SECURE EMAIL TRANSACTION SYSTEM full report
project report tiger|
Active In SP
Joined: Feb 2010
26-02-2010, 10:10 PM
SECURE EMAIL TRANSACTION SYSTEM.doc (Size: 555.5 KB / Downloads: 384)
SECURE EMAIL TRANSACTION SYSTEM.
Communication is the backbone of any enterprise. Communication, without exchange of data, is unimaginable. In the context of communication between Enterprise level applications, the amount of data would be huge. So using traditional approaches in Electronic Data Interchange wouldn't suffice.
For our project and implimentation we have introduced and incorporated the theoretical ideas of Cryptography directly into the sending and receiving of e-mails through our e-mail application. We use RSA Encryption System application. The challenging task of using RSA Encryption has never been tried before on an email application.
It makes use of RSA Cryptographic System along with the required text for the mail from user. This is a default security system for message sending .To enable cryptographic features into the message text for email application, generation of keys plays a significant role. The public and private keys should be generated depending upon the user input on the key selected and based on the bit value for which the operations should be performed .
The amount of sophistication involved in sending a secured message is the main feature of this application. This level of security would definitely give the hackers a hard chase even coming close to knowing the message content
TABLE OF CONTENTS
ABSTRACT LIST OF TABLES LIST OF FIGURES
iv vii viii
1. INTRODUCTION 1
1.1 PROJECT OBJECTIVE 1
1.2 PROJECT OVERVIEW 1
1.2.1 Cryptography 3
1.2.2 RSA algorithm 6
1.2.3 Basic Encryption process 8
1.2.4 Java mail API 9
1.3 TOOL STUDY 10
1.3.1 Java 10
1.3.2 MS Access 15
2. SYSTEM ANALYSIS 16
3. SYSTEM REQUIREMENT 19
4. SYSTEM SPECIFICATION 20
5. SYSTEM DESIGN 21
5.1 MAJOR SYSTEM DESIGN ACTIVITY 21
5.1.1 Input design 21
5.1.2 Output design 22
5.1.3 Program design 23
5.2 LOGICAL DESIGN 23
6. SYSTEM DEVELOPMENT 24
7. SYSTEM IMPLEMENTATION 25
8. TESTING 26
9. SCREENSHOTS 28
10. MAINTENANCE 33
11. CONCLUSION 34
LIST OF TABLES
1.1 User Information
8.1 Desktop Form
8.2 Encrypti on F orm
8.3 Decryption Form
8.4 Key Manager
8.5 Key Generation
8.6 Mailing Form
LIST OF FIGURES
31 31 32
Communication is the backbone of any enterprise. Communication, without exchange of data, is unimaginable. In the context of communication between Enterprise level applications, the amount of data would be huge. So using traditional approaches in Electronic Data Interchange wouldn't suffice.
SETS is an innovative email system that provides high-level protection for emails on the Internet. SETS users have safe and secure email correspondence. Only the sender and recipient of SETS can access emails sent through this service. The design goal was to develop a set of interfaces that would help in setting up an emailing environment. But the interfaces were such that the data could be sent not only to mail server, but also to any server capable of understanding mail protocols. That brought almost every J2EE server into the picture. Thus APIs created for mail exchange provided a means to exchange huge amounts of data.
1.2 PROJECT OVERVIEW
SETS has been developed on the principles of public key cryptography, which uses a pair of asymmetric keys (public and private) for encryption/decryption. The public key is freely distributed to all interested parties, and can only be used to encrypt data. The private key is available to a mailbox owner only, and it is used to decrypt messages.
If anyone from the user's correspondents wants to write a secure letter to that user, he will encrypt the letter using the user's public key.
The public key will be stored in the database as shown below
Table1.1 User Information
uname Uemail uPubKey
Rachael Senator Senator firstname.lastname@example.org
Jeff Stevens jeff steve @rediffmail.com 3217891208461131321431479
Tracy Witney Tracy005 @yahoo.com 9513973589265624044056463
When the email is received, the user decrypts it using the private key. No one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key.
