Sie sind auf Seite 1von 45

1.

INTRODUCTION

1.1. OVERVIEW

Network security consists of the policies and practices adopted to prevent and monitor
access, misuse, modification, or denial of a computer network and network-accessible resources.
Network security involves the authorization of access to data ina network, which is controlled by
the network administrator Users choose or are assigned an ID and password or other
authenticating information that allows them access to information and programs within their
authority. Network security covers a variety of computer networks, both public and private, that
are used in everyday jobs; conducting transactions and communications among businesses,
government agencies and individuals.
In 1997, research work was started for the Mobile payment research later on the first
payment transaction was performed on the mobile device. It is held on the Finland; at first Coca
Cola company was started performing with vending machines that proved SMS payments. Then
later on of research work carried out by Dahlberg et al. (2008) who was established, his ideas in
the journal of Electronic Commerce Research and Applications [1]. Several authors has reviewed
his approach and accepted the reflected the authors’ excogitated understanding of payment
through the mobile devices, therefore, it had independently evaluated in various continents and
countries for so many years.

Then, some authors has submitted a fair report by doing literature on this specific area s,
the authors felt that there was arequired to give the support for future research [2].Their main
goal was that mobile payment problems were not completely discovered by the educational
community. In despite, a certain number of the publications concentrated particularly on two
problems: consumer adoption and technology. Fascinatingly, at the certain time duration, some
customers were able to gone through mobile payments. Thus, it results to a huge number of

1
mobile payment initiatives, but failed before they attain their specific end-users. As, there is
higher complexity of this phenomenon, it describes about the analysis of the consumer adoption
in isolation would only result a restricted users in the mobile payments.
1.2. PROJECT DESCRIPTION
Micropayment applications have turns to be general usage in electronic payment due to
the fasted development of the Internet and the improving sophistication of electronic commerce.
In contrast tothis applications is macro payment systems, like electronic cash, micropayment was
commonly introduced to underline transactional efficiency. Hence, it is specifically considered
for common small-value transactions in terms of the audio streaming and pay-per-view movies,
videoconferencing. Previous research work on micropayment did not concentrate on the fairness
and anonymity mobile payment so there is appreciation for the higher advancements in
technology and the developed in computing power, it is now very common to include these
properties to micropayment.
Micropayment technique can be divided into two class: prepaid method and postpaid
method. While prepaid method, users can make the payment before doing anypurchase in the
online services. A postpaid method used to permit users to do payment after they dopurchasing.
Due to this cause, a most of the electronic payment becomes flexible to large number of users
obtains more transactions, with the using the schemeof interest in the delayed payment, the
postpaid scheme is obviously more flexible for the users. User anonymity is difficult to
accomplishing in a postpaid method as it needs atrace scheme for redemption that is in conflict
topmost user anonymity. Therefore, proposing an anonymous postpaid micropayment technique
is very hardest in the mobile payment. Majority of the anonymous micropayment mechanisms
was introduced in the literature study of the are prepaid ones.
Contribution
This paper proposes and analysis the FRoDO, asecure off-line micro-payment approaches
utilizing multiple physical inclinable functions. Frodo special features analysis coin element and
the identity element to make secure authenticate for the customer,and a coin element where
digital coins are not locally stored in the devices. The FRoDO protocol utilized for the making
the secure transaction payment which not only analyze the customers coins but also verify the
identity of the user using identify element.

2
Problem and Objectives
The vendor have been victims of information security breaches and payment data theft
targeting consumer payment card data and Personally Identifiable Information(PII).Theuser data
can be used by the criminals for fraud operations. For improving security, the credit card and
debit card holders use Payment card industry Security Standard Council.PoS system always
handle critical information and requires remote management.PoS System acts as gateways and
require network connection to work with external credit card processors. However, a network
connection not be available due to either a temporary network service or due to permanent lack
of network coverage. On solutions are not very efficient since remote communication can
introduce delays in thepayment process. Brute forcing remote access connections and stolen
credentials involved in PoS intrusions. Settlement comprises all actions happening after the
authorization stage.

PoS DEVICE BREACH ES

POS device are the most important entities in an electronic payment system. All the
attacks described and requires the PO S to be connected to a network and attacker break the
payment system and infect either the PO S itself or a specific component within the EPS. In this
scenario, no data is going to leave the POS and there is no way to infect the Poss. As such,
breaches based on network-level hacking cannot be unleashed. However, data processed by the
POS can still be eavesdropped by having physical access to the POS itself or by exploiting
device vulnerabilities. The description of the possible breaches threatening POS systems will
beprovided.

3
Fig 2. POS System Architecture

THREAT MODELS

Based on the capabilities and on the amount of devices that can be accessed during attack,
attackers introduced as follows,

• Ubiquitous:It isan internal attacker who have an access to involve in al l devices.

• Collector:It is an external attacker only exchange messages between customer


andvendor device.

• Malicious Customer:This is an internal attacker can either physic ally open


thecustomer device or inject malicious node within the customer device to hack the
customer details.

• Malicious Vendor:This is an internal attacker that can get information from


vendordevice or inject malicious code into the PoS machine to alter its behaviors.

