Internet security evaluation system documentation nikitha

DC

Internet Security Evaluation System ISES

Chaitanya2009

INTERNET SECURITY EVALUATION SYSTEMIntroduction

A Internet Security Evaluation system is any computer system that involves

cryptography. Such systems include for instance, a system for secure electronic

mail which might include methods for digital signatures, Internet Security

Evaluation hash functions, key management techniques, and so on. Internet

Security Evaluation systems are made up of Internet Security Evaluation

primitives, and are usually rather complex. Because of this, breaking an I S E S is

not restricted to breaking the underlying Internet Security Evaluation algorithms

- usually it is far easier to break the system as a whole, eg, through the not

uncommon misconceptions of users in respect to the I S E S. A I S E S refers to a

suite of algorithms needed to implement a particular form of encryption and

decryption. Typically, an I S E S consists of three algorithms: one for key

generation, one for encryption, and one for decryption. The term cipher

(sometimes cypher) is often used to refer to a pair of algorithms, one for

encryption and one for decryption. Therefore, the term "I S E S" is most often

used when the key generation algorithm is important. For this reason, the term

"I S E S" is commonly used to refer to public key techniques; however both

"cipher" and "I S E S" are used for symmetric key techniques.

About Client

Client:Orapps , Hyderabad

ORAPPSORAPPS the application software company integrates Enterprise Business system and supply

chains for improved customer services, operational efficiencies and competitive advantage.

Sierra Atlantic Inc., combines integration products and services to connect business partitions

with application networks, people and systems work together with greater productivity, faster

response time and reduced errors.

In addition to application integration solutions, Orapps., products enterprise,

implementation services, custom software development services, s/w maintenance and suppose

and business intelligence solutions. Their Global Development Center (GDC) in India is

averaged to derive their services with superior industry and economies. The combination of

onsite and offshore capabilities allows Sierra Atlantic Inc., to derive timely solutions without

compromising quality.

Scope

The project assigned to the project team is real time project. The project is developed in Stand

alone based screens and. To develop this project the project team has used core java. There are

basically two types of modules are developed by the front end programmers. These are input

modules and out put modules. The modules which helps the user to input the data, modify the

data and delete the data will be called the input modules. The modules which enables the user

to convert the document into unreadable format then the document will be send to client the

client will convert the encrypted format of document into original format by using a key. The

client will view the original format once he uses ISES and retransform the data into original

format this will be called out put modules. The retrieved data will be exhibited through output

screens or reporting screens. These conversions and manipulations have to be generated

automatically. These reports should be generated and cover all the user requirements and

replicate the minute details of the company transactions. The scope of the project lies on the

input data which will be stored in the location in encrypted mode. The same data will be

retrieved from other user by using the public key with description technique. The limitation for

this project is crypto analysis and editing of different lengths of text for encrypting and

decrypting.

The Deliverables of this project

The deliverable of this project can be ascertained as follows:

1. The encryption has to be done along with private key or public key generation.

2. Application should allow the user to encrypt/ encode the given text into one of the

following:a) Code Caeser

b) Code Substitution

c) Code Vigenere Cipher

d) Code MonoSubstitution

e) Decrypting the Text

3. Application should allow the user to decrypt/ decode the given text into one of the

following:

a) Decode Caeser

b) Decode Substitution

c) Decode Vigenere Cipher

d) Decode MonoSubstitution

e) Crypto Analysis

4. Crypto Systems should display the time taken for encoding and decoding the text and

also displays the file size, to analyze the performance of the Crypto Systems. Editing the

Text

5. The application should provide a facility to the user to perform cut, copy, and paste

operations on the text in the text area, and also to apply different fonts and font

colours.

6. The screens should be user-friendly and with attractive pictures which replicate the

symbolism of the department.

7. The screen developed in this project should help the user to navigate the further

screens and options.

8. The screens have to be developed with required fields.

The External Deliverables

The external deliverables of the projects are as follows:

Screen Details 1. The main screen should consist of encryption, description,

crypto editing facilities.

2. From this screen the particular activity screen has to be

generated.

3. For every module or activity screen access the user

authentication has to be incorporated.

4. The encryption should be done in a particular screen and the

public key or private key generation has to be poped up in a

separate screen.

Reports 5. 5. Every module should have detailed reports on every aspect

of the mechanism of the project.

6. The reports should give detailed description on the database

retrieval.

7. The detailed report on encryption done by the user.

8. The detailed report on the encrypted text how many time it

has been descripted.

9. Reports should be generated weekly, monthly, quarterly, half

yearly and yearly on the enrolled students from different

organisation as well as the students for in house recruitment.

Server 10. The encrypted text can be stored in local system or other

system.

The Internal Deliverables

The Internal deliverables of the project are as follows:

Project Charter 1. The encryption and decryption is the main feature of the

project.

2. The screens of the module should be connected to the

database implicitly.

3. The stored files can be accessed by the user automatically.

4. All the modules should be connected in accordance inter-

module relation.

5. In this project when the encryption is taking place the file

has to be stored in a user defined location. The location

has to be stored in the mechanism of the project. The

same location has to be identified implicitly when the

decryption is taking place.

Data Change 1. The data entered for encryption has to be changed into

encryption mode automatically and stored in user defined

location.

2. The encrypted text has to be identified by the system

automatically and decrypt the text.

Functionality of the project

Cryptography is formally the art of encoding data in a way that only the intended recipient can

decode it, and know that the message is authentic and unchanged. Cryptography means different

things to different people. Small children play with simple ciphers and substitution secret

languages, bigger children play with crypto puzzles.

To achieve this project I am planning to develop the project in four phases.

1. Encrypting the test

2. Decrypting the test

3. Crypto Analysis

4. Editing the Text.

Encrypting the Text

Application should allow the user to encrypt/ encode the given text into one of the following:

Code Caeser

Code Substitution

Code Vigenere Cipher

Code MonoSubstitution

Decrypting the Text

Application should allow the user to decrypt/ decode the given text into one of the following:

Decode Caeser

Decode Substitution

Decode Vigenere Cipher

Decode MonoSubstitution

Crypto Analysis

Crypto Systems should display the time taken for encoding and decoding the text and also

displays the file size, to analyse the performance of the Crypto Systems.

Editing the Text

The application should provide a facility to the user to perform cut, copy, and paste operations

on the text in the text area, and also to apply different fonts and font colours.

I am developing the methodology to achieve the targets of developing the Crypto Systems

and networking security as follows.

Aiming to achieve the Encrypting the code the required algorithms in java technologies have to

be developed to convert the given text into encrypted format. For this I am planning to use

Code Caeser Code Substitution Code Vigenere Cipher Code MonoSubstitution

Aiming to achieve the decrypting the code the code the required algorithms in java

technologies have to be developed to convert the given text into encrypted format. For this I

have to develop the code for Decode Caeser, Decode Substitution, Decode Vigenere Cipher and

Decode MonoSubstitution.

System Analysis

System Analysis

All User requirements.

The system should have all the user requirement as specified below:

1. The user who is using the crypto system will be keeping the original text for encryption.

The text should be placed in a sufficient place for encryption.

2. The text should be in a editable mode to change the font size, type and color.

3. The end user who is decrypting the text should see the text in the format of original

format which was pasted for encryption in the editor.

4. The user interface screens which make the user to input the information should guide

the user to input the relevant information into the database.

5. The user should have a facility in administrator module to modify the data what entered

wrongly.

6. The user should not get any eye stress because of the color of the screens.

7. The user should have user access to the screens by password authentication system.

8. The user should store the text in the encrypted format in accordance with the four types

of encryption modes.

9. The user should enable to know the location of the encrypted text where it is stored.

10. The end user who decrypt the text should be given the key.

11. The end user who decrypt the text should have a navigation to user the key in

appropriate place for decryption.

Categories into modules or actors or classes and give brief description for each module

Technical Design of the Project

I S E S

Encryption

Key

Editing the Text

Description

Encrypt the given text and stores in a specified location.

Decrypting the encrypted text from the specified location by using the public key or private key

A key will be generated while the encryption is taking place at the same time the key will be sued to decrypt the text and form in original format.

3 D E S 3 DES

The application should provide a facility to the user to perform cut, copy, and paste operations on the text in the text area, and also to apply different fonts and font colours.

Encrypted Text

Encrypted TextInternet

Transmission

System Architecture

UserI S E S

User will interact the system and enter the text for encryption

Generates the key and the key will be stored in a specific

location of database. This key will be used by end user

Receives the key from the user and decrypt the text from the

specified location

Keep the text for editing and send the text for encryption

Key will be supplied by the user to the client physically

Key will be supplied by the user to the

client to decrypt the text

Client

Client will interact the system and enter the encrypted matter for decryption

Use Case

The user Module

End user module

Encrypt the text in different cyphers

Stores the data in the specified location of the

database

View the details of the encrypted text with

locations

Decrypt the text with key from the specific location

View the reports on decryptions done by

the user.

Keep the text for editing

Receives the key and specific location of the encrypted text

Interface

The user will paste the text which will be encrypted by the user.

The key will be generated and stores In the specific location.

I S E S

End User

Database

Encrypt the text in a location

Decrypt the text with the help of key

User

Sends the key to the end user with location

The end user will be given a key and specific location.

