Sie sind auf Seite 1von 8

PKI Based Leave Management System

Mayank kumar Choudhary


Jayati Dwivedi

Ram AnilKumar Lalji


Shekhar Suman

Abstract This web application describes a leave management system which is based on PKI. It can be used in any organization, where employees can apply for leaves which can be duly digitally signed using their valid digital certificate issued by the organization or the valid CA. This digital signature will hold equal credibility as the hand holding signatures do. It specializes in evolving a legacy paper-based environment into a fully electronic process, utilizing Digital Signatures as strong auditable stamps of approval in accordance with IT act.

this Certificate Authority, any information in certificates issued by the authority can be trusted. B.Cryptography :- Cryptography is the science of information security. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Modern cryptography concerns itself with the following four objectives: 1) Confidentiality :- Ensures that information is not disclosed to unauthorized parties. Analogy in non-electronic world:- A sealed envelope in a diplomatic pouch, personally hand-delivered by a governmental courier, provides reasonable assurance that the information conveyed is not disclosed to anyone and the confidentiality of the message is maintained. 2) Integrity:- Ensures that data has not been modified or tampered with during transit, from the time it left the originator to the time it reached the recipient Analogy in non-electronic world:- A traditional signed message enclosed in a sealed envelope supports a moderate degree of integrity. Provided that the envelope does not have obvious signs of tampering, the recipient can be reasonably confident that the message inside is that which the sender actually enclosed. 3) Non-repudiation Ensures that neither party can revoke or deny their role in a transaction, or make false claims about posing or accepting an offer Analogy in non-electronic world:- A handwritten, signed message in a sealed envelope, delivered by registered mail, supports a moderate degree of non-repudiation. Handwritten signatures contain attributes that permit moderately strong authentication. They are difficult to forge, and permit verification of the signer's identity. The sealed

A. Public key infrastructure :- PKI is a vital part of IT security and consists of protocols, services, and standards supporting applications of public key cryptography. One of the strongest value propositions of PKI in technology implementation is with its ability to establish strong, auditable, and well modeled electronic business processes (and workflows) that depart from paper based transactions. In public key cryptography a key-pair, consisting of a private and a public key, can be used to create digital signatures. Signatures are created with the private key and can be verified using the public key. A public key certificate contains the public key and information about the holder of the matching private key. Given a certificate and a signature it is possible to verify that a signature has been created by the holder of the private key matching the public key in the certificate. A successful signature verification also means the identity of the private key holder that created the signature is known, since this information is available in the certificate. The information in the certificate has to be correct and trustworthy. A certificate is always signed by a Certificate Authority's private key to guarantee that the information about a holder of a private key is correct. The Certificate Authority has itself a certificate with a matching public key to its private key. Given this Certificate Authority certificate, and that we trust

envelope retains the integrity of the message, and a return receipt generated on delivery can confirm its delivery to the intended recipient. Thus, neither party can deny their participation in the transaction, since the existence of a clear audit trail makes it very difficult for either party to state any false claims about sending or receiving the letter. 4) Authentication Ensures that the parties involved in the transaction are who they say they are Analogy in non-electronic world:-A person's passport is a secure document issued by a Passport Office, certifying that the person is who he or she claims to be. This provides a moderate degree of user authentication when a traveler is asked to present his or her passport upon entering a foreign country. C. Types of cryptographic algorithms :There are several ways of classifying cryptographic algorithms. 1.Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption 2.Public Key Cryptography (PKC): Uses one key for encryption and another for decryption. 3.Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information. Secret key Cryptography :With secret key cryptography, a single key is used for both encryption and decryption, the sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher. Stream ciphers come in several flavors but two are worth mentioning here. Self-synchronizing stream ciphers calculate each bit in the keystream as a function of the previous n bits in the keystream. It is termed "self-synchronizing" because the decryption process can stay synchronized with the encryption process merely by knowing how far into the n-bit

keystream it is. One problem is error propagation; a garbled bit in transmission will result in n garbled bits at the receiving side. Synchronous stream ciphers generate the keystream in a fashion independent of the message stream but by using the same keystream generation function at sender and receiver. While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so that the keystream will eventually repeat Public key cryptography : Public-key cryptography has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key. PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy to computer whereas their inverse function is relatively difficult to compute. Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography. In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party. It is straight forward to send messages under this scheme. Suppose Alice wants to send Bob a message. Alice encrypts some information using Bob's public key; Bob decrypts the ciphertext using his private key. This method could be also used to prove who sent a message; Alice, for example, could encrypt some plaintext with her private key; when Bob decrypts using Alice's public key, he knows that Alice sent the message and Alice cannot deny having sent the message (non-repudiation). Hash Functions :- Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file. Hash algorithms that are in common use today include:

Message Digest (MD) algorithms: A series of byteoriented algorithms that produce a 128-bit hash value from an arbitrary-length message. MD2 (RFC 1319): Designed for systems with limited memory, such as smart cards. (MD2 has been relegated to historical status, per RFC 6149.) MD4 (RFC 1320): Developed by Rivest, similar to MD2 but designed specifically for fast processing in software. (MD4 has been relegated to historical status, per RFC 6150.) MD5 (RFC 1321): Also developed by Rivest after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data. MD5 has been implemented in a large number of products although several weaknesses in the algorithm were demonstrated by German cryptographer Hans Dobbertin in 1996 ("Cryptanalysis of MD5 Compress"). Secure Hash Algorithm (SHA): Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 (aka SHA-2) describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -512 are also described in RFC 4634. D.Public-Key Cryptography Standards (PKCS): A set of interoperable standards and guidelines for public-key cryptography, designed by RSA Data Security Inc. PKCS #1: RSA Cryptography Standard (Also RFC 3447) PKCS #2: Incorporated into PKCS #1. PKCS #3: Diffie-Hellman Key-Agreement Standard PKCS #4: Incorporated into PKCS #1. PKCS #5: Password-Based Cryptography Standard (PKCS #5 V2.0 is also RFC 2898) PKCS #6: Extended-Certificate Syntax Standard (being phased out in favor of X.509v3) PKCS #7: Cryptographic Message Syntax Standard (Also RFC 2315) PKCS #8: Private-Key Information Syntax Standard (Also RFC 5208) PKCS #9: Selected Attribute Types (Also RFC 2985) PKCS #10: Certification Request Syntax Standard (Also RFC 2986) PKCS #11: Cryptographic Token Interface Standard PKCS #12: Personal Information Exchange Syntax Standard PKCS #13: Elliptic Curve Cryptography Standard

PKCS #14: Pseudorandom Number Generation Standard is no longer available PKCS #15: Cryptographic Token Information Format Standard E.Digital Signature :- It is a mathematical scheme for demonstrating the authenticity of a digital message or document.

Illustration 1: Creating a Digital Signature

A simple generic scheme for creating and verifying a digital signature is shown in Illustration 1 and 2, respectively. A hash function is applied to the message that yields a fixedsize message digest. The signature function uses the message digest and the senders private key generate the digital signature. At the receiver, the inverse signature function is applied to the digital signature to recover the original message digest. The received message is subjected to the same hash function to which the original message was subjected. The resulting message digest is compared with the one recovered from the signature. If they match, then it ensures that it has not been altered.

Illustration 2: Signature Verification

F. Java Security :- The Java Security API is a new Java core API, built around the package. The cryptography framework in the Java Security API is designed so that a new algorithm can be added later on without much difficulty and can be utilized in the same fashion as existing algorithms. The java security packages which were used are as follows :- This class represents an in-memory collection of keys and certificates. :- This class represent a private key. :- This Signature class is used to provide applications the functionality of a digital signature algorithm. :- This MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA This class represent a public key and its components. managing a variety of identity certificates class for

Assign authority: Establish what actions the holder may or may not take based upon this certificate. Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality). X.509 is the standard digital certificate which we have used. The contents in the X.509 certificates are, Serial Number: Used to uniquely identify the certificate. Subject: The person, or entity identified. Signature Algorithm: The algorithm used to create the signature. Signature: The actual signature to verify that it came from the issuer. Issuer: The entity that verified the information and issued the certificate. Valid-From: The date the certificate is first valid from. :- Abstract class for X.509 certificates. The General Security Exception class is a generic security exception class that provides type safety for all the security-related exception classes that extend from it. :- This is the generic KeyStore exception. G. Digital Certificate :- A digital certificate is an electronic document which uses a digital signature to bind a public key with an identity, information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. For purposes of electronic transactions, certificates are digital documents. The specific functions of the certificate include: Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.