4
1.3. Literature Survey

1 Fraud Resilient Device for Off-line micropayments


Here author vanisadaza said market analysts have predicted that mobile payments will
overtake the traditional marketplace, thus providing greater convenience to consumers and new
sources of revenue to many companies. This scenario produces a shift in purchase methods from
classic credit cards tonew approaches such as mobile-based payments, giving new market
entrants novel business chances. Widely supported by recent hardware, mobile payment
technology is still at its early stages of evolution but itis expected to rise in the near future as
demonstrated by the growing interest in crypto-currencies. The first pioneering micro-payment
scheme. Nowadays, cryptocurrencies and decentralized payment systems are increasingly
popular, fostering a shift from physical todigital currencies. However, such payment techniques
are not yet commonplace, due to several unresolvedissues, including a lack of widely-accepted
standards, limited interoperability among systems and, most importantly, security.

2.Secure Payment Solutions Fully Off-LineFunctions on Frodo


In this survey says nowadays online payments are one of the most popular, when the
customer or buyer makes his payment transactions forthe goods purchased with the use of the
online money payment. In that the purchase methods from classic credit or debit cards to new
approaches like mobile-based payments, giving new market entrant’s novel business
probabilities. However, many of us still resist the attractiveness andease of revolving credit
transactions because of security issues. So far there are a high risk for taken cards, fraud so the
purchasers worry debit-card fraud by merchants and different third parties. Payment transactions
are usually processed by an electronic payment system (for short, EPS). The EPS is a separate
function from the typical point of sale function, although the EPS and PoS system may beco-
located on constant machine. In general, the EPSperforms all payment process, whereas the PoS
systemic that the tool utilized by the cashier or shopper. Pointof Sale is the time and place where
a retail exchange is finished.
At the point of sale, the dealer would set up a receiptfor the client or generally figure the
sum owed by the client and give choices to the client to make payment.In this transaction
process, there is chance to attackers often aim at stealing such customer data by targeting the
Point of Sale. Modern PoS systems are powerful computers equipped with a card reader and

5
running specialized software. Increasingly typically, user devices are utilized as input to the PoS.
In these scenarios, malware that can take card information when they are read by the device has
thrived. So thatwe proposed FRODO techniques, a safe disconnected from the net transaction
arrangement that is strong toPoS information breaches. Our solution enhances over exceptional
methodologies as far as adaptability and security.

3.Off-Line Secure Credits for Micro PaymentsUsing FRoDO Resilient Device


“This survey mainly concentrate on micro payments, with network security and consists
of the policies and practices adopted to prevent and monitor access, misuse, modification, or
denial of a computer network and network-accessibleresources.Network security involves the
authorization of access to data in a network, which is controlled by thenetwork administrator
Users choose or are assigned anID and password or other authenticating informationthat allows
them access to information and programs within their authority. Network security covers variety
of computer networks, both public and private,that are used in everyday jobs; conducting
transactions and communications among businesses, government agencies and individuals. Here
other survey says that Net Bills a transactional payment protocol with many advanced features
(atomicity, group membership, pseudonyms, etc.) that require communication with the Net Bill
server for each transaction, thus exhibiting the same drawback with respect to micropayments as
the simpler online protocols already mentioned. Other general-purposepayment protocols are
unattractive for micropaymentsfor these same reasons.NetCentsand Millicent [Man95] are scrip-
basedoff-line-friendly micropayment protocols. As themonetary unit used in these protocols is
vendorspecific,double-spending is made very difficult (if not impossible). The assumption
behind both protocols is that people tend to re-use the same merchants repeatedly.”

4.Preserving Micro-Payments in Deception ofResilient Devices


The vendor have been victims of information security breaches and payment data theft
targeting consumer payment card data and Personally Identifiable Information (PII).The user
data can beused by the criminals for fraud operations. For improving security, the credit card and
debit cardholders use Payment card industry Security Standard Council. PoS system always
handles critical information and requires remote management. PoS System acts as gateways and
requires network connection to work with external credit card processors. However, a network

6
connection not be available due to either a temporary network service or due to permanent lack
of network coverage. On solutions are not very efficient since remote communication can
introduce delays in the payment process. Brute forcing remote access connections and stolen
credentials involved in PoS intrusions.

5.A Resilient and Energy-saving Incentive Systemfor Resource Sharing


Current sales indicate significant increase in the popularity of smart phones and evidently
show a trend towards feature-richmobile devices. Besides offering computing and storage
resources almost comparable to desktop PCsten years ago, such devices offer a variety of other
resources, including different communications capacities like 3G, WiFi, and Bluetooth, as well
assessors for position, acceleration, light, andtemperature.Combining the resources provided by
multiple devices enables new and exciting applications. These are typically observed as a natural
subset of pervasive computing and find increasing interest in many other disciplines of
distributed computing, e. g., in Grid computing and service overlays. Example applications range
from pooling capacities of the cellular connections of multiple devices to speed updownloads to
people-centric sensing exploiting thesensors of thousands of smart-phones. Unfortunately,
despite of the growth in resource variety, processorspeed, memory size, and communication
bandwidth, battery capacity remains the limiting factor for realizing the vision described above.
Providingresources for applications running on remote devices may consume a significant
amount of energy, limiting the operating time of a mobile device for the owner’spersonal use.
In fact, mechanisms are required tomotivate device owners that are not known to
eachother in general and, thus, do not pursue a common goal spend energy on behalf of others.
Such mechanisms can be provided by incentive systems. These systems could recompense the
energy spent forserving a remote resource request, and allow to use therefund in turn to
recompense others for using their resources. Many incentive systems for motivatingcooperation
among users have been proposed with different application scenarios in mind, e. g.
MilliCent,NetPay, and Micromint.However, most of them cannot be used to motivate resource
sharing among mobile devices, since theyeither require trusted hardware, connections to acentral
broker or other third parties on each interactionthat requires a refund, or utilize refunds that
cannot bereused without opening the door for fraud.