The end user will decrypt the encrypted matter.

Class Diagram:

The user will encrypt the text for the crypto editor.

I S E S

user End user

The user will edit the text and encrypt the text. The encryption will generate a key. The encrypted matter will be stored in a specific location

The end user will be supplied a key and the end user will decrypt the encrypted text with key from the specific location.

The user will store the original text in encrypted format. The user sends the encrypted text to the client through internet. The client will receive the encrypted text through internet. The client physicaly or separately get the key from the user. The Client will decrypt the encrypted text into original format.

The user will send the encrypted text through internet to the client.

The user will generate the key for every encryption.

The user will send the key to the end user or client.

The location details will also sent to client .

The end user will decrypt the text with the help of key at client’ location.

Business Processes

In this project the application is going to serve the different locations as follows:

1. User Local System where the text will be encrypted.

2. Client place where the encryption is taking place.

Business Areas

By implementing this project the following areas will be affected.

1. User location from the encryption is taking place

2. End user (client ) location from the description is happening.

Business Data that will be changed

This is the project with full automation mechanism. The project team has to develop the

internal coding to transmit the data to other location. The data which will stored in encrypted

format will be changed by using the public or private key and decrypted. The decrypted text will

be retrieved from the end user to view the files. To view the files of encrypted format the end

user should use the public key or private key for decryption. To view the encrypted files the

public key is playing vital role.

Technologies Required

To develop the crypto system the core java technologies are used. Through this technologies

the algorithms Code Caeser Code Substitution Code Vigenere Cipher Code MonoSubstitution

are developed.

The existing system

The existing system is developed with RSA algorithms. The encryption and decryption is not

so developed. The cheating prevention is not possible in the existing system.

The proposed System

A Internet Security Evaluation system is any computer system that involves cryptography.

Such systems include for instance, a system for secure electronic mail which might include

methods for digital signatures, Internet Security Evaluation hash functions, key management

techniques, and so on. Internet Security Evaluation systems are made up of Internet Security

Evaluation primitives, and are usually rather complex. Because of this, breaking a I S E S is

not restricted to breaking the underlying Internet Security Evaluation algorithms - usually it is

far easier to break the system as a whole, eg, through the not uncommon misconceptions of

users in respect to the I S E S. A I S E S refers to a suite of algorithms needed to implement a

particular form of encryption and decryption. Typically, a I S E S consists of three algorithms:

one for key generation, one for encryption, and one for decryption. The term cipher (sometimes

cypher) is often used to refer to a pair of algorithms, one for encryption and one for decryption.

Therefore, the term "I S E S" is most often used when the key generation algorithm is

important. For this reason, the term "I S E S" is commonly used to refer to public key

techniques; however both "cipher" and "I S E S" are used for symmetric key techniques.

Strong encryption brings many possible applications into daily life. Different applications that

require privacy, trust and access control should all use strong encryption methods when possible.

Applications include things like electronic money, secure communications, passwords, and many

others. It is in people's own interest that different legal/medical/personal data about their person

stays confidential to the instances that have a permit to collect the databases (finnish

Tietoturvalaki).

http://en.wikipedia.org/wiki/Symmetric-key_algorithm

http://en.wikipedia.org/wiki/Public_key_cryptography

http://en.wikipedia.org/wiki/Key_(cryptography)

http://en.wikipedia.org/wiki/Decryption

http://en.wikipedia.org/wiki/Encryption

http://en.wikipedia.org/wiki/Algorithm

http://en.wikipedia.org/wiki/Cryptographic_primitive

http://en.wikipedia.org/wiki/Cryptographic_primitive

http://en.wikipedia.org/wiki/Key_management

http://en.wikipedia.org/wiki/Cryptographic_hash_function

http://en.wikipedia.org/wiki/Digital_signature

http://en.wikipedia.org/wiki/E-mail

http://en.wikipedia.org/wiki/Cryptography

http://en.wikipedia.org/wiki/Computer_system




3. Crypto Analysis


5.

Encrypting the Text


Code Caeser

Code Substitution



Decrypting the Text


Decode Caeser

Decode Substitution



Crypto Analysis



Editing the Text



I am developing the methodology to achieve the targets of developing the Crypto Systems

and networking security as follows.

Aiming to achieve the Encrypting the code the required algorithms in java technologies have to

be developed to convert the given text into encrypted format. For this I am planning to use

Code Caeser Code Substitution Code Vigenere Cipher Code MonoSubstitution

Aiming to achieve the decrypting the code the code the required algorithms in java

technologies have to be developed to convert the given text into encrypted format. For this I

have to develop the code for Decode Caeser, Decode Substitution, Decode Vigenere Cipher and

Decode MonoSubstitution.

Milestone of the project work

1. Requirements gathering of the client

2. Requirements specifications Document Preparation

3. Functional Specifications of the project.

4. Design Document ( Macro level )

5. Design Documentation ( Micro Level )

6. Database Design ( Macro Level )

7. Database Design ( Micro Level )

8. Coding specifications

9. Coding Metrics Finalization.

10. Coding execution

11. Database Creation – database – Table space – table

12. Data integration design

13. Data manipulation design

14. Procedures and functions design

15. Integration between Screens and database

16. Synchronization of front end and back end.

17. Testing

18. Review – Coding

19. Documentation – Business process Documentation

20. Documentation – Business process Re-engineering

21. People management -

22. Preparation of Training Material

23. Project management and administration

24. Hardware Installation – Servers - Clients

25. Deployment of the Software at clients place

26. Data preparation for transfer

27. System Documentation

28. Process flow documentation

As a front end programmer my Role

Developed JSP pages, Servlets pages as per requirement

Understand the Module specifications of the project and developed the

code for inter-module relationship along with the Oracle Developers.

Module de composition is perfectly followed in this project.

Developed reports for Management specific requirements.

Developed the User screens and connectivity to the tables in

accordance with the Oracle programmers.

Used Java beans extensively to connect, retrieve and insert the data

into the database.

Java script used to display the date and time and other calculations of

the applications.

Understand the Module specifications of the project and developed the

code for inter-module relationship along with the Oracle Developers.

Module de composition is perfectly followed in this project.

Developed reports for Management specific requirements.

Developed the User screens connectivity to the tables in accordance

with the Oracle programmers.

Used extensively HTML and JSP to develop the screens and run with

Web logic server

Used Java beans extensively to connect, retrieve and insert the data

into the database.

Java script used to display the date and time and other calculations of

the applications.

Developed the Inter Module auto updates with the help of Oracle

Primary Key and Foreign Key concepts.

Literature Survey

1. INTRODUCTION

Java is an Object-Oriented, multi-threaded programming language developed by Sun Microsystems in 1991. It is designed to be small, simple and portable. The popularity of the Java is due to 3 key elements powerful programming language, applets and rich set of significant object classes.

Adv of Java

1. Simple 2. Secure

3. Portable

4. Object Oriented

5. Robust

6. Multithreaded

7. Interpreted

8. High Performance

9. Distributed

10. Dynamic

Components of JVM

In Java development environment, there are two parts, a Java compiler and Java interpreter. Java compiler generates byte code and interpreter executes the Java program. Eventhough the bytecode is slow, it gives platform independent application.

Java program is typed in and saved in a file with extension .java. This file is compiled by javac. It creates a file with .class extension. This is executed by Java file without extension. A simple example for a Java program is

Type casting:

When one type of data is assigned to be another type of variable, an automatic type conversion will take place. For example

byte a=10; int c = a + 10;

Here, a is converted to int automatically.

To manually convert a type use (type) value

For example float f = (float) a/ float(b) ; if a, b are integers.

Operators

1) Arithmetic - + - * / %

2) Relational - < > <= >= !=

3) Logical - && || !=

4) Assignment - =

5) Comparision - = =

6) Incre/Decrement - ++ --

7) Bitwise operator - ~ & | ^ >> >>> << &= != ^=

8) Conditional - ? :

2. PROGRAM CONSTRUCST

They are divided into

i. Sequence ii. Selection - if, switch

iii. Iteration - while, do..while, for

Misc - break, exit, continue, and return

e) break, continue and exit

break will transfer the control out of the loop, in continue , the rest of the lines are ignored and loop continue after the next iteration. The exit function will stop the program execution.

3. CLASSES AND METHODS

Classes

The most important feature of the OOP is classes. A class defines the shape and behavior of an object and is a template for multiple object with similar features. It is a logical construct upon which the entire java language is built because it defines the shape and nature of the object.

To create a class, a source file with the class keyword in it, followed by a name and pair of curly braces for the body.

Once class is created, an instance of class is created by new keyword. The instance of class is used to access the variables and methods that form part of the class. The dot operator is used to get the value of the class variable (object.variable).

Instance Variable : Data is encapsulated in a class by declaring varables inside the class declaration. Variables declared in this scope are called as Instance variables.

Class Variable : Class variables are global to class and all the instances of the class. To declare class variable static keyword is used.

The access of class may be public, private, abstract or final.

Methods

Methods are functions that operate on instances of classes in which they are defined. Method definition has four parts. They are name of the method, return type , list of parameters and body of the method.

Access Specifiers:

Public : If any method or variable is declared as public, it is visible to all

classes.

Private : If any method or variable is declared as private , it is visible to

classes in which it is declared.

