A Project report on IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY submitted in partial fulfillment of the requirement for the award of degree of BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING by K.KIRAN KUMAR 06R31A0527 B.VENUGOPAL REDDY 06R31A0507 G.KALYAN CHAKRAVARTHY 06R31A0520 Under the guidance of Mr. M. SRINIVAS REDDY(M. Tech.) Assistant Professor DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NOVA COLLEGE OF ENGINEERING & TECHNOLOGY (Affiliated to Jawaharlal Nehru Technological University, Hyderabad) Jafferguda (V), Hayathnagar (M), R. R. Dist. – 501512, A.P. 2010 www.jntuworld.com www.jntuworld.com
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A Project report
on
IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY
submitted in partial fulfillment of the requirement for the award of degree of
BACHELOR OF TECHNOLOGY
in
COMPUTER SCIENCE & ENGINEERING
by
K.KIRAN KUMAR 06R31A0527 B.VENUGOPAL REDDY 06R31A0507 G.KALYAN CHAKRAVARTHY 06R31A0520
Under the guidance of
Mr. M. SRINIVAS REDDY(M. Tech.)
Assistant Professor
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
NOVA COLLEGE OF ENGINEERING & TECHNOLOGY
(Affiliated to Jawaharlal Nehru Technological University, Hyderabad)
Jafferguda (V), Hayathnagar (M), R. R. Dist. – 501512, A.P.
2010
www.jntuworld.com
www.jntuworld.com
NOVA COLLEGE OF ENGINEERING & TECHNOLOGY
(Approved by AICTE and Affiliated to JNTU)
Jafferguda (V), Hayathnagar (M), R. R. Dist. – 501512
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
CERTIFICATE
This is to certify that the project entitled “IMPROVING MOBILE BANKING SECURITY
USING STEGANOGRAPHY” is being submitted by
K. KIRAN KUMAR
B.VENU GOPAL REDDY G. KALYAN CHAKRAVARTHY
06R31A0527
06R31A0545 06R31A0520
in partial fulfillment of the requirements for the award of BACHELOR OF TECHNOLOGY
to JNTU, Hyderabad. This record is a bonafide work carried out by them under my guidance
and supervision. The result embodied in this project report has not been submitted to any other
university or institute for the award of any degree of diploma.
Internal Guide External Guide
H. O. D.
www.jntuworld.com
www.jntuworld.com
ACKNOWLEDGEMENT
I would like to express my gratitude to all the people behind the screen who helped
me to transform an idea into a real application.
I would like to express my heart-felt gratitude to my parents without whom I would
not have been privileged to achieve and fulfill my dreams. I am grateful to our principal,
Mr. RAJA PRAKASH who most ably run the institution and has had the major hand in
enabling me to do my project.
I profoundly thank Mrs. K. NAGAMANI, Head of the Department of
Computer Science & Engineering who has been an excellent guide and also a great source
of inspiration to my work.
I would like to thank my internal guide Mr. M.SRINIVAS REDDY for his
technical guidance, constant encouragement and support in carrying out my project at
college.
I would also like to thank my external guide Ms. S. SOWJANYA for her
technical guidance and support in carrying out my project at PANTECH
SOLUTIONS PVT. LTD.
The satisfaction and euphoria that accompany the successful completion of the task
would be great but incomplete without the mention of the people who made it possible
with their constant guidance and encouragement crowns all the efforts with success. In this
context, I would like thank all the other staff members, both teaching and non-teaching, who
have extended their timely help and eased my task.
K. KIRAN KUMAR 06R31A0544
B.VENU GOPAL REDDY 06R31A0545 G.KALYAN CHAKRAVARTHY 06R31A0520
www.jntuworld.com
www.jntuworld.com
CONTENTSAbstract List of FiguresList of TablesList of ScreensSymbols & Abbreviations
1. INTRODUCTION1.1 Motivation 11.2 Problem definition 21.3 Objective of Project 31.4 Limitations of Project 31.5 Organization of Documentation 3
2. LITERATURE SURVEY2.1 Introduction 42.2 Existing System 5 2.3 Disadvantages of Existing system 52.4 Proposed System 62.5 Conclusion 7
3. ANALYSIS3.1 Introduction 83.2 Software Requirement Specification 13
3.2.1 User requirement 133.2.2 Software requirement 143.2.3 Hardware requirement 25
3.3 Content diagram of Project 303.4 Algorithms ad Flowcharts 313.5 Conclusion 33
4. DESIGN4.1 Introduction 344.2 DFD / ER / UML diagram (any other project diagrams) 344.3 Module design and organization 404.4 Conclusion 46
www.jntuworld.com
www.jntuworld.com
5. IMPLEMENTATION & RESULTS5.1 Introduction 475.2 Explanation of Key functions 475.3 Method of Implementation 67
5.3.1 Forms 695.3.2 Output Screens 745.3.3 Result Analysis 79
5.4 Conclusion 79
6. TESTING & VALIDATION6.1 Introduction 806.2 Design of test cases and scenarios 806.3 Validation 836.4 Conclusion 83
7. CONCLUSION 84
REFERENCES 85
www.jntuworld.com
www.jntuworld.com
ABSTRACT
www.jntuworld.com
www.jntuworld.com
i
Improving Mobile Banking Security Using Steganography
Upon development of m-commerce as one of the new branches of e- commerce, m-banking has
emerged as one of the main divisions of m-commerce. As the m-banking was received very well, it has
embarked upon supply of various services based on different systems and with the aid of various services
such as the Short Messaging Service (SMS). However, in spite of its advantages, m-banking is facing some
challenges as well. One of these challenges is the issue of security of this system. This paper presents a
method for increasing security of the information requested by users with the use of Steganography
method. In this method, instead of direct sending of the information, it is hidden in a picture by the
password. Then the address of the picture is sent to the user. After entering the password, the user can
witness the information extracted from the picture if the password is entered correctly. This project is
written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones,
models N71 and 6680.
In this method, the information is never placed on the internet and exchanged on plain form. Thus,
the possibility of disclosure of information is very low. No user password is exchanged between the server
and the mobile phone. Therefore there is no risk of disclosure of user password. In this method, the amount
of information exchanged between user and the banking system decreases, so the responding speed of the
bank system increases. Steganography is a relatively modem method in secret exchange of information.
Therefore, the possibility of disclosure and extraction of its information esp. in mobile phones is much
lower.
The Steganography algorithm advantages are:
a) The password is not stored in the Stego-image; so it is difficult to detect the password.
b) Because the password is used, it is difficult to detect the information hidden in the image.
c) The decoding program uses a few kilobytes of memory. Also the program is fast enough.
www.jntuworld.com
www.jntuworld.com
ii
LIST OF FIGURES1. Water Fall Model2. JVM (Java Virtual Machine)3. Content diagram of the project4. Flowchart of the project5. Class diagram6. Use case diagram7. Sequence diagram8. Enable Path settings
LIST OF TABLES1. User Account Table2. User Info Table3. User Transaction Table
LIST OF SCREENS1. Login Page2. Banking option3. Account Details4. Transfer Money5. Home page for Mobile Emulator6. Login Screen7. Banking Option Screen8. Steganography image9. Display Account Details10. Money Transfer option
www.jntuworld.com
www.jntuworld.com
iii
SYMBOLS AND ABBREVATIONS
M-Banking - Mobile Banking
J2ME - Java 2 Micro Edition
J2SE - Java 2 Standard Edition
J2EE - Java 2 Enterprise Edition
API - Application Programming Interface
CDC - Connected Device Configuration
MIDP - Mobile Information Device Profile
CLDC - Connected, Limited Device Configuration
KVM - K – Virtual Machine
JVM - Java Virtual Machine
PDA - Personal Digital Assistance
OS - Operating System
VM - Virtual Machine
RGB - Red, Green, Blue
LSB - Least Significant Bit
SQL - Structures Query Language
ANSI - American National Standards Institute
ISO - International Organization for Standards
GPU - General Public License
ODBC - Object Database Connectivity
WAN - Wide Area Network
www.jntuworld.com
www.jntuworld.com
INTRODUCTION
www.jntuworld.com
www.jntuworld.com
1
1. INTRODUCTION
1.1 MOTIVATION
The Growing Importance of Mobile Content
Music, games and video have become principal sources of online
entertainment content in the consumer market, but the discrete systems used to deliver
that content to end devices such as mobile handsets are still rather rudimentary. To
deliver content to the consumer or business, and to adapt to rapidly changing market
needs and trends, device-independent content delivered over multiple channels is
needed—and the content must be coupled with a digital rights management (DRM)
system to allow content owners to monetize their intellectual property.
At the current stage in the evolution of online content, many companies are
focusing on a single part of the value chain, mainly on delivery, and they are able to
gain a competitive advantage there. Because content delivery to a mobile device is
currently a bottleneck, and because it is also not obvious which delivery models are
the best, concentrating on delivery makes sense at the current juncture.
Little attention is paid today, however, to a balanced implementation of the
full value chain. Our research suggests that in a few years time, attention will shift
from discrete systems focusing on delivery of specific content using rudimentary
content management integration to full blown systems that are centered on reusable
content suitable for multi-channel delivery. Adding and using metadata to quickly
find content for a specific user in a specific context and being able to deliver that
content in a timely manner and the correct format is the key to success in this more
mature environment. Whether these types of systems will be owned and managed by
mobile operators or by companies specialized in content (such as publishers or
studios) cannot be predicted at this stage.
The Special Requirements of Mobility Devices
Mobile content has some very specific constraints which have to do with the
small screen of the devices, the device’s relatively limited wireless bandwidth as well
www.jntuworld.com
www.jntuworld.com
2
as the small storage and processing capacity on the device. Furthermore, among the
devices there is a considerable spread in capacities. Standard mobile phones tend to
have a small color screen, a numerical keyboard for entering data, and most have the
capability to run small Java applications. Smart phones have a somewhat larger
screen, additional input devices such as a keyboard to enter text, and most run a
simple operating system. Brew and Windows Me are examples of two popular smart
phone operating systems.
While device-independent content delivered over multiple channels is the
goal, mobility imposes a number of other constraints on content when compared to
the wired web:
� The relationship of mobile browsers to websites;
� Location based content;
� User generated content and content management; and
� The usability of content across different mobile devices.
Content is driving the market for carriers of every stripe. For the mobile
operator, content ranges from information that is mobility-independent (such as a
weather forecasts) to mobile-specific content (such as ring tones). Further, mobile
content can be relatively static (such as a web page or a photo) or highly dynamic
(such as traffic information). Beyond a set of requirements particular to mobility,
managing, updating, and archiving website content as well as maintaining technical
and customer information is a major business operation demanding up to-date
systems.
1.2 PROBLEM DEFINATION
The existing system which we use is banking through computer using internet
which is not portable, that is we have to do ever work sitting at home, this makes a lot
of time useless this is a drawback, this necessarily requires a computer at home, now-
a-days as technology is increasing prices are also increasing so buying a computer
costs an individual higher and internet may not be available at the place where he is
residing these are some of the drawbacks of the existing system.
www.jntuworld.com
www.jntuworld.com
3
1.3 OBJECTIVE OF THE PROJECT
• This paper presents a method to make sending information requested by users in
mobile banking system more safe and secure based on the idea of Steganography.