Valid-To: The expiration date. Key-Usage: Purpose of the public key. Public Key: The public key. Thumb print Algorithm: The algorithm used to hash the public key. Thumb print: The hash itself, used as an abbreviated form of the public key. H. Javascript:- Javascript is an easy-to-use programming language that can be embedded in the header of our web pages. It can enhance the dynamics and interactive features of our page by allowing us to perform calculations, check forms, add special effects, customize graphics selections, create security passwords and more. I. Java applet :- A Java applet is an applet delivered to users in the form of Java bytecode. Java applets can run in a Web browser using a Java Virtual Machine (JVM). Java applets are executed in a sandbox by most web browsers, preventing them from accessing local data like clipboard or file system. The code of the applet is downloaded from a web server and the browser either embeds the applet into a web page or opens a new window showing the applet's user interface. A Java applet extends the class java.applet.Applet, or in the case of a Swing applet, javax.swing.JApplet. The class must override methods from the applet class to set up a user interface inside itself (Applet is a descendant of Panel which is a descendant of Container. As applet inherits from container, it has largely the same user interface possibilities as an ordinary Java application, including regions with user specific visualization. It can move the work from the server to the client, making a web solution more scalable with the number of users/clients.

Illustration 3: Sample Digital Certificate in X.509 standard

An untrusted applet has no access to the local machine and can only access the server it came from. This makes such an applet much safer to run than a standalone executable that it could replace. However, a signed applet can have full access to the machine it is running on if the user agrees. II.IMPLEMENTATION DETAILS A . Creating database:- Firstly we need to create a database where various data regarding the employees and their leaves will be stored(Illustration 3). We have used MySql 5.5 for creating the database. MySql is a relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases.

A servlet is a Java programming language class used to extend the capabilities of servers that host applications accessed via a request-response programming model. Although servlets can respond to any type of request, they are commonly used to extend the applications hosted by Web servers. Thus, it can be said that Java Applet runs on a server instead of a browser. To deploy and run a Servlet, a Web container must be used. A Web container is essentially the component of a Web server that interacts with the servlets. The Web container is responsible for managing the life cycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access rights. The servlet API, contained in the Java package hierarchy javax.servlet, defines the expected interactions of the Web container and a servlet. C. Connecting the pages with the database :- As soon as the creation of the database and the pages have completed we needed to establish a connectivity between our pages and the database. We have fulfilled our purpose with the help of JDBC which provides a standard library for accessing relational databases. JDBC consists of two parts, one is JDBC API which is a purely java-based API and another is JDBC Driver Manager which communicates with vendorspecific drivers that perform the communication with the database. D. Writing code for creating/verifying digital signature :- We have developed java code to perform following steps1. Generate a digital signature for the data using the private key.

Illustration 4: Database Schema

B. Working with JSP and servlets:- Along with the creation of the database we also needed to create HTML/JSP pages from where the user will enter the information regarding the authentication, their digital certificates and leave application. For creating these pages we have used tools like MyEclipse, Photoshop and Dreamweaver. JavaServer Pages (JSP) is a Java technology that helps software developers serve dynamically generated web pages based on HTML, XML, or other document types . Many Web pages that are built by CGI programs are mostly static, with the dynamic part limited to a few small locations. But most CGI variations, make you generate the entire page via your program, even though most of it is always the same. JSP may be viewed as a high-level abstraction of Java servlets. JSPs are compiled into servlets by a JSP compiler. The compiler either generates a servlet in Java code that is then compiled by the Java compiler, or it may compile the servlet to byte code which is directly executable.

2. Verifying the digital signature by using public key To create and verify the digital signatures we have used JDK security API. 1). Generating a digital signature- To generate the digital signature we need private key of sender which is extracted from the .p12 certificate file given by user. JAVA security API provides method to generate instance for keystore where certificate could be retrieved to extract private key. To create the digital signature, the signature class has been used to provide the functionality of a digital signature algorithm such as DSA or RSA with SHA1 or SHA256. A signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (fixed-size) string of bytes, called the signature. A Signature object generated is known as a digital signature for data.