Protected : It is visible in class and all its subclasses.

Package : It is indicated by the lack of any access modifier in a declaration.

It has an increased protection and narrowed visibility.

Final : It can not overridden by subclass

Abstract : in abstract class without body, must be overridden by subclass.

Static : It is automatically called when creating instance of class.

this:

The this keyword is used inside any instance method to the current object.

Constructor

A constructor method is a special kind of method that determines how an object is initialized when created. They have the same name as the class but do not have any return type. Consturctor can also be overloaded.

Garbage collection

When no reference to object exits, the object no longer needed, the memory occupied by the object is reclaimed. This is called garbage collection. Java periodically does garbage collection.

Finalizer :

Finalizer method is the exact opposite of constructor method. They are called just before the object is garbage collected and its memory is reclaimed. All cleanup operations are performed in this method.

protected void finalize( )

{ }

Methods overloading

Methods overloading is creating different methods with same name but with different parameters. This is the one type of creating polymorphism in Java

Example for method overloading and constructor overloading

Method Overriding

Method overriding is creating a method in the derived class that has the same name arguments as in the superclass. This new method hides the superclass method.

Recursion

Recursion is the process of defining something in terms of itself. A method that calls itself is said to be recursive.

Nested Class

It is possible to nest a class definition within another and treat the nested class like any other method of that class. An inner class is a nested class whose instance exists within an instance of its enclosing class and has direct access to the instance members of its enclosing instance.

4. Inheritance

Inheritance is the method of creating new class based on the already existing class. The new class derived is called as sub class or derived class which has all features of the existing class and its own. The existing class is called as super class or base class.

Adv : reusability of code, accessibility of variables and methods of the base class

by the derived class.

If the class is derived from more than one class , then it is called as multiple inheritance. This is not available in Java. To overcome this problem use interface.

Method Overriding

Whenever there are methods of the same name both in the base class as well as in the derived class and if that method is called by main, the method in the derived class is always executed. This is called overriding. See example11.

Super

Super has two forms. First it calls the superclass’s constructor. The second is used to access a member of the superclass that has been hidden by a member of a subclass.

Final

a. final variables - to create constant

final float pi =3.14f;

final int a = 40

final is used to create constant variable.

b) final modifiers - to prevent overriding

Final modifiers are those to which no further alteration can be made. We can not override the method using final

Abstract

Sometimes we will want to create a superclass that only defines a generalized form that will be shared by all of its subclasses, leaving it to each subclass to fill in the details. To declare abstract class

abstract type name(parameters);

We must override the abstract method. An abstract class cannot be directly instantiated with the new operator. We cannot declare abstract constructors or abstract static methods.

5. Exception

An exception is an abnormal condition or error that occurs during the execution of the program. Exception in java is handled by five keywords – try, catch, finally, throw and throws.

The object class has a subclass called Throwable to handle exception and errors, which has two subclasses Exception and Error.The classes of exception are IOException and RuntimeExveption

The try and catch fixes the error and prevents the program from terminating abruptly. The finally block will be executed if no catch matches it and always executed. If you use try block, finnaly block or atleast one catch block should be used.

If you don't want to use try and catch statements then use throws clause. The throws class is responsible to handle the different types of exceptions generated by the program. This clause usually contains a list of types of exceptions that are likely to occur in that program.

The throw clause is used to call exception explicitly. User defined exception can be called by throw clause. User defined exception is created by extending the class Exception.

6. Package

Package contains set of classes in order to ensure that class names are unique. Packages are container of classes used to keep the class name space compartmentalized.

1. Create a subdirectory, which has the same name as package. 2. Include package command, along with the package name, as first statement in the

program.

3. Write class declaration

4. Save file in this directory as "name of class.java"

5. Compile this file using javac.

6. To use this program set the CLASSPATH or change to previous directory and use java packname.classname

If Java source file contain package, interface, classes then the order should be

a. A single package statement (optional) b. Any number of import statements (optional)

c. A single public class declaration (required)

d. Any number of classes private to the package (optional)

6. Interfaces :

An interface is a collection of abstract behavior that individual classes can implement. An interface consists of set of method collections. Using interface, you can specify what a class must do but not how it does it. All methods and final variables in interface must be public.

Multithreading is not available in Java. To overcome this problem, interface is introduced.

8. Multhithreading in Java

Thread

A process is a program in a execution. A thread is a line of execution. Two or more processes running concurrently in a computer is called multitasking. The process can contain multiple threads to execute its different sections. This is called multhreading. Using this, we can run different parts of the programs at a time.

States of thread

There are four states of thread. They are new, runnable, blocked and dead The fig shows the states of the thread.

Adv of thread:

Can be created faster Maximum use CPU time

Requires less overhead

Interprocess communication is faster

Context switching is faster

Thread is created by

a) the class Thread which has the interface Runnable.

b) creating the objects of the class Thread

a) Using runnable interface

class c1 implements Runnable

{

}

To create a thread

Thread t = new Thread(this) ;

Thread t = new Thread(this,"Demo thread’);

Where this referes the Applet object.

After thread is created , it will first execute start( ) method then run( ) method is automaticall called.

b) Creating Thread Class Objects

Runnable abstracts a unit of executable code. We can construct a thread on any object that implements Runnable.

The thread methods are start( ), resume( ), sleep( ), suspend( ) , join( ) and toString( )

.Synchronization

Two or more threads accessing the same data simultaneously may lead to loss of data integrity. Java uses the concept of monitor. A monitor is an object, used as a mutually exclusive lock.

Java offers interprocess communication through the use of wait( ), notify( ) and notifyall( ) methods of Object class and all are synchronized methods.

Thread Priorities

The usage of setPriority( ) and getPriority( ) methods are used to set and get the priorities of thread respectively. The yield( ) method enables provision of CPU’s time to threads with equal priority and prevents monopolization of a single thread. The Thread has final variables declared line – NORM_PRIORITY (5), MINIMUM_PRIORITY (1) and MAXIMUM_PRIORITY (10).

9. APPLET

Applet

An applet is a dynamic and interactive program that can run inside Web page displayed by a Java-capable browser or applet viewer.

All applets are subclasses of Applet. You should import java.applet and java.awt since all applets run in a window. Applet defines three interfaces Appletcontext, AppletStub and AudioClip.

Applet extends java AWT class Panel, Panel extends Container which extends Component.

The init( ) Method

This method gets called as soon an applet is started. Initialization of all variables, creation of objects, setting of parameters, etc. can be done in this method.

The start( ) method

This method is executed after the init mehod. Also used to restart the applet that was stoped.

The stop( ) method

This method is used to halt the running of an applet. This method is called when a web browser leaves the HTML document containing the applet.

The destroy( ) method

This method is used to free the memory occupied by the variables and objects initialized in the applet. Called by the browser just before the applet is terminated.

The paint( ) method

This method helps in drawing, writing and creating a colored background or an image on to the applet. This method is called each time your applet’s output must be redrawn. It has one parameter called Graphics.

The repaint( ) method

This method is used in case an applet is to be repainted. The repaint method calls update( ) method to clear screen and paint( ) method to redraw the contents of the current frame.

resize (width, height)

Resize the applet window

showStatus (str)

Displays the string in the status window of the applet

When starting the applet init, start, paint methods and when terminating stop and destroy methods are called.

9.a. The Graphics Class in java.awt package

drawString(message,x,y);

9.b. Font Class in java.awt package

Font f = new Font ("fontname", format, size);

Formats are Font.BOLD, Font.ITALIC, and Font.PLAIN

g.setFont(f)

9.c. Color Class in java.awt package

Color.grey, Color.green, Color.yellow, Color.pink, Color.red, Color.blue, Color.magenta, Color.cyan

9.d. Images

Clipping

A technique by which the drawing area can be restricted to a small portion of the screen.

Method is clipRect( )

clipRect(x1,y1,x2,y2);

Animation

Animation is technique by the object is moved on the screen In which the original image is clreared and placed in another place.

9.e. Events

Mouse Events methods

boolean mouseDown(event , x, y)

boolean mouseDrag(event , x, y)

boolean mouseEnter(event , x, y)

boolean mouseExit(event , x, y)

boolean mouseMove(event , x, y)

boolean mouseUp(event , x, y)



KeyBoard Events

boolean keyDown(event , x, y)

boolean keyUp(event , x, y)

Types of Event handling

a)Low Level event

Low level classes Low level event Listener

ComponentEvent ComponentListener

FocusEvent FocusListener

KeyEvent KeyListener

ContainerEvent ContainerListener

MouseEvent MouseListener

MouseMotionListener

WindowEvent WindowListener

InputEvent

b) Semantic Events

Low level classes Low level event Listener

ActionEvent ActionListener

AdjustmentEvent AdjustmentListener

ItemEvent ItemListener

TextEvent TextListener

Each component class in the AWT has one addXXXListener( ) method for each event type.

