Progress Report ON SECURE DATA TRANSMISSION submitted to SHARDA UNIVERSITY by Asjadullah Sarosh Nitesh Kumar Nishant Kumar in partial fulfillment for the award of the degree of BACHELOR OF TECHNOLOGY IN COMPUTER SCIENCE & ENGINEERING DEPARTMENT OF COMPUTER SCIENCE ENGINEERING SCHOOL OF ENGINEERING & TECHNOLOGY SHARDA UNIVERSITY
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Progress Report
ONSECURE DATA TRANSMISSION
submitted toSHARDA UNIVERSITY
byAsjadullah Sarosh
Nitesh KumarNishant Kumar
in partial fulfillment for the award of the degree of
BACHELOR OF TECHNOLOGYIN
COMPUTER SCIENCE & ENGINEERING
DEPARTMENT OF COMPUTER SCIENCE ENGINEERING
SCHOOL OF ENGINEERING & TECHNOLOGY
SHARDA UNIVERSITY
GREATER NOIDA, U.P.
<March,2014>
ACKNOWLEDGEMENT
It would be prudent to commence this report with a serious tribute to those who
played an indispensable role in the accomplishment of this work and obliged
whenever and wherever their guidance was required. It is great pleasure to have
the opportunity to extend our thanks to everybody who helped through the
successful completing of this report.
In the first place I would like to thank our teacher Dr. Manoj Veetil Sir for his help,
co-operation and guidance to me for this project. I deeply thank him for his gesture
without which the project would have been possible. He gave us the most needed
inspiration and motivation to help make this project a wonderful reality.
Last but not the least I am grateful to my family without whose active support and
encouragement this project would not have been completed.
.
Contents
S.No CONTENTS Page No.
1. Introduction 1
2. Feasibility Study 2
3. Development Environment 5
4. System Design 9
5. Implementation 12
6. Methodology 22
7. Conclution 26
8. Bibliography 26
1. Introduction
In computer science, Secure Transmission refers to the transfer of data such
as confidential or proprietary information over a secure channel. Many
secure transmission methods require a type of encryption.
Secure transmissions are put in place to prevent attacks such as ARP
spoofing and general data loss. Software and hardware implementations
which attempt to prevent the unauthorized transmission of information from
the computer systems to an organization on the outside.
1.1AES Algorithm
The Advanced Encryption Standard (AES) is a block cipher encryption
algorithm that is very simple to implement, has fast execution time, and
takes minimal storage space.
In cryptography, the Advanced Encryption Standard (AES) is a block cipher
notable for its simplicity of description and implementation, typically a few
lines of code. It was designed by Dr.Joan Deaman and Dr. Vincet Rijman of the
Belgium; It was created as a result of contest announced by National
Institute of Standard and Technology (NIST). Its advantages are it is resistant
against all known attacks, Speed and Compactness on wide range of
platforms.
1.2 Steganography
Steganography is an art and science of hidding information within other
information. The word itself comes\ from Greek and means .hidden writting..
In recent years cryptography become very popular science. As
steganography has very close to cryptography and its applications, we can
with advantage highlight the main differences. Cryptography is about
concealing the content of the message. At the same time encrypted data
package is itself evidence of the existence of valuable information.
Steganography goes a step further and makes the ciphertext invisible to
unauthorized users. Hereby we can de_ne steganography as cryptography
with the additional property that its output looks unobtrusively.[10,11]
Steganography is the practice of hiding private or sensitive information
within something that appears to be nothing out of the usual. Steganography
is often confused with cryptology because the two are similar in the way that
they both are used to protect important information. The difference between
the two is that Steganography involves hiding information so it appears that
no information is hidden at all. If a person or persons views the object that
the information is hidden inside of he or she will have no idea that there is
any hidden information, therefore the person will not attempt to decrypt the
information.
Steganography comes from the Greek words Steganós (Covered) and
Graptos (Writing). Steganography in the modern day sense of the word
usually refers to information or a file that has been concealed inside a digital
Picture, Video or Audio file. What Steganography essentially does is exploit
human perception, human senses are not trained to look for files that have
information hidden inside of them, although there are programs available
that can do what is called Steganalysis (Detecting use of Steganography.)
The most common use of Steganography is to hide a file inside another file.
