Professional Documents
Culture Documents
by
June,2010
DIGISAFE
1
By:
Ashwini Kumar (0609013023)
Chetan Anand (0609013028)
Gaurav Gupta (0609013032)
Manpreet Bhatia(0609013040)
Bachelor of Technology
in
Information Technology
2
DECLARATION ................................................................................................... 4
CERTIFICATE ..................................................................................................... 5
ACKNOWLEDGEMENTS .................................................................................. 6
ABSTRACT........................................................................................................... 7
LIST OF TABLES.................................................................................................. 8
LIST OF SYMBOLS .............................................................................................. 9
LIST OF ABBREVIATIONS................................................................................ 10
CHAPTER 1.................................................................................................
1.1 INTRODUCTION............................................................................................ 12
1.2 PROJECT OVERVIEW..................................................................................... 13
1.3 PROBLEM DEFINITION………………………………………………..…... 14
CHAPTER 2 ..............................................................................................................
2.1. PROPOSED SYSTEM AND TARGETED USER........................................... 16
2.2. SYSTEM REQUIREMENT SPECIFICATION............................................... 18
2.3 FEASIBILITY STUDY....................................................... .............................. 19
CHAPTER 3......................................................................................................
3.1. DATABASE DESCRIPTION ......................................................................... 27
3.2. DATA DESIGN ................................................................................................ 30
3.2.1. E-R DIAGRAM……………………………………………………..
3.3. SYSTEM DESIGN……………………………………………………………… 31
3.3.1.UML DESIGN…………………………………………………………
3.3.2. DATA FLOW DIAGRAM……………………………....
CHAPTER 4 …………………….........................................................................
4.1. SNAPSHOTS……………………………………………………. 40
APPENDIX A ......................................................................................................... 61
REFERENCES... .................................................................................................... 70
3
DECLARATION
we hereby declare that this submission is our own work and that, to the best of our
knowledge and belief, it contains no material previously published or written by another
person nor material which to a substantial extent has been accepted for the award of any
other degree or diploma of the university or other institute of higher learning, except where
due acknowledgment has been made in the text.
Date:
Signature :
CERTIFICATE
4
This is to certify that Project Report entitled “DigiSafe” which is submitted by Ashwani
Kumar, Chetan Anand, Gaurav Gupta and Manpreet Bhatia in partial fulfillment of the
requirement for the award of degree B. Tech. in Department of Information Technology of
U. P. Technical University is a record of the candidate own work carried out by him under
my/our supervision. The matter embodied in this thesis is original and has not been submitted
for the award of any other degree.
Date: Supervisor
Lecturer
Gr. NOIDA
ACKNOWLEDGEMENT
5
It gives us a great sense of pleasure to present the report of the B. Tech Project undertaken
during B. Tech. Final Year. We owe special debt of gratitude to Professor Abhishek
Chaudhary, Department of Computer Science & Engineering, IEC College of Engineering
& Technology, Gr. Noida for his constant support and guidance throughout the course of our
work. His sincerity, thoroughness and perseverance have been a constant source of
inspiration for us. It is only his cognizant efforts that our endeavors have seen light of the
day.
We also take the opportunity to acknowledge the contribution of Professor Rajeev Ranjan,
Department of Computer Science & Engineering, IEC College of Engineering &
Technology, Gr. Noida for his full support and assistance during the development of the
project.
We also do not like to miss the opportunity to acknowledge the contribution of all faculty
members of the department for their kind assistance and cooperation during the development
of our project. Last but not the least, we acknowledge our friends for their contribution in the
completion of the project.
Date:
Signature:
Abstract
6
The security of information available to an organization was primarily provided through
physical and administrative means. For example, rugged file cabinets with a combination
lock were used for storing sensitive documents and personnel screening procedures were
employed during the hiring process. With the introduction of the computer, the need for
automated tools for protecting files and other information stored on the computer became
evident.
