A Project report on IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY submitted in partial fulfillment of the requirement for the award of degree of BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING by K.KIRAN KUMAR 06R31A0527 B.VENUGOPAL REDDY 06R31A0507 G.KALYAN CHAKRAVARTHY 06R31A0520 Under the guidance of Mr. M. SRINIVAS REDDY(M. Tech.) Assistant Professor DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NOVA COLLEGE OF ENGINEERING & TECHNOLOGY (Affiliated to Jawaharlal Nehru Technological University, Hyderabad) Jafferguda (V), Hayathnagar (M), R. R. Dist. – 501512, A.P. 2010 www.jntuworld.com www.jntuworld.com
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A Project report
on
IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY
submitted in partial fulfillment of the requirement for the award of degree of
3.2.1 User requirement 133.2.2 Software requirement 143.2.3 Hardware requirement 25
3.3 Content diagram of Project 303.4 Algorithms ad Flowcharts 313.5 Conclusion 33
4. DESIGN4.1 Introduction 344.2 DFD / ER / UML diagram (any other project diagrams) 344.3 Module design and organization 404.4 Conclusion 46
www.jntuworld.com
www.jntuworld.com
5. IMPLEMENTATION & RESULTS5.1 Introduction 475.2 Explanation of Key functions 475.3 Method of Implementation 67
5.3.1 Forms 695.3.2 Output Screens 745.3.3 Result Analysis 79
5.4 Conclusion 79
6. TESTING & VALIDATION6.1 Introduction 806.2 Design of test cases and scenarios 806.3 Validation 836.4 Conclusion 83
7. CONCLUSION 84
REFERENCES 85
www.jntuworld.com
www.jntuworld.com
ABSTRACT
www.jntuworld.com
www.jntuworld.com
i
Improving Mobile Banking Security Using Steganography
Upon development of m-commerce as one of the new branches of e- commerce, m-banking has
emerged as one of the main divisions of m-commerce. As the m-banking was received very well, it has
embarked upon supply of various services based on different systems and with the aid of various services
such as the Short Messaging Service (SMS). However, in spite of its advantages, m-banking is facing some
challenges as well. One of these challenges is the issue of security of this system. This paper presents a
method for increasing security of the information requested by users with the use of Steganography
method. In this method, instead of direct sending of the information, it is hidden in a picture by the
password. Then the address of the picture is sent to the user. After entering the password, the user can
witness the information extracted from the picture if the password is entered correctly. This project is
written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones,
models N71 and 6680.
In this method, the information is never placed on the internet and exchanged on plain form. Thus,
the possibility of disclosure of information is very low. No user password is exchanged between the server
and the mobile phone. Therefore there is no risk of disclosure of user password. In this method, the amount
of information exchanged between user and the banking system decreases, so the responding speed of the
bank system increases. Steganography is a relatively modem method in secret exchange of information.
Therefore, the possibility of disclosure and extraction of its information esp. in mobile phones is much
lower.
The Steganography algorithm advantages are:
a) The password is not stored in the Stego-image; so it is difficult to detect the password.
b) Because the password is used, it is difficult to detect the information hidden in the image.
c) The decoding program uses a few kilobytes of memory. Also the program is fast enough.
www.jntuworld.com
www.jntuworld.com
ii
LIST OF FIGURES1. Water Fall Model2. JVM (Java Virtual Machine)3. Content diagram of the project4. Flowchart of the project5. Class diagram6. Use case diagram7. Sequence diagram8. Enable Path settings
LIST OF TABLES1. User Account Table2. User Info Table3. User Transaction Table
LIST OF SCREENS1. Login Page2. Banking option3. Account Details4. Transfer Money5. Home page for Mobile Emulator6. Login Screen7. Banking Option Screen8. Steganography image9. Display Account Details10. Money Transfer option
www.jntuworld.com
www.jntuworld.com
iii
SYMBOLS AND ABBREVATIONS
M-Banking - Mobile Banking
J2ME - Java 2 Micro Edition
J2SE - Java 2 Standard Edition
J2EE - Java 2 Enterprise Edition
API - Application Programming Interface
CDC - Connected Device Configuration
MIDP - Mobile Information Device Profile
CLDC - Connected, Limited Device Configuration
KVM - K – Virtual Machine
JVM - Java Virtual Machine
PDA - Personal Digital Assistance
OS - Operating System
VM - Virtual Machine
RGB - Red, Green, Blue
LSB - Least Significant Bit
SQL - Structures Query Language
ANSI - American National Standards Institute
ISO - International Organization for Standards
GPU - General Public License
ODBC - Object Database Connectivity
WAN - Wide Area Network
www.jntuworld.com
www.jntuworld.com
INTRODUCTION
www.jntuworld.com
www.jntuworld.com
1
1. INTRODUCTION
1.1 MOTIVATION
The Growing Importance of Mobile Content
Music, games and video have become principal sources of online
entertainment content in the consumer market, but the discrete systems used to deliver
that content to end devices such as mobile handsets are still rather rudimentary. To
deliver content to the consumer or business, and to adapt to rapidly changing market
needs and trends, device-independent content delivered over multiple channels is
needed—and the content must be coupled with a digital rights management (DRM)
system to allow content owners to monetize their intellectual property.
At the current stage in the evolution of online content, many companies are
focusing on a single part of the value chain, mainly on delivery, and they are able to
gain a competitive advantage there. Because content delivery to a mobile device is
currently a bottleneck, and because it is also not obvious which delivery models are
the best, concentrating on delivery makes sense at the current juncture.
Little attention is paid today, however, to a balanced implementation of the
full value chain. Our research suggests that in a few years time, attention will shift
from discrete systems focusing on delivery of specific content using rudimentary
content management integration to full blown systems that are centered on reusable
content suitable for multi-channel delivery. Adding and using metadata to quickly
find content for a specific user in a specific context and being able to deliver that
content in a timely manner and the correct format is the key to success in this more
mature environment. Whether these types of systems will be owned and managed by
mobile operators or by companies specialized in content (such as publishers or
studios) cannot be predicted at this stage.
The Special Requirements of Mobility Devices
Mobile content has some very specific constraints which have to do with the
small screen of the devices, the device’s relatively limited wireless bandwidth as well
www.jntuworld.com
www.jntuworld.com
2
as the small storage and processing capacity on the device. Furthermore, among the
devices there is a considerable spread in capacities. Standard mobile phones tend to
have a small color screen, a numerical keyboard for entering data, and most have the
capability to run small Java applications. Smart phones have a somewhat larger
screen, additional input devices such as a keyboard to enter text, and most run a
simple operating system. Brew and Windows Me are examples of two popular smart
phone operating systems.
