Category: CSE Project Reports

Advantages and disadvantages of IM

Every technology has advantages as well as disadvantages; similarly IM also has some advantages and disadvantages.

Advantages

• IM provides a high speed real time communication.
• The communication on IM is not only fast but is also secured by using simple encryption protocols.
• The uses of IM is not only limited to real time conversation but it can also be used for instant file transfers, audio-video chat, team discussion etc.

Disadvantages

• It is not completely secured to use IM as a mode of communication since data encryption and decryption are not done, and hence can be hacked by any third person.
• It leads to informal and immoral ways of communication which sometimes results in wastage of time and resources.

Proposed Solution

In this Instant messaging (IM) application I have put in effort to overcome the problem areas faced by the public IM’s. It is developed with focus mainly on the Information Security principles, which means that how the messages being exchanged are kept confidential from the eavesdroppers. I have used Cryptographic algorithms to keep the messages secret, to provide Authentication and Integrity. I have used Certificate Authority for the secure key management exchange. I have developed this application using Java platform which is platform independent.

This Project Paper is written & submitted by Deepak V.

Abstract:

Instant messaging (IM) like the telephone has become a swift, effortless and well-known mode of communication. It is simple and is not only used by youngsters for chat or gossip but also plays a major role for communication in the corporate world.

 In addition to chatting IM provides many features such as application sharing, voice chat, video chat and for transferring of files etc .This Java Project provides a real time conversation which is time saving and hence is more  effective than email . Unlike the old concept of one to one communication IM also provides the facility of group or team discussions at a place. Hence IM is not only used by common people but is also implemented in most of the MNC’s.

 The numbers of users of IM are increasing from millions to hundreds of millions in a very short time. 

Classification of messengers:

From kids, youngsters to elderly people, everyone is aware of the usage of IM and its features as well. There are many eminent instant messengers like Yahoo messenger, GTalk, MSN, Windows messengers, AOL and many more which are user friendly. These messengers can broadly be classified in to two kinds:

• Public messengers
• Enterprise messengers

Background    

 The public messenger are the commonly used messengers by general public and is available for free on the internet where as the enterprise messengers are used by companies or corporate and have to be purchased for usage.

The information on the public messengers can be obtained without any effort, hence is not secured, where as the information on enterprise messengers is highly secured and hence cannot be obtained easily. 

The enterprise messenger was cost effective for many small scaled companies and hence a secured public IM was introduced. The security in public IM was obtained by simply adding a java based encryption protocol to the normal public IM.

This Project Paper is written & submitted by Deepak V.

ABSTRACT

This Secure Chat Program is a prototype design developed in order to provide secure communication for the employees with in the organisation. This is implemented by using Java Secure Socket Extension (JSSE) which works on TLS protocol which is considered as the latest version of SSL. The Authentication is provided by implementing Certificate Authority (CA). Some of the major features of the application are:

• Encryption/Decryption due to which the messages are not transferred in plain text over a network. So that an intruder cannot view the messages.
• Integrity of the messages is provided, to confirm weather the messages are received exactly and it is not altered by the intruder.
• Authentication of the messages is provided to know weather the message has been sent by the genuine user

Key words:

Authentication, Integrity, Encryption/Decryption, Intruder

ACKNOWLEDGMENT

I would like to thank all the people who have helped me in every possible way to complete this project.

I would like to express my gratitude to my project supervisor Dr. Krishan, for his endless contribution of time, effort and guidance. But for valuable advices, developing this project would not have been possible.

I would also like to thank all the CMS Lab staff members, for providing me immense help for the development of this project. Last but not the least, I would like to thank my family and friends, who have been a driving force throughout the development of this project work.

I would specially thank my parents who have always been there for me. You are the best parents a person could have.

