, two-tier applications do not scale as easily as other architectures. Two-tier applications are often implemented as user interfaces that directly access the database. They can also be non-interface processing engines. In either case, the two-tier model is not as common as the three-tier model. The following are key elements of efficient two-tier (client-server) architecture with Top Link: Minimal dedicated connections from the client to the database An isolated object cache

Advantages and Disadvantages The advantage of the two-tier design is its simplicity. The Top Link database session that builds the two-tier architecture provides all the Top Link features in a single session type, thereby making the two-tier architecture simple to build and use.

45

The most important limitation of the two-tier architecture is that it is not scalable, because each client requires its own database session. In modern two-tier architecture, the server holds both the application and the data. The application resides on the server rather than the client, probably because the server will have more processing power and disk space than the PC. Two-tier architecture is also referred to as client-server architecture, consists of a client computer and a server computer which interact through a well defined protocol. In the traditional client-server architecture, the client implements just the graphical user interface, and the server implements both the business logic and the data management; such clients are called thin clients.

Application Logic

Client 1

Network DBMS Client n

TWO - SERVER ARCHITECTURE: Thin Clients Other divisions are possible, such as more powerful clients that implement both user interface and business logic, or clients that implement user interface and part of the business logic with the remaining part being implemented at the server level: such clients are often called thick clients.

TWO-SERVER ARCHITECTURE: THICK CLIENTS

46

DBMS

N E T W O R K

Client Application Logic

Client Application Logic

Compare to the single tier architectures physically separate the user interface from the data management layer. To implement two tier architectures, we can no longer than dumb terminals on the client side. Over the last ten years, a large number of client server development tools such Microsoft visual basic and Sybase power builder have been developed. These tools permit rapid development of client server software contributing to the success of the client server model, especially the thin client version. CLIENTSERVER ARCHITECTURE: Client server is network architecture which separates a client (often an application that uses a graphical user interface) from a server. Each instance of the client software can send requests to a server. Specific types of servers include web servers, application servers, file servers, terminal servers, and mail servers. Characteristics of a server: Passive (slave) Waits for requests

Servers can be stateless or stateful. A stateless server does not keep any information between requests. A stateful server can remember information between requests. The scope of this information can be global or session-specific. An HTTP server for static HTML pages is an example of a stateless server while Apache Tomcat is an example of a stateful server. The interaction between client and server is often described using sequence diagrams. Sequence diagrams are standardized in the UML. Another type of network architecture is known as a peer-to-peer architecture because each node or instance of the program is both a "client" and a "server" and each has equivalent responsibilities. Both architectures are in wide use.

47

A Generic client/server architecture has two types of nodes on the network: clients and servers. As a result, these generic architectures are sometimes referred to as "two-tier" architectures. Some networks will consist of three different kinds of nodes: client, application servers which process data for the clients, and database servers which store data for the application servers. This configuration is called a three-tier architecture. THREE-TIER ARCHITECTURE: The thin client two tier architecture essentially separates presentation issues from the rest of the application. The three tier architecture goes one step further, and also separates application logic from data management. PRESENTATION TIER: In presentation tier the users require a natural interface to make request, provide input and to see results. MIDDLE TIER: The application logic executes here. An enterprise class application reflects complex business processes and is coded in a general purpose language such as C+ + or Java. DATA MANAGEMENT TIER: Data-intensive web applications involve DBMS.

CLIENT N E T W O R K N E T W O R K

APPLICAT ION LOGIC

CLIENT

BASIC THREE TIER ARCHITECTURE

48 DBMS

.

CLIENT

Different technologies have been developed to enable distribution of the three tiers of an application across multiple hardware platforms and different physical sites. TECHNOLOGIES FOR THREE-TIER ARCHITECTURE

CLIENT PROGRAM WEB BROWSER

JAVA SCRIPT COOKIES

HTTP

APPLICATION LOGIC APPLICATION SERVER

SERVLETS JSP

JDBC, SQL DATA STORAGE CDB SYSTEM PROCEDURESADVANTAGES: HETEROGENOUS SYSTEMS: Applications can utilize the strengths of different platforms and different software components at different tiers. It is easy to modify or replace the code at any tier with out affecting the other tiers.

XML STORED

49

THIN CLIENTS: Clients only need enough computations power for the presentation layer. Clients are web browsers. Integrated data access: In many applications the data must be accessed from several sources. This can be handled transparently at the middle tier, where we can centrally manage connections to all database systems involved. Scalability to many clients: Each client is light weight and all access to the system is through the middle tier. The middle tier can share database connections across clients, and if the middle tier becomes the bottle-neck, we can deploy several servers executing the middle tier code; clients can connect to any one of these servlets, if the logic is designed appropriately. The fig shows how the middle tier accesses multiple data sources.

APPLICATION LOGIC DBMS N E T W O R K N E T W O R K CLIENT

APPLICATION LOGIC

DBMS

....CLIENT

..

