Sie sind auf Seite 1von 64

ABSTRACT: The principal goal guiding the design of any encryption algorithm must be security against unauthorized attacks.

Integrity checking is the crucial for message modification in client server communications. This project provides secure message integrity verification at receivers side. RSA is widely used in public-key cryptosystem. But running this algorithm needs lots of time and memory. This project proposes a RSA signature algorithm to fit for the devices with low computational power. The new signature based MD5 algorithm is proposed against wieners attack for any text encryption and decryption. This system effectively verifies message integrity using RSA with MD5 approach. This proposed system is more efficient since it is faster and takes less running time.



History of Network Security

As the internet came to be, security was low profile and on the back burner for most corporations. Connectivity was a primary concern for Information Technology Professionals. With this beginning, malicious users began to infiltrate and modify systems and data. Sending out viruses and hacking through weak unprotected networks, these users became an immediate threat to legitimate business that wanted to expand and grow globally. Many Chief Information Officers state that the ever growing concerns of security is one of the biggest tasks facing the information technology field today. With spyware/malware, worms, viruses, internal threats and hackers, companies today face their most challenging time for ecommerce growth. With customers all over the globe, the protection of local assets as well as the customers accounts information is of the utmost importance. The historical events that have caused such a concern with computers began with the simplex hacking of phones by Captain Crunch and the adding of boot sector viruses to floppy disks. The growth of these malicious activities now can affect millions of users within a matter of minutes. Many other significant events have happened over the past forty years. This timeline is a brief listing of major events that took place. As the timeline above shows, malicious activities have been around for forty years and are growing by leaps and bounds every day. With government laws on cyberterrorism being put into place all over the globe, the continual infection of machines along with hacking is at an all time high. The research materials presented show because of ecommerce and the growth of the internet, there is no end in site to the growth of these activities. This study will present research materials to give several opinions on the recommendations to protect your network infrastructure.

Message Digest number 5 (MD5) The MD5 (Message Digest number 5) algorithm generate a unique, 128-bit cryptographic message digest value derived from the contents of input stream. This value is considered to be a highly reliable fingerprint that can be used to verify the integrity of the file's contents. If as little as a single bit value in the file is modified, the MD5 checksum for the file changes. Forgery of a file in a way that causes MD5 to generate the same result as that for the original file is considered to be extremely difficult. A set of MD5 checksums for critical system, application, and data files provides a compact way of storing information for use in periodic integrity checks of those files.Details for the MD5 cryptographic checksum algorithm and C source code are provided in RFC 1321. The MD5 algorithm has been implemented in numerous computer languages including C, Perl, and Java. The Advanced CheckSum Verifier is an Windows GUI utility, which generates and verifies message digests (digital signatures) using the MD5 algorithm. This program can be useful when necessary verifying of data burned to CD-R(W), transmitted over network, or for file comparison, and detection of file corruption and tampering. MD2, MD4, and MD5 are message-digest algorithms developed by Rivest. They are meant for digital signature applications where a large message has to be "compressed" in a secure manner before being signed with the private key. All three algorithms take a message of arbitrary length and produce a 128-bit message digest. While the structures of these algorithms are somewhat similar, the design of MD2 is quite different from that of MD4 and MD5. MD2 was optimized for 8-bit machines, whereas MD4 and MD5 were aimed at 32-bit machines. Description and source code for the three algorithms can be found as Internet RFCs 1319-1321. MD2 was developed by Rivest in 1989. The message is first padded so its length in bytes is divisible by 16. A 16-byte checksum is then appended to the message, and the hash value is computed on the resulting message. Rogier and Chauvaud have found that

collisions for MD2 can be constructed if the calculation of the checksum is omitted. This is the only cryptanalytic result known for MD2. MD4 was developed by Rivest in 1990. The message is padded to ensure that its length in bits plus 64 is divisible by 512. A 64-bit binary representation of the original length of the message is then concatenated to the message. The message is processed in 512-bit blocks in the Damgard/Merkle iterative structure, and each block is processed in three distinct rounds. Attacks on versions of MD4 with either the first or the last rounds missing were developed very quickly by Den Boer, Bosselaers and others. Dobbertin has shown how collisions for the full version of MD4 can be found in under a minute on a typical PC. In recent work, Dobbertin (Fast Software Encryption, 1998) has shown that a reduced version of MD4 in which the third round of the compression function is not executed but everything else remains the same, is not one-way. Clearly, MD4 should now be considered broken. MD5 was developed by Rivest in 1991. It is basically MD4 with "safety-belts" and while it is slightly slower than MD4, it is more secure. The algorithm consists of four distinct rounds, which has a slightly different design from that of MD4. Message-digest size, as well as padding requirements, remains the same. Den Boer and Bosselaers have found pseudo-collisions for MD5. More recent work by Dobbertin has extended the techniques used so effectively in the analysis of MD4 to find collisions for the compression function of MD5. While stopping short of providing collisions for the hash function in its entirety this is clearly a significant step. For a comparison of these different techniques and their impact the reader is referred to. Van Oorschot and Wiener have considered a brute-force search for collisions in hash functions, and they estimate a collision search machine designed specifically for MD5 (costing $10 million in 1994) could find a collision for MD5 in 24 days on average. The general techniques can be applied to other hash functions. When you send data over a network, there are three issues most organizations have, security, authenticity, and integrity. The security of your data ensures that no one can read

your data. This is important for the military, where secrets have to be kept from enemy hands. Authenticity guarantees the originator of the data, you know for certain who sent the data. This is important for the legal world, such as digital signatures. Integrity guarantees that the data has not been altered in transit, that the data you received is the data that was sent. This is important for many industries, such as the financial world. MD5 is such a tool, it guarantees the integrity of your data. MD5 can help you in a variety of ways. When you download files from the Internet, you can use MD5 to guarantee you downloaded the correct file. This protects you from Trojans or corrupted files. If you uses tools such as Tripwire to protect the integrity of your filesystem, you are most likely using MD5. You are most likely using MD5 if you are using a public/private key infrastructure. Developed in 1994, MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit "fingerprint" or "message digest". This fingerprint is "nonreversible", it is computationally infeasible to determine the file based on the fingerprint. This means someone cannot figure out your data based on its MD5 fingerprint.

