CHAPTER-1

Introduction

With the increasing popularity of Web 2.0 applications like Google Gmail and Google Docs, people are moving their private data and communication information from their local storage to the online application providers. These online applications offer reliable storages and ease to access services. With the AJAX techniques these applications only rely on browsers with common features including HTML, JavaScript and CSS, without the need of installing any browser plugins or software. These applications make the exchange, management and access of data much simpler than previous desktop applications. While acquiring ease of use services, users will have to give the control of their data privacy to the application providers. Although application providers announce that these private data will not be abused and will be automatically handled without the involvement of administrators, these applications did not provide any mechanisms to guarantee this promise. Users have to trust the providers to be reliable and honest, and will “do no evil”. But some providers have “done evil”. One famous example is Yahoo providing user information in its email system to government that helped land a journalist in prison for 10 years . And the leakage of private information will bring greater harm to enterprise users. Some providers like Google and Yahoo also provide services such as Google Apps for enterprise users to take the place of their own email servers and applications. The misuse of provider’s privilege will bring huge losses for their customers

1.1 Abstracts

Secure communication is an intrinsic requirement of today’s world of on-line transactions. Whether exchanging financial, business or personal information, people want to know with whom they are communicating (authentication) and they wish to ensure that the information is neither modified (data integrity) nor disclosed (confidentiality) in transit. The growing popularity of web applications in the last few years has led users to give the management of their data to online application providers, which will endanger the security and privacy of the users.

In this project, we present WebIBC, which integrates public key cryptography into web applications without any browser plugins. The implementation and performance evaluation demonstrate that WebIBC is secure and efficient both in theory and practice.

1.2 Scope:

Web Application (here web-email) enhanced with web Identity Based Cryptography have the following features:

· When sending email using IBC there is no need for an online lookup to obtain the recipient’s certificate.

· Senders can send email that can only read at some specified time in the future, since public key contains expiration date.

Public key certificates contain a preset expiration date. In an IBE system key expiration can be done by having user1 e-mail sent user2 using the public key:

In doing so user2 can use his private key during the current year only. Once a year user2 needs to obtain a new private key from the PKG. also provide services such as Google Apps for enterprise users to take the place of their own email serves and applications. The misuse of provider’s privilege will bring huge losses for their customers.

CHAPTER-2

ORGANIZATION PROFILE

In this world of increasing globalization, Stupors moves forward to meet the challenges of the future through the development of R & D projects in various domains. R & D project sector attracts the most prominent thinkers and practitioners in a range of fields that impinge on development. The global presence and reach attained by Stupors are not only substantiated by its presence, but also in terms of the training students in R & D project development.

Over the decade, Stupors, a Subsidiary of Spiro Technologies & consultant Pvt. Ltd provides a wide range of R & D project development training. Our uniqueness lies in the exclusive R & D project development. Accordingly, we created a setting that is enabling, dynamic and inspiring for the increase of solutions to global problems by R & D project development. Developing appropriate, responsible, innovative and practical solutions to students, by assisting in R & D project development. All our research is stranded in the need to provide an industry based training for students.

CHAPTER-3

SYSTEM ANALYSIS

3.1 Existing System:

In existing system, security is achieved through certificate management and certificate authority by using traditional Public Key Cryptography.
The public key authentication will increase the communication cost and storage capacity.

3.2 Proposed System:

Enhancing web application with web Identity Based Cryptography and Private Key Generator (Trusted Authority)
Every user needs to authenticate him to authority by providing some credentials he has owned the identity, and the authority will extract the private key from the master secret according to user’s identity.
The public and private key pair is generated using Elliptic Curve Cryptography (ECC)
It should be noticed that all the cryptography operations are all done within the browser, and the server can only receive the cipher text. The security and privacy of end users can be protected from attacks both on network and server side. From another point of view, server is also free from the burden of cryptography operations which means WebIBC is a good model for distributed computation based on web browsers.

3.3 System Requirements:

Hardware:

PROCESSOR	:	PENTIUM IV 2.6 GHz
RAM	:	512 MB DD RAM
MONITOR	:	15” COLOR
HARD DISK	:	20 GB
CDDRIVE	:	LG 52X
KEYBOARD	:	STANDARD 102 KEYS
MOUSE	:	3 BUTTONS

Software:

FRONT END	:	J2ee (JSP)
TOOL USED	:	Dreamweaver
OPERATING SYSTEM	:	Window’s Xp
BACK END	:	Sql Server 2000

3.4 System Architecture

A system architecture or systems architecture is the conceptual design that defines the structure and/or behavior of a system.

An architecture description is a formal description of a system, organized in a way that supports reasoning about the structural properties of the system. It defines the system components or building blocks and provides a plan from which products can be procured, and systems developed, that will work together to implement the overall system. This may enable one to manage investment in a way that meets business needs.

CHAPTER-4

TEST PLAN

A test plan is a systematic approach to testing a system such as a machine or software. The plan typically contains a detailed understanding of what the eventual workflow will be.

A test plan documents the strategy that will be used to verify and ensure that a hardware product or system meets its design specifications and other requirements. A test plan is usually prepared by or with significant input from Test Engineers.

