www.jntuworld.

com

A Project report on IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY submitted in partial fulfillment of the requirement for the award of degree of BACHELOR OF TECHNOLOGY

in
COMPUTER SCIENCE & ENGINEERING by

K.KIRAN KUMAR B.VENUGOPAL REDDY G.KALYAN CHAKRAVARTHY

06R31A0527 06R31A0507 06R31A0520

Under the guidance of

Mr. M. SRINIVAS REDDY(M. Tech.)

Assistant Professor

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NOVA COLLEGE OF ENGINEERING & TECHNOLOGY
(Affiliated to Jawaharlal Nehru Technological University, Hyderabad) Jafferguda (V), Hayathnagar (M), R. R. Dist. 501512, A.P.

2010

www.jntuworld.com

www.jntuworld.com

NOVA COLLEGE OF ENGINEERING & TECHNOLOGY

(Approved by AICTE and Affiliated to JNTU) Jafferguda (V), Hayathnagar (M), R. R. Dist. 501512

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CERTIFICATE
This is to certify that the project entitled IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY is being submitted by

K. KIRAN KUMAR B.VENU GOPAL REDDY G. KALYAN CHAKRAVARTHY

06R31A0527 06R31A0545 06R31A0520

in partial fulfillment of the requirements for the award of BACHELOR OF TECHNOLOGY to JNTU, Hyderabad. This record is a bonafide work carried out by them under my guidance and supervision. The result embodied in this project report has not been submitted to any other university or institute for the award of any degree of diploma.

Internal Guide

External Guide

H. O. D.

www.jntuworld.com

www.jntuworld.com

ACKNOWLEDGEMENT
I would like to express my gratitude to all the people behind the screen who helped me to transform an idea into a real application.

I would like to express my heart-felt gratitude to my parents without whom I would not have been privileged to achieve and fulfill my dreams. I am grateful to our principal, Mr. RAJA PRAKASH who most ably run the institution and has had the major hand in enabling me to do my project.

I profoundly thank Mrs. K. NAGAMANI,

Head of the Department of

Computer Science & Engineering who has been an excellent guide and also a great source of inspiration to my work.

I would like to thank my internal guide Mr. M.SRINIVAS REDDY for his technical guidance, constant encouragement and support in carrying out my project at college.

I would also like to thank my external guide Ms. S. SOWJANYA for her technical guidance and support in carrying out my project at PANTECH

SOLUTIONS PVT. LTD.

The satisfaction and euphoria that accompany the successful completion of the task would be great but incomplete without the mention of the people who made it possible with their constant guidance and encouragement crowns all the efforts with success. In this context, I would like thank all the other staff members, both teaching and non-teaching, who have extended their timely help and eased my task.

K. KIRAN KUMAR B.VENU GOPAL REDDY

06R31A0544 06R31A0545

G.KALYAN CHAKRAVARTHY 06R31A0520

www.jntuworld.com

www.jntuworld.com

CONTENTS
Abstract List of Figures List of Tables List of Screens Symbols & Abbreviations 1. INTRODUCTION 1.1 Motivation 1.2 Problem definition 1.3 Objective of Project 1.4 Limitations of Project 1.5 Organization of Documentation 2. LITERATURE SURVEY 2.1 Introduction 2.2 Existing System 2.3 Disadvantages of Existing system 2.4 Proposed System 2.5 Conclusion 3. ANALYSIS 3.1 Introduction 3.2 Software Requirement Specification 3.2.1 User requirement 3.2.2 Software requirement 3.2.3 Hardware requirement 3.3 Content diagram of Project 3.4 Algorithms ad Flowcharts 3.5 Conclusion 4. DESIGN 4.1 Introduction 4.2 DFD / ER / UML diagram (any other project diagrams) 4.3 Module design and organization 4.4 Conclusion

1 2 3 3 3

4 5 5 6 7

8 13 13 14 25 30 31 33

34 34 40 46

www.jntuworld.com

www.jntuworld.com

5. IMPLEMENTATION & RESULTS 5.1 Introduction 5.2 Explanation of Key functions 5.3 Method of Implementation 5.3.1 Forms 5.3.2 Output Screens 5.3.3 Result Analysis 5.4 Conclusion 6. TESTING & VALIDATION 6.1 Introduction 6.2 Design of test cases and scenarios 6.3 Validation 6.4 Conclusion 7. CONCLUSION REFERENCES

47 47 67 69 74 79 79

80 80 83 83 84 85

www.jntuworld.com

www.jntuworld.com

ABSTRACT

www.jntuworld.com

www.jntuworld.com

Improving Mobile Banking Security Using Steganography

Upon development of m-commerce as one of the new branches of e- commerce, m-banking has emerged as one of the main divisions of m-commerce. As the m-banking was received very well, it has embarked upon supply of various services based on different systems and with the aid of various services such as the Short Messaging Service (SMS). However, in spite of its advantages, m-banking is facing some challenges as well. One of these challenges is the issue of security of this system. This paper presents a method for increasing security of the information requested by users with the use of Steganography method. In this method, instead of direct sending of the information, it is hidden in a picture by the password. Then the address of the picture is sent to the user. After entering the password, the user can witness the information extracted from the picture if the password is entered correctly. This project is written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones, models N71 and 6680. In this method, the information is never placed on the internet and exchanged on plain form. Thus, the possibility of disclosure of information is very low. No user password is exchanged between the server and the mobile phone. Therefore there is no risk of disclosure of user password. In this method, the amount of information exchanged between user and the banking system decreases, so the responding speed of the bank system increases. Steganography is a relatively modem method in secret exchange of information. Therefore, the possibility of disclosure and extraction of its information esp. in mobile phones is much lower. The Steganography algorithm advantages are: a) The password is not stored in the Stego-image; so it is difficult to detect the password. b) Because the password is used, it is difficult to detect the information hidden in the image. c) The decoding program uses a few kilobytes of memory. Also the program is fast enough.

www.jntuworld.com

www.jntuworld.com

LIST OF FIGURES 1. Water Fall Model 2. JVM (Java Virtual Machine) 3. Content diagram of the project 4. Flowchart of the project 5. Class diagram 6. Use case diagram 7. Sequence diagram 8. Enable Path settings LIST OF TABLES 1. User Account Table 2. User Info Table 3. User Transaction Table LIST OF SCREENS 1. Login Page 2. Banking option 3. Account Details 4. Transfer Money 5. Home page for Mobile Emulator 6. Login Screen 7. Banking Option Screen 8. Steganography image 9. Display Account Details 10. Money Transfer option

ii

www.jntuworld.com

www.jntuworld.com

SYMBOLS AND ABBREVATIONS

M-Banking J2ME J2SE J2EE API CDC MIDP CLDC KVM JVM PDA OS VM RGB LSB SQL ANSI ISO GPU ODBC WAN

Mobile Banking Java 2 Micro Edition Java 2 Standard Edition Java 2 Enterprise Edition Application Programming Interface Connected Device Configuration Mobile Information Device Profile Connected, Limited Device Configuration K Virtual Machine Java Virtual Machine Personal Digital Assistance Operating System Virtual Machine Red, Green, Blue Least Significant Bit Structures Query Language American National Standards Institute International Organization for Standards General Public License Object Database Connectivity Wide Area Network

iii
www.jntuworld.com

www.jntuworld.com

INTRODUCTION

www.jntuworld.com

www.jntuworld.com

1. INTRODUCTION
1.1 MOTIVATION
The Growing Importance of Mobile Content Music, games and video have become principal sources of online entertainment content in the consumer market, but the discrete systems used to deliver that content to end devices such as mobile handsets are still rather rudimentary. To deliver content to the consumer or business, and to adapt to rapidly changing market needs and trends, device-independent content delivered over multiple channels is neededand the content must be coupled with a digital rights management (DRM) system to allow content owners to monetize their intellectual property. At the current stage in the evolution of online content, many companies are focusing on a single part of the value chain, mainly on delivery, and they are able to gain a competitive advantage there. Because content delivery to a mobile device is currently a bottleneck, and because it is also not obvious which delivery models are the best, concentrating on delivery makes sense at the current juncture. Little attention is paid today, however, to a balanced implementation of the full value chain. Our research suggests that in a few years time, attention will shift from discrete systems focusing on delivery of specific content using rudimentary content management integration to full blown systems that are centered on reusable content suitable for multi-channel delivery. Adding and using metadata to quickly find content for a specific user in a specific context and being able to deliver that content in a timely manner and the correct format is the key to success in this more mature environment. Whether these types of systems will be owned and managed by mobile operators or by companies specialized in content (such as publishers or studios) cannot be predicted at this stage. The Special Requirements of Mobility Devices Mobile content has some very specific constraints which have to do with the small screen of the devices, the devices relatively limited wireless bandwidth as well
1

www.jntuworld.com

www.jntuworld.com

as the small storage and processing capacity on the device. Furthermore, among the devices there is a considerable spread in capacities. Standard mobile phones tend to have a small color screen, a numerical keyboard for entering data, and most have the capability to run small Java applications. Smart phones have a somewhat larger screen, additional input devices such as a keyboard to enter text, and most run a simple operating system. Brew and Windows Me are examples of two popular smart phone operating systems. While device-independent content delivered over multiple channels is the goal, mobility imposes a number of other constraints on content when compared to the wired web:



The relationship of mobile browsers to websites; Location based content; User generated content and content management; and The usability of content across different mobile devices. Content is driving the market for carriers of every stripe. For the mobile operator, content ranges from information that is mobility-independent (such as a weather forecasts) to mobile-specific content (such as ring tones). Further, mobile content can be relatively static (such as a web page or a photo) or highly dynamic (such as traffic information). Beyond a set of requirements particular to mobility, managing, updating, and archiving website content as well as maintaining technical and customer information is a major business operation demanding up to-date systems.

1.2 PROBLEM DEFINATION

The existing system which we use is banking through computer using internet which is not portable, that is we have to do ever work sitting at home, this makes a lot of time useless this is a drawback, this necessarily requires a computer at home, nowa-days as technology is increasing prices are also increasing so buying a computer costs an individual higher and internet may not be available at the place where he is residing these are some of the drawbacks of the existing system.
2

www.jntuworld.com

www.jntuworld.com

1.3 OBJECTIVE OF THE PROJECT

This paper presents a method to make sending information requested by users in mobile banking system more safe and secure based on the idea of Steganography. By hiding information in pictures and lack of direct sending of information, this method increases the security of sending the information for users in m-banking system. Some of the reasons for preference of m-banking over e-banking are 1- No place restriction; 2- High penetration coefficient; 3- Fully personalized; and 4- Availability. Used to increase the convenience of the customers and reduces banking costs.

