Category: CSE Project Reports

System Analysis and Design 

In this section we will analyze the entire system requirements as per the software engineering development life cycle.

System Requirements:

The hardware and software requirements for the system have to be analyzed and listed.

Hardware Requirements 

Component	Requirement
Processor	Pentium P3
RAM	128 MB
Hard Disk	20GB
Network	Internet Connection with minimum bandwidth of 128 KPS

Table 3: Hardware Requirement

Software Requirements 

Component	Requirement
Operating System	Win NT or Any Unix based
Programming Language	JDK 1.5
IDE	Eclipse
Ethereal Tool	Wire shark

Table 4: Software Requirements

Other Tools

Some of the network tools which are useful, those are nslookup, netstat.

• Nslookup: This command is used to find various details about the Domain Name System such as IPaddresses.  This tool is mainly used to identify the IPaddress of the messaging servers.
• Netstat: It shows the number of network connections (incoming and outgoing), port numbers they are connected to and the status of connections.

Requirement Specification

Secure way of exchanging chat messages between two end points in Security in Large Networks Using Mediator Protocols.

• Intruder shouldn’t view network messages exchanged between end points.
• Intruder shouldn’t change content of a network messages are exchanged between end points.
• Intruder shouldn’t send packets as a false source.

Technology Requirements

• Core Java
• Swing
• Sockets
• JSSE (JCA)
• Certificate Authority, Java  Key Tool
• Open SSL

This Project Paper is written & submitted by Deepak V.

Block Ciphers

Unlike block ciphers which are used to encrypt messages of predetermined block length, block cipher mode can encrypt a message which exceeds the fixed block size. The concept of block cipher mode is based on the block cipher. These encryption modes would prevent an intruder from reading the information but the intruder may make changes in the information which is equally unsafe. It is also unsecure as it gives the intruder an information of how, when and where the information is passed and also the information about the length of the message.

Cipher Block Chaining (CBC):

It is the frequently used block cipher mode. The encryption method follows a chain system, where the encryption of each block depends on its previous blocks. In this method each block of plaintext that is to be encrypted is XORed with the preceding block that has been encrypted (cipher text). Initially the first plaintext block to be encrypted uses an n-bit initialization vector (IV). Every message that has to be encrypted uses a different IV.

The succeeding text blocks are encrypted using its preceding encrypted block, and hence this ensures that even though the unencrypted message has the same matter, the encrypted form would be different. This method also provides high security by ensuring that no block could be decrypted without referring to its previous block. A corruption in a block would lead to the corruption of the entire message as the entire message encryption and decryption depends on its preceding block. 

Electronic Code Book (ECB):

To overcomes the problem of dependency of each block upon its previous block as in CBC. Hence every encrypted block is independent which makes decryption easier. The encryption method in ECB remains the same as in CBC, except for the chaining mechanism. Hence the task of encryption and decryption becomes easy. The only drawback of EBC is that two blocks of message which are identical would have the same encrypted data. Also ECB does not accept smaller blocks of data for encryption.

This Paper is written & submitted by Deepak V.

Java Secure Socket Extension

Using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, the private and confidential information is ensured to be protected from various unauthorized users while transmitting on a network. Java Secure Socket Extension (JSSE) is a version of Java which provides the architecture and implementation of SSL and TLS protocols that would protect data transmission over any protocol.

JSSE also has other functionalities as well. They are

• Encryption of data

• Optional client authentication
• Server authentication

• Integrity of messages

JSSE is a part of J2SDK, v 1.4 which has the framework and an implementation of application programming interface (API).The API is capable of supporting and implementing the SSL versions 3.0 and TLS version 1.0, and only supports the 2.0 version of SSL.

This Paper is written & submitted by Deepak V.

The implementations for the key generation, digital signatures, key agreement, MAC and various encryptions methods such as symmetric, asymmetric, block, stream ciphers for data encryption are provided by the JavaTM Cryptography Extension or JCE framework. Java 2 SDK, v 1.4 includes JCE. The JCE is a user friendly API used for the implementation of the various features of security on the Java platform.

