Speeding up Secure Web Transactions using Identity Based Cryptography
CHAPTER-1
Introduction
Secure communication is an intrinsic requirement of today’s world of on-line transactions. Whether exchanging financial, business or personal information, people want to know with whom they are communicating (authentication) and they wish to ensure that the information is neither modified (data integrity) nor disclosed (confidentiality) in transit. The growing popularity of web applications in the last few years has led users to give the management of their data to online application providers, which will endanger the security and privacy of the users.
In this project, we present WebIBC, which integrates public key cryptography into web applications without any browser plugins. The implementation and performance evaluation demonstrate that WebIBC is secure and efficient both in theory and practice.
Web Application (here web-email) enhanced with web Identity Based Cryptography have the following features:
· When sending email using IBC there is no need for an online lookup to obtain the recipient’s certificate.
· Senders can send email that can only read at some specified time in the future, since public key contains expiration date.
Public key certificates contain a preset expiration date. In an IBE system key expiration can be done by having user1 e-mail sent user2 using the public key:
In doing so user2 can use his private key during the current year only. Once a year user2 needs to obtain a new private key from the PKG. also provide services such as Google Apps for enterprise users to take the place of their own email serves and applications. The misuse of provider’s privilege will bring huge losses for their customers.
ORGANIZATION PROFILE
Over the decade, Stupors,
a Subsidiary of Spiro Technologies & consultant Pvt. Ltd provides a
wide range of R & D project development training. Our uniqueness lies in
the exclusive R & D project development. Accordingly, we created a
setting that is enabling, dynamic and inspiring for the increase of solutions to
global problems by R & D project development. Developing appropriate,
responsible, innovative and practical solutions to students, by assisting in R
& D project development. All our research is stranded in the need to
provide an industry based training for students.
SYSTEM ANALYSIS
3.1 Existing System:
- In existing system, security is achieved through certificate management and certificate authority by using traditional Public Key Cryptography.
- The public key authentication will increase the communication cost and storage capacity.
3.2
Proposed System:
- Enhancing web application with web Identity Based Cryptography and Private Key Generator (Trusted Authority)
- Every user needs to authenticate him to authority by providing some credentials he has owned the identity, and the authority will extract the private key from the master secret according to user’s identity.
- The public and private key pair is generated using Elliptic Curve Cryptography (ECC)
- It should be noticed that all the cryptography operations are all done within the browser, and the server can only receive the cipher text. The security and privacy of end users can be protected from attacks both on network and server side. From another point of view, server is also free from the burden of cryptography operations which means WebIBC is a good model for distributed computation based on web browsers.
Hardware:
|
PROCESSOR |
: |
PENTIUM IV 2.6 GHz |
|
RAM |
: |
512 MB DD RAM |
|
MONITOR |
: |
15” COLOR |
|
HARD DISK |
: |
20 GB |
|
CDDRIVE |
: |
LG 52X |
|
KEYBOARD |
: |
STANDARD 102 KEYS |
|
MOUSE |
: |
3 BUTTONS |
Software:
|
FRONT END |
: |
J2ee (JSP) |
|
TOOL USED |
: |
Dreamweaver |
|
OPERATING
SYSTEM |
: |
Window’s Xp |
|
BACK END |
: |
Sql Server 2000 |
A system architecture or systems architecture is the
conceptual design that defines the structure and/or behavior of a system.
An architecture
description is a formal description of a system, organized in a way that
supports reasoning about the structural properties of the system. It defines
the system components or building blocks and provides a plan from which
products can be procured, and systems developed, that will work together to
implement the overall system. This may enable one to manage investment in a way
that meets business needs.
CHAPTER-4
TEST PLAN
A test plan is a systematic approach to testing a system such as a machine
or software.
The plan typically contains a detailed understanding of what the eventual workflow
will be.
A test plan documents the
strategy that will be used to verify and ensure that a hardware product or
system meets its design specifications and other requirements. A test plan is
usually prepared by or with significant input from Test
Engineers.
Depending on the product and
the responsibility of the organization to which the test plan applies, a test
plan may include one or more of the following:
- Design
Verification or Compliance test - to be performed during the development or approval stages of the
product, typically on a small sample of units.
- Manufacturing or
Production test - to be
performed during preparation or assembly of the product in an ongoing
manner for purposes of performance verification and quality control.
- Acceptance or
Commissioning test - to
be performed at the time of delivery or installation of the product.