Depending on the product and the responsibility of the organization to which the test plan applies, a test plan may include one or more of the following:

Design Verification or Compliance test - to be performed during the development or approval stages of the product, typically on a small sample of units.
Manufacturing or Production test - to be performed during preparation or assembly of the product in an ongoing manner for purposes of performance verification and quality control.
Acceptance or Commissioning test - to be performed at the time of delivery or installation of the product.
Service and Repair test - to be performed as required over the service life of the product.

A complex system may have a high level test plan to address the overall requirements and supporting test plans to address the design details of subsystems and components.

Test plan document formats can be as varied as the products and organizations to which they apply, but there are three major elements of a test strategy that should be described in the test plan: Test Coverage, Test Methods, and Test Responsibilities.

Test coverage in the test plan states what requirements will be verified during what stages of the product life. Test Coverage is derived from design specifications and other requirements, such as safety standards or regulatory codes, where each requirement or specification of the design ideally will have one or more corresponding means of verification. Test coverage for different product life stages may overlap, but will not necessarily be exactly the same for all stages. For example, some requirements may be verified during Design Verification test, but not repeated during Acceptance test. Test coverage also feeds back into the design process, since the product may have to be designed to allow test access

Test methods in the test plan state how test coverage will be implemented. Test methods may be determined by standards, regulatory agencies, or contractual agreement, or may have to be created new. Test methods also specify test equipment to be used in the performance of the tests and establish pass/fail criteria. Test methods used to verify hardware design requirements can range from very simple steps, such as visual inspection, to elaborate test procedures that are documented separately as Test Cases under various Test Scenarios.

Test responsibilities include what organizations will perform the test methods and at each stage of the product life. This allows test organizations to plan, acquire or develop test equipment and other resources necessary to implement the test methods for which they are responsible. Test responsibilities also includes, what data will be collected, and how that data will be stored and reported (often referred to as "deliverables"). One outcome of a successful test plan should be a record or report of the verification of all design specifications and requirements as agreed upon by all parties.

4.1 Test Coverage of Code:

Code coverage is a measure used in software testing. It describes the degree to which the source code of a program has been tested. It is a form of testing that inspects the code directly and is therefore a form of white box testing. Currently, the use of code coverage is extended to the field of digital hardware, the contemporary design methodology of which relies on Hardware description languages (HDLs).

Code coverage techniques were amongst the first techniques invented for systematic software testing. The first published reference was by Miller and Maloney in Communications of the ACM in 1963.

To measure how well the program is exercised by a test suite, one or more coverage criteria are used. There are a number of coverage criteria, the main ones being:

Function coverage - Has each function in the program been executed?
Statement coverage - Has each line of the source code been executed?
Decision coverage (also known as Branch coverage) - Has each control structure (such as an if statement) evaluated both to true and false?
Condition coverage - Has each Boolean sub-expression evaluated both to true and false (this does not necessarily imply decision coverage)?
Path coverage - Has every possible route through a given part of the code been executed?
Entry/exit coverage - Has every possible call and return of the function been executed?

Safety-critical applications are often required to demonstrate that testing achieves 100% of some form of code coverage. Some of the coverage criteria above are connected. For instance, path coverage implies decision, statement and entry/exit coverage. Decision coverage implies statement coverage, because every statement is part of a branch.

Full path coverage, of the type described above, is usually impractical or impossible. Any module with a succession of

n

decisions in it can have up to

2 n

paths within it; loop constructs can result in an infinite number of paths. Many paths may also be infeasible, in that there is no input to the program under test that can cause that particular path to be executed. However, a general-purpose algorithm for identifying infeasible paths has been proven to be impossible [citation needed] (such an algorithm could be used to solve the halting problem). Techniques for practical path coverage testing instead attempt to identify classes of code paths that differ only in the number of loop executions, and to achieve "basis path" coverage the tester must cover all the path classes.

The target software is built with special options or libraries and/or run under a special environment such that every function that is exercised (executed) in the program(s) is mapped back to the function points in the source code. This process allows developers and quality assurance personnel to look for parts of a system that are rarely or never accessed under normal conditions (error handling and the like) and helps reassure test engineers that the most important conditions (function points) have been tested. The resulting output is then analyzed to see what areas of code have not been exercised and the tests are updated to include these areas as necessary. Combined with other code coverage methods, the aim is to develop a rigorous, yet manageable, set of regression tests.

Test engineers can look at code coverage test results to help them devise test cases and input or configuration sets that will increase the code coverage over vital functions. Two common forms of code coverage used by testers are statement (or line) coverage and path (or edge) coverage. Line coverage reports on the execution footprint of testing in terms of which lines of code were executed to complete the test. Edge coverage reports which branches or code decision points were executed to complete the test. They both report a coverage metric, measured as a percentage. The meaning of this depends on what form(s) of code coverage have been used, as 67% path coverage is more comprehensive than 67% statement coverage.

Generally, code coverage tools and libraries exact a performance and/or memory or other resource cost which is unacceptable to normal operations of the software. Thus, they are only used in the lab. As one might expect, there are classes of software that cannot be feasibly subjected to these coverage tests, though a degree of coverage mapping can be approximated through analysis rather than direct testing.