7
An evenmore important drawback when it comes to providing incentives for spending
energy is that must systems consume lots of energy by themselves, e. g., by requiring the use of
public key cryptography on each payment, contradicting the primary goal of the incentive
system.

6. Offline Micropayments without TrustedHardware


Current electronic payment systems arenot well matched to occasional, low-valued
transactions. (For the purposes of this discussion, weuse the term “electronic payment system”
broadly, to encompass conventional credit cards, stored-value cards, online and offline digital
cash, etc.) A central requirement for any electronic payment system is thata single compromise
or failure should not have catastrophic consequences. For example, it should notbe possible to
double spend in a digital cash system,nor should the compromise of a client’s authorization
secret entail unlimited client liability or uncollectible transactions. Traditional payment systems
are designed to prevent such failures. Unfortunately, the prevention mechanisms are generally
too expensive to support occasional, low-valued transactions.
We shift the security functions performed by online authorization of transactions to
certified code that can authorize offline transactions under certain conditions. These conditions
are customized to each client according to a risk management strategy customized tothe
application. There are three main contributions in this paper. First, we describe a framework in
which certified offline authorizations created by a risk management strategy replace online
authorizations for occasional, low-valued transactions. We then describe architecture for a
practical payment system in which at rust management system is used to encode the client risk
management strategy. Finally, we describe prototype implementation based on the Keynote trust
management toolkit, in which users can purchase vending machine items using credentials stored
unconventional palmtop computers. This is the main reason why during last few years, many
different approaches have been proposed to provide a reliable offline payment scheme. Although
many works have been published, they all focused on transaction anonymity and coin
enforceability. However, previous solutions lack a thorough security analysis. While they focus
on theoretical attacks, discussion on real world attacks such as skimmers, scrapers and data
vulnerabilities is missing.

8
2. SYSTEM IMPLEMENTATION
2.1. System Requirements
2.1.1 HARDWARE REQUIREMENTS:

 System : Pentium IV 2.4 GHz.


 Hard Disk : 40 GB.
 Floppy Drive : 1.44 Mb.
 Monitor : 15 VGA Colour.
 Mouse : Logitech.
 Ram : 512 Mb.

2.1.2 SOFTWARE REQUIREMENTS:

 Operating system : Windows XP/7.


 Coding Language : JAVA/J2EE/VB
 IDE : Net beans 7.4
 Database : MYSQL

9
2.2. Existing System:
• The most issue the problem of checking the trait of a dealings while not a trusty third
party.
• Keeping track of past transactions with no out there association to external parties or
shared databases is quite tough.
• Attackers usually aim at stealing such customer data by targeting the point of Sale (for
short, PoS) system, i.e. the point at that a marketer initial acquires customer data.
Disadvantages:
• Malware that can take card information when they are read by the device has thrived.
• Increasing malware that steal card information as presently as they are scan by the
device.
• Customer and vendor are steady or intermittently disconnected from the network, and no
secure throughout on-line payment.

10
2.3. Proposed System:

• It proposed FRODO techniques, a safe disconnected from the net transaction arrangement
that is strong to PoS information breaches.
• All details are encrypted by using Private Key and public key, Keys are generated during
user to purchase the product.
• Both the communications between the customer and the vendor and those between the
identity element to achieve message confidentiality.
• The storage device that is kept physically safe by the vendor prevents the adversary from
being able to delete past transactions, thus protecting against malicious repudiation
requests.

Advantages
 it's possible to brute-force in finite time on modern processors, so no-one uses it for
anything serious anymore.
 Also, some password systems secured with 3DES were limited to 8 characters and would
silently truncate otherwise-secure passwords (match only the first 8 characters).

11
3. MODULES DESCRIPTION
• Secure Payments

• PoS(Point of Sale) system

• ErasablePUFs

• FraudResilience

• Cybercrime

3.1. Secure Payments:

This solutionstry to guarantee basic security requirements such as double


spendingresiliency, coin forgery resiliency, and transaction anonymity.However, regardless of
the trustworthiness assumptions theymake, all of them completely lack a data breach
analysis.FRoDO does not require any special hardware componentapart from the identity and the
coin element that can be eitherplugged into the customer device or directly embedded into
thedevice. Similarly to secure elements, both the identity and the coinelement can be considered
tamper-proof devices with a securestorage and execution environment for sensitive data.

3.2. Point of Sale System


The point of sale (POS) or point of purchase (POP) is the time and place where a retail
transaction is completed. At the point of sale, the merchant would calculate the amount owed by
the customer and indicate the amount, and may prepare an invoice for the customer (which may
be a cash register printout), and indicate the options for the customer to make payment.

It is also the point at which a customer makes a payment to the merchant in exchange for
goods or after provision of a service. After receiving payment, the merchant may issue a receipt
for the transaction, which is usually printed, but is increasingly being dispensed with or sent
electronically.

12
To calculate the amount owed by a customer, the merchant may use any of a variety of
aids available, such as weighing scales, barcode scanners, and cash registers. To make a
payment, payment terminals, touch screens, and a variety of other hardware and software options
are available.