- Service and Repair
test - to be performed
as required over the service life of the product.
A complex system may have a high level test plan to
address the overall requirements and supporting test plans to address the
design details of subsystems and components.
Test plan document formats can be as varied as the
products and organizations to which they apply, but there are three major
elements of a test strategy that should be described in the test plan: Test
Coverage, Test Methods, and Test Responsibilities.
Test coverage in the test plan states what requirements
will be verified during what stages of the product life. Test Coverage is
derived from design specifications and other requirements, such as safety
standards or regulatory codes, where each requirement or specification of the
design ideally will have one or more corresponding means of verification. Test coverage
for different product life stages may overlap, but will not necessarily be
exactly the same for all stages. For example, some requirements may be verified
during Design Verification test, but not repeated during Acceptance test. Test
coverage also feeds back into the design process, since the product may have to
be designed to allow test access
Test methods in the test plan state how test coverage
will be implemented. Test methods may be determined by standards, regulatory
agencies, or contractual agreement, or may have to be created new. Test methods
also specify test equipment to be used in the performance of the tests and
establish pass/fail criteria. Test methods used to verify hardware design
requirements can range from very simple steps, such as visual inspection, to
elaborate test procedures that are documented separately as Test Cases under
various Test Scenarios.
Test responsibilities include what organizations will
perform the test methods and at each stage of the product life. This allows
test organizations to plan, acquire or develop test equipment and other
resources necessary to implement the test methods for which they are
responsible. Test responsibilities also includes, what data will be collected,
and how that data will be stored and reported (often referred to as
"deliverables"). One outcome of a successful test plan should be a
record or report of the verification of all design specifications and
requirements as agreed upon by all parties.
4.1 Test Coverage of Code:
Code coverage is a measure used in software testing. It describes the degree to which the source code of a program has been tested. It is a form of testing that inspects the code directly and is therefore a form of white box testing. Currently, the use of code coverage is extended to the field of digital hardware, the contemporary design methodology of which relies on Hardware description languages (HDLs).
Code coverage techniques were amongst the first techniques invented for systematic software testing. The first published reference was by Miller and Maloney in Communications of the ACM in 1963.
To measure how well the program is exercised by a test suite, one or more coverage criteria are used. There are a number of coverage criteria, the main ones being:
- Function coverage - Has each function in the program been executed?
- Statement coverage - Has each line of the source code been executed?
- Decision coverage (also known as Branch coverage) - Has each control structure (such as an if statement) evaluated both to true and false?
- Condition coverage - Has each Boolean sub-expression evaluated both to true and false (this does not necessarily imply decision coverage)?
- Path coverage - Has every possible route through a given part of the code been executed?
- Entry/exit coverage - Has every possible call and return of the function been executed?
Safety-critical applications are often required to demonstrate that testing achieves 100% of some form of code coverage. Some of the coverage criteria above are connected. For instance, path coverage implies decision, statement and entry/exit coverage. Decision coverage implies statement coverage, because every statement is part of a branch.
Full path coverage, of the type described above, is usually impractical or impossible. Any module with a succession of n decisions in it can have up to 2n paths within it; loop constructs can result in an infinite number of paths. Many paths may also be infeasible, in that there is no input to the program under test that can cause that particular path to be executed. However, a general-purpose algorithm for identifying infeasible paths has been proven to be impossible [citation needed] (such an algorithm could be used to solve the halting problem). Techniques for practical path coverage testing instead attempt to identify classes of code paths that differ only in the number of loop executions, and to achieve "basis path" coverage the tester must cover all the path classes.
The target software is built with special options or libraries and/or run under a special environment such that every function that is exercised (executed) in the program(s) is mapped back to the function points in the source code. This process allows developers and quality assurance personnel to look for parts of a system that are rarely or never accessed under normal conditions (error handling and the like) and helps reassure test engineers that the most important conditions (function points) have been tested. The resulting output is then analyzed to see what areas of code have not been exercised and the tests are updated to include these areas as necessary. Combined with other code coverage methods, the aim is to develop a rigorous, yet manageable, set of regression tests.
Test engineers can look at code coverage test results to help them devise test cases and input or configuration sets that will increase the code coverage over vital functions. Two common forms of code coverage used by testers are statement (or line) coverage and path (or edge) coverage. Line coverage reports on the execution footprint of testing in terms of which lines of code were executed to complete the test. Edge coverage reports which branches or code decision points were executed to complete the test. They both report a coverage metric, measured as a percentage. The meaning of this depends on what form(s) of code coverage have been used, as 67% path coverage is more comprehensive than 67% statement coverage.