The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world. It can be used to encrypt a message without the need to exchange a secret key separately. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. Party A can send an encrypted message to party B without any prior exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the private key, which only he knows. RSA can also be used to sign a message, so A can sign a message using their private key and B can verify it using A's public key.

Key Generation Algorithm This is the original algorithm. 1. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. 2. Compute n = pq and (phi) = (p-1)(q-1). 3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. 4. Compute the secret exponent d, 1 < d < phi, such that ed 1 (mod phi). 5. The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. [We prefer sometimes to write the private key as (n, d) because you need the value of n when using d.]

n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent. d is known as the secret exponent or decryption exponent.

Encryption Sender A does the following:

Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m, 1 < m < n Computes the ciphertext c = me mod n. Sends the ciphertext c to B.

Decryption Recipient B does the following:1. Uses his private key (n, d) to compute m = cd mod n. 2. Extracts the plaintext from the message representative m.

Digital signing Sender A does the following:1. Creates a message digest of the information to be sent. 2. Represents this digest as an integer m between 1 and n-1. [See note 5]. 3. Uses her private key (n, d) to compute the signature s = md mod n. 4. Sends this signature s to the recipient, B. Signature verification Recipient B does the following:1. Uses sender A's public key (n, e) to compute integer v = se mod n. 2. Extracts the message digest from this integer. 3. Independently computes the message digest of the information that has been signed. 4. If both message digests are identical, the signature is valid. 1.2 EXISTING SYSTEM Existing system uses fixed key size and it depends on hardware. There is no integrity verification tool which uses MD5 as well as robust algorithm like RSA. Existing algorithms consumes more time to encode the text. Existing algorithm uses one key to encrypt or decrypt the text. Existing text encryption algorithms uses stream cipher.


Proposed system uses dynamic keys with arbitrary key size. This system is useful for integrity verification tool which uses MD5 with RSA. This system consumes less time to encode the text. RSA algorithm uses strong keys to encrypt or decrypt the text. This system use Block cipher approach.



User identity is verified by using RSA encryption technique.

Message Integrity is verified by using MD5 technique. It is infeasible to find two different messages with the same hash so it is difficult to break the message for cryptanalysts.
MD5 with RSA encryption technique give more security when compare to

other MD4 technique. 2.2 SCOPE

The scope of this project is limited for finding the message digest to an Input message length can be any length. Output message digest result should be with 128 bits. RSA encryption should be applied after md5 operation.

arbitrary files

2.3 OVERALL DESCRIPTIONS 2.3.1 Functional Requirements MD5 Algorithm MD5 algorithm was developed by Professor Ronald L. Rivest in 1991. According to RFC 1321, MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. The following five steps are performed to compute the message digest of the message. Step 1. Append Padding Bits Step 2. Append Length Step 3. Initialize MD Buffer Step 4. Process Message in 16-Word Blocks Step 5. Output

The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world. It can be used to encrypt a message without the need to exchange a secret key separately. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. Party A can send an encrypted message to party B without any prior exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the private key, which only he knows. RSA can also be used to sign a message, so A can sign a message using their private key and B can verify it using A's public key. Key Generation Algorithm This is the original algorithm. 6. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. 7. Compute n = pq and (phi) = (p-1)(q-1). 8. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. 9. Compute the secret exponent d, 1 < d < phi, such that ed 1 (mod phi). 10. The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. [We prefer sometimes to write the private key as (n, d) because you need the value of n when using d.]

n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent. d is known as the secret exponent or decryption exponent.

Encryption Sender A does the following:

Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m, 1 < m < n Computes the ciphertext c = me mod n. Sends the ciphertext c to B.

Decryption Recipient B does the following:3. Uses his private key (n, d) to compute m = cd mod n. 4. Extracts the plaintext from the message representative m. Digital signing Sender A does the following:5. Creates a message digest of the information to be sent. 6. Represents this digest as an integer m between 1 and n-1. [See note 5]. 7. Uses her private key (n, d) to compute the signature s = md mod n. 8. Sends this signature s to the recipient, B. Signature verification Recipient B does the following:5. Uses sender A's public key (n, e) to compute integer v = se mod n. 6. Extracts the message digest from this integer. 7. Independently computes the message digest of the information that has been signed. 8. If both message digests are identical, the signature is valid.

2.3.2 Nonfunctional Requirements Portability It should run on specified platforms successfully. To achieve this we should test the product on all possible platforms before launching the product. Reliability The system should perform its intended functions under specified conditions. Reusability The system should be extremely reusable as a whole or part. Make the system modularize and make sure that modules are loosely coupled. Robustness The system on the whole should be robust enough to perform well under different circumstances with out any inconsistencies. Testability
The product of a given development phase should satisfy the conditions imposed at the start of that phase. Usability It should be perfect and comfortable for users to work. Security

The system is completely based on the security. This system will provide security base on the PKI (Public Key Infrastructure).


Operating System : Windows XP Professional / Linux Front End : Core java


Processor : Pentium4 RAM HDD : 1GB : 80GB



3.1.1Technical feasibility and System feasibility The assessment is based on an outline design of system requirements in terms of Input, Processes, Output, Fields, Programs, and Procedures. This can be quantified in terms of volumes of data, trends, frequency of updating, etc. in order to estimate whether the new system will perform adequately or not. Technological feasibility is carried out to determine whether the company has the capability, in terms of software, hardware, personnel and expertise, to handle the completion of the project. Once the technical feasibility is established, it is important to consider the monetary factors also. Since it might happen that developing a particular system may be technically possible but it may require huge investments and benefits may be less. For evaluating this, economic feasibility of the proposed system is carried out.

