Beruflich Dokumente
Kultur Dokumente
No CONTENT Page No
SYNOPSIS i
1 INTRODUCTION 1
3 DEVELOPMENT ENVIRONMENT 10
6.1 Conclusion 50
6.2 Future Enhancement 51
7 APPENDIX 52
1.INTRODUCTION
1.COMPANY PROFILE
I genuine Solutions
Despite its benefits, pub/sub systems present several security and privacy challenges
as the data is routed through a set of brokers in a multi-party distributed system. Indeed,
publishers (or subscribers) may send (or receive) sensitive publications, such as health
information, religious, and political interests. Thus, the brokers could collect sensitive
information about the publishers and subscribers. With the proliferation of out- sourced
systems, pub/sub services are typically based on third party servers (e.g., cloud servers). In
2016, an attack on the Yahoo platform led to the leakage of 1 billion user accounts who used
yahoo . Since brokers handle sensitive data and could be compromised, it is reasonable to
treat them as untrustworthy entities and ensure the protection of publications and
subscriptions. To protect sensitive information from untrustworthy brokers, several works
propose to encrypt the publications and subscriptions in such a way that the brokers can still
match the subscriptions against the publications’ tags without learning their content. The
subscriptions and publications are protected from brokers.
However, it is possible for malicious brokers to collude with subscribers and publishers.
Subscription from an innocent investor is encrypted, the broker can still access the content by
checking if the subscriptions from both an innocent subscriber and a malicious subscriber
match the same publication tags. Like, a malicious publisher could publish a fake publication
to learn investors’ interests. Specifically, a malicious publisher can combine with a broker to
know the interests matching the fake publication. Therefore, to ensure the privacy of
subscriptions, it is also necessary to resist the attacks between brokers, publishers, and
investors. T h e s c hemes proposed in resist collusion attacks between malicious investors (or
publishers) and brokers. However, all these approaches require publishers and investors to
communicate directly to protect their privacy. As a result, the loosely coupled property of the
pub/sub model is no longer supported by these approaches. The system proposed that
privacy-preserving pub/sub system that protects subscriptions effectively and resists collusion
attacks using a multi-broker setting without compromising the loosely-coupled property of
the pub/inv model. The system lies in the use of multiple types of brokers to match and to
route publications to the investors. The main idea is to divide the match operations (between
encrypted subscriptions and publication tags) into different phases, where each phase is
executed by a different type of broker. Each broker type only processes partial information
from which it cannot infer sensitive information about the subscriptions. Thus, if a broker is
compromised or colludes with a subscriber (or a publisher), the subscriptions are still
protected. We design an advanced collusion attack, in which multiple malicious requestors
closely coordinate with one another to launch their queries on different but related users in
well designed orders
The system uses two different algorithms for implement the privacy of subscribers. First,
using a scheme like Key Policy Attribute-Based Encryption (KP-ABE) algorithm,
publications’ content can be accessed only by the authorized subscribers. Second, applying
Searchable Encryption (SE)to ensure encrypted matching of publications’ keywords against
subscribers’ interests. The proposed solution is secure against collusion attacks between
brokers and subscribers/publishers. Herein, stress that the idea of using multiple types of
brokers to defend against collusion attacks in pub/inv systems. This work extends idea by
giving a detailed architecture, a comprehensive security analysis, and a thorough performance
evaluation. Furthermore, giving a motivating scenario, identify security requirements for
pub/sub systems, and present a driven computing systems. These are few applications for
Publisher and Subscriber functions technical background on the applied cryptographic
techniques, including KP-ABE and SE schemes.
MODULES
That project contains first it shows the login form where it contains the already
existing users. But new user means first should be register then go to login page. Next
comes the home page .that home page contains users upload images and news feeds while
new user upload the image or news that information should not be directly show the home
page .that particular image first goes to the admin part that admin it confirm only that
image shows the home page. In the process to avoiding the mis using images and news.
The project developed by JAVA and MYSQL server.