Generally, code coverage tools and libraries exact a performance and/or memory or other resource cost which is unacceptable to normal operations of the software. Thus, they are only used in the lab. As one might expect, there are classes of software that cannot be feasibly subjected to these coverage tests, though a degree of coverage mapping can be approximated through analysis rather than direct testing.
There are also some sorts of defects which are affected by such tools. In particular, some race conditions or similar real time sensitive operations can be masked when run under code coverage environments; and conversely, some of these defects may become easier to find as a result of the additional overhead of the testing code.
Code coverage may be regarded as a more up-to-date incarnation of debugging in that the automated tools used to achieve statement and path coverage are often referred to as “debugging utilities”. These tools allow the program code under test to be observed on screen whilst the program is executing; additionally, commands and keyboard function keys are available to allow the code to be “stepped” through literally line by line. Alternatively, it is possible to define pinpointed lines of code as “breakpoints” which will allow a large section of the code to be executed, then stopping at that point and displaying that part of the program on screen. Judging where to put breakpoints is based on a reasonable understanding of the program indicating that a particular defect is thought to exist around that point. The data values held in program variables can also be examined and, in some instances, altered (with care) to try out “what if” scenarios. Clearly, use of a debugging tool is more the domain of the software engineer at a unit test level and it is more likely that the software tester will ask the software engineer to perform this [citation needed]. However, it is useful for the tester to understand the concept of a debugging tool.
4.2 Test Management:
Test management is the
activity of managing some tests. A test management tool is a Software
used by Quality Assurance team to manage the tests
(automatic or not) that have been previously specified. It is often associated
with an Automation
software. Test Management Tools often include Requirements
and/or Specifications management modules that allow to
automatically generate the RTM (Requirement Test Matrix) which is one of the
main metric to know the functional coverage of the SUT (System Under
Test). This consists in checking how many requirements and/or
specifications are covered by the available tests (do not mix with code coverage which is a totally
different concept).
Test definition includes:
test plan,
association with product Requirements and Specifications.
Eventually, some relationship can be set between tests so that precedences can
be established. i.e. if test A is parent of test B and if test A is failing,
then it may be useless to perform test B. Tests should also be associated with
priorities. Every change on a test must be versioned so that the QA team has a
comprehensive view of the history of the test.
4.3 Testing
Tools:
1.
Testing is a process of executing
a program with the intent of finding an error.
2.
A good test case is one that has a
high probability of finding an as yet undiscovered error.
3.
A successful test is one that
uncovers an as yet undiscovered error.
Testing should
systematically uncover different classes of errors in a minimum amount of time
and with a minimum amount of effort. A secondary benefit of testing is that it
demonstrates that the software appears to be working as stated in the
specifications. The data collected through testing can also provide an
indication of the software's reliability and quality. But, testing cannot show
the absence of defect -- it can only show that software defects are present.
Database testing
·
Use
Integration testing
·
MbUnit,
NUnit, XUnit Rollback attributes
·
Transaction
Scope
Web Testing
·
Ivonna
and Typemock
·
Team
System Web Test
·
NUnitASP
·
Watin
·
Watir
·
Selenium
UI Testing
·
NunitForms
·
Project
White
·
Team
System UI Tests
·
Typemock
Isolator
·
Threading
Related Testing
·
Microsoft
Chess
·
Typemock
Racer
·
Osherove.ThreadTester
·
General
Testing
·
Pex
Acceptance Testing
·
Fit
& Fitnesse
·
Watin
and Watir and selenium
CHAPTER-5
ELLIPTIC CURVE CRYPTOGRAPHY
Elliptic Curve Cryptography (ECC) is emerging as an attractive
alternative to traditional public-key cryptosystems (RSA, DSA, DH). ECC offers
equivalent security with smaller key sizes resulting in faster computations,
lower power consumption, as well as memory and bandwidth savings. While these
characteristics make ECC especially appealing for mobile devices, they can also
alleviate the computational burden on secure web servers. This article studies
the performance impact of using ECC with SSL, the dominant Internet security
protocol. We created an ECC-enhanced version of OpenSSL and used it to
benchmark the Apache web server. Our results show that, under realistic
workloads, an Apache web server can handle 13%–31% more HTTPS requests per
second when using ECC-160 rather than RSA-1024 reflecting short-term security
levels. At security levels necessary to protect data beyond 2010, the use of
ECC-224 over RSA-2048 improves server performance by 120%–279%.