• By hiding information in pictures and lack of direct sending of information, this
method increases the security of sending the information for users in m-banking
system.
Some of the reasons for preference of m-banking over e-banking are
1- No place restriction;
2- High penetration coefficient;
3- Fully personalized; and
4- Availability.
• Used to increase the convenience of the customers and reduces banking costs.
1.4 LIMITATIONS OF THE PROJECT
Mobile banking application is already in use as many banks are directly launching
their own web sites which an be accessed by the mobiles, but the problem here is the
language which uses in this process is Web Markup Language which eats lot of time
to process and there is no security as there security implementations are pretty
ordinary, this has been overcome by introducing a concept of JAR file developed
using J2ME which directly after installing can get in to contact with the administrator
and also by using a method called Steganography it provides much better security.
1.5 ORGANISATION OF DOCUMENTATION
In this project documentation we have initially put the definition and objective
of the project as well as the design of the project which is followed by the
implementation and testing phases. Finally the project has been concluded
successfully and also the future enhancements of the project were given in this
documentation.
www.jntuworld.com
www.jntuworld.com
LITERATURE
SURVEY
www.jntuworld.com
www.jntuworld.com
4
2. LITERATION SURVEY
2.1 INTRODUCTION
Steganography is one of the fundamental ways by which data can be kept
confidential. This article will offer a brief introductory discussion of steganography: what
it is, how it can be used, and the true implications it can have on information security.
What is Steganography?
In computer terms, steganography has evolved into the practice of hiding a
message within a larger one in such a way that others cannot discern the presence or
contents of the hidden message. In contemporary terms, steganography has evolved into a
digital strategy of hiding a file in some form of multimedia, such as an image, an audio
file (like a .wav or mp3) or even a video file.
Steganography Tools
There are a vast number of tools that are available for steganography. An
important distinction that should be made among the tools available today is the
difference between tools that do steganography, and tools that do steganalysis, which is
the method of detecting steganography and destroying the original message. Steganalysis
focuses on this aspect, as opposed to simply discovering and decrypting the message,
because this can be difficult to do unless the encryption keys are known.
A comprehensive discussion of steganography tools is beyond the scope of this
article. However, there are many good places to find steganography tools on the Net. One
good place to start your search for stego tools is on Neil Johnson's Steganography and
Digital Watermarking Web site. The site includes an extensive list of steganography
tools. Another comprehensive tools site is located at the StegoArchive.com.
For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site.
Niels Provos's site, is also a great reference site, but is currently being relocated, so keep
checking back on its progress.
www.jntuworld.com
www.jntuworld.com
5
The plethora of tools available also tends to span the spectrum of operating
systems. Windows, DOS, Linux, Mac, and Unix: you name it, and you can probably find
it.
Steganography and Security
As mentioned previously, steganography is an effective means of hiding data,
thereby protecting the data from unauthorized or unwanted viewing. But stego is simply
one of many ways to protect the confidentiality of data. It is probably best used in
conjunction with another data-hiding method. When used in combination, these methods
can all be a part of a layered security approach. Some good complementary methods
include:
Encryption - Encryption is the process of passing data or plaintext through a
series of mathematical operations that generate an alternate form of the original data
known as cipher text. The encrypted data can only be read by parties who have been
given the necessary key to decrypt the cipher text back into its original plaintext form.
Encryption doesn't hide data, but it does make it hard to read!
2.2 EXISTING SYSTEM
In the existing system of the project we had just e-banking that is usage through computers, here users can bank through the internet from a personal computer located at a particular point of place or through a mobile which uses WML (Web Markup
Language); it downloads the contents from the internet.
2.3 DISADVANTAGES OF EXISTING SYSTEM
As mentioned above we can use both personal computer and the mobile for banking but the problem here is when we use a personal computer it is required that the person has to be compulsorily at a place which requires time, he can’t carry his computer with him where ever he go it is a drawback, to over come with this usage of ecommerce through mobile has been introduced here we can do banking from any place but the
www.jntuworld.com
www.jntuworld.com
6
problem here is it completely uses WML for the purpose. When WML is used it repeatedly has to download every bit of data from the internet which takes a lot of time,
for which mobile E banking by using J2ME has been introduced.
Here we perform e-banking, by this we don’t have security.
Time constraint is there.
Phishing can be done.
There is no security for the data
Low bandwidth & latency issues
High communication costs
Low functionality and fewer capabilities in the mobile devices Security concerns.
2.4 PROPOSED SYSTEM
As the above disadvantages can’t be solved with in this application has been proposed and also the security will be much improved than the existing system as we are implementing the special method called Steganography, here in this we develop a jar file by using J2ME for banking a customer here will get a unique ID & Password once he dumps the application in to the mobile and after installing he gets the page to get started with. Here after he enters the ID & Password he gets logged in and he will have an easily understandable interface where he can have two options i.e. account details and money transfer. In this process the applications gets interacted not to an internet server but to the
administrator server which makes easy processing and takes no time.
We are using Mobile to perform Transactions. Importance of mobile channel for e-
banking
Proactive and simple alerting services reduces branch/ call center costs
M-banking is expected to account for an increasingly high proportion of
transactions.
Mobile device can be an ideal POS device allowing transactions to be authorized
in many more places than ever before
Mobile services are expected to generate access to new business opportunities &
new alliances across business sectors
High market penetration (up to 80% in some countries) and still growing.
www.jntuworld.com
www.jntuworld.com
7
Mobile Banking Today
Fast data services (GPRS)
Low data transfer costs (e.g. flat rates)
More functionality possible (new devices with better displays and browser
functionality)
Higher Security mechanisms
Applications capitalize on the mobile aspects and diversify from existing web-
based solutions
2.5CONCLUSION
This paper presents a method for increasing security of the information requested
by users with the use of steganography method. In this method, instead of direct
sending of the information, it is hidden in a picture by the password. After entering
the password, the user can witness the information extracted from the picture if the
password is entered correctly.
www.jntuworld.com
www.jntuworld.com
ANALYSIS
www.jntuworld.com
www.jntuworld.com
8
3. ANALYSIS
3.1 INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to
analyze the problem and understand its context. The first activity in the phase is studying
the existing system and other is to understand the requirements and domain of the new
system. Both the activities are equally important but the first activity serves as a basis of
giving the functional specifications and then successful design of the proposed system.
Understanding the properties and requirements of a new system is more difficult and
requires creative thinking as well as understanding of existing system is also difficult.
Improper understanding of present system can lead diversion from solution.
3.1.1 Analysis Model
The model that is basically being followed is WATER FALL Model which states
that the phases are organized in a linear order. First of all, the feasibility study is done.
Once that part is over, the requirement analysis and project planning begins. If system
exists as a whole but modification and addition of new module is needed, analysis of
present system can be used as basic model.
The design starts after the requirement analysis is complete and the coding begins
after the design is complete. Once the programming is completed, the testing is done. In
this model the sequence of activities performed in a software development project are:
Requirement Analysis
Project Planning
System Design
Detail Design
Coding
Unit Testing
System Integration & Testing
www.jntuworld.com
www.jntuworld.com
9
Here the linear ordering of these activities is critical. At the end of the phase, the
output of one phase is the input to other phase. The output of each phase should be
consistent with the overall requirement of the system. Some of the qualities of spiral
model are also incorporated like after the people concerned with the project review
completion of each of the phase the work done.
WATER FALL Model has been chosen because all requirements were known
before and the objective of our software development is the computerization/automation
of an already existing manual working system.
www.jntuworld.com
www.jntuworld.com
10
3.1.2 Study of the system
3.1.2.1 GUI’S
For flexibility, the User Interface has been developed with a graphics concept in
mind, associated through a browser interface. The GUI’S at the top level have been
categorized as:
Administrative User Interface.
The Operational/Generic User Interface.
The “Administrative User Interface” concentrates on the consistent information
that is practically, part of the organizational activities and which needs proper
authentication for the data collection. This interface helps the administration with all the
transactional states like Data Insertion, Data Deletion and Data Updation along with the
extensive Data Search capabilities.
The “Operational/Generic User Interface” helps the users upon the system in
transactions through the existing data and required services. The Operational User
Interface also helps the ordinary users in managing their own information in a customized
manner as per the assisted flexibilities.
3.1.2.2 Project Instructions
Based on the given requirements, conceptualize the Solution Architecture. Choose
the domain of your interest otherwise develop the application for ultimatedotnet.com.
Depict the various architectural components, show interactions and connectedness and
show internal and external elements. Design the web services, web methods and database
infrastructure needed both and client and server. Provide an environment for upgradation
of application for newer versions that are available in the same domain as web service
target.
www.jntuworld.com
www.jntuworld.com
11
3.1.3 Feasibility Report
Preliminary investigation examine project feasibility, the likelihood the system
will be useful to the organization. The main objective of the feasibility study is to test the
Technical, Operational and Economical feasibility for adding new modules and
debugging old running system. All system is feasible if they are unlimited resources and
infinite time. There are aspects in the feasibility study portion of the preliminary
investigation:
Technical Feasibility
Operation Feasibility
Economical Feasibility
3.1.3.1 Technical Feasibility
The technical issue usually raised during the feasibility stage of the investigation
includes the following:
Does the necessary technology exist to do what is suggested?
Do the proposed equipments have the technical capacity to hold the data required
to use the new system?
Will the proposed system provide adequate response to inquiries, regardless of the
number or location of users?
Can the system be upgraded if developed?
Are there technical guarantees of accuracy, reliability, ease of access and data
security?
Earlier no system existed to cater to the needs of ‘Secure Infrastructure
Implementation System’. The current system developed is technically feasible. It is a web
based user interface for audit workflow at NIC-CSD. Thus it provides an easy access to
the users. The database’s purpose is to create, establish and maintain a workflow among
various entities in order to facilitate all concerned users in their various capacities or
roles. Permission to the users would be granted based on the roles specified. Therefore, it
provides the technical guarantee of accuracy, reliability and security. The software and
hard requirements for the development of this project are not many and are already
www.jntuworld.com
www.jntuworld.com
12
available in-house at NIC or are available as free as open source. The work for the project
is done with the current equipment and existing software technology. Necessary
bandwidth exists for providing a fast feedback to the users irrespective of the number of
users using the system.
3.1.3.2 Operational Feasibility
Proposed projects are beneficial only if they can be turned out into information
system. That will meet the organization’s operating requirements. Operational feasibility
aspects of the project are to be taken as an important part of the project implementation.
Some of the important issues raised are to test the operational feasibility of a project
includes the following:
Is there sufficient support for the management from the users?
Will the system be used and work properly if it is being developed and implemented?
Will there be any resistance from the user that will undermine the possible application
benefits?
This system is targeted to be in accordance with the above-mentioned issues. The
well-planned design would ensure the optimal utilization of the computer resources and
would help in the improvement of performance status.