The JavaMail Application Programming Interface (API) provides a set of abstract classes defining objects that comprise a mail system. The API defines classes like Message, Store and Transport. The API can be extended and can be subclassed to provide new protocols and to add functionality when necessary. In addition, the API provides concrete subclasses of the abstract classes. These subclasses, including MimeMessage and MimeBodyPart, implement widely used Internet mail protocols.
The JavaMail API doesn't properly validate authenticated user message number attribute, allowing authenticated users to view other's messages. This is a loophole in mail API's which is overcome in this project and implimentation using high end security measures. It makes use of the complex Rivest Shamir Adleman(RSA) encryption algorithm to provide a default security level to the client with the use public and private key pair. This involves generation of public and private key pairs and encrypting the message typed. This level of security would definitely give the hackers a hard chase to even coming close to knowing the message content.
Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. It is the science of encoding and decoding secret messages.
Cryptography is the science of translating messages into ciphers or codes. The protection of sensitive communications has been the purpose of cryptography for most of history. The beginnings of cryptology can be traced to the hieroglyphics of early Egyptian civilization (1900 B.C.). Ciphering has always been considered vital for diplomatic and military secrecy. Recent successes in applying certain aspects of computer science and physics to cryptology seem to be leading to more secure systems in which encryption is implemented with sophisticated digital electronics.
Encryption is the process of taking any form of data (plaintext) message and scrambling it so that it becomes unreadable to anyone, except the authorized receiver who has a key to decrypt it. Encryption produces a ciphertext (coded message). The process of turning the ciphertext back into a plaintext is called decryption. Encryption and decryption require the use of some secret information, called a key. Traditionally, Alice is the sender of the information, Bob is the authorized receiver, and the eavesdropper is obviously name Eve. The basic problem of distributing a key between Alice and Bob is to make a safe transfer despite eavesdropping attempts. A plaintext message is encrypted using the key. Only a person with the same key can decrypt it back to the plaintext(Figure 1.1).
Of all the information security objectives the following four form a framework upon which the others will be derived: (1) privacy or confidentiality ;(2) data integrity ; (3) authentication ; and (4) non-repudiation .
1.Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy.There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible.
2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution.
3. Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify
each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed).
4. Non-repudiation is a service which prevents an entity from denying previous commitments
or actions. When disputes arise due to an entity denying that certain actions were taken, a
means to resolve the situation is necessary. For example, one entity may authorize the purchase
of property by another entity and later deny such authorization was granted. A procedure
involving a trusted third party is needed to resolve the dispute.
A fundamental goal of cryptography is to adequately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities.
There are a number of basic cryptographic tools (primitives) used to provide information security. Examples of primitives include encryption schemes , hash functions , and digital signature schemes which provides a schematic listing of the primitives considered and how they relate.
These primitives should be evaluated with respect to various criteria such as:
1. Level of security. This is usually difficult to quantify. Often it is given in terms of the number of operations required (using the best methods currently known) to defeat the intended objective. Typically the level of security is defined by an upper bound on the amount of work necessary to defeat the objective. This is sometimes called the work factor.
2. Functionality. Primitives will need to be combined to meet various information security objectives. The primitives that are most effective for a given objective will be determined by the basic properties of the primitives.
3. Methods of operation. Primitives, when applied in various ways and with various inputs, will typically exhibit different characteristics; thus, one primitive could provide very different functionality depending on its mode of operation or usage.
4. Performance. This refers to the efficiency of a primitive in a particular mode of operation. (For example, an encryption algorithm may be rated by the number of bits per second which it can encrypt.)
1.2.2 RSA Algorithm
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part of the British GCHQ) but this was a secret until 1997.
The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.
Key Generation Algorithm
1. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits.
2. Compute n = pq and (9) phi = (p-1)(q-1).
3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1.