5.1 Introduction:
Secure communication is an intrinsic requirement of today’s world of on-line transactions. Whether exchanging financial, business or personal information, people want to know with whom they are communicating (authentication) and they wish to ensure that the information is neither modified (data integrity) nor disclosed (confidentiality) in transit.
The Secure Sockets Layer (SSL) protocol is the most popular choice for achieving these goals. The SSL protocol is application independent – conceptually, any application that runs over TCP can also run over SSL. This is an important reason why its deployment has outpaced that of other security protocols such as SSH, S/MIME and SET. There are many examples of application protocols like TELNET, FTP, IMAP and LDAP running transparently over SSL.
However, the most common usage of SSL is for securing HTTP the main protocol of the World Wide Web.2 Between its conception at Netscape in the mid-1990s, through its standardization within the IETF (Internet Engineering Task Force) in the late-1990s, the protocol and its implementations have been scrutinized by some of the world’s foremost security experts Today, SSL is trusted to secure transactions for sensitive applications ranging from web banking, to stock trading, to e-commerce.
Unfortunately, the use of SSL imposes a significant performance penalty on web servers. Coarfa et al. have reported secure web servers running 3.4 to 9 times slower compared to regular web servers on the same hardware platform. Slow response time is a major cause of frustration for on-line shoppers and often leads them to abandon their electronic shopping carts during check out. According to one estimate, the potential revenue loss from e-commerce transactions aborted due toWeb performance issues exceeds several billion dollars annually In its most common usage, SSL utilizes RSA encryption to transmit a randomly chosen secret that is used to derive keys for data encryption and authentication. The RSA decryption operation is the most compute intensive part of an SSL transaction for a secure web server. Several vendors such as Broadcom, nCipher, Rainbow and Sun now offer specialized hardware to offload RSA computations and improve server performance.
software descriptions
The J2EE platform uses a multitiered distributed
application model. Application logic is divided into components according to
function, and the various application components that make up a J2EE
application are installed on different machines depending on the tier in the
multitiered J2EE environment to which the application component belongs. Figure
7-1 shows two multitiered J2EE applications divided into the tiers described in
the following list. The J2EE application parts shown in Figure 7-1 are presented
in J2EE Components.
- Client-tier components run on the client machine.
- Web-tier components run on the J2EE server.
- Business-tier components run on the J2EE server.
Although a J2EE application can consist of the three or four tiers shown in Figure 7-1, J2EE multitiered applications are generally considered to be three-tiered applications because they are distributed over three different locations: client machines, the J2EE server machine, and the database or legacy machines at the back end. Three-tiered applications that run in this way extend the standard two-tiered client and server model by placing a multithreaded application server between the client application and back-end storage.
J2EE Components:
J2EE applications are made up of components. A J2EE component is a self-contained functional software unit that is assembled into a J2EE application with its related classes and files and that communicates with other components. The J2EE specification defines the following J2EE components:
- Application clients and applets are components that run on the client.
- Java Servlet and Java Server Pages
(JSP) technology components are Web
components that run on the server. - Enterprise JavaBeans (EJB) components (enterprise beans) are
business components that run on the server.
J2EE components are written in the Java programming language and are compiled in the same way as any program in the language. The difference between J2EE components and "standard" Java classes is that J2EE components are assembled into a J2EE application, verified to be well formed and in compliance with the J2EE specification, and deployed to production, where they are run and managed by the J2EE server.
J2EE Clients
A J2EE client can be a Web client or an application client.
Web Clients
A Web client consists of two parts: dynamic Web pages containing various types of markup language (HTML, XML, and so on), which are generated by Web components running in the Web tier, and a Web browser, which renders the pages received from the server.
A Web client is sometimes called a thin client. Thin clients usually do not do things like query databases, execute complex business rules, or connect to legacy applications. When you use a thin client, heavyweight operations like these are off-loaded to enterprise beans executing on the J2EE server where they can leverage the security, speed, services, and reliability of J2EE server-side technologies.
Applets
A Web page received from the Web tier can include an embedded applet. An
applet is a small client application written in the Java programming language
that executes in the Java virtual machine installed in the Web browser.