3.3. Erasable PUF’S


FRoDO does not provide a transaction disputeprotocol phase. However, while the
payment transaction isaccomplished in a fully off-line scenario, any additionaloperation is
accomplished on-line. In this way, the customer cannot repudiate a valid transaction (the log
entry for that transaction will be notified on-line by the vendor) and thesame applies for the
vendor (a repudiated valid transaction cannot be spent). However, devices belonging to a PoS
system are usually kept physically and digitally secure. As such, attacks against PoSsystems in
mature environments are typically multi-staged.
3.4. Fraud Resilience
When the customer receives such a request, first the private key of the identity element is
computed by the identity element key generator. Then, all the encryption layers computed by the
vendor are removed. As such, the customer computes three decryption operations. The first one
with the public key of the vendor. The second one with the private key of the identity element
and the last one with the salt value. At theend of the pairing protocol, both the customer and
vendor devices will share their public keys that will be used for message integrity and
authenticity. Furthermore, in order to avoid brute force pairing attacks during the pairing phase,
Frodo adopts a “fail-to-ban “approach.
3.5. Cybercrime
The computer may have been used in the commission of a crime, or it may be the target
define cybercrimes as: "Offences that are committed against individuals or groups of individuals
with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental harm, or loss, to the victim directly or indirectly, using modern telecommunication
networks such as Internet (networks including but not limited to Chat rooms, emails, notice
boards and groups) and mobile phones (Bluetooth/SMS/MMS)".

13
Cybercrime may threaten a person or a nation's security and financial health.Issues
surrounding these types of crimes have become high-profile, particularly those surrounding
hacking, copyright infringement, unwarranted mass-surveillance, child pornography, and child
grooming. There are also problems of privacy when confidential information is intercepted or
disclosed, lawfully or otherwise.

Define cybercrime from the perspective of gender and defined 'cybercrime against
women' as "Crimes targeted against women with a motive to intentionally harm the victim
psychologically and physically, using modern telecommunication networks such as internet and
mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes,
including espionage, financial theft, and other cross-border crimes. Activity crossing
international borders and involving the interests of at least one nation state is sometimes referred
to as cyber warfare.

14
4. SYSTEM DESIGN
4.1. ARCHITECTURE DIAGRAM
Login: Here admin can directly login for the home page to see the all details about the
users and bank accounts details.
View all users’ profiles: Here also admin view all Users profiles in a list and one by
one can view also and about users all information can read.
Upload Products: Here only admin can see about the product that one upload and
download the product. Admin handle the all activity of the System. Who is uploading the
product with name and time and date?
View all Products: And here admin can view the all product list with name and with
user name and time and date. So this is very useful to know the all product and handle the
system. Who is one doing activity and user user uploading name.
Payments status: And this sub module inside admin can see the payment status of
users who is done payments and full information of payments which time user done own
payment with date finally logout the website

15
4.2.Use case Diagram:
a use case itself might drill into a lot of detail about every possibility, a use-case diagram
can help provide a higher-level view of the system. It has been said before that "Use case
diagrams are the blueprints for your system".They provide the simplified and graphical
representation of what the system must actually do.
Due to their simplistic nature, use case diagrams can be a good communication tool
for stakeholders. The drawings attempt to mimic the real world and provide a view for
the stakeholder to understand how the system is going to be designed. Siau and Lee conducted
research to determine if there was a valid situation for use case diagrams at all or if they were
unnecessary. What was found was that the use case diagrams conveyed the intent of the system
in a more simplified manner to stakeholders and that they were "interpreted more completely
than class diagrams".
The purpose of the use case diagrams is simply to provide the high level view of the
system and convey the requirements in layman's terms for the stakeholders. Additional diagrams
and documentation can be used to provide a complete functional and technical view of the
system.

16
4.3. DATA FLOW DIAGRAM

A data flow diagram (DFD) is a graphical representation of the “flow” of data through an
information system. It differs from the flowchart as it shows the data flow instead of the control
flow of the program. A data flow diagram can also be used for the visualization of data
processing. The DFD is designed to show how a system is divided into smaller portions and to
highlight the flow of data between those parts.

Level 0:

Username

Login Database

Password

17
Level 1:

Admin

Login

Add Product List

View Product List Database

Payment using
Credit card

Report

18
Level 2:

User

Login

View Product Details

Get ordered Product Database

Logout

19
4.4. Sequence Diagram

To understand what a sequence diagram is, it's important to know the role of the Unified
Modeling Language, better known as UML. UML is a modeling toolkit that guides the creation
and notation of many types of diagrams, including behavior diagrams, interaction diagrams, and
structure diagrams.

A sequence diagram is a type of interaction diagram because it describes how—and in what


order—a group of objects works together. These diagrams are used by software developers and
business professionals to understand requirements for a new system or to document an existing
process. Sequence diagrams are sometimes known as event diagrams or event scenarios.

Note that there are two types of sequence diagrams: UML diagrams and code-based diagrams.
The latter is sourced from programming code and will not be covered in this guide.
Lucidchart’s UML diagramming software is equipped with all the shapes and features you will
need to model both.

20
5. SOFTWARE DECRIPTION

Java technology is both a programming language and a platform.

THE JAVA TECHNOLOGY

The Java programming language is a high-level language that can be characterized by all
of the following buzzwords:
 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure
With most programming languages, you either compile or interpret a program so that you
can run it on your computer. The Java programming language is unusual in that a program is
both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time the
program is executed. The following figure illustrates how this works.