While device-independent content delivered over multiple channels is the
goal, mobility imposes a number of other constraints on content when compared to
the wired web:
� The relationship of mobile browsers to websites;
� Location based content;
� User generated content and content management; and
� The usability of content across different mobile devices.
Content is driving the market for carriers of every stripe. For the mobile
operator, content ranges from information that is mobility-independent (such as a
weather forecasts) to mobile-specific content (such as ring tones). Further, mobile
content can be relatively static (such as a web page or a photo) or highly dynamic
(such as traffic information). Beyond a set of requirements particular to mobility,
managing, updating, and archiving website content as well as maintaining technical
and customer information is a major business operation demanding up to-date
systems.
1.2 PROBLEM DEFINATION
The existing system which we use is banking through computer using internet
which is not portable, that is we have to do ever work sitting at home, this makes a lot
of time useless this is a drawback, this necessarily requires a computer at home, now-
a-days as technology is increasing prices are also increasing so buying a computer
costs an individual higher and internet may not be available at the place where he is
residing these are some of the drawbacks of the existing system.
www.jntuworld.com
www.jntuworld.com
3
1.3 OBJECTIVE OF THE PROJECT
• This paper presents a method to make sending information requested by users in
mobile banking system more safe and secure based on the idea of Steganography.
• By hiding information in pictures and lack of direct sending of information, this
method increases the security of sending the information for users in m-banking
system.
Some of the reasons for preference of m-banking over e-banking are
1- No place restriction;
2- High penetration coefficient;
3- Fully personalized; and
4- Availability.
• Used to increase the convenience of the customers and reduces banking costs.
1.4 LIMITATIONS OF THE PROJECT
Mobile banking application is already in use as many banks are directly launching
their own web sites which an be accessed by the mobiles, but the problem here is the
language which uses in this process is Web Markup Language which eats lot of time
to process and there is no security as there security implementations are pretty
ordinary, this has been overcome by introducing a concept of JAR file developed
using J2ME which directly after installing can get in to contact with the administrator
and also by using a method called Steganography it provides much better security.
1.5 ORGANISATION OF DOCUMENTATION
In this project documentation we have initially put the definition and objective
of the project as well as the design of the project which is followed by the
implementation and testing phases. Finally the project has been concluded
successfully and also the future enhancements of the project were given in this
documentation.
www.jntuworld.com
www.jntuworld.com
LITERATURE
SURVEY
www.jntuworld.com
www.jntuworld.com
4
2. LITERATION SURVEY
2.1 INTRODUCTION
Steganography is one of the fundamental ways by which data can be kept
confidential. This article will offer a brief introductory discussion of steganography: what
it is, how it can be used, and the true implications it can have on information security.
What is Steganography?
In computer terms, steganography has evolved into the practice of hiding a
message within a larger one in such a way that others cannot discern the presence or
contents of the hidden message. In contemporary terms, steganography has evolved into a
digital strategy of hiding a file in some form of multimedia, such as an image, an audio
file (like a .wav or mp3) or even a video file.
Steganography Tools
There are a vast number of tools that are available for steganography. An
important distinction that should be made among the tools available today is the
difference between tools that do steganography, and tools that do steganalysis, which is
the method of detecting steganography and destroying the original message. Steganalysis
focuses on this aspect, as opposed to simply discovering and decrypting the message,
because this can be difficult to do unless the encryption keys are known.
A comprehensive discussion of steganography tools is beyond the scope of this
article. However, there are many good places to find steganography tools on the Net. One
good place to start your search for stego tools is on Neil Johnson's Steganography and
Digital Watermarking Web site. The site includes an extensive list of steganography
tools. Another comprehensive tools site is located at the StegoArchive.com.
For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site.
Niels Provos's site, is also a great reference site, but is currently being relocated, so keep
checking back on its progress.
www.jntuworld.com
www.jntuworld.com
5
The plethora of tools available also tends to span the spectrum of operating
systems. Windows, DOS, Linux, Mac, and Unix: you name it, and you can probably find
it.
Steganography and Security
As mentioned previously, steganography is an effective means of hiding data,
thereby protecting the data from unauthorized or unwanted viewing. But stego is simply
one of many ways to protect the confidentiality of data. It is probably best used in
conjunction with another data-hiding method. When used in combination, these methods
can all be a part of a layered security approach. Some good complementary methods
include:
Encryption - Encryption is the process of passing data or plaintext through a
series of mathematical operations that generate an alternate form of the original data
known as cipher text. The encrypted data can only be read by parties who have been
given the necessary key to decrypt the cipher text back into its original plaintext form.
Encryption doesn't hide data, but it does make it hard to read!
2.2 EXISTING SYSTEM
In the existing system of the project we had just e-banking that is usage through computers, here users can bank through the internet from a personal computer located at a particular point of place or through a mobile which uses WML (Web Markup
Language); it downloads the contents from the internet.
2.3 DISADVANTAGES OF EXISTING SYSTEM
As mentioned above we can use both personal computer and the mobile for banking but the problem here is when we use a personal computer it is required that the person has to be compulsorily at a place which requires time, he can’t carry his computer with him where ever he go it is a drawback, to over come with this usage of ecommerce through mobile has been introduced here we can do banking from any place but the
www.jntuworld.com
www.jntuworld.com
6
problem here is it completely uses WML for the purpose. When WML is used it repeatedly has to download every bit of data from the internet which takes a lot of time,
for which mobile E banking by using J2ME has been introduced.
Here we perform e-banking, by this we don’t have security.
Time constraint is there.
Phishing can be done.
There is no security for the data
Low bandwidth & latency issues
High communication costs
Low functionality and fewer capabilities in the mobile devices Security concerns.
2.4 PROPOSED SYSTEM
As the above disadvantages can’t be solved with in this application has been proposed and also the security will be much improved than the existing system as we are implementing the special method called Steganography, here in this we develop a jar file by using J2ME for banking a customer here will get a unique ID & Password once he dumps the application in to the mobile and after installing he gets the page to get started with. Here after he enters the ID & Password he gets logged in and he will have an easily understandable interface where he can have two options i.e. account details and money transfer. In this process the applications gets interacted not to an internet server but to the
administrator server which makes easy processing and takes no time.
We are using Mobile to perform Transactions. Importance of mobile channel for e-
banking
Proactive and simple alerting services reduces branch/ call center costs
M-banking is expected to account for an increasingly high proportion of
transactions.