However, client systems will likely need the Java Plug-in and possibly a
security policy file in order for the applet to successfully execute in the Web
browser.
Web components are the preferred API for creating a Web client program because no plug-ins or security policy files are needed on the client systems. Also, Web components enable cleaner and more modular application design because they provide a way to separate applications programming from Web page design. Personnel involved in Web page design thus do not need to understand Java programming language syntax to do their jobs.
Application Clients
A J2EE application client runs on a client machine and provides a way for users to handle tasks that require a richer user interface than can be provided by a markup language. It typically has a graphical user interface (GUI) created from Swing or Abstract Window Toolkit (AWT) APIs, but a command-line interface is certainly possible.
Application clients directly access enterprise beans running in the business tier. However, if application requirements warrant it, a J2EE application client can open an HTTP connection to establish communication with a servlet running in the Web tier.
JavaBeans Component Architecture
The server and client tiers might also include components based on the JavaBeans component architecture (JavaBeans component) to manage the data flow between an application client or applet and components running on the J2EE server or between server components and a database. JavaBeans components are not considered J2EE components by the J2EE specification.
JavaBeans
components have instance variables and get
and set methods for
accessing the data in the instance variables. JavaBeans components used in this
way are typically simple in design and implementation, but should conform to
the naming and design conventions outlined in the JavaBeans component
architecture.
J2EE Server Communications
Figure 7-2 shows the various elements that can make up the client tier. The client communicates with the business tier running on the J2EE server either directly or, as in the case of a client running in a browser, by going through JSP pages or servlets running in the Web tier.
Your J2EE application uses a thin browser-based client or thick application client. In deciding which one to use, you should be aware of the trade-offs between keeping functionality on the client and close to the user (thick client) and off-loading as much functionality as possible to the server (thin client). The more functionality you off-load to the server, the easier it is to distribute, deploy, and manage the application; however, keeping more functionality on the client can make for a better perceived user experience.
Web Components
J2EE Web components can be either servlets or JSP pages. Servlets are Java programming language classes that dynamically process requests and construct responses. JSP pages are text-based documents that execute as servlets but allow a more natural approach to creating static content.
Static HTML pages and applets are bundled with Web components during application assembly, but are not considered Web components by the J2EE specification. Server-side utility classes can also be bundled with Web components and, like HTML pages, are not considered Web components.
Like the client tier and as shown in Figure 7-3, the Web tier might include a JavaBeans component to manage the user input and send that input to enterprise beans running in the business tier for processing.
Business Components
Business code, which is logic that solves or meets the needs of a particular business domain such as banking, retail, or finance, is handled by enterprise beans running in the business tier.
Figure 7-4 shows how an enterprise bean receives data from client programs, processes it (if necessary), and sends it to the enterprise information system tier for storage. An enterprise bean also retrieves data from storage, processes it (if necessary), and sends it back to the client program.
There are three kinds of enterprise beans: session beans, entity beans, and message-driven beans. A session bean represents a transient conversation with a client. When the client finishes executing, the session bean and its data are gone. In contrast, an entity bean represents persistent data stored in one row of a database table. If the client terminates or if the server shuts down, the underlying services ensure that the entity bean data is saved.
A message-driven bean combines features of a session bean and a Java Message Service ("JMS") message listener, allowing a business component to receive JMS messages asynchronously. This tutorial describes entity beans and session beans.
7.2 Introduction to JSP:
The goal of the java server page specification is to simplify the
creation and management of dynamic web page by separating content and
presentation jsp as basically files that
combine html and new scripting tags. the jsp there look somewhat like HTML but
they get translated into java servlet the first time are invoked by a client.
The resulting servlet is a combination of the html from the jsp file and
embedded dynamic content specified by the new tag.
For our example in this c:/projavaserver/chapter11/jsp example hold our
web application save the above in the file called simple jsp. Jsp and place it
in the root of the web application (in the words save it as)
C:/localhost/project
folder name/sourcename.jsp
You should
output similar to the following.
In other words the first time jsp is
loaded by the jsp container (also called the jsp ehgine) The servlet code
necessary to fulfill the jsp tages is automatically generated compiled and
loaded into the servlet container. From then on as long as the jsp source for
the page is not modified this compiled servlet process any browser request for
the jsp page. If you modify the mouse source code for the jsp it is
automatically recompiled and relocated the next time that page is request
The http protocol
In distributed application development, the application level or wire
level communication protocol determines the nature of client and servers. This
is true in the case of web based application as well. The complexity of feature
possible in your web browser and on the web server(say the on line store you
frequent) depends on the underlying
protocol that is the HYPER TEXT TRANSFER PROTOCOL(HTTP).
