Académique Documents
Professionnel Documents
Culture Documents
Scope
The project is confined to the intranet in an organization. This application makes
sure that security services such as secrecy, authentication, integrity and non-repudiation
are provided to the communicating parties.
Objective
This project has been developed keeping in view the security features that need to
be implemented in the networks following the fulfillment of these objectives:
To develop an application that deals with the security threats that arises in the
network.
To enable the end-users as well as the organizations come out with a safe
messaging communication without any threats from intruders or unauthorized
people.
To deal with the four inter-related areas of network security namely Secrecy,
Authentication, Non-repudiation and Integrity.
Project Overview
This application makes use of Digital Signature Algorithm (DSA) along with a hash
function. The hash code is provided as input to a signature function along with a
random number generated for this particular signature. The signature function also
depends on the senders private key and a set of parameters known to a group of At
the receiving end, verification is performed. The receiver generates a quantity that is a
function of the public-key components, the senders public key, and the hash code of
the incoming message. If this quantity matches with one of the components of the
signature, then the signature is validated.
This application makes sure that the security services Authentication, Secrecy,
Integrity, and Non-repudiation are provided to the user.
This application allows to keep the information out of the hands of unauthorized
persons. This is called Secrecy.
Objective
The main objective of this project is to facilitate the interaction between educational
institutes, students and their parents so that all those lackings can be overcome that
maybe hamper the future of the students. It can also helps in bringing the different
perspectives by different persons in seeing the students behavior and talent. With this the
various activities of the students can also be tracked. Suggestions from parents can also
be welcomed.
In short, this will always be of great advantage for the educational institutes.
Project Description
Project Profile
Product Name
Project Objective
SDLC Model
Development
Technologies
: Java/J2EE
Application Server
Back-End Database
Location
: Noida
Problem Definition
Message authentication protects two parties who exchange messages from any
third party. However, it does not protect the two parties against each other. Several forms
of disputes between the two parties are possible.
For example, suppose that A sends an authenticated message to B. Consider the
following disputes that could arise:
1. B may forge a different message and claim that it came from A. B would simply
have to create a message and append an authentication code using the key that A
and B share.
2. A may deny sending the message. Because it is possible for B to forge a message,
there is no way to prove that A did in fact send the message.
The most attractive solution to this problem is the Digital Signature. The Digital
Signature is analogous to the handwritten signature. It must have the following
properties:
It must be able to verify the author and the date and time of the signature.
Thus, the digital signature function includes the authentication function. Based on the
above properties, the following requirements can be formulated for the digital signatures:
The signature must be a bit pattern that depends on the message being signed.
The signature must use some information unique to the sender, to prevent both
forgery and denial.
Disadvantages
The sender may deny sending a message that he/she has actually sent and
similarly the receiver may deny the receipt that he/she has actually received.
Intruders can modify the messages or the receiver himself may modify the
message and claim that the sender has sent it.
Proposed system
The system will provide the following security services:
Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With
respect to the release of message contents, several levels of protection can be identified.
The broadest service protects all user data transmitted between two users over a period of
time. For example, if a virtual circuit is set up between two systems, this broad protection
would prevent the release of any user data transmitted over the virtual circuit. Narrower
forms of this service can also be defined, including the protection of a single message or
even specific fields within a message. These refinements are less useful than the broad
approach and may even be more complex and expensive to implement. The other aspect
of confidentiality is the protection of traffic flow from analysis. This requires that an
7
attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.
Authentication
The authentication service is concerned with assuring that a communication is
authentic. In the case of a single message, such as a warning or alarm signal, the function
of the authentication service is to assure the recipient that the message is from the source
that it claims to be from. In the case of an ongoing interaction, such as the connection of a
terminal to a host, two aspects are involved. First, at the time of connection initiation, the
service assures that the two entities are authentic (i.e. that each is the entity that it claims
to be). Second, the service must assure that the connection is not interfered with in such a
way that a third party can masquerade as one of the two legitimate parties for the
purposes of unauthorized transmission or reception.
Integrity
Integrity basically means ensuring that the data messages are not modified. An
integrity service that deals with a stream of messages assures that messages are received
as sent, with no duplication, insertion, modification, reordering or replays. The
destruction of data is also covered under this service. Thus the integrity service addresses
both message modification and denial of service.
Non-repudiation
Non-repudiation prevents either sender or receiver from denying a transmitted
message. Thus, when a message is sent, the receiver can prove that the message was in
fact sent by the alleged sender. Similarly, when a message is received, the sender can
prove that the message was in fact received by the alleged receiver.