Mobile device can be an ideal POS device allowing transactions to be authorized
in many more places than ever before
Mobile services are expected to generate access to new business opportunities &
new alliances across business sectors
High market penetration (up to 80% in some countries) and still growing.
www.jntuworld.com
www.jntuworld.com
7
Mobile Banking Today
Fast data services (GPRS)
Low data transfer costs (e.g. flat rates)
More functionality possible (new devices with better displays and browser
functionality)
Higher Security mechanisms
Applications capitalize on the mobile aspects and diversify from existing web-
based solutions
2.5CONCLUSION
This paper presents a method for increasing security of the information requested
by users with the use of steganography method. In this method, instead of direct
sending of the information, it is hidden in a picture by the password. After entering
the password, the user can witness the information extracted from the picture if the
password is entered correctly.
www.jntuworld.com
www.jntuworld.com
ANALYSIS
www.jntuworld.com
www.jntuworld.com
8
3. ANALYSIS
3.1 INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to
analyze the problem and understand its context. The first activity in the phase is studying
the existing system and other is to understand the requirements and domain of the new
system. Both the activities are equally important but the first activity serves as a basis of
giving the functional specifications and then successful design of the proposed system.
Understanding the properties and requirements of a new system is more difficult and
requires creative thinking as well as understanding of existing system is also difficult.
Improper understanding of present system can lead diversion from solution.
3.1.1 Analysis Model
The model that is basically being followed is WATER FALL Model which states
that the phases are organized in a linear order. First of all, the feasibility study is done.
Once that part is over, the requirement analysis and project planning begins. If system
exists as a whole but modification and addition of new module is needed, analysis of
present system can be used as basic model.
The design starts after the requirement analysis is complete and the coding begins
after the design is complete. Once the programming is completed, the testing is done. In
this model the sequence of activities performed in a software development project are:
Requirement Analysis
Project Planning
System Design
Detail Design
Coding
Unit Testing
System Integration & Testing
www.jntuworld.com
www.jntuworld.com
9
Here the linear ordering of these activities is critical. At the end of the phase, the
output of one phase is the input to other phase. The output of each phase should be
consistent with the overall requirement of the system. Some of the qualities of spiral
model are also incorporated like after the people concerned with the project review
completion of each of the phase the work done.
WATER FALL Model has been chosen because all requirements were known
before and the objective of our software development is the computerization/automation
of an already existing manual working system.
www.jntuworld.com
www.jntuworld.com
10
3.1.2 Study of the system
3.1.2.1 GUI’S
For flexibility, the User Interface has been developed with a graphics concept in
mind, associated through a browser interface. The GUI’S at the top level have been
categorized as:
Administrative User Interface.
The Operational/Generic User Interface.
The “Administrative User Interface” concentrates on the consistent information
that is practically, part of the organizational activities and which needs proper
authentication for the data collection. This interface helps the administration with all the
transactional states like Data Insertion, Data Deletion and Data Updation along with the
extensive Data Search capabilities.
The “Operational/Generic User Interface” helps the users upon the system in
transactions through the existing data and required services. The Operational User
Interface also helps the ordinary users in managing their own information in a customized
manner as per the assisted flexibilities.
3.1.2.2 Project Instructions
Based on the given requirements, conceptualize the Solution Architecture. Choose
the domain of your interest otherwise develop the application for ultimatedotnet.com.
Depict the various architectural components, show interactions and connectedness and
show internal and external elements. Design the web services, web methods and database
infrastructure needed both and client and server. Provide an environment for upgradation
of application for newer versions that are available in the same domain as web service
target.
www.jntuworld.com
www.jntuworld.com
11
3.1.3 Feasibility Report
Preliminary investigation examine project feasibility, the likelihood the system
will be useful to the organization. The main objective of the feasibility study is to test the
Technical, Operational and Economical feasibility for adding new modules and
debugging old running system. All system is feasible if they are unlimited resources and
infinite time. There are aspects in the feasibility study portion of the preliminary
investigation:
Technical Feasibility
Operation Feasibility
Economical Feasibility
3.1.3.1 Technical Feasibility
The technical issue usually raised during the feasibility stage of the investigation
includes the following:
Does the necessary technology exist to do what is suggested?
Do the proposed equipments have the technical capacity to hold the data required
to use the new system?
Will the proposed system provide adequate response to inquiries, regardless of the
number or location of users?
Can the system be upgraded if developed?
Are there technical guarantees of accuracy, reliability, ease of access and data
security?
Earlier no system existed to cater to the needs of ‘Secure Infrastructure
Implementation System’. The current system developed is technically feasible. It is a web
based user interface for audit workflow at NIC-CSD. Thus it provides an easy access to
the users. The database’s purpose is to create, establish and maintain a workflow among
various entities in order to facilitate all concerned users in their various capacities or
roles. Permission to the users would be granted based on the roles specified. Therefore, it
provides the technical guarantee of accuracy, reliability and security. The software and
hard requirements for the development of this project are not many and are already
www.jntuworld.com
www.jntuworld.com
12
available in-house at NIC or are available as free as open source. The work for the project
is done with the current equipment and existing software technology. Necessary
bandwidth exists for providing a fast feedback to the users irrespective of the number of
users using the system.
3.1.3.2 Operational Feasibility
Proposed projects are beneficial only if they can be turned out into information
system. That will meet the organization’s operating requirements. Operational feasibility
aspects of the project are to be taken as an important part of the project implementation.
Some of the important issues raised are to test the operational feasibility of a project
includes the following:
Is there sufficient support for the management from the users?
Will the system be used and work properly if it is being developed and implemented?
Will there be any resistance from the user that will undermine the possible application
benefits?
This system is targeted to be in accordance with the above-mentioned issues. The
well-planned design would ensure the optimal utilization of the computer resources and
would help in the improvement of performance status.
3.1.3.3 Economic Feasibility
A system can be developed technically and that will be used if installed must still
be a good investment for the organization. In the economical feasibility, the development
cost in creating the system is evaluated against the ultimate benefit derived from the new
systems. Financial benefits must equal or exceed the costs.
The system is economically feasible. It does not require any addition hardware or
software. Since the interface for this system is developed using the existing resources and
technologies available at NIC, There is nominal expenditure and economical feasibility
for certain.
www.jntuworld.com
www.jntuworld.com
13
3.2 SOFTWARE REQUIREMENT SPECIFICATION
Purpose: The main purpose for preparing this document is to give a general insight into
the analysis and requirements of the existing system or situation and for determining the
operating characteristics of the system.