Figure 7.2.3.1 Diagram for Java Working principle

21
You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make “write
once, run anywhere” possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java VM.
That means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.

Figure 7.2.3.2Sample Output in Different Systems

The Java Platform

A platform is the hardware or software environment in which a program runs. We’ve


already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and
Mac OS. Most platforms can be described as a combination of the operating system and
hardware. The Java platform differs from most other platforms in that it’s a software-only
platform that runs on top of other hardware-based platforms.

The Java platform has two components:

The Java Virtual Machine (Java VM)

The Java Application ProgrammingInterface (Java API)

You’ve already been introduced to the Java VM. It’s the base for the Java platform and is ported
onto various hardware-based platforms.

22
The Java API is a large collection of ready-made software components that provide many useful
capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into
libraries of related classes and interfaces; these libraries are known as packages. The next
section, What Can Java Technology Do?, highlights what functionality some of the packages in
the Java API provide.

The following figure depicts a program that’s running on the Java platform. As the figure shows,
the Java API and the virtual machine insulate the program from the hardware.

Figure:Java Platforms

Native code is code that after you compile it, the compiled code runs on a specific hardware
platform. As a platform-independent environment, the Java platform can be a bit slower than
native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring performance close to that of native code without threatening portability.

What Can Java Technology Do?


The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Web, you’re probably already familiar with
applets. An applet is a program that adheres to certain conventions that allow it to run within a
Java-enabled browser.

However, the Java programming language is not just for writing cute, entertaining applets
for the Web. The general-purpose, high-level Java programming language is also a powerful
software platform. Using the generous API, you can write many types of programs.

An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples of
servers are Web servers, proxy servers, mail servers, and print servers.

23
Another specialized program is a servelet. A servelet can almost be thought of as an
applet that runs on the server side. Java Servelets are a popular choice for building interactive
web applications, replacing the use of CGI scripts. Servelets are similar to applets in that they are
runtime extensions of applications. Instead of working in browsers, though, servelets run within
Java Web servers, configuring or tailoring the server.

How does the API support all these kinds of programs? It does so with packages of software
components that provides a wide range of functionality. Every full implementation of the Java
platform gives you the following features:

The essentials: Objects, strings, threads, numbers, input and output, data structures, system
properties, date and time, and so on.

Applets: The set of conventions used by applets.

Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol)
sockets, and IP (Internet Protocol) addresses.

Internationalization: Help for writing programs that can be localized for users worldwide.
Programs can automatically adapt to specific locales and be displayed in the appropriate
language.

Security: Both low level and high level, including electronic signatures, public and private key
management, access control, and certificates.

Software components: Known as JavaBeansTM, can plug into existing component architectures.

Object serialization: Allows lightweight persistence and communication via Remote Method
Invocation (RMI).

Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational
databases.

The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration,
telephony, speech, animation, and more. The following figure depicts what is included in the
Java 2 SDK.

24
Figure:Java IDE

How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than other
languages. We believe that Java technology will help you do the following:

Get started quickly: Although the Java programming language is a powerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with C or C++.

Write less code: Comparisons of program metrics (class counts, method counts, and so
on) suggest that a program written in the Java programming language can be four times smaller
than the same program in C++.

Write better code: The Java programming language encourages good coding practices,
and its garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeans
component architecture, and its wide-ranging, easily extendible API let you reuse other people’s
tested code and introduce fewer bugs.

Develop programs more quickly: Your development time may be as much as twice as fast
versus writing the same program in C++. Why? You write fewer lines of code and it is a simpler
programming language than C++.

25
Avoid platform dependencies with 100% Pure Java: You can keep your program portable by
avoiding the use of libraries written in other languages. The 100% Pure JavaTMProduct
Certification Program has a repository of historical process manuals, white papers, brochures,
and similar materials online.

Distribute software more easily: You can upgrade applets easily from a central server. Applets
take advantage of the feature of allowing new classes to be loaded “on the fly,” without
recompiling the entire program.

Java Programming Structure

A Java source files is a text file that contains one or more class definitions. The java
compiler expects these files to be stored with the '.java' filename extension. When Java source
code is compiled, each individual class is put into its own output file named after the class with a
‘.class’ extension since there is no global functions or variables in Java and only thing that can be
in a Java, source file is one or more class definitions.

Java requires that all code reside inside of a names class. Java is highly case sensitive
with respect to all keywords and identifiers. In java the code for any method must be started by
an open brace and so ended by a close brace.

Every java application must have a 'main' method. The main method is simply a starting
place for the interpreter to begin. Java applets won't use a main method at all, since the web
browser's java runtime has a different conversion for boot strapping applets. In java every
statement must end with a semicolon, there are no limits on the length of the statements. Java is
a free form language.

Packages and Interfaces

Java allows to groups classes in a collection called packages. Packages are convenient
way of organizing the classes and libraries. Packages can be nested. A number of classes having
same kind of behavior can be grouped under a package.

26
Packages are imported into the required java programs using the implements keyword.
Interfaces provide a mechanism that allows unrelated classes to implement the same set of
methods.

An interface is a collection of method prototypes and constant values that is free from
dependency on a specific class. Interfaces are implemented by using the implements keyword.

Introduction to API

Application programming interface (API) forms the heart of any java program. These
API'S are defined in corresponding java packages and are imported to the program.