3.1.3.3 Economic Feasibility
A system can be developed technically and that will be used if installed must still
be a good investment for the organization. In the economical feasibility, the development
cost in creating the system is evaluated against the ultimate benefit derived from the new
systems. Financial benefits must equal or exceed the costs.
The system is economically feasible. It does not require any addition hardware or
software. Since the interface for this system is developed using the existing resources and
technologies available at NIC, There is nominal expenditure and economical feasibility
for certain.
www.jntuworld.com
www.jntuworld.com
13
3.2 SOFTWARE REQUIREMENT SPECIFICATION
Purpose: The main purpose for preparing this document is to give a general insight into
the analysis and requirements of the existing system or situation and for determining the
operating characteristics of the system.
Scope: This Document plays a vital role in the development life cycle (SDLC) and it
describes the complete requirement of the system. It is meant for use by the developers
and will be the basic during testing phase. Any changes made to the requirements in the
future will have to go through formal change approval process.
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements of
the system?
Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work on
it and also the documents of the system.
Conducting any user training that might be needed for using the system.
Maintaining the system for a period of one year after installation.
3.2.1 User Requirements
User name and Password for the website for the purpose of banking issued by the
administrator.
A mobile phone with GPRS access.
Sim card from any network which supports WAP.
www.jntuworld.com
www.jntuworld.com
14
3.2.2 Software Requirements
Language: JAVA
Front End: J2ME
Back End: My SQL
Web Server: Apache Tomcat
Build Tools: Apache ANT
Testing Tool: J2ME unit test
3.2.2.1 Java
The JAVA language was created by James Gosling in June 1991 for use in a set
top box project. The language was initially called Oak, after an oak tree that stood outside
Gosling's office - and also went by the name Green - and ended up later being renamed to
Java, from a list of random words. Gosling's goals were to implement a virtual machine
and a language that had a familiar C/C++ style of notation. The first public
implementation was Java 1.0 in 1995. It promised "Write Once, Run anywhere"
(WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its
security was configurable, allowing network and file access to be restricted. Major web
browsers soon incorporated the ability to run secure Java applets within web pages. Java
quickly became popular. With the advent of Java 2, new versions had multiple
configurations built for different types of platforms. For example, J2EE was for
enterprise applications and the greatly stripped down version J2ME was for mobile
applications. J2SE was the designation for the Standard Edition. In 2006, for marketing
purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively.
In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body and
later the Ecma International to formalize Java, but it soon withdrew from the process.
Java remains a de facto standard that is controlled through the Java Community Process.
At one time, Sun made most of its Java implementations available without charge
although they were proprietary software. Sun's revenue from Java was generated by the
selling of licenses for specialized products such as the Java Enterprise System. Sun
distinguishes between its Software Development Kit (SDK) and Runtime Environment
www.jntuworld.com
www.jntuworld.com
15
(JRE) which is a subset of the SDK, the primary distinction being that in the JRE, the
compiler, utility programs, and many necessary header files are not present.
On 13 November 2006, Sun released much of Java as free software under the
terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the
process, making Java’s entire core code open source, aside from a small portion of code
to which Sun did not hold the copyright.
The following are the Primary goals:
There were five primary goals in the creation of the Java language:
It should use the object-oriented programming methodology.
It should allow the same program to be executed on multiple operating systems.
It should contain built-in support for using computer networks.
It should be designed to execute code from remote sources securely.
It should be easy to use by selecting what were considered the good parts of other
object-oriented languages
The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:
· Simple · Architecture neutral
· Object oriented · Portable
· Distributed · High performance
· Multithreaded · Robust
· Dynamic · Secure
Each of the preceding buzzwords is explained in The Java Language Environment
, a white paper written by James Gosling and Henry McGilton.
In the Java programming language, all source code is first written in plain text
files ending with the .java extension. Those source files are then compiled into .class files
by the java compiler. A .class file does not contain code that is native to your processor;
it instead contains bytecodes — the machine language of the Java Virtual Machine1 (Java
www.jntuworld.com
www.jntuworld.com
16
VM). The java launcher tool then runs your application with an instance of the Java
Virtual Machine.
(An overview of the software development process)
Because the Java VM is available on many different operating systems, the same
.class files are capable of running on Microsoft Windows, the Solaris TM Operating
System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java
HotSpot virtual machine, perform additional steps at runtime to give your application a
performance boost. This includes various tasks such as finding performance bottlenecks
and recompiling (to native code) frequently used sections of code.
Through the Java VM, the same application is capable of running on multiple
platforms.
www.jntuworld.com
www.jntuworld.com
17
Java platform
A platform is the hardware or software environment in which a program runs.
We've already mentioned some of the most popular platforms like Microsoft Windows,
Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the
operating system and underlying hardware. The Java platform differs from most other
platforms in that it's a software-only platform that runs on top of other hardware-based
platforms.
The Java platform has two components:
The Java Virtual Machine
The Java Application Programming Interface (API)
You've already been introduced to the Java Virtual Machine; it's the base for the
Java platform and is ported onto various hardware-based platforms.
The API is a large collection of ready-made software components that provide
many useful capabilities. It is grouped into libraries of related classes and interfaces;
these libraries are known as packages.
(The API and JVM insulate the program from the underlying hardware)
As a platform-independent environment, the Java platform can be a bit slower
than native code. However, advances in compiler and virtual machine technologies are
bringing performance close to that of native code without threatening portability.
Java Runtime Environment
The Java Runtime Environment, or JRE, is the software required to run any
application deployed on the Java Platform. End-users commonly use a JRE in software
packages and Web browser plugins. Sun also distributes a superset of the JRE called the
Java 2 SDK (more commonly known as the JDK), which includes development tools
such as the Java compiler, Javadoc, Jar and debugger.
www.jntuworld.com
www.jntuworld.com
18
One of the unique advantages of the concept of a runtime engine is that errors
(exceptions) should not 'crash' the system. Moreover, in runtime engine environments
such as Java there exist tools that attach to the runtime engine and every time that an
exception of interest occurs they record debugging information that existed in memory at
the time the exception was thrown (stack and heap values). These Automated Exception
Handling tools provide 'root-cause' information for exceptions in Java programs that run
in production, testing or development environments.
1 (JVM) implementations that are optimized for the type of systems they are targeted at.
For example, the K Virtual Machine (KVM) is a JVM optimized for resource constrained
devices, such as mobile phones and PDAs.
J2ME is part of the Java 2 Platform
The following characteristics are shared among the three Java editions:
Write Once Run Anywhere: because Java technology relies on Java byte-code that is
interpreted by a virtual machine, applications written in Java can run on similar types
of systems (servers, desktop systems, mobile devices) independent of the underlying
operating system and processor. For example, a developer doesn't need to develop
and maintain different versions of the same application to run on a Nokia
www.jntuworld.com
www.jntuworld.com
19
Communicator running the EPOC operating system, a Compaq iPAQ running
PocketPC, or even a PDA powered by the Linux operating system. On mobile
phones, the variety of processors and operating systems is even more significant, and
therefore the wireless community in general is seeking a solution that is platform
agnostic, such as WAP or J2ME.
Security: while on the Internet, people are used to secure data transactions and
downloading files or email messages that may contain viruses, few wireless networks
today support standard Internet protocols, and wireless operators are concerned by the
security issues associated with the download of standard C applications on their
networks. Java technology features a robust security model: before any application is
executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity.
Once an application is running, it cannot access system resources outside of a
'sandbox,' preventing applications from acting as viruses. Finally, Java applications
can take advantage of standard data encryption solutions (SSL or Elliptic Curve
Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, W-
CDMA), providing a robust infrastructure for Mcommerce and enterprise application
access.
Rich graphical user interface: you may remember that the first demonstration of
Java technology was done using an animated character on a web page. While
animated GIF files have made this use of the technology obsolete on desktop systems,
mobile devices can benefit from richer GUI APIs that allow for differentiation of
services and the development of compelling applications.
Network awareness: while Java applications can operate in disconnected mode, they
are network-aware by default, allowing applications to be dynamically downloaded
over a network. Additionally, Java is network-agnostic, in the sense that Java
applications can exchange data with a backend server over any network protocol,
whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA,
TDMA, PHS, CDPD, Mobitex, and so on.
www.jntuworld.com
www.jntuworld.com
20
The J2ME Application Cycle
Contrary to the web browser model, which requires continuous connectivity and
offers a limited user interface and security experiences, J2ME allows applications to be
dynamically downloaded to a mobile device in a secure fashion. J2ME applications can
be posted on a Web server, allowing end users to initiate the download of an application
they select through a micro browser or other application locator interface. Wireless
operators, content providers, and ISVs can also push a set of J2ME applications and
manage them remotely. The Java provisioning model puts the responsibility of checking
the compatibility of the applications (such as version of the J2ME specification used,
memory available on the handset) on the handset itself, allowing the end user to ignore
the intricacies associated with typical desktop systems.
Once a J2ME application is deployed on a mobile device, it stays there until the
user decides to upgrade or remove it. The application can be operated in disconnected
mode (such as standalone game, data entry application) and store data locally, providing
a level of convenience that is not available on current browser-based solutions. Because
the application resides locally, the user doesn't experience any latency issues, and the
application can offer a user interface (drop-down menus, check boxes, animated icons)
that is only matched by native C applications. The level of convenience is increased
because the user can control when the application initiates a data exchange over the
wireless network. This allows for big cost savings on circuit0switched networks, where
wireless users are billed per minute, and allows a more efficient exchange of data, since
many applications can use a store and forward mechanism to minimize network latency.
www.jntuworld.com
www.jntuworld.com
21
J2ME applications can exchange data over WAP, i-mode or TCP based wireless networks
Additionally, J2ME applications can leverage any wireless network infrastructure,
taking advantage of a WAP network stack on current circuit-switched networks (GSM,
CDMA, and TDMA). The same applications are ready to be used on packet-based
networks, allowing the use of standard Internet protocols, such as HTTPS over SSL (data
encryption), IMAP (email), LDAP (directories), between the J2ME enabled client
application and the backend infrastructure.
J2ME Benefits on Wireless Devices
Let's look at how Java technology fits in the wireless service evolution.
Originally, analog technology was sufficient to handle voice services, but the quality of
the calls was sketchy and multiple radio networks competed with one another.
Today we take advantage of the second generation of networks and services (2G
networks), which use digital networks and web browser technologies. This provides
access to data services, but markup languages present some limitations. Markup
languages are a step in the right direction, but browser-based applications don't work
www.jntuworld.com
www.jntuworld.com
22
when out of coverage-require air time for even simple operations (such as entering
appointments in browser-based calendar) - offer a limited user interface paradigm
(character-based, static black and white images, cumbersome navigation interface).
When Java technology is added to this environment, it brings additional benefits
that translate into an enhanced user experience. Instead of plain text applications and
latency associated to a browser-based interface, the user is presented with rich animated
graphics, a fast interaction, the capability to use an application off-line, and maybe most
interestingly, the capability to dynamically download new applications to the device.