4. Compute the secret exponent d, 1< d< phi, such that ed = 1 (mod phi).
5. The public key is (n, e) and the private key is (n, d). The values of p, q, and phi should also be kept secret.
Â¢ n is known as the modulus.
Â¢ e is known as the public exponent or encryption exponent.
Â¢ d is known as the secret exponent or decryption exponent.
Sender A does the following:-
1. Obtains the recipient B's public key (n, e).
2. Represents the plaintext message as a positive integer m.
3. Computes the ciphertext c = me mod n.
4. Sends the ciphertext c to B.
Recipient B does the following:-
1. Uses his private key (n, d) to compute m = cd mod n.
2. Extracts the plaintext from the integer representative m.
Sender A does the following:-
1. Creates a message digest of the information to be sent.
2. Represents this digest as an integer m between 0 and n-1.
3. Uses her private key (n, d) to compute the signature s = md mod n.
4. Sends this signature s to the recipient, B.
Signature verification Recipient B does the following:-
1. Uses sender A's public key (n, e) to compute integer v = se mod n.
2. Extracts the message digest from this integer.
3. Independently computes the message digest of the information that has been signed.
If both message digests are identical, the signature is valid.
1.2.3 Basic Encryption Process
The basic process ensures that when the user feeds the message, the message is delivered to the other end using proper security measures. This is where the RSA algorithm is used as a default security measure for each and every mail being sent out to the other end. The RSA algorithm itself only encrypts numbers. All computer data is ultimately just binary numbers, so the message could be broken into segments and RSA can be applied to each segment.
Generation of keys
The RSA encryption and decryption makes use of key pairs. Two big random prime numbers are generated which in turn calculates the variables used to produce the keys. The variables are used to generate the public and private keys. The message typed by the user is encrypted by using the private key. When decrypted with the public key it reproduces the original message. This process is secure, because the only way to decrypt and reproduce the original text is by knowing the private key.
Choice of Key Size
The feature to select the key size is provided to the user for increasing the complexity of the message.
Sender's choice for Encryption
When the sender has to send a message to the receiver, he/she must be sure of the encryption levels required before sending the message. This system provides the user to make the choice of generating digital certificates or digital signature.
Digital Signatures and Certificates
With RSA, the encryption and decryption techniques are very similar. After typing in the message and selecting the key size the user makes a choice of how he has to encrypt it. The cipher text produced is a digital signature. When decrypted with the public key it reproduces the original message. This process is secure, because the only way to decrypt a particular message (encrypted by the public key) is by applying the private key. After typing in the message and selecting the key size, then the user makes the choice of how he has to encrypt it.
1.2.4 JavaMail API Sending of Emails
The encrypted messages are send to the form where the mails are to be send and from this point JavaMail API takes over. Whenever a particular mail is being sent, there are various protocols which are being used to deliver the mail. Protocols are rules that define an exact format for communication between systems. In the case of sender mailing systems, there are two main protocols:
> SMTP(Simple message transfer protocol)
Any email client, to transfer mail, contacts the SMTP server of the organization that, in turn, delivers the message to the recipient's SMTP server.
> MIME(Multiple Internet mail Extension)
MIME is about the attachment and type of content being delivered. Receiving an Email
The message is received by the receiver and is moved on to the decryption phase which shows the actual data to the image. As the sender the receiver also has the particular protocols used in receiving the Email. The protocols are:
> POP3(Post office protocol-Version 3)
POP3 just ensures that each user has his or her own mailbox.
> IMAP(Internet Message access protocol)
While POP is for offline access of messages, IMAP is for online access.
1.3 TOOL STUDY
The tools that are used in our project and implimentation are described in detail below 1.3.1 Java
Java was developed at Sun Microsystems. Work on Java initially began with the goal of creating a platform-independent language and OS for consumer electronics. The original intent was to use C++, but as work progressed in this direction, developers identified that creating their own language would serve them better.