Some of the packages available in java are

PACKAGES DESCRIPTION

Java.Lang It includes all language libraries

Java.awt It includes AWT libraries, such as windows,


Scrollbars, etc., for GUI applications

Java.Applet It includes API for applet programming

Java.io It includes all libraries required for input-output


(io)applications

Java.Image It includes libraries for image processing.

Java.net It includes networking API's.

Java.util It includes general API's like vector, stack etc

Table: Java Package

27
SocketOverview

Figure: 5.2.3.5Network Socket


A network socket is a lot like an electrical socket. Various plugs around the network have
a standard way of delivering their payload. Anything that understands the standard protocol can
“plug in” to the socket and communicate. With electrical sockets, it doesn’t matter if you plug in
a lamp or a toaster; as long as they are expecting 60Hz, 115-volt electricity, the devices will
work. Think how your electric bill is created. There is a meter somewhere between your house
and the rest of the network. For each kilowatt of power that goes through that meter, you are
billed. The bill comes to your “address.” So even though the electricity flows freely around the
power grid, all of the sockets in your house have a particular address.

The same idea applies to network sockets, except we talk about TCP/IP packets & IP
addresses rather than electrons and street addresses. Internet Protocol (IP) is a low-level routing
protocol that breaks data into small packets and sends them to an address across a network,
which does not guarantee to deliver said packets to the destination. Transmission Control
Protocol (TCP) is a higher-level protocol that manages to robustly string together these packets,
sorting and retransmitting them as necessary to reliably transmit your data. A third protocol, User
Datagram Protocol (UDP), sits next to TCP and can be used directly to support fast,
connectionless, unreliable transport of packets

28
Client and Server

You often hear the term client/server mentioned in the context of networking. It seems
complicated when you read about it in corporate marketing statements, but it is actually quite
simple. A server is anything that has some resource that can be shared. There are compute
servers, which provide computing power; print servers, which manage a collection of printers;
disk servers, which provide networked disk space; and web servers, which store web pages. A
client is simply any other entity that wants to gain access to a particular server.

The interaction between client and server is just like the interaction between a lamp and
an electrical socket. The power grid of the house is the server, and the lamp is a power client.
The server is a permanently available resource, while the client is free to “unplug” after it is has
been served. In Berkeley sockets, the notion of a socket allows a single computer to serve many
different clients at once, as well as serving many different types of information. This feat is
managed by the introduction of a port, which is a numbered socket on a particular machine.

A server process is said to “listen” to a port until a client connects to it. A server is
allowed to accept multiple clients connected to the same port number, although each session is
unique. To manage multiple client connections, a server process must be multithreaded or have
some other means of multiplexing the simultaneous I/O.

29
6. SYSTEM TESTING

6.1. UNIT TESTING


The first test in the development process is the unit test. The source code is normally
divided into modules, which in turn are divided into smaller units called units. These units have
specific behavior. The test done on these units of code is called unit test. Unit test depends upon
the language on which the project is developed. Unit tests ensure that each unique path of the
project performs accurately to the documented specifications and contains clearly defined inputs
and expected results. Functional and reliability testing in an Engineering environment. Producing
tests for the behavior of components (nodes and vertices) of a product to ensure their correct
behavior prior to system integration.

6.2.SYSTEM TESTING
Several modules constitute a project. If the project is long-term project, several
developers write the modules. Once all the modules are integrated, several errors may arise. The
testing done at this stage is called system test. System testing ensures that the entire integrated
software system meets requirements. It tests a configuration to ensure known and predictable
results. System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.

Testing a specific hardware/software installation. This is typically performed on a COTS


(commercial off the shelf) system or any other system comprised of disparent parts where
custom configurations and/or unique installations are the norm.

6.3. FUNCTIONAL TESTING:

Functional test can be defined as testing two or more modules together with the intent of
finding defects, demonstrating that defects are not present, verifying that the module performs its
intended functions as stated in the specification and establishing confidence that a program does
what it is supposed to do.

30
6.4. INTEGRATION TESTING:
Testing in which modules are combined and tested as a group. Modules are typically
code modules, individual applications, source and destination applications on a network, etc.
Integration Testing follows unit testing and precedes system testing.Testing after the product is
code complete. Betas are often widely distributed or even distributed to the public at large in
hopes that they will buy the final product when it is released.

6.5. WHITE BOX TESTING:


Testing based on an analysis of internal workings and structure of a piece of software.
This testing can be done sing the percentage value of load and energy. The tester should know
what exactly is done in the internal program. Includes techniques such as Branch Testing and
Path Testing. Also known as Structural Testing and Glass Box Testing.

6.6.BLACK BOX TESTING:


Testing without knowledge of the internal workings of the item being tested. Tests are
usually functional. This testing can be done by the user who has no knowledge of how the
shortest path is found.

6.7.MAINTENANCE

Software maintenance is widely accepted part of SDLC now a days. It stands for all the
modifications and updations done after the delivery of software product. There are number of
reasons, why modifications are required, some of them are briefly mentioned below:
 Market Conditions - Policies, which changes over the time, such as taxation and newly
introduced constraints like, how to maintain bookkeeping, may trigger need for
modification.
 Client Requirements - Over the time, customer may ask for new features or functions in
the software.
 Host Modifications - If any of the hardware and/or platform (such as operating system)
of the target host changes, software changes are needed to keep adaptability.