Table of Contents:

1.      INTRODUCTION.. 9

1.1 Classification of messengers. 10

1.2 Background. 10

1.3 Advantages and disadvantages of IM… 11

1.4 Proposed Solution. 11

2.      LITERATURE REVIEW… 11

2.1 Cryptography. 12

2.2 Symmetric or Private Key Cryptography. 13

Advantages and Disadvantages of Symmetric Cryptography. 13

2.2.2 RC4. 14

2.2.3 DES. 14

2.2.4 TrippleDES. 15

2.2.5 INTERNATIONAL DATA ENCRYPTION ALGORITHM (IDEA). 15

2.2.6 AES. 16

2.3 Asymmetric or Public Key Cryptography. 16

2.3.1 Advantages and Disadvantages of Asymmetric or Public Key Cryptography. 17

2.3.2 Digital Signature Algorithm (DSA). 17

2.3.3 Ron Rivest, Adi Shamir and Len Adleman (RSA). 18

2.3.4 Deffi Hellman Key Exchange Algorithm.. 20

2.3 Hashing Algorithms. 21

2.3.1 MD5. 22

2.3.2 SHA.. 23

2.3.2 Hashed Message Authentication Code (HMAC). 23

2.4 Certificate Authority. 23

2.4 1 Standard for digital signature certificates X.509. 25

2.5 SOCKET.. 25

2.6 Analysis of Java Cryptography. 26

2.6.1 Introduction to JCA.. 27

2.6.2 JAVA Cryptographic Extension. 28

2.6.3 JAVA SECURE SOCKET EXTENSION.. 29

2.7 Block Ciphers. 30

3. SYSTEM ANALYSIS AND DESIGN.. 32

3.1 System Requirements: 32

3.1.1 Hardware Requirements. 32

3.1.2 Software Requirements. 32

3.1.3 Other Tools. 32

3.2 Requirement Specification. 33

3.3 Technology Requirements. 33

3.4.1 Encryption/Decryption. 33

3.4.2 Authentication. 34

3.4.3      Integrity. 34

3.4.4 Exchange messages using TLSv1 protocol 34

3.4.5 Users should communicate messages using user interface. 34

3.5 SYSTEM DESIGN.. 34

3.5.1 UML Class Diagrams. 35

4. IMPLEMENTATION.. 37

4.1 CLIENT MODULE.. 38

4.2 SERVER MODULE.. 38

4.3 THREADS CREATED BY CLIENT AND SERVER AT THEIR ENDS. 38

4.4 STEPS IN TLS (SSL v 3.3 is indicated as TLS) HANDSHAKE.. 39

4.5 Core Implementation of the application. 49

4.5.1 KEY Classes. 52

4.6 CERTIFICATES Generation. 52

4.7 Final Output of the prototype System.. 59

5. APPLICATION TESTING.. 66

6. CONCLUSION AND FUTURE SCOPE.. 69

7. LEARNING OUTCOMES. 71

8. REFERENCES. 72

List of Tables

Table 1: Digest Performance in Megabytes per Second

Table 2: Comparison of different SHA algorithms based on different parameters

Table 3: Hardware Requirement

Table 4: Software Requirements

 List of Figures

Figure 1: Basic model of the Network Communication

Figure 2:  Basic Symmetric Key Cryptography

Figure 3: Encryption/Decryption Using RC4

Figure 4: Java Security Packages

Figure 5: Secure Client Socket Class Diagram

Figure 6: Secure Server Socket Class Diagram

Figure 7: Client Req Protocol Class Diagram

Figure 8: Client Window Class Diagram

Figure 9: Chat IO Class Diagram

Figure 10: Debug message showing Server Side “Client Hello Message”

Figure 11: Debug message showing Client Side “Client Hello Message”

Figure 12: “Server Hello “at Client Side

Figure 13: “Server Hello” at Server Side

Figure 14: “Certificate Chain” at Server Side

Figure 15: “Certificate Verification” at Client Side

Figure 16: “Certificate Request” from Server at Client Side                                

Figure 17: “Certificate Verification” at Server Side

Figure 18: Server Requesting Client Key Exchange

Figure 19: Client Sending the Key Exchange

Figure 20: “Server Hello Done”

Figure 21: “Certificate Request” from Server at Client Side                         

Figure 22: Client Key Exchange

Figure 23: Changing the Cipher Spec

Figure 24: Reading the Change Cipher Spec Command

Figure 25: Key Classes used

Figure 26: Requesting Certificate Step 1

Figure 27: Requesting Certificate Step 2

Figure 28: Requesting Certificate Step 3

Figure 29: Requesting Certificate Step 4

Figure 30: Requesting Certificate Step 5

Figure 31: Requesting Certificate Step 6

Figure 32: Issuing Certificate

Figure 33: Showing Pending Certificates

Figure 34: Showing Issued Certificates

Figure 35: public and private key pairs at the server side.