Today Java is both a programming language and an environment for executing programs written in Java Language. Unlike traditional compilers, which convert source code into machine level instructions, the Java compiler translates java source code into instructions that are interpreted by the runtime Java Virtual Machine. So unlike languages like C and C++, on which Java is based, Java is an interpreted language.
Java is the first programming language designed from ground up with network programming in mind. The core API for Java includes classes and interfaces that provide uniform access to a diverse set of network protocols.
Why Is Java Interesting
In one of their early papers about the language, Sun described Java as follows: Java: A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic language.
Sun acknowledges that this is quite a string of buzzwords, but the fact is that, for the most part, they aptly describe the language. In order to understand why Java is so interesting, let's take a look at the language features behind the buzzwords.
Java is an object-oriented programming language. As a programmer, this means that you focus on the data in your application and methods that manipulate that data, rather than thinking strictly in terms of procedures. In an object-oriented system, a class is a collection of data and methods that operate on that data. Taken together, the data and methods describe the state and behavior of an object. Classes are arranged in a hierarchy, so that a subclass can inherit behavior from its superclass. Unlike C++, Java was designed to be object-oriented from the ground up. Most things in Java are objects; the primitive numeric, character, and boolean types are the only exceptions. Strings are represented by objects in Java, as are other important language constructs like threads. A class is the basic unit of compilation and of execution in Java; all Java programs are classes.
Java is an interpreted language: the Java compiler generates byte-codes for the Java Virtual Machine (JVM), rather than native machine code. To actually run a Java program, you use the Java interpreter to execute the compiled byte-codes. Because Java byte-codes are platform-independent, Java programs can run on any platform that the JVM (the interpreter and run-time system) has been ported to.
Architecture Neutral and Portable
Because Java programs are compiled to an architecture neutral byte-code format, a Java application can run on any system, as long as that system implements the Java Virtual Machine. This is a particularly important for applications distributed over the Internet or other heterogeneous networks. Applications in Java can run on all platforms. The fact that Java is interpreted and defines a standard, architecture neutral, byte-code format is one big part of being portable
Dynamic and Distributed
Java is a dynamic language. Any Java class can be loaded into a running Java interpreter at any time. These dynamically loaded classes can then be dynamically instantiated. Native code libraries can also be dynamically loaded. Classes in Java are represented by the Class class; you can dynamically obtain information about a class at run-time.
The distributed nature of Java really shines when combined with its dynamic class loading capabilities. Together, these features make it possible for a Java interpreter to download and run code from across the Internet.
Java is a simple language. The Java designers were trying to create a language that a programmer could learn quickly, so the number of language constructs has been kept relatively small. Another design goal was to make the language look familiar to a majority of programmers, for ease of migration.
Java has been designed for writing highly reliable or robust software. Java certainly doesn't eliminate the need for software quality assurance; it's still quite possible to write buggy software in Java. However, Java does eliminate certain types of programming errors, which makes it considerably easier to write reliable software. Java is a strongly typed language, which allows for extensive compile-time checking for potential type-mismatch problems. Secure
One of the most highly touted aspects of Java is that it's a secure language. This is especially important because of the distributed nature of Java. Java was designed with security in mind, and provides several layers of security controls that protect against malicious code, and allow users to comfortably run untrusted programs such as applets. Some security holes were found in early versions of Java, but these flaws were fixed almost as soon as they were found, and it seems reasonable to expect that any future holes will be fixed just as quickly.
Java is an interpreted language, so it is never going to be as fast as a compiled language like C. Furthermore, the speed-critical sections of the Java run-time environment, that do things like string concatenation and comparison, are implemented with efficient native code. As a further performance boost, many Java interpreters now include "just in time" compilers that can translate Java byte-codes into machine code for a particular CPU at run-time.. The performance of Java's interpreted byte-codes is much better than the high-level scripting languages (even Perl), but it still offers the simplicity and portability of those languages.
