Académique Documents
Professionnel Documents
Culture Documents
com
A Project report on IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY submitted in partial fulfillment of the requirement for the award of degree of BACHELOR OF TECHNOLOGY
in
COMPUTER SCIENCE & ENGINEERING by
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NOVA COLLEGE OF ENGINEERING & TECHNOLOGY
(Affiliated to Jawaharlal Nehru Technological University, Hyderabad) Jafferguda (V), Hayathnagar (M), R. R. Dist. 501512, A.P.
2010
www.jntuworld.com
www.jntuworld.com
CERTIFICATE
This is to certify that the project entitled IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY is being submitted by
in partial fulfillment of the requirements for the award of BACHELOR OF TECHNOLOGY to JNTU, Hyderabad. This record is a bonafide work carried out by them under my guidance and supervision. The result embodied in this project report has not been submitted to any other university or institute for the award of any degree of diploma.
Internal Guide
External Guide
H. O. D.
www.jntuworld.com
www.jntuworld.com
ACKNOWLEDGEMENT
I would like to express my gratitude to all the people behind the screen who helped me to transform an idea into a real application.
I would like to express my heart-felt gratitude to my parents without whom I would not have been privileged to achieve and fulfill my dreams. I am grateful to our principal, Mr. RAJA PRAKASH who most ably run the institution and has had the major hand in enabling me to do my project.
Computer Science & Engineering who has been an excellent guide and also a great source of inspiration to my work.
I would like to thank my internal guide Mr. M.SRINIVAS REDDY for his technical guidance, constant encouragement and support in carrying out my project at college.
I would also like to thank my external guide Ms. S. SOWJANYA for her technical guidance and support in carrying out my project at PANTECH
The satisfaction and euphoria that accompany the successful completion of the task would be great but incomplete without the mention of the people who made it possible with their constant guidance and encouragement crowns all the efforts with success. In this context, I would like thank all the other staff members, both teaching and non-teaching, who have extended their timely help and eased my task.
06R31A0544 06R31A0545
www.jntuworld.com
www.jntuworld.com
CONTENTS
Abstract List of Figures List of Tables List of Screens Symbols & Abbreviations 1. INTRODUCTION 1.1 Motivation 1.2 Problem definition 1.3 Objective of Project 1.4 Limitations of Project 1.5 Organization of Documentation 2. LITERATURE SURVEY 2.1 Introduction 2.2 Existing System 2.3 Disadvantages of Existing system 2.4 Proposed System 2.5 Conclusion 3. ANALYSIS 3.1 Introduction 3.2 Software Requirement Specification 3.2.1 User requirement 3.2.2 Software requirement 3.2.3 Hardware requirement 3.3 Content diagram of Project 3.4 Algorithms ad Flowcharts 3.5 Conclusion 4. DESIGN 4.1 Introduction 4.2 DFD / ER / UML diagram (any other project diagrams) 4.3 Module design and organization 4.4 Conclusion
1 2 3 3 3
4 5 5 6 7
8 13 13 14 25 30 31 33
34 34 40 46
www.jntuworld.com
www.jntuworld.com
5. IMPLEMENTATION & RESULTS 5.1 Introduction 5.2 Explanation of Key functions 5.3 Method of Implementation 5.3.1 Forms 5.3.2 Output Screens 5.3.3 Result Analysis 5.4 Conclusion 6. TESTING & VALIDATION 6.1 Introduction 6.2 Design of test cases and scenarios 6.3 Validation 6.4 Conclusion 7. CONCLUSION REFERENCES
47 47 67 69 74 79 79
80 80 83 83 84 85
www.jntuworld.com
www.jntuworld.com
ABSTRACT
www.jntuworld.com
www.jntuworld.com
Upon development of m-commerce as one of the new branches of e- commerce, m-banking has emerged as one of the main divisions of m-commerce. As the m-banking was received very well, it has embarked upon supply of various services based on different systems and with the aid of various services such as the Short Messaging Service (SMS). However, in spite of its advantages, m-banking is facing some challenges as well. One of these challenges is the issue of security of this system. This paper presents a method for increasing security of the information requested by users with the use of Steganography method. In this method, instead of direct sending of the information, it is hidden in a picture by the password. Then the address of the picture is sent to the user. After entering the password, the user can witness the information extracted from the picture if the password is entered correctly. This project is written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones, models N71 and 6680. In this method, the information is never placed on the internet and exchanged on plain form. Thus, the possibility of disclosure of information is very low. No user password is exchanged between the server and the mobile phone. Therefore there is no risk of disclosure of user password. In this method, the amount of information exchanged between user and the banking system decreases, so the responding speed of the bank system increases. Steganography is a relatively modem method in secret exchange of information. Therefore, the possibility of disclosure and extraction of its information esp. in mobile phones is much lower. The Steganography algorithm advantages are: a) The password is not stored in the Stego-image; so it is difficult to detect the password. b) Because the password is used, it is difficult to detect the information hidden in the image. c) The decoding program uses a few kilobytes of memory. Also the program is fast enough.
www.jntuworld.com
www.jntuworld.com
LIST OF FIGURES 1. Water Fall Model 2. JVM (Java Virtual Machine) 3. Content diagram of the project 4. Flowchart of the project 5. Class diagram 6. Use case diagram 7. Sequence diagram 8. Enable Path settings LIST OF TABLES 1. User Account Table 2. User Info Table 3. User Transaction Table LIST OF SCREENS 1. Login Page 2. Banking option 3. Account Details 4. Transfer Money 5. Home page for Mobile Emulator 6. Login Screen 7. Banking Option Screen 8. Steganography image 9. Display Account Details 10. Money Transfer option
ii
www.jntuworld.com
www.jntuworld.com
M-Banking J2ME J2SE J2EE API CDC MIDP CLDC KVM JVM PDA OS VM RGB LSB SQL ANSI ISO GPU ODBC WAN
Mobile Banking Java 2 Micro Edition Java 2 Standard Edition Java 2 Enterprise Edition Application Programming Interface Connected Device Configuration Mobile Information Device Profile Connected, Limited Device Configuration K Virtual Machine Java Virtual Machine Personal Digital Assistance Operating System Virtual Machine Red, Green, Blue Least Significant Bit Structures Query Language American National Standards Institute International Organization for Standards General Public License Object Database Connectivity Wide Area Network
iii
www.jntuworld.com
www.jntuworld.com
INTRODUCTION
www.jntuworld.com
www.jntuworld.com
1. INTRODUCTION
1.1 MOTIVATION
The Growing Importance of Mobile Content Music, games and video have become principal sources of online entertainment content in the consumer market, but the discrete systems used to deliver that content to end devices such as mobile handsets are still rather rudimentary. To deliver content to the consumer or business, and to adapt to rapidly changing market needs and trends, device-independent content delivered over multiple channels is neededand the content must be coupled with a digital rights management (DRM) system to allow content owners to monetize their intellectual property. At the current stage in the evolution of online content, many companies are focusing on a single part of the value chain, mainly on delivery, and they are able to gain a competitive advantage there. Because content delivery to a mobile device is currently a bottleneck, and because it is also not obvious which delivery models are the best, concentrating on delivery makes sense at the current juncture. Little attention is paid today, however, to a balanced implementation of the full value chain. Our research suggests that in a few years time, attention will shift from discrete systems focusing on delivery of specific content using rudimentary content management integration to full blown systems that are centered on reusable content suitable for multi-channel delivery. Adding and using metadata to quickly find content for a specific user in a specific context and being able to deliver that content in a timely manner and the correct format is the key to success in this more mature environment. Whether these types of systems will be owned and managed by mobile operators or by companies specialized in content (such as publishers or studios) cannot be predicted at this stage. The Special Requirements of Mobility Devices Mobile content has some very specific constraints which have to do with the small screen of the devices, the devices relatively limited wireless bandwidth as well
1
www.jntuworld.com
www.jntuworld.com
as the small storage and processing capacity on the device. Furthermore, among the devices there is a considerable spread in capacities. Standard mobile phones tend to have a small color screen, a numerical keyboard for entering data, and most have the capability to run small Java applications. Smart phones have a somewhat larger screen, additional input devices such as a keyboard to enter text, and most run a simple operating system. Brew and Windows Me are examples of two popular smart phone operating systems. While device-independent content delivered over multiple channels is the goal, mobility imposes a number of other constraints on content when compared to the wired web: The relationship of mobile browsers to websites; Location based content; User generated content and content management; and The usability of content across different mobile devices. Content is driving the market for carriers of every stripe. For the mobile operator, content ranges from information that is mobility-independent (such as a weather forecasts) to mobile-specific content (such as ring tones). Further, mobile content can be relatively static (such as a web page or a photo) or highly dynamic (such as traffic information). Beyond a set of requirements particular to mobility, managing, updating, and archiving website content as well as maintaining technical and customer information is a major business operation demanding up to-date systems.
