monitoring security system(8 copies)

8/8/2019 Monitoring Security System(8 Copies)

1/81

INTRODUCTION

MONITORING SECURITY SYSTEM manages to enhance security of

the computer through monitoring various tasks performed by the

computer. It provides limited access to each user to the tasks according

to the users need. Administrator can modify the access given to each

user hence non-authorized users cant access that particular task. As

many number of users can be added and granted access separately to

each user by this utility software.

It is software that can be used commercially on all background

those which need a separate security policy for each user of that

computer. This facility can only be availed by only those users who carry

the authentication i.e. username and password for the task they want to

perform.

The scope of this system is that it can be used in any personal

Windows based computer or at any organization where a single computer

is shared by many users and security of personal data or blocking of

certain websites becomes a serious issue. This utility software offers

enhanced security to the user through features such as folder lock, USB

enable/disable, encryption/decryption and website blocking in a single

package.

As every system that is built in this universe has it own boundary

the same applies to Monitoring Security Systems. The main restriction is

that all the features of the software are limited to only Windows XP.Somefeatures such as Folder Lock cannot work in Windows Vista or Windows 7.

Every user should login with a unique id and password before accessing

the utility. Those users who dont have required authentications cannot

use this system.

This utility software provides following utilities to the user

1. Folder lock


2/81

MONITORING SECURITY SYSTEM

2. USB enable/disable

3. Website blocker

4. Encryption/Decryption

When a user want to accesss a features of the software, say, folder

lock, he will be first prompted for the username and password.If correct

combination of username and password is provided, then he can access

the folder lock utility.A window providing folder lock utility will be

opened.User can select any folder to lock.By clicking on lock button,

folder will be locked.now anyone trying to open that folder will be

redirected to control panel; since the software modifies the hex address of

the folder to the control panels hex address when we clock on lock

button.When user want to access the data, he will again access the folder

lock utility through authentication steps and then after clicking the

unlock buton, original hex address of that folder will be restored.

Administrator can add, remove and modify access to the user.Hecne

he can decide which user will have the access to which utility.Eventually,

administrator will have access to all of the utilities provided by the

software.There can be a single or multiple administrators.

Currently, all the features are available to the Windows XP users.

This software can work on other Windows Operating Systems if we

provide the way to access the registry settings and hex addresses of the

folders for respective operating systems.

1.1 COMPUTER SECURITY

Secure storage and communications for preventing the

unauthorized interception of sensitive information data is a legitimate

need of not only Institutions in the military and government, but also the

business sector and private individuals.

Data privacy, authentication, digital signature, and file security

are the various elements that need to be examined for protecting data in

computer and communication systems for unauthorized disclosure and

DEVELOPED AT PRIYADARSHINI INSTITUTE OF ENGINEERING & TECHNOLOGY, NAGPUR 2


3/81


modification. If a non-inter acceptable means for data storage and

transmission were available, then all messages and data in the

communications as well as in the data storage unit could obviously be

secured.There are several situations where the information should be

kept confidential, and where an opponent can intercept vital information

by monitoring the communications network. In such situations, necessary

steps should be taken to conceal and protect the information contents.

There is a strong need for the general tools of utility, which can

secure data in a computer system as well as on communication channel,

for every user who intend to use the computer system and transfer/

receive text/data on the network. For this purpose, we implemented the

cryptographic techniques as general tools of utility which can be used to

encrypt/ decrypt the files which roam on the network and to protect the

data on the computer system from unauthorized access.

1.1.2 Data security Problems in Computer Networks

In earlier days when corporations and universities had a single

computer center, achieving security was easy. They used to employ a

guard at the door to the computer room. The guard made sure that no

one removed any tapes, disks, or cards from the room unless explicitly

authorized to do so.

With the advent of networking, the situation has changed

radically. No one can manually police the millions of bits of data that daily

move between the computers in a network. Moreover, organizations have

no way of being sure that their data are not secretly copied by wire tap or

other means on the way to their proper destination.

1.1.3 Data security problems



4/81


Today there is a demand for much more data with convenient

and rapid access to that data. Computer networks satisfy this demand

since they have aspects like resource-sharing, multi-access, and

widespread geographic distribution to increase the accessibility of thedata. As a result of these aspects, the computer networks have become

good potential targets for security violations, increasing the concern for

the security of data in a computer communication environment.

Networking is expected to provide general, flexible access, whereas

security seeks to impose limited access rules under rigidly controlled

conditions. Hence there is a direct conflict between the goals of increased

accessibility and good security.

In the age when information is widely recognized as a valuable

commodity, its security has become particularly vital. Preventing the

disclosure of original message is not the only aspect of security in data

communication systems; others include protection against alterations or

introduction of false messages.

When a number of computers are interconnected to form a

network, the protection mechanisms within the individual computers, to

prevent unauthorized access to the files and illegal flow of information

within these computers, become inadequate to ensure the security of

inter-process communications across the network. This is due to the

distributed nature of the network architecture, the high degree of

openness of the network medium and the increased need for sharing

resources within the network.

1.1.4 Classification of attacks

The potential security violations can be divided into three

distinct categories:



5/81


1. unauthorized release of information

2. unauthorized modification of information

3. unauthorized denial of use of resources

Attacks which cause the release of information are known as

passive attacks or eavesdropping, while those which cause modification of

information or denial of resources are known as active attacks.

In a passive attack, the intruder merely observes the data passing

through the network at some point. Even if the data are not intelligible to

him, he can observe the protocol control information and learn the

location and identities of the communication protocol entities. He can

also examine the lengths of the data units and their frequency of

transmission to learn the nature of data being exchanged. These forms of

passive attacks are usually referred to as traffic analysis.

In an active attack, the intruder processes the data units passing

through the network at some point. These data units can be selectively

modified, deleted, delayed, reordered, duplicated, and inserted into the

association at a later point in time. Thus the countermeasures employed

against them also vary. It is therefore, useful to subdivide active attacks

into the following categories:

1. message stream modification

2. denial of message service

3. spurious connection initiation

Spurious connection initiation attacks take two forms: attempting

to establish a connection under a false identity, and playing back a

recording of the previous legitimate connection initiation attempt.



6/81


7/81


1.2 GUI USING JAVA

JAVA provides GUI in this application with the help of Swing and

AWT user interface packages. This helps to create application that is

dynamic, interactive and custom-tailored. Swing introduces three

significant advances: It uses fewer system resources, adds a lot more

sophisticates components, and lets you tailor the look and feel of your

programs.The look and feel of Swing applications is pluggable, allowing achoice of look and feel. For example, the same program can use either

the Java or the Windows look and feel. Additionally, the Java platform

supports the GTK+ look and feel, which makes hundreds of existing look

and feels available to Swing programs.

1.3 JAVA TECHNOLOGY

Today, with technology such a part of our daily lives, we take it for

granted that we can be connected and access applications and content

anywhere, anytime. Because of Java, we expect digital devices to be

smarter, more functional, and way more entertaining.

In the early 90s, extending the power of network computing to the

activities of everyday life was a radical vision. In 1991, a small group of

Sun engineers called the "Green Team" believed that the next wave in

computing was the union of digital consumer devices and computers. Led

by James Gosling, the team worked around the clock and created the

programming language that would revolutionize our world Java. Today,

java not only permeates the Internet, but also is the invisible force behind

many of the applications and devises that power our day-to-day lives.



8/81


From mobile phones to handheld devises, games and navigation systems

to e-business solutions, Java is everywhere!