There are also some sorts of defects which are affected by such tools. In particular, some race conditions or similar real time sensitive operations can be masked when run under code coverage environments; and conversely, some of these defects may become easier to find as a result of the additional overhead of the testing code.

Code coverage may be regarded as a more up-to-date incarnation of debugging in that the automated tools used to achieve statement and path coverage are often referred to as “debugging utilities”. These tools allow the program code under test to be observed on screen whilst the program is executing; additionally, commands and keyboard function keys are available to allow the code to be “stepped” through literally line by line. Alternatively, it is possible to define pinpointed lines of code as “breakpoints” which will allow a large section of the code to be executed, then stopping at that point and displaying that part of the program on screen. Judging where to put breakpoints is based on a reasonable understanding of the program indicating that a particular defect is thought to exist around that point. The data values held in program variables can also be examined and, in some instances, altered (with care) to try out “what if” scenarios. Clearly, use of a debugging tool is more the domain of the software engineer at a unit test level and it is more likely that the software tester will ask the software engineer to perform this [citation needed]. However, it is useful for the tester to understand the concept of a debugging tool.

4.2 Test Management:

Test management is the activity of managing some tests. A test management tool is a Software used by Quality Assurance team to manage the tests (automatic or not) that have been previously specified. It is often associated with an Automation software. Test Management Tools often include Requirements and/or Specifications management modules that allow to automatically generate the RTM (Requirement Test Matrix) which is one of the main metric to know the functional coverage of the SUT (System Under Test). This consists in checking how many requirements and/or specifications are covered by the available tests (do not mix with code coverage which is a totally different concept).

Test definition includes: test plan, association with product Requirements and Specifications. Eventually, some relationship can be set between tests so that precedences can be established. i.e. if test A is parent of test B and if test A is failing, then it may be useless to perform test B. Tests should also be associated with priorities. Every change on a test must be versioned so that the QA team has a comprehensive view of the history of the test.

4.3 Testing Tools:

1. Testing is a process of executing a program with the intent of finding an error.

2. A good test case is one that has a high probability of finding an as yet undiscovered error.

3. A successful test is one that uncovers an as yet undiscovered error.

Testing should systematically uncover different classes of errors in a minimum amount of time and with a minimum amount of effort. A secondary benefit of testing is that it demonstrates that the software appears to be working as stated in the specifications. The data collected through testing can also provide an indication of the software's reliability and quality. But, testing cannot show the absence of defect -- it can only show that software defects are present.

Database testing

· Use Integration testing

· MbUnit, NUnit, XUnit Rollback attributes

· Transaction Scope

Web Testing

· Ivonna and Typemock

· Team System Web Test

· NUnitASP

· Watin

· Watir

· Selenium

UI Testing

· NunitForms

· Project White

· Team System UI Tests

· Typemock Isolator

· Threading Related Testing

· Microsoft Chess

· Typemock Racer

· Osherove.ThreadTester

· General Testing

· Pex

Acceptance Testing

· Fit & Fitnesse

· Watin and Watir and selenium

CHAPTER-5

ELLIPTIC CURVE CRYPTOGRAPHY

Elliptic Curve Cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosystems (RSA, DSA, DH). ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth savings. While these characteristics make ECC especially appealing for mobile devices, they can also alleviate the computational burden on secure web servers. This article studies the performance impact of using ECC with SSL, the dominant Internet security protocol. We created an ECC-enhanced version of OpenSSL and used it to benchmark the Apache web server. Our results show that, under realistic workloads, an Apache web server can handle 13%–31% more HTTPS requests per second when using ECC-160 rather than RSA-1024 reflecting short-term security levels. At security levels necessary to protect data beyond 2010, the use of ECC-224 over RSA-2048 improves server performance by 120%–279%.

5.1 Introduction:

The Secure Sockets Layer (SSL) protocol is the most popular choice for achieving these goals. The SSL protocol is application independent – conceptually, any application that runs over TCP can also run over SSL. This is an important reason why its deployment has outpaced that of other security protocols such as SSH, S/MIME and SET. There are many examples of application protocols like TELNET, FTP, IMAP and LDAP running transparently over SSL.

However, the most common usage of SSL is for securing HTTP the main protocol of the World Wide Web.2 Between its conception at Netscape in the mid-1990s, through its standardization within the IETF (Internet Engineering Task Force) in the late-1990s, the protocol and its implementations have been scrutinized by some of the world’s foremost security experts Today, SSL is trusted to secure transactions for sensitive applications ranging from web banking, to stock trading, to e-commerce.

Unfortunately, the use of SSL imposes a significant performance penalty on web servers. Coarfa et al. have reported secure web servers running 3.4 to 9 times slower compared to regular web servers on the same hardware platform. Slow response time is a major cause of frustration for on-line shoppers and often leads them to abandon their electronic shopping carts during check out. According to one estimate, the potential revenue loss from e-commerce transactions aborted due toWeb performance issues exceeds several billion dollars annually In its most common usage, SSL utilizes RSA encryption to transmit a randomly chosen secret that is used to derive keys for data encryption and authentication. The RSA decryption operation is the most compute intensive part of an SSL transaction for a secure web server. Several vendors such as Broadcom, nCipher, Rainbow and Sun now offer specialized hardware to offload RSA computations and improve server performance.