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
LITERATURE SURVEY
www.jntuworld.com
www.jntuworld.com
2. LITERATION SURVEY
2.1 INTRODUCTION
Steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security. What is Steganography? In computer terms, steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file. Steganography Tools There are a vast number of tools that are available for steganography. An important distinction that should be made among the tools available today is the difference between tools that do steganography, and tools that do steganalysis, which is the method of detecting steganography and destroying the original message. Steganalysis focuses on this aspect, as opposed to simply discovering and decrypting the message, because this can be difficult to do unless the encryption keys are known. A comprehensive discussion of steganography tools is beyond the scope of this article. However, there are many good places to find steganography tools on the Net. One good place to start your search for stego tools is on Neil Johnson's Steganography and Digital Watermarking Web site. The site includes an extensive list of steganography tools. Another comprehensive tools site is located at the StegoArchive.com. For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site. Niels Provos's site, is also a great reference site, but is currently being relocated, so keep checking back on its progress.
www.jntuworld.com
www.jntuworld.com
The plethora of tools available also tends to span the spectrum of operating systems. Windows, DOS, Linux, Mac, and Unix: you name it, and you can probably find it.
Steganography and Security As mentioned previously, steganography is an effective means of hiding data, thereby protecting the data from unauthorized or unwanted viewing. But stego is simply one of many ways to protect the confidentiality of data. It is probably best used in conjunction with another data-hiding method. When used in combination, these methods can all be a part of a layered security approach. Some good complementary methods include: Encryption - Encryption is the process of passing data or plaintext through a series of mathematical operations that generate an alternate form of the original data known as cipher text. The encrypted data can only be read by parties who have been given the necessary key to decrypt the cipher text back into its original plaintext form. Encryption doesn't hide data, but it does make it hard to read!
www.jntuworld.com
www.jntuworld.com
problem here is it completely uses WML for the purpose. When WML is used it repeatedly has to download every bit of data from the internet which takes a lot of time, for which mobile E banking by using J2ME has been introduced. Here we perform e-banking, by this we dont have security. Time constraint is there. Phishing can be done. There is no security for the data Low bandwidth & latency issues High communication costs Low functionality and fewer capabilities in the mobile devices Security concerns.
www.jntuworld.com
www.jntuworld.com
2.5CONCLUSION
This paper presents a method for increasing security of the information requested by users with the use of steganography method. In this method, instead of direct sending of the information, it is hidden in a picture by the password. After entering the password, the user can witness the information extracted from the picture if the password is entered correctly.
www.jntuworld.com
www.jntuworld.com
ANALYSIS
www.jntuworld.com
www.jntuworld.com
3. ANALYSIS
3.1 INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to analyze the problem and understand its context. The first activity in the phase is studying the existing system and other is to understand the requirements and domain of the new system. Both the activities are equally important but the first activity serves as a basis of giving the functional specifications and then successful design of the proposed system. Understanding the properties and requirements of a new system is more difficult and requires creative thinking as well as understanding of existing system is also difficult. Improper understanding of present system can lead diversion from solution.
www.jntuworld.com
www.jntuworld.com
Here the linear ordering of these activities is critical. At the end of the phase, the output of one phase is the input to other phase. The output of each phase should be consistent with the overall requirement of the system. Some of the qualities of spiral model are also incorporated like after the people concerned with the project review completion of each of the phase the work done. WATER FALL Model has been chosen because all requirements were known before and the objective of our software development is the computerization/automation of an already existing manual working system.
www.jntuworld.com
www.jntuworld.com
10
www.jntuworld.com
www.jntuworld.com
3.1.3.1 Technical Feasibility The technical issue usually raised during the feasibility stage of the investigation includes the following: Does the necessary technology exist to do what is suggested? Do the proposed equipments have the technical capacity to hold the data required to use the new system? Will the proposed system provide adequate response to inquiries, regardless of the number or location of users? Can the system be upgraded if developed? Are there technical guarantees of accuracy, reliability, ease of access and data security? Earlier no system existed to cater to the needs of Secure Infrastructure Implementation System. The current system developed is technically feasible. It is a web based user interface for audit workflow at NIC-CSD. Thus it provides an easy access to the users. The databases purpose is to create, establish and maintain a workflow among various entities in order to facilitate all concerned users in their various capacities or roles. Permission to the users would be granted based on the roles specified. Therefore, it provides the technical guarantee of accuracy, reliability and security. The software and hard requirements for the development of this project are not many and are already
11
www.jntuworld.com
www.jntuworld.com
available in-house at NIC or are available as free as open source. The work for the project is done with the current equipment and existing software technology. Necessary bandwidth exists for providing a fast feedback to the users irrespective of the number of users using the system. 3.1.3.2 Operational Feasibility Proposed projects are beneficial only if they can be turned out into information system. That will meet the organizations operating requirements. Operational feasibility aspects of the project are to be taken as an important part of the project implementation. Some of the important issues raised are to test the operational feasibility of a project includes the following: Is there sufficient support for the management from the users? Will the system be used and work properly if it is being developed and implemented? Will there be any resistance from the user that will undermine the possible application benefits? This system is targeted to be in accordance with the above-mentioned issues. The well-planned design would ensure the optimal utilization of the computer resources and would help in the improvement of performance status. 3.1.3.3 Economic Feasibility A system can be developed technically and that will be used if installed must still be a good investment for the organization. In the economical feasibility, the development cost in creating the system is evaluated against the ultimate benefit derived from the new systems. Financial benefits must equal or exceed the costs. The system is economically feasible. It does not require any addition hardware or software. Since the interface for this system is developed using the existing resources and technologies available at NIC, There is nominal expenditure and economical feasibility for certain.
12
www.jntuworld.com
www.jntuworld.com
13
www.jntuworld.com
www.jntuworld.com
3.2.2.1 Java The JAVA language was created by James Gosling in June 1991 for use in a set top box project. The language was initially called Oak, after an oak tree that stood outside Gosling's office - and also went by the name Green - and ended up later being renamed to Java, from a list of random words. Gosling's goals were to implement a virtual machine and a language that had a familiar C/C++ style of notation. The first public implementation was Java 1.0 in 1995. It promised "Write Once, Run anywhere" (WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its security was configurable, allowing network and file access to be restricted. Major web browsers soon incorporated the ability to run secure Java applets within web pages. Java quickly became popular. With the advent of Java 2, new versions had multiple configurations built for different types of platforms. For example, J2EE was for enterprise applications and the greatly stripped down version J2ME was for mobile applications. J2SE was the designation for the Standard Edition. In 2006, for marketing purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively. In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body and later the Ecma International to formalize Java, but it soon withdrew from the process. Java remains a de facto standard that is controlled through the Java Community Process. At one time, Sun made most of its Java implementations available without charge although they were proprietary software. Sun's revenue from Java was generated by the selling of licenses for specialized products such as the Java Enterprise System. Sun distinguishes between its Software Development Kit (SDK) and Runtime Environment
14
www.jntuworld.com
www.jntuworld.com
(JRE) which is a subset of the SDK, the primary distinction being that in the JRE, the compiler, utility programs, and many necessary header files are not present. On 13 November 2006, Sun released much of Java as free software under the terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the process, making Javas entire core code open source, aside from a small portion of code to which Sun did not hold the copyright. The following are the Primary goals: There were five primary goals in the creation of the Java language: It should use the object-oriented programming methodology. It should allow the same program to be executed on multiple operating systems. It should contain built-in support for using computer networks. It should be designed to execute code from remote sources securely. It should be easy to use by selecting what were considered the good parts of other object-oriented languages The Java programming language is a high-level language that can be characterized by all of the following buzzwords: Simple Distributed Multithreaded Dynamic Architecture neutral High performance Robust Secure Object oriented Portable
Each of the preceding buzzwords is explained in The Java Language Environment , a white paper written by James Gosling and Henry McGilton. In the Java programming language, all source code is first written in plain text files ending with the .java extension. Those source files are then compiled into .class files by the java compiler. A .class file does not contain code that is native to your processor; it instead contains bytecodes the machine language of the Java Virtual Machine1 (Java
15
www.jntuworld.com
www.jntuworld.com
VM). The java launcher tool then runs your application with an instance of the Java Virtual Machine.