Http Request Methods
As an application level protocol, HTTP defines types of request that
clients can send to server .The protocol also specifies how the request and
responses be structured. HTTP specifies three type of request method GET,POST
and HEAD has addition request meet most of the common application development
needs.
The Get Request Method
Of all types of request the GET request the simplest and most frequently
used Method for accessing static resource such as HTML document image etc. Get
Request can also be used to retrieve dynamic information, by using additional
query parameter in the request URL. For instance, you can send a parameter
name= joe appended to a URL as http://www.domain.com?name=joe. The web server
can use this parameter name=joe, to send content to “joe”.
The Post Request Method
The post method is commonly used for accessing dynamic resource.
Typically, POST request are meant to transmit information that is request dependent,
and are used when you need to send large amount of complex information to the
server. The POST request allows the encapsulation of multipart message into the
request body. For example you can use POST request to upload text or binary
files. Similarly, you can use POST you
can use POST request in your applets to send serializable java objects, or even
to the web server. POST request
therefore offer a wider choice in terms of the request.
Http response
In responses to a HTTP request, the server responds with the status of
the responses, all these are part of the response header. Except for the case
of the HEAD request, the server also sends the body content that corresponds to
the resource specified in the request. In the http://java.sun.com/index.html URL, your
Browser receives the method of the index file as part of the message and
renders, the body is typical interested.
Features
of Http
·
HTTP is very
simple and lightweight protocol.
·
In the
protocol the client always initiate request the server can never make a
callback connection to the client.
·
The HTTP
requires the client to establish connection prior to each request and the
server to close the connection after sending the response this guarantees that
the client cannot hold on to a connection even after receiving the request. Also
note that either the client or the server can premature terminate a connection.
7.3 Scriptlets:
A scriptlets is a block of java code that is executed during the request
processing time and is enclosed between <% and %> tags. What the
scriptlets actually does depends on the code itself and can include producing
output for the client. Multiple script are combination in the generation
servlet class in the order they appear in the JSP. Scriptlets like any other
java code block or method can modify
object inside then as a result of method invocation.
JSP provider certain implicit object based on the servlet API. These
objects are accessed using standard variable and are automatically available
for use in your JSP without writing any extra code. The impact objects
available in a JSP page are.
- Request
- Response
- Page context
- Session
- Application
- Out
- Configure
- Page
Request Object:
The request object represent the request that the server invocation. It
is the http servlet request that provided access to the incoming HTTP header
request type and request parameter, among other thing. Strictly speaking the
Object itself will be a protocol and implement specific subclass of javax.
servlet servlet request but few
container currently support on HTTP servlet. It has request scope.
The Response Object:
The response object is the http servlet response instance that response
instance that the server to the request. It is legal to set HTTP status code
and header in the JSP page once output has been sent to the client since the
output stream is buffered. Again the object itself javax. Servlet. Servlet
response. It has page scope.
The Session Object:
The object represent the sessions create for the request client. Session
are created automatically and this variable is available even is no incoming
session have used a session = false attribute in the page directive in which
case this variable javax. Servlet http.
http session and has session scope.
The Application Object:
The application object represents the servlet context obtained from the
servlet configuration object. It is of type javax. Servlet context and has
application scope.
The Out Object:
The out object is the that write into the output stream to the client .
To make the represent usefull this is a
buffered version of the java . io . print writer class of type the buffer size
can be adjusted via the buffer attribute of the page directive.
The Configure Object:
The config object is the servlet config
for this JSP and has page scope. It is of type javax. Servlet servlet
config.
Tomcat Server:
Tomcat is a web server which can be used to
execute the j2EE components. Tomcat provides many new and changed features,
including the following:
Dynamic
reloading and compilation -
You can configure Tomcat to dynamically recompile and reload servlets, servlet
helper classes, and JavaServer Page (JSP) helper classes when a servlet or JSP
is called. When the compile and reload features are enabled, Tomcat dynamically
recompiles and reloads a servlet when it is called. Tomcat also dynamically
recompiles and reloads classes in the WEB-INF/classes directory and tag library
classes when they are called by a servlet or JSP. This feature is disabled by default.