3.1.2 Economic feasibility Economic analysis is the most frequently used method for evaluating the effectiveness of a new system. More commonly known as cost-benefit analysis, the procedure is to determine the benefits and savings that are expected from a candidate system and compare them with costs. If benefits outweigh costs, then the decision is made to design and implement the system. An entrepreneur must accurately weigh the cost versus benefits before taking an action. Cost-based study: It is important to identify cost and benefit factors, which can be categorized as follows: 1. Development costs; and 2. Operating costs. This is an analysis of the costs to be incurred in the system and the benefits derivable out of the system. Time-based study: This is an analysis of the time required to achieve a return on investments. The benefits derived from the system. The future value of a project is also a factor.

Cost Benefit Analysis Cost benefit analysis helps to give management a picture of the costs, benefits and risks. It usually involves comparing alternate investments. Cost benefit determines the benefits and savings that are expected from the system and compares them with the expected costs. The cost of an information system involves the development cost and maintenance cost. The development costs are one time investment whereas maintenance costs are recurring. The development cost is basically the costs incurred during the various stages of the system development. Each phase of the life cycle has a cost. Some examples are: Personnel Equipment Supplies Overheads Consultants' fees

Cost and Benefit Categories In performing Cost benefit analysis (CBA) it is important to identify cost and benefit factors. Cost and benefits can be categorized into the following categories. There are several cost factors/elements. These are hardware, personnel, facility, operating, and supply costs. In a broad sense the costs can be divided into two types: 1. Development costs: Development costs that are incurred during the development of the system are one time investment. E.g.: Wages, Equipment 2. Operating costs: e.g. Wages, Supplies, Overheads

Another classification of the costs can be: Hardware/software costs It includes the cost of purchasing or leasing of computers and its peripherals. A software cost involves required software costs.

Personnel costs It is the money, spent on the people involved in the development of the system. These expenditures include salaries, other benefits such as health insurance, conveyance allowance, etc. Facility costs: Expenses incurred during the preparation of the physical site where the system will be operational. These can be wiring, flooring, acoustics, lighting, and air conditioning. Operating costs: Operating costs are the expenses required for the day to day running of the system. This includes the maintenance of the system. That can be in the form of maintaining the hardware or application programs or money paid to professionals responsible for running or maintaining the system. Supply costs: These are variable costs that vary proportionately with the amount of use of paper, ribbons, disks, and the like. These should be estimated and included in the overall cost of the system.

Benefits We can define benefit as Profit or Benefit = Income Costs Benefits can be accrued by: Increasing Decreasing both income, costs, or or

The system will provide some benefits also. Benefits can be tangible or intangible, direct or indirect. In cost benefit analysis, the first task is to identify each benefit and assign a monetary value to it. The two main benefits are improved performance and minimized processing costs. Further costs and benefits can be categorized as Tangible or Intangible Costs and Benefits Tangible cost and benefits can be measured. Hardware costs, salaries for professionals, software cost are all tangible costs. They are identified and measured. The purchase of hardware or software, personnel training, and employee salaries are example of tangible costs. Costs whose value cannot be measured are referred as intangible costs. The cost of breakdown of an online system during banking hours will cause the bank lose deposits. Benefits are also tangible or intangible. For example, more customer satisfaction, improved company status, etc are all intangible benefits. Whereas improved response time, producing error free output such as producing reports are all tangible benefits. Both tangible and intangible costs and benefits should be considered in the evaluation process. Direct or Indirect Costs and Benefits From the cost accounting point of view, the costs are treated as either direct or indirect. Direct costs are having rupee value associated with it. Direct benefits are also

attributable to a given project. For example, if the proposed systems that can handle more transactions say 25% more than the present system then it is direct benefit. Indirect costs result from the operations that are not directly associated with the system. Insurance, maintenance, heat, light, air conditioning are all indirect costs. Fixed or Variable Costs and Benefits Some costs and benefits are fixed. Fixed costs don't change. Depreciation of hardware, Insurance, etc are all fixed costs. Variable costs are incurred on regular basis. Recurring period may be weekly or monthly depending upon the system. They are proportional to the work volume and continue as long as system is in operation. Fixed benefits don't change. Variable benefits are realized on a regular basis. 3.1.3 Operational Feasibility Operational feasibility is mainly concerned with issues like whether the system will be used if it is developed and implemented. Whether there will be resistance from users that will affect the possible application benefits? The essential questions that help in testing the operational feasibility of a system are following. Does management support the project?

Are the users not happy with current business practices? Will it reduce the time (operation) considerably? If yes, then they will welcome the change and the new system.

Have the users been involved in the planning and development of the project? Early involvement reduces the probability of resistance towards the new system. Will the proposed system really benefit the organization? Does the overall response increase? Will accessibility of information be lost? Will the system affect the customers in considerable way?

3.2 DESIGN 3.2.1 UML Diagrams UML: The Unified Modeling Language (UML) is a standard language for specifying, visualizing, constructing, and documenting the artifacts of software systems, as well as for business modeling and other non-software systems. The UML represents a collection of best engineering practices that have proven successful in the modeling of large and complex systems. The UML is a very important part of developing objects oriented software and the software development process. The UML uses mostly graphical notations to express the design of software projects. Using the UML helps project teams communicate, explore potential designs, and validate the architectural design of the software. The primary goals in the design of the UML were: Provide users with a ready-to-use, expressive visual modeling language so they can develop and exchange meaningful models. Provide extensibility and specialization mechanisms to extend the core concepts. Be independent of particular programming languages and development processes. Provide a formal basis for understanding the modeling language. Encourage the growth of the OO tools market. Support higher-level development concepts such as collaborations, frameworks, patterns and components. Integrate best practices.

