Post on 19-Jul-2019
TEXT MESSAGING ENCRYPTION SYSTEM
NIRMALA DEVI A/P SUNDARA MORTHTHY
A thesis submitted in partially fulfillment of the requirements for the award of degree of
Bachelor of Computer Science (Networking Engineering)
Faculty of Computer System & Software Engineering
University Malaysia Pahang (UMP)
JUN 2012
vi
ABSTRACT
Text Messaging Encryption system is a text message encryption and decryption. Encryption is a
process of masking a message so that it is unreadable. Encryption is important to avoid other
people to read certain information. The only way to read the information is to know the method
on how message is being masked, in this case knowing the algorithm used to encrypt the
message. Nowadays, most encryption and decryption processes are done by the computer. The
main objective of this project is to build a text encryption and decryption system that will run on
a Java enabled mobile phones. Then, the mobile phones will be used as an external means to
encrypt text messages. As mentioned earlier, not only computers can encrypt and decrypt text but
mobile phones also can encrypt and decrypt text messages. The purpose of this research is to
provide security for confidential information to be sent over mobile phones. At the moment there
is no security for messages transmitted over mobile phones. Confidential information or
instructions can only be safely passed on to the required parties by email or verbally in person.
This delays time and efficiency of crucial business operations. Currently messages in phone can
easily be read if the phone is stolen, or users might simply send it to the wrong number.
Messages need to be encrypted to solve this problem. With this only the sender and recipient will
be able to send and receive private information. At present, banking, commerce and passwords
can only be communicated with internet connection or as in person verbally or in written; Text
Messaging Encryption system needs to overcome this intermediate subjects and deliver
instructions or messages instantaneously and securely. The programming language that is used to
write the program is Java Language.
vii
ABSTRAK
Sistem Enkripsi Pesanan Ringkas adalah sistem yang merujuk kepada penyulitan dan
penyahsulitan mesej. Enkripsi ialah satu proses masking mesej supaya mesej itu tidak boleh
dibaca oleh orang lain. Satu-satunya cara untuk membaca informasi itu adalah dengan
mengetahui kaedah yang digunakan untuk masking mesej tersebut, dalam kes ini caranya adalah
dengan mengetahui algoritma yang digunakan untuk menyulitkan mesej tersebut. Pada masa
kini, kebanyakan penyulitan dan penyahsulitan mesej boleh dilakukan daripada komputer.
Objektif utama projek ini adalah untuk membina satu sistem yang boleh berjalan dalam telefon
bimbit yang meyokong bahasa Java. Selepas itu, telefon bimbit itu akan digunakan sebagai cara
luar untuk penyulitan mesej. Seperti yang diberitahu awal lagi, bukan sahaja computer boleh
menyulit dan menyahsulit mesej tetapi telefon bimbit pun boleh. Tujuan utama penyelidikan ini
adalah untuk meyediakan sekuriti untuk maklumat sulit dihantar melalui telefon bimbit. Pada
masa kini, tiada sekuriti disediakan untuk mesej yang dihantar melalui telefon bimbit. Maklumat
sulit atau arahan boleh dihantar dengan selamat kepada orang yang memerlukan melalui email
atau bercakap terus kepada orang tersebut. Ini boleh melengahkan masa dalam operasi
perniagaan. Pada masa ini, mesej dalam telefon bimbit boleh dibaca dengan senang jika telefon
bimbit telah dicuri, ataupun pengguna mungkin tersalah hantar kepada nombor yang salah. Mesej
perlulah disulitkan untuk mengatasi masalah. Sekarang, dalam kaedah banking kata laluan hanya
boleh berkomunikasi dengan sambungan internet atau bercakap terus atau dengan menulis.