31
 Organization Changes - If there is any business level change at client end, such as
reduction of organization strength, acquiring another company, organization venturing
into new business, need to modify in the original software may arise.
Types of maintenance
In a software lifetime, type of maintenance may vary based on its nature. It may be just a
routine maintenance tasks as some bug discovered by some user or it may be a large event in
itself based on maintenance size or nature. Following are some types of maintenance based on
their characteristics:
 Corrective Maintenance - This includes modifications and updations done in order to
correct or fix problems, which are either discovered by user or concluded by user error
reports.
 Adaptive Maintenance - This includes modifications and updations applied to keep the
software product up-to date and tuned to the ever changing world of technology and
business environment.
 Perfective Maintenance - This includes modifications and updates done in order to keep
the software usable over long period of time. It includes new features, new user
requirements for refining the software and improve its reliability and performance.
 Preventive Maintenance - This includes modifications and updations to prevent future
problems of the software. It aims to attend problems, which are not significant at this
moment but may cause serious issues in future.

32
7.SCREENSHOTS

HOME PAGE

FRODO LOGIN

33
REGISTRATION FORM

VENDOR REGISTRATION

34
FRODO LOGIN

USER BANK DETAILS

35
DEPOSIT AMOUNT

VENDOR LOGIN

36
VENDOR BANK DETAILS

TRANSECTION PROCESS

37
8. SAMPLE CODING

SOURCE CODE
packagecom.example.readmsg;
importjava.util.regex.Matcher;
importjava.util.regex.Pattern;
importandroid.os.Bundle;
importandroid.app.Activity;
importandroid.view.Menu;
importandroid.view.View;
importandroid.widget.Button;
importandroid.widget.CheckBox;
importandroid.widget.EditText;
import android.widget.RadioButton;
importandroid.widget.RadioGroup;
importandroid.widget.Toast;
importandroid.content.Intent;
importandroid.database.sqlite.SQLiteDatabase;
importandroid.view.View.OnClickListener;
public class MainActivity extends Activity implements OnClickListener {
Button btn_save;
EditTexte_firstname,e_lastname,e_username,e_password,e_email,secret;
CheckBoxcbx,cbxs;
String $username;
String $password;
int id;
RadioGroupradioSexGroup;
privateRadioButtonradioSexButton;
String getusername,getpassword;
SQLiteDatabasedbs;
@Override
protected void onCreate(Bundle savedInstanceState) {

38
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
dbs = openOrCreateDatabase("datacollect.db", MODE_PRIVATE, null);
String sql_create = "create table if not exists login(_id integer primary key
autoincrement, username varchar(120),password varchar(120),
secretvarchar(120))";
dbs.execSQL(sql_create);
radioSexGroup = (RadioGroup) findViewById(R.id.goodbutton);
e_username = (EditText)findViewById(R.id.username);
e_password = (EditText)findViewById(R.id.password);
secret=(EditText)findViewById(R.id.secure);
e_email=(EditText)findViewById(R.id.email);
e_firstname=(EditText)findViewById(R.id.firstname);
e_lastname=(EditText)findViewById(R.id.lastname);
btn_save = (Button)findViewById(R.id.login);
btn_save.setOnClickListener(this);
}
privatebooleanisValidEmail(String email) {
String EMAIL_PATTERN = "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@"
+ "[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$";

Pattern pattern = Pattern.compile(EMAIL_PATTERN);


Matcher matcher = pattern.matcher(email);
returnmatcher.matches();
}
// validating password with retype password
privatebooleanisValidPassword(String pass) {
if (pass != null &&pass.length() >= 2) {
return true;
}
return false;

39
}
public void onClick(View v)
{
switch(v.getId())
{
caseR.id.login:
String s_username = e_username.getText().toString();
String s_password = e_password.getText().toString();
String s_email=e_email.getText().toString();
String s_securekey=secret.getText().toString();
intselectedId = radioSexGroup.getCheckedRadioButtonId();
// find the radiobutton by returned id
radioSexButton = (RadioButton) findViewById(selectedId);
String command = radioSexButton.getText().toString().trim()
if(s_password.equals("") || s_password==null || s_username.equals("") ||
s_username==null&&s_email.equals("")||s_email==null
s_securekey.equals("")||s_securekey==null)
{
Toast.makeText(getFrameworkContext(), "Fill all above
details to proceed", Toas.LENGTH_LONG).show();
}
String $password;
int id;
RadioGroupradioSexGroup;
privateRadioButtonradioSexButton;
String getusername,getpassword;
SQLiteDatabasedbs;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);

40
dbs = openOrCreateDatabase("datacollect.db", MODE_PRIVATE, null);
String sql_create = "create table if not exists login(_id integer primary key
autoincrement, username varchar(120),password varchar(120),
secretvarchar(120))";
dbs.execSQL(sql_create);
radioSexGroup = (RadioGroup) findViewById(R.id.goodbutton);
e_username = (EditText)findViewById(R.id.username);
e_password = (EditText)findViewById(R.id.password);
secret=(EditText)findViewById(R.id.secure);
e_email=(EditText)findViewById(R.id.email);
e_firstname=(EditText)findViewById(R.id.firstname);
e_lastname=(EditText)findViewById(R.id.lastname);
btn_save = (Button)findViewById(R.id.login);
btn_save.setOnClickListener(this);
}
caseR.id.login:

String s_username = e_username.getText().toString();


String s_password = e_password.getText().toString();
String s_email=e_email.getText().toString();

