SECURITY IN TRANSMISSION SYSTEM

1.

INTRODUCTION:

The project is confined to the intranet in an organization. This application makes

sure that security services such as secrecy, authentication, integrity and non-repudiation are provided to
the communicating parties.
This project has been developed keeping in view the security features that need to be implemented in the
networks following the fulfilment of these objectives:

To develop an application that deals with the security threats that arise in the network.
To enable the end-users as well as the organizations come out with a safe messaging communication
without any threats from intruders or unauthorized people.

To deal with the four inter-related areas of network security namely Secrecy, Authentication, Non-repudiation
and Integrity

1.1 SURVEY/STUDY:
These days almost all organizations around the globe use a messaging system to transfer data among their employees
through their exclusive intranet. But the security provided is not of high standards. More and more unauthorized people are
gaining access to confidential data.

The validity of sender is not known.

The sender may deny sending a message that he/she has actually sent and similarly the receiver may deny the receipt that
he/she has actually received.

Unauthorized people can gain access to classified data.

Intruders can modify the messages or the receiver himself may modify the message and claim that the sender has sent it.

2. System Requirements

Hardware Requirements
Hard disk: - 40GB
RAM: - 512MB
Processor: - p4
Multimedia Key Board

Software Requirements
Operating Systems: WINDOWS NT 4 / 2000 / XP
Technologies Used: Java, jdbc, jsp
Front End: html, jsp
Back End: Oracle 10g

 Application Server: Apache Tomcat

3.Design
Use case for entire System:

login

create user

delete user

User

Admin
write message

read msg

logout

sender

digitalsig

receiver

login

select write option

enter msg,receiver name

encrypt msg

send msg to receiver

selecr read option

decrypt msg

verify msg

disply msg

Sequence diagram for message sending

and receiving:

Collaboration Diagram for message sending and receiving:

sender

1: login
2: select write option
3: enter msg,receiver name

4: encrypt msg
7: decrypt msg
8: verify msg

digitalsig
6: selecr read option

receiver

5: send msg to receiver

9: disply msg

Login
uname
pwd
checkvalidadmin()
chechvaliduser()

Administrator
SystemUser

addUser()
deleteUser()
writeMsg()
readMsg()

writeMsg()
readMsg()

Write
signing()
encrypt()
sendmsg()

Read
decrypt()
verify()

Class digram for entire system

4.Implementation:
COMMUNICATION INTERFACES
JDBC is a Java Application Programming Interface (API) for executing SQL statements. It consists of a set of classes
and interfaces written in the Java programming language. JDBC provides a standard API for tool/database developers
and makes it possible to write database applications using a pure Java API. Using JDBC, it is easy to send SQL
statements to virtually any relational database.

JDBC does the following things:

1. Establish a connection with a database
2. Send SQL statements
3. Process Results
A Connection object represents a connection with a database. A connection session includes the SQL statements that
are executed and the results that are returned over the connection.
connections with a single database.
Client on Internet will be using HTTP/HTTPS protocol.
Client on Intranet will be using TCP/IP protocol.

A single application can have one or more

JAVA
The general-purpose, high-level Java programming language is a powerful software platform. Every full implementation of the Java platform
gives you the following features:
Development Tools: The development tools provide everything you'll need for compiling, running, monitoring,
debugging, and documenting your applications. As a new developer, the main tools you'll be using are the javac
compiler, the java launcher, and the java documentation tool.
Application Programming Interface (API): The API provides the core functionality of the Java programming
language. It offers a wide array of useful classes ready for use in your own applications. It spans everything from
basic objects, to networking and security, to XML generation and database access, and more. The core API is
very large.
Deployment Technologies: The JDK software provides standard mechanisms such as the Java Web Start
software and Java Plug-In software for deploying your applications to end users.

User Interface Toolkits: The Swing and Java 2D toolkits make it possible to create sophisticated Graphical User
Interfaces (GUIs).
Integration Libraries: Integration libraries such as the Java IDL API, JDBC TM API, Java Naming and Directory
Interface

TM

("J.N.D.I.") API, Java RMI, and Java Remote Method Invocation over Internet Inter-ORB Protocol

Technology (Java RMI-IIOP Technology) enable database access and manipulation of remote objects.

We can't promise you fame, fortune, or even a job if you learn the Java programming language. Still, it is likely to
make your programs better and requires less effort than other languages. We believe that Java technology will
help you do the following:
Get started quickly: Although the Java programming language is a powerful object-oriented language, it's easy
to learn, especially for programmers already familiar with C or C++.
Write less code: Comparisons of program metrics (class counts, method counts, and so on) suggest that a
program written in the Java programming language can be four times smaller than the same program written in
C++.
Write better code: The Java programming language encourages good coding practices, and automatic garbage
collection helps you avoid memory leaks. Its object orientation, its JavaBeans

TM

component architecture, and its

wide-ranging, easily extendible API let you reuse existing, tested code and introduce fewer bugs.
Develop programs more quickly: The Java programming language is simpler than C++, and as such, your
development time could be up to twice as fast when writing in it. Your programs will also require fewer lines of
code.
Avoid platform dependencies: You can keep your program portable by avoiding the use of libraries written in
other languages.
Write once, run anywhere: Because applications written in the Java programming language are compiled into
machine-independent byte codes, they run consistently on any Java platform.