CHAPTER-8

SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product it is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.

8.1 Unit Testing

Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program input produces valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.

8.2 Integration Testing

Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components aimed at exposing the problems that arise from the combination of components.

8.3 Acceptance Testing

User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements.

CHAPTER-9

IMPLEMENTATION

9.1 Implementation

Implementation is the stage of the project where the theoretical design is turned in to a working system. At this stage the main work load, the greatest upheaval and the major impact on the existing system shifts to the user department if the implementation is not carefully planned and controlled I can cause chaos and confusion.

Implementation includes all those activities that takes place to convert from the older system to new one. The new system may be totally new, replacing an existing manual or automated system or it may be a major modification to an existing system. Proper implementation requirements. Successful implementation may not guarantee improvement in the organization using the new system, but improper installation will prevent it.

The process of putting the developed system in actual is called system implementation. This includes all those activities that takes place to convert from the older system to the new system; the system can be implemented only after through resting is done and if it is found to be working according to the specification.

The implementation stage involve following task

1. Careful planning

2. Investigation of system and constraints.

3. Design of methods to achieve the change over phase.

4. Evaluation of change over method.

Implementation Procedures

Implementation of software refers to the final installation of the packeges in its real environment, to the satisfaction of the intended users and the operation of the system.

In many organization some on who will not be sure be operating it, will commission the software development project. The people who are not sure that the software is meant to make their job easier. In the initial stage, they doubt about the software but we have to ensure that the resistance does not build up as one has to make that

1. The active user be aware of the benefits of using the system.

2. Their confidence in the software is built up.

Proper guidance is imparted to the user so that he is comfortable using the application.

9.2 IBC Modules:

Ø Authentication module

Ø Encryption Module

Ø KEY Server

Ø Decryption Module

Modules Descriptions:

Module1: Authentication module

This module will perform the authentication process. Every user must register to the E-Mail server as well as Key-Server. The E-Mail server will issue the Login Details and the key-Server will generate the public and private key for each and every user. Thus it allows only authorized users to access our E-Mail server.

Module 2: Encryption Module

This module is useful in achieving the security for our whole system by encrypting the E-Mail with DESede algorithm before sending the mail to the E-Mail server. Thus server will receive only the cipher text , because the E-mail message is encrypted in the client browser itself.

Module 3: KEY Server

The Key-Server module will generate the Private Key for each and every user and it will issue the private key to the users those who want to read the mail. Before issuing the private key to the user it will verify the user weather he is an authorized user or not.

Module 4: Decryption Module

The decryption module will decrypt the Received mail by using the downloaded private key from key-Server. After decrypting the mail the user can able to read that mail, unless he can’t read the Mail.

CHAPTER-10

SOURCE CODE

ACTION.jsp

<?xml version="1.0"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<head>

<title>CrystalX</title>

<!--

.style1 {font-family: Georgia, "Times New Roman", Times, serif}

-->

</style>

</head>

<!—Main-->

<!—Header-->

function validate()

{

if(document.getElementById("name").value=="")

{

alert("Enter Username");

return false

}

if(document.getElementById("pass").value=="")

{

alert("Enter password");

return false

}

return true

}

</script>

</head>

<br />

<font size="1">  For Clientside Security </font>

<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>

<hr />

</div>

</div>

<h3 class="noscreen">Navigation</h3>

<li><a href="#">Login<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="register.jsp">Register<span class="tab-l"></span><span class="tab-r"></span></a></li>

</ul>

</div>

<h2><span>Login</span></h2>

<p>

<tr >

<td><span class="style1"><font size="3">Username</font></span></td>

</tr>

<tr >

<td><span class="style1"><font size="3">Password</font></span></td>

</td>

</tr>

</table>

</form>

</p>

</div>

</div>

<h3 ><span>WebIBC</span></h3>

<FONT SIZE="2" face="Georgia">" <i>WebIBC   may use your email address to personalize your experience on their website.</i>"</FONT> <br><br>

</ul>

</div>

</div>

</div>

</div>

<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>

</div>

</div>

</body>

</html>

Action.jsp

<?xml version="1.0"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<head>

<%@ page import="java.sql.*"%>

<title>CrystalX</title>

<!--

.style1 {font-family: Georgia, "Times New Roman", Times, serif}

-->

</style>

</head>

<br />

<font size="1">  For Clientside Security </font>

<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>

<hr />

</div>

</div>

boolean flag = false;

String n = request.getParameter("name");

String p = request.getParameter("pass");

String add = request.getRemoteAddr();

<h3 class="noscreen">Navigation</h3>

<li><a href="myacc.jsp?name=<%=n%>">My Account<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="compose.jsp?name=<%=n%>">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>