Server Configuration
4 Servers each with following configuration :
- 1 CPU
- OS: Windows 2000 / XP (includes Internet Explorer version 6)
- RAM : 16 GB Minimum
- 120GB X 3 Hard Disk
- Oracle Application Server 10g Enterprise Edition
- Oracle Database 10g Enterprise Edition
Database Description
Entity: Login_digisafe
Role: To maintain the username and the related password of different users.
Attributes:
NAME
Username
Password
Question
Answer
Check1
NULL?
Not null
Not null
TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Number
Entity: Inbox_digisafe
Role: To maintain the received mails of different users.
Attributes:
NAME
Username_sender
Username_receiver
Subject
Message
Message_digest
Message_key
Message_date
Check1
NULL?
Not null
Not null
TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Long raw
Varchar2
Date
Number
Not null
Not null
Not null
Not null
Entity: sent_digisafe
Role: To maintain the sent mails of different users.
Attributes:
NAME
Username_sender
Username_receiver
Subject
Message
Message_date
NULL?
Not null
Not null
TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Date
Not null
Entity: certificate_digisafe
Role: To maintain the certificate of different users.
Attributes:
NAME
Username
Cfile
NULL?
Not null
TYPE
Varchar2
Varchar2
Entity: attachment_digisafe
Role: To maintain the files attached with message of different users.
Attribute:
10
NAME
Message_date
Attach1
Message_digest1
Attach2
Message_digest2
Attach3
Message_digest3
Attach4
Message_digest4
Attach5
Message_digest5
NULL?
TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
11
12
INFORMATION SYSTEM
The information system aims at providing detailed information on a timely basis
throughout the organization so that the top management can take proper and effective
decisions. The information system cuts across departmental lines and help achieving
overall optimization for the organization.
13
15
schedules.
TECHNOLOGIES USED
SOFTWARE REQUIREMENT SPECIFICATION
In system engineering and software engineering, requirements analysis encompasses
those tasks that go into determining the needs or conditions to meet for a new or altered
product, taking account of the possibly conflicting requirements of the various
stakeholders, such as beneficiaries or users. Systematic requirements analysis is also
known as requirements engineering. It is sometimes referred to loosely by names such as
requirements gathering, requirements capture, or requirements specification. The term
requirements analysis can also be applied specifically to the analysis proper (as opposed
to elicitation or documentation of the requirements, for instance). Requirements analysis
is critical to the success of a development project. Requirements must be actionable,
measurable, testable, related to identified business needs or opportunities, and defined to
a level of detail sufficient for system design.
Requirement analysis is done in order to understand the problem the software
system is to solve. The problem could be automating an existing manual process,
developing a new automated system, or a combination of the two. The emphasis in
16
requirements analysis is on identifying what is needed from the system, not how the
system will achieve its goals. There are at least two parties involved in the software
development-a client and a developer. The developer has to develop the system to satisfy
the clients needs. The developer does not understand the clients problem domain, and
the client does not understand the issues involved in the software systems. This causes a
communication gap, which has to be adequately bridged during requirements analysis.
SYSTEM REQUIREMENTS
HARDWARE SPECIFICATION
OPERATING SYSTEM
PROCESSOR
: 32/64 bit, I3
RAM
: 2 GB
HARD DISK
: 40 GB
MONITOR
CLOCK SPEED
: 266 MHz
SOFTWARE SPECIFICATION
DESIGNING LANGUAGE
: HTML, CSS
PROGRAMMING LANGAGE
: Java(JSE 7)
WEB TECHNOLOGIES/
FRAMEWORKS
DATA BASE
: My SQL5/Oracle log
IDE
: ECLIPSE INDIGO
SERVER
: Tomcat 7.0.25/Glassfish 3
17
FEATURES OF SOFTWARE
Windows XP/2000 Advantages
The computing world was presented with the first release of the totally
new and revolutionary operating system. Microsoft windows performance and features
that previously has been accessible only on $20,000 annotations became instantly
available to anyone with a high-end personal computer. Windows is now Microsoft
Corporations premier operating system. Designed around a powerful and well thought
software architecture, the primary features that allow Windows to use the full power of
todays processors are
Scalability
The ability to run on a single pc chip with a single user up to a multi-user, microprocessor and
network installation.
The Windows GUI
The familiar graphical user interfaces it presents to the world.
18
19
J2EE does not specify the nature and structure of the runtime.
J2EE Container capability of the runtime to manage application components.
J2EE APIs specifies the contract between the applications and the container.
Different Containers Web, EJB, Applet, application client.
The J2EE platform uses a multi-tiered distributed application model. Application logic is
divided into components according to function, and the various application components
that make up a J2EE application are installed on different machines depending on the tier
in the multi-tiered J2EE environment to which the application component belongs
Client-tier components run on Client machine.