Why Use UML? As the strategic value of software increases for many companies, the industry looks for techniques to automate the production of software and to improve quality and reduce cost and time-to-market. These techniques include component technology, visual programming, patterns and frameworks. Businesses also seek techniques to manage the complexity of systems as they increase in scope and scale. In particular, they recognize the need to solve

recurring architectural problems, such as physical distribution, concurrency, replication, security, load balancing and fault tolerance. Additionally, the development for the World Wide Web, while making some things simpler, has exacerbated these architectural problems. The Unified Modeling Language (UML) was designed to respond to these needs. Each UML diagram is designed to let developers and customers view a software system from a different perspective and in varying degrees of abstraction. UML diagrams commonly created in visual modeling tools include Use Case Diagram Class Diagram : Displays the relationship among actors and use cases. : Models class structure and contents using design elements

such as classes, packages and objects. It also displays relationships such as containment, inheritance, associations and others. Interaction Diagrams: Sequence Diagram: Displays the time sequence of the objects participating in the interaction. This consists of the vertical dimension (time) and horizontal dimension (different objects). Collaboration Diagram: Displays an interaction organized around the objects and their links to one another. Numbers are used to show the sequence of messages. State Diagram : Displays the sequences of states that an object of an

interaction goes through during its life in response to received stimuli, together with its responses and actions.1 Activity Diagram : Displays a special state diagram where most of the states

are action states and most of the transitions are triggered by completion of the actions in the source states. This diagram focuses on flows driven by internal processing.1 Physical Diagrams:

Component Diagram: Displays the high level packaged structure of the code itself. Dependencies among components are shown, including source code components, binary code components, and executable components. Some components exist at compile time, at link time, at run times well as at more than one time.1

Deployment Diagram: Displays the configuration of run-time processing elements and the software components, processes, and objects that live on them. Software component instances represent run-time manifestations of code units.

Class Diagram: Class diagrams are the backbone of almost every object-oriented method including UML. They describe the static structure of a system. Basic Class Diagram Symbols and Notations: A class is shown as a solid-outline rectangle containing the class name, and optionally with compartments separated by horizontal lines containing features or other members of the classifier. Classes represent an abstraction of entities with common characteristics. Associations represent the relationships between classes. Illustrate classes with rectangles divided into compartments. Place the name of the class in the first partition (centered, bolded, and capitalized), list the attributes in the second partition, and write operations into the third

Active Class Active classes initiate and control the flow of activity, while passive classes store data and serve other classes. Illustrate active classes with a thicker border.

Visibility Use visibility markers to signify who can access the information contained within a class. Private visibility hides information from anything outside the class partition. Public visibility allows all other classes to view the marked information. Protected visibility allows child classes to access information they inherited from a parent class.

Associations Associations represent static relationships between classes. Place association names above, on, or below the association line. Use a filled arrow to indicate the direction of the relationship. Place roles near the end of an association. Roles represent the way the two classes see each other.

Multiplicity (Cardinality)Place multiplicity notations near the ends of an association. These symbols indicate the number of instances of one class linked to one instance of the other class. For example, one company will have one or more employees, but each employee works for one company only.

Constraint Place constraints inside curly braces {}.

Simple Constraint Composition and Aggregation Composition is a special type of aggregation that denotes a strong ownership between Class A, the whole, and Class B, its part. Illustrate composition with a filled diamond. Use a hollow diamond to represent a simple aggregation relationship, in which the "whole" class plays a more important role than the "part" class, but the two classes are not dependent on each other. The diamond end in both a composition and aggregation relationship points toward the "whole" class or the aggregate.

Generalization Generalization is another name for inheritance or an "is a" relationship. It refers to a relationship between two classes where one class is a specialized version of another. For example, Honda is a type of car. So the class Honda would have a generalization relationship with the class car.

In real life coding examples, the difference between inheritance and aggregation can be confusing. If you have an aggregation relationship, the aggregate (the whole) can access only the PUBLIC functions of the part class. On the other hand, inheritance allows the inheriting class to access both the PUBLIC and PROTECTED functions of the super class.

Dependency: A dependency is a relationship implying that a classifier requires other another classifier for its specification or implementation.

Data Access depends on Connection Pool Interface:

An interface is a kind of classifier that defines a set of related public operations and responsibilities.

Interface Site Search

Use Case Diagram: Use case diagrams are behavior diagrams used to describe a set of actions (use cases) that some system or systems (subject) should or can perform in collaboration with one or more external users of the system (actors). Each use case should provide some observable and valuable result to the actors or other stakeholders of the system Basic Use Case Diagram Symbols and Notations System Draw your system's boundaries using a rectangle that contains use cases. Place actors outside the system's boundaries.

Use Case A use case is behavioral classifier which specifies behavior of a subject (system under construction or consideration) by describing a set of sequences of actions performed by the system to yield an observable result of some value to one or more actors or other stakeholders of the system. In other words, each use case describes a unit of complete and useful functionality that the subject provides to its users

Use case is usually shown as an ellipse containing the name of the use case.

Actors Actors represent roles that can are played by users of the system. Those users can be humans, other computers, pieces of hardware, or even other software systems. The only criterion is that they must be external to the part of the system being partitioned into use cases. They must supply stimuli to that part of the system, and the must receive outputs from it.All actors must have names according to the assumed role. Examples of actor names (user roles): Customer Web Client Student Passenger Payment System

Standard UML notation for actor is "stick man" icon with the name of the actor above or below of the icon. Actor names should follow the capitalization and punctuation guidelines for classes. The names of abstract actors should be shown in italics.

Student actor Custom icons that convey the kind of actor may also be used to denote an actor, such as using a separate icon(s) for non-human actors.

Custom icon for Web Client actor

Custom icon for Bank actor An actor may also be shown as a class rectangle with the standard keyword actor, having usual notation for class compartments, if needed.

Customer actor as Class An actor can only have binary associations to use cases, components, and classes. Relationships Illustrate relationships between an actor and a use case with a simple line. For relationships among use cases Association An association specifies a semantic relationship that can occur between typed instances. It has at least two ends represented by properties, each of which is connected to the type of the end. More than one end of the association may have the same type.

An end property of an association that is owned by an end class or that is a navigable owned end of the association indicates that the association is navigable from the opposite ends; otherwise, the association is not navigable from the opposite ends.