</ul>

</div>

<h2><span>Welcome <%=n%> !</span><br>     

<a href ="showmail.jsp?name=<%=n%>">Inbox </a></FONT></h2>

<h3> About WebIBC </h3><p>

      WebIBC is a pure JavaScript/HTML based Web security system aiming at providing Web 2.0 applications with strong cryptography. With WebIBC a user can protect herself even against evil Web application service provider. WebIBC also provides a mechanism for Web application service providers that they can guarantee they will not do evil. Before using WebIBC the user should authenticate himself to a trusted third party to retrieve his private key used in the system. The key is generated by the trusted third party and is binded with user's identity. User will use this key to cipher a message. </p>

// out.println(n);

//out.println(p);

//session.setAttribute("username",n);

//session.setAttribute("passwr",p);

//session.setAttribute("ipaddr",add);

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st = con.createStatement();

//out.println(p);

String query="select * from user where username='"+n+"' and password= '"+p+"'";

ResultSet rs =st.executeQuery(query);

//String cn = rs.getString("country");

//String ct = rs.getString("city");

if(rs.next())

{

//out.println(uname);

//out.println(pass);

//if(uname.equals(n) && pass.equals(p))

{

java.util.Date d = new java.util.Date();

//long intime = d.getTime();

//int intime1 = d.getDate();

int intime2 = d.getHours();

int intime3 = d.getMinutes();

int intime4 = d.getSeconds();

String h = Integer.toString(intime2);

String m = Integer.toString(intime3);

String s = Integer.toString(intime4);

//int intime5 = d.getMonth();

//int intime6 = d.getYear();

String t = h+":"+m+":"+s;

//out.println(t+uname+pass);

}

else

{

response.sendRedirect("index.html");

}

catch(Exception ae)

{

out.println(ae);

ae.printStackTrace();

}

</p>

</div>

</div>

<h3><span><a href="#">About Me</a></span></h3>

</p>

</div>

<h3 ><span>Contacts</span></h3>

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st1 = con1.createStatement();

//out.println(p);

String query1="select mail from user ";

ResultSet rs1 =st1.executeQuery(query1);

while(rs1.next())

{

out.println(rs1.getString("mail"));

out.println("<br>");

}

catch(Exception ae)

{

out.println(ae);

ae.printStackTrace();

}

</div>

</div>

</div>

</div>

<p id="createdby">created by <a href="http://www.nuvio.cz">satesh | Spiro</a> </p>

</div>

</div>

</body>

</html>

<?xml version="1.0"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<head>

<title>CrystalX</title>

<!--

.style1 {font-family: Georgia, "Times New Roman", Times, serif}

-->

</style>

function validate()

{

if(document.getElementById("name").value=="")

{

alert("Enter Username");

return false

}

if(document.getElementById("pass").value=="")

{

alert("Enter password");

return false

}

return true

}

</script>

</head>

<br />

<font size="1">  For Clientside Security </font>

<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>

<hr />

</div>

</div>

<h3 class="noscreen">Navigation</h3>

<li><a href="index.html">Login<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="#">Register<span class="tab-l"></span><span class="tab-r"></span></a></li>