This is especially the case for a shared system and the need is even more acute for a
network. Computer networks were primarily used by university researches for sending e-
mail, and by corporate employees for sharing printers. Under these conditions, security was
not given much attention. Today, since the world is going global, and trillions of data are
transferred daily across networks, security is looming on the horizon as a potentially massive
problem. The generic name for the collection of tools designed to protect data and to thwart
hackers is Computer Security.
In the project titled “Digital Signatures” security is ensured in the Messaging System
of an organization. In this application, if an employee wishes to send confidential information
to another employee connected through the intranet of their organization, he first signs the
message and then sends it to the recipient. He signs the message using Digital Signatures.
The person who receives the message validates the sender and if the message is from an
authorized employee, he reads the message. The above operation is performed using Digital
Signature Algorithm (DSA). This application makes sure that the security services
Authentication, Secrecy, Integrity, and Non-repudiation are provided to the user.
Therefore, intruders cannot gain access to classified information.
LIST OF TABLES
Entity: Login_digisafe
7
Role: To maintain the username and the related password of different users.
Entity: Inbox_digisafe
Entity: sent_digisafe
Entity: certificate_digisafe
Entity: attachment_digisafe
LIST OF SYMBOLS
8
An activity , a title for the activity should be placed inside rectangle.
Data flow , arrow should be labeled with the name of data moving
between the activities.
A file or store . A straight line connects the file to the activity that access the
file .the name of the file should be indicated within the rectangle.
9
LIST OF ABBREVIATIONS
10
CHAPTER 1
1.1. Introduction
1.2. Project Overview
1.3. Problem Definition
11
1.1. INTRODUCTION
Scope
The project is confined to the intranet in an organization. This application makes sure
that security services such as secrecy, authentication, integrity and non-repudiation are
provided to the communicating parties.
Objective
This project has been developed keeping in view the security features that need to be
implemented in the networks following the fulfillment of these objectives:
• To develop an application that deals with the security threats that arise in the network.
• To enable the end-users as well as the organizations come out with a safe messaging
communication without any threats from intruders or unauthorized people.
• To deal with the four inter-related areas of network security namely Secrecy,
Authentication, Non-repudiation and Integrity.
12
1.2. Project Overview
This application makes use of Digital Signature Algorithm (DSA) along with a hash
function. The hash code is provided as input to a signature function along with a random
number generated for this particular signature. The signature function also depends on the
sender’s private key and a set of parameters known to a group of At the receiving end,
verification is performed. The receiver generates a quantity that is a function of the public-
key components, the sender’s public key, and the hash code of the incoming message. If
this quantity matches with one of the components of the signature, then the signature is
validated.
This application makes sure that the security services Authentication, Secrecy,
Integrity, and Non-repudiation are provided to the user.
• This application allows to keep the information out of the hands of unauthorized
persons. This is called Secrecy.
• It also deals with determining whom a person is communicating with before revealing
sensitive information or entering a business deal. This is called Authentication.
• Integrity makes sure whether a particular message has been modified or something
has been added to it.
13
1.3. Problem Definition
Message authentication protects two parties who exchange messages from any third
party. However, it does not protect the two parties against each other. Several forms of
disputes between the two parties are possible.
2. A may deny sending the message. Because it is possible for B to forge a message,
there is no way to prove that A did in fact send the message.
The most attractive solution to this problem is the Digital Signature. The Digital Signature is
analogous to the handwritten signature. It must have the following properties:
• It must be able to verify the author and the date and time of the signature.
14
• It must be practical to retain a copy of the digital signature in storage.
CHAPTER 2
15
2.1. Proposed System & Targeted User
Existing system
These days almost all organizations around the globe use a messaging system to
transfer data among their employees through their exclusive intranet. But the security
provided is not of high standards. More and more unauthorized people are gaining access to
confidential data.