(An overview of the software development process) Because the Java VM is available on many different operating systems, the same .class files are capable of running on Microsoft Windows, the Solaris
TM
Operating
System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java HotSpot virtual machine, perform additional steps at runtime to give your application a performance boost. This includes various tasks such as finding performance bottlenecks and recompiling (to native code) frequently used sections of code.
Through the Java VM, the same application is capable of running on multiple platforms.
16
www.jntuworld.com
www.jntuworld.com
Java platform A platform is the hardware or software environment in which a program runs. We've already mentioned some of the most popular platforms like Microsoft Windows, Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the operating system and underlying hardware. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other hardware-based platforms. The Java platform has two components: The Java Virtual Machine The Java Application Programming Interface (API) You've already been introduced to the Java Virtual Machine; it's the base for the Java platform and is ported onto various hardware-based platforms. The API is a large collection of ready-made software components that provide many useful capabilities. It is grouped into libraries of related classes and interfaces; these libraries are known as packages.
(The API and JVM insulate the program from the underlying hardware) As a platform-independent environment, the Java platform can be a bit slower than native code. However, advances in compiler and virtual machine technologies are bringing performance close to that of native code without threatening portability. Java Runtime Environment The Java Runtime Environment, or JRE, is the software required to run any application deployed on the Java Platform. End-users commonly use a JRE in software packages and Web browser plugins. Sun also distributes a superset of the JRE called the Java 2 SDK (more commonly known as the JDK), which includes development tools such as the Java compiler, Javadoc, Jar and debugger.
17
www.jntuworld.com
www.jntuworld.com
One of the unique advantages of the concept of a runtime engine is that errors (exceptions) should not 'crash' the system. Moreover, in runtime engine environments such as Java there exist tools that attach to the runtime engine and every time that an exception of interest occurs they record debugging information that existed in memory at the time the exception was thrown (stack and heap values). These Automated Exception Handling tools provide 'root-cause' information for exceptions in Java programs that run in production, testing or development environments.
1
(JVM) implementations that are optimized for the type of systems they are targeted at.
For example, the K Virtual Machine (KVM) is a JVM optimized for resource constrained devices, such as mobile phones and PDAs.
J2ME is part of the Java 2 Platform The following characteristics are shared among the three Java editions: Write Once Run Anywhere: because Java technology relies on Java byte-code that is interpreted by a virtual machine, applications written in Java can run on similar types of systems (servers, desktop systems, mobile devices) independent of the underlying operating system and processor. For example, a developer doesn't need to develop and maintain different versions of the same application to run on a Nokia
18
www.jntuworld.com
www.jntuworld.com
Communicator running the EPOC operating system, a Compaq iPAQ running PocketPC, or even a PDA powered by the Linux operating system. On mobile phones, the variety of processors and operating systems is even more significant, and therefore the wireless community in general is seeking a solution that is platform agnostic, such as WAP or J2ME. Security: while on the Internet, people are used to secure data transactions and
downloading files or email messages that may contain viruses, few wireless networks today support standard Internet protocols, and wireless operators are concerned by the security issues associated with the download of standard C applications on their networks. Java technology features a robust security model: before any application is executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity. Once an application is running, it cannot access system resources outside of a 'sandbox,' preventing applications from acting as viruses. Finally, Java applications can take advantage of standard data encryption solutions (SSL or Elliptic Curve Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, WCDMA), providing a robust infrastructure for Mcommerce and enterprise application access. Rich graphical user interface: you may remember that the first demonstration of
Java technology was done using an animated character on a web page. While animated GIF files have made this use of the technology obsolete on desktop systems, mobile devices can benefit from richer GUI APIs that allow for differentiation of services and the development of compelling applications. Network awareness: while Java applications can operate in disconnected mode, they are network-aware by default, allowing applications to be dynamically downloaded over a network. Additionally, Java is network-agnostic, in the sense that Java applications can exchange data with a backend server over any network protocol, whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA, TDMA, PHS, CDPD, Mobitex, and so on.
19
www.jntuworld.com
www.jntuworld.com
The J2ME Application Cycle Contrary to the web browser model, which requires continuous connectivity and offers a limited user interface and security experiences, J2ME allows applications to be dynamically downloaded to a mobile device in a secure fashion. J2ME applications can be posted on a Web server, allowing end users to initiate the download of an application they select through a micro browser or other application locator interface. Wireless operators, content providers, and ISVs can also push a set of J2ME applications and manage them remotely. The Java provisioning model puts the responsibility of checking the compatibility of the applications (such as version of the J2ME specification used, memory available on the handset) on the handset itself, allowing the end user to ignore the intricacies associated with typical desktop systems. Once a J2ME application is deployed on a mobile device, it stays there until the user decides to upgrade or remove it. The application can be operated in disconnected mode (such as standalone game, data entry application) and store data locally, providing a level of convenience that is not available on current browser-based solutions. Because the application resides locally, the user doesn't experience any latency issues, and the application can offer a user interface (drop-down menus, check boxes, animated icons) that is only matched by native C applications. The level of convenience is increased because the user can control when the application initiates a data exchange over the wireless network. This allows for big cost savings on circuit0switched networks, where wireless users are billed per minute, and allows a more efficient exchange of data, since many applications can use a store and forward mechanism to minimize network latency.
20
www.jntuworld.com
www.jntuworld.com
J2ME applications can exchange data over WAP, i-mode or TCP based wireless networks
Additionally, J2ME applications can leverage any wireless network infrastructure, taking advantage of a WAP network stack on current circuit-switched networks (GSM, CDMA, and TDMA). The same applications are ready to be used on packet-based networks, allowing the use of standard Internet protocols, such as HTTPS over SSL (data encryption), IMAP (email), LDAP (directories), between the J2ME enabled client application and the backend infrastructure. J2ME Benefits on Wireless Devices Let's look at how Java technology fits in the wireless service evolution. Originally, analog technology was sufficient to handle voice services, but the quality of the calls was sketchy and multiple radio networks competed with one another. Today we take advantage of the second generation of networks and services (2G networks), which use digital networks and web browser technologies. This provides access to data services, but markup languages present some limitations. Markup languages are a step in the right direction, but browser-based applications don't work
21
www.jntuworld.com
www.jntuworld.com
when out of coverage-require air time for even simple operations (such as entering appointments in browser-based calendar) - offer a limited user interface paradigm (character-based, static black and white images, cumbersome navigation interface). When Java technology is added to this environment, it brings additional benefits that translate into an enhanced user experience. Instead of plain text applications and latency associated to a browser-based interface, the user is presented with rich animated graphics, a fast interaction, the capability to use an application off-line, and maybe most interestingly, the capability to dynamically download new applications to the device. For application developers, this means that you can use your favorite programming language and your favorite development tools, rather than learning a new programming environment. There are over 2.5 million developers who have already developed applications using the Java programming language, primarily on the server side. Once these developers become familiar with the small set of J2ME APIs, it becomes relatively easy to develop small client modules that can exchange data with server applications over the wireless network. The challenges that remain the same for Java, WAP, or native APIs is that small screens and limited input interfaces require developers to put some effort into the development of the application user interface. In other worlds, small devices force developers to abandon bad or lazy programming techniques.