</ul>

</div>

<h2><span>Register</span></h2>

<p>

<tr >

<td><span class="style1"><font size="3">Username</font></span></td>

</tr>

<tr >

<td><span class="style1"><font size="3">Password</font></span></td>

</td>

</tr>

<tr >

</tr>

<tr >

<td><span class="style1"><font size="3">Gender</font></span></td>

<option value="FEMALE">FEMALE</option>

</select>

</td>

</tr>

<tr >

<td><span class="style1"><font size="3">Country</font></span></td>

<option value="Select Nationality">Select Country</option>

<option value='ABW'>ARUBA</option>

<option value='AFG'>AFGANISTAN</option>

<option value='AGO'>ANGOLA</option>

<option value='AND'>PRINCIPALITY OF ANDORRA</option>

<option value='ANT'>NETHERLANAD ANTILLES</option>

<option value='ARG'>ARGENTINA</option>

<option value='ARM'>ARMENIA</option>

<option value='ATG'>ANTIQUA AND BARBUDA</option>

<option value='AUS'>AUSTRALIA</option>

<option value='AUT'>AUSTRIA</option>

<option value='AZE'>AZERBEIJAN</option>

<option value='BEL'>BELGIUM</option>

<option value='BEN'>BENIN</option>

<option value='BFA'>BURKINOFASO</option>

<option value='BGR'>BULGARIA</option>

<option value='BHR'>BAHRAIN</option>

<option value='BLR'>BELARUS</option>

<option value='BLZ'>BELIZE</option>

<option value='BOL'>BOLIVIA</option>

<option value='BON'>BONAIRE</option>

<option value='BRA'>BRAZIL</option>

<option value='BRB'>BARBADOS</option>

<option value='BTN'>BHUTAN</option>

<option value='BWA'>BOTSWANA</option>

<option value='CAN'>CANADA</option>

<option value='CHL'>CHILE</option>

<option value='CHN'>CHINA</option>

<option value='COL'>COLOMBIA</option>

<option value='COM'>UNION OF COMOROS</option>

<option value='CPV'>CAPE VERDE </option>

<option value='CRC'>CURACAO</option>

<option value='CRI'>COSTA RICA </option>

<option value='CYP'>CYPRUS</option>

<option value='CYP'>REPUBLIC OF CYPRUS</option>

<option value='CYR'>CYRIA</option>

<option value='CZC'>CZECH</option>

<option value='DAK'>DAKAR</option>

<option value='DEU'>GERMANY</option>

<option value='DNK'>DENMARK</option>

<option value='DOM'>DOMINICAN REPUBLIC</option>

<option value='DZA'>ALGERIA</option>

<option value='ECU'>ECUADOR</option>

<option value='EGY'>EGYPT</option>

<option value='ERI'>ERITREA</option>

<option value='ESP'>SPAIN</option>

<option value='EST'>ESTONIA</option>

<option value='ETH'>ETHIOPIA</option>

<option value='FIN'>FINLAND</option>

<option value='FRA'>FRANCE</option>

<option value='GEO'>GEORGIA</option>

<option value='GHA'>GHANA</option>

<option value='GMB'>GAMBIA </option>

<option value='GNB'>GUINEA BISSAU</option>

<option value='GRC'>GREECE</option>

<option value='GRD'>GRENADA</option>

<option value='GTM'>GUATEMALA</option>

<option value='GUY'>GUYANA</option>

<option value='HKG'>HONG KONG SPL ADMN REGION</option>

<option value='HND'>HONDURAS </option>

<option value='HNG'>HUNGARY</option>

<option value='HRV'>CROATIA</option>

<option value='IDN'>INDONESIA</option>

<option value='IND'>INDIA</option>

<option value='IRL'>IRELAND</option>

<option value='ISR'>ISRAEL</option>

<option value='ITA'>ITALY</option>

<option value='JAM'>JAMAICA</option>

<option value='JOR'>JORDAN</option>

<option value='JPN'>JAPAN</option>

<option value='KAZ'>KAZAKSTAN</option>

<option value='KEN'>KENYA</option>

<option value='KGZ'>KYRGYSTAN</option>

<option value='KHM'>CAMBODIA</option>

<option value='KNA'>ST KITTS AND NEVIS</option>

<option value='KOR'>KOREA (NORTH)</option>

<option value='KWT'>KUWAIT</option>

<option value='LBN'>LEBANON</option>

<option value='LBR'>LIBERIA</option>

<option value='LBY'>LIBYA</option>

<option value='LCA'>SAINT LUCIA</option>

<option value='LKA'>SRI LANKA</option>

<option value='LSO'>KINGDOM OF LESOTHO</option>

<option value='LTU'>LITHUANIA</option>

<option value='LUX'>LUXEMBOURG</option>

<option value='LVA'>LATVIA </option>

<option value='MDG'>MADAGASCAR</option>

<option value='MDV'>MALDIVES</option>

<option value='MEX'>MEXICO</option>

<option value='MKD'>ARUBA</option>

<option value='MLT'>MALTA</option>

<option value='MMR'>MYANMAR</option>

<option value='MNG'>MONGOLIA</option>

<option value='MOR'>MOROCCO</option>

<option value='MOZ'>MOZAMBIQUE</option>

<option value='MRT'>MAURITANIA </option>

<option value='MUS'>MAURITIUS</option>

<option value='MWI'>MALAWI</option>

<option value='MYS'>MALAYSIA</option>

<option value='NAM'>NAMIBIA</option>

<option value='NAR'>NIGER</option>

<option value='NGA'>NIGERIA</option>

<option value='NIA'>IVORY COAST</option>

<option value='NIB'>DAR-US-SALAM</option>

<option value='NIG'>PALESTINE</option>

<option value='NLD'>NETHERLANDS</option>

<option value='NOR'>NORWAY</option>

<option value='NPL'>NEPAL</option>

<option value='NZL'>NEW ZEALAND</option>

<option value='PAN'>PANAMA</option>

<option value='PHL'>PHILLIPINES</option>

<option value='PNG'>PAPUA NEW GUINEA</option>

<option value='POL'>POLAND</option>

<option value='PRK'>KOREA (SOUTH)</option>

<option value='PRT'>PORTUGAL</option>

<option value='QAT'>QATAR</option>

<option value='REU'>REUNION ISLAND</option>

<option value='ROU'>ROMANIA</option>

<option value='RUS'>RUSSIA</option>

<option value='RWA'>RWANDA</option>

<option value='SAU'>SAUDI ARABIA</option>

<option value='SBN'>REPUBLIC OF SLOVANIA</option>