 Distribute software more easily: With Java Web Start software, users will be able to launch your applications
with a single click of the mouse. An automatic version check at startup ensures that users are always up to date
with the latest version of your software. If an update is available, the Java Web Start software will automatically
update their installation.

JSP(Java Server Pages)

A server-side technology, Java Server Pages is an extension to the Java servlet technology that was developed by
Sun. JSPs has dynamic scripting capability that works in tandem with HTML code, separating the page logic from
the static elements -- the actual design and display of the page -- to help make the HTML more functional(i.e.
dynamic database queries).

A JSP is translated into Java servlet before being run and it processes HTTP requests and generates
responses like any servlet. However, JSP technology provides a more convenient way to code a servlet.
Translation occurs the first time the application is run. A JSP translator is triggered by the .jsp file name extension

in a URL. JSPs are fully interoperable with servlets. You can include output from a servlet or forward the output to
a servlet and a servlet can include output from a JSP or forward output to a JSP. JSPs are not restricted to any
specific platform or server. It was originally created as an alternative to Microsoft's ASPs (Active Server Pages).
Recently, however, Microsoft has countered JSP technology with its own ASP.NET, part of the .NET initiative.

Java Server Pages (JSP) is a technology that lets you mix regular, static HTML with dynamically-generated
HTML. Many Web pages that are built by CGI programs are mostly static, with the dynamic part limited to a few
small locations. But most CGI variations, including servlets, make you generate the entire page via your program,
even though most of it is always the same. JSP lets you create the two parts separately.

HTML (HYPERTEXT MARKUP LANGUAGE)

Hyper Text Markup Language (HTML) is a SGML (Standard Generalized Markup Language) application widely used
to create web pages. HTML is basically a formatting language and not a programming language. HTML is a
language that is easy to write, easy to understand and highly portable. HTML is not a compiled language and is
directly interpreted by a browser. HTML is the set of instructions. Each instruction is called as an element or
Markup.

INTERACTIVE HTML:
FORMS:

Forms provide a unique feature to HTML. Forms allow you to collect data from the end user and return that data
to an executable code. The <FORM> element is used to start a form. The <FORM> element specifies what
program to run when the form is submitted and how the data is to be transferred.
ATTRIBUTES:
ACTION-The ACTION attribute specifies what program or HTML file is to be called when the submit button is
pressed. The ACTION is specified as a URL.
METHOD-The METHOD attribute specifies the protocol to be used when the client sends data to the server. There
are two methods. GET (the default) or POST. Using GET method data is attached to the URL mentioned in
ACTION attribute. The data that can be sent here is limited here. Where as in POST the data is posted through
environment variables and unlimited amounts of data can be sent.
NAME-The NAME attribute specifies the name of the form with which the elements of the form can be referred to
later.
The <INPUT> Element:
The <INPUT> tag provides some type of data entry in the form depending on the value of its type attribute.
Attributes
NAME-The NAME attribute is used to specify the name of the field.
VALUE-The VALUE attribute is used to specify a default value for the field.
TYPE The TYPE attribute is used to specify what type of input mechanism is to be drawn on the screen. The
permissible values are as follows:

 Text - The TEXT value is one line-text field.

Password - The PASSWORD value is used for entering a password. The text typed in the box is not displayed.
Checkbox - The CHECKBOX value provides the user with two choices, selected or not selected.
Radio - The RADIO value is used to select one of many from a set of choices.
Hidden - The HIDDEN value is used to hide information on the form. This data is not displayed but is returned to
the server when submit button is selected.
Submit - The SUBMIT value is used to draw a button on the screen that the user can select once the form is
completed.
Reset - The RESET value is used to draw a button on the screen that a user can select to reset the form to its
original default values.
Select - The SELECT value is used to select any one of the available options. It is a drop down list and the values
are placed in SELECT using OPTION element.
Text area - The TEXTAREA allows entering multiple lines of text.
The <A> Element:
The <A>tag is used to insert a hyperlink. Hyperlink is a feature of HTML, which allows to link to any
document or external files from the current page.
Attributes
HREF - The HREF attribute of the Anchor element specifies a URL.

The LIST Element:

HTML supports several list elements. Most list elements are composed of one or more <li> (list item)
elements.
a. Unordered List - Items in this list start with a list mark such as a bullet.
b. Ordered List - Items in this list are numbered automatically by the browser.
c. Definition List Each item in this list consists of one or more Definition Terms followed by one or more
Definition Descriptions.