String s_securekey=secret.getText().toString();
intselectedId = radioSexGroup.getCheckedRadioButtonId();
// find the radiobutton by returned id
radioSexButton = (RadioButton) findViewById(selectedId);
String command = radioSexButton.getText().toString().trim()
if(s_password.equals("") || s_password==null || s_username.equals("") ||
s_username==null&&s_email.equals("")||s_email==null
s_securekey.equals("")||s_securekey==null)

else{

41
String inse_query = "insert into login(username,password,secret)
values('"+s_username+"','"+s_password+"','"+s_securekey+"')";
dbs.execSQL(inse_query);
Toast.makeText(getFrameworkContext(), "Success",
Toast.LENGTH_SHORT).show();
if(command.equals("Default Commands"))
{
Intent intent=new Intent();
intent.setClassName("com.example.readmsg","com.example.readmsg.CommandLine");
intent.setFlags(intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);
Toast.makeText(getFrameworkContext(), "Use default command
keywords", Toast.LENGTH_LONG).show();
finish();
}
Pattern pattern = Pattern.compile(EMAIL_PATTERN);
Matcher matcher = pattern.matcher(email);
returnmatcher.matches();
}
// validating password with retype password
privatebooleanisValidPassword(String pass) {
if (pass != null &&pass.length() >= 2) {
return true;
}

42
10. CONCLUSION

10. CONCLUSION

In this proposed system introduced FRoDO that is, to the best of our knowledge, the first
data-breach-resilient fully off-line micropayment approach. The security analysis shows that
FRoDO does not impose trustworthiness assumptions. Further, FRoDO is also the first solution
in the literature where no customer device data attacks can be exploited to compromise the
system. This has been achieved mainly by leveraging a novel erasable PUF architecture and a
novel protocol design. Furthermore, our proposal has been thoroughly discussed and compared
against the state of the art. This analysis shows that FRoDO is the only proposal that enjoys all
the properties required to a secure micro-payment solution, while also introducing flexibility
when considering the payment medium (types of digital coins).

10.1. FUTURE WORK


Finally, some open issues have been identified that are left as future work. In particular,
these are investigating the possibility to allow digital change to be spent over multiple off-line
transactions while maintaining the same level of security and usability.

43
11.REFERENCES
[1] J. Lewandowska, http://www.frost.com/prod/servlet/press-release.pag?docid=274238535,
2013.
[2] R. L. Rivest, “Payword and micromint: two simple micropaymentschemes,” in CryptoBytes,
1996, pp. 69–87.
[3] S. Martins and Y. Yang, “Introduction to bitcoins: a pseudo-anonymouselectronic currency
system,” ser. CASCON ’11. Riverton, NJ, USA:IBM Corp., 2011, pp. 349–350.
[4] Verizon, “2014 data breach investigations report,” Verizon, TechnicalReport, 2014.
[5] T. M. Incorporated, “Point-of-sale system breaches,” Trend Micro Incorporated,Technical
Report, 2014.
[6] Mandiant, “Beyond the breach,” Mandiant, Technical Report, 2014.
[7] Bogmar, “Secure POS & kiosk support,” Bogmar, Technical Report,2014.
[8] V. Daza, R. Di Pietro, F. Lombardi, and M. Signorini, “FORCE – FullyOff-line
secuReCrEdits for Mobile Micro Payments,” in 11th Intl. Conf.on Security and Cryptography,
SCITEPRESS, Ed., 2014.
[9] W. Chen, G. Hancke, K. Mayes, Y. Lien, and J.-H. Chiu, “Using 3G networkcomponents to
enable NFC mobile transactions and authentication,”in IEEE PIC ’10, vol. 1, Dec 2010, pp. 441
–448.
[10] S. Golovashych, “The technology of identification and authenticationof financial
transactions. from smart cards to NFC-terminals,” in IEEE IDAACS ’05, Sep 2005, pp. 407–
412.
[11] G. Vasco, Maribel, S. Heidarvand, and J. Villar, “Anonymous subscriptionschemes: A
flexible construction for on-line services access,” inSECRYPT ’10, July 2010, pp. 1–12.
[12] K. S. Kadambi, J. Li, and A. H. Karp, “Near-field communication-basedsecure mobile
payment service,” in ICEC ’09. ACM, 2009.
[13] V. C. Sekhar and S. Mrudula, “A complete secure customer centricanonymous payment in a
digital ecosystem,” ICCEET ’12, 2012.
[14] S. Dominikus and M. Aigner, “mCoupons: An application for nearfield communication
(NFC),” in Advanced Information Networking andApplications Workshops, ser. AINAW ’07,
vol. 2. Washington, DC,USA: IEEE Computer Society, 2007, pp. 421–428.

44
[15] T. Nishide and K. Sakurai, “Security of offline anonymous electroniccash systems against
insider attacks by untrusted authorities revisited,”ser. INCOS ’11. Washington, DC, USA: IEEE
Comp. Soc., 2011, pp.656–661.
[16] W.-S. Juang, “An efficient and practical fair buyer-anonymity exchangescheme using
bilinear pairings,” in Asia JCIS 2013, July 2013, pp. 19–26.
[17] M. A. Salama, N. El-Bendary, and A. E. Hassanien, “Towards securemobile agent based e-
cash system,” in Intl. Workshop on Security andPrivacy Preserving in e-Societies. New York,
NY, USA: ACM, 2011,pp. 1–6.
[18] C. Wang, H. Sun, H. Zhang, and Z. Jin, “An improved off-line electroniccash scheme,” in
ICCIS 2013, June 2013, pp. 438–441.

45