Figure 36: Connection Establishment

Figure 37: Server side window

Figure 38: Client side window

Figure 39: Message Exchange at Server Side

Figure 40: Server Encryption

Figure 41: Message Exchange at Client Side

Figure 42: Client Decryption

Figure 43: Integrity at Server Side

Figure 44: Integrity at Client Side

Figure 45: Test Case 2

Figure 46: Ethereal Testing In Wire Shark

This Project Paper is written & submitted by Deepak V.

Appendix of Java and SQL Project:

1. In security in large mediator protocols plz open source code folder and in that  open the quantum.sql file.
2. Copy all the all the data and follow this procedure.
3. In that open Start -> All Programs -> MySQL -> MySQL Server 5.0  -> MySql Command Client.
4. This procedure is given the below page.
5. After open the MySQL Command Line Client. 
6. Plz  type the password as tiger and press enter.
7. After we type following commands whether the Msql database is exist or not.

1. MySQL > show databases;
2. If MySQL database is exists the we type following command.
3.       MySQL > use mysql.
4. After paste the all the data exist on Quantum1.sql file.

After open the code1 folder in that open the Tcen.bat and user.bat files.

If we double click on Tcen.bat file the following page was displays.

This is Trusted Center Page.

Also Double click on user.bat file.

If U New User Plz click on signup button.

If u enter the all details after a secret key is generated on server with respect to the user and that key is user to send files to destination. In the signup we give the destination port number and sender name and password.

1. After we give the details plz click on submit. In this screen the server generates secret key with respect to the user. 
2. After we login to the system as follows.
3. After the give details plz click on sign in. If correct user the follow page was displays.  
4. In that we give the destination port number and choose file  and click on send.
5. If u click on send button it will ask the secret key. We give the secret key and click ok.  
6. Click on ok then the server verifies the all details and ask for conformation in each request that is as follows. 
7. Click on ok. After the details are stored on the trusted center and the server generates the session key and key value as follows. 
8. After we the follow page also generated. 
9. In that we give senders  name and click open.
10. Click on Open it will ask the secret key for conformation.
11. Click on ok then the server verifies the all details and ask for conformation in each request that is as follows.
12. Finally the trusted center sents the message to Destination by check the all session keys.

Future recommendations:

Apart from the work done to develop the quantum key generation for a secure and safe quantum cryptography, there are few points that can be done in future to improve the quality of the application and they are listed in this section.

• More complex algorithms can be used to create the session key in future and one among is HASH and if this algorithm can be used, more complex key can generated in future that can be hardly braked.
• A better client server communication mechanism can be implemented in future to establish and server more number of clients with respect to a single or multiple servers.
• Security can be improved be designing a better trusted center and a more logic implementation can be added at the trusted center.

Summary:

The actual results achieved by executing the code developed are shown in this chapter. From these results it is clear that a separate user registration process is provided to the users who can act as either sender or receiver and once the registration process is completed, a separate secret is provided to the users. Now the users can send the data in the form of files to the desired destination by entering the corresponding port number.

Trusted center will verify the receiver validity and generate the required quantum keys and the session keys to send the data. Now the receiver should enter the source name and the corresponding secret key to accept the data sent by the sender and the actual process in receiving the data involves many steps and all of them are shown in the appendix section.

This Paper is written & submitted by Vamshidhar A.

As the main aim of this Engineering White Paper is to evaluate the quantum key distribution protocol, a java based application is developed to evaluate the system performance. Initially the importance of quantum computing is evaluated in the introduction chapter and different application and the problem definition is explained in this section. The required previous work and the review of the existing systems is explained in the literature review.

The technical aspects behind the implementation of the quantum key distribution is covered in the literature review section and the corresponding gaps are identified in this section. Quantum key distribution is really important for a better and secure data transmission and explained in this literature review section with reference to the opinion of different authors.

A detailed analysis of the system is done in the system analysis section and the proposed system is more secured and efficient when compared to the existing system. Few users are created in this process and a separate user id and password are allocated to the users and these users can create the session and quantum keys as per the requirements.

The basic problems included with the scalability can be solved using the quantum key distribution application and for that the actual design followed is explained in the design chapter and the actual coding procedure followed is also explained. Java is used as the coding language and the code used to develop this application is given in the appendix section. The corresponding results are given in the appendix section. Thus quantum key distribution protocol is efficient and secure method of communication used in the latest computer world.

This Paper is written & submitted by Vamshidhar A.