1.4 LIMITATIONS OF THE PROJECT

Mobile banking application is already in use as many banks are directly launching their own web sites which an be accessed by the mobiles, but the problem here is the language which uses in this process is Web Markup Language which eats lot of time to process and there is no security as there security implementations are pretty ordinary, this has been overcome by introducing a concept of JAR file developed using J2ME which directly after installing can get in to contact with the administrator and also by using a method called Steganography it provides much better security.

1.5 ORGANISATION OF DOCUMENTATION

In this project documentation we have initially put the definition and objective of the project as well as the design of the project which is followed by the implementation and testing phases. Finally the project has been concluded successfully and also the future enhancements of the project were given in this documentation.
3

www.jntuworld.com

www.jntuworld.com

LITERATURE SURVEY

www.jntuworld.com

www.jntuworld.com

2. LITERATION SURVEY
2.1 INTRODUCTION
Steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security. What is Steganography? In computer terms, steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file. Steganography Tools There are a vast number of tools that are available for steganography. An important distinction that should be made among the tools available today is the difference between tools that do steganography, and tools that do steganalysis, which is the method of detecting steganography and destroying the original message. Steganalysis focuses on this aspect, as opposed to simply discovering and decrypting the message, because this can be difficult to do unless the encryption keys are known. A comprehensive discussion of steganography tools is beyond the scope of this article. However, there are many good places to find steganography tools on the Net. One good place to start your search for stego tools is on Neil Johnson's Steganography and Digital Watermarking Web site. The site includes an extensive list of steganography tools. Another comprehensive tools site is located at the StegoArchive.com. For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site. Niels Provos's site, is also a great reference site, but is currently being relocated, so keep checking back on its progress.

www.jntuworld.com

www.jntuworld.com

The plethora of tools available also tends to span the spectrum of operating systems. Windows, DOS, Linux, Mac, and Unix: you name it, and you can probably find it.

Steganography and Security As mentioned previously, steganography is an effective means of hiding data, thereby protecting the data from unauthorized or unwanted viewing. But stego is simply one of many ways to protect the confidentiality of data. It is probably best used in conjunction with another data-hiding method. When used in combination, these methods can all be a part of a layered security approach. Some good complementary methods include: Encryption - Encryption is the process of passing data or plaintext through a series of mathematical operations that generate an alternate form of the original data known as cipher text. The encrypted data can only be read by parties who have been given the necessary key to decrypt the cipher text back into its original plaintext form. Encryption doesn't hide data, but it does make it hard to read!

2.2 EXISTING SYSTEM

In the existing system of the project we had just e-banking that is usage through computers, here users can bank through the internet from a personal computer located at a particular point of place or through a mobile which uses WML (Web Markup Language); it downloads the contents from the internet.

2.3 DISADVANTAGES OF EXISTING SYSTEM

As mentioned above we can use both personal computer and the mobile for banking but the problem here is when we use a personal computer it is required that the person has to be compulsorily at a place which requires time, he cant carry his computer with him where ever he go it is a drawback, to over come with this usage of ecommerce through mobile has been introduced here we can do banking from any place but the
5

www.jntuworld.com

www.jntuworld.com

problem here is it completely uses WML for the purpose. When WML is used it repeatedly has to download every bit of data from the internet which takes a lot of time, for which mobile E banking by using J2ME has been introduced. Here we perform e-banking, by this we dont have security. Time constraint is there. Phishing can be done. There is no security for the data Low bandwidth & latency issues High communication costs Low functionality and fewer capabilities in the mobile devices Security concerns.

2.4 PROPOSED SYSTEM

As the above disadvantages cant be solved with in this application has been proposed and also the security will be much improved than the existing system as we are implementing the special method called Steganography, here in this we develop a jar file by using J2ME for banking a customer here will get a unique ID & Password once he dumps the application in to the mobile and after installing he gets the page to get started with. Here after he enters the ID & Password he gets logged in and he will have an easily understandable interface where he can have two options i.e. account details and money transfer. In this process the applications gets interacted not to an internet server but to the administrator server which makes easy processing and takes no time. We are using Mobile to perform Transactions. Importance of mobile channel for ebanking Proactive and simple alerting services reduces branch/ call center costs M-banking is expected to account for an increasingly high proportion of transactions. Mobile device can be an ideal POS device allowing transactions to be authorized in many more places than ever before Mobile services are expected to generate access to new business opportunities & new alliances across business sectors High market penetration (up to 80% in some countries) and still growing.
6

www.jntuworld.com

www.jntuworld.com

Mobile Banking Today

Fast data services (GPRS) Low data transfer costs (e.g. flat rates) More functionality possible (new devices with better displays and browser functionality) Higher Security mechanisms Applications capitalize on the mobile aspects and diversify from existing webbased solutions

2.5CONCLUSION
This paper presents a method for increasing security of the information requested by users with the use of steganography method. In this method, instead of direct sending of the information, it is hidden in a picture by the password. After entering the password, the user can witness the information extracted from the picture if the password is entered correctly.

www.jntuworld.com

www.jntuworld.com

ANALYSIS

www.jntuworld.com

www.jntuworld.com

3. ANALYSIS
3.1 INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to analyze the problem and understand its context. The first activity in the phase is studying the existing system and other is to understand the requirements and domain of the new system. Both the activities are equally important but the first activity serves as a basis of giving the functional specifications and then successful design of the proposed system. Understanding the properties and requirements of a new system is more difficult and requires creative thinking as well as understanding of existing system is also difficult. Improper understanding of present system can lead diversion from solution.

3.1.1 Analysis Model

The model that is basically being followed is WATER FALL Model which states that the phases are organized in a linear order. First of all, the feasibility study is done. Once that part is over, the requirement analysis and project planning begins. If system exists as a whole but modification and addition of new module is needed, analysis of present system can be used as basic model. The design starts after the requirement analysis is complete and the coding begins after the design is complete. Once the programming is completed, the testing is done. In this model the sequence of activities performed in a software development project are: Requirement Analysis Project Planning System Design Detail Design Coding Unit Testing System Integration & Testing
8

www.jntuworld.com

www.jntuworld.com

Here the linear ordering of these activities is critical. At the end of the phase, the output of one phase is the input to other phase. The output of each phase should be consistent with the overall requirement of the system. Some of the qualities of spiral model are also incorporated like after the people concerned with the project review completion of each of the phase the work done. WATER FALL Model has been chosen because all requirements were known before and the objective of our software development is the computerization/automation of an already existing manual working system.

www.jntuworld.com

www.jntuworld.com

3.1.2 Study of the system

3.1.2.1 GUIS For flexibility, the User Interface has been developed with a graphics concept in mind, associated through a browser interface. The GUIS at the top level have been categorized as: Administrative User Interface. The Operational/Generic User Interface. The Administrative User Interface concentrates on the consistent information that is practically, part of the organizational activities and which needs proper authentication for the data collection. This interface helps the administration with all the transactional states like Data Insertion, Data Deletion and Data Updation along with the extensive Data Search capabilities. The Operational/Generic User Interface helps the users upon the system in transactions through the existing data and required services. The Operational User Interface also helps the ordinary users in managing their own information in a customized manner as per the assisted flexibilities. 3.1.2.2 Project Instructions Based on the given requirements, conceptualize the Solution Architecture. Choose the domain of your interest otherwise develop the application for ultimatedotnet.com. Depict the various architectural components, show interactions and connectedness and show internal and external elements. Design the web services, web methods and database infrastructure needed both and client and server. Provide an environment for upgradation of application for newer versions that are available in the same domain as web service target.

10

www.jntuworld.com

www.jntuworld.com

3.1.3 Feasibility Report

Preliminary investigation examine project feasibility, the likelihood the system will be useful to the organization. The main objective of the feasibility study is to test the Technical, Operational and Economical feasibility for adding new modules and debugging old running system. All system is feasible if they are unlimited resources and infinite time. There are aspects in the feasibility study portion of the preliminary investigation: Technical Feasibility Operation Feasibility Economical Feasibility

3.1.3.1 Technical Feasibility The technical issue usually raised during the feasibility stage of the investigation includes the following: Does the necessary technology exist to do what is suggested? Do the proposed equipments have the technical capacity to hold the data required to use the new system? Will the proposed system provide adequate response to inquiries, regardless of the number or location of users? Can the system be upgraded if developed? Are there technical guarantees of accuracy, reliability, ease of access and data security? Earlier no system existed to cater to the needs of Secure Infrastructure Implementation System. The current system developed is technically feasible. It is a web based user interface for audit workflow at NIC-CSD. Thus it provides an easy access to the users. The databases purpose is to create, establish and maintain a workflow among various entities in order to facilitate all concerned users in their various capacities or roles. Permission to the users would be granted based on the roles specified. Therefore, it provides the technical guarantee of accuracy, reliability and security. The software and hard requirements for the development of this project are not many and are already
11

www.jntuworld.com

www.jntuworld.com

available in-house at NIC or are available as free as open source. The work for the project is done with the current equipment and existing software technology. Necessary bandwidth exists for providing a fast feedback to the users irrespective of the number of users using the system. 3.1.3.2 Operational Feasibility Proposed projects are beneficial only if they can be turned out into information system. That will meet the organizations operating requirements. Operational feasibility aspects of the project are to be taken as an important part of the project implementation. Some of the important issues raised are to test the operational feasibility of a project includes the following: Is there sufficient support for the management from the users? Will the system be used and work properly if it is being developed and implemented? Will there be any resistance from the user that will undermine the possible application benefits? This system is targeted to be in accordance with the above-mentioned issues. The well-planned design would ensure the optimal utilization of the computer resources and would help in the improvement of performance status. 3.1.3.3 Economic Feasibility A system can be developed technically and that will be used if installed must still be a good investment for the organization. In the economical feasibility, the development cost in creating the system is evaluated against the ultimate benefit derived from the new systems. Financial benefits must equal or exceed the costs. The system is economically feasible. It does not require any addition hardware or software. Since the interface for this system is developed using the existing resources and technologies available at NIC, There is nominal expenditure and economical feasibility for certain.