What Type of Applications Does J2ME Enable? Many people expect to see new type of applications developed with J2ME. You can argue that the application categories would remain the same, except for a few exceptions such as location services and data applications that integrate with telephony functionality. The outcome is likely to be applications that are context sensitive (immediacy, location, personal or professional use) and are migrating from a characterbased interface (browser-based applications) to a graphical environment, providing developers and end users with an unmatched level of flexibility. Just think about the evolution from DOS or mainframe applications to Windows, MacOS, or Solaris graphical
22
www.jntuworld.com
www.jntuworld.com
environment. We still use processors, spreadsheets, accounting applications like in the good old days, but because the new generation of applications take advantage of a richer graphical environment, the applications are better and easier to use. Therefore, expect to see J2ME developers targeting the same categories of applications they focused on with WAP, but this time with the user experience compelling enough for ISVs and system integrators to be able to charge for them. As far as adoption of J2ME, the prognostics are rather good. Evans Data recently conducted a survey2 among 500 wireless application developers, concluding that more developers will use Java and J2ME to develop wireless applications (30%) than native C APIs (Palm OS, Pocket PC, EPOC) or even WAP. The market that J2ME will penetrate the fastest is the Japanese market, with Nikkei Market Access3 forecasting a penetration rate of 40% this year. NTT DoCoMo, who started shipping J2ME enabled I-mode phones at the end of January, has already sold 1 million units, and they expect the number to increase to 3 million by the end of September. The two other major Japanese wireless operators (KDDI and J-Phone) will join DoCoMo in the deployment of J2ME enabled handsets by the end of the summer. Obviously, forecasts can be misleading, as the experience with WAP, Bluetooth and 3G has shown. Therefore, what really matters is the number of handset manufacturers that are planning to make available J2ME enabled phones and PDAs this year, as well as the number of wireless operators that are endorsing the technology and putting in place a network infrastructure that will allow ISVs, content providers and corporations to deploy J2ME applications and services over their network. The benefits of Java technology as provided by J2ME in the wireless arena are many and varied. From its Write Once Run Anywhere flexibility, to its robust security features, to its support for off-line processing and local data storage, to its leverage of any wireless infrastructure, to its fine-tuned control of data exchange, J2ME is a natural platform for wireless application development. The numbers bear this out -- the ranks of J2ME developers are growing fast.
23
www.jntuworld.com
www.jntuworld.com
3.2.2.3 MySQL MySQL is a relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases. MySQL is primarily an RDBMS and therefore ships with no GUI tools to administer MySQL databases or manage data contained within. Users may use the included command-line tools, or download MySQL Frontends from various parties that have developed desktop software and web applications to manage MySQL databases, build database structure, and work with data records. 3.2.2.4 Apache Tomcat Apache Tomcat is an open source servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the Java Server Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java" HTTP web server environment for Java code to run.
3.2.2.5 Apache ANT Apache Ant is a software tool for automating software build processes. It is similar to Make but is implemented using the Java language, requires the Java platform, and is best suited to building Java projects. The most immediately noticeable difference between Ant and Make is that Ant uses XML to describe the build process and its dependencies, whereas Make has its Make file format. By default the XML file is named build.xml. 3.2.2.6 J2ME unit test tool J2ME Unit was created to run in small spaces where various classes like reflection and certain primitives like double are not available. J2ME Unit includes a test runner that will run on Motorolas Mobile Information Device Profile(MIDP) and a text ui test runner that prints text output.
24
www.jntuworld.com
www.jntuworld.com
3.2.4.2 Output Definition The outputs should be defined in terms of the following points: Type of the output. Content of the output. Format of the output. Location of the output. Frequency of the output. Volume of the output. Sequence of the output.
25
www.jntuworld.com
www.jntuworld.com
It is not always desirable to print or display data as it is held on a computer. It should be decided as which form of the output is the most suitable. For Example Will decimal points need to be inserted Should leading zeros be suppressed.
3.2.4.3 Output Media In the next stage it is to be decided that which medium is the most appropriate for the output. The main considerations when deciding about the output media are: The suitability for the device to the particular application. The need for a hard copy. The response time required. The location of the users The software and hardware available. Keeping in view the above description the project is to have outputs mainly coming under the category of internal outputs. The main outputs desired according to the requirement specification are: The outputs were needed to be generated as a hot copy and as well as queries to be viewed on the screen. Keeping in view these outputs, the format for the output is taken from the outputs, which are currently being obtained after manual processing. The standard printer is to be used as output media for hard copies. 3.2.4.4 Input Design Input design is a part of overall system design. The main objective during the input design is as given below: To produce a cost-effective method of input. To achieve the highest possible level of accuracy. To ensure that the input is acceptable and understood by the user.
26
www.jntuworld.com
www.jntuworld.com
3.2.4.5 Input Stages The main input stages can be listed as below: Data recording Data transcription Data conversion Data verification Data control Data transmission Data validation Data correction
3.2.4.6 Input Types It is necessary to determine the various types of inputs. Inputs can be categorized as follows: External inputs, which are prime inputs for the system. Internal inputs, which are user communications with the system. Operational, which are computer departments communications to the system? Interactive, which are inputs entered during a dialogue.
3.2.4.7 Input Media At this stage choice has to be made about the input media. To conclude about the input media consideration has to be given to: Type of input Flexibility of format Speed Accuracy Verification methods Rejection rates Ease of correction Storage and handling requirements
27
www.jntuworld.com
www.jntuworld.com
Security Easy to use Portability Keeping in view the above description of the input types and input media, it can
be said that most of the inputs are of the form of internal and interactive. As Input data is to be the directly keyed in by the user, the keyboard can be considered to be the most suitable input device. 3.2.4.8 Error Avoidance At this stage care is to be taken to ensure that input data remains accurate form the stage at which it is recorded up to the stage in which the data is accepted by the system. This can be achieved only by means of careful control each time the data is handled. 3.2.4.9 Error Detection Even though every effort is make to avoid the occurrence of errors, still a small proportion of errors is always likely to occur, these types of errors can be discovered by using validations to check the input data. 3.2.4.10 Data Validation Procedures are designed to detect errors in data at a lower level of detail. Data validations have been included in the system in almost every area where there is a possibility for the user to commit errors. The system will not accept invalid data. Whenever an invalid data is keyed in, the system immediately prompts the user and the user has to again key in the data and the system will accept the data only if the data is correct. Validations have been included where necessary. The system is designed to be a user friendly one. In other words the system has been designed to communicate effectively with the user. The system has been designed with popup menus.
28
www.jntuworld.com
www.jntuworld.com
29
www.jntuworld.com
www.jntuworld.com
SENDER MOBILE
RECIEVER SERVER
INPUT
NETWORK
STEGO IMAGE
KEY
Processing (Hiding Mechanism)
Processing
(Extracting Mechanism) OUTPUT (Data)
Secret e
KEY
30
www.jntuworld.com
www.jntuworld.com
31
www.jntuworld.com
www.jntuworld.com
32
www.jntuworld.com
www.jntuworld.com
3.5 CONCLUSION
In this phase, we understand the software requirement specifications for the project. We arrange all the required components to develop the project in this phase itself so that we will have a clear idea regarding the requirements before designing the project. Thus we will proceed to the design phase followed by the implementation phase of the project.
33
www.jntuworld.com
www.jntuworld.com
DESIGN
www.jntuworld.com
www.jntuworld.com
4. DESIGN
4.1 INTRODUCTION
In this project, we propose a mobile-based software token system that is supposed to replace existing hardware and computer-based software tokens. The proposed system is secure.
www.jntuworld.com
www.jntuworld.com
In the conceptual design of a system, a number of classes are identified and grouped together in a class diagram which helps to determine the statical relations between those objects. With detailed modeling, the classes of the conceptual design are often split in a number of subclasses.