For more information, see Tomcat Assembly and Deployment Guide.
Dynamic creation of
database tables for entity beans - When you deploy an entity bean and its
required database tables do not yet exist, Tomcat generates tables for you if
you configured the appropriate settings in the Tomcat deployment descriptor.
For more information, see Tomcat Programmer’s Guide.
JRun Management
Console (JMC) - The redesigned, JMX-enabled JMC provides an easy-to-use,
intuitive graphical user interface for managing your local and remote JRun
servers.
Web server configuration tool - JRun provides
7.4 JAVA Database
Connectivity (JDBC)
JDBC AND ODBC IN JAVA:
Most popular and widely accepted database
connectivity called Open Database Connectivity (ODBC) is used to access the
relational databases. It offers the ability to connect to almost all the
databases on almost all platforms. Java applications can also use this ODBC to
communicate with a database. Then we need JDBC why?
There are several reasons:
·
ODBC API was completely written
in C language and it makes an extensive use of pointers. Calls from Java to
native C code have a number of drawbacks in the security, implementation,
robustness and automatic portability of applications.
·
ODBC is hard to learn. It mixes
simple and advanced features together, and it has complex options even for
simple queries.
·
ODBC drivers must be installed on
client’s machine.
Architecture of JDBC:
Application Layer: Java program wants to get a connection to a database. It needs the
information from the database to display on the screen or to modify the
existing data or to insert the data into the table.
Driver Manager: The layer is the backbone of the
JDBC architecture. When it receives a connection-request form.
The JDBC
Application Layer: It tries to find the appropriate
driver by iterating through all the available drivers, which are currently
registered with Device Manager. After finding out the right driver it connects
the application to appropriate database.
JDBC
Driver layers: This layer accepts the SQL calls from the
application and converts them into native calls to the database and vice-versa.
A JDBC Driver i responsible for ensuring that an application has consistent and
uniform m access to any database.
When a request received by the application,
the JDBC driver passes the request to the ODBC driver, the ODBC driver
communicates with the database and sends the request and gets the results. The
results will be passed to the JDBC driver and in turn to the application. So,
the JDBC driver has no knowledge about the actual database, it knows how to
pass the application request o the ODBC and get the results from the ODBC.
The JDBC and ODBC
interact with each other, how? The reason is both the JDBC API and ODBC are
built on an interface called “Call Level Interface” (CLI). Because of this
reason the JDBC driver translates the request to an ODBC call. The ODBC then
converts the request again and presents it to the database. The results of the
request are then fed back through the same channel in reverse.
7.5 Structured Query
Language (SQL)
SQL (Pronounced Sequel) is the programming language that defines and
manipulates the database. SQL databases are relational databases; this means
simply the data is store in a set of simple relations. A database can have one
or more table. You can define and manipulate data in a table with SQL commands.
You use the data definition language (DDL) commands to creating and altering
databases and tables.
You can update, delete
or retrieve data in a table with data manipulation commands (DML). DML commands
include commands to alter and fetch data.
The most common SQL
commands include commands is the SELECT command, which allows you to retrieve
data from the database. In addition to SQL commands, the oracle server has a
procedural language called PL/SQL. PL/SQL enables the programmer to program SQL
statement. It allows you to control the flow of a SQL program, to use
variables, and to write error-handling procedures.
CHAPTER-8
SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product it is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.
8.1 Unit Testing
Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program input produces valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.
8.2
Integration Testing
Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components aimed at exposing the problems that arise from the combination of components.
8.3 Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements.
CHAPTER-9
IMPLEMENTATION
9.1 Implementation
Implementation is the stage of the project where the theoretical design is turned in to a working system. At this stage the main work load, the greatest upheaval and the major impact on the existing system shifts to the user department if the implementation is not carefully planned and controlled I can cause chaos and confusion.
Implementation includes all those activities that takes place to convert from the older system to new one. The new system may be totally new, replacing an existing manual or automated system or it may be a major modification to an existing system. Proper implementation requirements. Successful implementation may not guarantee improvement in the organization using the new system, but improper installation will prevent it.
The process of putting the developed system in actual is called system implementation. This includes all those activities that takes place to convert from the older system to the new system; the system can be implemented only after through resting is done and if it is found to be working according to the specification.