The modules of this project as mainly classified into,
The aim at providing a pub/sub service that could protect publications and Subs’ interests
from curious brokers in the presence of malicious Subs and Pubs. To protect the publications
from unauthorized entities, the Pub encrypts the publication using the Key-Policy Attribute-
Based Encryption (KP-ABE) scheme. In this way, only the authorized Subs can recover the
content of the publications.
Chapter - 2 includes the system study and analysis of this project which explains problem
statement, existing system drawbacks and the proposed system advantages and the feasibility
study of the project.
Chapter - 4 includes the design patterns like ER Diagram, Use-Case Diagram, DFD
Diagram, Input and Output forms design and Data design.
Chapter - 5 describes the testing strategy design, System Security and System
Enhancement details.
Chapter - 7 includes the appendix of the sample source code for some modules are
defines.
The objective of Cyber security is to protect information from being stolen, compromised
or attacked. Cyber security can be measured by at least one of three goals
CONFIDENTIALITY
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for those
who are allowed to see it while disallowing others from learning anything about its content.
It prevents essential information from reaching the wrong people while making sure that
the right people can get it. Data encryption is a good example to ensure confidentiality.
INTEGRITY
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded
from unauthorized user modification. It is the property that information has not be altered
in an unauthorized way, and that source of the information is genuine.
AVAILABILITY
To develop a series of Guiding Principles for improving the online security of the
ISPs' customers and limit the rise in cyber-attacks. Cyber security for these purposes
encompasses the protection of essential information, processes, and systems, connected or
stored online, with a broad view across the people, technical, and physical domains.
Economy of mechanism
Fail-safe defaults
Least Privilege
Open Design
Complete mediation
Separation of Privilege
Psychological acceptability
2. SYSTEM STUDY AND ANALYSIS
Publisher or subscriber systems present several security and privacy challenges as the
data is routed through a set of brokers in a multi-party distributed system. Indeed,
publishers (or subscribers) may send (or receive) sensitive publications, such as health
information, religious, and political interests. Thus, the brokers could collect sensitive
information about the publishers and subscribers. With the proliferation of outsourced
systems, pub/sub services are typically based on third party servers.
DISADVANTAGES:
The publisher generates publications and the related tags. Before publishing to the
broker, it encrypts both the tags and the payload of the publication. Each subscriber defines
a subscription according to its interests, such that it receives only the publications whose
tags satisfy the subscription. The trusted authority is responsible for managing the keys of
Subs and Pubs. In the proposed system, allow at most two types of brokers to collude and
still be able to protect the content of the interests.
ADVANTAGES
The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some come estimates. This is to ensure
that the proposed system is not a burden to the company. A high speed of internet is not
required. For feasibility analysis, some understanding of the major requirements for the
system is essential.
ECONOMICAL FEASIBLITY
TECHNICAL FEASIBLITY
OPERATIONAL FEASIBLITY
COAST ESTIMATION AND SCHEDULING
Technical feasibility explains about the system works, technically this shopping
system with their own suggestion. The application can be use effective by the user without
any problem. The user can directly contact the admin for help.
This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the
developed system as well within the budget and this was achieved because most of the
technologies used are freely available.
2.4.3 OPERATIONAL FEASIBILITY
Operational feasibility is all about what type of operation system can perform. To
operate this system there is no need for more knowledge it id ore flexible than other
systems user can easily understand the functions of each module to buy the products, sell
the products.
The software project manager (and others) develops a characterization of the overall
size, process, environment, people, and quality required for the project. A macro-level
estimate of the total effort and schedule is developed using a software cost estimation
model. Cost Estimating. While conceptual project estimating and scheduling can give a
rough picture of budget and execution time, a crucial piece of information in initial decision
making process – with developing of the project design, final cost and schedule can be
determined on a much higher level of detail.
3.DELEVOPMENT ENVIRONMENT
The hardware requirement may be serves as the basis for a contract for the
implementation of the system and should therefore be a complete and consistent
specification of the whole system. They are used y software engineers as the starting point
for the system. It shows what the system do and not how it should be implemented.
JAVA
JSP - In Java, JSP (Java Server Pages) is used to create dynamic web pages, such as in
PHP and ASP.