M ai n c m d L o g in c m d E x it c m dB ac k t x t U s e rn a m e t x t P a s s w o rd t x t IP s t a rt A p p () c o m m a n d A c t io n () c a llL o g in S e rvle t ()
35
www.jntuworld.com
www.jntuworld.com
Transfer Money
Steganography
Customer
bank ing
Account details
Customer
Authentication
Transaction
LSB
36
www.jntuworld.com
www.jntuworld.com
C u s to m e r
A u t h e n t i c a t io n
L o g in
T ra n s a c t io n
S te ga n o g ra ph y
p ro c e s s e d
w a n t s t h e d e ta i l s
A u t h e n t ic a t io n is d o n e
i f s u c c e s s fu l t h e n l o g i n
r e q u e s t fo r m o n e y tr a n s fe r
p e r fo r m s s t e g a n o g r a p h y
t h e a m o u n t is s e n t
37
www.jntuworld.com
www.jntuworld.com
Mobile Client
Server
Enter Username& password. Send Username encrypted with Password in an Image along with Accno Authenticate
Request for account details Encryption & Send Data Image Embedding
Exit
38
www.jntuworld.com
www.jntuworld.com
Money Transfer
Mobile
Client
Send Username encrypted with Password in an Image along with Accno. Authenticate
Exit
39
www.jntuworld.com
www.jntuworld.com
The client first opens the Banks web page by specifying its URL. Next, the client is requested to enter the unique Username and Password for authentication purpose. If entered correctly, the user is logged on to the next page.
The next page displays the account number, account type and balance details of the client. Also, two more options are displayed to the user. Depending on the users need, any one of the options can be selected. The Account details option, if selected displays the account details along with details about the last few transactions made by the
40
www.jntuworld.com
www.jntuworld.com
client. Transfer money option is used for transferring funds from one account to another account. The user is requested to enter the account number to which money has to be transferred, the amount to transfer and the transaction password. In this module no security measures have been implemented. This module has been performed to confirm the communication path between the server and the client.
JSP: Java Server Pages (JSP) is a Java technology that allows software developers to dynamically generate HTML, XML or other types of documents in response to a Web client request. The technology allows Java code and certain pre-defined actions to be embedded into static content.
The JSP syntax adds additional XML-like tags, called JSP actions, to be used to invoke built-in functionality. Additionally, the technology allows for the creation of JSP tag libraries that act as extensions to the standard HTML or XML tags. Tag libraries provide a platform independent way of extending the capabilities of a Web server.
JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler may generate a servlet in Java code that is then compiled by the Java compiler, or it may generate byte code for the servlet directly. JSPs can also be interpreted on-the-fly reducing the time taken to reload changes.
41
www.jntuworld.com
www.jntuworld.com
Java Server Pages (JSP) technology provides a simplified, fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent
Main - Which prefers the main Login page passes the request to the server Details from the server we have a details (mini statement) to the client Transfer these option which transfers the amount to the other account.
Mobile Banking comes very handy by reducing the stress of the customer to go to the bank, the delay for enquiry and transaction etc. Every customer who has an account in the bank and wishes to enhance his privacy, he will be given software by the bank which can be exclusively used only by that account holding person i.e. the software the customer holds can only perform his transaction and viewing of his account details corresponding to his account number.
First the user has to be authenticated. For this he is requested for the Username, Password and the IP of the server along with the port number. These values have to be authenticated by the server. For this, first we encrypt the Username by using the
42
www.jntuworld.com
www.jntuworld.com
password as the key. We then hide the data in a picture using Steganography. This data is sent to IP entered by the user, which is nothing but the server along with the Account number.
The server then receives the image along with the account number. The server then finds the password corresponding to the account number from the database. It then retrieves the data from the image by performing steganography and decryption by using the password as the key. If the server is able to retrieve the data, then the password and username are considered correct and hence the user is authenticated. The database corresponding to authentication is similar. Now two options will be displayed to the user namely, Account Details and Transaction. The user then has to select one among these. Account Details Option
If the user selects this option a request is sent to the server. The server then processes this request and sends the reply to the mobile client. In the act of processing, the server finds the account details of that particular account number. This data is encrypted and then hidden in a picture using steganography. The mobile client then receives this image. The password is requested from the user. Using this password, the data is retrieved and displayed to the user. Transfer Money Option If the user selects this option the server request the user for account no to which the money should be transferred and the also takes the input as amount which is to be transferred to that particular account and also the transaction password should be entered for maintaining secrecy and authentication. After entering all the details the money will be transferred into the requested account.
43
www.jntuworld.com
www.jntuworld.com
Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message.
By contrast, cryptography obscures the meaning of a message, but it does not conceal the fact that there is a message. Combining steganography of data in picture and using png format pictures this article proposes a method for hidden exchange of information.
The main focus of this article is on steganography in banking applications pictures and making this possible on mobile phones considering the limitations in mobile phones.
After receiving a picture message containing hidden data, the decoder program extracts the data and immediately changes the steganography places.
Usually 24-bit or 8-bit files are used to store digital images. The former one provides more space for information hiding; however, it can be quite large. The colored representations of the pixels are derived from three primary colors: red, green and blue. 24-bit images use 3 bytes for each pixel, where each primary color is represented by 1 byte. Using 24-bit images each pixel can represent 16,777,216 color values. We can use the lower two bits of these color channels to hide data, then the maximum color change in a pixel could be of 64-color values, but this causes so little change that is undetectable for
44
www.jntuworld.com
www.jntuworld.com
the human vision system. This simple method is known as Least Significant Bit insertion as in figure 3.5. Algorithm to embed the encrypted data: This algorithm is only for embedding a character (8-bit). For embedding the entire message, the steps in the algorithm are repeated. The output obtained as a result of encryption performed in Module 3 is embedded in an image which is of Portable Network Graphics format i.e. image with .png extension. The process of embedding consists of the following steps: Step 1: The image is selected initially, in which data has to be embedded. Step 2: The total number of pixels in the image is calculated by using the formulawidthxheight.
Figure 3.5 LSB Methodology Step 3: The color intensities of each and every pixel is retrieved and stored in an array. Each pixel constitutes of 3 bytes, where each byte represents one of the three primary colors i.e. RGB.
45
www.jntuworld.com
www.jntuworld.com
Step 4: AND operation is performed on each byte of the pixel along with the binary equivalent of 252. The result obtained is the byte value with the last two bits as 00. Step 5: The cipher text is AND operated with the binary equivalent of 03 to retrieve the last two bits of the message. Step 6: The OR operation is performed with the output of step 4 and step 5. Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm mentioned above is to be performed.