When information or a file is hidden inside a carrier file, the data is usually
encrypted with a password.[12]
1.3 Embedding process
Data which hold effective information often has some redundancy. End users
usually tend to think that redundancy is evil which cost extra money, as
more disk space or network bandwidth is needed. Well, they are partially
right, but optimal compression hardly ever exists. Moreover common
compress ratio is mostly question of efficience.
Now we know, there are almost always few bytes, one can play with, without
destroying carried information. Least Signi_cant Byte (LSB) substitution is
well known and widely used method. Take for example a True-Color BMP
image _le format. A color of pixel is coded in 3 byte array of indices to RGB
palete. If you change only LSB bit in each color element, then the picture will
seem still the same, but is not. It carries hidden information. A picture with
size 120x100 pixels can hold approximately up to 4500B of hidden data, if
this method is used.
1.4 How Does It Work?
There are numerous methods used to hide information inside of Picture,
Audio and Video files. The two most common methods are LSB (Least
Significant Byte) and Injection.
I will discuss these two methods below.
1.5 Substitution - Altering/Replacing the LSB
When files are created there are usually some bytes in the file that aren't
really needed, or at least aren't that important. These areas of the file can be
replaced with the information that is to be hidden, with out significantly
altering the file or damaging it. This allows a person to hide information in
the file and make sure that no human could detect the change in the file.
The LSB method works best in Picture files that have a high resolution and
use many different colors, and with Audio files that have many different
sounds and that are of a high bit rate. The LSB method usually does not
increase the file size, but depending on the size of the information that is to
be hidden inside the file, the file can become noticeably distorted.
1.5 .1 Injection
Injection is quite a simple method which simply involves directly injecting the
secret information into the carrier file. The main problem with this method is
that it can significantly increase the size of the carrier file[15]
1.6 Steganography in Video
When information is hidden inside video the program or person hiding the
information will usually use the DCT (Discrete Cosine Transform) method.
DCT works by slightly changing the each of the images in the video, only so
much though so it’s isn’t noticeable by the human eye. To be more precise
about how DCT works, DCT alters values of certain parts of the images, it
usually rounds them up.
For example if part of an image has a value of 6.667 it will round it up to 7.
Steganography in Videos is similar to that of Steganography in Images, apart
from information is hidden in each frame of video. When only a small amount
of information is hidden inside of video it generally isn’t noticeable at all,
however the
1.7 ANALYSIS
1.7.1 Existing System
In the traditional architecture there existed only the server and the client. In
most cases the server was only a data base server that can only offer data.
Therefore majority of the business logic had to be placed on the clients
system. This makes maintenance expensive. This also means that every
client has to be trained as to how to use the application and even the
security in the communication is also the factor to be considered.
Since the actual processing of the data takes place on the remote client the
data has to be transported over the network, which requires a secured
format of the transfer method. Present day transactions are considered to be
"un-trusted" in terms of security, i.e. they are relatively easy to be hacked.
And also we have to consider the transfer the large amount of data through
the network will give errors while transferring. Nevertheless, sensitive data
transfer is to be carried out even if there is lack of an alternative. Network
security in the existing system is the motivation factor for a new system with
higher-level security standards for the information exchange.
1.7.2 Proposed System
The proposed system should have the following features. The transactions
should take place in a secured format between various clients in the network.
It provides flexibility to the user to transfer the data through the network very
easily. It should also identify the user and provide the communication
according to the prescribed level of security with transfer of the file requested
and run the required process at the server if necessary. In this system the
data will be sending through the network as a video file. The user who
received the file will do the operations like de embedding, and decryption in
their level of hierarchy.
2. Feasibility Study
When complex problem and opportunities are to be defined, it is generally desirable
to conduct a preliminary investigation called a feasibility study. A feasibility study is
conduct to obtain an overview of the problem and to roughly assess whether
feasible solution exists prior to committing substantial resources to a project.
During a feasibility study, the system analyst usually works with representatives
from the departments(s) expected to benefit from the solution.
Every project is feasible if given unlimited resource and infinite time. Unfortunately,
the development of computer based systems is more likely to be plagued by
scarcity of resources and difficult delivery of data it is both necessary and prudent
to evaluate the feasibility of a project at the earliest possible time. Precious time
and money can be saved and untold professional embarrassment can be averted if
an ill conceived system is recognized early in the definition phase. So a detailed
study is carried out to check the workability of the system.
