Appendix-J

SAMPLE PROJECT REPORT

A project on

“Advanced Encryption Techniques”

submitted in partial fulfilment of the requirements

for the award of the degree of

Bachelors of Technology
in
Computer Science and Engineering

Submitted by:
ROHIT ARORA
Enroll No. A2300911011

Under the guidance of

Mr. HARISH GUPTA
Assistant Professor
CSE department

Department of Computer Science &Engineering

Amity School of Engineering & Technology
AMITY UNIVERSITY GURGAON, HARYANA
June 201…
 Department of Computer Science and Engineering
Amity School of Engineering and Technology

DECLARATION

I, RohitArora,student of B.Tech (Computer Science &Engineering) hereby declare

that the project entitled “ADVANCED ENCRYPTION TECHNIQUES” which is
submitted by us to department of Computer Science & Engineering,Amity School of
Engineering & Technology,Amity University Haryana,in partial fulfillment of the
requirement for the award of the degree of Bachelors of Technology in Computer
Science & Engineering,has not been previously formed the basis for the award of any
degree,diploma or other similar title or recognition.

Haryana

Date: ROHIT ARORA

i
 Department of Computer Science and Engineering
Amity School of Engineering and Technology

CERTIFICATE
Thisistocertifythat ROHIT ARORA (Enrollment N0. A2300911011), studentofB.Tech(C.S.E)
III semester,DepartmentofComputerScience&Engineering, ASET, Amity University Haryana, has
done his Integrated Project entitled“ADVANCED ENCRYPTION
TECHNIQUES”undermyguidanceandsupervisionduring“January 201…-June 201…”

Theworkwassatisfactory.He hasshowncompletededicationanddevotiontothegivenprojectwork.

Signature of Supervisor(s)

Date:
(MR HARISH GUPTA)
Assistant Professor
Computer Science & Engineering
ASET, Amity University, Haryana

Head
Department of Computer Science & Engineering
Amity School of Engineering and Technology
Amity University Haryana, Gurgaon
ABSTRACT
“Advanced Encryption Technique” as a working system involves a service provider and an
encryption system application. Service provider accepts the payments and provides the
downloadable application and a unique key.Term “random selection” of algorithm refers to the
selection of implementing algorithm in such a way that even the user is not going to know about
the algorithm used , while his motive of encryption is fulfilled in a efficient way.Manual mode
of operation provides the feature of intended selection of algorithm if user wishes to use particular
encryption algorithm.The whole system application is provided through a web server application
which accepts the payments for purchasing the software.As security feature is such an essence for
any communication over any network and encryption is one of the security issues, cryptanalysis is
performed for breaking the algorithm as analyst try for guessing the key or for getting the
plaintext.In “Advanced Encryption Technique” random selection of encryption algorithm
makes “cryptanalysis task more complex”, as firstly analyst will have to get knowledge of selected
algorithm which is selected by “Randomization Function” for encryption.“Randomization
function” makes the system unique in its class applications and makes it stand apart from all
traditional encryption systems.
 LIST OF FIGURES
Figure 1 DFD Level 0
Figure 2 DFD Level 1
Figure 3 DFD Level 2
Figure 4 Entity Relationship Diagram
Figure 5(a),5(b) Working structure of decision function
Figure 6 DES Working
Figure 7 Block diagram for TDES
Figure 8 Fiestal structure for BlowFish
Figure 9 Screenshot for first page of AET
Figure 10 Screenshot for Registration form
Figure 11 (a), 11(b) Screenshot for Purchase page
Figure 12 Screenshot for credit card information
Figure 13 Screenshot for purchase key
Figure 14 Screenshot for generate key
Figure 15 Screenshot for home page for AET
Figure 16(a) Screenshot for login page
Figure 16(b) Screenshot for login page and key entry
Figure 17 Screenshot for registration page
Figure 18 Screenshot for AET Mode selection window
Figure 19 Screenshot for Algorithm selection mode
Figure 20 Screenshot for Dynamic mode window
 Contents
Declaration i
Certificate ii
Acknowledgement iii
Abstract iv
List of Figures v
List of Tables vi
1. INTRODUCTION 1
1.1 Objective 1
1.2 Current system 2
1.3 Proposed system 3
2. BACKGROUND OF PROJECT 6