Include: The include relationship could be used:

When there are common parts of the behavior of two or more use cases, To simplify large use case by splitting it into several use cases.

Include relationship between use cases is shown by a dashed arrow with an open arrowhead from the including (base) use case to the included (common part) use case. The arrow is labeled with the keyword include.

Extends: Extend is a directed relationship that specifies how and when the behavior defined in usually supplementary (optional) extending use case can be inserted into the behavior defined in the extended use case. Extend relationship is shown as a dashed line with an

open arrowhead directed from the extending use case to the extended (base) use case. The arrow is labeled with the keyword extend.


A collaboration is represented as a kind of classifier and defines a set of cooperating entities to be played by instances (its roles), as well as a set of connectors that define communication paths between the participating instances. The cooperating entities are the properties of the collaboration specifies a view (or projection) of a set of cooperating classifiers. It describes the required links between instances that play the roles of the collaboration, as well as the features required of the classifiers that specify the participating instances. Several collaborations may describe different projections of the same set of classifiers. Dependency


A dependency is a relationship that signifies that a single or a set of model elements requires other model elements for their specification or implementation. This means that the complete semantics of the depending elements is either semantically or structurally dependent on the definition of the supplier element(s)

File or message




Sequence Diagram Sequence diagrams describe interactions among classes in terms of an exchange of messages over time.

Basic Sequence Diagram Symbols and Notations: Class roles Class roles describe the way an object will behave in context. Use the UML object symbol to illustrate class roles, but don't list object attributes.

Activation Activation boxes represent the time an object needs to complete a task.

Messages Messages are arrows that represent communication between objects. Use half-arrowed lines to represent asynchronous messages. Asynchronous messages are sent from an object

that will not wait for a response from the receiver before continuing its tasks.

Various message types for Sequence and Collaboration diagrams Lifelines

Lifelines are vertical dashed lines that indicate the object's presence over time.

Destroying Objects Objects can be terminated early using an arrow labeled "<< destroy >>" that points to an X.


A repetition or loop within a sequence diagram is depicted as a rectangle. Place the condition for exiting the loop at the bottom left corner in square brackets [ ].

Sequence Diagram for Sender

:Sender Select file or message

:File or Message



:Encrypted Hash


Applying Rsa encryption to hash Applying MD5 algorithm for hashing

Encrypted Hash Value Storing encrypted hash in database

Sequence Diagram For Receiver Side


:Message Computed Hash



Use received Message

:Encrypted Hash

:Rsa Decryption Receivers Hash Value



Hash Value for message

Compare for Integrity Checking

Use Encrypted Hash Value

Decrypt Using Rsa After Decryption Hash Value Senders Hash Value

Collaboration Diagram A collaboration diagram describes interactions among objects in terms of sequenced messages. Collaboration diagrams represent a combination of information taken from class, sequence, and use case diagrams describing both the static structure and dynamic behavior of a system.

Basic Collaboration Diagram Symbols and Notations Class roles Class roles describe how objects behave. Use the UML object symbol to illustrate class roles, but don't list object attributes.

Association roles Association roles describe how an association will behave given a particular situation. You can draw association roles using simple lines labeled with stereotypes.

Messages Unlike sequence diagrams, collaboration diagrams do not have an explicit way to denote time and instead number messages in order of execution. Sequence numbering can become nested using the Dewey decimal system. For example, nested messages under the first message are labeled 1.1, 1.2, 1.3, and so on. A condition for a message is usually placed in square brackets immediately following the sequence number. Use a * after the sequence number to indicate a loop.

Collaboration diagram for Sender:

:Sender :MD5

:Encrypted Hash

2: Applying MD5 algorithm for hashing

3: Applying Rsa encryption to hash 5: Storing encrypted hash in database

1: Select file or message

4: Encrypted Hash Value

:File or Message



Collaboration diagram For Receiver Side

5: Compare for Integrity Checking 2: Computed Hash :Message :MD5 :Encrypted Hash :Compare

6: Use Encrypted Hash Value 1: Use received Message

4: Receivers Hash Value 9: Senders Hash Value 3: Hash Value for message

7: Decrypt Using Rsa

Receiver :Hashvalu e 8: After Decryption Hash Value :Rsa Decryption


4.1. Technology Java (with a capital J) is a high-level, third generation programming language, like C, Fortran, Smalltalk, Perl, and many others. You can use Java to write computer applications

that crunch numbers, process words, play games, store data or do any of the thousands of other things computer software can do. Compared to other programming languages, Java is most similar to C. However although Java shares much of C's syntax, it is not C. Knowing how to program in C or, better yet, C++, will certainly help you to learn Java more quickly, but you don't need to know C to learn Java. Unlike C++ Java is not a superset of C. A Java compiler won't compile C code, and most large C programs need to be changed substantially before they can become Java programs. What's most special about Java in relation to other programming languages is that it lets you write special programs called applets that can be downloaded from the Internet and played safely within a web browser. Traditional computer programs have far too much access to your system to be downloaded and executed willy-nilly. Although you generally trust the maintainers of various ftp archives and bulletin boards to do basic virus checking and not to post destructive software, a lot still slips through the cracks. Even more dangerous software would be promulgated if any web page you visited could run programs on your system. You have no way of checking these programs for bugs or for out-and-out malicious behavior before downloading and running them. Java solves this problem by severely restricting what an applet can do. A Java applet cannot write to your hard disk without your permission. It cannot write to arbitrary addresses in memory and thereby introduce a virus into your computer. It should not crash your system.