1.4 MICROSOFT ACCESS

Backend of Monitoring Security System is implemented using

MS-Access. Creating structure of table in access is very easy. Similarly

inserting and modifying table requires no programming knowledge. It is

simple and convenient to use, but it is not much secure as compared to

Oracle. Microsoft Access is a powerful program to create and manage

your databases. It has many built in features to assist you in constructing

and viewing your information. One or more fields (columns) whose value

or values uniquely identify each record in a table. A primary key does not

allow Null values and must always have a unique value. A primary key is

used to relate a table to foreign keys in other tables. You do not have to

define a primary key, but it's usually a good idea. If you don't define a

primary key, Microsoft Access asks you if you would like to create one

when you save the table.



9/81


LITERATURE SURVEY

2.1 Objective:

Development of a software product which will provide enhanced

security to the system shared by multiple users,give each user the access

to one or multiple security features where each user can modify security

acces according to its need and secures his personal data from

unauthorized access. From the admin point of view, modify the access

given to the user, monitoring users by adding or deleting the users.

2.2 Related Work:

Various softwares are available to provide features such as Folder

Lock, Encryption and website blocker, but such softwares come bundled

separately and without advanced authentication features.

There are very few softwware available in the market to disable

USB ports, none developed in java.

2.3 Proposed Work:

The proposed work that we have set in our project as follows:

Development of software that produce a clear graphical user

interface for the customer as well as administrator which

allows them to monitor seurity of the system with an ease.

Choosing a database for storing information about user,

administrator, and system.



10/81


Creating a utility to provide facility to the user to lock and

unlock folder.

Creating a utility to provide facility to the user to encrypt and

decrypt files. Creating a utility to provide facility to the user to block the

websites and storing list of the blocked websites.

Creating a utility to provide facility to the user to enable or

disable USB ports.

This system will keep record of new and current user profiles

and will provide access to the utilities as per the database

available regarding particular user.

At last interface all this modules together to get the proposed software

working.

2.4 Public Key Cryptography:

Public-key cryptography has been said to be the most significant new

development in cryptography in the last 300-400 years. Modern PKC was

first described publicly by Stanford University professor Martin Hellman

and graduate student Whitfield Diffie in 1976. Their paper described a

two-key crypto system in which two parties could engage in a secure

communication over a non-secure communications channel without

having to share a secret key.

PKC depends upon the existence of so-called one-way functions, or

mathematical functions that are easy to computer whereas their inverse

function is relatively difficult to compute. Let us give you two simple

examples:

1. Multiplication vs. factorization:

Suppose I tell you that I have two numbers, 9 and 16, and

that I want to calculate the product; it should take almost no time

to calculate the product, 144. Suppose instead that I tell you that Ihave a number, 144, and I need you tell me which pair of integers I



11/81


multiplied together to obtain that number. You will eventually come

up with the solution but whereas calculating the product took

milliseconds, factoring will take longer because you first need to find

the 8 pair of integer factors and then determine which one is thecorrect pair.

2. Exponentiation vs. logarithms:

Suppose I tell you that I want to take the number 3 to the

6th power; again, it is easy to calculate 36=729. But if I tell you

that I have the number 729 and want you to tell me the two

integers that I used,xand yso that logx 729 = y, it will take you

longer to find all possible solutions and select the pair that I used.

While the examples above are trivial, they do represent two

of the functional pairs that are used with PKC; namely, the ease of

multiplication and exponentiation versus the relative difficulty of

factoring and calculating logarithms, respectively. The mathematical

"trick" in PKC is to find a trap doorin the one-way function so that

the inverse calculation becomes easy given knowledge of some item

of information.

Generic PKC employs two keys that are mathematically

related although knowledge of one key does not allow someone to easily

determine the other key. One key is used to encrypt the plaintext and the

other key is used to decrypt the ciphertext. The important point here is

that it does not matter which key is applied first, but that both keys are

required for the process to work (Figure 1B). Because a pair of keys are

required, this approach is also called asymmetric cryptography.

In PKC, one of the keys is designated thepublic keyand

may be advertised as widely as the owner wants. The other key is

designated the private keyand is never revealed to another party. It is

straight forward to send messages under this scheme. Suppose Alice

wants to send Bob a message. Alice encrypts some information using

Bob's public key; Bob decrypts the ciphertext using his private key. Thismethod could be also used to prove who sent a message; Alice, for



12/81


example, could encrypt some plaintext with her private key; when Bob

decrypts using Alice's public key, he knows that Alice sent the message

and Alice cannot deny having sent the message (non-repudiation).

Public-key cryptography algorithms that are in use today for keyexchange or digital signatures include:

RSA: The first, and still most common, PKC implementation, named

for the three MIT mathematicians who developed it Ronald

Rivest, Adi Shamir, and Leonard Adleman. RSA today is used in

hundreds of software products and can be used for key exchange,

digital signatures, or encryption of small blocks of data. RSA uses a

variable size encryption block and a variable size key. The key-pair

is derived from a very large number, n, that is the product of two

prime numbers chosen according to special rules; these primes may

be 100 or more digits in length each, yielding an n with roughly

twice as many digits as the prime factors. The public key

information includes n and a derivative of one of the factors ofn; an

attacker cannot determine the prime factors ofn (and, therefore,

the private key) from this information alone and that is what makes

the RSA algorithm so secure. (Some descriptions of PKC

erroneously state that RSA's safety is due to the difficulty in

factoring large prime numbers. In fact, large prime numbers, like

small prime numbers, only have two factors!) The ability for

computers to factor large numbers, and therefore attack schemes

such as RSA, is rapidly improving and systems today can find the

prime factors of numbers with more than 200 digits. Nevertheless,

if a large number is created from two prime factors that are roughly

the same size, there is no known factorization algorithm that will

solve the problem in a reasonable amount of time; a 2005 test to

factor a 200-digit number took 1.5 years and over 50 years of

compute time (see the Wikipedia article on integer factorization.)

Regardless, one presumed protection of RSA is that users can easilyincrease the key size to always stay ahead of the computer



13/81


processing curve. As an aside, the patent for RSA expired in

September 2000 which does not appear to have affected RSA's

popularity one way or the other.

Diffie-Hellman: After the RSA algorithm was published, Diffie andHellman came up with their own algorithm. D-H is used for secret-

key key exchange only, and not for authentication or digital

signatures.

Digital Signature Algorithm (DSA): The algorithm specified in

NIST's Digital Signature Standard (DSS), provides digital signature

capability for the authentication of messages.

ElGamal: Designed by Taher Elgamal, a PKC system similar to

Diffie-Hellman and used for key exchange.

Elliptic Curve Cryptography (ECC): A PKC algorithm based upon

elliptic curves. ECC can offer levels of security with small keys

comparable to RSA and other PKC methods. It was designed for

devices with limited compute power and/or memory, such as

smartcards and PDAs.