9.f. ABSTRACT WINDOW TOOLKIT (AWT)

Component Contructor Methods

Button

Button( ) setLabel(String)

Button("label") getLabel( )

Label

Label( ) getText( )

Label(String) setText(String)

Label(String, int) getAlignment( )

SetAlignment(int)

where Int is alignment. It may be Label.LEFT, Label.RIGHT, Label.CENTER

Checkbox

Checkbox( ) setLabel(string)

Checkbox(String) getLabel( )

Checkbox(String,grp,boolean) setState(boolean)

getLabel( )

Choice

Choice( ) getItem(int)

addItem(String) getItemcount( )

getSelectedItem( )

getSelectedIndex( )

TextComponent

TextField( ) getText( )

TextField(String, int) setText(String)

TextArea( )

TextArea(String, int, int) int represents rows and columns

List

List( ) getItem(int) int starts from 0

List(int,boolean) getItemCount( )

AddItem(String) select(int)

getSelectedItem( )

Scrollbar

Scrollbar( ) setValue(int)

Scrollbar(orient, value, visible, min, max) getValue( )

Layout Manger

A set of classes used to position the components in a container.

a. FlowLayout b. BorderLayout

c. GridLayout

First create instantiate a layout manager class and use setLayout( ) method

Flow Layout

Lays components linewise from left to right

FlowLayout( )

FlowLayout(align, hgap, vgap)

Align – FlowLayout.LEFT, FlowLayout.RIGHT, FlowLayout..CENTER

Grid Layout

Position the components in the cellf of the grid.

GridLayout(int rwo, int col)

GridLayout( int rwo, int col, int hgap, int vgap)

Border Layout

Lays components relative to the edges of the container

BorderLayout( )

BorderLayout(int hgap, int vgap)

add("direction",item);

direction may be NORTH, SOUTH,EAST , WEST or CENTER

Insets(int, int, int, int)

Used to give spacing around the container

Panel

A panel class is a non-abstract, recursively nestable container.

Panel( )

9.g. Frames, Menus and Dialogs

Frame

11. Networking in Java

Java.net package

The objectives are

Network Datagram

Protocol DatagramPacket

Socket DatagramSocket

Client/Server TCP/IP

Internet (IP) Address Socket

Domain Name Service ServerSocket

InetAddress URL

Network is a set of computers physically connected together. It enables the sharing of computer pheriperals and resources by different computers.

The communication between the computers requires certain set of rules called protocols. Some important protocols are TCP/IP, HTTP, FTP, SMTP and NNTP. Port no 21 is for FTP, 23 is for Telnet, 25 is for e-mail and 80 is for HTTP.

IP is a low-level routing protocol that breaks data into small packets and sends them to an address across a network. TCP is a higher level protocol that manages string together these packets, sorting and retransmitting them to reliably transmit your data. UDP (user Datagram Protocol) can be used to support fast, connectionless, unreliable transport of packets.

Socket is the place used to plug in just like electric sockets, from the socket the communication starts.

Client is the machine, which sends some request to another computer. The computer that does the request is called the Server.

A proxy server speaks the client side of protocol to another server. A client would connect to a proxy server, which have no restrictions, and the proxy server would in turn communicate for the client.

Every computer connected to the network has unique address it contains four numbers between 0 and 255 separated by period. Ex is 80.0.0.50

It is very difficult to remember the IP of the computer. To overcome this problem domain name service (DNS) is used. It maps the IP address by string of characters. Ex is www.microsoft.com

InetAddress is a class, which is used to encapsulate IP address and DNS.

InetAddress getLoaclHost( ) throws unknowHostException

InetAddress getByName (String hostName)

InetAddress getAllByName (String hostName)

URL

Uniform Resource Locater. It contains four parts protocol, separated by : and //, host name of IP address, port number, file path.

For ex http://www.starwave.com/index.html

Constructors of URL throws MalformedURLException

URL (String urlspecifier)

URL (String protocolName, String hostName, int port,String path)

URL (String protocolName, String hostName, String path)

getPort( ), getHost( ),getFile( ) and toExternalForm( )

To access content information of a URL, use url.openConnection( ) method.

Datagrams

Datagrams are bundles of information passed between machines. It contains two classes

DatagramPacket for container of data

DatagramSocket for send or receive the DatagramPacket

DatagramPacket constructors are

DatagramPacket (byte data[ ], int size);

DatagramPacket (byte data[ ], int size, ipAddress, int port);

Methods of DatagramPacket are

InetAddress getAddress( ), int getPort( ) , byte( ) , getData( ) and

int getLength( )

DatagramSocket constructors are

DatagramSocket.send (DatagramPacket d);

DatagramSocket.receive (DatagramPacket p);

client.java

import java.net.*;

class client

{

public static DatagramSocket ds;

public static byte buffer[] = new byte[1024];

public static void main(String arg[]) throws Exception

{

ds = new DatagramSocket(6);

while(true)

{

String a;

DatagramPacket p = new DatagramPacket(buffer,buffer.length);

ds.receive(p);

a=new String(p.getData(),p.getLength(),1);

if (a.equals("q"))

{

System.out.println("Server response is shut off now");

return;

}

System.out.println(new String(p.getData(),0,p.getLength()));

}

}

}

server.java

import java.net.*;

class server

{

public static DatagramSocket ds;

public static byte buffer[] = new byte[1024];

public static void main(String a[]) throws Exception

{

InetAddress ia = InetAddress.getByName("rad-tm-04");

System.out.println(ia);

ds = new DatagramSocket(123);

int pos=0;

while(true)

{

int c = System.in.read();

switch(c)

{

case 'q':

System.out.println("Server quits");

return;

case '\r':

break;

case '\n':

ds.send(new DatagramPacket(buffer,pos,ia,456));

pos=0;

break;

default:

buffer[pos++] = (byte) c;

}

}

}

}

TCP/IP

TCP/IP sockets are used to implement reliable, bidirectional, persistent, point to point, stream based connection between hosts on the Internet.

It contains two classes. They are Socket and ServerSocket. ServerSocket class is designed to wait for clients to connect and Socket class is used to connect to ServerSocket.

ServerSocket (int port)

ServerSocket (int port, int maxqu)

ServerSocket (int port, int maxqu, InetAddress localAddress)

ServerSocket has a method accept( ) that waits for client to initiate communication.

Socket (String hostName, int port)

Socket (InetAddress ipAddress, int port)

=============================================================

12. JDBC-ODBC

JDBC is a set of Java API for executing SQL statements.

Two-Tier Model

Client Machine

DBMS propictary protocol

Database server

Three-Tier Model

Client Machine(GUI)

HTTP, RMI, CORBA

Server Machine

DBMS-proprictary protocol

Database Serverk

Two-Tier Model

In Two-Tier Model, a Java applet or application talks directly to the database. This requires a JDBC driver that can communicate with the particular database management systems accessed. Users SQL statement is delivered to the database and the results of those statements are sent to the user. This is referred to as client/server configuration.

Three-Tier Model

In this a middle tier is introduced for fast performance. It sends the SQL statements to the databases. The results of the query are send to middle tier, which sends them to user.

1. getConnection( ) of DriverManager class is used to get connection object. 2. It prepares Statement Object to prepare SQL statement

3. The method executeQuery( ) is used to obtain ResultSet and the method executeUpdate( ) is used to for deleting, updating or inserting records.

4. rollback( ) and commit( ) are used to undo or permanent save the changes.

Example :

a) Create a data base students in Ms-Access with table student containing the following fields studid number, sname text, course text and marks number.

a. Create a datasource studentdsn in ODBC for the above database b. Write the source file , compile and execute it.

import java.sql.*;

class dbappn

{

static connection con;

public static void main(String a[ ]) throws Exception

{

class.forName("sun.jdbc.odbc.JdbcOdbcdriver");

open( );

select( );

insert( );

delete( );

update( );

select( );

close( );

}

static void open( ) throws SQLException

{

/*con = DriverManger.getConnection("dsn","username","pwd"); */

con = DriverManager.getConnection("jdbc:odbc:student","palani","kumar");

con.setAutoCommit(false);

}

static void close( ) throws SQLException

{

con.commit( );

con.close( );

}

static void select( ) throws SQLException

{

Statement stmt = con.createStatement( );

ResultSet rs = stmt.executeQuery("Select * from student");

Boolean more = rs.next( );

If (!more)

{

System.out.println("No rows found");

Return ;

}

while(more)

{

System.out.println("ID " : " + rs.getString("studid"));

System.out.println("Name : " + rs.getString("sname"));

System.out.println("Course : " + rs.getstring("course"));

System.out.println("Marks : " + rs.getString("marks"));

more = rs.next( );

}

rs.close( );

stmt.close( );

}

static void insert( )

{

try{


int rows = stmt.executeUpdate("Insert into student

values(100, ‘Subash’,’Java’,80)");

con.commit( );

stmt.close( );

System.out.println(rows + " row added");

} catch(SQLException s) { System.out.println("Error"); }

}

static void delete( )

{

try{


int rows = stmt.executeUpdate("Delete from student

where id = 100;

con.commit( );

stmt.close( );

System.out.println(rows + " row deleted");


}

static void update( )

{

try{


int rows = stmt.executeUpdate("Update student

set marks = 90 where id =100 ;

con.commit( );

stmt.close( );

System.out.println(rows + " row added");


}

}

13. Remote Method Invocation (RMI)

RMI allows java object that executes on one machine to invoke a method that executes on another machine. This is the one method of creating distributed application.