Applets - Applets are another type of Java programs that are implemented on Internet
browsers and are always run as part of a web document.
J2EE - Java 2 Enterprise Edition is a platform-independent environment that is a set
of different protocols and APIs and is used by various organizations to transfer data
between each other.
JavaBeans - This is a set of reusable software components that can be easily used to
create new and advanced applications.
Mobile - In addition to the above technology, Java is widely used in mobile devices
nowadays, many types of games and applications are being made in Java.
FEATURES OF JAVA
INTRODUCTION TO JSP
JSP technology is used to create web application just like Servlet technology. It can be
thought of as an extension to Servlet because it provides more functionality than servlet
such as expression language, JSTL, etc.
A JSP page consists of HTML tags and JSP tags. The JSP pages are easier to maintain than
Servlet because we can separate designing and development. It provides some additional
features such as Expression Language, Custom Tags.
Extension to Servlet
JSP technology is the extension to Servlet technology. We can use all the features of the
Servlet in JSP. In addition to, we can use implicit objects, predefined tags, expression
language and Custom tags in JSP, that makes JSP development easy.
Easy to maintain
JSP can be easily managed because we can easily separate our business logic with
presentation logic. In Servlet technology, we mix our business logic with the presentation
logic.
If JSP page is modified, we don't need to recompile and redeploy the project. The Servlet
code needs to be updated and recompiled if we have to change the look and feel of the
application.
In JSP, we can use many tags such as action tags, JSTL, custom tags, etc. that reduces the
code. Moreover, we can use EL, implicit objects, etc.
OVERVIEW OF HTML
HTML is a software solution stack that defines the properties and behaviors of web
page content by implementing a markup based pattern to it. HTML5 was the fifth and
current major version of HTML that is a World Wide Web Consortium
(W3C) recommendation. The current specification is known as the HTML Living
Standard and is maintained by a consortium of the major browser vendors
(Apple, Google, Mozilla, and Microsoft), the Web Hypertext Application Technology
Working Group (WHATWG).
HTML5 was first released in public-facing form on 22 January 2008, with a major
update and "W3C Recommendation" status in October 2014. Its goals were to improve the
language with support for the latest multimedia and other new features; to keep the
language both easily readable by humans and consistently understood by computers and
devices such as web browsers, parsers, etc., without XHTML's rigidity; and to
remain backward-compatible with older software. HTML5 is intended to subsume not
only HTML 4, but also XHTML 1 and DOM Level 2 HTML.
Web browsers receive HTML documents from a web server or from local storage
and render the documents into multimedia web pages. HTML describes the structure of
a web page semantically and originally included cues for the appearance of the document.
as <img/> and <input /> directly introduce content into the page. Other tags such
as <p> surround and provide information about document text and may include other tags
as sub-elements. Browsers do not display the HTML tags, but use them to interpret the
content of the page.
CSS
FEATURES OF CSS
CSS saves time − You can write CSS once and then reuse same sheet in multiple
HTML pages. You can define a style for each HTML element and apply it to as
many Web pages as you want.
Pages load faster − If you are using CSS, you do not need to write HTML tag
attributes every time. Just write one CSS rule of a tag and apply it to all the
occurrences of that tag. So less code means faster download times.
Easy maintenance − To make a global change, simply change the style, and all
elements in all the web pages will be updated automatically.
Superior styles to HTML − CSS has a much wider array of attributes than HTML,
so you can give a far better look to your HTML page in comparison to HTML
attributes.
Global web standards − Now HTML attributes are being deprecated and it is being
recommended to use CSS. So its a good idea to start using CSS in all the HTML
pages to make them compatible to future browsers.
Back end Development refers to the server side of development where you are primarily
focused on how the site works. Making updates and changes in addition to monitoring
functionality of the site will be your primary responsibility. This type of web development
usually consists of three parts: a server, an application, and a database. Code written by back
end developers is what communicates the database information to the browser. Anything you
can’t see easily with the eye such as databases and servers is the work of a back end
developer. Back end developer positions are often called programmers or web developers.