12

www.jntuworld.com

www.jntuworld.com

3.2 SOFTWARE REQUIREMENT SPECIFICATION

Purpose: The main purpose for preparing this document is to give a general insight into the analysis and requirements of the existing system or situation and for determining the operating characteristics of the system. Scope: This Document plays a vital role in the development life cycle (SDLC) and it describes the complete requirement of the system. It is meant for use by the developers and will be the basic during testing phase. Any changes made to the requirements in the future will have to go through formal change approval process. The developer is responsible for: Developing the system, which meets the SRS and solving all the requirements of the system? Demonstrating the system and installing the system at client's location after the acceptance testing is successful. Submitting the required user manual describing the system interfaces to work on it and also the documents of the system. Conducting any user training that might be needed for using the system. Maintaining the system for a period of one year after installation.

3.2.1 User Requirements

User name and Password for the website for the purpose of banking issued by the administrator. A mobile phone with GPRS access. Sim card from any network which supports WAP.

13

www.jntuworld.com

www.jntuworld.com

3.2.2 Software Requirements

Language: Front End: Back End: Web Server: Build Tools: JAVA J2ME My SQL Apache Tomcat Apache ANT

Testing Tool: J2ME unit test

3.2.2.1 Java The JAVA language was created by James Gosling in June 1991 for use in a set top box project. The language was initially called Oak, after an oak tree that stood outside Gosling's office - and also went by the name Green - and ended up later being renamed to Java, from a list of random words. Gosling's goals were to implement a virtual machine and a language that had a familiar C/C++ style of notation. The first public implementation was Java 1.0 in 1995. It promised "Write Once, Run anywhere" (WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its security was configurable, allowing network and file access to be restricted. Major web browsers soon incorporated the ability to run secure Java applets within web pages. Java quickly became popular. With the advent of Java 2, new versions had multiple configurations built for different types of platforms. For example, J2EE was for enterprise applications and the greatly stripped down version J2ME was for mobile applications. J2SE was the designation for the Standard Edition. In 2006, for marketing purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively. In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body and later the Ecma International to formalize Java, but it soon withdrew from the process. Java remains a de facto standard that is controlled through the Java Community Process. At one time, Sun made most of its Java implementations available without charge although they were proprietary software. Sun's revenue from Java was generated by the selling of licenses for specialized products such as the Java Enterprise System. Sun distinguishes between its Software Development Kit (SDK) and Runtime Environment
14

www.jntuworld.com

www.jntuworld.com

(JRE) which is a subset of the SDK, the primary distinction being that in the JRE, the compiler, utility programs, and many necessary header files are not present. On 13 November 2006, Sun released much of Java as free software under the terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the process, making Javas entire core code open source, aside from a small portion of code to which Sun did not hold the copyright. The following are the Primary goals: There were five primary goals in the creation of the Java language: It should use the object-oriented programming methodology. It should allow the same program to be executed on multiple operating systems. It should contain built-in support for using computer networks. It should be designed to execute code from remote sources securely. It should be easy to use by selecting what were considered the good parts of other object-oriented languages The Java programming language is a high-level language that can be characterized by all of the following buzzwords: Simple Distributed Multithreaded Dynamic Architecture neutral High performance Robust Secure Object oriented Portable

Each of the preceding buzzwords is explained in The Java Language Environment , a white paper written by James Gosling and Henry McGilton. In the Java programming language, all source code is first written in plain text files ending with the .java extension. Those source files are then compiled into .class files by the java compiler. A .class file does not contain code that is native to your processor; it instead contains bytecodes the machine language of the Java Virtual Machine1 (Java
15

www.jntuworld.com

www.jntuworld.com

VM). The java launcher tool then runs your application with an instance of the Java Virtual Machine.

(An overview of the software development process) Because the Java VM is available on many different operating systems, the same .class files are capable of running on Microsoft Windows, the Solaris
TM

Operating

System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java HotSpot virtual machine, perform additional steps at runtime to give your application a performance boost. This includes various tasks such as finding performance bottlenecks and recompiling (to native code) frequently used sections of code.

Through the Java VM, the same application is capable of running on multiple platforms.

16

www.jntuworld.com

www.jntuworld.com

Java platform A platform is the hardware or software environment in which a program runs. We've already mentioned some of the most popular platforms like Microsoft Windows, Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the operating system and underlying hardware. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other hardware-based platforms. The Java platform has two components: The Java Virtual Machine The Java Application Programming Interface (API) You've already been introduced to the Java Virtual Machine; it's the base for the Java platform and is ported onto various hardware-based platforms. The API is a large collection of ready-made software components that provide many useful capabilities. It is grouped into libraries of related classes and interfaces; these libraries are known as packages.

(The API and JVM insulate the program from the underlying hardware) As a platform-independent environment, the Java platform can be a bit slower than native code. However, advances in compiler and virtual machine technologies are bringing performance close to that of native code without threatening portability. Java Runtime Environment The Java Runtime Environment, or JRE, is the software required to run any application deployed on the Java Platform. End-users commonly use a JRE in software packages and Web browser plugins. Sun also distributes a superset of the JRE called the Java 2 SDK (more commonly known as the JDK), which includes development tools such as the Java compiler, Javadoc, Jar and debugger.
17

www.jntuworld.com

www.jntuworld.com

One of the unique advantages of the concept of a runtime engine is that errors (exceptions) should not 'crash' the system. Moreover, in runtime engine environments such as Java there exist tools that attach to the runtime engine and every time that an exception of interest occurs they record debugging information that existed in memory at the time the exception was thrown (stack and heap values). These Automated Exception Handling tools provide 'root-cause' information for exceptions in Java programs that run in production, testing or development environments.
1

(JVM) implementations that are optimized for the type of systems they are targeted at.

For example, the K Virtual Machine (KVM) is a JVM optimized for resource constrained devices, such as mobile phones and PDAs.

J2ME is part of the Java 2 Platform The following characteristics are shared among the three Java editions: Write Once Run Anywhere: because Java technology relies on Java byte-code that is interpreted by a virtual machine, applications written in Java can run on similar types of systems (servers, desktop systems, mobile devices) independent of the underlying operating system and processor. For example, a developer doesn't need to develop and maintain different versions of the same application to run on a Nokia
18

www.jntuworld.com

www.jntuworld.com

Communicator running the EPOC operating system, a Compaq iPAQ running PocketPC, or even a PDA powered by the Linux operating system. On mobile phones, the variety of processors and operating systems is even more significant, and therefore the wireless community in general is seeking a solution that is platform agnostic, such as WAP or J2ME. Security: while on the Internet, people are used to secure data transactions and

downloading files or email messages that may contain viruses, few wireless networks today support standard Internet protocols, and wireless operators are concerned by the security issues associated with the download of standard C applications on their networks. Java technology features a robust security model: before any application is executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity. Once an application is running, it cannot access system resources outside of a 'sandbox,' preventing applications from acting as viruses. Finally, Java applications can take advantage of standard data encryption solutions (SSL or Elliptic Curve Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, WCDMA), providing a robust infrastructure for Mcommerce and enterprise application access. Rich graphical user interface: you may remember that the first demonstration of

Java technology was done using an animated character on a web page. While animated GIF files have made this use of the technology obsolete on desktop systems, mobile devices can benefit from richer GUI APIs that allow for differentiation of services and the development of compelling applications. Network awareness: while Java applications can operate in disconnected mode, they are network-aware by default, allowing applications to be dynamically downloaded over a network. Additionally, Java is network-agnostic, in the sense that Java applications can exchange data with a backend server over any network protocol, whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA, TDMA, PHS, CDPD, Mobitex, and so on.
19

www.jntuworld.com

www.jntuworld.com

The J2ME Application Cycle Contrary to the web browser model, which requires continuous connectivity and offers a limited user interface and security experiences, J2ME allows applications to be dynamically downloaded to a mobile device in a secure fashion. J2ME applications can be posted on a Web server, allowing end users to initiate the download of an application they select through a micro browser or other application locator interface. Wireless operators, content providers, and ISVs can also push a set of J2ME applications and manage them remotely. The Java provisioning model puts the responsibility of checking the compatibility of the applications (such as version of the J2ME specification used, memory available on the handset) on the handset itself, allowing the end user to ignore the intricacies associated with typical desktop systems. Once a J2ME application is deployed on a mobile device, it stays there until the user decides to upgrade or remove it. The application can be operated in disconnected mode (such as standalone game, data entry application) and store data locally, providing a level of convenience that is not available on current browser-based solutions. Because the application resides locally, the user doesn't experience any latency issues, and the application can offer a user interface (drop-down menus, check boxes, animated icons) that is only matched by native C applications. The level of convenience is increased because the user can control when the application initiates a data exchange over the wireless network. This allows for big cost savings on circuit0switched networks, where wireless users are billed per minute, and allows a more efficient exchange of data, since many applications can use a store and forward mechanism to minimize network latency.

20

www.jntuworld.com

www.jntuworld.com

J2ME applications can exchange data over WAP, i-mode or TCP based wireless networks

Additionally, J2ME applications can leverage any wireless network infrastructure, taking advantage of a WAP network stack on current circuit-switched networks (GSM, CDMA, and TDMA). The same applications are ready to be used on packet-based networks, allowing the use of standard Internet protocols, such as HTTPS over SSL (data encryption), IMAP (email), LDAP (directories), between the J2ME enabled client application and the backend infrastructure. J2ME Benefits on Wireless Devices Let's look at how Java technology fits in the wireless service evolution. Originally, analog technology was sufficient to handle voice services, but the quality of the calls was sketchy and multiple radio networks competed with one another. Today we take advantage of the second generation of networks and services (2G networks), which use digital networks and web browser technologies. This provides access to data services, but markup languages present some limitations. Markup languages are a step in the right direction, but browser-based applications don't work
21

www.jntuworld.com

www.jntuworld.com

when out of coverage-require air time for even simple operations (such as entering appointments in browser-based calendar) - offer a limited user interface paradigm (character-based, static black and white images, cumbersome navigation interface). When Java technology is added to this environment, it brings additional benefits that translate into an enhanced user experience. Instead of plain text applications and latency associated to a browser-based interface, the user is presented with rich animated graphics, a fast interaction, the capability to use an application off-line, and maybe most interestingly, the capability to dynamically download new applications to the device. For application developers, this means that you can use your favorite programming language and your favorite development tools, rather than learning a new programming environment. There are over 2.5 million developers who have already developed applications using the Java programming language, primarily on the server side. Once these developers become familiar with the small set of J2ME APIs, it becomes relatively easy to develop small client modules that can exchange data with server applications over the wireless network. The challenges that remain the same for Java, WAP, or native APIs is that small screens and limited input interfaces require developers to put some effort into the development of the application user interface. In other worlds, small devices force developers to abandon bad or lazy programming techniques.