The Java Buzzwords Platform independent:

Java was designed to not only be cross-platform in source form like C, but also in compiled binary form. Since this is frankly impossible across processor architectures Java is compiled to an intermediate form called byte-code. A Java program never really executes natively on the host machine. Rather a special native program called the Java interpreter reads the byte code and executes the corresponding native machine instructions. Thus to port Java programs to a new platform all that is needed is to port the interpreter and some of the library routines. Even the compiler is written in Java. The byte codes are precisely defined, and remain the same on all platforms. The second important part of making Java cross-platform is the elimination of undefined or architecture dependent constructs. Integers are always four bytes long, and floating point variables follow the IEEE 754 standard for computer arithmetic exactly. You don't have to worry that the meaning of an integer is going to change if you move from a Pentium to a PowerPC. In Java everything is guaranteed. Simple: Java is simple, it is easy to read and write. Obfuscated Java isn't nearly as common as obfuscated C. There aren't a lot of special cases or tricks that will confuse beginners. About half of the bugs in C and C++ programs are related to memory allocation and deallocation. Therefore the second important addition Java makes to providing bug-free code is automatic memory allocation and deallocation. The C library memory allocation functions malloc() and free() are gone as are C++'s destructors. Java is an excellent teaching language, and an excellent choice with which to learn programming. The language is small so it's easy to become fluent. The language is interpreted so the compile-run-link cycle is much shorter. The runtime environment provides automatic memory allocation and garbage collection so there's less for the programmer to think about. Java is object-oriented unlike Basic so the beginning programmer doesn't have to unlearn bad programming habits when moving into real world projects.

Object-Oriented: Object oriented programming is the catch phrase of computer programming in the 1990's. Although object oriented programming has been around in one form or another since the Simula language was invented in the 1960's, it's really begun to take hold in modern GUI environments like Windows, Motif and the Mac. In object-oriented programs data is represented by objects. Objects have two sections, fields (instance variables) and methods. Fields tell you what an object is. Methods tell you what an object does. These fields and methods are closely tied to the object's real world characteristics and behavior. When a program is run messages are passed back and forth between objects. When an object receives a message it responds accordingly as defined by its methods. Object oriented programming is alleged to have a number of advantages including:

Simpler, easier to read programs More efficient reuse of code Faster time to market More robust, error-free code

High Performance: Java byte codes can be compiled on the fly to code that rivals C++ in speed using a "justin-time compiler." Several companies are also working on native-machine-architecture compilers for Java. These will produce executable code that does not require a separate interpreter, and that is indistinguishable in speed from C++. While you'll never get that last ounce of speed out of a Java program that you might be able to wring from C or Fortran, the results will be suitable for all but the most demanding applications.

Multi-Threaded: Java is inherently multi-threaded. A single Java program can have many different threads executing independently and continuously. Three Java applets on the same page can run together with each getting equal time from the CPU with very little extra effort on the part of the programmer. This makes Java very responsive to user input. It also helps to contribute to Java's robustness and provides a mechanism whereby the Java environment can ensure that a malicious applet doesn't steal all of the host's CPU cycles. Unfortunately multithreading is so tightly integrated with Java, that it makes Java rather difficult to port to architectures like Windows 3.1 or the PowerMac that don't natively support preemptive multi-threading. Dynamic: Java does not have an explicit link phase. Java source code is divided into .java files, roughly one per each class in your program. The compiler compiles these into .class files containing byte code. Each .java file generally produces exactly one .class file. (There are a few exceptions we'll discuss later in the semester, non-public classes and inner classes). The compiler searches the current directory and directories specified in the CLASSPATH environment variable to find other classes explicitly referenced by name in each source code file. If the file you're compiling depends on other, non-compiled files the compiler will try to find them and compile them as well. The compiler is quite smart, and can handle circular dependencies as well as methods that are used before they're declared. It also can determine whether a source code file has changed since the last time it was compiled. More importantly, classes that were unknown to a program when it was compiled can still be loaded into it at runtime. For example, a web browser can load applets of differing classes that it's never seen before without recompilation.

PACKAGES IN JAVA: Package: A Java package is a mechanism for organizing Java classes into namespaces similar to the modules of Modula. Java packages can be stored in compressed files called JAR files, allowing classes to download faster as a group rather than one at a time. Programmers also typically use packages to organize classes belonging to the same category or providing similar functionality. Using packages: In a Java source file, the package that this file's class or classes belong to is specified with the package keyword. This keyword is usually the first keyword in the source file. package java.awt.event; To use a package's classes inside a Java source file, it is convenient to import the classes from the package with an import declaration. The following declaration import java.awt.event.*; imports all classes from the java.awt.event package, while the next declaration import java.awt.event.ActionEvent; imports only the ActionEvent class from the package. After either of these import declarations, the ActionEvent class can be referenced using its simple class name: ActionEvent myEvent = new ActionEvent(); Classes can also be used directly without an import declaration by using the fully qualified name of the class. For example, java.awt.event.ActionEvent myEvent = new java.awt.event.ActionEvent();

does not require a preceding import declaration. Exception-Handling Fundamentals: Exception handling is a programming language construct or computer hardware mechanism designed to handle the occurrence of exceptional conditions: special conditions often changing the normal flow of program execution. In general, an exception is handled (resolved) by saving the current state of execution in a predefined place and switching the execution to a specific subroutine known as an exception handler. Depending on the situation, the handler may later resume the execution at the original location using the saved information. To understand how exception handling works in Java, you need to understand the three categories of exceptions:

Checked exceptions: A checked exception is an exception that is typically a user error or a problem that cannot be foreseen by the programmer. For example, if a file is to be opened, but the file cannot be found, an exception occurs. These exceptions cannot simply be ignored at the time of compilation.

Runtime exceptions: A runtime exception is an exception that occurs that probably could have been avoided by the programmer. As opposed to checked exceptions, runtime exceptions are ignored at the time of compliation.

Errors: These are not exceptions at all, but problems that arise beyond the control of the user or the programmer. Errors are typically ignored in your code because you can rarely do anything about an error. For example, if a stack overflow occurs, an error will arise. They are also ignored at the time of compilation.

Exception Hierarchy: All exception classes are subtypes of the java.lang.Exception class. The exception class is a subclass of the Throwable class. Other than the exception class there is another subclass called Error which is derived from the Throwable class.