MYSQL
MySQL is the most popular Open Source Relational SQL Database Management System.
MySQL is one of the best RDBMS being used for developing various web-based software
applications. MySQL is developed, marketed and supported by MySQL AB, which is a
Swedish company. This tutorial will give you a quick start to MySQL and make you
comfortable with MySQL programming. MySQL is the most popular RDBMS (Relational
Database Management System) used to store data of web applications. This MySQL
tutorial series will help you to get started in MySQL. You will learn the basics of MySQL
and will be able to use the MySQL database easily.
Features of MYSQL
MySQL is fully multithreaded by using kernel threads. It can handle multiple CPUs if
they are available.
Some of the most famous websites like Facebook, Wikipedia, Google (not for search),
YouTube, Flickr.
Content Management Systems (CMS) like WordPress, Drupal, Joomla, phpBB etc.
A large number of web developers worldwide are using MySQL to develop web
applications.
High Performance
High Availability
Rock-solid reliability and constant availability are hallmarks of MySQL, with customers
relying on MySQL to guarantee around-the-clock uptime.
MySQL offers one of the most powerful transactional database engines on the market.
MySQL is the de-facto standard for high-traffic web sites because of its high-
performance query engine, tremendously fast data insert capability, and strong support for
specialized web functions like fast full text searches.
Guarding the data assets of corporations is the number one job of database professionals,
MySQL offers exceptional security features that ensure absolute data protection. In terms of
database authentication, MySQL provides powerful mechanisms for ensuring only authorized users
have entry to the database server, with the ability to block users down to the client machine level
being possible.
One of the reasons MySQL is the world's most popular open source database is that it
provides comprehensive support for every application development need. Within the database,
support can be found for stored procedures, triggers, functions, views, cursors, ANSI-standard SQL.
Management Ease
MySQL offers exceptional quick-start capability with the average time from software
download to installation completion being less than fifteen minutes.
4.1.1.PROCESS DESIGN
Protecting Investors Privacy in Online trading system that proposed that to ensure the
privacy of the investor is protected. When the investor wants to add products to the
application they will approach brokers, the brokers will collect the information from the
investors, the broker checks whether the product has valid certificates. Then the collected
information can be passed to the Publisher, the publisher is holding the share. When the
investor share their information to the broker there is a chance of misusing the personal
information about the investor, so the information provided by the investor can be encrypted
before shared to the broker.
Protecting Investors privacy in online trading system
The above Figure illustrate that, the proposed based on protecting investors
information in online trading system. The admin (Publisher) has the rights to approve the
product details that have been submitted by the investors. Then only the customers can
view the products in the shopping website. All the transactions has been stored in the
database whenever the publisher gather all the information. There are two types of
algorithm for enabling the privacy of the investors as well as the publisher who present in
the system.
UML DIAGRAMS
UML is an acronym that stands for Unified Modelling Language. Simply put, UML
is a modern approach to modelling and documenting software. In fact, it’s one of the most
popular business process modelling techniques. It is based on diagrammatic
representations of software components. Mainly, UML has been used as a general-purpose
modelling language in the field of software engineering. However, it has now found its way
into the documentation of several business processes or work flows. For example, activity
diagrams, a type of UML diagram, can be used as a replacement for flowcharts. They
provide both a more standardized way of modelling workflows as well as a wider range of
features to improve readability and efficacy. UML was created by the Object Management
Group (OMG) and UML 1.0 specification draft was proposed to the OMG in January 1997.
It was initially started to capture the behaviour of complex software and non-software
system and now it has become an OMG standard. This tutorial gives a complete
understanding on UML.
Object-oriented concepts were introduced much earlier than UML. At that point of
time, there were no standard methodologies to organize and consolidate the object-oriented
development. It was then that UML came into picture.
There are a number of goals for developing UML but the most important is to define some
general purpose modelling language, which all modellers can use and it also needs to be
made simple to understand and use.