4.4 CONCLUSION
In this way we can design the layout of the project which is to be implemented during the construction phase. Thus we will have a clear picture of the project before being coded. Hence any necessary enhancements can be made during this phase and coding can be started
46
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
private static String private static String private static String private static String
private Connection connection; public Database() throws SQLException, ClassNotFoundException { ResourceBundle bundle ResourceBundle.getBundle("MessageResources"); =
47
www.jntuworld.com
www.jntuworld.com
username = bundle.getString("jdbc.user"); password = bundle.getString("jdbc.password"); Class.forName(jdbcDriver); //set Java database connectivity driver connection = DriverManager.getConnection(dbURL, username, password); } public ResultSet executeQuery(String query)throws SQLException { PreparedStatement st = connection.prepareStatement(query);
return st.executeQuery(); } public int executeUpdate(String statement)throws SQLException { PreparedStatement st= connection.prepareStatement(statement); return st.executeUpdate(); } public void close() { try { connection.close(); } catch (SQLException sqlException) { sqlException.printStackTrace(); connection = null; } } protected void finalize() { close(); }}
48
www.jntuworld.com
www.jntuworld.com
49
www.jntuworld.com
www.jntuworld.com
} public void startApp() { showLoginForm(); } public void pauseApp() { } public void destroyApp(boolean unconditional) { } public void commandAction (Command c, Displayable d) { if(c == cmdLogin) { try { Gauge gau = new Gauge("Connecting",false,8,0); Form frm = new Form("Please Wait.. ",new Item[] {gau}); gau.setValue(2); display.setCurrent(frm); ipAddress = txtIP.getString(); password = txtPassword.getString(); gau.setValue(4); hideMessage(); gau.setValue(6); callLoginServlet(); } catch (Exception e) { showError(e.toString());
50
www.jntuworld.com
www.jntuworld.com
else if (c == cmdExit) { destroyApp(false); notifyDestroyed(); } else { switch(menu.getSelectedIndex()) { case 0: {detail = new Detail(display);break; } case 1: {transfer = new Transfer(display);break;} } } } private void callLoginServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection hc = null; InputStream iStrm = null; OutputStream oStrm = null; try { String url = new "/mbank1/Login?a=001002001"); String("http://" + ipAddress +
51
www.jntuworld.com
www.jntuworld.com
oStrm.write(byteRGB); if (hc.getResponseCode() == HttpConnection.HTTP_OK) { iStrm = hc.openInputStream(); int length = (int) hc.getLength(); if (length > 0) { byte resopnseData[] = new byte[length]; iStrm.read(resopnseData); String data = new String(resopnseData); if(data.equals("EC999")){ showError("Invalid Username/Password"); }else if(data.equals("EC899")){ showError("Database Error"); }else { firstname = data; password = txtPassword.getString(); showMenu(firstname); } } else { showError("Unable to read data"); } } else {
showError("Response error"); } } catch (IOException ioe) { showError(ioe.toString()); } finally { try { if (oStrm != null)
52
www.jntuworld.com
www.jntuworld.com
oStrm.close(); if (iStrm != null) iStrm.close(); if (hc != null) hc.close(); } catch (IOException ioe) { showError(ioe.toString()); }}} public void showLoginForm() { loginForm = new Form("MBank");
txtUsername = new TextField("Username ", "", 15, TextField.ANY); txtPassword = new TextField("Password ", "", 15, TextField.PASSWORD); txtIP = new TextField("IP Address", "", 25, TextField.ANY); loginForm.append(txtUsername); loginForm.append(txtPassword); loginForm.append(txtIP); loginForm.addCommand(cmdLogin); loginForm.addCommand(cmdExit); loginForm.setCommandListener(this); display.setCurrent(loginForm); } public void showError(String message) { Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR ); newAlert.setTimeout( Alert.FOREVER ); display.setCurrent(newAlert); } public void showMenu(String message) { menu = new List("MBank , Welcome "+message, Choice.IMPLICIT); menu.append("Account Details", null);
53
www.jntuworld.com
www.jntuworld.com
menu.append("Transfer Money", null); menu.addCommand(cmdExit); menu.setCommandListener(this); display.setCurrent(menu); } public void hideMessage() { Image image; int[] dataRGB; try { image = Image.createImage("/earth.png"); dataRGB = new int[image.getWidth() * image.getHeight()]; byteRGB = new byte[dataRGB.length * 4]; image.getRGB(dataRGB, image.getHeight()); 0, image.getWidth(), 0, 0, image.getWidth(),
byteRGB = getByte(dataRGB); Cryptograph crypt = new Cryptograph(txtUsername.getString(),password ); String cipher = crypt.encrypt(); cipher += "*"; byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes()); }catch (IOException ioe){ showError("Not able to load Image"); }} private byte[] getByte(int[] source){ byte[] byteRGB = new byte[source.length * 4]; for (int i=0 ; i<source.length ; i++){ byteRGB[i * 4 + 0] = (byte)((source[i] >> 24) & 0x000000ff); byteRGB[i * 4 + 1] = (byte)((source[i] >> 16) & 0x000000ff); byteRGB[i * 4 + 2] = (byte)((source[i] >> byteRGB[i * 4 + 3] = (byte)((source[i] >> return byteRGB;}} 8) & 0x000000ff); 0) & 0x000000ff);}
54
www.jntuworld.com
www.jntuworld.com
import javax.microedition.lcdui.*; import javax.microedition.io.*; import java.io.*; import javax.microedition.lcdui.Image; import javax.microedition.lcdui.ImageItem; import javax.microedition.lcdui.Item; public class Detail implements CommandListener, Runnable { public static Main mainMidlet=null; private Display display; private Form detailForm; private Form imageForm; private TextField tfPwd; private Command cmdBack = new Command("Back", Command.BACK, 1); private Command Command.SCREEN, 1); cmdDetail = new Command("View Detail",
private byte imageData[]; private int[] intNewImage; public Detail(Display disp) { display = disp; try { callDetailServlet(); }
catch (Exception e) {
55
www.jntuworld.com
www.jntuworld.com
showError(e.toString()); }} public void callDetailServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection http = null; DataInputStream iStrm = null; String url = "http://" "/mbank1/Detail?a=001002001" ; try { http = (HttpConnection) Connector.open(url); // http.setRequestProperty("User-Agent","Profile/MIDP-2.0 Configuration/CLDC-1.1"); // http.setRequestProperty("User-Account", "001002001"); + mainMidlet.ipAddress +
http.setRequestMethod(HttpConnection.GET); iStrm = http.openDataInputStream(); ByteArrayOutputStream bStrm = null; if (http.getResponseCode() == HttpConnection.HTTP_OK) { int length = (int) http.getLength(); if (length != -1) { imageData = new byte[length]; iStrm.readFully(imageData); } else { bStrm = new ByteArrayOutputStream(); int ch;
56
www.jntuworld.com
www.jntuworld.com
while ((ch = iStrm.read()) != -1) bStrm.write(ch); imageData = bStrm.toByteArray(); bStrm.close(); } intNewImage = new int[imageData.length/4]; int indexIntNewImage = 0; for (int j=0 ; j<imageData.length ; j+=4){ int alpha = (imageData[j + 0] << 24 ) & 0xff000000; int red = (imageData[j + 1] << 16 ) & 0x00ff0000; 8 ) & 0x0000ff00; 0 ) & 0x000000ff; = } Image image = Image.createRGBImage(intNewImage, 64, 64, true); ImageItem imageItem = new ImageItem("\n", ImageItem.LAYOUT_CENTER | ImageItem.LAYOUT_NEWLINE_BEFORE | ImageItem.LAYOUT_NEWLINE_AFTER, "MBank"); imageForm = new Form("Steganograpy Image"); tfPwd = new TextField("Password:", TextField.PASSWORD); imageForm.append(imageItem); imageForm.append(tfPwd); imageForm .addCommand(cmdDetail); imageForm .setCommandListener(this); display.setCurrent(imageForm); }else { showError("Response Error"); } } "", 10, TextField.ANY | image, alpha + red + green +
intNewImage[indexIntNewImage] blue;indexIntNewImage++;
catch (Exception e)
57
www.jntuworld.com
www.jntuworld.com
{ showError(e.toString()); } finally {if (iStrm != null) try { iStrm.close(); } catch (Exception ce) { } } if (http != null) { try { http.close(); } catch (Exception ce) { } } } public void startApp() { } public void pauseApp() { } public void destroyApp(boolean unconditional) { }
58
www.jntuworld.com
www.jntuworld.com
showDetail(imageData); } } public void showError(String message) { Alert newAlert = new Alert( "Error!",message,null,AlertType.ERROR ); newAlert.setTimeout( Alert.FOREVER ); display.setCurrent(newAlert); } public void showDetail( byte data[]){ String message = Steganograph.retrieveMessage(data); Cryptograph crypt = new Cryptograph(message, String decMes = crypt.decrypt(); tfPwd.getString());