Disadvantages:
Confidentiality:
Confidentiality is the protection of transmitted data from passive attacks. With respect
to the release of message contents, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time. For
example, if a virtual circuit is set up between two systems, this broad protection would
prevent the release of any user data transmitted over the virtual circuit. Narrower forms of
this service can also be defined, including the protection of a single message or even specific
fields within a message. These refinements are less useful than the broad approach and may
even be more complex and expensive to implement. The other aspect of confidentiality is the
16
protection of traffic flow from analysis. This requires that an attacker not be able to observe
the source and destination, frequency, length, or other characteristics of the traffic on a
communications facility.
Authentication:
Integrity:
Integrity basically means ensuring that the data messages are not modified. An
integrity service that deals with a stream of messages assures that messages are received as
sent, with no duplication, insertion, modification, reordering or replays. The destruction of
data is also covered under this service. Thus the integrity service addresses both message
modification and denial of service.
Non-repudiation:
17
2.2. System Requirement Specification
Client Configuration
- 512 MB RAM
Server Configuration
- 1 CPU
- RAM : 16 GB Minimum
impact on the organization, ability to meet user needs, and effective use of resources.
The objective of feasibility study is not to solve the problem but to acquire a sense of its
scope. During the study, the problem definition is crystallized and aspects of the problem to
be included in the system are determined. Consequently, costs and benefits are estimated with
greater accuracy at this stage.
The result of the Feasibility study is a formal proposal.This is simply a report-a formal
document detailing the nature and scope of the Proposed solution. Finally, Feasibility Study
is carried out to select the best system that meets the performance requirements.
A feasibility study is carried out to select the best system that meets the
performance requirements.Feasibility is the determination of whether or not project is worth
doing. The process followed in making this determination is called a Feasibility study.
19
The main objectives of feasibility study are:
TYPES OF FEASIBILITY
The study is conducted to evaluate the possibility of HRM systems to produce the desired
outputs .Most successful system projects are not necessarily the biggest or most visible in a
business but rather those that truly meet user expectations. Three key considerations
20
involved are :
Types of Feasibility
Technical
Economic
Operational
1. ECONOMIC FEASIBILITY
Economic analysis is the most frequently used method for evaluating the Effectiveness
of a HRM Systems .Most commonly known as cost/benefit analysis, the procedure is to
determine the benefits and savings that are expected from a system and compare them with
costs involved.
21
The cost are negligible as the needed infrastructure already exists .As the benefits greatly
overweighs cost, the proposed system is economically feasible.
Economic analysis is the most frequently used technique for evaluating the effectiveness
of a proposed system. Commonly known as cost / benefit analysis. The procedure is to
determine the benefit and savings that expected from a proposed system and compare
them with costs. In case of profit, decision is taken to design and implement the system.
The proposed system is financially feasible because of the following reason:
1. The cost of the system development is not much because of module /
department wise automation.
2. Then organization wants to implement wise so this system cannot take
a heavy amount to implement the system into the form of hardware
investment.
3. The proposed system is economic, as it will reduce the time investment
in running the daily transaction.
2. TECHNICAL FEASIBILITY
Technical feasibility centers on the existing computer system (Hardware and software
etc.) and to what extent it can support the proposed system .In case of this system, the
required infrastructure i.e. hardware, software application and technical know-how already
exists .Thus the project is then technically feasible. This is concerned with specifying
equipment and software that will successfully satisfy the user requirements. The are a number
of technical issue, which are raised during the feasibility stage investigation. The are as
follow:
Technical feasibility centers on the existing computer system (hardware, software, etc.)
and to what extent it can support the proposed addition. Time duration is also a part of
technical feasibility. Time is one of the major factors to decide the success of the project. If
project is not complete within the time duration, the budget will be increase definitely. If the
budget is a serious constraint, then the project is judged not feasible .So if it is very serious
matter, each project team should keeps in mind this, to complete the project with in specified
time.
22
• The facility to produce output in a given time.