Scope: This Document plays a vital role in the development life cycle (SDLC) and it
describes the complete requirement of the system. It is meant for use by the developers
and will be the basic during testing phase. Any changes made to the requirements in the
future will have to go through formal change approval process.
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements of
the system?
Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work on
it and also the documents of the system.
Conducting any user training that might be needed for using the system.
Maintaining the system for a period of one year after installation.
3.2.1 User Requirements
User name and Password for the website for the purpose of banking issued by the
administrator.
A mobile phone with GPRS access.
Sim card from any network which supports WAP.
www.jntuworld.com
www.jntuworld.com
14
3.2.2 Software Requirements
Language: JAVA
Front End: J2ME
Back End: My SQL
Web Server: Apache Tomcat
Build Tools: Apache ANT
Testing Tool: J2ME unit test
3.2.2.1 Java
The JAVA language was created by James Gosling in June 1991 for use in a set
top box project. The language was initially called Oak, after an oak tree that stood outside
Gosling's office - and also went by the name Green - and ended up later being renamed to
Java, from a list of random words. Gosling's goals were to implement a virtual machine
and a language that had a familiar C/C++ style of notation. The first public
implementation was Java 1.0 in 1995. It promised "Write Once, Run anywhere"
(WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its
security was configurable, allowing network and file access to be restricted. Major web
browsers soon incorporated the ability to run secure Java applets within web pages. Java
quickly became popular. With the advent of Java 2, new versions had multiple
configurations built for different types of platforms. For example, J2EE was for
enterprise applications and the greatly stripped down version J2ME was for mobile
applications. J2SE was the designation for the Standard Edition. In 2006, for marketing
purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively.
In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body and
later the Ecma International to formalize Java, but it soon withdrew from the process.
Java remains a de facto standard that is controlled through the Java Community Process.
At one time, Sun made most of its Java implementations available without charge
although they were proprietary software. Sun's revenue from Java was generated by the
selling of licenses for specialized products such as the Java Enterprise System. Sun
distinguishes between its Software Development Kit (SDK) and Runtime Environment
www.jntuworld.com
www.jntuworld.com
15
(JRE) which is a subset of the SDK, the primary distinction being that in the JRE, the
compiler, utility programs, and many necessary header files are not present.
On 13 November 2006, Sun released much of Java as free software under the
terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the
process, making Java’s entire core code open source, aside from a small portion of code
to which Sun did not hold the copyright.
The following are the Primary goals:
There were five primary goals in the creation of the Java language:
It should use the object-oriented programming methodology.
It should allow the same program to be executed on multiple operating systems.
It should contain built-in support for using computer networks.
It should be designed to execute code from remote sources securely.
It should be easy to use by selecting what were considered the good parts of other
object-oriented languages
The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:
· Simple · Architecture neutral
· Object oriented · Portable
· Distributed · High performance
· Multithreaded · Robust
· Dynamic · Secure
Each of the preceding buzzwords is explained in The Java Language Environment
, a white paper written by James Gosling and Henry McGilton.
In the Java programming language, all source code is first written in plain text
files ending with the .java extension. Those source files are then compiled into .class files
by the java compiler. A .class file does not contain code that is native to your processor;
it instead contains bytecodes — the machine language of the Java Virtual Machine1 (Java
www.jntuworld.com
www.jntuworld.com
16
VM). The java launcher tool then runs your application with an instance of the Java
Virtual Machine.
(An overview of the software development process)
Because the Java VM is available on many different operating systems, the same
.class files are capable of running on Microsoft Windows, the Solaris TM Operating
System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java
HotSpot virtual machine, perform additional steps at runtime to give your application a
performance boost. This includes various tasks such as finding performance bottlenecks
and recompiling (to native code) frequently used sections of code.
Through the Java VM, the same application is capable of running on multiple
platforms.
www.jntuworld.com
www.jntuworld.com
17
Java platform
A platform is the hardware or software environment in which a program runs.
We've already mentioned some of the most popular platforms like Microsoft Windows,
Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the
operating system and underlying hardware. The Java platform differs from most other
platforms in that it's a software-only platform that runs on top of other hardware-based
platforms.
The Java platform has two components:
The Java Virtual Machine
The Java Application Programming Interface (API)
You've already been introduced to the Java Virtual Machine; it's the base for the
Java platform and is ported onto various hardware-based platforms.
The API is a large collection of ready-made software components that provide
many useful capabilities. It is grouped into libraries of related classes and interfaces;
these libraries are known as packages.
(The API and JVM insulate the program from the underlying hardware)
As a platform-independent environment, the Java platform can be a bit slower
than native code. However, advances in compiler and virtual machine technologies are
bringing performance close to that of native code without threatening portability.
Java Runtime Environment
The Java Runtime Environment, or JRE, is the software required to run any
application deployed on the Java Platform. End-users commonly use a JRE in software
packages and Web browser plugins. Sun also distributes a superset of the JRE called the
Java 2 SDK (more commonly known as the JDK), which includes development tools
such as the Java compiler, Javadoc, Jar and debugger.
www.jntuworld.com
www.jntuworld.com
18
One of the unique advantages of the concept of a runtime engine is that errors
(exceptions) should not 'crash' the system. Moreover, in runtime engine environments
such as Java there exist tools that attach to the runtime engine and every time that an
exception of interest occurs they record debugging information that existed in memory at
the time the exception was thrown (stack and heap values). These Automated Exception
Handling tools provide 'root-cause' information for exceptions in Java programs that run
in production, testing or development environments.
1 (JVM) implementations that are optimized for the type of systems they are targeted at.
For example, the K Virtual Machine (KVM) is a JVM optimized for resource constrained
devices, such as mobile phones and PDAs.
J2ME is part of the Java 2 Platform
The following characteristics are shared among the three Java editions:
Write Once Run Anywhere: because Java technology relies on Java byte-code that is
interpreted by a virtual machine, applications written in Java can run on similar types
of systems (servers, desktop systems, mobile devices) independent of the underlying
operating system and processor. For example, a developer doesn't need to develop
and maintain different versions of the same application to run on a Nokia
www.jntuworld.com
www.jntuworld.com
19
Communicator running the EPOC operating system, a Compaq iPAQ running
PocketPC, or even a PDA powered by the Linux operating system. On mobile
phones, the variety of processors and operating systems is even more significant, and
therefore the wireless community in general is seeking a solution that is platform
agnostic, such as WAP or J2ME.