<option value='SDN'>SUDAN</option>

<option value='SGP'>SINGAPORE</option>

<option value='SNG'>SENEGAL</option>

<option value='SOM'>SOMALIA</option>

<option value='SUR'>SURINAM</option>

<option value='SVK'>SLOVAKIA</option>

<option value='SWE'>SWEDEN</option>

<option value='SWZ'>SWITZERLAND</option>

<option value='SYC'>SEYCHELES</option>

<option value='SYR'>SYRIA</option>

<option value='THA'>THAILAND</option>

<option value='TJK'>TAJIKISTAN</option>

<option value='TKM'>TURKMENISTAN</option>

<option value='TTO'>TRINIDAD & TOBAGO</option>

<option value='TUN'>TUNISIA</option>

<option value='TUR'>TURKEY</option>

<option value='TWN'>TAIWAN </option>

<option value='TZA'>TANZANIA</option>

<option value='UGA'>UGANDA</option>

<option value='UKR'>UKRAINE</option>

<option value='UZB'>UZBEKISTAN</option>

<option value='VAT'>HOLY SEE VATICAN</option>

<option value='VCT'>SAINT VINCENT AND GRENADINES</option>

<option value='VEN'>VENEZUELA</option>

<option value='VEN'>VENEZULA</option>

<option value='VNM'>VIETNAM</option>

<option value='YEM'>YEMEN</option>

<option value='YER'>YEREVAN</option>

<option value='YUG'>SERBIA AND MONTEGRO</option>

<option value='ZAF'>SOUTH AFRICA</option>

<option value='ZAR'>ZAIRE</option>

<option value='ZMB'>ZAMBIA</option>

<option value='ZWE'>ZIMBABWE</option>

</select>

</td>

</tr>

<tr >

</tr>

<tr >

</tr>

<tr >

<td><span class="style1"><font size="3">Mobile </font></span></td>

</tr>

</table>

</form>

</p>

</div>

</div>

<h3 ><span>WebIBC</span></h3>

<FONT SIZE="2" face="Georgia">" <i>WebIBC   may use your email address to personalize your experience on their website.</i>"</FONT> <br><br>

</ul>

</div>

</div>

</div>

</div>

<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>

</div>

</div>

</body>

</html>

READMAIL.jsp

<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<%@ page import="java.sql.* , java.util.*,java.io.File.*" %>

<title>Untitled Document</title>

</head>

<body>

<%! String sno,str2,str3,str1,str4,str5,str6,str7,str8; %>

str1=request.getParameter("uname");

str2=request.getParameter("pass");

str3=request.getParameter("name");

str4=request.getParameter("sex");

str5=request.getParameter("country");

str6=request.getParameter("city");

str7=request.getParameter("mail");

str8=request.getParameter("phone");

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con0 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st0 = con0.createStatement();

//out.println(p);

String query="select * from user where username='"+str1+"'";

ResultSet rs =st0.executeQuery(query);

//String vname = rs.getString(1);

if(rs.next()== true)

{

String str = "Username already exist ! ";

response.sendRedirect("register.jsp?str="+str+"");

}

else

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

Connection con=DriverManager.getConnection("jdbc:odbc:ibc");

Statement st=con.createStatement();

Statement st1=con.createStatement();

Statement st2=con.createStatement();

Statement st3=con.createStatement();

String app="INSERT INTO user(username,password,name,sex,country,city,mail,mobile) values( '"+str1+"','"+str2+"','"+str3+"','"+str4+"','"+str5+"','"+str6+"','"+str7+"','"+str8+"')";

String app1 = "INSERT INTO authen(username) values('"+str1+"')";

String app2 = "INSERT INTO mailserverdb(username) values('"+str1+"')";

String app3 = "INSERT INTO keyserverdb(username,mail) values('"+str1+"','"+str7+"')";

int i=st.executeUpdate(app);

int j=st1.executeUpdate(app1);

int k=st2.executeUpdate(app2);

int l=st3.executeUpdate(app3);

File f= new File("D:/IBC/mailserver/"+str3);

f.mkdir();

//out.println("User Registered Sucessfully");

con.close();

response.sendRedirect("sucess.jsp");

}

catch(Exception e)

{

out.println(e);

}%>

</body>

</html>

Compose.jsp

<?xml version="1.0"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<head>

<%@ page import="java.sql.*"%>

<title>CrystalX</title>

<!--

.style1 {font-family: Georgia, "Times New Roman", Times, serif}

-->

</style>

</head>

<br />

<font size="1">  For Clientside Security </font>

<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>

<hr />

</div>

</div>

boolean flag = false;

String n = request.getParameter("name");

String p = request.getParameter("pass");

String add = request.getRemoteAddr();

String from = null;

<h3 class="noscreen">Navigation</h3>

<li><a href="showmail.jsp?name=<%=n%>">Inbox<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="myacc.jsp?name=<%=n%>">About Me<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="compose.jsp?name=<%=n%>">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>

/ul>

</div>

<h2> Send a Cryptographic Message </h2>

</p>

</div>

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st1 = con1.createStatement();

//out.println(p);

String query1="select * from user where username='"+n+"' ";

ResultSet rs1 =st1.executeQuery(query1);

while(rs1.next())

{

from = rs1.getString("mail");

}

out.println("<table cellpadding=20 ><tr><td>From : </td><td><font size=5 face=times new roman>"+from+"</font></td></tr>");

}

catch(Exception ae)

{

out.println(ae);

ae.printStackTrace();

}

<tr><td>Subject :</td><td><input type = "text" name="subject" size ="40"/></td></tr>