Steps to create client/server application using RMI

1. Write source code for interface, server and client program and compile them. 2. Generate Stubs and Skeletons classes by compiling server program using RMI compiler

3. Install files on client and server machines.

4. start rmiregistry on server machine to map server name to object reference

5. Execute the server program by java server.

6. Execute the client program on client machine by java client localhost args

inter.java

import java.rmi.*;

public interface inter extends Remote

{

public void getdata(int m,int n) throws RemoteException;

int adddata() throws RemoteException;

}

client.java

import java.rmi.*;

public class client

{

public static void main(String arg[])

{

try

{

int a = Integer.parseInt(arg[1]);

int b = Integer.parseInt(arg[2]);

int result;

inter i = (inter) Naming.lookup("rmi://" + arg[0] + "/Addserver");

System.out.println("client");

i.getdata(a,b);

result = i.adddata();

System.out.println(result);

}catch(Exception e)

{

System.out.println("error " + e);

}

}

}

server.java

vbnm,import java.rmi.*;

import java.rmi.server.*;

public class server extends UnicastRemoteObject implements inter

{

int x,y;

public server() throws RemoteException

{

}

public int adddata() throws RemoteException

{

return x+y;

}

public void getdata(int m, int n) throws RemoteException

{

x=m; y=n;

}

public static void main(String arg[])

{

try

{

server s = new server();

Naming.rebind("Addserver",s);

}

catch(Exception e)

{

System.out.println("Exception e");

}

}

}

Comp Constructor Methods

label

JLabel(Icon I)

JLabel(String s)

JLable(String s, Icon I, int align)

Icon getIcon( )

String getText( )

void setIcon(Icon I)

void setText(String s)

Text Field

JTextField( )

JTextField(int cols)

JTextField(String s)

JTextField(String s, int cols)

Buttons

JButton(Icon i)

JButton(String s)

JButton(String s, Icon I)

CheckBox

JCheckBox(Icon I)

JCheckBox(String s)

JCheckBox(Icon I, boolean)

JChcekBox(String s, boolean)

JCheckBox(String s, Icon I, boolean)

Radio Buttons

JRadioButton(Icon I)

JRadioButton(String s)

JRadioButton(String s, boolean)

JRadioButton(s, I, boolean)

Combo Box

JComboBox( )

JComboBox(Vector v)

Tabbed Panes

JTabbedPane( ) addTab(title, comp)

Scroll Panes

JScrollPane(comp)

JScrollPane(int vsb, int hsb)

JScrollPane(comp, vsb, hsb)

Trees

JTree(HashTable h)

JTree(Object ob[])

JTree(TreeNode t)

JTree(Vector v)

TablesJTable(Obect data[][], Object colheads[])

Icons

Method

Int getIconHeight( )

int getIconWidth( )

void paintIcon(comp, Graphics, x, y)

void setDisabledIcon(icon)

void setPressedIcon(icon)

void setSelectedIcon(icon)

void setRolloverIcon(icon)

Scroll Panes

JScrollPane(comp, vsb, hsb)

The vsb, hsb constants are

ScrollPaneConstants.HORIZONTAL_SCROLLBAR_ALWAYS

ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED

ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS

ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED

Example :

import javax.swsing.*;

import java.awt.*;

public class Jlabel extends JApplet

{

public void init( )

{

Container cp = getContentPane( );

ImageIcon ii = new ImageIcon("Birds");

JLabel jl = new JLabel("Birds",ii,JLabel.Center);

Cp.add(jl);

}

}

Example :

import javax.swing.*;

import java.awt.*;

public class jscroll extends JApplet

{

public void init( )

{

Container CP = getContentPane( );

Jpanel jp = new Jpanel( );

jp.setLayout(new GridLayout(20,20));

int b = 0;

for(int ii = 0; I<20; I++)

{

for(k=0;k<20;k++)

{

jp.add(new JButton("Button " + b));

b++;

}

}

int v = ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED

int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;

JScrollPane jsp = new JscrolPane(jp, v, h) ;

CP.add(jsp, BorderLayout.CENTER);

}

}

Example :

Servlets

Servlets are small programs that execute on the server side of a Web connection, used to extend the functionality of a Web Server.

JSDK

Java Servlet Development Kit (JSDK) contains class libraries to create servlets. It contains the utility servletrunner to test the servlets. The basic life cycles of servlets are init( ), service( ) and destroy( ). The steps to create a servlets are

1. Create and compile the servlet source code. 2. Start the servletrunner utility.

3. Start a Web browser and reuest the servlet.

Adv of servlets over CGI :

o Performance is better. Creating a separate process to handle each client reuest isn't necessry.

o Servlets are platform-independent, because they are written in Java.

o The Java Security Manager on the server enforces a set of restrictions to protect the resources on a server machine.

o The full functionality of Java class is available to the servlet. It can communicate with applets, databases or other software via sockets and RMI.

The javax.servlet package

Interfaces Class Methods

Servlet GenericServlet Init(ServletConfig sc )

ServletRequest ServletInputStreamService(ServeltRequest req, ServletResponse res

ServletResponse ServletOutputStream void destroy( )

ServletConfig ServletExceptionServletConfig getServletConfig( )

ServletContext UnavailableException

SingleThreadModel

The first two methods throws SerlvelException

The javax.servlet.http Package

Interface Class

HttpServletRequest Cookie

HttpServletResponse HttpServlet

HttpSession HttpSessionBindingEvent

HttpSessionBindingListener HttpUtils

HttpSessionContext

Example :

Step 1 : colorGet.html

<html>

<body>

<center>

<form name ="form1" method ="get"

action=<http://localhost:8080/servlet/colorGetServlet">

<B> color : </B>

<Select name="color" size="1">

<option value = "Red"> Red </option>

<option value="Blue"> Blue </option>

</select>

<br> <br>

<input type = submit value="submit">

</form>

</body>

</html>

Step 2 : colorGetSelvlet.java

import java.io.* ;

import javax.servlet.*;

import javax.servlet.http.*;

public class colorGetServlet extends HttpServlet

{

public void doGet (HttpServlet request, HttpServletResponse response)

throws ServletException, IOException

{

String color = request.getParameter("color");

response.setContentType("text/html");

PrintWriter pw = response.getWriter( );

pw.println("<B> The selected color is : " );

pw.println(color);

pw.close( );

}

}

Step 3: compile the above program colorGetServlet.java

Step 4 : start servlet runner by c:\javawebbrowser2.0\jserv

Step 5: Display the web page in the browser. Select a color and submit.

System design

Design phase

List of the Modules

1. Encryption2. Decryption3. Crypto Analysis4. Editing the Text.

Description of Modules

Encrypting the Text


Code Caeser

Code Substitution



Decrypting the Text


Decode Caeser

Decode Substitution



Crypto Analysis



Editing the Text



Functionality of the Modules

Internet Security Evaluation System is formally the art of encoding data in a way that only the

intended recipient can decode it, and know that the message is authentic and unchanged. Internet

Security Evaluation System means different things to different people. This ISES is basically

designed to send the documents to the client in a safe and secure mode operation. The aim of the

system is to protect the documents from tampering and hacking mechanism prevail in the

internet transmission. This project will protect the documents from hacking and tampering by

converting the document into unreadable format and un hack able format. This format can be

converted by the receiver or client once he receives the documents. For this the receiver has to

receive the key specified by the sender through phone or any mode of transmission separately.

This code will enable the receiver to convert the document into the original format.




7. Crypto Analysis


Functionality of the project

Internet Security Evaluation System ISES is an application which enables the

user to store the data in the computer and when he is sending the data to others through

the internet the data has to be protected against the hacking techniques of the hackers.

Using this ISES the client who receives the data has to be read.

ISES is basically designed for data protection. This data protection will be applicable for

Internet transmission. The data has to be protected in the internet transmission

environment which is filled with hacking techniques.

Hacking Techniques are used by the hackers. The hackers usually known persons who

knows our operations. The hackers will hack our system and steal the data. The hacker

should know what data he want to steal. The hacker should know what type of environment

will be used by the user. The hacker may be nothing but our associate. The hacker will be

keeping an eye on which sharing techniques the user is transmitting the data to the client.

The hacking technique is nothing but capturing the password of the system or software

application from which we transfer the data. The hacker will write a code on java, .net, c++

or C languages to unveil the password of the internet sharing software. The code will be

executed to crack the password of the internet sharing software. The hacker should have a

powerful internet connection. The hacker will download all the internet sharing software

and open the software applications which will be used by the user. Once the user come on

line the application will ask the password, immediately the hacker will apply the code to

crack the application. Then automatically the transmitted data will be captured by the

hacker. While any hacker is capturing the data from the user it will not be known to the

user.

It is obvious that the data is transferred from one place to another place through the

sharing software applications like team viewer etc can easily hacked by the hackers.

Because the hacking techniques are very powerful to crack the passwords of any

applications.

Team Viewer Application for internet sharing of Data: This application is a internet sharing

application which is widely used by the world. This software has latest features to share the

desk top and the required drives in the system. Using this software the user can share his

desktop or system or file transfer to the client. The client will be given the password of user.

The client will open team viewer and enter the user name and password of the user. Hence

the client will view the desk top or transfer of file into his system. The user name will be

standard but the password will be changing in accordance with the user wish.

The hacker should know the user about the team viewer and user name. Then he will type

the user name and use the cracking system to crack the password. The hacker will view the

data what is transferred by the user to the client. But the data which is transmitted by the

user is un readable format.