Security: while on the Internet, people are used to secure data transactions and
downloading files or email messages that may contain viruses, few wireless networks
today support standard Internet protocols, and wireless operators are concerned by the
security issues associated with the download of standard C applications on their
networks. Java technology features a robust security model: before any application is
executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity.
Once an application is running, it cannot access system resources outside of a
'sandbox,' preventing applications from acting as viruses. Finally, Java applications
can take advantage of standard data encryption solutions (SSL or Elliptic Curve
Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, W-
CDMA), providing a robust infrastructure for Mcommerce and enterprise application
access.
Rich graphical user interface: you may remember that the first demonstration of
Java technology was done using an animated character on a web page. While
animated GIF files have made this use of the technology obsolete on desktop systems,
mobile devices can benefit from richer GUI APIs that allow for differentiation of
services and the development of compelling applications.
Network awareness: while Java applications can operate in disconnected mode, they
are network-aware by default, allowing applications to be dynamically downloaded
over a network. Additionally, Java is network-agnostic, in the sense that Java
applications can exchange data with a backend server over any network protocol,
whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA,
TDMA, PHS, CDPD, Mobitex, and so on.
www.jntuworld.com
www.jntuworld.com
20
The J2ME Application Cycle
Contrary to the web browser model, which requires continuous connectivity and
offers a limited user interface and security experiences, J2ME allows applications to be
dynamically downloaded to a mobile device in a secure fashion. J2ME applications can
be posted on a Web server, allowing end users to initiate the download of an application
they select through a micro browser or other application locator interface. Wireless
operators, content providers, and ISVs can also push a set of J2ME applications and
manage them remotely. The Java provisioning model puts the responsibility of checking
the compatibility of the applications (such as version of the J2ME specification used,
memory available on the handset) on the handset itself, allowing the end user to ignore
the intricacies associated with typical desktop systems.
Once a J2ME application is deployed on a mobile device, it stays there until the
user decides to upgrade or remove it. The application can be operated in disconnected
mode (such as standalone game, data entry application) and store data locally, providing
a level of convenience that is not available on current browser-based solutions. Because
the application resides locally, the user doesn't experience any latency issues, and the
application can offer a user interface (drop-down menus, check boxes, animated icons)
that is only matched by native C applications. The level of convenience is increased
because the user can control when the application initiates a data exchange over the
wireless network. This allows for big cost savings on circuit0switched networks, where
wireless users are billed per minute, and allows a more efficient exchange of data, since
many applications can use a store and forward mechanism to minimize network latency.
www.jntuworld.com
www.jntuworld.com
21
J2ME applications can exchange data over WAP, i-mode or TCP based wireless networks
Additionally, J2ME applications can leverage any wireless network infrastructure,
taking advantage of a WAP network stack on current circuit-switched networks (GSM,
CDMA, and TDMA). The same applications are ready to be used on packet-based
networks, allowing the use of standard Internet protocols, such as HTTPS over SSL (data
encryption), IMAP (email), LDAP (directories), between the J2ME enabled client
application and the backend infrastructure.
J2ME Benefits on Wireless Devices
Let's look at how Java technology fits in the wireless service evolution.
Originally, analog technology was sufficient to handle voice services, but the quality of
the calls was sketchy and multiple radio networks competed with one another.
Today we take advantage of the second generation of networks and services (2G
networks), which use digital networks and web browser technologies. This provides
access to data services, but markup languages present some limitations. Markup
languages are a step in the right direction, but browser-based applications don't work
www.jntuworld.com
www.jntuworld.com
22
when out of coverage-require air time for even simple operations (such as entering
appointments in browser-based calendar) - offer a limited user interface paradigm
(character-based, static black and white images, cumbersome navigation interface).
When Java technology is added to this environment, it brings additional benefits
that translate into an enhanced user experience. Instead of plain text applications and
latency associated to a browser-based interface, the user is presented with rich animated
graphics, a fast interaction, the capability to use an application off-line, and maybe most
interestingly, the capability to dynamically download new applications to the device.
For application developers, this means that you can use your favorite
programming language and your favorite development tools, rather than learning a new
programming environment. There are over 2.5 million developers who have already
developed applications using the Java programming language, primarily on the server
side. Once these developers become familiar with the small set of J2ME APIs, it becomes
relatively easy to develop small client modules that can exchange data with server
applications over the wireless network.
The challenges that remain the same for Java, WAP, or native APIs is that small
screens and limited input interfaces require developers to put some effort into the
development of the application user interface. In other worlds, small devices force
developers to abandon bad or lazy programming techniques.
What Type of Applications Does J2ME Enable?
Many people expect to see new type of applications developed with J2ME. You
can argue that the application categories would remain the same, except for a few
exceptions such as location services and data applications that integrate with telephony
functionality. The outcome is likely to be applications that are context sensitive
(immediacy, location, personal or professional use) and are migrating from a character-
based interface (browser-based applications) to a graphical environment, providing
developers and end users with an unmatched level of flexibility. Just think about the
evolution from DOS or mainframe applications to Windows, MacOS, or Solaris graphical
www.jntuworld.com
www.jntuworld.com
23
environment. We still use processors, spreadsheets, accounting applications like in the
good old days, but because the new generation of applications take advantage of a richer
graphical environment, the applications are better and easier to use.
Therefore, expect to see J2ME developers targeting the same categories of
applications they focused on with WAP, but this time with the user experience
compelling enough for ISVs and system integrators to be able to charge for them.
As far as adoption of J2ME, the prognostics are rather good. Evans Data recently
conducted a survey2 among 500 wireless application developers, concluding that more
developers will use Java and J2ME to develop wireless applications (30%) than native C
APIs (Palm OS, Pocket PC, EPOC) or even WAP.
The market that J2ME will penetrate the fastest is the Japanese market, with
Nikkei Market Access3 forecasting a penetration rate of 40% this year. NTT DoCoMo,
who started shipping J2ME enabled I-mode phones at the end of January, has already
sold 1 million units, and they expect the number to increase to 3 million by the end of
September. The two other major Japanese wireless operators (KDDI and J-Phone) will
join DoCoMo in the deployment of J2ME enabled handsets by the end of the summer.
Obviously, forecasts can be misleading, as the experience with WAP, Bluetooth
and 3G has shown. Therefore, what really matters is the number of handset
manufacturers that are planning to make available J2ME enabled phones and PDAs this
year, as well as the number of wireless operators that are endorsing the technology and
putting in place a network infrastructure that will allow ISVs, content providers and
corporations to deploy J2ME applications and services over their network.