What Type of Applications Does J2ME Enable? Many people expect to see new type of applications developed with J2ME. You can argue that the application categories would remain the same, except for a few exceptions such as location services and data applications that integrate with telephony functionality. The outcome is likely to be applications that are context sensitive (immediacy, location, personal or professional use) and are migrating from a characterbased interface (browser-based applications) to a graphical environment, providing developers and end users with an unmatched level of flexibility. Just think about the evolution from DOS or mainframe applications to Windows, MacOS, or Solaris graphical
22

www.jntuworld.com

www.jntuworld.com

environment. We still use processors, spreadsheets, accounting applications like in the good old days, but because the new generation of applications take advantage of a richer graphical environment, the applications are better and easier to use. Therefore, expect to see J2ME developers targeting the same categories of applications they focused on with WAP, but this time with the user experience compelling enough for ISVs and system integrators to be able to charge for them. As far as adoption of J2ME, the prognostics are rather good. Evans Data recently conducted a survey2 among 500 wireless application developers, concluding that more developers will use Java and J2ME to develop wireless applications (30%) than native C APIs (Palm OS, Pocket PC, EPOC) or even WAP. The market that J2ME will penetrate the fastest is the Japanese market, with Nikkei Market Access3 forecasting a penetration rate of 40% this year. NTT DoCoMo, who started shipping J2ME enabled I-mode phones at the end of January, has already sold 1 million units, and they expect the number to increase to 3 million by the end of September. The two other major Japanese wireless operators (KDDI and J-Phone) will join DoCoMo in the deployment of J2ME enabled handsets by the end of the summer. Obviously, forecasts can be misleading, as the experience with WAP, Bluetooth and 3G has shown. Therefore, what really matters is the number of handset manufacturers that are planning to make available J2ME enabled phones and PDAs this year, as well as the number of wireless operators that are endorsing the technology and putting in place a network infrastructure that will allow ISVs, content providers and corporations to deploy J2ME applications and services over their network. The benefits of Java technology as provided by J2ME in the wireless arena are many and varied. From its Write Once Run Anywhere flexibility, to its robust security features, to its support for off-line processing and local data storage, to its leverage of any wireless infrastructure, to its fine-tuned control of data exchange, J2ME is a natural platform for wireless application development. The numbers bear this out -- the ranks of J2ME developers are growing fast.

23

www.jntuworld.com

www.jntuworld.com

3.2.2.3 MySQL MySQL is a relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases. MySQL is primarily an RDBMS and therefore ships with no GUI tools to administer MySQL databases or manage data contained within. Users may use the included command-line tools, or download MySQL Frontends from various parties that have developed desktop software and web applications to manage MySQL databases, build database structure, and work with data records. 3.2.2.4 Apache Tomcat Apache Tomcat is an open source servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the Java Server Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java" HTTP web server environment for Java code to run.

3.2.2.5 Apache ANT Apache Ant is a software tool for automating software build processes. It is similar to Make but is implemented using the Java language, requires the Java platform, and is best suited to building Java projects. The most immediately noticeable difference between Ant and Make is that Ant uses XML to describe the build process and its dependencies, whereas Make has its Make file format. By default the XML file is named build.xml. 3.2.2.6 J2ME unit test tool J2ME Unit was created to run in small spaces where various classes like reflection and certain primitives like double are not available. J2ME Unit includes a test runner that will run on Motorolas Mobile Information Device Profile(MIDP) and a text ui test runner that prints text output.
24

www.jntuworld.com

www.jntuworld.com

3.2.3 Hardware Requirement

Processor Clock speed Hard Disk RAM Cache Memory : Pentium III : 550MHz : 20GB : 128MB : 512KB

3.2.4 Functional Requirements

3.2.4.1 Output Design Outputs from computer systems are required primarily to communicate the results of processing to users. They are also used to provide a permanent copy of the results for later consultation. The various types of outputs in general are: External Outputs whose destination is outside the organization. Internal Outputs whose destination is within organization and they are the users main interface with the computer. Operational outputs whose use is purely within the computer department. Interface outputs, which involve the user in communicating directly with system.

3.2.4.2 Output Definition The outputs should be defined in terms of the following points: Type of the output. Content of the output. Format of the output. Location of the output. Frequency of the output. Volume of the output. Sequence of the output.
25

www.jntuworld.com

www.jntuworld.com

It is not always desirable to print or display data as it is held on a computer. It should be decided as which form of the output is the most suitable. For Example Will decimal points need to be inserted Should leading zeros be suppressed.

3.2.4.3 Output Media In the next stage it is to be decided that which medium is the most appropriate for the output. The main considerations when deciding about the output media are: The suitability for the device to the particular application. The need for a hard copy. The response time required. The location of the users The software and hardware available. Keeping in view the above description the project is to have outputs mainly coming under the category of internal outputs. The main outputs desired according to the requirement specification are: The outputs were needed to be generated as a hot copy and as well as queries to be viewed on the screen. Keeping in view these outputs, the format for the output is taken from the outputs, which are currently being obtained after manual processing. The standard printer is to be used as output media for hard copies. 3.2.4.4 Input Design Input design is a part of overall system design. The main objective during the input design is as given below: To produce a cost-effective method of input. To achieve the highest possible level of accuracy. To ensure that the input is acceptable and understood by the user.

26

www.jntuworld.com

www.jntuworld.com

3.2.4.5 Input Stages The main input stages can be listed as below: Data recording Data transcription Data conversion Data verification Data control Data transmission Data validation Data correction

3.2.4.6 Input Types It is necessary to determine the various types of inputs. Inputs can be categorized as follows: External inputs, which are prime inputs for the system. Internal inputs, which are user communications with the system. Operational, which are computer departments communications to the system? Interactive, which are inputs entered during a dialogue.

3.2.4.7 Input Media At this stage choice has to be made about the input media. To conclude about the input media consideration has to be given to: Type of input Flexibility of format Speed Accuracy Verification methods Rejection rates Ease of correction Storage and handling requirements
27

www.jntuworld.com

www.jntuworld.com

Security Easy to use Portability Keeping in view the above description of the input types and input media, it can

be said that most of the inputs are of the form of internal and interactive. As Input data is to be the directly keyed in by the user, the keyboard can be considered to be the most suitable input device. 3.2.4.8 Error Avoidance At this stage care is to be taken to ensure that input data remains accurate form the stage at which it is recorded up to the stage in which the data is accepted by the system. This can be achieved only by means of careful control each time the data is handled. 3.2.4.9 Error Detection Even though every effort is make to avoid the occurrence of errors, still a small proportion of errors is always likely to occur, these types of errors can be discovered by using validations to check the input data. 3.2.4.10 Data Validation Procedures are designed to detect errors in data at a lower level of detail. Data validations have been included in the system in almost every area where there is a possibility for the user to commit errors. The system will not accept invalid data. Whenever an invalid data is keyed in, the system immediately prompts the user and the user has to again key in the data and the system will accept the data only if the data is correct. Validations have been included where necessary. The system is designed to be a user friendly one. In other words the system has been designed to communicate effectively with the user. The system has been designed with popup menus.

28

www.jntuworld.com

www.jntuworld.com

3.2.5 Performance Requirements

Performance is measured in terms of the output provided by the application. Requirement specification plays an important part in the analysis of a system. Only when the requirement specifications are properly given, it is possible to design a system, which will fit into required environment. It rests largely in the part of the users of the existing system to give the requirement specifications because they are the people who finally use the system. This is because the requirements have to be known during the initial stages so that the system can be designed according to those requirements. It is very difficult to change the system once it has been designed and on the other hand designing a system, which does not cater to the requirements of the user, is of no use. The requirement specification for any system can be broadly stated as given below: The system should be able to interface with the existing system The system should be accurate The system should be better than the existing system

29

www.jntuworld.com

www.jntuworld.com

3.3 CONTENT DIAGRAM OF THE PROJECT

SENDER MOBILE

RECIEVER SERVER

INPUT
NETWORK

STEGO IMAGE

KEY
Processing (Hiding Mechanism)

Processing
(Extracting Mechanism) OUTPUT (Data)

Secret e

KEY

30

www.jntuworld.com

www.jntuworld.com

3.4 ALGORITHMS AND FLOWCHART

3.4.1 Steganography Algorithm This algorithm is only for embedding a character (8-bit). For embedding the entire message, the steps in the algorithm are repeated. The output obtained as a result of encryption performed in Module 3 is embedded in an image which is of Portable Network Graphics format i.e. image with .png extension. The process of embedding consists of the following steps: Step 1: The image is selected initially, in which data has to be embedded. Step 2: The total number of pixels in the image is calculated by using the formula width x height. Step 3: The color intensities of each and every pixel is retrieved and stored in an array. Each pixel constitutes of 3 bytes, where each byte represents one of the three primary colors i.e. RGB. Step 4: AND operation is performed on each byte of the pixel along with the binary equivalent of 252. The result obtained is the byte value with the last two bits as 00 Step 5: The cipher text is AND operated with the binary equivalent of 03 to retrieve the last two bits of the message. Step 6: The OR operation is performed with the output of step 4 and step 5. Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the cipher text in the incremental order of 2 till all the 8 bits are embedded. To retrieve the cipher text from the image, the reverse steps of the algorithm mentioned above is to be performed.

31

www.jntuworld.com

www.jntuworld.com

3.4.2 Flowchart of the project

32

www.jntuworld.com

www.jntuworld.com

3.5 CONCLUSION
In this phase, we understand the software requirement specifications for the project. We arrange all the required components to develop the project in this phase itself so that we will have a clear idea regarding the requirements before designing the project. Thus we will proceed to the design phase followed by the implementation phase of the project.

33

www.jntuworld.com

www.jntuworld.com

DESIGN

www.jntuworld.com

www.jntuworld.com

4. DESIGN
4.1 INTRODUCTION
In this project, we propose a mobile-based software token system that is supposed to replace existing hardware and computer-based software tokens. The proposed system is secure.

4.2 UML DIAGRAMS

Unified Modeling Language (UML) is a standardized general-purpose modeling language in the field of software engineering. It is used to specify, visualize, modify, construct and document the artifacts of an object-oriented software intensive system under development. UML combines best techniques from data modeling (entity relationship diagrams), business modeling (work flows), object modeling, and component modeling. It can be used with all processes, throughout the software development life cycle, and across different implementation technologies.