Errors are not normally trapped form the Java programs. These conditions normally happen in case of severe failures, which are not handled by the java programs. Errors are generated to indicate errors generated by the runtime environment. Example : JVM is out of Memory. Normally programs cannot recover from errors. The Exception class has two main subclasses : IOException class and RuntimeException Class.

Catching Exceptions: A method catches an exception using a combination of the try and catch keywords. A try/catch block is placed around the code that might generate an exception. Code within a try/catch block is referred to as protected code, and the syntax for using try/catch looks like the following:

try { //Protected code

}catch(ExceptionName e1) { //Catch block }

A catch statement involves declaring the type of exception you are trying to catch. If an exception occurs in protected code, the catch block (or blocks) that follows the try is checked. If the type of exception that occurred is listed in a catch block, the exception is passed to the catch block much as an argument is passed into a method parameter. The throws/throw Keywords: If a method does not handle a checked exception, the method must declare it using the throws keyword. The throws keyword appears at the end of a method's signature. You can throw an exception, either a newly instantiated one or an exception that you just caught, by using the throw keyword. Try to understand the different in throws and throw keywords. The following method declares that it throws a RemoteException: import*; public class className { public void deposit(double amount) throws RemoteException { // Method implementation

throw new RemoteException(); } //Remainder of class definition } Amethod can declare that it throws more than one exception, in which case the exceptions are declared in a list separated by commas. The finally Keyword The finally keyword is used to create a block of code that follows a try block. A finally block of code always executes, whether or not an exception has occurred. Using a finally block allows you to run any cleanup-type statements that you want to execute, no matter what happens in the protected code. A finally block appears at the end of the catch blocks and has the following syntax: try { //Protected code }catch(ExceptionType1 e1) { //Catch block }catch(ExceptionType2 e2) { //Catch block

}catch(ExceptionType3 e3) { //Catch block }finally { //The finally block always executes. }

The Abstract Window Toolkit (AWT) The Abstract Window Toolkit (AWT) is Java's original platform-independent windowing, graphics, and user-interface widget toolkit. The AWT is now part of the Java Foundation Classes (JFC) the standard API for providing a graphical user interface (GUI) for a Java program. AWT is also the GUI toolkit for a number of Java ME profiles. For example, Connected Device Configuration profiles require Java runtimes on mobile telephones to support AWT. Components Modern user interfaces are built around the idea of components: reusable gadgets that implement a specific part of the interface. They dont need much introduction: if you have used a computer since 1985 or so, youre already familiar with buttons, menus, windows, checkboxes, scrollbars, and many other similar items. AWT comes with a repertoire of basic user interface components, along with the machiner y for creating your own components (often combinations of the basic components) and for communicating between components and the rest of the program.

The next few sections summarize the components that are part of AWT. If youre new to AWT, you may find it helpful to familiarize yourself with whats available before jumping into the more detailed discussions later in this book. Static Te xt The Label class provides a means to display a single line of text on the screen. Thats about it. They provide visual aids to the user: for example, you might use a label to describe an input field. You have control over the size, font, and color of the text. Labels are discussed in Section 5.2. Figure 1-1 displays several labels with different attributes. User Input Java provides several different ways for a user to provide input to an application. The user can type the information or select it from a preset list of available choices. The choice depends primarily on the desired functionality of the program, the user-base, and the amount of back-end processing that you want to do. The TextField and TextArea The TextField and TextArea classes Two components are available for entering keyboard input: TextField for single line input and TextArea for multi-line input. They provide the means to do things from character-level data validation to complex text editing. The Checkbox and CheckboxGroup classes The remaining input-oriented components provide mechanisms for letting the user select from a list of choices. The first such mechanism is Checkbox, which lets you select or deselect an option. SWINGS IN JAVA To create a Java program with a graphical user interface (GUI), you'll want to learn about Swing. The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications. Swing includes all the components you would expect from a modern toolkit: table controls, list controls, tree controls, buttons, and labels.

Swing is far from a simple component toolkit, however. It includes rich undo support, a highly customizable text package, integrated internationalization and accessibility support. To truly leverage the cross-platform capabilities of the Java platform, Swing supports numerous look and feels, including the ability to create your own look and feel. The ability to create a custom look and feel is made easier with Synth, a look and feel specifically designed to be customized. Swing wouldn't be a component toolkit without the basic user interface primitives such as drag and drop, event handling, customizable painting, and window management. Swing is part of the Java Foundation Classes (JFC). The JFC also include other features important to a GUI program, such as the ability to add rich graphics functionality and the ability to create a program that can work in different languages and by users with different input devices. The following list shows some of the features that Swing and the Java Foundation Classes provide. Swing GUI Components The Swing toolkit includes a rich array of components: from basic components, such as buttons and check boxes, to rich and complex components, such as tables and text. Even deceptively simple components, such as text fields, offer sophisticated functionality, such as formatted text input or password field behavior. There are file browsers and dialogs to suit most needs, and if not, customization is possible. If none of Swing's provided components are exactly what you need, you can leverage the basic Swing component functionality to create your own. Java 2D API To make your application stand out; convey information visually; or add figures, images, or animation to your GUI, you'll want to use the Java 2D API. Because Swing is built on the 2D package, it's trivial to make use of 2D within Swing components. Adding images, drop shadows, compositing it's easy with Java 2D.