Java is a multithreaded language; it provides support for multiple threads of execution (sometimes called lightweight processes) that can handle different tasks. An important benefit of multithreading is that it improves the interactive performance of graphical applications for the user. Java makes programming with threads much easier, by providing built-in language support for threads
Java Runtime Environment
The runtime environment used to execute the code. It is made up of the java language and java virtual machine. It is portable and it is platform neutral.
It is used by the developers to create java code. They include java compiler, java interpreter, classes, libraries and applet viewer.
Applications are programs written in java to carry out certain tasks on stand alone local computer. Execution of a stand alone program involves two steps.
Â¢ Compiling the source code into byte code using javac.
Â¢ Executing byte code program using j ava interpreter.
Java applets are pieces of java code that are embedded in HTML document using the applet tag. When the browser encounters such code it automatically download it and execute it.
Java Virtual Machine
It is a specification to which java codes must be written. All java code is to be compiled to be used in this nonexistent virtual machine. Writing the code which compiles in JVM ensures platform independence.
1.3.2 Ms Access
What is a database Quite simply, it's an organized collection of data. A database management system (DBMS) such as Access, FileMaker Pro, Oracle or SQL Server provides you with the software tools you need to organize that data in a flexible manner. It includes facilities to add, modify or delete data from the database, ask questions (or queries) about the data stored in the database and produce reports summarizing selected contents.
Microsoft Access provides users with one of the simplest and most flexible DBMS solutions on the market today. Regular users of Microsoft products will enjoy the familiar Windows "look and feel" as well as the tight integration with other Microsoft Office family products. An abundance of wizards lessen the complexity of administrative tasks and the ever-present Microsoft Office Helper is available for those who care to use it. Before purchasing Access, be sure that your system meets Microsoft's minimum system requirements.
System analysis is the process of identification of the objectives and requirements, evaluation of alternative solutions and recommendation for a more feasible solution. In other words, system analysis is the step-by-step process of gathering, recording and interpreting facts. It is the reduction of an entire system by studying the various operations. It includes studying the problems encountered in the present system and introducing a new computer system into an organization. The main aim of analysis is to determine problem areas and decide on solutions to reduce or eliminate them.
System analysis itself breaks into two stages. Preliminary and Detailed. During preliminary analysis the analyst list the objectives of the proposed system. These findings come together in the preliminary report. Once the preliminary report is approved, the system analysis phase advances into a second stage. During detailed analysis required data and information are collected and a detailed study is made.
During analysis, data are collected on the available files, decision points, and transactions of the system using various tools like data flow diagram.
In any project and implimentation, feasibility analysis is a very important stage. Feasibility study is system proposal according to its workability, impact on the operation, ability to meet user needs and efficient use of resources. Any project and implimentation may face scarcity in resources, time or workforce. An important outcome of the preliminary investigation is the determination whether the system requested is feasible or not. The key considerations involved in the feasibility analysis are technical, operational, and economic.
Technical feasibility is the most important of all types of feasibility analysis. Technical feasibility deals with hardware as well as software requirements. An idea from the outline design to system requirements in terms of inputs outputs, files and procedures is drawn and the type of hardware, software, and the methods required for running the systems are analyzed. Keeping in mind of the above considerations, the resource availability at this company was observed. It was found that the company has the sufficient resources to develop the current project and implimentation; hence the system is technically feasible.
Economic analysis is the most frequently used method for evaluating the effectiveness of the software, more commonly known as the cost /benefit analysis. The procedure is to determine the benefits and savings that are expected from a candidate system and compare them with costs. If the benefits outweigh cost, the decision is made to design and implement the system; otherwise further alternatives have to be made. Here it is seen that no new hardware or software is needed for the development of the system. Hence the project and implimentation is economically feasible for development in this company.
Schedule feasibility is concerned with the completion of the project and implimentation development within the fixed time span. It is an important factor as it can affect other factors like machine availability, tools, cost development and delay in the development of other systems. Besides these, this project and implimentation is assigned to the student as an academic exercise to be completed within a fixed period of time.