For application developers, this means that you can use your favorite
programming language and your favorite development tools, rather than learning a new
programming environment. There are over 2.5 million developers who have already
developed applications using the Java programming language, primarily on the server
side. Once these developers become familiar with the small set of J2ME APIs, it becomes
relatively easy to develop small client modules that can exchange data with server
applications over the wireless network.
The challenges that remain the same for Java, WAP, or native APIs is that small
screens and limited input interfaces require developers to put some effort into the
development of the application user interface. In other worlds, small devices force
developers to abandon bad or lazy programming techniques.
What Type of Applications Does J2ME Enable?
Many people expect to see new type of applications developed with J2ME. You
can argue that the application categories would remain the same, except for a few
exceptions such as location services and data applications that integrate with telephony
functionality. The outcome is likely to be applications that are context sensitive
(immediacy, location, personal or professional use) and are migrating from a character-
based interface (browser-based applications) to a graphical environment, providing
developers and end users with an unmatched level of flexibility. Just think about the
evolution from DOS or mainframe applications to Windows, MacOS, or Solaris graphical
www.jntuworld.com
www.jntuworld.com
23
environment. We still use processors, spreadsheets, accounting applications like in the
good old days, but because the new generation of applications take advantage of a richer
graphical environment, the applications are better and easier to use.
Therefore, expect to see J2ME developers targeting the same categories of
applications they focused on with WAP, but this time with the user experience
compelling enough for ISVs and system integrators to be able to charge for them.
As far as adoption of J2ME, the prognostics are rather good. Evans Data recently
conducted a survey2 among 500 wireless application developers, concluding that more
developers will use Java and J2ME to develop wireless applications (30%) than native C
APIs (Palm OS, Pocket PC, EPOC) or even WAP.
The market that J2ME will penetrate the fastest is the Japanese market, with
Nikkei Market Access3 forecasting a penetration rate of 40% this year. NTT DoCoMo,
who started shipping J2ME enabled I-mode phones at the end of January, has already
sold 1 million units, and they expect the number to increase to 3 million by the end of
September. The two other major Japanese wireless operators (KDDI and J-Phone) will
join DoCoMo in the deployment of J2ME enabled handsets by the end of the summer.
Obviously, forecasts can be misleading, as the experience with WAP, Bluetooth
and 3G has shown. Therefore, what really matters is the number of handset
manufacturers that are planning to make available J2ME enabled phones and PDAs this
year, as well as the number of wireless operators that are endorsing the technology and
putting in place a network infrastructure that will allow ISVs, content providers and
corporations to deploy J2ME applications and services over their network.
The benefits of Java technology as provided by J2ME in the wireless arena are
many and varied. From its Write Once Run Anywhere flexibility, to its robust security
features, to its support for off-line processing and local data storage, to its leverage of any
wireless infrastructure, to its fine-tuned control of data exchange, J2ME is a natural
platform for wireless application development. The numbers bear this out -- the ranks of
J2ME developers are growing fast.
www.jntuworld.com
www.jntuworld.com
24
3.2.2.3 MySQL
MySQL is a relational database management system (RDBMS) that runs as a
server providing multi-user access to a number of databases. MySQL is primarily
an RDBMS and therefore ships with no GUI tools to administer MySQL databases or
manage data contained within. Users may use the included command-line tools, or
download MySQL Frontends from various parties that have developed desktop software
and web applications to manage MySQL databases, build database structure, and work
with data records.
3.2.2.4 Apache Tomcat
Apache Tomcat is an open source servlet container developed by the Apache
Software Foundation (ASF). Tomcat implements the Java Servlet and the Java Server
Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java"
HTTP web server environment for Java code to run.
3.2.2.5 Apache ANT
Apache Ant is a software tool for automating software build processes. It is
similar to Make but is implemented using the Java language, requires the Java platform,
and is best suited to building Java projects. The most immediately noticeable difference
between Ant and Make is that Ant uses XML to describe the build process and its
dependencies, whereas Make has its Make file format. By default the XML file is
named build.xml.
3.2.2.6 J2ME unit test tool
J2ME Unit was created to run in small spaces where various classes like
reflection and certain primitives like double are not available. J2ME Unit includes a test
runner that will run on Motorola’s Mobile Information Device Profile(MIDP) and a text
ui test runner that prints text output.
www.jntuworld.com
www.jntuworld.com
25
3.2.3 Hardware Requirement
Processor : Pentium III
Clock speed : 550MHz
Hard Disk : 20GB
RAM : 128MB
Cache Memory : 512KB
3.2.4 Functional Requirements
3.2.4.1 Output Design
Outputs from computer systems are required primarily to communicate the results
of processing to users. They are also used to provide a permanent copy of the results for
later consultation. The various types of outputs in general are:
External Outputs whose destination is outside the organization.
Internal Outputs whose destination is within organization and they are the user’s
main interface with the computer.
Operational outputs whose use is purely within the computer department.
Interface outputs, which involve the user in communicating directly with system.
3.2.4.2 Output Definition
The outputs should be defined in terms of the following points:
Type of the output.
Content of the output.
Format of the output.
Location of the output.
Frequency of the output.
Volume of the output.
Sequence of the output.
www.jntuworld.com
www.jntuworld.com
26
It is not always desirable to print or display data as it is held on a computer. It
should be decided as which form of the output is the most suitable. For Example
Will decimal points need to be inserted
Should leading zeros be suppressed.
3.2.4.3 Output Media
In the next stage it is to be decided that which medium is the most appropriate for
the output. The main considerations when deciding about the output media are:
The suitability for the device to the particular application.
The need for a hard copy.
The response time required.
The location of the users
The software and hardware available.
Keeping in view the above description the project is to have outputs mainly
coming under the category of internal outputs. The main outputs desired according to the
requirement specification are:
The outputs were needed to be generated as a hot copy and as well as queries to
be viewed on the screen. Keeping in view these outputs, the format for the output is
taken from the outputs, which are currently being obtained after manual processing. The
standard printer is to be used as output media for hard copies.
3.2.4.4 Input Design
Input design is a part of overall system design. The main objective during the
input design is as given below:
To produce a cost-effective method of input.
To achieve the highest possible level of accuracy.
To ensure that the input is acceptable and understood by the user.
www.jntuworld.com
www.jntuworld.com
27
3.2.4.5 Input Stages
The main input stages can be listed as below:
Data recording
Data transcription
Data conversion
Data verification
Data control
Data transmission
Data validation
Data correction
3.2.4.6 Input Types
It is necessary to determine the various types of inputs. Inputs can be categorized
as follows:
External inputs, which are prime inputs for the system.
Internal inputs, which are user communications with the system.
Operational, which are computer department’s communications to the system?
Interactive, which are inputs entered during a dialogue.
3.2.4.7 Input Media
At this stage choice has to be made about the input media. To conclude about the
input media consideration has to be given to:
Type of input
Flexibility of format
Speed
Accuracy
Verification methods
Rejection rates
Ease of correction
Storage and handling requirements
www.jntuworld.com
www.jntuworld.com
28
Security
Easy to use
Portability
Keeping in view the above description of the input types and input media, it can
be said that most of the inputs are of the form of internal and interactive. As Input data is
to be the directly keyed in by the user, the keyboard can be considered to be the most
suitable input device.
3.2.4.8 Error Avoidance
At this stage care is to be taken to ensure that input data remains accurate form the
stage at which it is recorded up to the stage in which the data is accepted by the system.
This can be achieved only by means of careful control each time the data is handled.
3.2.4.9 Error Detection
Even though every effort is make to avoid the occurrence of errors, still a small
proportion of errors is always likely to occur, these types of errors can be discovered by
using validations to check the input data.
3.2.4.10 Data Validation
Procedures are designed to detect errors in data at a lower level of detail. Data
validations have been included in the system in almost every area where there is a
possibility for the user to commit errors. The system will not accept invalid data.
Whenever an invalid data is keyed in, the system immediately prompts the user and the
user has to again key in the data and the system will accept the data only if the data is
correct. Validations have been included where necessary.
The system is designed to be a user friendly one. In other words the system has
been designed to communicate effectively with the user. The system has been designed
with popup menus.
www.jntuworld.com
www.jntuworld.com
29
3.2.5 Performance Requirements
Performance is measured in terms of the output provided by the application.
Requirement specification plays an important part in the analysis of a system. Only when
the requirement specifications are properly given, it is possible to design a system, which
will fit into required environment. It rests largely in the part of the users of the existing
system to give the requirement specifications because they are the people who finally use
the system. This is because the requirements have to be known during the initial stages
so that the system can be designed according to those requirements. It is very difficult to
change the system once it has been designed and on the other hand designing a system,
which does not cater to the requirements of the user, is of no use. The requirement
specification for any system can be broadly stated as given below:
The system should be able to interface with the existing system
The system should be accurate
The system should be better than the existing system
www.jntuworld.com
www.jntuworld.com
30
3.3 CONTENT DIAGRAM OF THE PROJECT
SENDER MOBILE RECIEVER SERVER
INPUT
Processing
(Hiding Mechanism)
Secrete
KEY
NETWORK
STEGO IMAGE
Processing
(Extracting Mechanism)
OUTPUT
(Data)
KEY
www.jntuworld.com
www.jntuworld.com
31
3.4 ALGORITHMS AND FLOWCHART
3.4.1 Steganography Algorithm
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated. The output obtained as a result of
encryption performed in Module 3 is embedded in an image which is of Portable
Network Graphics format i.e. image with ‘.png’ extension. The process of embedding
consists of the following steps:
Step 1: The image is selected initially, in which data has to be embedded.
Step 2: The total number of pixels in the image is calculated by using the
formula ‘width x height’.
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
www.jntuworld.com
www.jntuworld.com
32
3.4.2 Flowchart of the project
www.jntuworld.com
www.jntuworld.com
33
3.5 CONCLUSION
In this phase, we understand the software requirement specifications for the
project. We arrange all the required components to develop the project in this phase itself
so that we will have a clear idea regarding the requirements before designing the project.
Thus we will proceed to the design phase followed by the implementation phase of the
project.
www.jntuworld.com
www.jntuworld.com
DESIGN
www.jntuworld.com
www.jntuworld.com
34
4. DESIGN
4.1 INTRODUCTION
In this project, we propose a mobile-based software token system that is supposed
to replace existing hardware and computer-based software tokens. The proposed system
is secure.
4.2 UML DIAGRAMS
Unified Modeling Language (UML) is a standardized general-purpose modeling
language in the field of software engineering. It is used to specify, visualize, modify,
construct and document the artifacts of an object-oriented software intensive system
under development. UML combines best techniques from data modeling (entity
relationship diagrams), business modeling (work flows), object modeling, and component
modeling. It can be used with all processes, throughout the software development life
cycle, and across different implementation technologies.
4.2.1 Class Diagram
Class diagram in the Unified Modeling Language (UML) is a type of static
structure diagram that describes the structure of a system by showing the system's
classes, their attributes, and the relationships between the classes. It is the main building
block in object oriented modeling. It is being used both for general conceptual modeling
of the systematics of the application, and for detailed modeling translating the models
into programming code.