2.1 Dynamic selection concept7

3. TECHNOLOGIES USED7

3.1. Java 7

3.1.1. AWT8

3.1.2. JDBC9

3.2JSP and Servlets 9

3.2.1. Tomcat server11

3.3. Html12

4. DESIGN OF PROJECT 15

4.1 Hardware requirement 15

4.2 Software requirement 15
4.3 Software requirement (client end) 15
4.3 Data flow diagram 16
4.3.1 0 level DFD 16
4.3.2 1 level DFD17
4.3.3 2 level DFD 18
4.4 Entity relationship diagram 19
4.5 Working structure of decision box 20
 4.5.1 Working of decision function 21
4.6 List of modules 22
4.6.1 List of modules of application 22
4.6.2 List of modules of service provider 22

5. IMPLEMENTATION23

5.1 Decision function block23

5.2 XOR Based encryption 23

5.3 DES 24

5.4 Triple DES 26

5.5 Blowfish 28

5.6 MD5 (message digest algo) 30

6. SCREEN SHOTS 31

7. SCOPE OF THE PROJECT 47

8. CONCLUSION 48

9. REFERENCES 49

APPENDIX 50
Chapter 1

INTRODUCTION
Before beginning, we define some terms. An original message is known as the plaintext, while the
encoded message is called the cipher text. The process of converting from plain text to cipher text
is known as the encryption; restoring the plain text from the cipher text is decryption. The many
encryptions constitute the area of study known as cryptography. Technique used for deciphering
a message without any knowledge of the enciphering details fall into the area of cryptanalysis.

 “Advance encryption technique” has been developed to automate the task involved in
encryption and decryption of any message or any other important information with
enhanced security concept. There are two modes in AET:-

 Manual mode

 Dynamic mode

In manual mode user selects one algorithm from given algorithms for encryption and
decryption but in dynamic mode random selection of algorithm occurs for encryption and
decryption.
 It also provide two other features:

1. Message digest

2. Crypt information.

 To use AET, first of all users has to register itself on service provider which provides AET
to users and has to purchase AET and a valid key to use the AET.

 Using “Dynamic mode” even the user will not know that with which algorithm his data is
going to be encrypted as he/she only knows the encryption password.

1.1 Objective
The project can be used by any user who wants to encrypt any important message or any other
information. This project provides an easy to use GUI for encrypt and decrypt documents. It
improves the security of documents.
The main objective of this project is to enable all the security services. Such as-
 Authentication: the assurance that the communicating entity is the one that it claims to
be.

 Access control: the prevention of unauthorized use of a resource.

 Data confidentiality: the protection of data from third party.

 Data integrity: theassurance that data received are exactly as sent by an authorized entity.

It is password protected, so that only authenticated user can encrypt and decrypt the data.

1.2 Current System

Current system uses a static way of encryption or decryption. Certain fixed encryption algorithms
are used for encryption or decryption. Most
E.g.: suppose there is a user “x” using algorithms “y” for encrypt his data and if anyone knows the
used algorithm then he will go for cryptanalysis by different methods.
In following ways current system is lagging-
 Current system is inefficient.

 No password protection.

 Data is not fully secured.

 Integrity is less.

 Current system has time consuming processes.

 Current system works on static methods.

1.3 Proposed System
“Advance encryption technique” provides the encryption and decryption operation to an authenticated person, with
two operational modes and enriched with the feature of message digest creation.
“Advance encryption technique” there exists a randomization of algorithm selection for encryption and decryption as
well as manual selection of algorithm for encryption and decryption.
User can use any mode for encryption and decryption as his/her convenience. This system provides a password
protection security feature.
Cryptanalysis is more complicated as one will have known that which algorithm is used for encrypt.
The data, then one may go for cryptanalysis.
 Due to randomization Cryptanalysis is more complicated.