4.2.1 Class Diagram

Class diagram in the Unified Modeling Language (UML) is a type of static structure diagram that describes the structure of a system by showing the system's classes, their attributes, and the relationships between the classes. It is the main building block in object oriented modeling. It is being used both for general conceptual modeling of the systematics of the application, and for detailed modeling translating the models into programming code. The classes in a class diagram represent both the main objects and interactions in the application and the objects to be programmed. In the class diagram these classes are represented with boxes which contain three parts: The upper part holds the name of the class. The middle part contains the attributes of the class, and The bottom part gives the methods or operations the class can take.
34

www.jntuworld.com

www.jntuworld.com

In the conceptual design of a system, a number of classes are identified and grouped together in a class diagram which helps to determine the statical relations between those objects. With detailed modeling, the classes of the conceptual design are often split in a number of subclasses.

M ai n c m d L o g in c m d E x it c m dB ac k t x t U s e rn a m e t x t P a s s w o rd t x t IP s t a rt A p p () c o m m a n d A c t io n () c a llL o g in S e rvle t ()

L o g in S e rvle t u s e rA c c o u n t u s e rn a m e p a s s w o rd db e x e c u t e Q u e ry () d o G e t () Tra n s fe r t ra n s fe rF o rm t x t To A c c o u n t t x t TP a s s w o rd tx tA m ount a p p e n d () a d d C o m m a n d ()

t ra n s a ct io n is p ro c e s s ed Tra n s fe rS e rvle t db rs rs1 e x e c ut e Q u e ry () g e tD o u b le ( ) S t e g a n o g ra p h m e s s a g e B y te s e x tr a c t d a ta e m b e d M e s s a g e () ret ri e ve M es s a g e ()

35

www.jntuworld.com

www.jntuworld.com

4.2.2 Use case Diagram

A Use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of the functionality provided by a system in terms of actors, their goals (represented as use cases), and any dependencies between those use cases. The main purpose of a use case diagram is to show what system functions are performed for which actor. Roles of the actors in the system can be depicted.

Transfer Money

Steganography

Customer

bank ing

Account details

Customer

Authentication

Transaction

LSB

36

www.jntuworld.com

www.jntuworld.com

4.2.3 Sequence Diagram

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how processes operate with one another and in what order. It is a construct of a Message Sequence Chart. A sequence diagram shows, as parallel vertical lines (lifelines), different processes or objects that live simultaneously, and, as horizontal arrows, the messages exchanged between them, in the order in which they occur. This allows the specification of simple runtime scenarios in a graphical manner.

C u s to m e r

A u t h e n t i c a t io n

L o g in

T ra n s a c t io n

S te ga n o g ra ph y

p ro c e s s e d

w a n t s t h e d e ta i l s

A u t h e n t ic a t io n is d o n e

i f s u c c e s s fu l t h e n l o g i n

r e q u e s t fo r m o n e y tr a n s fe r

p e r fo r m s s t e g a n o g r a p h y

t h e a m o u n t is s e n t

37

www.jntuworld.com

www.jntuworld.com

4.2.4 Data Flow Diagrams

Display Account Details

Mobile Client

Server

Enter Username& password. Send Username encrypted with Password in an Image along with Accno Authenticate

Request for account details Encryption & Send Data Image Embedding

Enter Password, Retrieve Cipher text Decrypt

Display Account Detail

Exit

38

www.jntuworld.com

www.jntuworld.com

Money Transfer

Mobile
Client

Server Enter Username& password

Send Username encrypted with Password in an Image along with Accno. Authenticate

Select Transaction option

Enter Receivers account number, Amount & Senders transaction Password

Send Details Update database

Exit

39

www.jntuworld.com

www.jntuworld.com

4.3 MODULE DESIGN AND ORGANISATION

There are mainly three modules Admin Modules Client Side MIDlet Modules (j2me) Implementing Steganography

4.3.1 Admin Module

In these admin Module we have web application. The designing of the web application is done using Java Server Pages. In these web page, we have these two main option; Account Details. Transfer Amount. The actions from the JSp are handled by the servlets The other name of Web Banking is Net-Banking or N-Banking. The N-Banking is one of the most popular methods, which was established before M- Banking. This module explains the interaction between the web server and the web client i.e., the web client interacts online with the server. Internet is used by the Web Client to establish this connection.

The client first opens the Banks web page by specifying its URL. Next, the client is requested to enter the unique Username and Password for authentication purpose. If entered correctly, the user is logged on to the next page.

The next page displays the account number, account type and balance details of the client. Also, two more options are displayed to the user. Depending on the users need, any one of the options can be selected. The Account details option, if selected displays the account details along with details about the last few transactions made by the
40

www.jntuworld.com

www.jntuworld.com

client. Transfer money option is used for transferring funds from one account to another account. The user is requested to enter the account number to which money has to be transferred, the amount to transfer and the transaction password. In this module no security measures have been implemented. This module has been performed to confirm the communication path between the server and the client.

JSP: Java Server Pages (JSP) is a Java technology that allows software developers to dynamically generate HTML, XML or other types of documents in response to a Web client request. The technology allows Java code and certain pre-defined actions to be embedded into static content.

The JSP syntax adds additional XML-like tags, called JSP actions, to be used to invoke built-in functionality. Additionally, the technology allows for the creation of JSP tag libraries that act as extensions to the standard HTML or XML tags. Tag libraries provide a platform independent way of extending the capabilities of a Web server.

JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler may generate a servlet in Java code that is then compiled by the Java compiler, or it may generate byte code for the servlet directly. JSPs can also be interpreted on-the-fly reducing the time taken to reload changes.

41

www.jntuworld.com

www.jntuworld.com

Java Server Pages (JSP) technology provides a simplified, fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent

4.3.2 Client Side MIDLET Module

In the Client Midlet which is based on j2me client application. MIDlets handle all the events in the mobile part. Each request is handled by the server. We divide this client MIDlet into..

Main - Which prefers the main Login page passes the request to the server Details from the server we have a details (mini statement) to the client Transfer these option which transfers the amount to the other account.

Mobile Banking comes very handy by reducing the stress of the customer to go to the bank, the delay for enquiry and transaction etc. Every customer who has an account in the bank and wishes to enhance his privacy, he will be given software by the bank which can be exclusively used only by that account holding person i.e. the software the customer holds can only perform his transaction and viewing of his account details corresponding to his account number.

First the user has to be authenticated. For this he is requested for the Username, Password and the IP of the server along with the port number. These values have to be authenticated by the server. For this, first we encrypt the Username by using the
42

www.jntuworld.com

www.jntuworld.com

password as the key. We then hide the data in a picture using Steganography. This data is sent to IP entered by the user, which is nothing but the server along with the Account number.

The server then receives the image along with the account number. The server then finds the password corresponding to the account number from the database. It then retrieves the data from the image by performing steganography and decryption by using the password as the key. If the server is able to retrieve the data, then the password and username are considered correct and hence the user is authenticated. The database corresponding to authentication is similar. Now two options will be displayed to the user namely, Account Details and Transaction. The user then has to select one among these. Account Details Option

If the user selects this option a request is sent to the server. The server then processes this request and sends the reply to the mobile client. In the act of processing, the server finds the account details of that particular account number. This data is encrypted and then hidden in a picture using steganography. The mobile client then receives this image. The password is requested from the user. Using this password, the data is retrieved and displayed to the user. Transfer Money Option If the user selects this option the server request the user for account no to which the money should be transferred and the also takes the input as amount which is to be transferred to that particular account and also the transaction password should be entered for maintaining secrecy and authentication. After entering all the details the money will be transferred into the requested account.

43

www.jntuworld.com

www.jntuworld.com

4.3.3 Implementing Steganography

Implementing the Steganography constraints in the entire applications.

Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message.

By contrast, cryptography obscures the meaning of a message, but it does not conceal the fact that there is a message. Combining steganography of data in picture and using png format pictures this article proposes a method for hidden exchange of information.

The main focus of this article is on steganography in banking applications pictures and making this possible on mobile phones considering the limitations in mobile phones.

After receiving a picture message containing hidden data, the decoder program extracts the data and immediately changes the steganography places.

Usually 24-bit or 8-bit files are used to store digital images. The former one provides more space for information hiding; however, it can be quite large. The colored representations of the pixels are derived from three primary colors: red, green and blue. 24-bit images use 3 bytes for each pixel, where each primary color is represented by 1 byte. Using 24-bit images each pixel can represent 16,777,216 color values. We can use the lower two bits of these color channels to hide data, then the maximum color change in a pixel could be of 64-color values, but this causes so little change that is undetectable for

44

www.jntuworld.com

www.jntuworld.com

the human vision system. This simple method is known as Least Significant Bit insertion as in figure 3.5. Algorithm to embed the encrypted data: This algorithm is only for embedding a character (8-bit). For embedding the entire message, the steps in the algorithm are repeated. The output obtained as a result of encryption performed in Module 3 is embedded in an image which is of Portable Network Graphics format i.e. image with .png extension. The process of embedding consists of the following steps: Step 1: The image is selected initially, in which data has to be embedded. Step 2: The total number of pixels in the image is calculated by using the formulawidthxheight.

Figure 3.5 LSB Methodology Step 3: The color intensities of each and every pixel is retrieved and stored in an array. Each pixel constitutes of 3 bytes, where each byte represents one of the three primary colors i.e. RGB.
45

www.jntuworld.com

www.jntuworld.com

Step 4: AND operation is performed on each byte of the pixel along with the binary equivalent of 252. The result obtained is the byte value with the last two bits as 00. Step 5: The cipher text is AND operated with the binary equivalent of 03 to retrieve the last two bits of the message. Step 6: The OR operation is performed with the output of step 4 and step 5. Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the cipher text in the incremental order of 2 till all the 8 bits are embedded.

To retrieve the cipher text from the image, the reverse steps of the algorithm mentioned above is to be performed.