The classes in a class diagram represent both the main objects and interactions in
the application and the objects to be programmed. In the class diagram these classes are
represented with boxes which contain three parts:
The upper part holds the name of the class.
The middle part contains the attributes of the class, and
The bottom part gives the methods or operations the class can take.
www.jntuworld.com
www.jntuworld.com
35
In the conceptual design of a system, a number of classes are identified and
grouped together in a class diagram which helps to determine the statical relations
between those objects. With detailed modeling, the classes of the conceptual design are
often split in a number of subclasses.
M ai n
c m dLog inc m dE x itc m dB ac ktx tU s ernam etx tP as s w o rdtx t IP
s tartA pp()c om m andA c t ion ()c a llLog inS ervle t ()
Log inS ervle t
us erA c c ountus ernam epas s w orddb
ex ec uteQ ue ry ()doG et()
Trans fe r
t rans ferF o rmtx tToA c c ounttx tTP as s w ordtx tA m ount
append()addC om m and ()
S teganograph
mes s ageB y tesex tr ac tda ta
em be dMes s age ()ret ri eveM es s ag e ()
Trans ferS ervle t
dbrsrs1
ex ec ut eQ uery ()ge tD ou b le ( )
t rans act io n is p roc es s ed
www.jntuworld.com
www.jntuworld.com
36
4.2.2 Use case Diagram
A Use case diagram in the Unified Modeling Language (UML) is a type of
behavioral diagram defined by and created from a Use-case analysis. Its purpose is to
present a graphical overview of the functionality provided by a system in terms of actors,
their goals (represented as use cases), and any dependencies between those use cases.
The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.
Customer Authentication Transaction LSB
Customer
Steganography
Transfer Money
bank ing
Account details
www.jntuworld.com
www.jntuworld.com
37
4.2.3 Sequence Diagram
A sequence diagram in Unified Modeling Language (UML) is a kind
of interaction diagram that shows how processes operate with one another and in what
order. It is a construct of a Message Sequence Chart.
A sequence diagram shows, as parallel vertical lines (lifelines), different processes
or objects that live simultaneously, and, as horizontal arrows, the messages exchanged
between them, in the order in which they occur. This allows the specification of simple
runtime scenarios in a graphical manner.
C u s t o m e r A u t h e n t i c a t io n L o g in T ra n s a c t io n S t e g a n o g ra p h y p ro c e s s e d
w a n t s t h e d e ta i l s
A u t h e n t ic a t io n is d o n e
i f s u c c e s s fu l t h e n lo g in
re q u e s t fo r m o n e y tr a n s fe r
p e r fo rm s s t e g a n o g ra p h y
t h e a m o u n t i s s e n t
www.jntuworld.com
www.jntuworld.com
38
4.2.4 Data Flow Diagrams
Display Account Details
Enter Username& password.
Send Username encrypted with Password in an
Image along with Accno
Authenticate
Request for account details
Encryption & Image Embedding
Send Data
Enter Password, Retrieve Cipher text Decrypt
Display Account Detail
Exit
Mobile
Client
Server
www.jntuworld.com
www.jntuworld.com
39
Money Transfer
Enter Username& password
Send Username encrypted with Password in an
Image along with Accno.
Authenticate
Select Transaction option
Enter Receiver’s account number, Amount &
Sender’s transaction Password
Send Details
Update database
Exit
Mobile
Client
Server
www.jntuworld.com
www.jntuworld.com
40
4.3 MODULE DESIGN AND ORGANISATION
There are mainly three modules
• Admin Modules
• Client Side MIDlet Modules (j2me)
• Implementing Steganography
4.3.1 Admin Module
• In these admin Module we have web application.
• The designing of the web application is done using Java Server Pages.
• In these web page, we have these two main option;
• Account Details.
• Transfer Amount.
• The actions from the JSp are handled by the servlets
The other name of Web Banking is Net-Banking or N-Banking. The N-Banking is
one of the most popular methods, which was established before M- Banking. This
module explains the interaction between the web server and the web client i.e., the web
client interacts online with the server. Internet is used by the Web Client to establish this
connection.
The client first opens the Bank’s web page by specifying its URL. Next, the client
is requested to enter the unique Username and Password for authentication purpose. If
entered correctly, the user is logged on to the next page.
The next page displays the account number, account type and balance details of
the client. Also, two more options are displayed to the user. Depending on the user’s
need, any one of the options can be selected. The “Account details” option, if selected
displays the account details along with details about the last few transactions made by the
www.jntuworld.com
www.jntuworld.com
41
client. “Transfer money” option is used for transferring funds from one account to
another account. The user is requested to enter the account number to which money has
to be transferred, the amount to transfer and the transaction password.
In this module no security measures have been implemented. This module has
been performed to confirm the communication path between the server and the client.
JSP:
Java Server Pages (JSP) is a Java technology that allows software
developers to dynamically generate HTML, XML or other types of
documents in response to a Web client request. The technology allows
Java code and certain pre-defined actions to be embedded into static
content.
The JSP syntax adds additional XML-like tags, called JSP actions, to be
used to invoke built-in functionality. Additionally, the technology allows
for the creation of JSP tag libraries that act as extensions to the standard
HTML or XML tags. Tag libraries provide a platform independent way of
extending the capabilities of a Web server.
JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler
may generate a servlet in Java code that is then compiled by the Java
compiler, or it may generate byte code for the servlet directly. JSPs can
also be interpreted on-the-fly reducing the time taken to reload changes.
www.jntuworld.com
www.jntuworld.com
42
Java Server Pages (JSP) technology provides a simplified, fast way to
create dynamic web content. JSP technology enables rapid development of
web-based applications that are server- and platform-independent
4.3.2 Client Side MIDLET Module
• In the Client Midlet which is based on j2me client application.
• MIDlets handle all the events in the mobile part.
• Each request is handled by the server.
• We divide this client MIDlet into..
• Main - Which prefers the main Login page passes the request to
the server
• Details – from the server we have a details (mini – statement) to
the client
• Transfer – these option which transfers the amount to the other
account.
Mobile Banking comes very handy by reducing the stress of the customer to go to the
bank, the delay for enquiry and transaction etc. Every customer who has an account in the
bank and wishes to enhance his privacy, he will be given software by the bank which can
be exclusively used only by that account holding person i.e. the software the customer
holds can only perform his transaction and viewing of his account details corresponding
to his account number.
First the user has to be authenticated. For this he is requested for the ‘Username’,
‘Password’ and the IP of the server along with the port number. These values have to be
authenticated by the server. For this, first we encrypt the Username by using the
www.jntuworld.com
www.jntuworld.com
43
password as the key. We then hide the data in a picture using Steganography. This data is
sent to IP entered by the user, which is nothing but the server along with the Account
number.
The server then receives the image along with the account number. The server
then finds the password corresponding to the account number from the database. It then
retrieves the data from the image by performing steganography and decryption by using
the password as the key. If the server is able to retrieve the data, then the password and
username are considered correct and hence the user is authenticated. The database
corresponding to authentication is similar. Now two options will be displayed to the user
namely, ‘Account Details’ and ‘Transaction’. The user then has to select one among
these.
Account Details Option
If the user selects this option a request is sent to the server. The server then
processes this request and sends the reply to the mobile client. In the act of processing,
the server finds the account details of that particular account number. This data is
encrypted and then hidden in a picture using steganography. The mobile client then
receives this image. The password is requested from the user. Using this password, the
data is retrieved and displayed to the user.
Transfer Money Option
If the user selects this option the server request the user for account no to which
the money should be transferred and the also takes the input as amount which is to be
transferred to that particular account and also the transaction password should be entered
for maintaining secrecy and authentication. After entering all the details the money will
be transferred into the requested account.
www.jntuworld.com
www.jntuworld.com
44
4.3.3 Implementing Steganography
• Implementing the Steganography constraints in the entire applications.
• Steganography is the art and science of writing hidden messages in such a way
that no one apart from the sender and intended recipient even realizes there is a
hidden message.
• By contrast, cryptography obscures the meaning of a message, but it does not
conceal the fact that there is a message.
• Combining steganography of data in picture and using png format pictures this
article proposes a method for hidden exchange of information.
• The main focus of this article is on steganography in banking applications pictures
and making this possible on mobile phones considering the limitations in mobile
phones.
• After receiving a picture message containing hidden data, the decoder program
extracts the data and immediately changes the steganography places.
Usually 24-bit or 8-bit files are used to store digital images. The former one provides
more space for information hiding; however, it can be quite large. The colored
representations of the pixels are derived from three primary colors: red, green and blue.
24-bit images use 3 bytes for each pixel, where each primary color is represented by 1
byte. Using 24-bit images each pixel can represent 16,777,216 color values. We can use
the lower two bits of these color channels to hide data, then the maximum color change in
a pixel could be of 64-color values, but this causes so little change that is undetectable for
www.jntuworld.com
www.jntuworld.com
45
the human vision system. This simple method is known as Least Significant Bit insertion
as in figure 3.5.
Algorithm to embed the encrypted data:
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated.
The output obtained as a result of encryption performed in Module 3 is embedded
in an image which is of Portable Network Graphics format i.e. image with ‘.png’
extension. The process of embedding consists of the following steps:
Step 1: The image is selected initially, in which data has to be embedded.
Step 2: The total number of pixels in the image is calculated by using the
formula‘widthxheight’.
Figure 3.5 – LSB Methodology
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
www.jntuworld.com
www.jntuworld.com
46
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00’.