A use case diagram at its simplest is a representation of a user's interaction with the
system that shows the relationship between the user and the different use cases in which the
user is involved. A use case diagram can identify the different types of users, the Figure 5.2
shows user can directly login to the form. After login the form, the Admin checks the
approval requests from the users.
Use Case diagram
The above figure illustrates the user and admin interaction through this diagram, the
user should register before proceeding to buy products. Once the user login into the system
now user is allowed to view the products, purchase the products from the shopping
application.
CLASS DIAGRAM
Class Diagram
In figure shows that the relationship between the user and the admin. How the
shopping website is working. First the registration will takes place, then the user should
login to the page, after that they proceed to shopping, once the shopping process is done it
will automatically goes to the payment page.
SEQUENCE DIAGRAM
A sequence diagram is an interaction diagram that show how processes operate with
own another and what is their order. It is a construct of a message sequence chart. A
sequence diagram shows object interaction arranged in time sequence. Sequence diagram
are sometimes called event diagram. The below figure 5.2.3 shows user can directly
register to multiple sources. The admin maintains the credential authentication, approving
product details from the investor. Finally the admin will logout the form.
Sequence Diagram
The fig shows that the sequence diagram for protecting investors privacy in online
trading system, the process takes place the interaction between the different actors in the
existing system.
The figure 5.2.5 shows that protecting investors privacy in online trading system
how the system is divided into subsystems , each deals with one or more data flows from an
external agent. It also identifies the internal data stores of products, payment credinals,
user management, viewing the items.
ACTIVITY DIAGRAM
The above diagram illustrate that the activity contained by the users, publisher and
the application itself each of the activity is interlinked, the process of each of the activity is
different in nature. Such as view items, add to cart, manage user details and payment
details. After completing all of the activity automatically it will turned to terminate the
processes.
4.1. INPUT DESIGN
4.1.4 OUTPUT DESIGN
4.1.5 DATABASE DESIGN
ADMIN:
USER REGISTRATION:
ATM CARD:
PRODUCTS:
PUBLISHERS:
ADMIN :
USER REGISTRATION:
ATM CARD:
PRODUCTS:
PUBLISHERS:
Unit Testing
Integration Testing
Validation Testing
Output Testing
Unit testing involves the design of test cases that validate that the internal program logic
is functioning properly, and that program inputs produce valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific
business process, application, and/or system configuration. Unit tests ensure that each
unique path of a business process performs accurately to the documented specifications
and contains clearly defined inputs and expected results.
Validation refers to the data ,validation of ensuring that data inserted into an application
Satisfies pre-determined formats or complies with stated length and character requirement
and other defined input criteria. It may also ensure that only data that is either true or real
can be entered into a database. There are two types of validation that can check the
authenticity and reliability of the user input.
5.2.SYSTEM SECURITY
The protection of computer based resources that includes hardware software, data,
procedures and people against unauthorized use or natural disaster is known as system
security
System Security can be divided into four related issues:
Security
Integrity
Privacy
Confidentiality
6.1 CONCLUSION
In future Some malware can attack the big data that should be defend by some
implementation technique in my project access control and encryption has some default in
future to overcome the defects of attributes errors.