The design and architecture of JCE are adopted from JCA; and hence we can say JCE is similar to JCA in its design principles. Similar to JCA, JCE utilizes the provider architecture in order to facilitate implementation interoperability and algorithm extendibility.

            The JCE packages provide encryption/ decryption, integrity and key exchange and hence are useful for the implementation of the secure chat algorithm with out providing authentication. JSSE helps in preventing the man-in-the-middle attack which requires authentication.

This Paper is written & submitted by Deepak V.

As the web applications and the users using ebanking has became more (as www.ebay.com , www.llyods.tsb) the security to be provided has become more important. To solve these problems effectively in the last few years java has developed java platforms security and encryption features tremendously. For these security purposes Java has released JDK1.4 which comes with much security related packages. This includes Java Cryptography Extension (JCE), Java Authentication Authorisation Service (JAAS) and Java Secure Socket Extension (JSSE).

In this package of JDK 1.4 it provides security in two main ways. Java cryptography is used for identification/authentication and signing of digital messages. In Java Cryptography is used for user Identification/authentication and signing of digital messages.

Introduction to JCA

The design of Java cryptographic architecture is based on:

• Implementation independence and interoperability
• Algorithm independence and extendibility

Implementation independence and interoperability: Implementation independence provides the unique feature of using the same algorithm by various providers in there own way. This is possible using a provider based architecture. The cryptographic services such as MD5 and DSA are used by a single provider or multiple providers. This concept is referred to as CSP or cryptographic service provider. Implementation interoperability refers to usage of the same keys and signatures by the providers irrespective of who generated it. A key or signature generated by user1 is usable by user2.

Algorithm independence and extendibility: Engine classes are the classes that are used to define the functionality of cryptographic engines. The Algorithm independence is achieved using these engine classes and by defining the various cryptographic engines used. Addition of a new algorithm to a specified engine class is very simple, hence is known as Algorithm extendibility.

This Project Paper is written & submitted by Deepak V.

Sockets introduction

            Socket is known as the one end-point of a two-way communication link between two programs running on the IP based network, they are also used for the communication between processes within the same machine.  It is an interface between the application process and transport layer, these sockets are created and utilized with a set of function calls which are also known as application programming interface (API).  In the process of two-way communication the application process can send/receive messages to/from another application process. Following are the parameters that form the of sockets

• Protocol (TCP, UDP or Raw IP)
• Local IP address
• LocalPortnumber
• Remote IP address (useful for TCP sockets which are connection oriented)
• Remote port number (useful for TCP sockets which are connection oriented)

Using these parameters a server will assign a specific port number to listen the incoming connections from the clients. When the client sends a request to server a dedicated connection is established between the client and server, during this connection process client will be assigned a local port number to which the socket is bonded and in the same manner server will get a local port to which it starts communicating with client and releases the old port for future client requests.  Once the connection is established data transfer can be done simultaneously providing a bi-directional mechanism.

Mainly there are two types of IP based Internet sockets based on their type of connection they are:

1)      Stream Sockets: These are known as stream sockets due to the reliable connection oriented sockets by using the TCP connection which guarantees the complete transfer of data in a sequence without any lost of packets.

2)    Datagram Sockets:-These are known as the datagram sockets due to the unreliable connectionless usage of UDP protocol, in which the data is transferred in the form of data packets known as “datagram’s”. UDP is connectionless and hence is unreliable.

This Project Paper is written & submitted by Deepak V.

To get a digital certificate from the public key infrastructure, the standard format followed is the X.509. It has been accepted as the defacto standard and has been recommended by the International Telecommunication Union (ITU).

It has been published as an extension of X.500 which is similar to the telephone book. In the X.509 version some of the standard formats are published for public key certificates, certificate revocation list, attributes certificate and a certification path validation algorithm. Using the X.509 standard certificate authority will issue a certificate binding a public key or an alternative name like E-mail address to the certificate. Below are the formats of the various versions of X.509.