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
4.4 CONCLUSION
In this way we can design the layout of the project which is to be implemented during the construction phase. Thus we will have a clear picture of the project before being coded. Hence any necessary enhancements can be made during this phase and coding can be started
www.jntuworld.com
www.jntuworld.com
IMPLEMENTATION
&
RESULTS
www.jntuworld.com
www.jntuworld.com
47
5 IMPLEMENTATION AND RESULTS
5.1 INTRODUCTION
The implementation part is the most important phase of the project. In this phase, we
code the entire project in the chosen software according to the design laid during the
previous phase. The code has to be in such a way that the user requirements are satisfied
and also not complicated for the user i.e., the user interface or GUI has to be easy to
navigate. The code should be efficient in all terms like space, easy to update, etc. In this
manner, we can complete the coding part of the project and later it can be sent for testing
before being delivered to the customer
5.2 EXPLANATION OF KEY FUNCTIONS
5.2.1 Database Connectivity using jdbc
The following code gives the database connectivity using jdbc i.e., the way the
MySQL database is synchronized with the project which is developed using Java.
import java.sql.*;
import java.util.*;
public class Database {
private static String jdbcDriver = "";
private static String dbURL = "";
private static String username = "";
private static String password = "";
private Connection connection;
public Database() throws SQLException, ClassNotFoundException
{
ResourceBundle bundle = ResourceBundle.getBundle("MessageResources");
jdbcDriver = bundle.getString("jdbc.driver");
dbURL = bundle.getString("jdbc.url");
www.jntuworld.com
www.jntuworld.com
48
username = bundle.getString("jdbc.user");
password = bundle.getString("jdbc.password");
Class.forName(jdbcDriver); //set Java database connectivity driver
connection = DriverManager.getConnection(dbURL, username, password);
}
public ResultSet executeQuery(String query)throws SQLException
{
PreparedStatement st = connection.prepareStatement(query);
return st.executeQuery();
}
public int executeUpdate(String statement)throws SQLException
{
PreparedStatement st= connection.prepareStatement(statement);
return st.executeUpdate();
}
public void close()
{
try
{
connection.close();
}
catch (SQLException sqlException)
{
sqlException.printStackTrace();
connection = null;
}
}
protected void finalize()
{
close();
}}
www.jntuworld.com
www.jntuworld.com
49
5.2.2 Main Page of Mobile
The following code displays the main screen of the mobile
import java.io.*;
import java.util.*;
import javax.microedition.lcdui.*;
import javax.microedition.midlet.*;
import javax.microedition.io.*;
public class Main extends MIDlet implements CommandListener, Runnable {
private Display display = null;
private Command cmdLogin = null;
private Command cmdExit = null;
private Command cmdBack = null;
private Form loginForm;
private TextField txtUsername;
private TextField txtPassword;
private TextField txtIP;
private List menu = null;
public static String ipAddress = null;
public static String firstname = null;
public static String password = null;
private byte[] byteRGB;
Detail detail;
Transfer transfer;
public Main(){
detail.mainMidlet = this;
transfer.mainMidlet = this;
cmdLogin = new Command("Login", Command.SCREEN, 1);
cmdExit = new Command("Exit", Command.EXIT, 0);
display = Display.getDisplay(this);
www.jntuworld.com
www.jntuworld.com
50
}
public void startApp()
{
showLoginForm();
}
public void pauseApp()
{
}
public void destroyApp(boolean unconditional)
{
}
public void commandAction (Command c, Displayable d)
{
if(c == cmdLogin)
{
try
{
Gauge gau = new Gauge("Connecting",false,8,0);
Form frm = new Form("Please Wait.. ",new Item[] {gau});
gau.setValue(2);
display.setCurrent(frm);
ipAddress = txtIP.getString();
password = txtPassword.getString();
gau.setValue(4);
hideMessage();
gau.setValue(6);
callLoginServlet();
} catch (Exception e)
{
showError(e.toString());
www.jntuworld.com
www.jntuworld.com
51
}
else if (c == cmdExit)
{
destroyApp(false);
notifyDestroyed();
}
else {
switch(menu.getSelectedIndex()) {
case 0: {detail = new Detail(display);break; }
case 1: {transfer = new Transfer(display);break;}
}
}
}
private void callLoginServlet() throws IOException
{
new Thread(this).start();
}
public void run() {
HttpConnection hc = null;
InputStream iStrm = null;
OutputStream oStrm = null;
try {
String url = new String("http://" + ipAddress + "/mbank1/Login?a=001002001");
hc = (HttpConnection) Connector.open(url);
//hc.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1");
//hc.setRequestProperty("User-Account", "001002001");
hc.setRequestMethod(HttpConnection.POST);
oStrm = hc.openOutputStream();
www.jntuworld.com
www.jntuworld.com
52
oStrm.write(byteRGB);
if (hc.getResponseCode() == HttpConnection.HTTP_OK)
{
iStrm = hc.openInputStream();
int length = (int) hc.getLength();
if (length > 0)
{
byte resopnseData[] = new byte[length];
iStrm.read(resopnseData);
String data = new String(resopnseData);
if(data.equals("EC999")){
showError("Invalid Username/Password");
}else if(data.equals("EC899")){
showError("Database Error");
}else {
firstname = data;
password = txtPassword.getString();
showMenu(firstname);
}
} else {
showError("Unable to read data");
}
} else {
showError("Response error");
}
} catch (IOException ioe) {
showError(ioe.toString());
} finally {
try {
if (oStrm != null)
www.jntuworld.com
www.jntuworld.com
53
oStrm.close();
if (iStrm != null)
iStrm.close();
if (hc != null)
hc.close();
} catch (IOException ioe) {
showError(ioe.toString());
}}}
public void showLoginForm() {
loginForm = new Form("MBank");
txtUsername = new TextField("Username ", "", 15, TextField.ANY);
txtPassword = new TextField("Password ", "", 15, TextField.PASSWORD);
txtIP = new TextField("IP Address", "", 25, TextField.ANY);
loginForm.append(txtUsername);
loginForm.append(txtPassword);
loginForm.append(txtIP);
loginForm.addCommand(cmdLogin);
loginForm.addCommand(cmdExit);
loginForm.setCommandListener(this);
display.setCurrent(loginForm);
}
public void showError(String message) {
Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR );
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
}
public void showMenu(String message) {
menu = new List("MBank , Welcome "+message, Choice.IMPLICIT);
menu.append("Account Details", null);
www.jntuworld.com
www.jntuworld.com
54
menu.append("Transfer Money", null);
menu.addCommand(cmdExit);
menu.setCommandListener(this);
display.setCurrent(menu);
}
public void hideMessage() {
Image image;
int[] dataRGB;
try {
image = Image.createImage("/earth.png");
dataRGB = new int[image.getWidth() * image.getHeight()];
byteRGB = new byte[dataRGB.length * 4];
image.getRGB(dataRGB, 0, image.getWidth(), 0, 0, image.getWidth(), image.getHeight());
byteRGB = getByte(dataRGB);
Cryptograph crypt = new Cryptograph(txtUsername.getString(),password );
String cipher = crypt.encrypt();
cipher += "*";
byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes());
}catch (IOException ioe){
showError("Not able to load Image");
}}
private byte[] getByte(int[] source){
byte[] byteRGB = new byte[source.length * 4];
for (int i=0 ; i<source.length ; i++){
byteRGB[i * 4 + 0] = (byte)((source[i] >> 24) & 0x000000ff);
byteRGB[i * 4 + 1] = (byte)((source[i] >> 16) & 0x000000ff);
byteRGB[i * 4 + 2] = (byte)((source[i] >> 8) & 0x000000ff);
byteRGB[i * 4 + 3] = (byte)((source[i] >> 0) & 0x000000ff);}
return byteRGB;}}
www.jntuworld.com
www.jntuworld.com
55
5.2.3 Displays the Details to User
The following code displays the details of his account regarding his balance and recent transactions etc.
import javax.microedition.lcdui.*;
import javax.microedition.io.*;
import java.io.*;
import javax.microedition.lcdui.Image;
import javax.microedition.lcdui.ImageItem;
import javax.microedition.lcdui.Item;
public class Detail implements CommandListener, Runnable
{
public static Main mainMidlet=null;
private Display display;
private Form detailForm;
private Form imageForm;
private TextField tfPwd;
private Command cmdBack = new Command("Back", Command.BACK, 1);
private Command cmdDetail = new Command("View Detail", Command.SCREEN, 1);
private byte imageData[];
private int[] intNewImage;
public Detail(Display disp) {
display = disp;
try
{
callDetailServlet();
}
catch (Exception e)
{
www.jntuworld.com
www.jntuworld.com
56
showError(e.toString());
}}
public void callDetailServlet() throws IOException
{
new Thread(this).start();
}
public void run() {
HttpConnection http = null;
DataInputStream iStrm = null;
String url = "http://" + mainMidlet.ipAddress + "/mbank1/Detail?a=001002001" ;
try
{
http = (HttpConnection) Connector.open(url);
// http.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1");
// http.setRequestProperty("User-Account", "001002001");
http.setRequestMethod(HttpConnection.GET);
iStrm = http.openDataInputStream();
ByteArrayOutputStream bStrm = null;
if (http.getResponseCode() == HttpConnection.HTTP_OK)
{
int length = (int) http.getLength();
if (length != -1)
{
imageData = new byte[length];
iStrm.readFully(imageData); }
else
{
bStrm = new ByteArrayOutputStream();
int ch;
www.jntuworld.com
www.jntuworld.com
57
while ((ch = iStrm.read()) != -1)
bStrm.write(ch);
imageData = bStrm.toByteArray();
bStrm.close();
}
intNewImage = new int[imageData.length/4];
int indexIntNewImage = 0;
for (int j=0 ; j<imageData.length ; j+=4){
int alpha = (imageData[j + 0] << 24 ) & 0xff000000;
int red = (imageData[j + 1] << 16 ) & 0x00ff0000;
int green = (imageData[j + 2] << 8 ) & 0x0000ff00;
int blue = (imageData[j + 3] << 0 ) & 0x000000ff;
intNewImage[indexIntNewImage] = alpha + red + green + blue;indexIntNewImage++;
}
Image image = Image.createRGBImage(intNewImage, 64, 64, true);
ImageItem imageItem = new ImageItem("\n", image, ImageItem.LAYOUT_CENTER | ImageItem.LAYOUT_NEWLINE_BEFORE
| ImageItem.LAYOUT_NEWLINE_AFTER, "MBank");
imageForm = new Form("Steganograpy Image");
tfPwd = new TextField("Password:", "", 10, TextField.ANY | TextField.PASSWORD);
imageForm.append(imageItem);
imageForm.append(tfPwd);
imageForm .addCommand(cmdDetail);
imageForm .setCommandListener(this);
display.setCurrent(imageForm);