Sistem Enkripsi Pesanan Ringkas perlu mengatasi masalh ini dengan meyampaikan arahan
ataupun mesej dengan selamat. Bahasa pengaturcaraan yang digunakan untuk membuat sistem
ini ialah bahasa Java.
viii
TABLE OF CONTENT
CHAPTER TITLE PAGE
SUPERVISOR'S DECLARATION iiSTUDENT'S DECLARATION iiiDEDICATION ivACKNOWLEDGEMENT vABSTRACT viABSTRAK viiTABLE OF CONTENT viiiLIST OF TABLES xiiLIST OF FIGURES xiv
1 INTRODUCTION
1.1 Background 1
1.2 Problem Statement and motivation 2
1.3 Objectives 4
1.4 Scopes 4
1.5 Thesis Organization 5
2 LITERATURE REVIEW
2.0.1 What is computer security 6
2.0.2 Taxanomy of Computer Security 7
2.1 Definiton of Encryption 8
2.2 History of Encryption 9
2.3 Existing Software 10
2.3.1 WMKits SMS Encryption 10
2.3.2 Secure SMS 12
2.3.3 CryptoSMS MEC 14
2.3.3.1 Program feature 15
2.3.4 Comparison between the existing software 17
ix
2.4 Symmetric Encryption 18
2.4.1 Symmetric Encryption Algorithms 19
2.4.1.1 AES 19
2.4.1.2 Blowfish 22
2.4.1.2.1 How Blowfish algorithm works 23
2.4.1.3 DES 25
2.4.1.4 Triple DES 26
2.4.2 Advantage of symmetric encryption 26
2.4.3 Disadvantage of symmetric encryption 27
2.5 Asymmetric Encryption 27
2.5.1 Asymmetric Encryption Algorithm 28
2.5.1.1 RSA 28
2.5.1.1.1 How RSA System works 28
2.5.1.2 DSA 29
2.5.1.3 PGP 30
2.5.1.3.1 How RSA works 31
2.5.1.3.2 PGP Commands 31
2.5.2 Advantages of asymmetric encryption 32
2.5.3 Disadvanatages of asymmetric encryption 33
2.5.4 Comparison between symmetric and 33
asymmetric encryption
2.6 Technical Research 33
2.7 Programming Language 34
2.7.1 Windows Mobile 36
2.7.2 Symbian OS 36
2.7.3 Advantages of using Java 36
2.7.4 Disadvantages of using Java 38
2.8 NetBeans IDE 38
2.8.1 What is mobile application 38
2.9 Summary 39
x
3 METHODOLOGY
3.1 Rational Unified Process 40
3.2 Selection of System Methodology 44
3.3 Selection of Software and Hardware 45
3.4 Selection of Encryption Algorithm 45
3.5 Design & Development 47
3.5.1 Use Case Diagram 47
3.5.2 Activity Diagram 49
3.5.3 Sequence Diagram 50
3.6 Implementation 55
3.7 Summary 55
4 IMPLEMENTATION AND TESTING
4.0 Implementation 56
4.0.1 Implementation Module 56
4.0.1.1 Register User 57
4.0.1.2 Login 59
4.0.1.3 Encryption 61
4.0.1.4 Composing Message 62
4.0.1.5 Decryption 64
4.0.1.6 Decrypt Message 65
4.1 Testing 67
4.1.1 Unit Testing 67
4.1.2 Integration Testing 69
4.1.3 System Testing 70
5 CONCLUSION 71
5.1 Degree of Success 72
5.2 Limitations 72
5.2.1 Mobile phones text copy and 72
paste functionality
5.2.2 Java enabled phones 72
xi
5.3 Learning Experience 73
5.4 Future Enhancement 73
5.4.1 Decrypted message to be
stored
5.4.2 The username and passwords
stored in phone memory
REFERENCES 74
APPENDIX
A1 Gantt chart for PSM I & II 78
xii
LIST OF TABLES
TABLE NO. TITLE PAGE
2.1 Advantages and Disadvantages of WMKits SMS 12Encryption
2.2 Advantages and Disadvantages of Secure SMS 14
2.3 Advantages and Disadvantages of CryptoSMS MEC 17
2.4 Comparisons between WMKits SMS Encryption, 17Secure SMS and CryptoSMS MEC
2.5 RSA Encryption works in encrypting and decrypting 29message
3.1 Software requirement 45
3.2 Hardware requirement 45
4.1 Code for the register part 58
4.2 Code for the login part 59
4.3 Code for choosing the encryption module 62
4.4 Code to compose the message and send it to the 63recipient
4.5 Code for choosing the decryption module 65
4.6 Code for decrypting the message into plain text 66
4.7 Testing for Account Registration 67
4.8 Testing for Login 68
xiii
4.9 Testing for Option 68
4.10 Testing for Compose Message 68
4.11 Testing for Decrypt Message 69
4.12 Testing for the phone functions 69
4.13 Testing for the system in the phone 70
xiv
LIST OF FIGURES
FIGURE NO. TITLE PAGE
2.1 Taxonomy in security 8
2.2 Interfaces of Secure SMS 13
2.3 Interfaces of CryptoSMS MEC 15