 System is user friendly and easy to work with.

 Provides user friendly interface.

 Provides flexibility.
Chapter 2
BACKGROUND OF PROJECT
Encryption is one of the essential issues of communication security over any network, in
conventional systems like: algorithm hubs, the selection of algorithm for performing encryption is
manual or static.
Manually selection based systems are not capable to be implemented in real world environment as
such system just provides a simulation of algorithms or a prototyping of real world systems.
Such systems provide first thought for the development of “advance encryption system”.
Static or single algorithm based systems which hardly relates with the real world implementation,
this deficiency also boost the existence of the “advance encryption technique.
As more complex encryption algorithms are in trend as they have their own security .Length of
encryption key is the basic security feature of any algorithm, as the long key used, the possibility
of number of existing key also increases.
In traditional systems user or agents encrypts the data with single algorithm rather the algorithm
may be complex, and such encryption systems can be thought as static encryption system.
While in “advance encryption technique” uses an idea of algo hub implementation but the selection
of algorithm is based on decision function which is implemented with the randomization functions
of java.
Number of algorithms is implemented in an algorithm chamber while there exists a decision
chamber which provides a random selection of algorithms.
Basic idea for this project is strong encryption and decryption with a unique feature of
randomization decision function. This system provides an over come from the lagging features of
traditional algo hubs and static encryption.

2.1 Dynamic selection concept:

The dynamic selection concept boosts the probability of standing up the whole “advance
encryption system”. Dynamic mode provides the randomize selection of algorithms.
The whole system works on the basic concept of algo selection but the feature of selection is new
and enhanced one.As a whole system is originated from the concept of the algo hub and it also
covers this concept too in its manual mode of operation.
CHAPTER 3
TECHNOLOGIES USED

3.1 JAVA:Java is an object-oriented programming language developed by James Gosling and

colleagues at Sun Microsystems in the early 1990s. Unlike conventional languages which are
generally designed either to be compiled to native (machine) code, or to be interpreted from source
code at runtime, Java is intended to be compiled to a byte code, which is then run (generally using
JIT compilation) by a Java Virtual Machine.
There were five primary goals in the creation of the Java language:
1. It should use the object-oriented programming methodology.