Public-Key Cryptography Standards (PKCS): A set of

interoperable standards and guidelines for public-key cryptography,

designed by RSA Data Security Inc.

o PKCS #1: RSA Cryptography Standard (Also RFC 3447)

o PKCS #2: Incorporated into PKCS #1.

o PKCS #3: Diffie-Hellman Key-Agreement Standard

o PKCS #4: Incorporated into PKCS #1.

o PKCS #5: Password-Based Cryptography Standard (PKCS #5

V2.0 is also RFC 2898)

o PKCS #6: Extended-Certificate Syntax Standard (being

phased out in favor of X.509v3)

o PKCS #7: Cryptographic Message Syntax Standard (Also RFC

2315)



14/81


o PKCS #8: Private-Key Information Syntax Standard (Also RFC

5208)

o PKCS #9: Selected Attribute Types (Also RFC 2985)

o PKCS #10: Certification Request Syntax Standard (Also RFC

2986)

o PKCS #11: Cryptographic Token Interface Standard

o PKCS #12: Personal Information Exchange Syntax Standard

o PKCS #13: Elliptic Curve Cryptography Standard

o PKCS #14: Pseudorandom Number Generation Standard is no

longer available

o PKCS #15: Cryptographic Token Information Format Standard

Cramer-Shoup: A public-key cryptosystem proposed by R. Cramer

and V. Shoup of IBM in 1998.

Key Exchange Algorithm (KEA): A variation on Diffie-Hellman;

proposed as the key exchange method for Capstone.

LUC: A public-key cryptosystem designed by P.J. Smith and based

on Lucas sequences. Can be used for encryption and signatures,

using integer factoring.

2.4.1 Cramer-Shoup Cryptosystem:

2.4.1.1 Chosen Cyphertext attack:

2.4.1.1.1 Introduction:

A chosen-ciphertext attack (CCA) is an attack model for

cryptanalysis in which the cryptanalyst gathers information, at least in

part, by choosing a ciphertext and obtaining its decryption under an

unknown key.

A number of otherwise secure schemes can be defeated under

chosen-ciphertext attack. For example, the El Gamal cryptosystem is



15/81


semantically secure under chosen-plaintext attack, but this semantic

security can be trivially defeated under a chosen-ciphertext attack. Early

versions of RSA padding used in the SSL protocol were vulnerable to a

sophisticated adaptive chosen-ciphertext attack which revealed SSLsession keys. Chosen-ciphertext attacks have implications for some self-

synchronizing stream ciphers as well. Designers of tamper-resistant

cryptographic smart cards must be particularly cognizant of these attacks,

as these devices may be completely under the control of an adversary,

who can issue a large number of chosen-ciphertexts in an attempt to

recover the hidden secret key.

When a cryptosystem is vulnerable to chosen-ciphertext attack,

implementers must be careful to avoid situations in which an adversary

might be able to decrypt chosen-ciphertexts (i.e., avoid providing a

decryption oracle). This can be more difficult than it appears, as even

partially-chosen-ciphertexts can permit subtle attacks. Additionally, some

cryptosystems (such as RSA) use the same mechanism to sign messages

and to decrypt them. This permits attacks when hashing is not used on

the message to be signed. A better approach is to use a cryptosystem

which is provably secure under chosen-ciphertext attack, including

(among others) RSA-OAEP, Cramer-Shoup and many forms of

authenticated symmetric encryption.

2.4.1.1.2 Varieties of chosen-ciphertext attacks

2.4.1.1.2.1Lunchtime Attack:

A specially noted variant of the chosen-ciphertext attack is the

"lunchtime", "midnight", or "indifferent" attack, in which an attacker may

make adaptive chosen-ciphertext queries but only up until a certain point,

after which the attacker must demonstrate some improved ability to

attack the system. The term "lunchtime attack" refers to the idea that auser's computer, with the ability to decrypt, is available to an attacker



16/81


while the user is out to lunch. This form of the attack was the first one

commonly discussed: obviously, if the attacker has the ability to make

adaptive chosen ciphertext queries, no encrypted message would be safe,

at least until that ability is taken away. This attack is sometimes calledthe "non-adaptive chosen ciphertext attack"; here, "non-adaptive" refers

to the fact that the attacker cannot adapt their queries in response to the

challenge, which is given after the ability to make chosen ciphertext

queries has expired.

2.4.1.1.2.2 Adaptive chosen-ciphertext attack:

An adaptive chosen-ciphertext attack (abbreviated as

CCA2) is an interactive form of chosen-ciphertext attack in which an

attacker sends a number of ciphertexts to be decrypted, then uses the

results of these decryptions to select subsequent ciphertexts. It is to be

distinguished from an indifferent chosen-ciphertext attack (CCA1).

The goal of this attack is to gradually reveal information about an

encrypted message, or about the decryption key itself. For public-key

systems, adaptive-chosen-ciphertexts are generally applicable only when

they have the property of ciphertext malleability that is, a ciphertext

can be modified in specific ways that will have a predictable effect on the

decryption of that message.

Practical attacks:

Adaptive-chosen-ciphertext attacks were largely considered

to be a theoretical concern until 1998, when Daniel Bleichenbacher of Bell

Laboratories demonstrated a practical attack against systems using RSA

encryption in concert with the PKCS#1 v1 encoding function, including a

version of the Secure Socket Layer (SSL) protocol used by thousands of

web servers at the time.



17/81


The Bleichenbacher attacks took advantage of flaws within the PKCS #1

function to gradually reveal the content of an RSA encrypted message.

Doing this requires sending several million test ciphertexts to the

decryption device (eg, SSL-equipped web server.) In practical terms, thismeans that an SSL session key can be exposed in a reasonable amount of

time, perhaps a day or less.

Preventing Attack:

In order to prevent adaptive-chosen-ciphertext attacks, it

is necessary to use an encryption or encoding scheme that limits

ciphertext malleability.

Cryptosystems proven secure against adaptive chosen-

ciphertext attacks include the Cramer-Shoup system and RSA-OAEP.

2.4.1.2 Features:

1. The security relies on the discrete log problem, i.e. given a

(large) prime p, a generator g of Z_p^* and a number a, find the (unique

in 1..p-1) number x such that g^x == a (mod p). This problem is

believed to be at least as difficult as factoring, though there are some

special cases known where it is easy (e.g. if p is of the form 2^k+1)

2. It is a public key encryption i.e. every key is a pair (pk,sk)

where pk is the public key and sk is the secret key. Encryption uses pk,

while Decryption is generally believed to be computationally intractable

without specific knowledge of sk. The public key can be made available

e.g on the personal Internet home page. Thus 'everyone' can send a

encrypted message to you, but you are the only one who can decrypt it.



18/81


3. The algorithm can be applied on 'arbitrary' key sizes, i.e. every

user can decide which bit-length k his key should have (less then 1000 is

usually considered insecure).

4. Encryption is 'probabilistic' - i.e. if the same text is encryptedtwice, the ciphertext usually will be different. They also will be longer (in

the size of bits) by a factor of four, in order to guarantee decryption to

the original message.

5. One amazing feature of this system is that it comes with a

proof of security against adaptive chosen ciphertext attacks. I.e if your

hardware device (say your workstation) can be used by an adversary for

a limited time (e.g. while you are at lunch) to decrypt chosen ciphertexts

without actually 'stealing' the secret key, it does not help him too much to

decrypt any ciphertexts except the ones he decrypted explicitly. Thus, by

simply keeping a local list of cipher texts that you prevent from being

decrypted straightforward (i.e. those you generated), you can---at least

in theory---add some security.

2.4.1.3 Working:

CramerShoup consists of three algorithms: the key generator,

the encryption algorithm, and the decryption algorithm.

2.4.1.3.1 The key generator:

Alice generates an efficient description of a cyclic group G of

order q with two distinct, random generators g1,g2.

Alice chooses five random values (x1,x2,y1,y2,z) from .

Alice computes .

Alice publishes (c,d,h), along with the description of G,q,g1,g2, as her

public key. Alice retains (x1,x2,y1,y2,z) as her secret key. The group can be

shared between users of the system.