}else {
showError("Response Error");
} }
catch (Exception e)
www.jntuworld.com
www.jntuworld.com
58
{
showError(e.toString());
}
finally
{if (iStrm != null)
try {
iStrm.close();
} catch (Exception ce) { }
}
if (http != null) {
try {
http.close();
} catch (Exception ce) { }
}
}
public void startApp()
{ }
public void pauseApp()
{ }
public void destroyApp(boolean unconditional)
{ }
public void commandAction(Command c, Displayable s)
{
if (c == cmdBack)
{
mainMidlet.showMenu(mainMidlet.firstname);
}
if (c == cmdDetail)
{
www.jntuworld.com
www.jntuworld.com
59
showDetail(imageData);
}
}
public void showError(String message) {
Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR );
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
}
public void showDetail( byte data[]){
String message = Steganograph.retrieveMessage(data);
Cryptograph crypt = new Cryptograph(message, tfPwd.getString());
String decMes = crypt.decrypt();
detailForm = new Form("MBank-Account Details");
StringTokenizer tok = new StringTokenizer(decMes,";");
StringItem item = new StringItem("Acc No : ",tok.nextToken());
detailForm .append(item);
item = new StringItem("Acc Type: ",tok.nextToken().toUpperCase());
detailForm .append(item);
item = new StringItem("Balance : ",tok.nextToken());
detailForm .append(item);
item = new StringItem("----------------------------------------","");
detailForm .append(item);
item = new StringItem("Mini Statement","");
detailForm .append(item);
item = new StringItem("----------------------------------------","");
detailForm .append(item);
item = new StringItem(" Date Action Amount","");
detailForm .append(item);
String noTrans = tok.nextToken();
int transCount = Integer.parseInt(noTrans);
www.jntuworld.com
www.jntuworld.com
60
for(int i=0;i<transCount;i++){
item = new StringItem("" ,tok.nextToken() + " " + tok.nextToken().toUpperCase() + " " + tok.nextToken());
detailForm .append(item);
} detailForm .addCommand(cmdBack);
detailForm .setCommandListener(this);
display.setCurrent(detailForm);
} }
5.2.4 Transfer Money to Other Account
The following code helps to transfer money from his account to another
import javax.microedition.lcdui.*;
import javax.microedition.io.*;
import java.io.*;
public class Transfer implements CommandListener, Runnable
{
public static Main mainMidlet=null;
private Display display;
private Form transferForm;
private TextField txtToAccount;
private TextField txtTPassword;
private TextField txtAmount;
private String message = "";
private byte[] byteRGB;
private Command cmdBack = new Command("Back", Command.BACK, 1);
private Command cmdSend = new Command("Send", Command.SCREEN, 1);
public Transfer(Display disp){
display = disp;
transferForm = new Form("MBank - Money Transfer");
txtToAccount = new TextField("To Account ", "", 15, TextField.NUMERIC);
www.jntuworld.com
www.jntuworld.com
61
txtAmount = new TextField("Amount ", "", 15, TextField.NUMERIC);
txtTPassword = new TextField("Transaction Password", "", 15, TextField.PASSWORD);
transferForm.append(txtToAccount);
transferForm.append(txtAmount);
transferForm.append(txtTPassword);
transferForm.addCommand(cmdSend);
transferForm.addCommand(cmdBack);
transferForm.setCommandListener(this);
display.setCurrent(transferForm);
}
public void startApp()
{ }
public void pauseApp()
{ } public void destroyApp(boolean unconditional){ }
public void commandAction(Command c, Displayable s)
{
if (c == cmdBack)
{
mainMidlet.showMenu(mainMidlet.firstname);
} else if(c == cmdSend) {
try{ message = txtToAccount.getString() + ";" +txtAmount.getString() + ";" + txtTPassword.getString();
hideMessage();
callTransferServlet();
}catch (Exception e)
{
showError(e.toString());
}
} }
www.jntuworld.com
www.jntuworld.com
62
private void callTransferServlet() throws IOException
{
new Thread(this).start();
}
public void run() {
HttpConnection hc = null;
InputStream iStrm = null;
OutputStream oStrm = null;
try { String url = new String("http://" + mainMidlet.ipAddress + "/mbank1/Transfer?a=001002001");
hc = (HttpConnection) Connector.open(url);//hc.setRequestProperty("User-Agent","Profile/MIDP-2.0
Configuration/CLDC-1.1");
//hc.setRequestProperty("User-Account", "001002001");
hc.setRequestMethod(HttpConnection.POST);
oStrm = hc.openOutputStream();
oStrm.write(byteRGB);
if (hc.getResponseCode() == HttpConnection.HTTP_OK) {
iStrm = hc.openInputStream();
int length = (int) hc.getLength();
if (length > 0)
{
byte resopnseData[] = new byte[length];
iStrm.read(resopnseData);
String data = new String(resopnseData);
if(data.equals("EC999")){
showError("Invalid Username/Password");
}else if (data.equals("TEC100")) {
showError("Invalid Transaction password");
www.jntuworld.com
www.jntuworld.com
63
}else if(data.equals("TEC200")){showError("Insuffidient Balance");
}else if(data.equals("TEC300")){
showError("Invalid Transfer Account");
}else if(data.equals("TEC400")){
showError("Check Transfer Account No");
}else if(data.equals("TEC900")){
showMessage();
}
} else {
showError("Unable to read data");}
} else {
showError("Response error");
}
} catch (IOException ioe) {showError(ioe.toString());
} finally {
try {
if (oStrm != null)
oStrm.close();
if (iStrm != null)
iStrm.close();
if (hc != null)
hc.close();
} catch (IOException ioe) {
showError(ioe.toString()); }
}
}
public void showError(String message) {
www.jntuworld.com
www.jntuworld.com
64
Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR );
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
}
public void showMessage() {
Form messageForm = new Form("Transaction Message");
messageForm.append("Transaction Successful");
messageForm.addCommand(cmdBack);
messageForm.setCommandListener(this);
display.setCurrent(messageForm); }
public void hideMessage() {
Image image;
int[] dataRGB;
try {
image = Image.createImage("/cube.png");
dataRGB = new int[image.getWidth() * image.getHeight()];
byteRGB = new byte[dataRGB.length * 4];
image.getRGB(dataRGB, 0, image.getWidth(), 0, 0, image.getWidth(), image.getHeight());
byteRGB = getByte(dataRGB);
Cryptograph crypt = new Cryptograph(message,mainMidlet.password );
String cipher = crypt.encrypt();
cipher += "*";
byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes());
}catch (IOException ioe){
showError("Not able to load Image");
}
}
private byte[] getByte(int[] source){
byte[] byteRGB = new byte[source.length * 4];
www.jntuworld.com
www.jntuworld.com
65
for (int i=0 ; i<source.length ; i++){
byteRGB[i * 4 + 0] = (byte)((source[i] >> 24) & 0x000000ff);
byteRGB[i * 4 + 1] = (byte)((source[i] >> 16) & 0x000000ff);
byteRGB[i * 4 + 2] = (byte)((source[i] >> 8) & 0x000000ff);
byteRGB[i * 4 + 3] = (byte)((source[i] >> 0) & 0x000000ff);
}
return byteRGB;
}}
5.2.5 Implementing Steganography
The following code is the important code in our project where it provides the security to the user.
public class Steganograph
{
private Steganograph()
{ }
public static byte[] embedMessage(byte byteRGB[],byte msgBytes[]){
for (int i=0 ; i<msgBytes.length ; i++){
byteRGB[i * 4 + 0] = (byte)((byteRGB[i * 4 + 0] & 0xFC)|(msgBytes[i] & 0x03));
byteRGB[i * 4 + 1] = (byte)((byteRGB[i * 4 + 1] & 0xFC)|((msgBytes[i]>>2) & 0x03));
byteRGB[i * 4 + 2] = (byte)((byteRGB[i * 4 + 2] & 0xFC)|((msgBytes[i]>>4) & 0x03));
byteRGB[i * 4 + 3] = (byte)((byteRGB[i * 4 + 3] & 0xFC)|((msgBytes[i]>>6) & 0x03));
}
return byteRGB;
}
public static String retrieveMessage(byte byteRGB[])
www.jntuworld.com
www.jntuworld.com
66
{
byte [] extractdata = new byte [byteRGB.length];
int c= 0;
for (int i=0;i<byteRGB.length/4;i++){
extractdata[c++] = (byte)(byteRGB[i * 4 + 0] & 0x03);extractdata[c++] = (byte)(byteRGB[i * 4 + 1] & 0x03);
extractdata[c++] = (byte)(byteRGB[i * 4 + 2] & 0x03);
extractdata[c++] = (byte)(byteRGB[i * 4 + 3] & 0x03);
}
StringBuffer extractedMsg = new StringBuffer();
byte[] messageBytes = new byte[extractdata.length/4];
int twoBitByteCnt = 0;
for (int i=0;i<messageBytes.length;i++){
messageBytes[i] = (byte)(extractdata[twoBitByteCnt++]);
messageBytes[i] = (byte)(messageBytes[i] | (extractdata[twoBitByteCnt++] << 2));
messageBytes[i] = (byte)(messageBytes[i] | (extractdata[twoBitByteCnt++] << 4));
messageBytes[i] = (byte)(messageBytes[i] | (extractdata[twoBitByteCnt++] << 6));
if((char)(messageBytes[i]) == '*')break;
extractedMsg.append((char)(messageBytes[i]));
}
String Message = new String(extractedMsg);
return Message;
}
}
www.jntuworld.com
www.jntuworld.com
67
5.3 METHOD OF IMPLEMENTATION
Installing SoftwareFirst of all install Java 1.6 and then Tomcat Apache 5.1 by specifying port number
as 8080. After that install MySQL database in your system. After installing MySQL,
install SQL Yog, an application which has GUI to organize MySQL databases. You can
install an IDE like ECLIPSE or an EditPlus editor to write Java programs (optional). You
can even write them in notepad also. For the purpose of Testing you need to install
J2MEUNIT testing tool.
Enable Path Settings
Now the path settings have to be enabled so that your system will be able to
recognize the above installed softwares. Note that correct path have to be given otherwise
it may raise an error. The following picture depicts the method of setting path:
(Right click on My Computer) (Select Advanced tab and Environment variables)
www.jntuworld.com
www.jntuworld.com
68
(Setting User Variables) (Setting System Variables)
Now we have to write code for all the pages using the concept of Java Server
Pages. It gives the user interface for the project. The server validation processes will be
handled by the Servlet Technology. All servlet programs have to be written and
interpreted for generating their .class files. The database programs can be implemented
using SQL Yog.
Follow this hierarchy for arranging your files:
+Tomcat 1.6 +webapps +bookstore .jsp files +images +include +WEB-INF web.xml +classes +lib +src
www.jntuworld.com
www.jntuworld.com
69
All .jsp pages are placed in the /bookstore application folder.
All .class files generated are placed in /classes folder of /WEB-INF.
All APIs including comm.jar, jsp-api.jar, etc. are placed in /lib folder of /WEB-
INF.
All source code files are placed in /src folder of /WEB-INF.
Now launch Tomcat service and go to Tomcat Manager. Click “mbank”
application. That’s it! Your application is launched.