• Response time under certain condition.
• Ability to process ascertains volume of package at a particular speed.
• Facility to communicate data to distinct location.
• The proposed system is technically feasibility because of following reason:
• The organization want to build the computer based system for data.
• Maintained into the digital form so that maintaining of information will gone to
Be easy and retrieval of the information is fast.
After converting data into the digital form cost of stationary is saved.
• This system also able to produce the required the report in least time.
• This system has also the facility to communication among the terminals to
distant locations.
3. OPERATIONAL FEASIBILITY
4. BEHAVIOURAL FEASIBILITY
Behavioural feasibility is procedure to determine an estimate of how strong reaction the user
staff is likely to have towards the development of a computerized system. It is common
knowledge .Those computer installations have something to do with turnover, transfers,
retraining and changes in employee job status. Therefore, it is understandable that the
introduction of a candidate system requires special effort to educate and train the staffon new
ways of handling the system. All along the above studies and discussion the users were
actively involved and were keen to get a new system, which would eliminate all the problems
in the existing system. The total project costs, priority, completion time and personnel’s
required were estimated. Initial plans were drawn up to how the project would proceed to its
final Implementation,while running the existing system so that company’s information needs
were not affected. Feasibility Study helps to determine performance
and cost Effectiveness of the system, against the system performance requirements set
5. SOCIAL FEASIBILITY
24
People are inherently resistant to change, and computers have been known to facilitate
change . An adverse reaction and resistance is always expected from the user staff. Our case
is different .The users get the graphical displays of information which is quickly
understandable than capturing the information from reports.
6. TIME FEASIBILITY
25
CHAPTER 3
Role: To maintain the username and the related password of different users.
Attributes:
26
Username Not null Varchar2
Question Varchar2
Answer Varchar2
Check1 Number
Entity: Inbox_digisafe
Attributes:
Subject Varchar2
Message Varchar2
Entity: sent_digisafe
Attributes:
Subject Varchar2
27
Message Varchar2
Entity: certificate_digisafe
Attributes:
Cfile Varchar2
Entity: attachment_digisafe
Attribute:
Message_date Varchar2
Attach1 Varchar2
Message_digest1 Varchar2
Attach2 Varchar2
28
Message_digest2 Varchar2
Attach3 Varchar2
Message_digest3 Varchar2
Attach4 Varchar2
Message_digest4 Varchar2
Attach5 Varchar2
Message_digest5 Varchar2
29
3.3. System Design
30
3.3.1. UML Diagram
31
32
2ND Level DFD’S
33
34
35
Compose Mail
36
Validate Mail
Create Certificate
37
38
Sent Mail
SCREEN SHOTS
39
Screen Shots
Screen 1 - Login Screen
40
This is home page of Administrator
41
Screen 2 – Create Certificate
42
43
Screen 3 – Compose
Writing
44
Attaching files
45
46
Encryption
47
Signing
48
49
Screen 4 – Registration
50
51
52
Screen 5 – Edit Profile
53
Screen 6 – Change Password
54
Screen 7 – Forgot Password
55
56
57
Screen 7 – Sent Mail
58
59
Appendix
J2EE
Sun Microsystems provides specifications for a comprehensive suite of technologies to solve large
scale distributed system problems. This suite is the Java 2 Enterprise Edition, commonly known as
60
J2EE. The J2EE Platform provides a component-based approach to the design, development,
assembly, and deployment of enterprise applications.
The J2EE platform is designed to provide server-side and client-side support for developing
enterprise, multi-tier applications. Such applications are typically configured as a client tier to provide
the user interface, one or more middle-tier modules that provide client services and business logic for
an application, and backend enterprise information systems providing data management.
J2EE APIs
J2EE Technologies
The J2EE platform uses a multi-tiered distributed application model. Application logic is
divided into components according to function, and the various application components that
make up a J2EE application are installed on different machines depending on the tier in the
multi-tiered J2EE environment to which the application component belongs
62
developed with EJB technology are often called Enterprise JavaBeans components or simply
"enterprise beans."