2.4 Steps in SubBytes 20
2.5 Steps in ShiftRows 21
2.6 Steps in MixColumns 21
2.7 Steps in AddRoundKey 22
2.8 The Fiestel structure of blowfish 24
2.9 How triple DES encryption works 26
2.10 How RSA Encryption works 29
2.11 How PGP encryption works 30
2.12 Basic Methods in PGP encryption 32
3.1 Phases in Rational Unified Process(RUP) 43
3.2 Flow of AES encryption 46
xv
3.3 Use Case diagram 48
3.4 Activity diagram 49
3.5 Account Registration sequence diagram 51
3.6 User Login sequence diagram 52
3.7 Type Message sequence diagram 52
3.8 Encrypt sequence diagram 53
3.9 Decrypt sequence diagram 54
3.10 Send SMS sequence diagram 54
3.11 Exit sequence diagram 55
4.1 The interface to register new users 57
4.2 The interface to login into the system 59
4.3 The interface to choose the encryption option 61
4.4 The interface for composing message 63
4.5 The interface to choose the decryption module 64
4.6 The interface to decrypt the message into plain 66text
1
CHAPTER I
INTRODUCTION
This chapter briefly describes the Text Messaging Encryption System that will be
developed later. This chapter comprises five sections: The first section describes the
background of the project. The second section describes the problem statement and
motivation of the project. The third section describes the objectives for the project.
The fourth section describes the scopes for the project. Finally the thesis
organization is described in section five.
1.1. Background
Many times when data is exchanged electronically the privacy of the data is a
requirement. The use of encryption restricts unintended recipients from viewing the
data, which are deemed confidential and potentially dangerous if made known to
irresponsible parties.
Today, encryption is the procedure of transforming plaintext, data that can be read
by anyone, to cipher text, data that can only be read by someone with a secret
decryption key. A message before being changed in any way is called plaintext.
Plaintext messages are converted to cipher text via some encryption method. A
particular such method is called a cryptosystem.
2
Encryption today is highly competitive businesses often require that extensive
security measures be put into place. And, those who wish to exercise their personal
freedom, outside of the oppressive nature of governments, may also wish to encrypt
certain information to avoid legalities that entailed possession of such.
This final year project is concentrated on Text Messaging Encryption System.
Currently SMS is being widely used as a fast and convenient communication tool.
There is no age barrier in using this SMS service which starts from small kid till
elderly people. When this is the case, there is no security for messages transmitted
over hand phones on the required parties by email or verbally in person. This delays
time and efficiency in crucial business operations.
Since there is no security for the messages, it indirectly leads to a lot of problems
where important and confidential information such as passwords is being accessed
by unauthorized individual. Apart from all that, there are also some other cases like
the mobile phone owner accidently send messages to the wrong number and it gets
worse when the mobile get stolen.
By implementing this encryption system, security of private and confidential data
will be solved. This system is not only meant for public use but it is also focused on
banking and commerce sectors as well where this system is more in need to
basically interact with their customers. This system will be targeted to be very user
friendly in where it will be very easy to handle and provides good security at the
same time. Due to this reason, more people will get to know about the product and it
is believed to be utilized in an appropriate way.