detailForm = new Form("MBank-Account Details"); StringTokenizer tok = new StringTokenizer(decMes,";"); StringItem item = new StringItem("Acc No detailForm .append(item); item = new StringItem("Acc Type: detailForm .append(item); item = new StringItem("Balance detailForm .append(item); item = new StringItem("----------------------------------------",""); detailForm .append(item); item = new StringItem("Mini Statement",""); detailForm .append(item); item = new StringItem("----------------------------------------",""); detailForm .append(item); item = new StringItem(" Date Action Amount",""); : ",tok.nextToken()); ",tok.nextToken().toUpperCase()); : ",tok.nextToken());
59
www.jntuworld.com
www.jntuworld.com
for(int i=0;i<transCount;i++){ item = new StringItem("" ,tok.nextToken() + " " tok.nextToken().toUpperCase() + " " + tok.nextToken()); detailForm .append(item); } detailForm .addCommand(cmdBack); detailForm .setCommandListener(this); display.setCurrent(detailForm); } } +
60
www.jntuworld.com
www.jntuworld.com
TextField("Amount TextField("Transaction
", Password",
"", "",
15, 15,
transferForm.append(txtToAccount); transferForm.append(txtAmount); transferForm.append(txtTPassword); transferForm.addCommand(cmdSend); transferForm.addCommand(cmdBack); transferForm.setCommandListener(this); display.setCurrent(transferForm); } public void startApp() { } public void pauseApp() { } public void destroyApp(boolean unconditional){ }
public void commandAction(Command c, Displayable s) { if (c == cmdBack) { mainMidlet.showMenu(mainMidlet.firstname); } else if(c == cmdSend) { try{ message = txtToAccount.getString() +txtAmount.getString() + ";" + txtTPassword.getString(); hideMessage(); callTransferServlet(); }catch (Exception e) { showError(e.toString()); } } } + ";"
61
www.jntuworld.com
www.jntuworld.com
private void callTransferServlet() throws IOException { new Thread(this).start(); } public void run() { HttpConnection hc = null; InputStream iStrm = null; OutputStream oStrm = null; mainMidlet.ipAddress try { String url = new String("http://" + "/mbank1/Transfer?a=001002001"); +
hc.setRequestMethod(HttpConnection.POST); oStrm = hc.openOutputStream(); oStrm.write(byteRGB); if (hc.getResponseCode() HttpConnection.HTTP_OK) { iStrm = hc.openInputStream(); int length = (int) hc.getLength(); if (length > 0) { byte resopnseData[] = new byte[length]; iStrm.read(resopnseData); String data = new String(resopnseData); if(data.equals("EC999")){ showError("Invalid Username/Password"); }else if (data.equals("TEC100")) { showError("Invalid Transaction password"); ==
62
www.jntuworld.com
www.jntuworld.com
}else if(data.equals("TEC200")){ showError("Insuffidient Balance"); }else if(data.equals("TEC300")){ Account"); showError("Invalid }else if(data.equals("TEC400")){ No"); showError("Check Transfer Account Transfer
}else if(data.equals("TEC900")){ showMessage(); } } else { showError("Unable to read data");} } else showError("Response error"); } } catch (IOException ioe) { showError(ioe.toString()); } finally { try { if (oStrm != null) oStrm.close(); if (iStrm != null) iStrm.close(); if (hc != null) hc.close(); } catch (IOException ioe) { showError(ioe.toString()); } } public void showError(String message) { } {
63
www.jntuworld.com
www.jntuworld.com
new
Alert(
Form messageForm = new Form("Transaction Message"); messageForm.append("Transaction Successful"); messageForm.addCommand(cmdBack); messageForm.setCommandListener(this); display.setCurrent(messageForm); public void hideMessage() { Image image; int[] dataRGB; try { image = Image.createImage("/cube.png"); dataRGB = new int[image.getWidth() * image.getHeight()]; byteRGB = new byte[dataRGB.length * 4]; image.getRGB(dataRGB, image.getHeight()); 0, image.getWidth(), 0, 0, image.getWidth(), }
byteRGB = getByte(dataRGB); Cryptograph crypt = new Cryptograph(message,mainMidlet.password ); String cipher = crypt.encrypt(); cipher += "*"; byteRGB = Steganograph.embedMessage(byteRGB, cipher.getBytes()); }catch (IOException ioe){ showError("Not able to load Image"); } } private byte[] getByte(int[] source){ byte[] byteRGB = new byte[source.length * 4];
64
www.jntuworld.com
www.jntuworld.com
for (int i=0 ; i<source.length ; i++){ 0x000000ff); 0x000000ff); 0x000000ff); 0x000000ff); } return byteRGB; }} byteRGB[i byteRGB[i byteRGB[i byteRGB[i * * * * 4 4 4 4 + + + + 3] 0] 1] 2] = = = = (byte)((source[i] (byte)((source[i] (byte)((source[i] (byte)((source[i] >> >> >> >> 24) 16) 8) 0) & & & &
public static byte[] embedMessage(byte byteRGB[],byte msgBytes[]){ for (int i=0 ; i<msgBytes.length ; i++){ byteRGB[i * 4 + 0] = (byte)((byteRGB[i * 4 + 0] & 0xFC)|(msgBytes[i] & 0x03)); byteRGB[i * 4 + 1] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>2) & 0x03)); byteRGB[i * 4 + 2] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>4) & 0x03)); byteRGB[i * 4 + 3] = (byte)((byteRGB[i 0xFC)|((msgBytes[i]>>6) & 0x03)); } return byteRGB; } public static String retrieveMessage(byte byteRGB[]) * * * 4 4 4 + + + 1] 2] 3] & & &
65
www.jntuworld.com
www.jntuworld.com
{ byte [] extractdata = new byte [byteRGB.length]; int c= 0; for (int i=0;i<byteRGB.length/4;i++){ extractdata[c++] = (byte)(byteRGB[i * 4 + 0] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 1] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 2] & 0x03); extractdata[c++] = (byte)(byteRGB[i * 4 + 3] & 0x03); }
StringBuffer extractedMsg = new StringBuffer(); byte[] messageBytes = new byte[extractdata.length/4]; int twoBitByteCnt = 0; for (int i=0;i<messageBytes.length;i++){ messageBytes[i] = (byte)(extractdata[twoBitByteCnt++]); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 2)); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 4)); messageBytes[i] = (byte)(messageBytes[i] (extractdata[twoBitByteCnt++] << 6)); if((char)(messageBytes[i]) == '*')break; extractedMsg.append((char)(messageBytes[i])); } String Message = new String(extractedMsg); return Message; } } | | |
66
www.jntuworld.com
www.jntuworld.com
as 8080. After that install MySQL database in your system. After installing MySQL, install SQL Yog, an application which has GUI to organize MySQL databases. You can install an IDE like ECLIPSE or an EditPlus editor to write Java programs (optional). You can even write them in notepad also. For the purpose of Testing you need to install J2MEUNIT testing tool. Enable Path Settings Now the path settings have to be enabled so that your system will be able to recognize the above installed softwares. Note that correct path have to be given otherwise it may raise an error. The following picture depicts the method of setting path:
67
www.jntuworld.com
www.jntuworld.com
Now we have to write code for all the pages using the concept of Java Server Pages. It gives the user interface for the project. The server validation processes will be handled by the Servlet Technology. All servlet programs have to be written and interpreted for generating their .class files. The database programs can be implemented using SQL Yog. Follow this hierarchy for arranging your files:
+Tomcat 1.6 +webapps +bookstore .jsp files +images +include +WEB-INF web.xml +classes +lib +src
68
www.jntuworld.com
www.jntuworld.com
All .jsp pages are placed in the /bookstore application folder. All .class files generated are placed in /classes folder of /WEB-INF. All APIs including comm.jar, jsp-api.jar, etc. are placed in /lib folder of /WEBINF. All source code files are placed in /src folder of /WEB-INF. Now launch Tomcat service and go to Tomcat Manager. Click mbank
5.3.1 Forms
The following are some of the forms available in our project: 5.3.1.1 Login
import javax.servlet.http.*; import javax.servlet.*; import java.io.*; import javax.sql.DataSource; import java.util.ArrayList; import java.sql.Connection; import java.sql.Statement; import java.sql.ResultSet; import java.sql.SQLException; public class LoginServlet extends HttpServlet { Database db = null; ResultSet rs = null; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userAccount = "" ; String username = ""; String password = ""; String firstname = ""; userAccount = request.getParameter("a"); response.setContentType("text/plain"); PrintWriter out=response.getWriter();
69
www.jntuworld.com
www.jntuworld.com
try {