The benefits of Java technology as provided by J2ME in the wireless arena are
many and varied. From its Write Once Run Anywhere flexibility, to its robust security
features, to its support for off-line processing and local data storage, to its leverage of any
wireless infrastructure, to its fine-tuned control of data exchange, J2ME is a natural
platform for wireless application development. The numbers bear this out -- the ranks of
J2ME developers are growing fast.
www.jntuworld.com
www.jntuworld.com
24
3.2.2.3 MySQL
MySQL is a relational database management system (RDBMS) that runs as a
server providing multi-user access to a number of databases. MySQL is primarily
an RDBMS and therefore ships with no GUI tools to administer MySQL databases or
manage data contained within. Users may use the included command-line tools, or
download MySQL Frontends from various parties that have developed desktop software
and web applications to manage MySQL databases, build database structure, and work
with data records.
3.2.2.4 Apache Tomcat
Apache Tomcat is an open source servlet container developed by the Apache
Software Foundation (ASF). Tomcat implements the Java Servlet and the Java Server
Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java"
HTTP web server environment for Java code to run.
3.2.2.5 Apache ANT
Apache Ant is a software tool for automating software build processes. It is
similar to Make but is implemented using the Java language, requires the Java platform,
and is best suited to building Java projects. The most immediately noticeable difference
between Ant and Make is that Ant uses XML to describe the build process and its
dependencies, whereas Make has its Make file format. By default the XML file is
named build.xml.
3.2.2.6 J2ME unit test tool
J2ME Unit was created to run in small spaces where various classes like
reflection and certain primitives like double are not available. J2ME Unit includes a test
runner that will run on Motorola’s Mobile Information Device Profile(MIDP) and a text
ui test runner that prints text output.
www.jntuworld.com
www.jntuworld.com
25
3.2.3 Hardware Requirement
Processor : Pentium III
Clock speed : 550MHz
Hard Disk : 20GB
RAM : 128MB
Cache Memory : 512KB
3.2.4 Functional Requirements
3.2.4.1 Output Design
Outputs from computer systems are required primarily to communicate the results
of processing to users. They are also used to provide a permanent copy of the results for
later consultation. The various types of outputs in general are:
External Outputs whose destination is outside the organization.
Internal Outputs whose destination is within organization and they are the user’s
main interface with the computer.
Operational outputs whose use is purely within the computer department.
Interface outputs, which involve the user in communicating directly with system.
3.2.4.2 Output Definition
The outputs should be defined in terms of the following points:
Type of the output.
Content of the output.
Format of the output.
Location of the output.
Frequency of the output.
Volume of the output.
Sequence of the output.
www.jntuworld.com
www.jntuworld.com
26
It is not always desirable to print or display data as it is held on a computer. It
should be decided as which form of the output is the most suitable. For Example
Will decimal points need to be inserted
Should leading zeros be suppressed.
3.2.4.3 Output Media
In the next stage it is to be decided that which medium is the most appropriate for
the output. The main considerations when deciding about the output media are:
The suitability for the device to the particular application.
The need for a hard copy.
The response time required.
The location of the users
The software and hardware available.
Keeping in view the above description the project is to have outputs mainly
coming under the category of internal outputs. The main outputs desired according to the
requirement specification are:
The outputs were needed to be generated as a hot copy and as well as queries to
be viewed on the screen. Keeping in view these outputs, the format for the output is
taken from the outputs, which are currently being obtained after manual processing. The
standard printer is to be used as output media for hard copies.
3.2.4.4 Input Design
Input design is a part of overall system design. The main objective during the
input design is as given below:
To produce a cost-effective method of input.
To achieve the highest possible level of accuracy.
To ensure that the input is acceptable and understood by the user.
www.jntuworld.com
www.jntuworld.com
27
3.2.4.5 Input Stages
The main input stages can be listed as below:
Data recording
Data transcription
Data conversion
Data verification
Data control
Data transmission
Data validation
Data correction
3.2.4.6 Input Types
It is necessary to determine the various types of inputs. Inputs can be categorized
as follows:
External inputs, which are prime inputs for the system.
Internal inputs, which are user communications with the system.
Operational, which are computer department’s communications to the system?
Interactive, which are inputs entered during a dialogue.
3.2.4.7 Input Media
At this stage choice has to be made about the input media. To conclude about the
input media consideration has to be given to:
Type of input
Flexibility of format
Speed
Accuracy
Verification methods
Rejection rates
Ease of correction
Storage and handling requirements
www.jntuworld.com
www.jntuworld.com
28
Security
Easy to use
Portability
Keeping in view the above description of the input types and input media, it can
be said that most of the inputs are of the form of internal and interactive. As Input data is
to be the directly keyed in by the user, the keyboard can be considered to be the most
suitable input device.
3.2.4.8 Error Avoidance
At this stage care is to be taken to ensure that input data remains accurate form the
stage at which it is recorded up to the stage in which the data is accepted by the system.
This can be achieved only by means of careful control each time the data is handled.
3.2.4.9 Error Detection
Even though every effort is make to avoid the occurrence of errors, still a small
proportion of errors is always likely to occur, these types of errors can be discovered by
using validations to check the input data.
3.2.4.10 Data Validation
Procedures are designed to detect errors in data at a lower level of detail. Data
validations have been included in the system in almost every area where there is a
possibility for the user to commit errors. The system will not accept invalid data.
Whenever an invalid data is keyed in, the system immediately prompts the user and the
user has to again key in the data and the system will accept the data only if the data is
correct. Validations have been included where necessary.
The system is designed to be a user friendly one. In other words the system has
been designed to communicate effectively with the user. The system has been designed
with popup menus.
www.jntuworld.com
www.jntuworld.com
29
3.2.5 Performance Requirements
Performance is measured in terms of the output provided by the application.
Requirement specification plays an important part in the analysis of a system. Only when
the requirement specifications are properly given, it is possible to design a system, which
will fit into required environment. It rests largely in the part of the users of the existing
system to give the requirement specifications because they are the people who finally use
the system. This is because the requirements have to be known during the initial stages
so that the system can be designed according to those requirements. It is very difficult to
change the system once it has been designed and on the other hand designing a system,
which does not cater to the requirements of the user, is of no use. The requirement
specification for any system can be broadly stated as given below:
The system should be able to interface with the existing system
The system should be accurate
The system should be better than the existing system
www.jntuworld.com
www.jntuworld.com
30
3.3 CONTENT DIAGRAM OF THE PROJECT
SENDER MOBILE RECIEVER SERVER
INPUT
Processing
(Hiding Mechanism)
Secrete
KEY
NETWORK
STEGO IMAGE
Processing
(Extracting Mechanism)
OUTPUT
(Data)
KEY
www.jntuworld.com
www.jntuworld.com
31
3.4 ALGORITHMS AND FLOWCHART
3.4.1 Steganography Algorithm
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated. The output obtained as a result of
encryption performed in Module 3 is embedded in an image which is of Portable
Network Graphics format i.e. image with ‘.png’ extension. The process of embedding
consists of the following steps:
Step 1: The image is selected initially, in which data has to be embedded.