Hence the project team has evaluated the internet security transmission data technique

which will protect the data from the hackers and their hacking techniques. The project team

has named the system as internet security evaluation system ISES.

ISES basically a data transmission system developed in java technologies. This system is

developed in four ciphers and with the combination of two algorithms. This ISES will be

used by the user to transmit the data into unreadable format. in the process of transmission

of data into unreadable format a key will be generated by the ISES. This key will be

preserved by the user.

The user will transmit the data through the internet sharing software applications. The

hacker tries to capture the data. But the data will be hacked will be in unreadable and un

editable format. The hacker can not understand or re transmit the data into readable

format by using any crypto systems.

The data will be transmitted by the user with a specific combinations and permit ions of the

algorithms specified by the user. The ISES will be provided to the client of the user. Except

the client no body can re transform the data in to original text. Here another factor to

retransmit the data ie Key. Once the user transmit the data in to unreadable format ISES will

generate the key which reveals the combination of ciphers and algorithms for conversion of

data. The user will transmit the unreadable data through the sharing software applications

or mails to the client and also he will inform the key to the client.

The Client will use the ISES along with the key supplied by the user to re transform into the

original text. The retransformation system will be done by the client of the user with help of

key. With out key no one can re transform the data.

Hence the ISES plays a vital role to protect the data which will be transmitted through

internet hacking pone area.

Interface Relationship among the modules

The encryption module will encrypt the text and store the encrypted text in a location.

The encrypted text will be decrypted with the help of key generated by the encryption module.

The editor enables the text to do the editing of the text and this is the interface module to

convert the text and send the same to a specified location.

The editor enables the user to view the original text format after decryption.

The editor is the interface to convert the encrypted text into original format for this the

features to keep the key and specify the location of the encrypted text. The button decrypt will

also available to decrypt the text.

Dependencies:1. The decryption will be possible if the key and the location of the file is given.2. The key will be generated only at the time of encrypting the text.3. The key has to be stored properly along with the name of the file encrypted other wise

the decryption is not possible.

Error Messages:1. If the key is wrongly typed by the user the error message should be populated.

PROCESS FLOWStep 1: The application displays menu.

Step 2: Click on <Metal>, <CDE/ Motif>, or <Windows> to select and feel of the

screens.

Step 3: Go to ‘File Menu’, select ‘New’ to open a new file.

Step 4: Enter the text in text area or select and open a file with text which is to be

encoded.

Step 5: Go to ‘File Menu’, select ‘Save Coded’ and then select < Code Caeser>,

<Code Substitution>, <Code Vigenere Cipher>, or <Code MonoSubstitution>

and enter the respective key, to convert the text.

Step 6: Go to ‘File Menu’, select ‘Open Decoded’ and then select < Decode

Caeser>,

< Decode Substitution>, < Decode Vigenere Cipher>, or <Decode

MonoSubstitution> and enter the respective key, to decode the already encoded file

and to open the same.

Step 7: Click on <Crypto Analysis>, to view the file size and time taken for encoding

and decoding the file.

PROGRAMMING ENVIRONMENT

This application is developed in Java using java.awt and java.swings packages as a

stand-alone application.

Solutions Considered

• When developing the application, we have considered the features of applet and


• On the close examination of the system scope and its purpose we favoured the


• Though the above functionality can also be accomplished with applet.

Screen Shots

Testing

TESTING

In the test phase various test cases intended to find the bugs and loop holes exist in the

software will be designed. During testing, the program to be tested is executed with a set of test

cases and the output of the program is performing as it is expected to.

Often when we test our program, the test cases are treated as “ throw away” cases.

After testing is complete, test cases and their outcomes are thrown away. The main objective of

testing is to find errors if any, especially the error uncovered till the moment. Testing cannot

show the absence of defects it can only show the defects that are a set of interesting test cases

along with their expected output for future use.

Software testing is crucial element and it represents at the ultimate review of

specification design and coding. There are black box testing and glass box testing. When the

complete software testing is considered Back box attitudes to the tests. That is concluded

predicted on a close examination of procedural detail.

The software is tested using control structures testing method under white box testing

techniques. The two tests done under this approach. One condition testing to check the Boolean

operator errors, Boolean variable errors, Boolean parenthesis errors etc. Loop testing to check

simple loops and tested loops.

Faults can be occurred during any phase in the software development cycle.

Verification is performed on the output in each phase but still some fault. We likely to remain

undetected by these methods. These faults will be eventually reflected in the code. Testing is

usually relied upon to detect these defaults in addition to the fault introduced during the code

phase .For this, different levels of testing are which perform different tasks and aim to test

different aspects of the system.

UNIT TESTING

Unit testing focuses verification effort on the smallest unit of software

design module. Using the detail design description as an important control path is tested to

uncover errors with in the boundary of the modules unit. Testing has many important results for

the next generation is to be easy. The unit testing considers the following condition of a program

module while testing.

Interface

Logical data structure

Boundary data structures

Independent path

Error handling path

In the project Budget Analysis System we have done the unit testing. The table applied out the modules

or interface test to answer that information properly flows into and out of the program unit under test.

The local data structure is examine to ensure that data stores temporary monitors its integrity during all

steps in algorithm execution. Boundary conditions are tested to ensure that the module operates

properly at boundaries, establish to limit on restrict proclaim.

Testing

Test Cases

1 Crypto Systems

1.1 Verify that the application is properly invoked.

1.2 Verify that ‘File’, ‘Edit’ and ‘Crypto Analysis’ menu items should be displayed, after invoking

the application.

2 File

2.1 Verify that in ‘File’ menu, ‘New’, ‘Open’, ‘Save’, ‘Save coded’, ‘Open coded’ and ‘Exit’ menu

items should be displayed.

2.2 Verify that the functionality of ‘New’ Menu item in “File” menu, to open a new file.

2.3 Verify that the functionality of ‘Open’ Menu item in “File” menu, to open an existing file.

2.4 Verify that in ‘Save coded’ menu item in “File” menu, ‘code Caeser’, ‘code Substitution’,

‘code

Vigenere Cipher’ and ‘code MonoSubstitution’ sub options should be displayed.

2.5 Verify that by selecting ‘code Caeser’ sub option in ‘Save coded’ menu item after entering

the

text in text area, “Enter one alphabet key please” message should be displayed.

2.6 Verify that after entering one alphabet key, ‘Save’ dialog box should be displayed.

2.7 Verify that after entering file name in ‘Save’ dialog box, the file should be saved in respected

folder in encrypt mode.

2.8 Verify that by selecting ‘code Substitution’ sub option in ‘Save coded’ menu item after

entering

the text in text area, “Enter 26 alphabets key please. The alphabets must not be repeated”

message should be displayed.

2.9 Verify that after entering 26 alphabets, ‘Save’ dialog box should be displayed.

2.10 Verify that after entering file name in ‘Save’ dialog box, the file should be saved in

respected


2.11 Verify that by selecting ‘code Vigenere Cipher’ sub option in ‘Save coded’ menu item after

entering the text in text area, “Enter alphabetic key please” message should be displayed.

2.12 Verify that after entering invalid key, “The key must be less than the text to be coded”


2.13 Verify that after entering valid key, ‘Save’ dialog box should be displayed.


respected


2.15 Verify that by selecting ‘code MonoSubstitution’ sub option in ‘Save coded’ menu item

after

entering the text in text area, “Enter character key please” message should be displayed.

2.16 Verify that after entering character key, ‘Save’ dialog box should be displayed.


respected


2.18 Verify that in ‘Open decoded’ menu item in “File” menu, ‘decode Caeser’, ‘decode

Substitution’, ‘decode Vigenere Cipher’ and ‘decode MonoSubstitution’ sub options should be

displayed.

2.19 Verify that by selecting ‘decode Caeser’ sub option in ‘Open decoded’ menu item, “Enter

one

alphabet key please” message should be displayed.

3

TEST CASE REPORT

CRYPTO SYSTEMS VERSION: 1.0

2.20 Verify that after entering correct alphabet key, ‘Open’ dialog box should be displayed.

2.21 Verify that after entering file name in ‘Open’ dialog box, the file should be opened in text

area

in decode mode.

2.22 Verify that by selecting ‘decode Substitution’ sub option in ‘Open decoded’ menu item,

“Enter

26 alphabets key please. The alphabets must not be repeated” message should be displayed.

2.23 Verify that after entering correct 26 alphabets, ‘Open’ dialog box should be displayed.


area

in decode mode.

2.25 Verify that by selecting ‘decode Vigenere Cipher’ sub option in ‘Open decoded’ menu item,

“Enter alphabetic key please” message should be displayed.

2.26 Verify that after entering invalid key, “The key must be less than the text to be coded”


2.27 Verify that after entering valid key, ‘Open’ dialog box should be displayed.


area

in decode mode.

2.29 Verify that by selecting ‘decode MonoSubstitution’ sub option in ‘Open decoded’ menu

item,

“Enter character key please” message should be displayed.

2.30 Verify that after entering correct character key, ‘Open’ dialog box should be displayed.


area

in decode mode.