Web-tier components run on the J2EE server.
Business-tier components run on the J2EE server.
Enterprise information system (EIS)-tier software runs on the EIS server.
Enterprise JavaBeans(EJB)
Enterprise JavaBeans (EJB) technology is a J2EE technology for developing business
components in a component-based, enterprise Java application. Business components
developed with EJB technology are often called Enterprise JavaBeans components or
simply "enterprise beans."
They are re-usable software units containing business logic.
An EJB is just a collection of Java classes and an XML Request, bundled into a
single unit.
Java classes must follow certain rules and provide certain callback methods.
There are three types of enterprise beans:
20
Session beans
o Stateful
o Stateless
Entity beans
o Bean-managed Persistence (BMP)
o Container-managed Persistence (CMP)
o Enterprise Javabeans Query Language
Message-driven beans
Session beans
A session bean represents a single unique session between a client and an instance of the
bean. A session bean can't be shared. One instance of the bean is tied to a specific client
in a specific session. The session bean exposes methods that a client can call to execute
business tasks on the server. When Client's session ends, the session bean is no longer
associated with that client.
There are two types of session beans: stateful and stateless.
o Stateful
A stateful session bean maintains data about the unique client-bean session in its instance
variables. The data represents the state (often called the "conversational state") of that
specific session. The conversational state is maintained for the life of Client-bean
association. Significantly, this means that the data is maintained across operations.
o Stateless
A stateless session bean does not maintain conversational state for its client. Because a
stateless session bean cannot maintain conversational state across methods, it's typically
used for one-step tasks, such as sending an email that confirms an online order.
Entity beans
An entity bean represents data in a storage medium, such as a relational database. Each
entity bean may correspond to a table in a relational database, and each instance of the
21
bean corresponds to a row in that table. Entity beans are not limited to representing
relational databases. They can represent data in other types of data stores, but the
majority of enterprise applications that use EJB technology access data in relational
databases.
An entity bean can manage its own persistence (this is called bean-managed persistence)
or let the EJB container manage it (container-managed persistence). With bean-managed
persistence, the entity bean code includes SQL statements that access the database. With
container-managed persistence, the EJB container automatically generates the necessary
database access calls.
Information Retrieval and Workflow. Also included are: Advanced Backup & Recovery,
Queuing, Advanced, Connection Manager & Pooling, 64-bit option, MPI, OCI, ODBC
Driver, Enterprise Manager and Enterprise backup utility.
23
Client/Server
(distributed
processing)
environments
Large databases and
spaces management
JAVA Script
JavaScript was originally developed by Brendan Eich of Netscape under the name
Mocha, later LiveScript, and finally renamed to JavaScript. The change of name from
LiveScript to JavaScript roughly coincided with Netscape adding support for Java
technology in its Netscape Navigator web browser. JavaScript was first introduced and
deployed in the Netscape browser version 2.0B3 in December of 1995. When web
developers talk about using JavaScript in Internet Explorer, they are actually using
JScript. The choice of name proved to be a source of much confusion. As of 2006, the
latest version of the language is JavaScript 1.7. The previous version 1.6 corresponded to
ECMA-262 Edition 3 like JavaScript 1.5, except for Array extras, and Array and String
generics. ECMAScript, in simple terms, is a standardized version of JavaScript. The
ECMA-357 standard specifies E4X, a language extension dealing with XML. JavaScript
is a prototype-based scripting language with a syntax loosely based on C. Like C, the
language has no input or output constructs of its own. Where C relies on standard I/O
libraries, a JavaScript engine relies on a host environment into which it is embedded.
There are many such host environment applications, of which web technologies are the
best-known examples. These are examined first.
One major use of web-based JavaScript is to write functions that are embedded in or
included from HTML pages and interact with the Document Object Model (DOM) of the
page to perform tasks not possible in HTML alone. Some common examples of this
usage follow.
Opening or popping up a new window with programmatic control over the size,
position and 'look' of the new window (i.e. whether or not the menus, toolbars, etc.
are visible).
Validation of web form input values to make sure that they will be accepted before
they are submitted to the server.
Changing images as the mouse cursor moves over them: This effect is often used
to draw the user's attention to important links displayed as graphical elements.
25
Feasibility Study
Depending on the results of the initial investigation, the survey is expanded to a more
detailed feasibility study. Feasibility study is a test of system proposal according to its
workability, impact on the organization, ability to meet user needs, and effective use of
resources. The objective of the feasibility study is not to solve the problem but to
acquire a sense of its scope . During the study, the problem definition is crystallized
and aspects of the problem to be included in the system are determined.