Pluggable Look-and-Feel Support Any program that uses Swing components has a choice of look and feel. The classes shipped by Oracle provide a look and feel that matches that of the platform. The Synth package allows you to create your own look and feel. The GTK+ look and feel makes hundreds of existing look and feels available to Swing programs. A program can specify the look and feel of the platform it is running on, or it can specify to always use the Java look and feel, and without recompiling, it will just work. Or, you can ignore the issue and let the UI manager sort it out. Data Transfer Data transfer, via cut, copy, paste, and drag and drop, is essential to almost any application. Support for data transfer is built into Swing and works between Swing components within an application, between Java applications, and between Java and native applications. Internationalization This feature allows developers to build applications that can interact with users worldwide in their own languages and cultural conventions. Applications can be created that accept input in languages that use thousands of different characters, such as Japanese, Chinese, or Korean. Swing's layout managers make it easy to honor a particular orientation required by the UI. For example, the UI will appear right to left in a locale where the text flows right to left. This support is automatic: You need only code the UI once and then it will work for left to right and right to left, as well as honor the appropriate size of components that change as you localize the text. Accessibility API

People with disabilities use special software assistive technologies that mediates the user experience for them. Such software needs to obtain a wealth of information about the running application in order to represent it in alternate media: for a screen reader to read the screen with synthetic speech or render it via a Braille display, for a screen magnifier to track the caret and keyboard focus, for on-screen keyboards to present dynamic keyboards of the menu choices and toolbar items and dialog controls, and for voice control systems to know what the user can control with his or her voice. The accessibility API enables these assistive technologies to get the information they need, and to programmatically manipulate the elements that make up the graphical user interface. Undo Framework API Swing's undo framework allows developers to provide support for undo and redo. Undo support is built in to Swing's text component. For other components, Swing supports an unlimited number of actions to undo and redo, and is easily adapted to an application. For example, you could easily enable undo to add and remove elements from a table.


5.1 TESTING Testing is the process of finding differences between the expected behavior specified by system models and the observed behavior of the system. Testing is a critical role in quality assurance and ensuring the reliability of development and these errors will be reflected in the code so the application should be thoroughly tested and validated

Unit testing finds the differences between the object design model and its corresponding components. Structural testing finds differences between the system design model and a subset of integrated subsystems. Functional testing finds differences between the use case model and the system. Finally performance testing, finds differences between non-functional requirements and actual system performance. From modeling point of view, testing is the attempt of falsification of the system with respect to the system models. The goal of testing is to design tests that exercise defects in the system and to reveal problems. Levels of testing: Different levels of testing are as follows

1. Unit Testing: In this test each component is tested independent of the

other thus allowing parallelism in testing activity. Ex: Individual units like generating the keys by each individual user, computing the values of the share of the distributed component are tested individually. 2. Integration Testing: Many tested modules are combined into subsystem. Which are then tested? The emphasis is on testing interface between modules. This activity can be considered to test the design. Ex: We first perform individual testing on the modules. Later some modules like sending the requests to all other clients and receiving the information from them and then validating the results are all integrated into a component and tested as a single unit.

3. System Testing: This is a series of testing whose purpose is to fully

exercise the entire software system. System testing verifies that all elements mesh properly and the overall system function/performance is achieved. System testing is done using real data. The system performance was found to be working to be as per requirements specified. Ex: Finally, we test whether the application is able to encrypt and successfully decrypt the data from the database. This involves testing all the

individual systems of the application. This is achieved through System testing. Testing approaches: There are three basic approaches to testing: Functional (Black box testing) Conditional Structural (White box testing)

White box Testing: This test focuses on the program control structure. Test cases are derived to ensure that all the statements in the program have been executed at least once during testing and that all logical conditions have been exercised. Condition testing: Condition testing is a test case design method that exercises the logical conditions contained in a module the condition testing focuses on testing each condition in the operation. Black box Testing: These tests are designed to validate functional requirements without regard to working of the program. Black box testing technique focuses on the information domain of the software deriving test cases by partitioning input and output in a manner that provides thorough test coverage. This approach also deals with the identification of class libraries or software packages or other application systems, which are already present so that developer can implement the object models with a decreased burden of testing. Testing Activities: Testing a large system is a complex activity and like any complex activity. It has to be broke into smaller activities. Thus incremental testing was performed on the project i.e., components and subsystems of the system were tested separately before integrating them to form the subsystem for system testing.

Unit Testing: Unit testing focuses on the building blocks of the software system that is the objects and subsystems. There are three motivations behind focusing on components. First unit testing reduces the complexity of overall test activities allowing focus on smaller units of the system, second unit testing makes it easier to pinpoint and correct faults given that few components are involved in the rest. Third unit testing allows parallelism in the testing activities, that is each component are involved in the test. Third unit testing allows parallelism in the testing activities that is each component can be tested independently of one another.

The following are some unit testing techniques. 1. Equivalence testing: It is a black box testing technique that minimizes the number of test cases. The possible inputs are partitioned into equivalence classes and a test case is selected for each class. 2. Boundary testing: It is a special case of equivalence testing and focuses on the conditions at the boundary of the equivalence classes. Boundary testing requires that the elements be selected from the edges of the equivalence classes. 3. Path testing: It is a white box testing technique that identifies faults in the implementation of the component the assumption here is that exercising all possible paths through the code at least once. failure. This acquires knowledge of source code. Test Process: 1) Object Name: Encrypt Test Criteria: Verifies whether the user input is valid or not. Testing Approach: Black Box Testing Test case Specification: Most faults will trigger

Field Name File name

Input String Numeric Alphanumeric File

Expected O/P Reject Reject Reject Accept


Object Name: Encrypt Test Criteria: Verifies whether the user input is valid or not Testing Approach: Black Box Testing Test case Specification: Field Name Message Input String Numeric Alphanumeric Expected o/p Accept Reject Reject

1) Object Name: Decrypt Test Criteria: Verifies whether the user input is valid or not. Testing Approach: Black Box Testing Test case Specification:

Field Name File name

Input String Numeric Alphanumeric File

Expected O/P Reject Reject Reject Accept


Object Name: Decrypt Test Criteria: Verifies whether the user input is valid or not Testing Approach: Black Box Testing Test case Specification: Field Name Message Input String Numeric Alphanumeric Expected o/p Accept Reject Reject




This project proposes a RSA signature algorithm to fit for message and files. Message integrity verification gives perfect message as well as file integrity checking at receiver side. The new signature based MD5 algorithm is proposed against wieners attack for any text encryption and decryption. This proposed system is more efficient since it is faster and system independent. In future this proposed system is extended to implement in online environment for better results.