7.APPENDIX
ADMIN.JSP
<%@page import="java.sql.*"%>
<!DOCTYPE html>
<html>
<head>
<title>JSP Page</title>
</head>
<body>
<%
Class.forName("com.mysql.jdbc.Driver");
Connection conn =
DriverManager.getConnection("jdbc:mysql://localhost:3306/shopping" ,"root","root");
pst.setString(1, mail);
pst.setString(2, password);
ResultSet rs = pst.executeQuery();
if(rs.next())
%>
<script>
alert("Login Successful")
window.location.replace("ahome.jsp");
</script>
<% }
else{
%>
<script>
alert("invalid user")
window.location.replace("admin.html");
</script>
<% }
%>
</body>
</html>
LOGIN.JSP
<%--
Document : login
Author : Admin
--%>
<%@page import="java.sql.*"%>
<html>
<head>
<title>JSP Page</title>
</head>
<body>
<%
String name="",mail1="",phone="",address="",state="",city="",zip="",id="";
Class.forName("com.mysql.jdbc.Driver");
Connection conn =
DriverManager.getConnection("jdbc:mysql://localhost:3306/shopping" ,"root","root");
pst.setString(1, mail);
pst.setString(2, password);
ResultSet rs = pst.executeQuery();
if(rs.next())
name=rs.getString("name");
mail1=rs.getString("mail");
phone=rs.getString("phone");
address=rs.getString("address");
state=rs.getString("state");
city=rs.getString("city");
zip=rs.getString("zipcode");
String password1=rs.getString("password");
id=rs.getString("id");
HttpSession ses=request.getSession();
HttpSession session1=request.getSession();
ses.setAttribute("uname", name);
ses.setAttribute("mail1", mail1);
ses.setAttribute("phone", phone);
ses.setAttribute("address", address);
ses.setAttribute("state", state);
ses.setAttribute("city", city);
ses.setAttribute("zip", zip);
ses.setAttribute("password", password1);
ses.setAttribute("id", id);
session1.setAttribute("mail1", mail1);
%>
<script>
alert("Login Successful")
window.location.replace("home.jsp");
</script>
<% }
else{
%>
<script>
alert("invalid user")
window.location.replace("login.html");
</script>
<% }
%>
</body>
</html>
PAYMENT.JSP
<html>
<head>
<style>
body {
font-family: Arial;
font-size: 17px;
padding: 8px;
}
*{
box-sizing: border-box;
.row {
display: flex;
flex-wrap: wrap;
margin: 0 -16px;
.col-25 {
flex: 25%;
.col-50 {
flex: 50%;
.col-75 {
flex: 75%;
}
.col-25,
.col-50,
.col-75 {
padding: 0 16px;
.container {
background-color: #f2f2f2;
border-radius: 3px;
input[type=text] {
width: 100%;
margin-bottom: 20px;
padding: 12px;
border-radius: 3px;
label {
margin-bottom: 10px;
display: block;
.icon-container {
margin-bottom: 20px;
padding: 7px 0;
font-size: 24px;
.btn {
background-color: #4CAF50;
color: white;
padding: 12px;
margin: 10px 0;
border: none;
width: 100%;
border-radius: 3px;
cursor: pointer;
font-size: 17px;
.btn:hover {
background-color: #45a049;
}
a{
color: #2196F3;
hr {
span.price {
float: right;
color: grey;
/* Responsive layout - when the screen is less than 800px wide, make the two columns
stack on top of each other instead of next to each other (also change the direction - make
the "cart" column go on top) */
.row {
flex-direction: column-reverse;
.col-25 {
margin-bottom: 20px;
</style>
</head>
<body>
<div class="row">
<div class="col-75">
<div class="container">
<form action="atmcard.jsp">
<%
HttpSession ses=request.getSession();
String name=ses.getAttribute("uname").toString();
String mail=ses.getAttribute("mail1").toString();
String phone=ses.getAttribute("phone").toString();
String address=ses.getAttribute("address").toString();
String state=ses.getAttribute("state").toString();
String city=ses.getAttribute("city").toString();
String zip=ses.getAttribute("zip").toString();
%>
<div class="row">
<div class="col-50">
<h2>Product details</h2>
<h3>Billing Address</h3>
<div class="row">
<div class="col-50">
<label for="state">State</label>
</div>
<div class="col-50">
<label for="zip">Zip</label>
</div>
</div>
</div>
<div class="col-50">
<h3>Payment</h3>
<div class="icon-container">
</div>
<label for="cname">Name on Card</label>
<div class="row">
<div class="col-50">
</div>
<div class="col-50">
<label for="cvv">CVV</label>
</div>
</div>
</div>
</div>
<label>
</label>
</div>
</div>
</div>
</body>
</html>
BOOK:
WEB REFERENCE:
https://www.w3schools.com/java/
https://www.webyog.com
https://www.w3schools.com/php/php_mysql_intro.asp
7.1 TEST PROCEDURE
Functional Testing
System Testing
Acceptance Testing
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.