1.2.Problem Statement and Motivation
Although it is widely used, there is no security for messages transmit over
hand phones at moment unless the users take their own initiative to install
encryption software which is available in the market. As for now, not much people
3
realize the existence of encryption software’s in the market. They do not know on
how to really utilize it and how secure it as well. SMS encryption is required to
provide security for confidential information to be sent over hand phones.
Confidential information or instructions can only be safely passed on to the required
parties by email or verbally in person. This delays time and efficiency of crucial
business operations. Currently messages in phone can easily be read if the phone is
stolen, or users might simply send and receive private information. At present,
banking, commerce and passwords can only be communicated with internet
connection or as in person verbally or in written. SMS helps to overcome this
intermediate subjects and deliver instructions or messages instantaneously and
securely.
After analyzing the above stated problem, this system will encrypt and decrypt the
messages which are sent through mobile devices using GSM connection. This
mobile application starts off with a login screen which requires the user to key in
their respective username and password. The user will type the message in the
encryption system which will then be then sent out to the intended recipient by
entering their phone number. The recipient will receive the message in the form of
cipher text which will be then copied to the system to decrypt it and get the original
message back using the same SMS Encryption system installed in his/her mobile
phone. Since the messages are being encrypted, it provides a good security system.
The system basically concentrates on providing 1st level of security for the text
message content itself which can be private and confidential in so many situations as
fraud cases based on this can be listed down. This is the part where the user will be
able to encrypt and decrypt the messages from the developed system which protects
their valuable data. Other than that this system would be providing security at initial
point on 2nd level security which concentrates on user authentication. This is
basically done to avoid unauthorized access if someone else attending the phone
instead of the real user if the phone gets stolen. This is possible because only the
4
original user have the unique username and password which was registered earlier in
the system.
1.3 Objective
There are few objectives which is concentrated throughout developing this Text
Messaging encryption system:-
To provide a proper security for SMS through encryption and decryption
techniques with suitable algorithm which is targeted to prevent any fraud to
take place in the case where communication of private and confidential data.
To develop a system that is user friendly in where the system will be easy to
handle and secure at the same time.
To work the system as expected without any errors and reach the users so
that they can adapt to its functionality by giving importance on the user
requirements throughout the development process
1.4 Scope
There are few scopes implemented for this Text Messaging Encryption System
which are as follows:-
The system will concentrate mainly on encryption and decryption function
for SMS.
The system is for only Java enabled phones.
This system is a standalone application.
Both sender and recipient must have the software installed in their phones.
5
1.5 Thesis Organization
This thesis consists of five chapters. Chapter 1 will discuss the background of the
study, problem statement, objective, and scope of study. The background of the
study explains general information on text encryption. While the problem statement
discusses the possible problems that need to be overcome throughout this project,
the problem faced by sending private messages without secure and the effects . The
main purpose and aim of this project is elaborated under objective. Scope of the
study explains the characteristic of the system and some restrictions of the Text
Messaging Encryption system. Chapter 2 will discuss about the related studies of
Text Messaging Encryption System which is the literature review part. It also will
discuss about the existing system that have similar function as the proposed system.
Chapter 3 will discuss about the methodology of the system and also the
characteristics of the system. Besides that, chapter 4 will discuss about the
implementation and also testing that is carried out for this system to perform well.
Finally, chapter 5 will conclude the whole chapters and also about the system. It also
discusses about the limitations and future enhancement of Text Messaging
Encryption system.
6
CHAPTER II
LITERATURE REVIEW
This chapter briefly describes the review on existing techniques related with Text
Messaging Encryption System. This chapter comprises ten sections: The first section
describes about the security concepts. The second section defines the encryption
terms while the third section discusses about the history of encryption. The fourth
section describes the comprehensive review on existing related systems. The fifth
section describes the symmetric encryption and examples of its algorithms. The
sixth section describes the asymmetric encryption and examples of its algorithms.
The seventh section discusses about the characteristic of the project while the eighth
section describes about the Java programming language. The ninth section discusses
about the Netbean software. Finally, the tenth section will summarize the whole
chapter.