19/81


2.4.1.3.2The encryption algorithm:

To encrypt a message m to Alice under her public key(G,q,g1,g2,c,d,h), Bob converts m into an element ofG.

Bob chooses a random kfrom , then calculates:

, where H() is a collision-resistant cryptographic

hash function.

Bob sends the ciphertext (u1,u2,e,v) to Alice.

2.4.1.3.3The decryption algorithm:

To decrypt a ciphertext (u1,u2,e,v) with Alice's secret key

(x1,x2,y1,y2,z), Alice computes and verifies that

. If this test fails, further decryption is aborted and

the output is rejected.

Otherwise, Alice computes the plaintext as .

The decryption stage correctly decrypts any properly-formed ciphertext,

since , and

If the space of possible messages is larger than the size ofG, then the

message can be split into several pieces and each piece can be encrypted

independently.

Alternately, CramerShoup may be used in a hybrid

cryptosystem to improve efficiency on long messages.

2.5 References:

1. http://java.sun.com/tech /morderntech.htm2. http://www.springframework.org/research.htm



20/81


3. java.sun.com/docs/books/tutorial/

4. java.sun.com/docs/books/tutorial/jdbc/

5. R. Cramer and V. Shoup. A practical public key cryptosystemsecure against adaptive chosen cipher text attacks. In Proc. CRYPTO '98,

pringer Verlag LNCS, 1998.

.

3.1SYSTEM ARCHITECTURE

3.1.1 SYSTEM ARCHITECTURE:

Architectural design represents the structure of data and

program components that are required to build a computer based system.

It considers the architectural style that the system will take the structure

and properties of the components that constitute the system and the

interrelationships that occur among all architectural components of

components of a system.

Architectural diagram provides us with the big picture and

ensures that we have got it right. It begins with data design and then

proceeds to the derivation of one or more representations, of one or more

representations of the architectural structure of the system. Alternate

designs are encouraged to achieve a better design.

Following are the important features of Architectural design:

Representations of software architecture are an enabler for

communication between all parties interested in the

development of a computer-based system.

The architecture highlights early design decisions that will have

a profound impact on all software engineering work that



21/81


follows and, as important, on the ultimate success of the

system as an operational entity.

Architectural constitutes a relatively small, intellectuallygraspable mode of how the system is structure and how its

structured and how its components work together.



22/81


Figure 3.1: System Architecture

3.1.2 ADMIN PRIVILEGE FLOW CHART:

DEVELOPED AT PRIYADARSHINI INSTITUTE OF ENGINEERING & TECHNOLOGY, NAGPUR

Home Page

USER ADMIN

FOLDER LOCK

ENBLE/DISABLE

USB

LOGIN

CHANGE

PASSWORD

MANAGE USER

MANAGE USER

MODIFY ACCESS

FOLDER LOCK

ENBLE/DISABLE

USB

ENCRYPT/DECRYP

T FILE

BLOCK WEBSITE

CHANGE

PASSWORD

LOGIN

BLOCK WEBSITE

ENCRYPT/DECRYPT

FILE

22


23/81

Verified

Administrator

Home

Manage User

Change Password

Modify Access

Folder Lock

Enable/Disable USB

Block Website

Encrypt/Decrypt File

About

View, Add or Edit Home Page

Modify/Change Password

Add, remove or modify access

given to user

Allowing user to use specified

module

Shows Info. Abt. project

Protect/Unprotect any file

Website is blocked/ unblocked

Enable/Disable using USB

Lock/Unlock the given Folder


Figure 3.2: Admin Privilege Architecture

3.2 DATA FLOW DIAGRAM:



24/81


The Data Flow Diagram is a modeling tool that allows us to

picture a system as a network of functional process connected to one

another by pipelines and holding tanks of data. The data flow diagram

is one of the most commonly used system-modeling tools, particularly foroperational systems in which the functions of the system are of

paramount importance and more complex than the data that the system

manipulates.

The components of a typical DFD:

Process

Flow

Data store

Terminator

3.2.1 ADMIN LOGIN:



25/81


Figure 3.3: Admin Login DFD

3.2.2. USER LOGIN:

Figure 3.4: User Login DFD

3.3 Various Modules



26/81


Software Modules

Folder Lock

Enable/Disable USB

Block Website

Encrypt/Decrypt File

3.3.1 Software Modules:

3.3.1.1. Folder Lock:

The module Folder Lock will lock the folder instructed by user.

To lock the folder, we change the path of the folder to Control Panel.

After locking the folder, whenever trying to access the folder, controlpanel will open instead of that folder. Thus unauthenticated user is

prevented from opening the folder.

To use this feature, user must have the necessary access rights

provided by administrator. User has to authenticate himself first by

providing user name & password before using the Folder Lock feature.

3.3.1.2. Enable/Disable USB:

The module Enable/Disable USB will temporarily enable or

disable the USB ports of the system. To disable USB, whenever user will

click on the disable button, the system registry entry, disableUSB.reg

will get executed. To enable USB, whenever user will click on the disable

button, the system registry entry, enableUSB.reg will get executed.



providing user name & password before using the Enable/Disable USB

feature.

3.3.1.3. Block Website:

The module Block Website will block the website. Blocking is

done by changing the IP address of the website entered by the user to the

IP address of the local host. Whenever the user try to visit the address of

the website, it will try to connect to the IP address of that website, but if

the website is listed in the blocked website, then browser will be

redirected to the local host IP address, thus preventing the user fromopening the website.



27/81




providing user name & password before using this feature.

3.3.1.4. Encrypt/Decrypt File:

The module Encrypt/Decrypt file is used to encrypt or decrypt

the file. Encryption is supported for number of file formats including txt

pdf, jpg, doc and many others. The encryption system is Cramer-Shoup

cryptosystem which is a public cryptosystem.

Here, file is encrypted using receivers public key and decrypted

using senders private key.


provided by administrator. User has to authenticate himself first byproviding user name & password before using this feature.

4.1 FRONT END DESIGN



28/81


4.1.1 JAVA TECHNOLOGY:

Today, with technology such a part of our daily lives, we take it for

granted that we can be connected and access applications and content

anywhere, anytime. Because of Java, we expect digital devices to be

smarter, more functional, and way more entertaining.

In the early 90s, extending the power of network computing to the

activities of everyday life was a radical vision. In 1991, a small group of

Sun engineers called the "Green Team" believed that the next wave in

computing was the union of digital consumer devices and computers. Led

by James Gosling, the team worked around the clock and created the

programming language that would revolutionize our world Java.Today,

Java not only permeates the Internet, but also is the invisible force

behind many of the applications and devises that power our day-to-day

lives. From mobile phones to handheld devises, games and navigation

systems to e-business solutions, Java is everywhere!

In order to understand why Java is so interesting, let's take a look

at the language features behind the buzzwords.

4.1.1.1 Object-Oriented

Java is an object-oriented programming language. To manage the

increasing complexity of the processoriented model, the object-oriented

programming was conceived. Object oriented programming organizes a

program around its data and set of well defined interfaces to the data.

In an object-oriented system, a class is a collection of data and

methods that operate on that data. Taken together, the data and

methods describe the state and behavior of an object. Classes are

arranged in a hierarchy, so that a subclass can inherit behavior from its

superclass. A class hierarchy always has a root class; this is a class with

very general behavior.



29/81


4.1.1.2 Interpreted

Java is an interpreted language: the Java compiler generates byte-

codes for the Java Virtual Machine (JVM), rather than native machine

code. Java interpreter is used to execute the compiled byte-codes. As

Java byte-codes are platform-independent, Java programs can run on any

platform that the JVM (the interpreter and run-time system) has been

ported to.