2.32 Verify that the functionality of ‘Exit’ Menu item in “File” menu, to close the application.

3 Edit

3.1 Verify that in ‘Edit’ menu, ‘Cut’, ‘Copy’, ‘Paste’ and ‘Font’ menu items should be displayed.

3.2 Verify that the functionality of ‘Cut’ Menu item in “Edit” menu, the selected text should be

cut.

3.3 Verify that the functionality of ‘Copy’ Menu item in “Edit” menu, the selected text should be

copied.

3.4 Verify that the functionality of ‘Paste’ Menu item in “Edit” menu, the selected text should

be

pasted.

3.5 Verify that the functionality of ‘Font’ Menu item in “Edit” menu, the selected text color

should

be displayed.

4 Crypto Analysis

4.1 Verify that in ‘Crypto Analysis’ menu, ‘Analyse Ceaser’ menu item should be displayed.

4.2 Verify that the functionality of ‘Analyse Ceaser’ Menu item in “Crypto Analysis” menu, “The

time taken for cipher analysis for ‘_’ bytes is ‘_’ milli seconds” message should be displayed

after completion of encode or decode mode.

4

Internet Security Evaluation System Test Case ID Description Pass / Fail

1.1 Verify that the application is properly invoked. Pass 1.2

Verify that ‘File’, ‘Edit’ and ‘Crypto Analysis’ menu items should be displayed, after invoking

the application. Pass

2 File

Test Case ID Description Pass / Fail

2.1

Verify that in ‘File’ menu, ‘New’, ‘Open’, ‘Save’, ‘Save coded’, ‘Open coded’ and ‘Exit’ menu

items should be displayed. Pass

2.2

Verify that the functionality of ‘New’ Menu item in “File” menu, to open a new file.

Pass

2.3

Verify that the functionality of ‘Open’ Menu item in “File” menu, to open an existing file.

Pass

2.4

Verify that in ‘Save coded’ menu item in “File” menu, ‘code Caeser’, ‘code Substitution’,

‘code Vigenere Cipher’ and ‘code MonoSubstitution’ sub options should be displayed.

Pass

2.5

Verify that by selecting ‘code Caeser’ sub option in ‘Save coded’ menu item after entering

the text in text area, “Enter one alphabet key please” message should be displayed.

Pass

2.6

Verify that after entering one alphabet key, ‘Save’ dialog box should be displayed. Pass

2.7

Verify that after entering file name in ‘Save’ dialog box, the file should be saved in

respected folder in encrypt mode.

Pass

2.8

Verify that by selecting ‘code Substitution’ sub option in ‘Save coded’ menu item after

entering the text in text area, “Enter 26 alphabets key please. The alphabets must not be

repeated” message should be displayed.

Pass

2.9

Verify that after entering 26 alphabets, ‘Save’ dialog box should be displayed. Pass

2.10



Pass

2.11

Verify that by selecting ‘code Vigenere Cipher’ sub option in ‘Save coded’ menu item after

entering the text in text area, “Enter alphabetic key please” message should be displayed.

Pass

2.12

Verify that after entering invalid key, “The key must be less than the text to be coded”


Pass

2.13

Verify that after entering valid key, ‘Save’ dialog box should be displayed. Pass

2.14 Verify that after entering file name in ‘Save’ dialog box, the file Pass

3

UNIT TEST REPORT

Internet Security Evaluation System VERSION: 1.0


should be saved in respected folder in encrypt mode.

2.15

Verify that by selecting ‘code MonoSubstitution’ sub option in ‘Save coded’ menu item after

entering the text in text area, “Enter character key please” message should be displayed.

Pass

2.16

Verify that after entering character key, ‘Save’ dialog box should be displayed.

Pass

2.17



Pass

2.18

Verify that in ‘Open decoded’ menu item in “File” menu, ‘decode Caeser’, ‘decode

Substitution’, ‘decode Vigenere Cipher’ and ‘decode MonoSubstitution’ sub options should

be displayed. Pass

2.19

Verify that by selecting ‘decode Caeser’ sub option in ‘Open decoded’ menu item, “Enter

one alphabet key please” message should be displayed.

Pass

2.20

Verify that after entering correct alphabet key, ‘Open’ dialog box should be displayed.

Pass

2.21

Verify that after entering file name in ‘Open’ dialog box, the file should be opened in text

area in decode mode.

Pass

2.22

Verify that by selecting ‘decode Substitution’ sub option in ‘Open decoded’ menu item,

“Enter 26 alphabets key please. The

alphabets must not be repeated” message should be displayed.

Pass

2.23

Verify that after entering correct 26 alphabets, ‘Open’ dialog box

should be displayed. Pass

2.24


area in decode mode. Pass

2.25

Verify that by selecting ‘decode Vigenere Cipher’ sub option in ‘Open decoded’ menu item,

“Enter alphabetic key please” message should be displayed. Pass

2.26

Verify that after entering invalid key, “The key must be less than the text to be coded”


Pass

2.27

Verify that after entering valid key, ‘Open’ dialog box should be displayed. Pass

2.28



Pass

2.29

Verify that by selecting ‘decode MonoSubstitution’ sub option in ‘Open decoded’ menu item,

“Enter character key please” message should be displayed. Pass

2.30

Verify that after entering correct character key, ‘Open’ dialog box should be displayed. Pass

2.31



Pass

4

UNIT TEST REPORT

Internet Security Evaluation System


2.32

Verify that the functionality of ‘Exit’ Menu item in “File” menu, to close the application.

Pass

3 Edit


3.1

Verify that in ‘Edit’ menu, ‘Cut’, ‘Copy’, ‘Paste’ and ‘Font’ menu items should be displayed.

Pass

3.2

Verify that the functionality of ‘Cut’ Menu item in “Edit” menu, the selected text should be

cut. Pass

3.3

Verify that the functionality of ‘Copy’ Menu item in “Edit” menu, the selected text should be

copied. Pass

3.4

Verify that the functionality of ‘Paste’ Menu item in “Edit” menu, the selected text should be

pasted. Pass

3.5

Verify that the functionality of ‘Font’ Menu item in “Edit” menu, the selected text color

should be displayed. Pass

4 Crypto Analysis


4.1

Verify that in ‘Crypto Analysis’ menu, ‘Analyse Ceaser’ menu item should be displayed. Pass

4.2

Verify that the functionality of ‘Analyse Ceaser’ Menu item in “Crypto Analysis” menu, “The

time taken for cipher analysis for ‘_’ bytes is ‘_’ milli seconds” message should be displayed

after completion of encode or decode mode.

Pass

Implementation

A product software implementation method is a systematically structured

approach to effectively integrate a software based service or component into

the workflow of an organizational structure or an individual end-user.

This entry focuses on the process modeling (Process Modeling) side of the

implementation of “large” (explained in complexity differences) product

software, using the implementation of Enterprise Resource Planning systems

as the main example to elaborate on.

Overview

A product software implementation method is a blueprint to get users and/or

organizations running with a specific software product. The method is a set

of rules and views to cope with the most common issues that occur when

implementing a software product: business alignment from the

organizational view and acceptance from the human view.

The implementation of product software, as the final link in the deployment

chain of software production, is in a financial perspective of a major issue. It

is stated that the implementation of (product) software consumes up to 1/3

of the budget of a software purchase

Implementation complexity differences

The complexity of implementing product software differs on several issues.

Examples are: the number of end users that will use the product software,

the effects that the implementation has on changes of tasks and

responsibilities for the end user, the culture and the integrity of the

organization where the software is going to be used and the budget available

for acquiring product software.

In general, differences are identified on a scale of size (bigger, smaller, more,

less). An example of the “smaller” product software is the implementation of

an office package. However there could be a lot of end users in an

organization, the impact on the tasks and responsibilities of the end users

will not be too intense, as the daily workflow of the end user is not changing

significantly. An example of “larger” product software is the implementation

of an Enterprise Resource Planning system. The implementation requires in-

depth insights on the architecture of the organization as well as of the

product itself, before it can be aligned. Next, the usage of an ERP system

involves much more dedication of the end users as new tasks and

responsibilities will never be created or will be shifted.

Software customization and Business Process Redesign

Process modeling, used to align product software and organizational

structures, involves a major issue, when the conclusion is drawn that the

product software and the organizational structure do not align well enough

for the software to be implemented. In this case, two alternatives are

possible: the customization of the software or the redesign of the

organizational structure, thus the business processes.

Customizing the software actually transforms the product software in tailor-

made software, as the idea of standardized software no longer applies. This

may result in loss of support on the software and the need to acquire

consultancy when issues arise in the usage of the software. Customizing

however results in a situation where the organizational integrity is not

adjusted, which puts less pressure on the end users, as less changes or shifts

in workflows are required. This fact may positively add to the acceptance of

any new (product) software application used and may thus decrease the

implementation time and budget on the soft side of the implementation

budget.

Redesigning business processes is more sensible for causing resistance in

the usage of product software, as altered business processes will alter tasks

and responsibilities for the end users of the product software. However, while

the product software is not altered, better support, training and service

levels are possible, because the support was created for the specific integrity

of the software.

Implementation Frameworks

The guiding principle versus the profession

Another issue on the implementation process of product software is the

choice, or actually the question, to what extent an implementation method

should be used.