2.0.1 What is computer security?
In the area of computer science, security is one of the prevention or protection
against, access to information by unauthorized recipients, and intentional but
unauthorized destruction or alteration of that information(Oxford: Oxford University
Press, 1996).This can be re-stated: “Security is the ability of a system to protect
information and system resources with respect to confidentiality and integrity." Note
that the scope of this second definition includes system resources, which include
CPUs, disks, and programs, in addition to information.
7
2.0.2 A Taxonomy of Computer Security
Computer security is normally associated with three core areas, which can be
summarized by the acronym "CIA":
Confidentiality – This will ensuring that information is not accessed by
unauthorized persons
Integrity – This will ensuring that information is not altered by unauthorized
persons in a way that it is also not detectable by authorized users
Authentication – This will ensuring that users are the persons they claim to
be
A strong security protocol addresses all three of these areas. For an example,
Netscape's SSL (Secure Sockets Layer) protocol. It has enabled an explosion in
ecommerce which is really about trust (or more precisely, about the lack of trust).
SSL overcomes the lack of trust between transacting parties by ensuring
confidentiality through encryption, integrity through checksums, and authentication
via server certificates.
Computer security is not restricted to these three broad concepts. Additional ideas
that are often considered part of the taxonomy of computer security include:
Access control – This will ensures that users access only those resources and
services that they are entitled to access and that qualified users are not denied access
to services that they legitimately expect to receive
Nonrepudiation – This may ensures that the originators of messages cannot deny
that they in fact sent the messages (New York: Simon and Schuster, 1997).
Availability – This ensures that a system is operational and functional at a given
moment, usually provided through redundancy; loss of availability is often referred
to as "denial-of-service"
Privacy – It will ensuring that individuals maintain the right to control what
information is collected about them, how it is used, who has used it, who maintains
it, and what purpose it is used for
8
These additional elements do not neatly integrate into a singular definition. From
one perspective, the concepts of privacy, confidentiality, and security are quite
distinct and possess different attributes. Privacy is the property of individuals;
confidentiality is the property of data; and security is the property assigned to
computer hardware and software systems. From a practical perspective, the concepts
are interwoven. A system that does not maintain data confidentiality or individual
privacy could be theoretically or even mathematically "secure," but it probably
wouldn't be wise to deploy anywhere in the real world.
Figure 2.1: Taxonomy in security
2.1 Definition of Encryption
Encryption is a famous security method which is used to secure text messages and
other related essential data’s. The encrypted messages will be in the form of
unreadable and not meaningful text that only can be decrypted using the appropriate
key which acts between the sender and the recipient. A good and secure encryption
can only be developed with an appropriate and intricate algorithm which will make
it complicated for unauthorized person to break it.
Encryption works with many different types of algorithms which is available. Each
algorithm has its own advantages and disadvantages. This algorithm is the most
important element in an encryption system which is responsible to change the
9
original content of data or text and finally decode it back. This algorithms works
with a unique key assigned to it which acts in between plain text and cipher text.
Without the key, it is impossible for anyone to decrypt to its original content.
“The most popular use of encryption is for securing web servers that are
accessed by the https protocol not http so that data such as credit cards can be sent
safely over the internet.” (David Bolton)
There are two types of encryption which is symmetric and asymmetric encryption.
Symmetric encryption is also known as private key encryption while asymmetric
encryption is also known as public key encryption. Example of private key
encryption is Data Encryption System (DES), Advanced Encryption Standard (AES)
and RC4. As for the public key encryption, the example is RSA, DSA and PGP. [1]
2.2 History of Encryption
Encryption was there long way back and it was introduced since the need for privacy
has always been there. Besides that, it plays an important role in securing private
and confidential information to be passed on.
One of the first “unbreakable” codes was Mary’s Queen of Scots. This code was
initiated for the purpose of communication but then it was broken into which then
led to her conviction and execution.
After that, it was the turn of Blaise de Vigenere to publish Traicte des Chiffres
describing a new cipher, Le Chiffre Indechiffrable (The Indecipherable Cipher)
which was reliable for almost three centuries and finally this code also become
victim of code breakers.