4.1.1.3 Architecture Neutral and Portable

Java application can run on any system since they are compiled to

an architecture neutral byte-code format, as long as that system

implements the Java Virtual Machine. This is a particularly important for

applications distributed over the Internet or other heterogeneous

networks. But the architecture neutral approach is useful beyond the

scope of network-based applications.

For a program to be dynamically downloaded to all the various

types of platform, some means of generating portable executable code is

needed. With multiple flavors of UNIX, Windows 95, and Windows NT on

the PC, and the new PowerPC Macintosh, it is becoming increasingly

difficult to produce software for all of the possible platforms. Java

provides solutions to all these problems in a better way.

4.1.1.4 Dynamic and Distributed

Java is a dynamic language. Any Java class can be loaded into a

running Java interpreter at any time. These dynamically loaded classes

can then be dynamically instantiated. Native code libraries can also be

dynamically loaded. Classes in Java are represented by the Class one can

dynamically obtain information about a class at run-time.



30/81


4.1.1.5 Simple

Java is a simple language. The Java designers were trying to create

a language that a programmer could learn quickly, so the number of

language constructs has been kept relatively small. Another design goal

was to make the language look familiar to a majority of programmers, for

ease of migration. Java uses many of the same language constructs as C

and C++.

4.1.1.6 Robust

Java has been designed for writing highly reliable or robust

software. Java certainly doesn't eliminate the need for software quality

assurance; it's still quite possible to write buggy software in Java.

However, Java does eliminate certain types of programming errors, which

makes it considerably easier to write reliable software.

4.1.1.7 Secure

Security is one of the most highly touted aspects in Java. This is

especially important because of the distributed nature of Java. Without an

assurance of security, it is impossible to download code from a random

site on the Internet and let it run on the computer. Java was designed

with several layers of security controls that protect against malicious

code, and allow users to comfortably run untested programs such as

applets. Java provides a firewall between a networked application and

the computer to enhance the security.

4.1.1.8 Multithreaded

Java is designed to meet the real world requirement of creating

interactive, networked programs.. The Java run time system comes with



31/81


elegant yet sophisticated solutions for multiprocessor synchronization that

enables to construct smoothly running interactive systems.

4.1.1.9Networking Capabilities

The networking capabilities of Java are perhaps the most powerful

component of the Java API because the vast majority of Java programs

run in a networked environment. Using the wide range of network

features built into Java, we can easily develop Web-based applets that

perform a variety of tasks over a network. The network support in Java isparticularly well suited to a client/server arrangement where a server

marshals information and serves it to clients that handle the details of

displaying the information to a user.

4.1.2 NETBEANS IDE

The NetBeans IDE is an open-source integrated development

environment written entirely in Java using the NetBeans Platform.

NetBeans IDE supports development of all Java application types (Java

SE, web, EJB and mobile applications) out of the box. Among other

features are an Ant-based project system, version control and refactoring.

Modularity: All the functions of the IDE are provided by modules. Each

module provides a well defined function, such as support for the Java

language, editing, or support for the CVS versioning system, and SVN.

NetBeans contains all the modules needed for Java development in a

single download, allowing the user to start working immediately. Modules

also allow NetBeans to be extended. New features, such as support for

other programming languages, can be added by installing additional

modules. For instance, Sun Studio, Sun Java Studio Enterprise, and Sun



32/81


Java Studio Creator from Sun Microsystems are all based on the NetBeans

IDE.

4.2 BACK END DESIGN



33/81


4.2.1 MICROSOFT ACCESS:

4.2.1.1Introduction to MS Access:A database is a computer term for a collection of related

information about a certain topic that provides a business application,

such as an employee database. Data management involves creating,

modifying, deleting and adding data to generate reports. Some popular

DBMS for PCs are MS Access, Clipper and FoxPro.

MS Access is a powerful multi-user DBMS developed by Micro

soft Crop. It can be used to store and manipulate large amount of

information and automate repetitive tasks, such as maintaining an

inventory and generating invoices.

4.2.1.2Features of MS Access: Access is a multi-featured DBMS that can use by both beginners

and those who have previous DBMS experience. The key features of

access are

Large data management capacity.

Importing, exporting and linking external files.

Wizards and Builders.

Built in functions.

Macros.

Context sensitive help and the Answer Wizard.

Built in Security.

Backend of this utility software is implemented using MS-Access.

Screenshots of table are already shown in design module of this report.

Creating structure of table in access is very easy. Similarly inserting and

modifying table requires no programming knowledge. It is simple and

convenient to use, but it is not much secure as compared to Oracle.

Microsoft Access is a powerful program to create and manage your



34/81


databases. It has many built in features to assist you in constructing and

viewing your information.

Database File: This is your main file that

encompasses the entire database and that is

saved to your hard-drive or floppy disk.

Example) StudentDatabase.mdb

Table: A table is a collection of data about aspecific topic. There can be multiple tables in a

database.

Example#1)Students

Example #2) Teachers

Field: Fields are the different categories within

a Table. Tables usually contain multiple fields.

Example#1)Student Last NameExample #2) Student FirstName

Data types: Data types are the properties of

each field. A field only has 1 data type.

(Field Name) Student LastName

(Data type) Text

Table 4.1: Database Design

4.2.1.3 Advanced Table Features w/Microsoft Access:

Assigning a field a specific set of characters

Example) Making a Social Security Number only allows 9 characters.



35/81


1. Switch to Design View

2. Select the field you want to alter

3. At the bottom select the General Tab

4. Select Field Size

5. Enter the number of characters you want this field to

have

Formatting a field to look a specific way (HINT: You do not need to assign

a field a specific set of characters if you do this)


2. Select the field you want to format

3. At the bottom select the General Tab

4. Select Input Mask Box and click on the ... button at the

right.



36/81


5. Select Phone Number option

6. Click on Next

7. Leave! (999) 000-0000 the way it is. This is a default.

8. Click Next

9. Select which option you want it to look like

10. Click Next

11. Click Finish

Selecting a value from a dropdown box with a set of values that you

assign to it. This saves you from typing it in each time

Example) Choosing a city that is either Auburn, Bay City, Flint orSaginaw


2. Select the field you want to alter (City)

3. At the bottom select the Lookup Tab

4. In the Display Control box, select Combo Box

5. Under Row Source Type, select Value List



37/81


6. Under Row Source, enter the values how you want them

displayed, separated by a comma. (Auburn, Bay City,

Flint, Midland, Saginaw)

7. Select in the datasheet view and you should see the

change when you go to the city field.

4.2.1.4 Primary Key:

One or more fields (columns) whose value or values uniquely

identify each record in a table. A primary key does not allow Null

values and must always have a unique value. A primary key is used

to relate a table to foreign keys in other tables.

NOTE: You do not have to define a primary key, but it's usually a

good idea. If you don't define a primary key, Microsoft Access asksyou if you would like to create one when you save the table.



38/81


For our tutorial, make the Soc Sec # field the primary key, meaning

that every student has a social security number and no 2 are the

same.

4.2.2 DATABASE CONNECTIVITY :

Database connectivity is provided by using Java Database

Connectivity(JDBC).

The Java Database Connectivity (JDBC) API is the industry standard for

database-independent connectivity between the Java programming

language and a wide range of databases SQL databases and other

tabular data sources, such as spreadsheets or flat files. The JDBC API

provides a call-level API for SQL-based database access.