The <TABLE> Element:

Table allows to create boundaries that make tables position easier in the creation of web pages. The
<TABLE> element has four sub elements. They are Table Row<TR>, Table Header<TH>, Table Data<TD> and
Caption<CAPTION>.

BORDER The <BORDER> attribute sets the border of the table.

Attributes:
Cell Spacing- It represents the space between the cells.
Cell Padding It represents the space between the cell border and the cell contents.
WIDTH The <WIDTH> attribute sets the width of the table and its cells

5.Testing:
System Testing involves two kinds of testing integration testing and acceptance testing. Developing a strategy for
integrating the components of a software system into a functioning whole requires careful planning so that modules
are available for integration when needed. Acceptance testing involves planning and execution of various tests in
order to demonstrate that the implemented system satisfies the requirements document.

Testing involves selection of test cases on the basis of two methods. Functional testing, which involves selection test
cases for testing the specifications of the system or the module. Structural testing, which involves testing the internal
structure of the system or module. The goal of the testing is to select the test cases such that maximum number of
errors can be detected.

Homepage of the Digital Signature.

Note:
References:
1. Mindi McDowell, Allen Householder. National Cyber Alert System Cyber Security Tip ST04-018. Available: http://www.us-cert.gov/cas/tips/ST04-

018.html. Last accessed 28th Oct 2009.

2. Bengisu Tulu, Haiqing Li, Brian Hilton, Samir Chatterjee, Thomas Horan. (INDER SCIENCE PUBLISHERS). Implementing digital signatures for healthcare

enterprises: the case of online disability evaluation reports. International Journal of Healthcare Technology and Management 2005 . 6
3.

WS-Security Authentication and Digital Signatures with Web Services Enhancements . Available: http://msdn.microsoft.com/enus/library/ms996951.aspx. Last accessed 28th Oct 2009.

4. Ricky M. Magalhaes. (May 29, 2003 ). Authentication, Access Control & Encryption. Digital Signatures.
5.

American Bar Association. Digital Signature Guidelines. Available: 5. http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html . Last accessed
29th Oct 2009.

6. CGI Group. Public Key Encryption and Digital Signature. Available: 1. http://www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf. Last accessed 29th Oct

2009.
7. your Dictionary.com. digital signature definition - computer. Available: http://www.yourdictionary.com/computer/digital-signature. Last accessed
29th Oct 2009.
8. John Smith. Adobe LiveCycle Server Digital Signatures ES. Available: http://learn.adobe.com/wiki/display/security/Digital+Signatures. Last
accessed 29th Oct 2009.
9. cryptobot e-sign. Security Robot for "Encrypting, Sending, Decrypting and Storing" Your e-Document & e-Signature. Available:
http://www.cryptbot.com/e_sign.asp. Last accessed 29th Oct 2009.
10. Sinewave Computer Services Pvt. Ltd. Digital Certificate. Available: http://www.sinewave.co.in/Products/DigitalCertificate/DigitalCertificate.htm?

gclid=CPCLiOr8450CFQEupAod0Wb9Ow. Last accessed 30th Oct 2009.

11. Journal of AHIMA. (1998). Implementing Electronic Signatures . Available:

http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_021585.hcsp?dDocName=bok1_021585. Last accessed 30th Oct 2009.

12. Karen Pauli. (Oct 2007). Electronic Signature and Secure Forms in the Insurance Industry: Taking the P&C Pen to the Web. Available:

http://www.adobe.com/financial/pdfs/electronic_secure_forms.pdf. Last accessed 30th Oct 2009.

13. Dr Paul Schapper. Authentication & Digital Signatures in E- Law and Security. Available: http://idbdocs.iadb.org/wsdocs/getdocument.aspx?

docnum=645472. Last accessed 30th Oct 2009.

14. Mindi McDowell . How to Use Encryption and Digital Signatures . Available: http://www.bestsecuritytips.com/xfsection+article.articleid+166.htm.

Last accessed 30th Oct 2009.

silicon.com . (2001). Seven Steps
15.silicon.com . (2001). Seven Steps to Digital Signature Implementation. Available: http://whitepapers.silicon.com/0,39024759,60010898p,00.htm.
Last accessed 30th Oct 2009.
16.Rick Vanover . (2004). Implement digital signatures with macros for identity authentication. Available: http://articles.techrepublic.com.com/510010878_11-5259668.html. Last accessed 30th Oct 2009.
17.Ian Curry. (2001). An Introduction to Cryptography and Digital Signatures. Available: http://www.entrust.com/resources/pdf/cryptointro.pdf. Last
accessed 31st Oct 2009.
18.E-Lock. E-Lock Digital Signature and Encryption Solutions. Available: http://www.elock.com/electronic-signature.html. Last accessed 31st Oct 2009.