The next code which came to acceptance was the Beale Cipher. This was
implemented to encrypt papers that describe the whereabouts of treasure buried in
the 1819 and 1821. One of the keys that are used for this cipher was the Declaration
10
of Independence. End of the day, since the rest of the keys could not be found by
anyone, nobody manage to find the treasure yet.
Now, it is time to discuss about encryption codes which made name during the First
and Second World Wars or should it be mentioned as hard times. Securing the
communication became even vital when it comes to war times. This is where the
starting point of United States’ Navajo Code which was not broken during the war
and there was
Other than all the above mentioned, encryption was focused on something different
which was “cracking” ancient languages. In this effort, the first decryption that took
place was Egyptian hieroglyphs. This is done using Rosetta stone which is believed
to be an artifact that had the same messages written in three languages. Besides that,
after a continuous effort through cryptanalysts, another ancient language was
deciphered which is quite well known, Mediterranean language.
The modern encryption methods are focused by using the latest technologies which
is mostly with the aid of computers. The algorithms used these days are more
advanced compared to last time to cater the security need as electronic transmission
are widely being used these days. [2]
2.3 Existing software
2.3.1 WMkits SMS Encryption
WMkits SMS Encryption is professional text messages encryption software for
Windows Mobile phones. It can encrypt and hide the SMS messages (including
existing SMS messages and future incoming/outgoing SMS messages) on the
windows mobile devices. The hidden SMS messages are encrypted and will be
stored separately. You can only decrypt and show your messages with a correct
password. That means, others cannot view any of your secret or important SMS
messages on your mobile phone without your approval, even if you lost your phone
11
or lend your mobile phone to your friend or relative. Your privacy will be safe. [20]
Key features:
It encrypts and hide all existing SMS on your file folders, including SMS
default folders (Inbox, Outbox, Drafts, Deleted, Sent) and custom folders.
It can encrypt and hide future incoming SMS and outgoing SMS in real
time.
There are multiple encryption modes available. By settings, you can choose
to encrypt sent SMS, received SMS, SMS from/to your wanted contact(s) or
all SMS.
It will be using AES 128-bit encryption. Passwords will be private,
encrypted and saved.
It is a powerful SMS management. WMkits SMS Encryption supports
threading mode of your encrypted messages and Page Views. Besides, you
can use it to directly reply, copy, forward or delete SMS exactly the same as
on your phone.
It is safe and easy to decrypt SMS. You can choose to decrypt your SMS by
settings.
This able to decrypt and transfer SMS onto your new windows mobile
phone. It has a large memory for SMS. SMS backup and restore functions
supported. We no need to worry about any loss of your encrypted SMS.
The login password and encrypted SMS are keeping safely even if you
uninstall this software.
It is easy and safe to install/uninstall.
It is simple and have intuitive interface.
It is compatible for all windows mobile (Pocket PC) phones.
System Requirements
Windows Mobile 5, Windows Mobile 6
12
Table 2.1: Advantages and disadvantages of WMKits SMS Encryption
2.3.2 Secure SMS
Secure SMS is a simple to use, but extremely sophisticated software that provides
you with complete security when sending and receiving SMS text messages. Secure
SMS solution is ideal for both individuals and businesses that care about their
privacy. Secure SMS fully protects you from commercial espionage, governments,
mobile phone companies, and any third parties (using GSM interception systems)
who seek to discover any sensitive information or private correspondence.
In short Secure SMS is your one-stop-shop for sending and receiving all your text
messages in complete confidence that you are the sole recipient. All your text
messages transferred over the GSM or CDMA networks will be encrypted (end to
end encryption).
ADVANTAGES DISADVANTAGESIt can encrypt and hide the SMS messages(including existing SMS messages andfuture incoming/outgoing SMS messages)on the windows mobile device.
The encoded image can be saved onlyas a bitmap file.
The hidden SMS messages are encryptedand stored separately.Only the owner can decrypt and showhis/her messages with a correct password.That means, others are not able to view anyof his/her secret orimportant SMS messages onhis/her mobile phone without theirapproval, even if they lost your phone orlend it to their friend or relative.