Implementation methods can on the one hand be used as a guiding principle,

indicating that the method serves as a global idea about how the

implementation phase of any project should run. This choice leaves more

room for situational factors that are not taken into account in the chosen

method, but will result in ambiguity when questions arise in the execution of

the implementation process.

On the other hand methods can be used as a profession, meaning that the

method should be taken strict and the usage of the method should be a

profession, instead of a guiding principle. This view is very useful if the

implementation process is very complex and is very dependent on exact and

precise acting. Organizational and quality management will embrace this

view, as a strict usage of any method results in more clarity on

organizational level. Change management however might indicate that more

flexibility in an implementation method leaves more room for the soft side of

implementation processes.

Implementation frameworks

Apart from implementation methods serving as the set of rules to implement

a specific product or service, implementation frameworks serve as the

project managed structure to define the implementation phase in time,

budget and quality.

Several project management methods can serve as a basis to perform the

implementation method. Since this entry focuses on the implementation of

product software, the best project management methods suitable for

supporting the implementation phase are project management methods that

focus on software and information systems itself as well. The applicability of

using a framework for implementation methods is clarified by the examples

of using DSDM and Prince2 as project management method frameworks.rony

DSDM

The power of DSDM is that the method uses the principles of iteration and

incremental value, meaning that projects are carried out in repeating phases

where each phase adds value to the project. In this way implementation

phases can be carried out incrementally, adding value to for example the

degree of acceptance, awareness and skills within every increment [F. Von

Meyenfeldt, Basiskennis projectmanagement, Academic Service 1999].

Besides in the management of chance scope, increments are also usable in

the process modeling scope of implementation phases. Using increments can

align process models of business architectures and product software as

adding more detail in every increment of the phase draws both models

closer. The DSDM also has room for phased training, documentation and

reviewing.

The image below illustrates how implementation phases are supported by

the usage of DSDM, focusing on management of change, process modeling

and support.

Prince2

As DSDM does, the Prince2 method acknowledges implementation as a

phase within the method. Prince2 consists of a set of processes, of which 3

processes are especially meant for implementation. The processes of

controlling a stage, managing product delivery and managing stage

boundaries enable an implementation process to be detailed in with factors

as time and quality. The Prince2 method can be carried out iteratively but is

also suitable for a straight execution of the processes.

The profits for any implementation process being framed in a project

management framework are:

Clarity

An implementation framework offers the process to be detailed in with

factors such as time, quality, budget and feasibility.

Iterative, incremental approach

As explained, the possibility to execute different phases of the

implementation process iteratively enables the process to be executed by

incrementally aligning the product to be implemented with the end-user

(organization).

Assessments

Using an embedded method brings the power that the method is designed to

implement the software product that the method comes with. This suggests

a less complicated usage of the method and more support possibilities. The

negative aspect of an embedded method obviously is that it can only be

used for specific product software. Engineers and consultants, operating with

several software products, could have more use of a general method, to

have just one way of working.

Using a generic method like ERP modeling has the power that the method

can be used for several ERP systems. Unlike embedded methods, the usage

of generic methods enables engineers and consultants that operate in a

company where several ERP systems are implemented in customer

organizations, to adapt to one specific working method, instead of having to

acquire skills for several embedded models. Generic methods have however

the lack that implementation projects could become too situational, resulting

in difficulties and complexity in the execution of the modeling process, as

less support will be available.

Managing project delivery is essential to avoid the common problems of the

software solution not working as expected or crashing out due to multiple

users accessing the system at the same time. The keys to project delivery

are: successful implementation of the software, managing the business

change and scaling up the business use quickly.

Successful Implementation

Successful implementation of the software must be planned carefully. In

short there are two key options for delivering the software -- big bang or

phased release:

A "big bang" deployment or release software to all users at the same time

Phased deployment or release software to users over a period of time for

example by department or by geographical location. The project needs to

make a considered decision on the best way to release a software solution to

the business. Business will often choose a phased deployment, consequently

reducing project risk because if there is some problem the business impact is

reduced. In addition, the project deployment of software includes:

Cleanup of the "test" environment following successful completion of testing

Preparation of project deployment to the business such as setting up user

accounts to access the system and ensuring any lists of values have valid

values Deploying the software to the "production" environment ready for

normal business use. Plan and mechanism to back out of production

software deployment if the process goes wrong for some unexpected reason,

restoring the business to its pre-deployment state. Some of these ideas

have developed from IT Service Management and its discipline of Release

Management - for more background read: Release Management: Where to

Start? Project management should borrow and evolve good ideas whenever

needed.

Managing the Business Change of Project Delivery

Project deployment of the software to the business units such that they are

able to use it from a specified date/time is not enough by itself. Managing

the business change is an essential part of project delivery and that needs to

include:

Building awareness within the business of the software solution through

communication

Developing business support and momentum to use the solution through

stakeholder engagement Planning and executing the training plan for

business users and administrators

Business plan to exploit the use of the solution and to scale up the numbers

of users Setting up and operating a customer board to manage the evolution

of the solution

Conclusion

Future Enhancements: Future enhancements of current ISES systems include

making I S E S more secure, increasing the transmission

distance of fiber-optic lines, increasing encryption rates

and making the technology wireless. One might think I S

E S systems are unconditionally secure because of the

quantum mechanics theory used, but the theory can only

be solid if I S E S hardware transmits single photons.

Current I S E S implementations do not transmit single

protons, but bursts of protons. With photon bursts

instead of single protons, eavesdropping attacks are

possible because Eve could siphon

off individual photons without being detected. One proposal,

introduced by Toshiba, for making I S E S systems more secure is by

sending randomly interspersed pulses within the quantum signal

called decoy pulses [Graham07]. These decoy pulses are of

weakened strength than the real quantum signals, which means the

decoy pulses rarely contain more than one photon. So, the sender

and receiver can monitor the ratio of decoy pulses to real quantum

singles that made it through to determine if an eavesdropper was

present. With decoy pulses, Eve will have a harder time siphoning

meaningful photons, decreasing the level of vulnerability of the I S E

S system. This approach would also increase the transmission

distance and encryption rate by 100-fold because stronger quantum

pulses can be used. Another advancement for making I S E S

systems more secure is the development of a light emitting diode

capable of emitting a single photon more reliably [Graham07].

Toshiba.s methodology is to create an array of quantum dots, each

about 45 nanometers in diameter, for emitting a single photon. This

advancement would increase the level of security offered by current

I S E S systems, but does not resolve the transmission distance and

encryption rate limitations. The most promising advancement to I S

E S systems is the wireless application.

Conclusion

ISES is a stand-alone application that involves cryptography. Its purpose is to hide the meaning

of a message rather than its existence. Cryptography is used in many applications that touch

everyday life including the security of ATM cards, computer passwords, and electronic

commerce. The objective of the Crypto Systems is to provide an abstract view of the operations

such as:

• Encrypting the given text and saving it to the desired location.

• Decrypting the given text and displaying the decrypted text.

Cryptosystem is playing a vital roll in ISES to convert the data into un tampered in

hacking mechanisms. ISES has served the purpose of transmitting the data

through internet. This user can incorporate ISES in sending mail and sending

data through remote desk top sharing systems. By using this system the data

which is transmitting will not get hacked or tampered by any hackers.

The project has been appreciated by all the users.

It is easy to use, since it uses the GUI provided in the user dialog.

User friendly screens are provided.

The usage of software increases the efficiency, decreases the effort.

It has been efficiently employed as a Site management mechanism.

It has been thoroughly tested and implemented.

FAQS

What is the most obvious difference between a stand-alone project and Applet?

The most obvious way that stand-alone applications differ from applets is the static main()

method. This method is ignored when a class is run as an applet, but is required to start the

program if the class is run as an application. The difference is based on the environment that

starts the class. This enables the same class to function as either an applet or an application.

Can the same application be implemented in an Applet without changes to

the code?

No. To run stand-alone application a main() method is required whereas, in an Applet we call

the init(), so if an applet is converted to a stand-alone application, these methods must be

explicitly called in main().

Given the scope of the project, in case it is implemented in applet, does that

result in any overheads?

Yes. Applets are meant to be run in an external viewer, such as a Web browser. Therefore,

applets inherit all the overhead of the viewer in which they are running. Applications, on the

other hand, are meant to be run in the Java interpreter on a local machine. Without the

overhead associated with Java applets, Java applications can provide users with better

performance. Better performance translates to improved response times and, possibly,

increased productivity.

It is fine when stand-alone project handles a file. Cannot an applet

accomplish this?

In Java-enabled browsers, entrusted applets cannot read or write files at all. By default,

downloaded applets are considered entrusted.

BIBLIOGRAPHY

BIBLIOGRAPHYhttp://wareseeker.com/free-what-is-cryptosyste

www.springerlink.com/index/ur4p561860141805

http://southcentral.edu/cc/course/java.html

ece.gmu.edu/courses/ECE746/project/specs_2006/ECC_IN_SW.pdf

http://privacy.cs.cmu.edu/courses/java3/syllabus.html

http://privacy.cs.cmu.edu/courses/java3/syllabus.html

http://southcentral.edu/cc/course/java.html

http://www.springerlink.com/index/ur4p561860141805

http://wareseeker.com/free-what-is-cryptosyste

Internet security evaluation system documentation nikitha

Documents

Transcript of Internet security evaluation system documentation nikitha