5.3.1 FormsThe following are some of the forms available in our project:
5.3.1.1 Loginimport javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
import javax.sql.DataSource;
import java.util.ArrayList;
import java.sql.Connection;
import java.sql.Statement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class LoginServlet extends HttpServlet {
Database db = null;
ResultSet rs = null;
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String userAccount = "" ;
String username = "";
String password = "";
String firstname = "";
userAccount = request.getParameter("a");
response.setContentType("text/plain");
PrintWriter out=response.getWriter();
www.jntuworld.com
www.jntuworld.com
70
try { db = new Database();
}catch(SQLException e2){ out.print("EC899"); }
catch(ClassNotFoundException e3){
out.print("EC899"); }
try {
final String query ="select
username,password,firstname from userinfo where accountno = '" +
userAccount +"'";
rs = db.executeQuery(query);
if(rs.next())
{
username = rs.getString(1);
password = rs.getString(2);
firstname = rs.getString(3);
InputStream in = request.getInputStream();
BufferedReader r = new BufferedReader(new
InputStreamReader(in));
StringBuffer buf = new StringBuffer();
String line;
while ((line = r.readLine()) != null) {
buf.append(line);
}
String s = buf.toString();
byte [] imBytes = s.getBytes();
String message = "";
try
{
message =
Steganograph.retrieveMessage(imBytes);
}
catch (Exception e)
{
out.print("EC799");
}
Encrypt crypt = new Encrypt(message, password);
String uname = crypt.decrypt();
if (uname.equals(username))
www.jntuworld.com
www.jntuworld.com
71
{
out.print(firstname);
} else {
out.print("EC999");
}
}else {
out.print("EC999");
}
}catch(SQLException e1){ out.print("EC899"); }
}
public void doGet(HttpServletRequest req, HttpServletResponse
resp)throws ServletException, IOException{
doPost(req, resp);
}
}
5.3.1.2 Registrationimport java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.http.HttpSession.*;
import java.io.*;
import java.util.*;
import javax.sql.*;
public class UserRegistrationServlet extends HttpServlet
{
HttpSession hs;
PrintStream ps,ps1;
Connection con;
PreparedStatement st;
ResultSet rs;
String str=null;
www.jntuworld.com
www.jntuworld.com
72
String uname = null;
String fname = null;
String lastnm = null;
String password = null;
String stre = null;
String add = null;
String cit = null;
String sta = null;
String coun = null;
String ph = null;
String acno = null;
String trapass = null;
RequestDispatcher rd=null;
int i;
public void init(ServletConfig sc )throws ServletException
{
super.init(sc);
}
public void service(HttpServletRequest req,HttpServletResponse
res)
throws ServletException,IOException
{
doPost(req,res);
}
public void doGet(HttpServletRequest
req,HttpServletResponse res)
throws ServletException,IOException
{
doPost(req,res);
}
public void doPost(HttpServletRequest
req,HttpServletResponse res)throws ServletException,IOException
{
PrintWriter out=res.getWriter();
res.setContentType("text/html");
uname = req.getParameter("uname");
fname = req.getParameter("fname");
www.jntuworld.com
www.jntuworld.com
73
lastnm = req.getParameter("lastnm");
password = req.getParameter("password");
stre = req.getParameter("st");
add = req.getParameter("add");
cit = req.getParameter("cit");
sta = req.getParameter("sta");
coun = req.getParameter("coun");
ph = req.getParameter("ph");
acno = req.getParameter("acno");
trapass = req.getParameter("trapass");
try {
Class.forName("com.mysql.jdbc.Driver");
con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/mbank",
"root", "password");
//String query = "insert into pat_info values(
st=con.prepareStatement("insert into userinfo
values('"+uname+"','"+password+"','"+fname+"','"+lastnm+"','"+stre+"','
"+add+"','"+cit+"','"+sta+"','"+coun+"','"+ph+"','"+acno+"','"+trapass+
"')");
i = st.executeUpdate();
System.out.println("query executed");
if(i!=0){
rd=req.getRequestDispatcher("regconfirm.jsp");
} else {
rd=req.getRequestDispatcher("error.html");
}
}catch (Exception e) {
rd=req.getRequestDispatcher("error.html");
e.printStackTrace();
}
rd.forward(req,res);
}
}
www.jntuworld.com
www.jntuworld.com
74
5.3.2 OUTPUT SCREENS
5.3.2.1 Login Page
5.3.2.2 Banking Options
www.jntuworld.com
www.jntuworld.com
75
5.3.2.3 Account Details page
5.3.2.4 Transfer Money
www.jntuworld.com
www.jntuworld.com
76
5.3.2.5 Home page of Mobile Emulator
5.3.2.6 Login Screen
www.jntuworld.com
www.jntuworld.com
77
5.3.2.7 Banking Options Screen
5.3.2.8 Stagnography Image
www.jntuworld.com
www.jntuworld.com
78
5.3.2.9 Display Account Details
5.3.2.10 Money Transfer Option
www.jntuworld.com
www.jntuworld.com
79
5.3.3 Result Analysis
This project has been implemented for several users where the simple interfaces
provides an easy navigation for banking this enhaces security even much better than the
existing system as it implements a method called stenography hence it reduces the loss of
data.
5.4 CONCLUSION
In this way we implemented the project successfully with the help of J2ME for an
easy interaction of the user with the interfaces and enhanced security with less effort
work. We proceed to the next phase i.e., testing which is very important before delivering
the project.
www.jntuworld.com
www.jntuworld.com
TESTING
&
VALIDATION
www.jntuworld.com
www.jntuworld.com
80
6. TESTING AND VALIDATION
6.1 INTRODUCTION
Software testing is a critical element of software quality assurance and represents
the ultimate review of specification, design and coding. In fact, testing is the one step in
the software engineering process that could be viewed as destructive rather than
constructive.
A strategy for software testing integrates software test case design methods into a
well-planned series of steps that result in the successful construction of software. Testing
is the set of activities that can be planned in advance and conducted systematically. The
underlying motivation of program testing is to affirm software quality with methods that
can economically and effectively apply to both strategic to both large and small-scale
systems.
The following are the Testing Objectives:
Testing is a process of executing a program with the intent of finding an error.
A good test has a high probability of finding an as yet undiscovered error.
A successful test is one that uncovers an as yet undiscovered error.
6.2 DESIGN OF TEST CASES & SCENARIO
The objective is to design tests that systematically uncover different classes of
errors and do so with a minimum amount of time and effort. Testing cannot show the
absence of defects, it can only show that software defects are present.
6.2.1 Unit Testing Interface
Number of input parameters should be equal to number of arguments.
www.jntuworld.com
www.jntuworld.com
81
Parameter and argument attributes must match.
Parameters passed should be in correct order.
Global variable definitions consistent across module.
If module does I/O,
File attributes should be correct.
Open/Close statements must be correct.
Format specifications should match I/O statements.
Buffer Size should match record size.
Files should be opened before use.
End of file condition should be handled.
I/O errors should be handled.
Any textual errors in output information must be checked.
Local Data Structures (common source of errors!)
Improper or inconsistent typing.
Erroneous initialization or default values.
Incorrect variable names.
Inconsistent date types.
Overflow, underflow, address exceptions.
Boundary conditions and Independent paths
Error Handling
Error description unintelligible.
Error noted does not correspond to error encountered.
Error condition handled by system run-time before error handler gets
control.
Exception condition processing incorrect.
www.jntuworld.com
www.jntuworld.com
82
6.2.2 Integration Testing
Modules integrated by moving down the program design hierarchy. Can use depth
first or breadth first top down integration verifies major control and decision points early
in design process. Top-level structure tested most. Depth first implementation allows a
complete function to be implemented, tested and demonstrated and does depth first
implementation of critical functions early. Top down integration forced (to some extent)
by some development tools in programs with graphical user interfaces.
Begin construction and testing with atomic modules (lowest level
modules).Bottom up integration testing as its name implies begins construction and
testing with atomic modules. Because modules are integrated from the bottom up,
processing required for modules subordinate to a given level is always available and the
need for stubs is eliminated.
6.2.3 Validation Testing
Validation testing is aims to demonstrate that the software functions in a manner
that can be reasonably expected by the customer. This tests conformance the software to
the Software Requirements Specification.
6.2.3.1 Validation Test Criteria
A set of black box test is to demonstrate conformance with requirements. To
check that all functional requirements satisfied, all performance requirements achieved,
documentation is correct and ' human-engineered', and other requirements are met (e.g.
compatibility, error recovery, and maintainability).
When validation tests fail it may be too late to correct the error prior to scheduled
delivery. Need to negotiate a method of resolving deficiencies with the customer.
6.2.3.2 Configuration Review
An audit to ensure that all elements of the software configuration are properly
developed catalogued and has all the necessary detail to support maintenance.
www.jntuworld.com
www.jntuworld.com
83
6.2.4 Alpha and Beta Testing
It is difficult to anticipate how users will really use software. If there is one
customer, a series of acceptance tests are conducted (by the customer) to enable the
customer to validate all requirements. If software is being developed for use by multiple
customers, cannot use acceptance testing. An alternative is to use alpha and beta testing
to uncover errors.
A customer conducts alpha testing at the developer's site. The customer uses the
software with the developer 'looking over the shoulder' and recording errors and usage
problems. Alpha testing conducted in a controlled environment
Beta testing is conducted at one or more customer sites by end users. It is ' live '
testing in an environment not controlled by developer. The customer records and reports
difficulties and errors at regular intervals.
6.2.5 System Testing
Software is only one component of a system. Software will be incorporated with
other system components and system integration and validation test performance.
6.3 VALIDATION
Validation aims to demonstrate that the software functions in a manner that can be
reasonably expected by the customer. This tests conformance the software to the
Software Requirements Specification.
Here an experiment has done for checking the consistency for the user
requirements regarding the username and password which should be validated through
the server and the username and password should be matched and also the method
Steganography implemented also checked for its consistency to provide security.
6.4 CONCLUSION
In this way we also completed the testing phase of the project and ensured that the
system is ready to go live. Thus we developed a new technology banking system so that
people will have a happy banking.
www.jntuworld.com
www.jntuworld.com
CONCLUSION
www.jntuworld.com
www.jntuworld.com
84
7 . CONCLUSION
We propose a Steganography to protect the messages. Steganography can be used
to maintain the confidentiality of valuable information, to protect the data from
possible sabotage, theft, or unauthorized viewing. Steganography can be used to tag
notes to online images (like post-it notes attached to paper files). Steganography is a
fascinating and effective method of hiding data that has been used throughout history.
Methods that can be employed to uncover such devious tactics, but the first step are
awareness that such methods even exist.
There are many good reasons as well to use this type of data hiding, including
watermarking or a more secure central storage method for such things as passwords,
or key processes. Regardless, the technology is easy to use and difficult to detect. The
more that you know about its features and functionality, the more ahead you will be
in the game.
Before going into the future enhancements as we came to know that
Steganography can also be performed with not only the images but also audio file,
within text etc. so in our future enhancements we can implement through the audio
file which it consists of music notes and we can embed the message into that music
notes so that we can provide better security.
www.jntuworld.com
www.jntuworld.com
85
REFERENCES
[1].T. Laukkanen, "Comparing consumer value creation in Internet and mobile banking,"
International Conference on Mobile Business (ICMB 2005), 11-13 July, 2005, pp. 655-
658.
[2] K. Pousttchi, and M. Schurig, "Assessment of today's mobile banking applications
from the view of customer requirements, “Proceedings of the 37th Annual Hawaii
International Conference on System Sciences, 5-8 January, 2004.
[3] N. Kahzadi; E. Edalat.; and M. A. Dehgan-Dehnavi,"Commerce and M-Banking in
World and Iran," Proceedings of the Third National Conference on E-Commerce, Tehran,
Iran, 31 May-1 June, 2005, pp. 306-329 (In Persian).
[4] W. Itani, and A. I. Kayssi, "J2ME end-to-end security for Mcommerce,"
2003 IEEE Wireless Communications and Networking, vol.3, pp. 2015- 2020, 16-20
March, 2003.
[5] M. Shirali-Shahreza, "Stealth Steganography in SMS,"Proceedings of the Third IEEE
and IFIP Int. Conf. on Wireless and Optical Communications Networks, 11-13 April,
2006.
[6] M. Shirali Shahreza, "An Improved Method for Steganography on Mobile Phone",
WSEAS Transactions on Systems, Issue 7, vol. 4, pp. 955-957, July, 2005.
[7] B. Dukic, and M. Katic, "m-order - payment model via SMS within the m-banking,"
27th Int. Conference on Information Technology Interfaces, 20-23 June, 2005, pp. 93-98.
www.jntuworld.com
www.jntuworld.com
Related Documents