The purpose of the operational feasibility study is to determine whether the new system would be used if it is developed and implemented Will there be resistance from users that will undermine the possible application benefits From the outputs of the meeting that was held with the system users, it was found that all of them support the development of new system. The positive response from them encouraged in building such a system.
After analyzing the requirements for our project and implimentation we had come to the conclusion that our project and implimentation users require the following requirements.
> Needs a more user friendly interface.
> More and more security.
> Security feature which are controlled by the user.
> Complexity of the security.
> The account bound with a separate username and password for every user.
> Needs an algorithm which can achieve integrity and authentication.
> Access to the POP3 server of the mail server from where the mails are going to be extracted.
> Needs a friendlier interface.
> Needs a security feature which could make the cryptanalysis more secure.
The hardware and software requirements for the development phase of our project and implimentation are: Software Requirements :
Tool Used : NetBeans 5.5
Front end : Java, J2EE.
Back end : MS Access
: Pentium IV : 256 MB
: 40 GB
: MS Compatible : Standard 104 Keys
: Standard 15"
: 1.44 MB
Hardware Requirements :
Processor RAM Capacity Hard Disk Space Mouse Keyboard Monitor
Floppy Disk Drive
The most creative and challenging phase of the system life cycle is system design. The term design describes a final system and the process by which it is developed. It refers to the technical specification that will be applied in implementing the candidate system. It also include the construction of programs and program testing. The question involved here is "How the problem is solved".
System design is a transition from the user-oriented document to the document-oriented program or database personnel. It emphasizes translating performance specification into the design specification and it involves conceiving and planning and then carrying out the plan for generating the necessary reports and outputs. Design phase acts as the bridge between the software requirements specifications and implementation phase , which satisfies the requirements
5.1 MAJOR SYSTEM DESIGN ACTIVITIES 5.1.1 Input Design:
Input design is a process of converting user-oriented input to computer based format. It also includes determining the record media ,method of input, speed of capture and entry into the system. Input design consist of developing specification and procedures for data procedure for data preparations, those necessary steps into put transaction data into usable form of processing, data entry and activity of putting the data into computer for processing. Five objectives guiding the design are input focus on controlling the amount of input required, avoiding delay, controlling error and keeping the steps simple. The following are decided by the system analyst during design phase:
Â¢ The data to input
Â¢ The details of how data should be arranged or coded
Â¢ The data item and transaction needed validation to detect errors.
All input processes have been designed with at most care to avoid entry of any kind of invalid data into the system. The input screens have been validated effectively in order to give the most accurate input details. Points to be noted while designing the input screens are
Â¢ Don't overcrowd the input screen
Â¢ Keep the same style among the screens
Â¢ Ask for confirmation of critical data
Â¢ Validate data as soon as possible on inputs
In our project and implimentation the input design includes storing the informations like user name, email id, public key into the table named userData
5.1.2 Output Design:
Output are the most important and direct source of information to the user and to the management. Intelligent output design will improve the systems relationship with the user and help in decision making. Output are also used to provide a permanent hard copy for the later consultation. They are obtained in the form of response to the requests.
In our project and implimentation by entering the user name the program automatically loads the public key and email id of that particular user thereby facilitating the user not to remember all these informations.
5.1.3 Program Design :
On the design phase, the requirements analyzed during analysis phase are taken into consideration. The structure require, the control flow etc are decided for efficient functioning of the system that was to be developed.
We have to design the facilities for generating public keys and private keys,to encrypt a given text,decrypt it back,to mail an encrypted message with attachment facility.
5.2 LOGICAL DESIGN
Logical design describes the format of inputs, outputs, and procedures that meets the user requirements.
The design covers the following: o Reviews the current physical system. o Prepares the output specification. o Prepares the Input specifications. o Prepares control specifications.