</table>

</FORM>

</div>

<h3><span><a href="#">About Me</a></span></h3>

</p>

</div>

<h3 ><span>Contacts</span></h3>

</div>

</div>

</div>

</div>

<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>

</div>

</div>

</body>

</html>

Sendmail.jsp

<?xml version="1.0"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<head>

<%@ page import="java.sql.*,java.io.*"%>

<title>CrystalX</title>

<!--

.style1 {font-family: Georgia, "Times New Roman", Times, serif}

-->

</style>

</head>

<br />

<font size="1">  For Clientside Security </font>

<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>

<hr />

</div>

</div>

<h3 class="noscreen">Navigation</h3>

<li><a href="#">About Me<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="compose.jsp">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>

<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>

</ul>

</div>

boolean flag = false;

String n = request.getParameter("name");

String p = request.getParameter("pass");

String add = request.getRemoteAddr();

String name=null,sub=null,msgdate=null,msgtime=null,message=null,mailaddr=null;

java.util.Date d = new java.util.Date();

int intime5 = d.getDate();

int intime6 = d.getMonth();

int intime7 = d.getYear();

String dt = Integer.toString(intime5);

String mon = Integer.toString(intime6+1);

String year = Integer.toString(intime7+1900);

//int intime5 = d.getMonth();

//int intime6 = d.getYear();

String cdate = dt+"-"+mon+"-"+year;

//get date

int intime2 = d.getHours();

int intime3 = d.getMinutes();

int intime4 = d.getSeconds();

String h = Integer.toString(intime2);

String m = Integer.toString(intime3);

String s = Integer.toString(intime4);

//int intime5 = d.getMonth();

//int intime6 = d.getYear();

String t = h+":"+m+":"+s;

<h2> Welcome <%=n%> </h2>

</p>

out.println("<table cellpadding=20 ><tr><td width =100><h4>From</h4></td><td width=200><h4>Subject</h4></td><td><h4>Date</h4></td><td><h4>Time</h4></td></h2></tr>");

out.println("<tr><td colspan=4>-------------------------------------------------------------------------------------------</td></tr>");

out.println("<tr><td>Admin</td><td>Welcome to IBC</td><td>"+cdate+"</td><td>"+t+"</td></h2></tr>");

out.println("<tr><td colspan=4>-------------------------------------------------------------------------------------------</td></tr>");

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st1 = con1.createStatement();

//out.println(p);

String query1="select mail from user where username='"+n+"' ";

ResultSet rs1 =st1.executeQuery(query1);

while(rs1.next())

{

mailaddr=rs1.getString("mail");

}

//out.println(mailaddr);

}

catch(Exception ae)

{

out.println(ae+"1");

ae.printStackTrace();

}

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con2 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st2 = con2.createStatement();

//out.println(p);

String query2="select * from mailserverdb where toaddr='"+mailaddr+"' ";

ResultSet rs2= st2.executeQuery(query2);

while(rs2.next())

{

name=rs2.getString("username");

//out.println(from);

sub=rs2.getString("subject");

//out.println(sub);

message=rs2.getString("message");

//out.println(message);

msgdate=rs2.getString("msgdate");

//out.println(msgdate);

msgtime=rs2.getString("msgtime");

out.println("<tr><td>"+name+"</td><td>"+sub+"</td><td>"+msgdate+"</td><td>"+msgtime+"</td></tr>");

out.println("<tr><td colspan=4>----------------------------------------------------</td></tr>");

}

catch(Exception a)

{

out.println(a+"2");

a.printStackTrace();

}

</table>

</FORM>

</div>

</div>

<h3><span><a href="#">About Me</a></span></h3>

</p>

</div>

<h3 ><span>Contacts</span></h3>

<%/*

try

{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

//out.println("1");

Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");

//out.println(n);

Statement st1 = con1.createStatement();

//out.println(p);

String query1="select mail from user ";

ResultSet rs1 =st1.executeQuery(query1);

while(rs1.next())

{

out.println(rs1.getString("mail"));

out.println("<br>");

}

catch(Exception ae)

{

out.println(ae);

ae.printStackTrace();

}

*/%>

</div>

</div>

</div>

</div>

<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>

</div>

</div>

</body>

</html>

CHAPTER-12

FUTURE WORK

In this project, Encryption is done using text .In future data will be encrypted using image or picture.

CHAPTER-13

CONCLUSION

We finally conclude An Identity Base Encryption (IBE) scheme is a public-key cryptosystem where any string is a valid public key. In particular, email addresses and dates can be public keys. For many situations in distributed network environments, Identity Base cryptography is a must during communications.

BIBLIOGRAPHY

Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, Xianghao Nan- “WebIBC: Identity Based Cryptography for Client Side Security in Web Applications”, IEEE, 2008

Yongjun Ren,Jiandong Wang, Youdong Zhang,Liming Fang – “Identity-Based Key Issuing Protocol for Ad Hoc Networks”, 2007 IEEE International Conference on Computational Intelligence and Security

Search This Blog

LM World

Speeding up Secure Web Transactions using Identity Based Cryptography - INTRODUCTION AND SOURCE CODE

3.2 Proposed System:

8.2 Integration Testing

BIBLIOGRAPHY

Comments

Post a Comment

Popular posts from this blog

Chemical test for Tragacanth

MINOR DISORDERS OF NEW BORN AND ITS MANAGEMENT - NURSING ASSIGNMENT

KANGAROO CARE - NURSING ASSIGNMENT