2. It should allow the same program to be executed on multiple operating systems.

3. It should contain built-in support for using computer networks.

4. It should be designed to execute code from remote sources securely.

5. It should be easy to use by selecting what was considered the good parts of other object-
oriented languages.

3.1.1 Object orientation:The first characteristic, object orientation ("OO"), refers to a

method of programming and language design. Although there are many interpretations of OO,
one primary distinguishing idea is to design software so that the various types of data it
manipulates are combined together with their relevant operations. Thus, data and code are
combined into entities called objects.
3.1.2 Platform independence:The second characteristic, platform independence, means
that programs written in the Java language must run similarly on diverse hardware. One should
be able to write a program once and run it anywhere. This is achieved by most Java compilers by
compiling the Java language code "halfway" to byte code (specifically Java byte code)—
simplified machine instructions specific to the Java platform. The code is then run on a virtual
machine (VM), a program written in native code on the host hardware that interprets and executes
generic Java byte code. Further, standardized libraries are provided to allow access to features of
the host machines (such as graphics, threading and networking) in unified ways. Note that,
although there's an explicit compiling stage, at some point, the Java byte code is interpreted or
converted to native machine instructions by the JIT compiler.
3.1.3 Java Runtime Environment:The Java Runtime Environment or JRE is the software
required to run any application deployed on the Java Platform. End-users commonly use a JRE in
software packages and Web browser plug-in. Sun also distributes a superset of the JRE called the
Java 2 SDK (more commonly known as the JDK), which includes development tools such as the
Java compiler, Javadoc, and debugger.
3.1.4 AWT: (ABSTRACT WINDOW TOOLKIT): Most Java programs are visual programs.
Your Java programs are frequently visual interfaces to file and network processes as well as ways
of entering data into interactive web pages. While Java really grew out of the Unix world, it has
become extremely popular for Windows as well as on most other common operating system
platforms, including Solaris, Macintosh systems, AIX and Linux. The visual controls are primarily
those common to all of these platforms, although it is not difficult to write additional control
directly in Java.
The fundamental visual controls are
 Text Field - a single line text entry field
 Text Area - a multiple line text entry field
 Checkbox - a combination of checkbox and Radio (Option) buttons
 List - a list box
 Button - a simple push button
 Choice - a dropdown list control
 Menu - a drop down menu from the window’s toolbar
 Scrollbar - horizontal and vertical scrollbars.
 Panel - an area where you can group controls or paint images or graphics
 Canvas - a base class for creating your own controls.
3.1.5 JDBC: (JAVA DATABASE CONNECTIVITY):JDBC provides access to backend
database. Java application access job using a job driver, which is a database vender-specific
interface for a database server. Although any java application can load a vender’s JDBC driver,
connect to the database, and perform database operations.
When an application requires a JDBC connection, it gets a connection from pool, uses it, and then
returns it to the pool for use by for other applications. Establishing a database connection is often
a time consuming, resource-intensive operation, so a connection pool, which limits the number of
connection operations, improves performance. To register a connection pool in the JNDI naming
tree, define a data source object for it. Java client application can then get a connection from the
pool by performing and look-up on the data source name. Server side java classes use the web
logic JDBC pool driver, which is a gene4ric JDBC driver that calls through to the vendor specific
JDBC driver. This mechanism makes application code more portable, even if you change the brand
of database used in the backend tier.

3.2 JSP & SERVLETS:

Jsp can be viewed as a high level abstraction of servlets that is implemented as an extension of the
servlet 2.1API. Both servlets and JSPs were originally developed at sun Microsystems, initially
created by Anselm Baired-Smith and later elaborated on as a specification by SatishDharmraj.
Starting with version 2.1 of the Jsp specification, java server pages have been developed under the
java community process. JSR 53 defines the JSP 2.0 specification. As of may 2006 the jsp 2.1
specification has been released under JSR 245as part of java EE 5.

3.2.1 JSP2.0
The new version of the JSP specification includes new features meant to improve programmer
productivity. Namely:
 An expression language (EL) which allows developers to create velocity style
templates (among other things).
 A faster/easier way to create new tags.
The original servlet specification was created by Sun Microsystems (version 1.0 was finalized in
June 1997). Starting with version 2.3, the servlet specification was developed under the java
community process. JSR 53 defined both the servlet 2.3 and java server page 1.2 specification.
JSR 154 specifies the servlet 2.4 and 2.5 specification. As of may 10, 2006, the current version of
the servlet specification is 2.5.
The java servlet API allows a software developer to add dynamic content to a web server using
the java platform. The generated content is commonly HTML, but may be other data XML.
Servlets are the java counterpart to no java dynamic web content technologies such as CGI and
ASP .NET. Servlets are maintain state across many server transaction by using HTTP cookies,
session variables or URL rewriting.
The servlet API, contain in the java package hierarchy javax.servlet, defines the expected
interactions of a web container and a servlet. A web container is essentially the container of a web
server that interacts with the servlet. The web container is responsible for managing the lifecycle
of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the
correct access rights.