4.4 CONCLUSION
In this way we can design the layout of the project which is to be implemented during the construction phase. Thus we will have a clear picture of the project before being coded. Hence any necessary enhancements can be made during this phase and coding can be started

46

www.jntuworld.com

www.jntuworld.com

IMPLEMENTATION & RESULTS

www.jntuworld.com

www.jntuworld.com

5 IMPLEMENTATION AND RESULTS

5.1 INTRODUCTION
The implementation part is the most important phase of the project. In this phase, we code the entire project in the chosen software according to the design laid during the previous phase. The code has to be in such a way that the user requirements are satisfied and also not complicated for the user i.e., the user interface or GUI has to be easy to navigate. The code should be efficient in all terms like space, easy to update, etc. In this manner, we can complete the coding part of the project and later it can be sent for testing before being delivered to the customer

5.2 EXPLANATION OF KEY FUNCTIONS 5.2.1 Database Connectivity using jdbc

The following code gives the database connectivity using jdbc i.e., the way the MySQL database is synchronized with the project which is developed using Java.
import java.sql.*; import java.util.*; public class Database { jdbcDriver = ""; dbURL = ""; username = ""; password = "";

private static String private static String private static String private static String

private Connection connection; public Database() throws SQLException, ClassNotFoundException { ResourceBundle bundle ResourceBundle.getBundle("MessageResources"); =

jdbcDriver = bundle.getString("jdbc.driver"); dbURL = bundle.getString("jdbc.url");

47

www.jntuworld.com

www.jntuworld.com

username = bundle.getString("jdbc.user"); password = bundle.getString("jdbc.password"); Class.forName(jdbcDriver); //set Java database connectivity driver connection = DriverManager.getConnection(dbURL, username, password); } public ResultSet executeQuery(String query)throws SQLException { PreparedStatement st = connection.prepareStatement(query);

return st.executeQuery(); } public int executeUpdate(String statement)throws SQLException { PreparedStatement st= connection.prepareStatement(statement); return st.executeUpdate(); } public void close() { try { connection.close(); } catch (SQLException sqlException) { sqlException.printStackTrace(); connection = null; } } protected void finalize() { close(); }}

48

www.jntuworld.com

www.jntuworld.com

5.2.2 Main Page of Mobile

The following code displays the main screen of the mobile
import java.io.*; import java.util.*; import javax.microedition.lcdui.*; import javax.microedition.midlet.*; import javax.microedition.io.*; public class Main extends MIDlet implements CommandListener, Runnable { private Display display = null; private Command cmdLogin = null; private Command cmdExit = null; private Command cmdBack = null; private Form loginForm; private TextField txtUsername; private TextField txtPassword; private TextField txtIP; private List menu = null; public static String ipAddress = null; public static String firstname = null; public static String password = null; private byte[] byteRGB; Detail detail; Transfer transfer; public Main(){ detail.mainMidlet = this; transfer.mainMidlet = this; cmdLogin = new Command("Login", Command.SCREEN, 1); cmdExit = new Command("Exit", Command.EXIT, 0); display = Display.getDisplay(this);

49

www.jntuworld.com

www.jntuworld.com

} public void startApp() { showLoginForm(); } public void pauseApp() { } public void destroyApp(boolean unconditional) { } public void commandAction (Command c, Displayable d) { if(c == cmdLogin) { try { Gauge gau = new Gauge("Connecting",false,8,0); Form frm = new Form("Please Wait.. ",new Item[] {gau}); gau.setValue(2); display.setCurrent(frm); ipAddress = txtIP.getString(); password = txtPassword.getString(); gau.setValue(4); hideMessage(); gau.setValue(6); callLoginServlet(); } catch (Exception e) { showError(e.toString());

50

www.jntuworld.com

www.jntuworld.com

else if (c == cmdExit) { destroyApp(false); notifyDestroyed(); } else { switch(menu.getSelectedIndex()) { case 0: {detail = new Detail(display);break; } case 1: {transfer = new Transfer(display);break;} } } } private void callLoginServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection hc = null; InputStream iStrm = null; OutputStream oStrm = null; try { String url = new "/mbank1/Login?a=001002001"); String("http://" + ipAddress +

hc = (HttpConnection) Connector.open(url); //hc.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1"); //hc.setRequestProperty("User-Account", "001002001"); hc.setRequestMethod(HttpConnection.POST); oStrm = hc.openOutputStream();

51

www.jntuworld.com

www.jntuworld.com

oStrm.write(byteRGB); if (hc.getResponseCode() == HttpConnection.HTTP_OK) { iStrm = hc.openInputStream(); int length = (int) hc.getLength(); if (length > 0) { byte resopnseData[] = new byte[length]; iStrm.read(resopnseData); String data = new String(resopnseData); if(data.equals("EC999")){ showError("Invalid Username/Password"); }else if(data.equals("EC899")){ showError("Database Error"); }else { firstname = data; password = txtPassword.getString(); showMenu(firstname); } } else { showError("Unable to read data"); } } else {

showError("Response error"); } } catch (IOException ioe) { showError(ioe.toString()); } finally { try { if (oStrm != null)

52

www.jntuworld.com

www.jntuworld.com

oStrm.close(); if (iStrm != null) iStrm.close(); if (hc != null) hc.close(); } catch (IOException ioe) { showError(ioe.toString()); }}} public void showLoginForm() { loginForm = new Form("MBank");

txtUsername = new TextField("Username ", "", 15, TextField.ANY); txtPassword = new TextField("Password ", "", 15, TextField.PASSWORD); txtIP = new TextField("IP Address", "", 25, TextField.ANY); loginForm.append(txtUsername); loginForm.append(txtPassword); loginForm.append(txtIP); loginForm.addCommand(cmdLogin); loginForm.addCommand(cmdExit); loginForm.setCommandListener(this); display.setCurrent(loginForm); } public void showError(String message) { Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR ); newAlert.setTimeout( Alert.FOREVER ); display.setCurrent(newAlert); } public void showMenu(String message) { menu = new List("MBank , Welcome "+message, Choice.IMPLICIT); menu.append("Account Details", null);

53

www.jntuworld.com

www.jntuworld.com

menu.append("Transfer Money", null); menu.addCommand(cmdExit); menu.setCommandListener(this); display.setCurrent(menu); } public void hideMessage() { Image image; int[] dataRGB; try { image = Image.createImage("/earth.png"); dataRGB = new int[image.getWidth() * image.getHeight()]; byteRGB = new byte[dataRGB.length * 4]; image.getRGB(dataRGB, image.getHeight()); 0, image.getWidth(), 0, 0, image.getWidth(),

byteRGB = getByte(dataRGB); Cryptograph crypt = new Cryptograph(txtUsername.getString(),password ); String cipher = crypt.encrypt(); cipher += "*"; byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes()); }catch (IOException ioe){ showError("Not able to load Image"); }} private byte[] getByte(int[] source){ byte[] byteRGB = new byte[source.length * 4]; for (int i=0 ; i<source.length ; i++){ byteRGB[i * 4 + 0] = (byte)((source[i] >> 24) & 0x000000ff); byteRGB[i * 4 + 1] = (byte)((source[i] >> 16) & 0x000000ff); byteRGB[i * 4 + 2] = (byte)((source[i] >> byteRGB[i * 4 + 3] = (byte)((source[i] >> return byteRGB;}} 8) & 0x000000ff); 0) & 0x000000ff);}

54

www.jntuworld.com

www.jntuworld.com

5.2.3 Displays the Details to User

The following code displays the details of his account regarding his balance and recent transactions etc.

import javax.microedition.lcdui.*; import javax.microedition.io.*; import java.io.*; import javax.microedition.lcdui.Image; import javax.microedition.lcdui.ImageItem; import javax.microedition.lcdui.Item; public class Detail implements CommandListener, Runnable { public static Main mainMidlet=null; private Display display; private Form detailForm; private Form imageForm; private TextField tfPwd; private Command cmdBack = new Command("Back", Command.BACK, 1); private Command Command.SCREEN, 1); cmdDetail = new Command("View Detail",

private byte imageData[]; private int[] intNewImage; public Detail(Display disp) { display = disp; try { callDetailServlet(); }

catch (Exception e) {
55

www.jntuworld.com

www.jntuworld.com

showError(e.toString()); }} public void callDetailServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection http = null; DataInputStream iStrm = null; String url = "http://" "/mbank1/Detail?a=001002001" ; try { http = (HttpConnection) Connector.open(url); // http.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1"); // http.setRequestProperty("User-Account", "001002001"); + mainMidlet.ipAddress +

http.setRequestMethod(HttpConnection.GET); iStrm = http.openDataInputStream(); ByteArrayOutputStream bStrm = null; if (http.getResponseCode() == HttpConnection.HTTP_OK) { int length = (int) http.getLength(); if (length != -1) { imageData = new byte[length]; iStrm.readFully(imageData); } else { bStrm = new ByteArrayOutputStream(); int ch;

56

www.jntuworld.com

www.jntuworld.com

while ((ch = iStrm.read()) != -1) bStrm.write(ch); imageData = bStrm.toByteArray(); bStrm.close(); } intNewImage = new int[imageData.length/4]; int indexIntNewImage = 0; for (int j=0 ; j<imageData.length ; j+=4){ int alpha = (imageData[j + 0] << 24 ) & 0xff000000; int red = (imageData[j + 1] << 16 ) & 0x00ff0000; 8 ) & 0x0000ff00; 0 ) & 0x000000ff; = } Image image = Image.createRGBImage(intNewImage, 64, 64, true); ImageItem imageItem = new ImageItem("\n", ImageItem.LAYOUT_CENTER | ImageItem.LAYOUT_NEWLINE_BEFORE | ImageItem.LAYOUT_NEWLINE_AFTER, "MBank"); imageForm = new Form("Steganograpy Image"); tfPwd = new TextField("Password:", TextField.PASSWORD); imageForm.append(imageItem); imageForm.append(tfPwd); imageForm .addCommand(cmdDetail); imageForm .setCommandListener(this); display.setCurrent(imageForm); }else { showError("Response Error"); } } "", 10, TextField.ANY | image, alpha + red + green +

int green = (imageData[j + 2] << int blue = (imageData[j + 3] <<

intNewImage[indexIntNewImage] blue;indexIntNewImage++;

catch (Exception e)

57

www.jntuworld.com

www.jntuworld.com

{ showError(e.toString()); } finally {if (iStrm != null) try { iStrm.close(); } catch (Exception ce) { } } if (http != null) { try { http.close(); } catch (Exception ce) { } } } public void startApp() { } public void pauseApp() { } public void destroyApp(boolean unconditional) { }

public void commandAction(Command c, Displayable s) { if (c == cmdBack) { mainMidlet.showMenu(mainMidlet.firstname); } if (c == cmdDetail) {

58

www.jntuworld.com

www.jntuworld.com

showDetail(imageData); } } public void showError(String message) { Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR ); newAlert.setTimeout( Alert.FOREVER ); display.setCurrent(newAlert); } public void showDetail( byte data[]){ String message = Steganograph.retrieveMessage(data); Cryptograph crypt = new Cryptograph(message, String decMes = crypt.decrypt(); tfPwd.getString());

detailForm = new Form("MBank-Account Details"); StringTokenizer tok = new StringTokenizer(decMes,";"); StringItem item = new StringItem("Acc No detailForm .append(item); item = new StringItem("Acc Type: detailForm .append(item); item = new StringItem("Balance detailForm .append(item); item = new StringItem("----------------------------------------",""); detailForm .append(item); item = new StringItem("Mini Statement",""); detailForm .append(item); item = new StringItem("----------------------------------------",""); detailForm .append(item); item = new StringItem(" Date Action Amount",""); : ",tok.nextToken()); ",tok.nextToken().toUpperCase()); : ",tok.nextToken());

detailForm .append(item); String noTrans = tok.nextToken(); int transCount = Integer.parseInt(noTrans);