JDBC technology allows you to use the Java programming language to

exploit "Write Once, Run Anywhere" capabilities for applications that

require access to enterprise data. With a JDBC technology-enabled driver,

you can connect all corporate data even in a heterogeneous environment.

4.2.2.1 JDBC Product Components:

JDBC includes four components:

4.2.2.1.1. THE JDBC API:

The JDBC API provides programmatic access to relational data

from the Java programming language. Using the JDBC API, applications

can execute SQL statements, retrieve results, and propagate changes

back to an underlying data source. The JDBC API can also interact withmultiple data sources in a distributed, heterogeneous environment.



39/81


The JDBC API is part of the Java platform, which includes the

Java Standard Edition (Java SE) and the Java Enterprise Edition

(Java EE). The JDBC 4.0 API is divided into two packages: java.sql and

javax.sql. Both packages are included in the Java SE and Java EEplatforms.

4.2.2.1.2. JDBC DRIVER MANAGER:

The JDBC Driver Manager class defines objects which can connect

Java applications to a JDBC driver. DriverManager has traditionally been

the backbone of the JDBC architecture. It is quite small and simple.

The Standard Extension packages javax.naming and javax.sql let

you use a DataSource object registered with aJava Naming and Directory

Interface (JNDI) naming service to establish a connection with a data

source. You can use either connecting mechanism, but using a

DataSource object is recommended whenever possible.

4.2.2.1.3. JDBC TEST SUIT:

The JDBC driver test suite helps you to determine that JDBC

drivers will run your program. These tests are not comprehensive or

exhaustive, but they do exercise many of the important features in the

JDBC API.

4.2.2.1.4. JDBC-ODBC BRIDGE:

The Java Software Bridge provides JDBC access via ODBC drivers.

Note that you need to load ODBC binary code onto each client machine

that uses this driver. As a result, the ODBC driver is most appropriate on



40/81


a corporate network where client installations are not a major problem, or

for application server code written in Java in three-tier architecture.

This Trail uses the first two of these these four JDBC components to

connect to a database and then build a java program that uses SQL

commands to communicate with a test Relational Database. The last two

components are used in specialized environments to test web

applications, or to communicate with ODBC-aware DBMSs.

4.2.2.2 JDBC Architecture:

4.2.2.2.1 Two-tier and three-tier Processing Models

The JDBC API supports both two-tier and three-tier processingmodels for database access.

Figure 4.2: Two-tier Architecture for Data Access.

In the two-tier model, a Java applet or application talks directly to

the data source. This requires a JDBC driver that can communicate with

the particular data source being accessed. A user's commands are

delivered to the database or other data source, and the results of those

statements are sent back to the user. The data source may be located on

another machine to which the user is connected via a network. This is

referred to as a client/server configuration, with the user's machine as the

client, and the machine housing the data source as the server. The



41/81


network can be an intranet, which, for example, connects employees

within a corporation, or it can be the Internet.

In the three-tier model, commands are sent to a "middle tier" of

services, which then sends the commands to the data source. The data

source processes the commands and sends the results back to the middle

tier, which then sends them to the user. MIS directors find the three-tier

model very attractive because the middle tier makes it possible to

maintain control over access and the kinds of updates that can be made

to corporate data. Another advantage is that it simplifies the deployment

of applications. Finally, in many cases, the three-tier architecture canprovide performance advantages.

Figure 4.3: Three-tier Architecture for Data Access.

Until recently, the middle tier has often been written in languages such as

C or C++, which offer fast performance. However, with the introduction of

optimizing compilers that translate Java bytecode into efficient machine-

specific code and technologies such as Enterprise JavaBeans, the Java

platform is fast becoming the standard platform for middle-tier

development. This is a big plus, making it possible to take advantage of

Java's robustness, multithreading, and security features.



42/81


With enterprises increasingly using the Java programming language

for writing server code, the JDBC API is being used more and more in the

middle tier of three-tier architecture. Some of the features that make

JDBC a server technology are its support for connection pooling,distributed transactions, and disconnected rowsets. The JDBC API is also

what allows access to a data source from a Java middle tier.

5.1 SYSTEM REQUIREMENT ANALYSIS



43/81


Figure 5.1: System Requirement Analysis

5.2 FEASIBILITY STUDY:



44/81


An important outcome of the preliminary investigation is the

determination that the system requested is feasible. Feasibility studies

are actually done in a small scale. It differs from a full analysis in the level

of detail with which it is carried out. The study involves in most of thetasks a full system analysis but with narrow focus and more limited time.

The results of the study help the user decide whether to proceed,

amend, postpone or cancel the project particularly important when the

project is large, complex and costlyThe objective of the feasibility study

is to determine whether the proposed system is feasibly when operating

under the existing environment.

There are three aspects of feasibility study:-

5.2.1 Economic feasibility:

The economic feasibility involves the study to check whether

there are sufficient benefits in creating the systems in terms of the cost.

This project can work under all the existing browsers above Internet

Explorer and Netscape Navigator 4.0. It does not require any specialized

hard ware or software and hence this project is economically feasible.

5.2.2 Technical feasibility:

It is the study that determines whether the work for the project

is to be done by using the current equipment, existing software

technology, and available means, procedures and resources. This project

can be done using a notepad and a browser and uses just simple Hype

Text Markup Language, VBScript and Java Script for client side

programming and Active server pages (ASP) for server side, and Microsoft

SQL server 7.0 backend connectivity.



45/81


5.2.3 Operational feasibility:

Operational feasibility involves a major part of the feasibility

study. To be considered is the fast that will the system be used if it is

developed and implemented? The project is simple, user friendly and

easily understandable and hence is operational feasible.

5.3 SYSTEM REQUIREMENTS

5.3.1 Hardware Requirements:



46/81


SR.N

OHARDWARE CONFIGURATION QUANTITY

1. PC (MIN 10 GB HDD) 01 NOS

2. MIN 256 MB RAM 01 NOS

Table 5.2: Hardware Requirements

5.3.2 Software Requirements:

No. SOFTWARE CONFIGURATION VERSION

1. J2SE 1.6.1

2. Net Beans 6.0

3. MS ACCESS -

4. WIN XP -

Table 5.3: Software Requirements

5.4 SECURITY REQUIREMENTS:

The concept of encryption and decryption is used to provide

authentication.

Managing user is possible by DBA.

Authenticity is required while using each utility.

5.5 PROJECT REQUIREMENT:



47/81


MANPOWER REQUIREMENTS: 5 members for the development and

maintenance of this utility software.

TIME PERIOD: 3 months for the completion of the project through

detailed study and analysis.

CAPITAL INVESTMENT: Use of Free & Open Source Software reduces

cost of project to nil.

TECHNOLOGY: JAVA technology should be used for the

implementation of TMS.

6.1 GUI IMPLIMENTATION



48/81


6.1.1 HOME PAGE:

This is the home page of Monitoring Security System.It

provides necessary information for user to interact with the application.