• Session beans
o Stateful
o Stateless
• Entity beans
o Bean-managed Persistence (BMP)
o Container-managed Persistence (CMP)
o Enterprise Javabeans Query Language
• Message-driven beans
Session beans
A session bean represents a single unique session between a client and an instance of the
bean. A session bean can't be shared. One instance of the bean is tied to a specific client in a
specific session. The session bean exposes methods that a client can call to execute business
tasks on the server. When Client's session ends, the session bean is no longer associated with
that client.
o Stateful
63
A stateful session bean maintains data about the unique client-bean session in its instance
variables. The data represents the state (often called the "conversational state") of that
specific session. The conversational state is maintained for the life of Client-bean association.
Significantly, this means that the data is maintained across operations.
o Stateless
A stateless session bean does not maintain conversational state for its client. Because a
stateless session bean cannot maintain conversational state across methods, it's typically used
for one-step tasks, such as sending an email that confirms an online order.
Entity beans
An entity bean represents data in a storage medium, such as a relational database. Each entity
bean may correspond to a table in a relational database, and each instance of the bean
corresponds to a row in that table. Entity beans are not limited to representing relational
databases. They can represent data in other types of data stores, but the majority of enterprise
applications that use EJB technology access data in relational databases.
An entity bean can manage its own persistence (this is called bean-managed persistence) or
let the EJB container manage it (container-managed persistence). With bean-managed
persistence, the entity bean code includes SQL statements that access the database. With
container-managed persistence, the EJB container automatically generates the necessary
database access calls.
A message-driven bean can process messages sent by any J2EE component (such as an
application client, another enterprise bean, or a web component) or by a JMS application or
system that does not use J2EE technology. Often message-driven beans are used to route
messages. This makes them useful in many business-to-business communication scenarios.
64
Oracle 10g Database & Application Server
65
Oracle Wwblogic Application Server Enterprise Edition
Includes: Oracle Forms Services, Oracle Reports Services, TopLink, Portal, Discoverer
Viewer, Discoverer Plus (Web Functionality), Identity Management (LDAP), Application
Interconnect Toolkit, Workflow, Wireless Option, Personalization, and 5 JDeveloper Named
User Plus licenses per Processor.
66
Client/Server To take full advantage of a given computer system or
(distributed network, Oracle allows processing to be split between
processing) the database server and Client application programs.
environments
High availability Oracle can work 24x7 with no down time for quite a
large amount of time.
As of 2006, the latest version of the language is JavaScript 1.7. The previous version 1.6
corresponded to ECMA-262 Edition 3 like JavaScript 1.5, except for Array extras, and Array
and String generics. ECMAScript, in simple terms, is a standardized version of JavaScript.
The ECMA-357 standard specifies E4X, a language extension dealing with XML.
One major use of web-based JavaScript is to write functions that are embedded in or included
from HTML pages and interact with the Document Object Model (DOM) of the page to
perform tasks not possible in HTML alone. Some common examples of this usage follow.
• Opening or popping up a new window with programmatic control over the size,
position and 'look' of the new window (i.e. whether or not the menus, toolbars, etc. are
visible).
• Validation of web form input values to make sure that they will be accepted before
they are submitted to the server.
• Changing images as the mouse cursor moves over them: This effect is often used to
draw the user's attention to important links displayed as graphical elements.
REFERNCES
69
Web resources
www.java.sun.com
Official Java Website
www.java.sun.com/developer/onlineTraining/J2EE/Intro2/j
2ee.html
Training for J2EE
Books
API DOCS –JAVA, J2EE, Java Mail, Java Servlets, JSPs
By: Sun Microsystems
• Oracle 10g
By: Ivan Baross
• Software Engineering
By: Roger Pressman
70