59

www.jntuworld.com

www.jntuworld.com

for(int i=0;i<transCount;i++){ item = new StringItem("" ,tok.nextToken() + " " tok.nextToken().toUpperCase() + " " + tok.nextToken()); detailForm .append(item); } detailForm .addCommand(cmdBack); detailForm .setCommandListener(this); display.setCurrent(detailForm); } } +

5.2.4 Transfer Money to Other Account

The following code helps to transfer money from his account to another
import javax.microedition.lcdui.*; import javax.microedition.io.*; import java.io.*; public class Transfer implements CommandListener, Runnable { public static Main mainMidlet=null; private Display display; private Form transferForm; private TextField txtToAccount; private TextField txtTPassword; private TextField txtAmount; private String message = ""; private byte[] byteRGB; private Command cmdBack = new Command("Back", Command.BACK, 1); private Command cmdSend = new Command("Send", Command.SCREEN, 1); public Transfer(Display disp){ display = disp; transferForm = new Form("MBank - Money Transfer"); txtToAccount = TextField.NUMERIC); new TextField("To Account ", "", 15,

60

www.jntuworld.com

www.jntuworld.com

txtAmount = new TextField.NUMERIC);

TextField("Amount TextField("Transaction

", Password",

"", "",

15, 15,

txtTPassword = new TextField.PASSWORD);

transferForm.append(txtToAccount); transferForm.append(txtAmount); transferForm.append(txtTPassword); transferForm.addCommand(cmdSend); transferForm.addCommand(cmdBack); transferForm.setCommandListener(this); display.setCurrent(transferForm); } public void startApp() { } public void pauseApp() { } public void destroyApp(boolean unconditional){ }

public void commandAction(Command c, Displayable s) { if (c == cmdBack) { mainMidlet.showMenu(mainMidlet.firstname); } else if(c == cmdSend) { try{ message = txtToAccount.getString() +txtAmount.getString() + ";" + txtTPassword.getString(); hideMessage(); callTransferServlet(); }catch (Exception e) { showError(e.toString()); } } } + ";"

61

www.jntuworld.com

www.jntuworld.com

private void callTransferServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection hc = null; InputStream iStrm = null; OutputStream oStrm = null; mainMidlet.ipAddress try { String url = new String("http://" + "/mbank1/Transfer?a=001002001"); +

hc = (HttpConnection) Connector.open(url); //hc.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1"); //hc.setRequestProperty("User-Account", "001002001");

hc.setRequestMethod(HttpConnection.POST); oStrm = hc.openOutputStream(); oStrm.write(byteRGB); if (hc.getResponseCode() HttpConnection.HTTP_OK) { iStrm = hc.openInputStream(); int length = (int) hc.getLength(); if (length > 0) { byte resopnseData[] = new byte[length]; iStrm.read(resopnseData); String data = new String(resopnseData); if(data.equals("EC999")){ showError("Invalid Username/Password"); }else if (data.equals("TEC100")) { showError("Invalid Transaction password"); ==

62

www.jntuworld.com

www.jntuworld.com

}else if(data.equals("TEC200")){ showError("Insuffidient Balance"); }else if(data.equals("TEC300")){ Account"); showError("Invalid }else if(data.equals("TEC400")){ No"); showError("Check Transfer Account Transfer

}else if(data.equals("TEC900")){ showMessage(); } } else { showError("Unable to read data");} } else showError("Response error"); } } catch (IOException ioe) { showError(ioe.toString()); } finally { try { if (oStrm != null) oStrm.close(); if (iStrm != null) iStrm.close(); if (hc != null) hc.close(); } catch (IOException ioe) { showError(ioe.toString()); } } public void showError(String message) { } {

63

www.jntuworld.com

www.jntuworld.com

Alert newAlert = "Error!",message,null,AlertType.ERROR ); newAlert.setTimeout( Alert.FOREVER ); display.setCurrent(newAlert); } public void showMessage() {

new

Alert(

Form messageForm = new Form("Transaction Message"); messageForm.append("Transaction Successful"); messageForm.addCommand(cmdBack); messageForm.setCommandListener(this); display.setCurrent(messageForm); public void hideMessage() { Image image; int[] dataRGB; try { image = Image.createImage("/cube.png"); dataRGB = new int[image.getWidth() * image.getHeight()]; byteRGB = new byte[dataRGB.length * 4]; image.getRGB(dataRGB, image.getHeight()); 0, image.getWidth(), 0, 0, image.getWidth(), }

byteRGB = getByte(dataRGB); Cryptograph crypt = new Cryptograph(message,mainMidlet.password ); String cipher = crypt.encrypt(); cipher += "*"; byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes()); }catch (IOException ioe){ showError("Not able to load Image"); } } private byte[] getByte(int[] source){ byte[] byteRGB = new byte[source.length * 4];

64

www.jntuworld.com

www.jntuworld.com

for (int i=0 ; i<source.length ; i++){ 0x000000ff); 0x000000ff); 0x000000ff); 0x000000ff); } return byteRGB; }} byteRGB[i byteRGB[i byteRGB[i byteRGB[i * * * * 4 4 4 4 + + + + 3] 0] 1] 2] = = = = (byte)((source[i] (byte)((source[i] (byte)((source[i] (byte)((source[i] >> >> >> >> 24) 16) 8) 0) & & & &

5.2.5 Implementing Steganography

The following code is the important code in our project where it provides the security to the user.
public class Steganograph { private Steganograph() { }

public static byte[] embedMessage(byte byteRGB[],byte msgBytes[]){ for (int i=0 ; i<msgBytes.length ; i++){ byteRGB[i * 4 + 0] = (byte)((byteRGB[i * 4 + 0] & 0xFC)|(msgBytes[i] & 0x03)); byteRGB[i * 4 + 1] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>2) & 0x03)); byteRGB[i * 4 + 2] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>4) & 0x03)); byteRGB[i * 4 + 3] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>6) & 0x03)); } return byteRGB; } public static String retrieveMessage(byte byteRGB[]) * * * 4 4 4 + + + 1] 2] 3] & & &

65

www.jntuworld.com

www.jntuworld.com

{ byte [] extractdata = new byte [byteRGB.length]; int c= 0; for (int i=0;i<byteRGB.length/4;i++){ extractdata[c++] = (byte)(byteRGB[i * 4 + 0] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 1] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 2] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 3] & 0x03); }

StringBuffer extractedMsg = new StringBuffer(); byte[] messageBytes = new byte[extractdata.length/4]; int twoBitByteCnt = 0; for (int i=0;i<messageBytes.length;i++){ messageBytes[i] = (byte)(extractdata[twoBitByteCnt++]); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 2)); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 4)); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 6)); if((char)(messageBytes[i]) == '*')break; extractedMsg.append((char)(messageBytes[i])); } String Message = new String(extractedMsg); return Message; } } | | |

66

www.jntuworld.com

www.jntuworld.com

5.3 METHOD OF IMPLEMENTATION

Installing Software First of all install Java 1.6 and then Tomcat Apache 5.1 by specifying port number

as 8080. After that install MySQL database in your system. After installing MySQL, install SQL Yog, an application which has GUI to organize MySQL databases. You can install an IDE like ECLIPSE or an EditPlus editor to write Java programs (optional). You can even write them in notepad also. For the purpose of Testing you need to install J2MEUNIT testing tool. Enable Path Settings Now the path settings have to be enabled so that your system will be able to recognize the above installed softwares. Note that correct path have to be given otherwise it may raise an error. The following picture depicts the method of setting path:

(Right click on My Computer)

(Select Advanced tab and Environment variables)

67

www.jntuworld.com

www.jntuworld.com

(Setting User Variables)

(Setting System Variables)

Now we have to write code for all the pages using the concept of Java Server Pages. It gives the user interface for the project. The server validation processes will be handled by the Servlet Technology. All servlet programs have to be written and interpreted for generating their .class files. The database programs can be implemented using SQL Yog. Follow this hierarchy for arranging your files:

+Tomcat 1.6 +webapps +bookstore .jsp files +images +include +WEB-INF web.xml +classes +lib +src
68

www.jntuworld.com

www.jntuworld.com

All .jsp pages are placed in the /bookstore application folder. All .class files generated are placed in /classes folder of /WEB-INF. All APIs including comm.jar, jsp-api.jar, etc. are placed in /lib folder of /WEBINF. All source code files are placed in /src folder of /WEB-INF. Now launch Tomcat service and go to Tomcat Manager. Click mbank

application. Thats it! Your application is launched.

5.3.1 Forms
The following are some of the forms available in our project: 5.3.1.1 Login
import javax.servlet.http.*; import javax.servlet.*; import java.io.*; import javax.sql.DataSource; import java.util.ArrayList; import java.sql.Connection; import java.sql.Statement; import java.sql.ResultSet; import java.sql.SQLException; public class LoginServlet extends HttpServlet { Database db = null; ResultSet rs = null; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userAccount = "" ; String username = ""; String password = ""; String firstname = ""; userAccount = request.getParameter("a"); response.setContentType("text/plain"); PrintWriter out=response.getWriter();

69

www.jntuworld.com

www.jntuworld.com

try {

db = new Database(); }catch(SQLException e2){ out.print("EC899"); } catch(ClassNotFoundException e3){

out.print("EC899"); } try { final username,password,firstname userAccount +"'"; rs = db.executeQuery(query); if(rs.next()) { username = rs.getString(1); password = rs.getString(2); firstname = rs.getString(3); InputStream in = request.getInputStream(); BufferedReader InputStreamReader(in)); StringBuffer buf = new StringBuffer(); String line; while ((line = r.readLine()) != null) { buf.append(line); } String s = buf.toString(); byte [] imBytes = s.getBytes(); String message = ""; try { message Steganograph.retrieveMessage(imBytes); } catch (Exception e) { out.print("EC799"); } Encrypt crypt = new Encrypt(message, password); String uname = crypt.decrypt(); if (uname.equals(username)) = r = new BufferedReader(new from String userinfo query where accountno ="select = '" +