System development is a series of operations performed to manipulate data to produce output from a computer system. This is highly dependent on the programming language used. The principle activities during the development phase can be divided into two major related sequences :
1. External system development
2. Internal system development
The major external system development activities are :
3. Equipment acquisition
The major internal system development activities are :
1. Computer program development
2. Performance testing
The implementation stage is the next step towards the problem solution. Here the details like which coding language is used is decided and the coding is done in the specified language.
The implementation is the practical job of putting a theoretical design in the practice. It may involve the complete implementation of a computer complex or the introduction of one small subsystem.
The implementation phase of a project and implimentation covers the period from the acceptance of the test design to its satisfactory operation support by the appropriate user and operations manual. It is a major operation across the whole organizational structure and requires a great deal of planning. Planning for implementation must begin from the initial conception of the project and implimentation. It requires a thorough knowledge of the new system, its personal needs, hardware and software requirements, file and procedure conversion activities, etc. Only the analyst is responsible for creating the new system will possess this knowledge. He can plan, schedule and co- ordinate but has no executive powers.
System testing is the stage of implementation, which is aimed at ensuring that the system works accurately and efficiently before live operation commences. Testing is vital to the success of the system. An elaborate testing of data is prepared and the system is tested using this test data. While testing errors are noted and corrections are made. The users are trained to operate the developed system. Both hardware and software securities are made to run the developed system successfully in future. Testing steps:
Â¢ Unit Testing
Â¢ Integration Testing
Â¢ Validation Testing
Â¢ Output Testing
Â¢ User Acceptance Testing
Unit testing focuses verification efforts on the smallest unit of software design, the module. This is also known as "Module Testing". The modules are tested separately. This testing is carried out during programming stage itself. In these testing steps each Module is found to be working satisfactorily as regard to the expected output from the module.
Integration testing is a systematic technique for constructing tests to uncover errors associated within the interface. In this project and implimentation, all the modules combined, and then entire Program is tested as a whole. Thus in the integration testing step, all the errors uncovered are corrected for the next testing steps.
Validation testing is where requirements established as a part of software requirement analysis is validated against the software that has been constructed. This test provides the final assurance that the software meets all functional, behavioral and performance requirements .The errors, which are uncovered during integration testing, are corrected during this phase.
After performing the validation testing, the next step is output testing of the proposed system since no system could be useful if it does not produce the required output in the specific format. The output generated or displayed by the system under consideration is tested asking the users about the format required by them. Here, the output is considered into two ways: one is on the screen and the other is printed format. The output format on the screen is found to be correct as the format designed according to the user needs .For the hard copy also, the output comes out as specified by the user. Hence output testing doesn't result in any connection in the system.
User Acceptance Testing
User acceptance of a system is the key factor for the success of any system. The system under consideration is tested for user acceptance by constantly keeping in touch with the prospective system users at time of development. The testing of the software began along with coding. Since the design was fully object-oriented, first the interfaces were developed and tested. Then unit testing was done for every module in the software for various inputs, such that each line of code is at least once executed After all modules were coded the integration test were carried out. Some minor errors were found in the output at the earlier stage and each of them was corrected. In the implementation of user interface part no major errors were found. After the software was completely developed, the testing was done.
The form below will be displayed after a successful login.
Fig 8.1 Desktop Form
Fig 8.2 Encryption Form
The form below is to encrypt the message. We entered a message in the first text area shown in the form. Next the keys are generated by clicking the Generate Key button and after that enter the password and click the Encrypt button. The encrypted message will be displayed on the second text area
Fig 8.3 Decryption Form
This form is to decrypt the message. The encrypted message from the Encryption Form is entered into the first text area and then the private key is entered and Generate button is pressed. After that the password is entered and Decrypt button is pressed. If all are correct the original message ie the encrypted message is displayed in the second text area.