APPLICATION LOGIC

DBMS

Software development benefits: By dividing application cleanly into parts that address presentation, data access, and business logic, we gain many advantages. The business logic is centralized and is therefore easy to maintain, debug and change. Interaction between tiers occurs through well-defined standardized APIs. Therefore, each application tier can be built out of reusable components that can be individually developed, debugged and tested. The advantage of an n-tier architecture compared

50

with a two-tier architecture (or a three-tier with a two-tier) is that it separates out the processing that occurs to better balance the load on the different servers; it is more scalable. The disadvantages of n-tier architectures are: It puts more load on the network. It is much more difficult to program and test software than in two-tier architecture because more devices have to communicate to complete a user's transaction. ADVANTAGES: All the data are stored at the servers, so it has better security control ability. The server can control access and resource to make sure only let those permitted users access and change data. It is more flexible than to the paradigm. If a server in C/S paradigm wants to update the data or other resources. There are already many matured technologies designed for C/S paradigm which ensures security, the user-friendliness of the interface, and ease of use. Any element of a C/S network can be easily upgraded.

DISADVANTAGES: Traffic congestion has always been a problem since the first day of the birth of C/S paradigm. When a large number of clients send requests to the same server at the same time, it might cause a lot of troubles for the server. The more clients there are the more troubles it has. Whereas, P2P networks bandwidth is made up of every node in the network, the more nodes there are, the better bandwidth it has. C/S paradigm does not have as good robustness as P2P network has. When the server is down, clients requests cannot be fulfilled. In most of P2P networks, resources are usually located on nodes all over the network. Even if one or a few nodes depart or abandon the downloading; other nodes can still finish the downloading by getting data from the rest of the nodes in the network. The software and hardware of a server is usually very strict. A regular personal computers hardware may not be able to serve over a certain amount of clients. Meanwhile, a Windows XP home edition does not even have IIS to work as a server. It needs specific software and hardware to fulfill the job. Of course, it will increase the cost.

5.2 DATA MODEL 5.2.1 INTRODUCTION: A data model is an abstract model that describes how data is represented and used. The term Data model has two generally accepted meanings: A Data model theory i.e., a formal description of how data may be structured and used. A Data model instance i.e., applying a data model theory to create a practical data model instance for some particular applications.

51

A Data model theory has three main components: Structural part: It is a collection of data structures which are used to create data bases representing the entities or objects modeled by the data base. Integrity part: It is a collection of rules governing the constraints placed on these data structures to ensure structural integrity. Manipulation part: It is a collection of operators which can be applied to the data structures, to update and query the data contained in the data base. Data modeling is the process of creating a data model instance by applying a data model theory. Business requirements are normally captured by a semantic logical data model. This is transformed into a physical data model instance from which is generated a physical data base. 5.2.2 DATA DICTONARY: A data dictionary is a set of meta data that contains definitions and representations of data elements. With in the context of a DBMS, a data dictionary is a read-only set of tables and views. Data dictionary holds the information like: Precise definition of data elements User names, roles and privileges Schema objects Integrity constraints Store procedures and triggers General data base structure Space allocations

When an organization builds an enterprise-wide data dictionary, it may include both semantics and representational definitions for data elements. The semantics components focus on creating precise meaning of data enterprise. Representation definitions include how data elements are stored in a computer structure such as an integer, string or date format. Data dictionary is at sometimes simply a collection of data base problems and the definitions of what the meaning and types the columns contain. Data dictionaries are more precise than glossaries (terms and definitions) because they frequently have one or more representations hoe data is structured. Data dictionaries are usually separate from data models since data models usually include complex relation ships between data elements.

52

REGISTER: Name User Name Password ENCRYPT: Name Sender Receiver Encrypted Data Decrypt RSA: Name Sender Receiver Encrypt Data Decrypt Data Type Varchar2 (30) Varchar2 (30) Varchar2 (50) Varchar2 (50) Data Type Varchar2 (30) Varchar2 (30) Varchar2 (50) Varchar2 (50) Data Type Varchar2 (30) Varchar2 (10)

53

5.3 APPLICATION DESIGN 5.3.1 INTRODUCTION:

User interface is a essential part of overall software design process. A poorly design user interfaces means that user will probably be enable to access some of the system features. People have limited short-term memory When system go wrong and issue warning message and alarms, this often puts more stress on users, thus increasing the chance that there will make operational errors.

The principle of user interfaces consistency means that system commands and menus should have same format, parameter should be passed to overall commands in the same way and command punctuations should be similar.

5.3.2 MODULES: The system can be divided into 3 modules: 1. Login 2. Send File 3. Receive File MODULE DESCRIPTIOIN: Login: In this module the user is requested to enter the user name and password, if he is a valid user, he enters the home page. The user ID given is checked with the database table. The user has two options in the home page to view a file and to send a file to other user. Send File: This module details with sending a file by attaching it to a message to the other user specified. Before attaching a file, the specified file will be encrypted by using a randomly generated key. The major disadvantage of the module is that it will encrypt only the plain text format files. Receive File: In this module the user is enabled to view the file that has been send to him by other users. When the user selects a file from all the list of files, the file is decrypted by using the key, used while encrypting. The decrypted file can be saved as an external file into the secondary storage.