70

www.jntuworld.com

www.jntuworld.com

{ out.print(firstname); } else { out.print("EC999"); } }else { out.print("EC999"); } }catch(SQLException e1){ out.print("EC899"); } } public void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException{ doPost(req, resp); } }

5.3.1.2 Registration
import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.http.HttpSession.*; import java.io.*; import java.util.*; import javax.sql.*; public class UserRegistrationServlet extends HttpServlet { HttpSession hs; PrintStream ps,ps1; Connection con; PreparedStatement st; ResultSet rs; String str=null;

71

www.jntuworld.com

www.jntuworld.com

String uname = null; String fname = null; String lastnm = null; String password = null; String stre = null; String add = null; String cit = null; String sta = null; String coun = null; String ph = null; String acno = null; String trapass = null; RequestDispatcher rd=null; int i; public void init(ServletConfig sc )throws ServletException { super.init(sc); } public res) throws ServletException,IOException { doPost(req,res); } public req,HttpServletResponse res) throws ServletException,IOException { doPost(req,res); } public { PrintWriter out=res.getWriter(); res.setContentType("text/html"); uname = req.getParameter("uname"); fname = req.getParameter("fname"); void doPost(HttpServletRequest req,HttpServletResponse res)throws ServletException,IOException void doGet(HttpServletRequest void service(HttpServletRequest req,HttpServletResponse

72

www.jntuworld.com

www.jntuworld.com

lastnm = req.getParameter("lastnm"); password = req.getParameter("password"); stre = req.getParameter("st"); add = req.getParameter("add"); cit = req.getParameter("cit"); sta = req.getParameter("sta"); coun = req.getParameter("coun"); ph = req.getParameter("ph"); acno = req.getParameter("acno"); trapass = req.getParameter("trapass"); try { Class.forName("com.mysql.jdbc.Driver"); con DriverManager.getConnection("jdbc:mysql://localhost:3306/mbank", "root", "password"); //String query = "insert into pat_info values( st=con.prepareStatement("insert into userinfo values('"+uname+"','"+password+"','"+fname+"','"+lastnm+"','"+stre+"',' "+add+"','"+cit+"','"+sta+"','"+coun+"','"+ph+"','"+acno+"','"+trapass+ "')"); i = st.executeUpdate(); System.out.println("query executed"); if(i!=0){ rd=req.getRequestDispatcher("regconfirm.jsp"); } else { rd=req.getRequestDispatcher("error.html"); } }catch (Exception e) { rd=req.getRequestDispatcher("error.html"); e.printStackTrace(); } rd.forward(req,res); } } =

73

www.jntuworld.com

www.jntuworld.com

5.3.2 OUTPUT SCREENS 5.3.2.1 Login Page

5.3.2.2 Banking Options

74

www.jntuworld.com

www.jntuworld.com

5.3.2.3 Account Details page

5.3.2.4 Transfer Money

75

www.jntuworld.com

www.jntuworld.com

5.3.2.5 Home page of Mobile Emulator

5.3.2.6 Login Screen

76

www.jntuworld.com

www.jntuworld.com

5.3.2.7 Banking Options Screen

5.3.2.8 Stagnography Image

77

www.jntuworld.com

www.jntuworld.com

5.3.2.9 Display Account Details

5.3.2.10 Money Transfer Option

78

www.jntuworld.com

www.jntuworld.com

5.3.3 Result Analysis

This project has been implemented for several users where the simple interfaces provides an easy navigation for banking this enhaces security even much better than the existing system as it implements a method called stenography hence it reduces the loss of data.

5.4 CONCLUSION
In this way we implemented the project successfully with the help of J2ME for an easy interaction of the user with the interfaces and enhanced security with less effort work. We proceed to the next phase i.e., testing which is very important before delivering the project.

79

www.jntuworld.com

www.jntuworld.com

TESTING & VALIDATION

www.jntuworld.com

www.jntuworld.com

6. TESTING AND VALIDATION

6.1 INTRODUCTION
Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. In fact, testing is the one step in the software engineering process that could be viewed as destructive rather than constructive. A strategy for software testing integrates software test case design methods into a well-planned series of steps that result in the successful construction of software. Testing is the set of activities that can be planned in advance and conducted systematically. The underlying motivation of program testing is to affirm software quality with methods that can economically and effectively apply to both strategic to both large and small-scale systems.

The following are the Testing Objectives:

Testing is a process of executing a program with the intent of finding an error. A good test has a high probability of finding an as yet undiscovered error. A successful test is one that uncovers an as yet undiscovered error.

6.2 DESIGN OF TEST CASES & SCENARIO

The objective is to design tests that systematically uncover different classes of errors and do so with a minimum amount of time and effort. Testing cannot show the absence of defects, it can only show that software defects are present.

6.2.1 Unit Testing

Interface Number of input parameters should be equal to number of arguments.
80

www.jntuworld.com

www.jntuworld.com

Parameter and argument attributes must match. Parameters passed should be in correct order. Global variable definitions consistent across module. If module does I/O, File attributes should be correct. Open/Close statements must be correct. Format specifications should match I/O statements. Buffer Size should match record size. Files should be opened before use. End of file condition should be handled. I/O errors should be handled. Any textual errors in output information must be checked. Improper or inconsistent typing. Erroneous initialization or default values. Incorrect variable names. Inconsistent date types. Overflow, underflow, address exceptions. Error Handling Error description unintelligible. Error noted does not correspond to error encountered. Error condition handled by system run-time before error handler gets control. Exception condition processing incorrect.

Local Data Structures (common source of errors!)

Boundary conditions and Independent paths

81

www.jntuworld.com

www.jntuworld.com

6.2.2 Integration Testing

Modules integrated by moving down the program design hierarchy. Can use depth first or breadth first top down integration verifies major control and decision points early in design process. Top-level structure tested most. Depth first implementation allows a complete function to be implemented, tested and demonstrated and does depth first implementation of critical functions early. Top down integration forced (to some extent) by some development tools in programs with graphical user interfaces. Begin construction and testing with atomic modules (lowest level modules).Bottom up integration testing as its name implies begins construction and testing with atomic modules. Because modules are integrated from the bottom up, processing required for modules subordinate to a given level is always available and the need for stubs is eliminated.

6.2.3 Validation Testing

Validation testing is aims to demonstrate that the software functions in a manner that can be reasonably expected by the customer. This tests conformance the software to the Software Requirements Specification. 6.2.3.1 Validation Test Criteria A set of black box test is to demonstrate conformance with requirements. To check that all functional requirements satisfied, all performance requirements achieved, documentation is correct and ' human-engineered', and other requirements are met (e.g. compatibility, error recovery, and maintainability). When validation tests fail it may be too late to correct the error prior to scheduled delivery. Need to negotiate a method of resolving deficiencies with the customer. 6.2.3.2 Configuration Review An audit to ensure that all elements of the software configuration are properly developed catalogued and has all the necessary detail to support maintenance.

82

www.jntuworld.com

www.jntuworld.com

6.2.4 Alpha and Beta Testing

It is difficult to anticipate how users will really use software. If there is one customer, a series of acceptance tests are conducted (by the customer) to enable the customer to validate all requirements. If software is being developed for use by multiple customers, cannot use acceptance testing. An alternative is to use alpha and beta testing to uncover errors. A customer conducts alpha testing at the developer's site. The customer uses the software with the developer 'looking over the shoulder' and recording errors and usage problems. Alpha testing conducted in a controlled environment Beta testing is conducted at one or more customer sites by end users. It is ' live ' testing in an environment not controlled by developer. The customer records and reports difficulties and errors at regular intervals.

6.2.5 System Testing

Software is only one component of a system. Software will be incorporated with other system components and system integration and validation test performance.

6.3 VALIDATION
Validation aims to demonstrate that the software functions in a manner that can be reasonably expected by the customer. This tests conformance the software to the Software Requirements Specification. Here an experiment has done for checking the consistency for the user requirements regarding the username and password which should be validated through the server and the username and password should be matched and also the method Steganography implemented also checked for its consistency to provide security.

6.4 CONCLUSION
In this way we also completed the testing phase of the project and ensured that the system is ready to go live. Thus we developed a new technology banking system so that people will have a happy banking.

83

www.jntuworld.com

www.jntuworld.com

CONCLUSION

www.jntuworld.com

www.jntuworld.com

7 . CONCLUSION
We propose a Steganography to protect the messages. Steganography can be used to maintain the confidentiality of valuable information, to protect the data from possible sabotage, theft, or unauthorized viewing. Steganography can be used to tag notes to online images (like post-it notes attached to paper files). Steganography is a fascinating and effective method of hiding data that has been used throughout history. Methods that can be employed to uncover such devious tactics, but the first step are awareness that such methods even exist. There are many good reasons as well to use this type of data hiding, including watermarking or a more secure central storage method for such things as passwords, or key processes. Regardless, the technology is easy to use and difficult to detect. The more that you know about its features and functionality, the more ahead you will be in the game. Before going into the future enhancements as we came to know that Steganography can also be performed with not only the images but also audio file, within text etc. so in our future enhancements we can implement through the audio file which it consists of music notes and we can embed the message into that music notes so that we can provide better security.

84

www.jntuworld.com

www.jntuworld.com

REFERENCES
[1].T. Laukkanen, "Comparing consumer value creation in Internet and mobile banking," International Conference on Mobile Business (ICMB 2005), 11-13 July, 2005, pp. 655658. [2] K. Pousttchi, and M. Schurig, "Assessment of today's mobile banking applications from the view of customer requirements, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 5-8 January, 2004. [3] N. Kahzadi; E. Edalat.; and M. A. Dehgan-Dehnavi,"Commerce and M-Banking in World and Iran," Proceedings of the Third National Conference on E-Commerce, Tehran, Iran, 31 May-1 June, 2005, pp. 306-329 (In Persian). [4] W. Itani, and A. I. Kayssi, "J2ME end-to-end security for Mcommerce," 2003 IEEE Wireless Communications and Networking, vol.3, pp. 2015- 2020, 16-20 March, 2003. [5] M. Shirali-Shahreza, "Stealth Steganography in SMS,"Proceedings of the Third IEEE and IFIP Int. Conf. on Wireless and Optical Communications Networks, 11-13 April, 2006. [6] M. Shirali Shahreza, "An Improved Method for Steganography on Mobile Phone", WSEAS Transactions on Systems, Issue 7, vol. 4, pp. 955-957, July, 2005.

[7] B. Dukic, and M. Katic, "m-order - payment model via SMS within the m-banking," 27th Int. Conference on Information Technology Interfaces, 20-23 June, 2005, pp. 93-98.

85

www.jntuworld.com