Figure 6.1.1: Home Page

6.1.2 VIEW OF FILE MENU:



49/81


Figure 6.1.2: File Menu

6.1.3 VIEW OF THEMES MENU:



50/81


Figure 6.1.3: Themes Menu

6.1.4 LOGIN FORM:



51/81


Figure 6.1.4: Login Form

6.1.5 MANAGING USER ACCOUNTS:

Figure 6.1.5: Managing User



52/81


6.1.6 CHANGING PASSWORD:

Figure 6.1.6: Changing Password

Figure 6.1.7: Password Changed Notification

6.1.7 FOLDER LOCK:



53/81


Figure 6.1.8: Folder Lock

6.1.8 USB ENABLE/DISABLE:



54/81


Fig 6.1.9: USB Enable/Disable



55/81


6.1.9 WEBSITE BLOCKER:

Fig. 6.1.10: Website Blocker



56/81


6.1.10 ENCRYPTION/DECRYPTION:

Fig 6.1.11: Encryption/Decryption

6.2 BACKEND IMPLIMENTATION



57/81


6.2.1 Administrator Login Table:

Table 6.2.1 Administrator Login Table

6.2.2 User Login & Access Table:

Table 6.2.2 User Login & Access Table Table

6.2.3 Folder Lock Table:

Table 6.2.3 Folder Lock Table

6.2.4 USB Table:



58/81


Table 6.2.4 USB Table

6.3 MODULE WISE IMPLIMENTATION



59/81


6.3.1 Folder Lock:

To implement Folder lock, we created a java class

FolderLockpanel.java. When the folder is selected to be locked and

Lock button is clicked, following action takes place,

if(!dirPath.getText().equals("")) {File dir=new File(dirPath.getText());System.out.println(dir+".{21EC2020-3AEA-1069-A2DD-

08002B30309D}");dir.renameTo(new File(dir+".{21EC2020-3AEA-1069-A2DD-

08002B30309D}"));

Above piece of code will change path of the folder to that of

control panel.

6.3.2 USB Enable/Disable:

To implement this module, we created a class USBpanel.java.

When Enable USB button is clicked, following piece of code gets

executed.

Process enableUSBProcess =Runtime.getRuntime().exec("regedit.exe /sc:\\usb\\enableUSB.reg");

When Disable USB button is clicked, following piece of code

gets executed.

Process enableUSBProcess =Runtime.getRuntime().exec("regedit.exe /s

c:\\usb\\disableUSB.reg");

6.3.3 Website Blocker:

To implement this module, we created a class

websiteblockerpanel.java.

When Block website button is clicked, following piece of code

is executed.

File hostFile = new File("C:\\WINDOWS\\system32\\drivers\\etc\\HOSTS");hostFileWriter = new FileWriter(hostFile, true);



60/81


BufferedWriter hostBufferedWriter=new

BufferedWriter(hostFileWriter);

hostBufferedWriter.newLine();

hostBufferedWriter.write("127.0.0.1\t"+websiteAddressTextField.getT

ext().replace(" ", ""));

hostBufferedWriter.flush();

hostBufferedWriter.close();

When unblock button is pressed, following piece of code is

executed,

File hostFile = new File("C:\\WINDOWS\\system32\\drivers\\etc\\HOSTS");

File tempHostFile = new

file("C:\\WINDOWS\\system32\\drivers\\etc\\HOSTS.tmp")

After execution of above piece of code, following code will get

executed,

hostFileReader = new FileReader(hostFile);

BufferedReader hostReader=newBufferedReader(hostFileReader);

tempHostFileWriter = new FileWriter(tempHostFile,false);BufferedWriter tempHostBufferedWriter=new

BufferedWriter(tempHostFileWriter);String row;while((row=hostReader.readLine())!=null) {

if(row.contains(websiteAddressTextField.getText().replace("", ""))) {

System.out.println(row);

} else {tempHostBufferedWriter.write(row);}tempHostBufferedWriter.newLine();

tempHostBufferedWriter.flush();}hostReader.close();hostFileReader.close();tempHostBufferedWriter.close();tempHostFileWriter.close();



61/81


To display the list of blocked websites,

populateBlockedWebsitesList() function is created. we use following

codes,

File hostFile = new File("C:\\WINDOWS\\system32\\drivers\\etc\\HOSTS");

{

FileReader hostFileReader=null;

try {

hostFileReader = new FileReader(hostFile);

FileReader hostFileReader1 = new FileReader(hostFile);

BufferedReader hostReader=new BufferedReader(hostFileReader);

BufferedReader hostReader1=new BufferedReader(hostFileReader1);

String row;

int objectCount=0;

while((row=hostReader.readLine())!=null)

{

if(row.contains("www"))

{

objectCount++;

}

}

blockedWebsitesContent=new String[objectCount];hostReader.close();

objectCount=0;

while((row=hostReader1.readLine())!=null)

{

if(row.contains("www"))

{

String listItem=row.substring(row.indexOf("www"));

blockedWebsitesContent[objectCount++]=listItem;

}

}hostFileReader.close();

6.3.4 Encrypt/Decrypt file:



62/81


To implement this module, we created classes cryptomodule.java

and FileEncryptionPanel.java.

Generation of public key and private key as well as implementation

of Cramer-Shoup algorithm is performed in cryptomodule.java.

To generate hash function, secret and public key, we created objects

pk = new PublicKey(2014,p,g1,g2,c,d,h,hg1,hg2);

sk = new SecretKey(2014,p,x1,x2,y1,y2,z,hg1,hg2);

To encrypt message,

public boolean[] encrypt(boolean[] message){int messageLength = message.length;int el = pk.k - 1; // one 'bit' is not completeint i;int toEncrypt = (1+ (message.length / el))*pk.k*4;boolean[] mChunk = new boolean[pk.k];mChunk[pk.k-1] = false; // ignore most significant bitboolean[] cChunk = new boolean[pk.k*4];

boolean[] res = new boolean[toEncrypt];int resIndex = 0;BigInteger r,u1,u2,e,m,alpha,v;int pointer = 0;int index = 0;while(pointer < messageLength){

index = 0;while((index < el)&&(pointer < messageLength))

mChunk[index++] = message[pointer++];while(index < el) // fill with random bits

mChunk[index++] = ( (rnd.nextInt() & 1) == 1);m = bits2BigInteger(mChunk);r = bigRandom(pk.k+1).mod(pk.p);u1 = pk.g1.modPow(r,pk.p);u2 = pk.g2.modPow(r,pk.p);e = ((pk.h.modPow(r,pk.p)).multiply(m)).mod(pk.p);alpha =

hashBitList(pk.k,pk.p,pk.hash,bitListThree(pk.k,u1,u2,e));v =

((pk.c.modPow(r,pk.p)).multiply(pk.d.modPow(r.multiply(alpha),pk.p))).mod(pk.p);

cChunk = bitListFour(pk.k,u1,u2,e,v);



63/81


for(i=0; i < 4*pk.k; i++)res[resIndex++] = cChunk[i];

}return res;

}

To decrypt message,

public boolean[] decrypt(boolean[] cryptoText){boolean[] res = new boolean[((cryptoText.length / (4 * sk.k))

+1)*(sk.k-1)];// one bit (the most significant one ) is always lost, since it is 0.

boolean[] cChunk = new boolean[sk.k];boolean[] mChunk = new boolean[sk.k];BigInteger c;int index = 0;int resIndex = 0;int len = cryptoText.length;int i;

byte[] zero = {0};

BigInteger zeroBig = new BigInteger(zero); // will be returned, ifkey is faulty

BigInteger u1,u2,e,v,alpha,m;

while(index+(4*sk.k) < len){ // only decrypt complete blocks// Copy --- with all bits.for(i = 0; i< sk.k; i++)

cChunk[i] = cryptoText[index++];u1 = bits2BigInteger(cChunk);for(i = 0; i< sk.k; i++)

cChunk[i] = cryptoText[index++];u2 = bits2BigInteger(cChunk);for(i = 0; i< sk.k; i++)

cChunk[i] = cryptoText[index++];e = bits2BigInteger(cChunk);for(i = 0; i< sk.k; i++)

cChunk[i] = cryptoText[index++];v = bits2BigInteger(cChunk);

alpha =

hashBitList(sk.k,sk.p,sk.hash,bitListThree(sk.k,u1,u2,e));