This Paper is written & submitted by Deepak V.

Certificate Authority:

The certificate authority plays an important role in securing the data by authenticating it using digital signature certificates which contains a unique identity of the user. The identification for the holder of the digital signature certificate is confirmed by the certifying authority. The certifying authority validates the certificates issued to the sender/receiver for sending or receiving information. Digital Certificates are your digital passports, an Internet ID. Digital certificates are used for verifying the identity of the person and hence digital passports, internet ID etc which are reliable for identifying are used as digital certificates. OpenSSL, Netscape, Verisign, Entrust, and RSA Keon are some of the mediums though which digital certificates are verified.

            Digital certificate can provide authentication to the sender when the digital signature is attached to it along with the public key of the sender. As the certificate authority binds the relation between the key pair and the sender’s real world attributes.

In a wired environment, the certifying authority refers to the group of hardware, software and users. A computer used by the certification authority maintains the records about issuing a digital certificate, maintaining it and also maintains the revocation lists. 

In our application we are issuing certificates using Windows 2003 server.

As we mentioned Digital certificates are used for providing authentication for server and client, there are three types of authentication that are possible

1. Server Authentication:-  this is the most widely used authentication process mostly in web services, in this type of authentication Server sends its certificate to the client and client verifies the certificate and authenticates server. 

1. Client Authentication: – In this type of authentication process client has been authenticated by the server by requesting certificate from the server and validating it. 

1. Mutual Authentication: – In this process both server and client has to exchange their certificates, which means that both have to authenticate each other and it is considered as the most secure way of communication. In our application we have used Mutual authentication with the help of TLS protocol.

This Project Paper is written & submitted by Deepak V.

SHA

Secure Hash Algorithm (SHA) was designed by the National Security Agency (NSA) and published by National Institute of Standards and Technology (NIST) as the Federal Information Processing Standard (FIPS 180) in 1993, SHA-1 is the update to the SHA on the basis of which the remaining SHA series of SHA-224, SHA-256, SHA-384 and SHA-512 are designed, numbers in the algorithm denotes the hash value they generate.

The basic principle for designing of SHA is based on MD4 hash function which closely relates to MD4. Five models of SHA are designed  known as SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 the basic model of SHA-1 generates a message digest of 160 bits where as newer versions generates higher hash values using the same arithmetic calculations.

Hashed Message Authentication Code (HMAC)

            This is similar to Cryptographic hash function, but due to the insufficient security provided by the cryptographic hash functions and Mac’s, the process of hashing the secret key along with the message provides the authentication along with the integrity without chance of eavesdropping on secret key. In the modern network communication, the above proposed hashing algorithms are found to be insufficient to the cryptographers for the different kinds of private and confidential data and software’s that are been transferred using networks.

This Project Paper is written & submitted by Deepak V.

MD5 Hashing Algorithm:

MD5 was developed by Professor Ronald Rivest in 1994. Irrespective of the message length given, MD5 produces an output value of 128 bit/16 byte “message digest” or “fingerprint”, which makes it a faster implementation than SHA-1. It is theorised that it is practically impossible to develop same digest for any of the given two messages and also to develop a message from the given message digest.

It is a block-chained hashing algorithm where the compression is applied on the successive blocks of the message to calculate the hash value. In this hashing algorithm, initially the whole message is divided into message blocks of 512 bits, then the compression function is applied on the 128 bits of chaining value and the first message block of 512 bits, then the resultant 128 bits hash value is taken as the initial value for the next message block.

Then the resultant 128bits hash value is taken as the final hash value for the entire message. This MD5 hashing algorithm is specified for the digital signatures where there is a need for compressing a large file before encrypting with a secret key or private key in a public key cryptography systems, In such a way while we download a file from the internet by using this hashing algorithm we can check the integrity of the file.

This Project Paper is written & submitted by Deepak V.