out.print("EC899"); } try { final username,password,firstname userAccount +"'"; rs = db.executeQuery(query); if(rs.next()) { username = rs.getString(1); password = rs.getString(2); firstname = rs.getString(3); InputStream in = request.getInputStream(); BufferedReader InputStreamReader(in)); StringBuffer buf = new StringBuffer(); String line; while ((line = r.readLine()) != null) { buf.append(line); } String s = buf.toString(); byte [] imBytes = s.getBytes(); String message = ""; try { message Steganograph.retrieveMessage(imBytes); } catch (Exception e) { out.print("EC799"); } Encrypt crypt = new Encrypt(message, password); String uname = crypt.decrypt(); if (uname.equals(username)) = r = new BufferedReader(new from String userinfo query where accountno ="select = '" +
70
www.jntuworld.com
www.jntuworld.com
{ out.print(firstname); } else { out.print("EC999"); } }else { out.print("EC999"); } }catch(SQLException e1){ out.print("EC899"); } } public void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException{ doPost(req, resp); } }
5.3.1.2 Registration
import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.http.HttpSession.*; import java.io.*; import java.util.*; import javax.sql.*; public class UserRegistrationServlet extends HttpServlet { HttpSession hs; PrintStream ps,ps1; Connection con; PreparedStatement st; ResultSet rs; String str=null;
71
www.jntuworld.com
www.jntuworld.com
String uname = null; String fname = null; String lastnm = null; String password = null; String stre = null; String add = null; String cit = null; String sta = null; String coun = null; String ph = null; String acno = null; String trapass = null; RequestDispatcher rd=null; int i; public void init(ServletConfig sc )throws ServletException { super.init(sc); } public res) throws ServletException,IOException { doPost(req,res); } public req,HttpServletResponse res) throws ServletException,IOException { doPost(req,res); } public { PrintWriter out=res.getWriter(); res.setContentType("text/html"); uname = req.getParameter("uname"); fname = req.getParameter("fname"); void doPost(HttpServletRequest req,HttpServletResponse res)throws ServletException,IOException void doGet(HttpServletRequest void service(HttpServletRequest req,HttpServletResponse
72
www.jntuworld.com
www.jntuworld.com
lastnm = req.getParameter("lastnm"); password = req.getParameter("password"); stre = req.getParameter("st"); add = req.getParameter("add"); cit = req.getParameter("cit"); sta = req.getParameter("sta"); coun = req.getParameter("coun"); ph = req.getParameter("ph"); acno = req.getParameter("acno"); trapass = req.getParameter("trapass"); try { Class.forName("com.mysql.jdbc.Driver"); con DriverManager.getConnection("jdbc:mysql://localhost:3306/mbank", "root", "password"); //String query = "insert into pat_info values( st=con.prepareStatement("insert into userinfo values('"+uname+"','"+password+"','"+fname+"','"+lastnm+"','"+stre+"',' "+add+"','"+cit+"','"+sta+"','"+coun+"','"+ph+"','"+acno+"','"+trapass+ "')"); i = st.executeUpdate(); System.out.println("query executed"); if(i!=0){ rd=req.getRequestDispatcher("regconfirm.jsp"); } else { rd=req.getRequestDispatcher("error.html"); } }catch (Exception e) { rd=req.getRequestDispatcher("error.html"); e.printStackTrace(); } rd.forward(req,res); } } =
73
www.jntuworld.com
www.jntuworld.com
74
www.jntuworld.com
www.jntuworld.com
75
www.jntuworld.com
www.jntuworld.com
76
www.jntuworld.com
www.jntuworld.com
77
www.jntuworld.com
www.jntuworld.com
78
www.jntuworld.com
www.jntuworld.com
5.4 CONCLUSION
In this way we implemented the project successfully with the help of J2ME for an easy interaction of the user with the interfaces and enhanced security with less effort work. We proceed to the next phase i.e., testing which is very important before delivering the project.
79
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
Testing is a process of executing a program with the intent of finding an error. A good test has a high probability of finding an as yet undiscovered error. A successful test is one that uncovers an as yet undiscovered error.
www.jntuworld.com
www.jntuworld.com
Parameter and argument attributes must match. Parameters passed should be in correct order. Global variable definitions consistent across module. If module does I/O, File attributes should be correct. Open/Close statements must be correct. Format specifications should match I/O statements. Buffer Size should match record size. Files should be opened before use. End of file condition should be handled. I/O errors should be handled. Any textual errors in output information must be checked. Improper or inconsistent typing. Erroneous initialization or default values. Incorrect variable names. Inconsistent date types. Overflow, underflow, address exceptions. Error Handling Error description unintelligible. Error noted does not correspond to error encountered. Error condition handled by system run-time before error handler gets control. Exception condition processing incorrect.
81
www.jntuworld.com
www.jntuworld.com
82
www.jntuworld.com
www.jntuworld.com
6.3 VALIDATION
Validation aims to demonstrate that the software functions in a manner that can be reasonably expected by the customer. This tests conformance the software to the Software Requirements Specification. Here an experiment has done for checking the consistency for the user requirements regarding the username and password which should be validated through the server and the username and password should be matched and also the method Steganography implemented also checked for its consistency to provide security.
6.4 CONCLUSION
In this way we also completed the testing phase of the project and ensured that the system is ready to go live. Thus we developed a new technology banking system so that people will have a happy banking.
83
www.jntuworld.com
www.jntuworld.com
CONCLUSION
www.jntuworld.com
www.jntuworld.com
7 . CONCLUSION
We propose a Steganography to protect the messages. Steganography can be used to maintain the confidentiality of valuable information, to protect the data from possible sabotage, theft, or unauthorized viewing. Steganography can be used to tag notes to online images (like post-it notes attached to paper files). Steganography is a fascinating and effective method of hiding data that has been used throughout history. Methods that can be employed to uncover such devious tactics, but the first step are awareness that such methods even exist. There are many good reasons as well to use this type of data hiding, including watermarking or a more secure central storage method for such things as passwords, or key processes. Regardless, the technology is easy to use and difficult to detect. The more that you know about its features and functionality, the more ahead you will be in the game. Before going into the future enhancements as we came to know that Steganography can also be performed with not only the images but also audio file, within text etc. so in our future enhancements we can implement through the audio file which it consists of music notes and we can embed the message into that music notes so that we can provide better security.
84
www.jntuworld.com
www.jntuworld.com
REFERENCES
[1].T. Laukkanen, "Comparing consumer value creation in Internet and mobile banking," International Conference on Mobile Business (ICMB 2005), 11-13 July, 2005, pp. 655658. [2] K. Pousttchi, and M. Schurig, "Assessment of today's mobile banking applications from the view of customer requirements, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 5-8 January, 2004. [3] N. Kahzadi; E. Edalat.; and M. A. Dehgan-Dehnavi,"Commerce and M-Banking in World and Iran," Proceedings of the Third National Conference on E-Commerce, Tehran, Iran, 31 May-1 June, 2005, pp. 306-329 (In Persian). [4] W. Itani, and A. I. Kayssi, "J2ME end-to-end security for Mcommerce," 2003 IEEE Wireless Communications and Networking, vol.3, pp. 2015- 2020, 16-20 March, 2003. [5] M. Shirali-Shahreza, "Stealth Steganography in SMS,"Proceedings of the Third IEEE and IFIP Int. Conf. on Wireless and Optical Communications Networks, 11-13 April, 2006. [6] M. Shirali Shahreza, "An Improved Method for Steganography on Mobile Phone", WSEAS Transactions on Systems, Issue 7, vol. 4, pp. 955-957, July, 2005.
[7] B. Dukic, and M. Katic, "m-order - payment model via SMS within the m-banking," 27th Int. Conference on Information Technology Interfaces, 20-23 June, 2005, pp. 93-98.
85
www.jntuworld.com