3.2.2 Lifecycle of a Servlet:

The servlet lifecycle consists of the following steps:
1. The servlet class is loaded by the container during start-up.
2. The containers call the int () method. This message initializes the servlet and must be called
before the servlet can service any request. In the entire life of a servlet, the init method is called
only once.
3. After initialization, the servlet can service client request. Each request is serviced in its own
separate thread. The container calls the service () method of the servlet for every request. The
service () method determines the kind of HTTP request and accordingly calls the methods doget
(), dopost (), dotrace () etc. the developer of the servlet must provide implementation for these
methods. If an implementation for dopost () has not been provided, it means that the servlet cannot
handle POST request. In such a situation if a post request is made, the implementation of the parent
class will be invoked. By default, this will throw a bad HTTP request exception. A developer must
never overload the service () method.
4. Finally, the container calls the destroyed () methods which takes the servlet out of service. The
destroyed () method like init () is called only once in the life cycle of a servlet.

3.2.3 TOMCAT server:

Apache Tomcat version 6.0 implements the Servlet 2.5 and Java Server Pages 2.1 specifications
from the Java Community Process, and includes many additional features that make it a useful
platform for developing and deploying web applications and web services.
In many production environments, it is very useful to have the capability to deploy a new web
application, or underplay an existing one, without having to shut down and restart the entire
container. In addition, you can request an existing application to reload it, even if you have not
declared it to be reloadable in the Tomcat 6 server configuration file.
Deployment is the term used for the process of installing a web application (either a 3rd party WAR
or your own custom web application) into the Tomcat server.

3.3 HTML
Html stands for Hypertext Markup Language.
1. Hypertext is ordinary text that has been dressed up with extra features, such as formatting,
images, multimedia, and links to other documents.
2. Markup is the process of taking ordinary text and adding extra symbols. Each of the symbols
used for markup in html is a common that tells a browser how to display the text. HTML is the
predominant markup language for creation of web pages. It provides a means to describe the
structure of text based information in a document- by denoting certain text as heading, paragraph,
and lists and so on- and to supplement that text with interactive forms, embedded images, and
other objects. Html is written in the form of labels (known as tags), surrounded by less than (<)
and greater than (>) sign. Html can also describe, to some degree, the appearance and semantics
of a document, and can include embedded scripting language code which can affect the behavior
of web browsers and other HTML process. HTML is also used to refer to content to the MIME
type text/html or even more broadly as a generic term for HTML whether in its XML-descended
form or its form descended directly from SGML. TIM Burners Lee created the original HTML on
a next cube workstation using the next STEP development environment. At the time, HTML was
not a specification, but a collection of loosely defined elements to solve immediate problems: the
communication and dissemination of ongoing research between Lee burners and his colleagues.
His solution later combined with the emerging international and public internet to garner
worldwide attention. The original design of HTML was simple. The first publicly available
description of HTML was a document called HTML tags. The document describes 22 elements
that made up the initial design of HTML. Thirteen of these elements still exist in HTML 4.
CHAPTER 4

4.1 DESIGN OF PROJECT

Hardware configuration:
Processor: 1.3 GHz.
RAM: 128 MB
Free Space required on hard disk: 10 MB

Software requirement:
Web server with jre 1.6 properties (apache tomcat 6.0.1)
Java2 development kit (1.6.0 former edition as a minimal requirement)
Java standard tag library (jsp pages deployment)

Software requirement: (Client end)

HTTP supported Web browser
Web connectivity
Java Run Time Environment 1.6.1
1.2 DATA FLOW DIAGRAM
4.2.1 0 LEVEL

Figure 4.1: Data Flow Diagram level 0

4.2.2 LEVEL 1:

Figure 4.2: Data Flow Diagram level 1

4.2.3 2 LEVELS:

Figure 4.3: Data Flow Diagram level 2

1.3 Entity relationship diagram:

Figure 4.4: Entity Relationship diagram

4.5Working structure of decision function:

Figure 4.5: Working structure of decision function

4.6 Working of decision function:

Figure 4.6: Working structure of decision function

4.7 List of modules (System applications)

1. User interface.
 Login

 Registration.

2. Manual mode.
3. Dynamic mode.
4. Message Digest.
5. Crypt information.

Algorithms used:

 XOR based encryption.