Step 2: The total number of pixels in the image is calculated by using the
formula ‘width x height’.
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
www.jntuworld.com
www.jntuworld.com
32
3.4.2 Flowchart of the project
www.jntuworld.com
www.jntuworld.com
33
3.5 CONCLUSION
In this phase, we understand the software requirement specifications for the
project. We arrange all the required components to develop the project in this phase itself
so that we will have a clear idea regarding the requirements before designing the project.
Thus we will proceed to the design phase followed by the implementation phase of the
project.
www.jntuworld.com
www.jntuworld.com
DESIGN
www.jntuworld.com
www.jntuworld.com
34
4. DESIGN
4.1 INTRODUCTION
In this project, we propose a mobile-based software token system that is supposed
to replace existing hardware and computer-based software tokens. The proposed system
is secure.
4.2 UML DIAGRAMS
Unified Modeling Language (UML) is a standardized general-purpose modeling
language in the field of software engineering. It is used to specify, visualize, modify,
construct and document the artifacts of an object-oriented software intensive system
under development. UML combines best techniques from data modeling (entity
relationship diagrams), business modeling (work flows), object modeling, and component
modeling. It can be used with all processes, throughout the software development life
cycle, and across different implementation technologies.
4.2.1 Class Diagram
Class diagram in the Unified Modeling Language (UML) is a type of static
structure diagram that describes the structure of a system by showing the system's
classes, their attributes, and the relationships between the classes. It is the main building
block in object oriented modeling. It is being used both for general conceptual modeling
of the systematics of the application, and for detailed modeling translating the models
into programming code.
The classes in a class diagram represent both the main objects and interactions in
the application and the objects to be programmed. In the class diagram these classes are
represented with boxes which contain three parts:
The upper part holds the name of the class.
The middle part contains the attributes of the class, and
The bottom part gives the methods or operations the class can take.
www.jntuworld.com
www.jntuworld.com
35
In the conceptual design of a system, a number of classes are identified and
grouped together in a class diagram which helps to determine the statical relations
between those objects. With detailed modeling, the classes of the conceptual design are
often split in a number of subclasses.
M ai n
c m dLog inc m dE x itc m dB ac ktx tU s ernam etx tP as s w o rdtx t IP
s tartA pp()c om m andA c t ion ()c a llLog inS ervle t ()
Log inS ervle t
us erA c c ountus ernam epas s w orddb
ex ec uteQ ue ry ()doG et()
Trans fe r
t rans ferF o rmtx tToA c c ounttx tTP as s w ordtx tA m ount
append()addC om m and ()
S teganograph
mes s ageB y tesex tr ac tda ta
em be dMes s age ()ret ri eveM es s ag e ()
Trans ferS ervle t
dbrsrs1
ex ec ut eQ uery ()ge tD ou b le ( )
t rans act io n is p roc es s ed
www.jntuworld.com
www.jntuworld.com
36
4.2.2 Use case Diagram
A Use case diagram in the Unified Modeling Language (UML) is a type of
behavioral diagram defined by and created from a Use-case analysis. Its purpose is to
present a graphical overview of the functionality provided by a system in terms of actors,
their goals (represented as use cases), and any dependencies between those use cases.
The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.
Customer Authentication Transaction LSB
Customer
Steganography
Transfer Money
bank ing
Account details
www.jntuworld.com
www.jntuworld.com
37
4.2.3 Sequence Diagram
A sequence diagram in Unified Modeling Language (UML) is a kind
of interaction diagram that shows how processes operate with one another and in what
order. It is a construct of a Message Sequence Chart.
A sequence diagram shows, as parallel vertical lines (lifelines), different processes
or objects that live simultaneously, and, as horizontal arrows, the messages exchanged
between them, in the order in which they occur. This allows the specification of simple
runtime scenarios in a graphical manner.
C u s t o m e r A u t h e n t i c a t io n L o g in T ra n s a c t io n S t e g a n o g ra p h y p ro c e s s e d
w a n t s t h e d e ta i l s
A u t h e n t ic a t io n is d o n e
i f s u c c e s s fu l t h e n lo g in
re q u e s t fo r m o n e y tr a n s fe r
p e r fo rm s s t e g a n o g ra p h y
t h e a m o u n t i s s e n t
www.jntuworld.com
www.jntuworld.com
38
4.2.4 Data Flow Diagrams
Display Account Details
Enter Username& password.
Send Username encrypted with Password in an
Image along with Accno
Authenticate
Request for account details
Encryption & Image Embedding
Send Data
Enter Password, Retrieve Cipher text Decrypt
Display Account Detail
Exit
Mobile
Client
Server
www.jntuworld.com
www.jntuworld.com
39
Money Transfer
Enter Username& password
Send Username encrypted with Password in an
Image along with Accno.
Authenticate
Select Transaction option
Enter Receiver’s account number, Amount &
Sender’s transaction Password
Send Details
Update database
Exit
Mobile
Client
Server
www.jntuworld.com
www.jntuworld.com
40
4.3 MODULE DESIGN AND ORGANISATION
There are mainly three modules
• Admin Modules
• Client Side MIDlet Modules (j2me)
• Implementing Steganography
4.3.1 Admin Module
• In these admin Module we have web application.
• The designing of the web application is done using Java Server Pages.
• In these web page, we have these two main option;
• Account Details.
• Transfer Amount.
• The actions from the JSp are handled by the servlets
The other name of Web Banking is Net-Banking or N-Banking. The N-Banking is
one of the most popular methods, which was established before M- Banking. This
module explains the interaction between the web server and the web client i.e., the web
client interacts online with the server. Internet is used by the Web Client to establish this
connection.
The client first opens the Bank’s web page by specifying its URL. Next, the client
is requested to enter the unique Username and Password for authentication purpose. If
entered correctly, the user is logged on to the next page.