This form is to generate keys. First users key information is generated and click the either the Save button for saving the details or click the Save & Mail for sending it to another person
Fig 8.4 Key Generation
This form is to save users information like user name, email id and public key
;j Encrypt Decrypt GenerateKey ResetKey II KeyManager
Enter User Name : Enter EMail ID Enter UserPublic Key
Agni_04 @yahoo .com
P4b~54b~54tj5154143045314SÃ‚Â° 71353b~4SÃ‚Â°424 748
Fig 8.5 Key Manager
This form is to mail a message. First , using the File option the user has to login to his gmail account. Then the receiver's id ,subject,message and other informations are entered. Then check the Encrypt check box and click the SEND MAIL button to send the mail.
Development is a single activity. Maintenance is a continuous activity. Maintenance involves activities like inspections, corrections and enhancement. Once the system is delivered and deployed, it enters the maintenance phase. The system need to be maintained not because of some of its components wear out and need to be replaced, but because there are some residual errors remaining in the system that must be removed as they are discovered. This includes activities related to debugging the software after it goes live, changes required to address evolving software and enhancement to meet changing customer requirements. So maintenance phase involves :
Â¢ Understanding the effects of change.
Â¢ Testing the new parts.
Â¢ Retesting the old parts that were not changed
Â¢ Making changes-to both the code and the documents.
These changes have to be signed by the user before the change can be carried out. Since requirement change request involves cost, user will be cautious while requesting the software changes. The software will require continued support. The system maintenance means the maintenance activities after and during the system development processes. This include activities related to debugging the software after it goes live, changes acquired to meet change in users requirement.
Three types of maintenance are :
Â¢ Corrective maintenance.
Â¢ Adaptive maintenance.
Â¢ Perfective maintenance.
Maintenance phase identifies if there are any changes required in the current system. If the changes are identified, then an analysis is made to identify if the changes are really required. Cost benefit analysis is a way to find out if the change is really essential
In the last few years , there has been a sudden growth in the usage of email applications all over the world. New email applications like Gmail, Yahoo Mail etc. have revolutionized the way we perceive and interact with an email application. It has forced and challenged other popular email applications to improve its services and thereby seize a substantial number of users to use their technology.
In an era where technology has no defined bounds to its growth, the usage of new facilities could have a negative or positive impact to the overall service of the email application. For example: If we visualize a person sending a message to another, there could be quite a few in number trying to hack the content, especially if it's a very important message. A user with wrong intentions can cause a lot of damage. In order to overcome such an issue, security of the data becomes a major concern.
The various popular e-mail applications currently being used to provide security all have a single encryption level and also loopholes to it has also been found. To make the transactions more secure, we implement complex algorithm to encrypt the message and then further embed the encrypted data in an image using steganography. This dual layer encryption provides a standard security to the data being sent and also provides the standard e-mail features.
This system brings forth a completely new idea of message transaction and opens a new opportunity to a better means of data exchange.
Our project and implimentation began with the in-depth analysis of the requirements of our project and implimentation and then we moved onto the interface analysis and implementation phase. After proper analysis and a well defined idea on how to develop this web based application, we then finalize on the look and feel of the different modules involved in our project and implimentation and the control flow between them, depending upon the user input.
In the second module, completed a simple java mail based email application. Along with normal email operations, we incorporated RSA encryption system as a default encryption for the first layer of our dual layer security. The simple sending and receiving of mails through simple RSA was our primary target and after completion of this phase, we would further enhance the mailing and encryption capabilities for attachment transactions.
We plan to introduce steganography as the second layer in the security feature for the dual layer security model. The encrypted text is then encoded into the image and is send to the appropriate address location.
We also have plans to include enhancements which would further enhance this email application as a full fledged complete email application which would include more user defined features.
1. Herbert Schildt(2002) ' Java2: The Complete Reference,Fifth Edition' , Tata Mc Graw Hill Publication .
2. Tim Boudreau ; Jesse Glick ; Simeon Greene ; Vaughn Spurlin ; Jack J. Woehr(2003) 'Netbeans: The Definitive Guide' , O'Reilly Publication .