 DES.

 3DES.

 Blow fish

4.8 List of modules: (service provider)

1. Registration

2. Purchase key

3. Purchase AET

4. Credit card no. verification

Chapter 5

IMPLEMENTATION

5.1 Key generation for DES:

Figure 5: DES Working

Triple DES:

Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length
of 192 bits. In Stealth, you simply type in the entire 192-bit (24 character) key rather than entering
each of the three keys individually. The Triple DES DLL then breaks the user-provided key into
three sub keys, padding the keys if necessary so they are each 64 bits long. The procedure for
encryption is exactly the same as regular DES, but it is repeated three times, hence the name Triple
DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted
again with the third key.

Triple DES runs three times slower than DES, but is much more secure if used properly. The
procedure for decrypting something is the same as the procedure for encryption, except it is
executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the
input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least
significant (right-most) bit in each byte is a parity bit, and should be set so that there are always
an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant
bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key
strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits
that are not used during the encryption process
Figure 6.2 : Block diagram of TDES
Chapter 7

SCREEN SHOTS

Figure 7.1:Screenshot for first page of AET

Figure 7.2: Screenshot for Registration form
Figure 7.3(a): Screenshot for purchase page
Figure 7.3(b): Screenshot for purchase page
Figure 7.4: Screenshot for credit card information
Figure 7.5: Screenshot for download link of software
Figure 7.6: Screenshot for purchase key
Chapter 8
FUTURE SCOPE OF PROJECT
“Advance encryption technique” is a system application which fulfills the basic security issue of encryption/decryption
with the more complex approach of encryption...
Project helps in overcoming from the static encryption approach as this project enhanced with the decision function.
Cryptanalysis of this encryption system becomes more complex as the primary task of cryptanalysis is to find the
selected or working algorithm.
In future prospective system can be used for encrypting the real world data as it has an automated feature of algorithm
selection. Key feature of the system is the random selection.

CONCLUSION
Encryption is the basic security need for making a secure communication happen. Number of implemented algorithms
makes the encryption more complex.
Advance encryption technique boosts the security needs of any communication channel. As this project implements
the several numbers of algorithms, with a dynamic approach.
And decision function implementation makes the system more effective and secure. As cryptanalysis is not limited
till the guessing of the key or the plain text.
“Advance encryption technique” is not just a simulation of algorithms it can be adopted for real world data encryption.
Which is supported by fully automation of algorithm selection with randomization approach?
System is quite compatible for working with real world encryption schemes. Automation is dynamic in its own class
of application, as user just only responsible for inputs and expect for encrypted text, selection of is not over to the
user.
The project can serve to be useful system for any of the, individual or organizational networks for the security of data.
REFERENCES
Books referred:
1. “Computer and networks security” by William Stallings.

2. “concepts of java” head first

3. “Software engineering” by S.Pressman.

4. “complete reference” J2SE

5. Java articles by, Doug Baldwin

6. “Java server pages” by Hens Bergeson

Web sites referred:

1. www.security-fourm.com
2. www.gogetpapers.com
3. Java2s.com
4. Google.com
5. www.vogella .de
6. www.mycrypto.net
 APPENDIX
TABLE STRUCTURE

Server side tables:

Table 1: USER_DETAIL:

NAME DATA TYPE VALIDATION

f_name Text Not null
Password Text Not null
Address Text Not null
PHONE Text Not null
Dob Date/time Not null
Credit_card_no. Text Not null

Table 2: KEY DETAILS:

Field name Data type
S_no Number
Key Text

Application Database tables:

Table 3: LOGIN DETAILS:
Field name Data type Validation
User_name Text Not null
Password Text Not null

Table 4:USERS_DETAIL:
Field name Data type Validation
Name Text Not null
Password Text Not null
Country Text Not null
e-mail Text Not null

Table 5: KEY:
Field name Data type
S_no Number