26
Consequently, costs and benefits are described with greater accuracy at this stage.
It consists of the following:
Statement of the problem: A carefully worded statement of the problem that led to
analysis.
1. Summary of finding and recommendations: A list of the major
findings and recommendations of the study. It is ideal for the user
who requires quick access to the results of the analysis
of the
procedures
and
conclusions: Specific
recommendations
TECHNICAL FEASIBILITY
This involves financial considerations to accommodate technical enhancements. If the
budget is a serious constraint, then the project is judged not feasible.
ECONOMICAL FEASIBILITY
With the help of banking application it will lead to decrease in cost of opening and
maintaining offices which will be more than the cost of developing and maintaining the
Application.
27
OPERATIONAL FEASIBILITY
This Application is very easy to operate as it is made user friendly. Main consideration is
users easy access to all the functionality of the Application.
28
System Design
ER Diagram
Figure 2: ER Diagram
29
UML Diagram
30
31
32
33
CHANGE PASSWORD
34
Compose Mail
35
Validate Mail
36
Create Certificate
37
Sent Mail
38
Screen Shots
Screen 1 - Login Screen
39
40
41
42
Create Successfully
43
Screen 3 Compose
Writing
44
Attaching files
45
46
Encryption
47
Signing
Insert addresses
48
49
Screen 4 Registration
50
Registration Successfully
51
52
53
54
Recovered Password
55
56
57
58
The testing and implementation they are important and final phases. All the process that
has been done is just a trail or by assumption. All the required hardware & software is
prepared for the testing so that some errors or some modifications may be required for
further proceeding.
SYSTEM TESTING
Testing is vital to the success of the system. System testing makes a logical assumption
that if all parts of the system are correct. The goal will be successfully achieved. There
are four steps with in, they are,
Unit Testing
Integration Testing
Validation testing
Output Testing
UNIT TESTING
In this testing, the smaller part of the project is tested first that is modules and the
sub functions present in the project. It seems to be working satisfactorily with out the
errors and that shows the unit testing is successful.
INTEGRATION TESTING
The integration testing is a part that the software makes all functions behaviors
and process required. The errors which are uncovered are integrated testing, are corrected
during this phase. The collection of the functions are tested and found with errors are
rectified .So that the result can be easily obtained in a successful manner.
VALIDATION TESTING
The validation part is very much essential for each every application projects so that
each data can be validated in a good manner. In some cases the records are created according to
the key of the corresponding table to which it has been referenced for data constraint for good
secured database. While testing the system by using test data errors are again uncovered and
corrected by using above testing steps and corrections are also noted for future use. If there is
any error then it is allowed for testing from the beginning.
60
OUTPUT TESTING
The output is major required part of the development of the project. The output is tested
for required format, if it does not acquire such format then the testing is done or any screen
modification is alone for the further operations. The output testing is mainly for the two things
they are,
On screen format
Print format
The screen is found to be correct as the format designed according to the user needs for
the hard copy also; the output comes out as specified by the user. Hence output testing
doesnt result in any correction in the system.
SYSTEM IMPLEMENTATION
Training the operating staff
Installing hardware
Installing terminals
Installing telecommunication network before system is up and running.
In the implementation phase, the project reached its fruition. After the
development phase of the SDLC is complete, the system is implemented. The software,
which was designed in design and programmed in development phase of the SDLC, was
installed on all the PCs that require it. The personas using the program was trained
during this phase of the SDLC. Moreover, both the hardware and software are tested.
Although we found and fixed many problems, almost invariably, the users helped us to
uncover problems that we were unable to simulate.
These were the main activities performed by us in the course of the project, which lead
to its proper completion.
61
When computer based systems are built therefore we must develop mechanism for
evaluating controlling and making modifications, maintenance issued to improve the case
with which the changes can be accommodated and reduce the amount of expended on its
maintenance activity occurs because it is unreasonable to assume that software testing
will uncover all latest errors in a large software system. The final event in the post
implementation flow is review that revalidates all elements of the system configuration
and ensures correctness, after the software maintenance, software reviews is being
conducted for future maintenance effort and provides feedback, which is important to
effectively management of software organization.
62
www.java.sun.com
Official Java Website
www.java.sun.com/developer/onlineTraining/J2EE/Intro2/j2ee.html
Training for J2EE
www.java.sun.com/j2se/1.4.2/docs/api/index.html
J2SE Online Documentation from Sun
www.w3schools.com
JavaScript Tutorials
Books
Oracle 10g
By: Ivan Baross
Software Engineering
By: Roger Pressman
63