54

5.3.3 USER INTERFACES:

55

56

57

58

59

60

61

62

63

64

65

66

67

68

6. PROJECT DEVELOPMENT6.1 SOFTWARE ALGORITHM: LOGIN MODULE: Steps: 1. 2. 3. 4. 5. 6. Logging into page Enter Username and Password If Username and Password equals Enter into Security Algorithm page. Else go to step 2. Stop

SEND MODULE: Steps: 1. 2. 3. 4. 5. 6. 7. 8. Logging into an application. Enter Username and Password. If Username and Password equals Enter into Write page. Writing the data. Encrypts the data. Sends the data. Stop.

VIEW MODULE: Steps: 1. 2. 3. 4. 5. 6. 7. Logging into application. Enter Username and Password. If Username and Password equals. Enter into read page. Decrypts the data. Reads the data. Stop.

69

6.2

SOFTWARE FLOW DIAGRAMS: For DES: LOGIN MODULE:

Start

Enter Username and Password NO Registration

? Yes If valid

DES Enter into home page

Stop

70

SEND MODULE:

Start

Enter Userna me and Passwor d

NO Registration

? If valid

DES

Yes

Writes the message

Encrypts message

Send

Stop

71

RECEIVE MODULE:

Start

Enter Userna me and Passwor d NO ? If valid Yes DES Registration

Reads the message

Decrypts message

Reply

Stop

72

For RSA: LOGIN MODULE:

Start

Enter Userna me and Passwor d NO ? If valid Registration

RSA

Yes

Enter to home page

Stop

73

SEND MODULE:

Start

Enter Userna me and Passwor d

NO Registration

? If valid

RSA

Yes

Writes the message

Encrypts message

Send

Stop

74

RECEIVE MODULE:

Start

Enter Userna me and Passwor d NO ? If valid Registration

RSA

Yes

Reads the message

Decrypts message

Reply

Stop

75

7. TESTINGTesting is the process of detecting errors. Testing performs a very critical role for quality assurance and for ensuring the reliability of software . The results of testing are used later on during maintenance also.

PSYCHOLOGY OF TESTING:The aim of testing is often to demonstrate that program works by showing that it has no errors. The basic purpose of testing phase is to detect the errors that may be present in the program. Hence one should not start testing with the intent of showing that a program works, but the intent should be to show that a program doesnt work. Testing is the process of executing a program with the intent of finding errors.

TESTING OBJECTIVES:The main objective of testing is to uncover a host of errors, systematically and with minimum effort and time. Stating formally, we can say, Testing is a process of executing a program with the intent of finding an error. A successful test is one that uncovers an as yet undiscovered error. A good test case is one that has a high probability of finding error, if it exists. The tests are inadequate to detect possibly present errors. The software more or less confirms to the quality and reliable standards.

TYPES OF TESTING: UNIT TESTING:Unit testing focuses verification effort on the smallest unit of software i.e. the module. Using the detailed design and the process specifications testing is done to uncover errors within the boundary of the module. All modules must be successful in the unit test before the start of the integration testing begins. In this project each service can be thought of a module. There are three basic modules. Giving different sets of inputs has tested each module. When developing the module as well as finishing the development so that each module works without any error. The inputs are validated when accepting from the user. In this application developer tests the programs up as system. Software units in a system are the modules and routines that are assembled and integrated to form a specific function. Unit testing is first done on modules, independent of one another to locate errors. This enables to detect errors. Through this errors resulting from interaction between modules initially avoided.

LINK TESTING:Link testing does not test software but rather the integration of each module in system. The primary concern is the compatibility of each module. The Programmer tests where modules are designed with different parameters, length, type etc.

76

INTEGRATION TESTING:After the unit testing we have to perform integration testing. The goal here is to see if modules can be integrated properly, the emphasis being on testing interfaces between modules. This testing activity can be considered as testing the design and hence the emphasis on testing module interactions. In this project integrating all the modules forms the main system. When integrating all the modules I have checked whether the integration effects working of any of the services by giving different combinations of inputs with which the two services run perfectly before Integration.

SYSTEM TESTING:The philosophy behind testing is to find errors. Test cases are devised with this in mind. A strategy employed for system testing is code testing.

CODE TESTING:This strategy examines the logic of the program. To follow this method we developed some test data that resulted in executing every instruction in the program and module i.e. every path is tested. Systems are not designed as entire nor are they tested as single systems. To ensure that the coding is perfect two types of testing is performed or for that matter is performed or that matter is performed or for that matter is performed on all systems.

8. CONCLUSIONFinally, in this project we conclude that by using the algorithms RSA and DES we are providing security to the software and we can also provide the security in future by using the other algorithms. Here we also using the MAC-ID to check whether the person is authorized or not and if he is authorized then only he is permitted to use the system.

77