The next page displays the account number, account type and balance details of
the client. Also, two more options are displayed to the user. Depending on the user’s
need, any one of the options can be selected. The “Account details” option, if selected
displays the account details along with details about the last few transactions made by the
www.jntuworld.com
www.jntuworld.com
41
client. “Transfer money” option is used for transferring funds from one account to
another account. The user is requested to enter the account number to which money has
to be transferred, the amount to transfer and the transaction password.
In this module no security measures have been implemented. This module has
been performed to confirm the communication path between the server and the client.
JSP:
Java Server Pages (JSP) is a Java technology that allows software
developers to dynamically generate HTML, XML or other types of
documents in response to a Web client request. The technology allows
Java code and certain pre-defined actions to be embedded into static
content.
The JSP syntax adds additional XML-like tags, called JSP actions, to be
used to invoke built-in functionality. Additionally, the technology allows
for the creation of JSP tag libraries that act as extensions to the standard
HTML or XML tags. Tag libraries provide a platform independent way of
extending the capabilities of a Web server.
JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler
may generate a servlet in Java code that is then compiled by the Java
compiler, or it may generate byte code for the servlet directly. JSPs can
also be interpreted on-the-fly reducing the time taken to reload changes.
www.jntuworld.com
www.jntuworld.com
42
Java Server Pages (JSP) technology provides a simplified, fast way to
create dynamic web content. JSP technology enables rapid development of
web-based applications that are server- and platform-independent
4.3.2 Client Side MIDLET Module
• In the Client Midlet which is based on j2me client application.
• MIDlets handle all the events in the mobile part.
• Each request is handled by the server.
• We divide this client MIDlet into..
• Main - Which prefers the main Login page passes the request to
the server
• Details – from the server we have a details (mini – statement) to
the client
• Transfer – these option which transfers the amount to the other
account.
Mobile Banking comes very handy by reducing the stress of the customer to go to the
bank, the delay for enquiry and transaction etc. Every customer who has an account in the
bank and wishes to enhance his privacy, he will be given software by the bank which can
be exclusively used only by that account holding person i.e. the software the customer
holds can only perform his transaction and viewing of his account details corresponding
to his account number.
First the user has to be authenticated. For this he is requested for the ‘Username’,
‘Password’ and the IP of the server along with the port number. These values have to be
authenticated by the server. For this, first we encrypt the Username by using the
www.jntuworld.com
www.jntuworld.com
43
password as the key. We then hide the data in a picture using Steganography. This data is
sent to IP entered by the user, which is nothing but the server along with the Account
number.
The server then receives the image along with the account number. The server
then finds the password corresponding to the account number from the database. It then
retrieves the data from the image by performing steganography and decryption by using
the password as the key. If the server is able to retrieve the data, then the password and
username are considered correct and hence the user is authenticated. The database
corresponding to authentication is similar. Now two options will be displayed to the user
namely, ‘Account Details’ and ‘Transaction’. The user then has to select one among
these.
Account Details Option
If the user selects this option a request is sent to the server. The server then
processes this request and sends the reply to the mobile client. In the act of processing,
the server finds the account details of that particular account number. This data is
encrypted and then hidden in a picture using steganography. The mobile client then
receives this image. The password is requested from the user. Using this password, the
data is retrieved and displayed to the user.
Transfer Money Option
If the user selects this option the server request the user for account no to which
the money should be transferred and the also takes the input as amount which is to be
transferred to that particular account and also the transaction password should be entered
for maintaining secrecy and authentication. After entering all the details the money will
be transferred into the requested account.
www.jntuworld.com
www.jntuworld.com
44
4.3.3 Implementing Steganography
• Implementing the Steganography constraints in the entire applications.
• Steganography is the art and science of writing hidden messages in such a way
that no one apart from the sender and intended recipient even realizes there is a
hidden message.
• By contrast, cryptography obscures the meaning of a message, but it does not
conceal the fact that there is a message.
• Combining steganography of data in picture and using png format pictures this
article proposes a method for hidden exchange of information.
• The main focus of this article is on steganography in banking applications pictures
and making this possible on mobile phones considering the limitations in mobile
phones.
• After receiving a picture message containing hidden data, the decoder program
extracts the data and immediately changes the steganography places.
Usually 24-bit or 8-bit files are used to store digital images. The former one provides
more space for information hiding; however, it can be quite large. The colored
representations of the pixels are derived from three primary colors: red, green and blue.
24-bit images use 3 bytes for each pixel, where each primary color is represented by 1
byte. Using 24-bit images each pixel can represent 16,777,216 color values. We can use
the lower two bits of these color channels to hide data, then the maximum color change in
a pixel could be of 64-color values, but this causes so little change that is undetectable for
www.jntuworld.com
www.jntuworld.com
45
the human vision system. This simple method is known as Least Significant Bit insertion
as in figure 3.5.
Algorithm to embed the encrypted data:
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated.
The output obtained as a result of encryption performed in Module 3 is embedded
in an image which is of Portable Network Graphics format i.e. image with ‘.png’
extension. The process of embedding consists of the following steps:
Step 1: The image is selected initially, in which data has to be embedded.
Step 2: The total number of pixels in the image is calculated by using the
formula‘widthxheight’.
Figure 3.5 – LSB Methodology
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
www.jntuworld.com
www.jntuworld.com
46
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00’.
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
4.4 CONCLUSION
In this way we can design the layout of the project which is to be implemented during the construction phase. Thus we will have a clear picture of the project before being coded. Hence any necessary enhancements can be made during this phase and coding can be started
www.jntuworld.com
www.jntuworld.com
IMPLEMENTATION
&
RESULTS
www.jntuworld.com
www.jntuworld.com
47
5 IMPLEMENTATION AND RESULTS
5.1 INTRODUCTION
The implementation part is the most important phase of the project. In this phase, we
code the entire project in the chosen software according to the design laid during the
previous phase. The code has to be in such a way that the user requirements are satisfied
and also not complicated for the user i.e., the user interface or GUI has to be easy to
navigate. The code should be efficient in all terms like space, easy to update, etc. In this
manner, we can complete the coding part of the project and later it can be sent for testing
before being delivered to the customer
5.2 EXPLANATION OF KEY FUNCTIONS
5.2.1 Database Connectivity using jdbc
The following code gives the database connectivity using jdbc i.e., the way the
MySQL database is synchronized with the project which is developed using Java.
import java.sql.*;
import java.util.*;
public class Database {
private static String jdbcDriver = "";
private static String dbURL = "";
private static String username = "";
private static String password = "";
private Connection connection;
public Database() throws SQLException, ClassNotFoundException