64/81


if((v.equals(((u1.modPow(sk.x1.add(alpha.multiply(sk.y1)),sk.p)).multiply(u2.modPow(sk.x2.add(alpha.multiply(sk.y2)),sk.p))).mod(sk.p))))

{m =

(e.multiply((u1.modPow(sk.z,sk.p)).modInverse(sk.p))).mod(sk.p);cChunk = bigInteger2bits(sk.k, m);for(i = 0; i < sk.k - 1; i++) // ignore most significant bit

res[resIndex++] = cChunk[i];}

elsefor(i = 0; i < sk.k-1; i++)

res[resIndex++] = true; // fill with ones}

return res;}

}

Class HashFunction will generate the hash function

class HashFunction {BigInteger hash_g1;BigInteger hash_g2;

HashFunction(byte[] hash_g1_rep,byte[] hash_g2_rep){

hash_g1 = new BigInteger(hash_g1_rep);hash_g2 = new BigInteger(hash_g2_rep);

}}

TESTING

7.1 TYPES OF TESTING:



65/81


The system testing deals with the process of testing the

system as a whole. This is done after the integration process. Moving

through each module from the top to bottom tests the entire system theverification and validation process are carried out. The errors that occur

during the testing phase are eliminated and a well function ting system is

developed.

Test case design focuses on a set of techniques, which meets

all testing objectives, which are mentioned below.

A. Testing is a process of executing a program with the intent of

finding an error.B. A successful test is one that uncovers undiscovered errors.

7.1.1 Testing methods:

7.1.1.1 Validation testing:

Validation testing is defined in many ways but a simpledefinition is that validation succeeds when the software functions in a

manner that can be reasonably expected by the users. After validation

test has been conducted one of the two possible conditions exists.

i. The functions or the performance characteristics confirm to any

specification and are accepted.

ii. A deviation from specification is uncovered and a deficiency list is

created.

7.1.1.2 Output testing:

After performing the validation testing the next step is to perform

output testing of the proposed system. The outputs generated are



66/81


displayed by the system under consideration are tested by asking the

users about the format required by them.

7.1.1.3User acceptance testing:

User acceptance of a system is a key factor for the success of any

system. The system under consideration is tested for user acceptance by

constantly keeping in touch with prospective system users at the time

development and making changes whenever required.

Functional testing: functional test cases specify typical operating

conditions, typical values and typical expected values. Function tests are

also tests that are performed on the inside and just beyond the functional

boundaries.

7.1.1.4Performance tests:

Performance tests are also designed to verify response time under

varying loads, percent execution time spent in various segments of the

program, throughput, primary and secondary memory utilization and

traffic rates on data channels and communication links.

Stress tests: stress test are designed in such a way that to overload the

system in various ways.

7.1.1.5 Structural test:

Structural tests are concerned with examining of the internal

processing logics of the software system. The particular routines are

called and the logics paths traversed through the routines are objects of

interest.

7.2 DUMMY DATA SET:



67/81


7.2.1 HOME PAGE:

This is the Home Page of our software:-

Fig. 7.1: Home Page

After clicking on the File menu, we come across three options viz.

manage users, change password and exit.



68/81


Fig. 7.2: File Menu

7.2.2 ADDING USER :

To add a new user to the database, we have to first login as an

Administrator. After loging in as an administrator, we will come across a

window where we can add, remove or modify acess of the user.

We add user with username and password as sachin.

Fig. 7.3: Adding user



69/81


7.2.4 MODIFYING ACCESS OF THE USER:

After creating a user sachin, now we can modify the access given

to sachin. Here we are giving him access to Folder Lock utility. Admincan give access to either one or multiple utilities to one or more than one

users.

Fig. 7.4: Modifying access



70/81


7.2.5 CHANGING PASSWORD:

We changed the password of the administrator. A window will pop

up and notify about for password changed.

Fig. 7.5 Changing Password

Fig. 7.6 Password change notification



71/81


7.2.6 FOLDER LOCK :

To use the Folder Lock utility by the user sachin, he will first log

in the pop-up window arrived.After successful login, we locked theselected folder. When trying to access the locked folder, we redirected to

Control Panel , thus preventing us from viewing the original contents of

the folder.

Fig. 7.7: Folder Selection



72/81


When we tried to open the folder TUNEUP UTILITIES 2008 Folder

which we have locked, control panel opened, thus hiding the original

contents of the folder.

Fig. 7.8: Locked Folder

To unlock the folder, we again logged in as sachin and selected the

locked folder.After pressing the unlock button, folder is unlocked.



73/81


7.2.7 USB ENABLE/DISABLE:

To enable or disable USB ports, we press enable USB and DisableUSB buttons respectively.

Fig. 7.9: USB port Enable/Disable



74/81


7.2.8 WEBSITE BLOCKER :

To block the website, type the URL of the website in textbox andclick on the block button. The blocked wesites will be shown in the

listbox in right hand side.

To unblock website, select the blocked website from the list and

then click on the unblock button.

Fig. 7.10: Website blocker



75/81


7.2.9 ENCRYPT/DECRYPT FILE :

We selected a pdf document to encrypt by clicking on encrypt

button.When we tried to open the encrypted document, it didntopen.Hence, user could not view the document before it is decrypted



76/81


again.

Fig. 7.11: File Encryption



77/81


7.3 ANOMALIES/ERROR FOUND:

7.3.1 Password Validation :

When username or password didnt match while logging in, error

shown as Invalid username or password.Also error is shown whenever

user tried to access the utility for which he dont have authentication.

Fig. 7.12: Invalid username/password



78/81


APPLICATION

It is software that can be used commercially and for personal use

where security of personal data and computer system is needed.

It gives the most sought after security utilities bundled in single

light-weight and robust software.

With the help of its GUI, interaction of user becomes more

convenient.

Access to the data can be given only to those users to which

Administrator wanted to grant access.



79/81


LIMITATIONS

Folder lock utility works only in Windows XP.

Database connectivity should be done manually before using the

software.



80/81


FUTURE SCOPE

Currently, all utilities work on Windows XP only. We can modify it to

work on any other Windows Operating system.

Websites can be blocked according to their categories in future.

USB ports can be enabled or disabled by dynamically accessing the

registry. Currently static method of accessing registry to enable or

disable USB is used.



81/81


BIBLIOGRAPHY

For the completion of this project, we have taken reference from

variety of books related to Java language which helped me a lot for the

successful completion of the project.

11.1 The Books Referred Are As Follows:

1. A Programmers Guide to Java Certification BY Khalid A. Munhall,

Pearson Publication.

2. Java Development with Spring Framework by Christian Angeles TMH

Publication.

3. R. Cramer and V. Shoup. A practical public key cryptosystem secure

against adaptive chosen cipher text attacks. In Proc. CRYPTO '98,

Springer Verlag LNCS, 1998.

4. Bleichenbacher, Daniel (1998), "Chosen Ciphertext Attacks Against

Protocols Based on the RSA Encryption Standard PKCS #1" ,CRYPTO '98,

pp. 112, retrieved 2009-01-13 .

11.2 Websites:-

1. http://java.sun.com/tech /morderntech.htm

2. http://www.springframework.org/research.htm

monitoring security system(8 copies)

Documents