Feasibility study is undertaken to evaluate its workability, impact on the
organization, ability to meet user needs, and effective se of resources. The main
objective of feasibility study is to test the technical, operational and economical
feasibility of developing the computer system. Thus, during feasibility analysis for
this project the following three primary areas of interest were considered very
carefully. The feasibility of a project can be ascertained in terms of technical
factors, economic factors, or both. A feasibility study is documented with a report
showing all the ramification of the project.
The primary objective of a feasibility study is to assess three types of feasibility.
1) Technical feasibility: can a solution be supported with existing technology?
2) Economical feasibility: is existing technology cost effective?3) Operational feasibility: will the solution work in the organization if
implemented?
2.1 Technical Feasibility
A systems development project may be regarded as technically feasibility or ‘practical’ if the organization has the necessary expertise and infrastructure to develop, install, operate and maintain the proposed system. Organizations will need to make this assessment based on:
Knowledge of current and emerging technological solutions. Availability of technically qualified staff in house for the duration of the
project and subsequent maintenance phase. Availability of infrastructure in house to support the development and
maintenance of the proposed system. Where necessary, the financial and/or technical capacity to procure
appropriate infrastructure and expertise from outside. Capacity of the proposed system to accommodate increasing levels of
use over the medium term and capacity of the proposed system to meet initial performance expectations and accommodate new functionality over the medium term.
The existing computer system has a good hardware configuration and good software facilities in such a way that any alteration can be implemented with slight modifications of the existing process. Hence this project is technically feasible.
2.2 Economic Feasibility
A systems development project may be regarded as economically feasible or ‘good value’ to the organization if its anticipated benefits outweigh its estimated costs. However, many of the organizational benefits arising from record keeping projects are intangible and may be hard to quantify.In contrasts, many development costs are easier to identify.
These costs may include the time, budget and staff resources invested during the design and implementation phase as well as infrastructure, support, training and maintenance costs incurred after implementation. In these high risk situations it may be appropriate assessments of financial feasibility.
2.3 Operational Feasibility
A systems development project is likely to be operationally feasible if it meets the ‘needs’ and expectations of the organization. User acceptance is an important determinant of operational feasibility.
Feasibility study of the proposed system
The feasibility study of the proposed system has been carried out in all the three areas.
Technical Feasibility
The proposed system can be easily developed using resources available in the organization. Hence it is technically feasible.
Economic feasibility
The proposed system can be easily developed using the resources available in the organization and they do not invest in procurement of additional hardware or software. The cost of developing the system, including all the phases have been taken into account and it is strict minimum. Hence the system is economically feasible.
Operational feasibility
The system has been developed after extensive discussion with the end user and all the operational requirements has been taken into account during the planning and implementation stages. Hence the system is operationally feasible.
3. Development Environment
1) Hardware Configuration
Processor : Pentium 4 processor
Memory : 1 GB RAM
Display : 14’’ LCD
Hard disk Drive : 80 GB
2) Software Configuration
Operating System : Windows XP professional
Environment : Jdk 1.5, Java, Netbeans 6.9
Database : MySql
3.1.1) NetBeans
NetBeans is the most comprehensive J2EE IDE() for the open Source netbeans platform.It incorporates most innovative open standard technologies to provide a development environment for J2EE WEB,XML,UML & database & a wide array of application server connectors to streamline development ,deployment, testing & portability.It’s a cross-platform.
3.1.2) Java
Java is pure object oriented programming language, which has derived C
syntax and C++ object oriented programming features. Is compiled and
interpreted language and is platform independent and can do graphics,
networking, multithreading. It was initially called as OAK. Java was conceived
by James Gosling, Patrick Naughton, Chris Warth, Ed Frank, and Mike
Sheridan at Sun Microsystems, Inc. in 1991. Java can used to create two
types of programs: application and applets. Application is a program that
runs on your computer, under the operating system of that computer. That is
an application created by Java is more or less like one created using C or C+
+. An applet is an application designed to be transmitted over the Internet and
executed by a Java-compatible Web browser. Java provides the Java Virtual Machine
(JVM).
Java are following list of buzzwords:-
Simple
Secure
Portable
Object-oriented
Robust
Multithreading
Architecture-neutral
Interpreted
High Performance
Distributed
Dynamic
Java supports the different types of editors are EditPlus, Eclips, NetBean,
Notepad. EditPlus editor are different types of used in editor such as Text,