Illustration 5: Applying leave after digitally signing

Also, to create digital signature message digest of the data has been created which is done by using MessageDigest class. The MessageDigest class provides the functionality of cryptographically secure message digests such as SHA-256 or MD5 or SHA1. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest. Verifying the digital signature- To verify the digital signature we need public key corresponding to the private key used for signing the data. This is done by exporting the public key file stored in the database (stored initially at the time of registration). Then the signature bytes from the file specified has been taken and a Signature object was created by initializing it with the public key for verifying the signature. Supplied it with the data whose signature is to be verified (from the file specified as the third command line argument), and verified the signature.

E). Important source files :index.jsp :- This page provides the login interface between user and the database. loginerror.jsp :- In case of any login error this page will be displayed. signup.jsp :- This is the registration page for the first time user. certificate-upload.jsp :- For the first time user, this page asks the user to upload his/her valid digital certificate. view.jsp :- In this page user is being asked that whether he/she wants to apply leave in text application or form application. app-leave.jsp :- By clicking text application checkbox in view.jsp user is being redirected to this page. In this page details of the leave is asked in text format and it can be digitally signed after that. submit-leave.jsp :- By clicking form application checkbox in view.jsp user is being redirected to this page. In this page the details of the leave like starting date, end date, apply date of the leave etc are being asked and the leave application can be digitally signed after that. status-leave.jsp :- This page asks the user to enter his choice for checking the status of the leave application. i.e. Text application status or form application status. checkapp-leave.jsp:- This page gives the information about the status of the leave applied in the text application. checksubmit-leave.jsp :-This page gives the information about the status of the leave applied in the form application. renew-pass.jsp :- This page helps the user to change his password in case he forgot it. dbconerror.jsp :- This page will be displayed in case of the database connectivity error. approveapp-leave.jsp:- This page will be visible only to the leave approving authority and will approve text application. approvesubmit-leave.jsp :- This page will be visible only to the leave approving authority and will approve form application. change-certificate.jsp :- In case the user want to upload a new certificate this page will be needed.

Illustration 8: Asking user permission to load applet

Illustration 7: LMS Work Flow :- This JAVA servlet file extracts the public key and serial number from the certificate(.crt) submitted by the user and save in the database. :- It creates the hash value (SHA-256) of the data passed to it. :- This JAVA file contains the function to verify the digital signature using the certificate(.crt) of the user. :- This JAVA file contains the function to create the applet, to extract the private key from .p12 file and to create the digital signature (SHA256 with RSA) web.xml :- It contains the code to map the servlets files with the action url of the JSP and various servers and page configuration. III.RESULTS This Web application will give a secure flow to the process of applying/approving/disapproving leave in any organization. It gives user the privilege to sign the application using their digital certificate. Before signing the document it asks the user the password for .p12 file.

Illustration 9: Entering (.p12 or .pfx) password



A. For digitally signing the application .p12 or .pfx file is needed which can not be transferred to the server for extracting private key. Thus it required the computation to be done on the client side on .p12 file for which JAVA applet was needed but applet doesn't had the permission to access the local file system. B. As the proper connectivity was needed between the Apache Tomcat and MySql servers, but it took time to set up this deployment environment.

A. Proper validation for the data entered by the user is yet to be implemented. B. Leave rules conditions needed to be implemented. VI.REFERENCES

[1]Beginning JSP 2.0, B. Galbraith, P, Den Haan, L. Lavandowska, P. K. Perumal, E. Scarbi [2]Head First Servlets and JSP, Bert Bates, Kathy Sierra, Bryan Basham [3]Digital Signatures, S.R. Subramanya, Byung K YI. [4]A Workflow Based Architecture for Public Key Infrastructure, Johan Eklund [5] Digital Signature Standards, Information Technology Laboratory National Institute of Standards and Technology [6] Practical Security Aspects of Digital Signature Systems, Florian Nentwich, Engin Kirda, and Christopher Kruegel Secure Systems Lab, Technical University Vienna [7]An Introduction to Cryptography and Digital Signatures, Ian Curry

[8]Lecture Notes on Cryptography, Shafi Goldwasser, Mihir Bellare [9]Beginning JSP 2: From Novice to Professional, Peter den Haan, Lance Lavandowska, Sathya Narayana Panduranga, Krishnaraj Perrumal. [10] [11] [12] [13] http://www.nakov.com_ [14] [15] [16]