The implementation stage involve following
task
1. Careful planning
2. Investigation of system and constraints.
3. Design of methods to achieve the change over phase.
4. Evaluation of change over method.
Implementation Procedures
Implementation of software refers to the final installation of the packeges in its real environment, to the satisfaction of the intended users and the operation of the system.
In many organization some on who will not be sure be operating it, will commission the software development project. The people who are not sure that the software is meant to make their job easier. In the initial stage, they doubt about the software but we have to ensure that the resistance does not build up as one has to make that
1. The active user be aware of the benefits of using the system.
2. Their confidence in the software is built up.
Proper guidance is imparted to the user so that he is comfortable using the application.
9.2 IBC Modules:
Ø Authentication module
Ø Encryption Module
Ø KEY Server
Ø Decryption Module
Modules Descriptions:
Module1: Authentication module
This module will perform the authentication process. Every user must register to the E-Mail server as well as Key-Server. The E-Mail server will issue the Login Details and the key-Server will generate the public and private key for each and every user. Thus it allows only authorized users to access our E-Mail server.
Module 2: Encryption Module
This module is useful in achieving the security for our whole system by encrypting the E-Mail with DESede algorithm before sending the mail to the E-Mail server. Thus server will receive only the cipher text , because the E-mail message is encrypted in the client browser itself.
Module 3: KEY Server
The Key-Server module will generate the Private Key for each and every user and it will issue the private key to the users those who want to read the mail. Before issuing the private key to the user it will verify the user weather he is an authorized user or not.
Module 4: Decryption Module
The decryption module will decrypt the Received mail by using the downloaded private key from key-Server. After decrypting the mail the user can able to read that mail, unless he can’t read the Mail.
SOURCE CODE
ACTION.jsp
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta
http-equiv="content-language" content="cs" />
<meta name="robots" content="all,follow" />
<meta name="author" content="All: ... [Nazev webu - www.url.cz]; e-mail:
info@url.cz" />
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">
<!--
.style1 {font-family:
-->
</style>
</head>
<body id=”www-url-cz”>
<!—Main-->
<div id=”main class =”box”>
<!—Header-->
<div id=”header”>
<script type="text/javascript">
function validate()
{
if(document.getElementById("name").value=="")
{
alert("Enter Username");
return false
}
if(document.getElementById("pass").value=="")
{
alert("Enter password");
return false
}
return true
}
</script>
</head>
<body id="www-url-cz">
<!-- Main -->
<div id="main" class="box">
<!-- Header -->
<div id="header">
<!--Logotyp -->
<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />
<br />
<font size="1"> For Clientside Security </font>
<hr class="noscreen" />
<!-- Quick links -->
<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>
<hr />
</div>
<!-- Search -->
</div>
<!-- /header -->
<!-- Main menu (tabs) -->
<div id="tabs" class="noprint">
<%
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="#">Login<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="register.jsp">Register<span class="tab-l"></span><span class="tab-r"></span></a></li>
</ul>
<hr class="noscreen" />
</div> <!-- /tabs -->
<!-- Page (2 columns) -->
<div id="page" class="box">
<div id="page-in" class="box">
<!-- Content -->
<div id="content">
<!-- Article -->
<div class="article">
<h2><span>Login</span></h2>
<form method="post" name = "login" onSubmit="return validate()" action="action.jsp" >
<p>
<table width="316" border="0" >
<tr >
<td><span class="style1"><font size="3">Username</font></span></td>
<td><input type = "text" name = "name" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Password</font></span></td>
<td><input type = "password" name = "pass" id= "pass" />
</td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td>
<input type="submit" name="Submit" value="Submit" align = "right" /></td></tr>
</table>
<p class="info noprint"> </p>
</form>
</p>
</div> <!-- /article -->
</div> <!-- /content -->
<!-- Right column -->
<div id="col" class="noprint">
<div id="col-in">
<!-- Category -->
<h3 ><span>WebIBC</span></h3>
<ul id="category">
<br><br>
<FONT SIZE="2" face="
</ul>
<hr class="noscreen" />
<hr class="noscreen" />
<!-- Links -->
<hr class="noscreen" />
</div> <!-- /col-in -->
</div> <!-- /col -->
</div> <!-- /page-in -->
</div> <!-- /page -->
<!-- Footer -->
<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a href="#header" title="Back on top ^">^<span></span></a></p></div>
<hr class="noscreen" />
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> <!-- DON´T REMOVE, PLEASE! --></p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com"></a></p>
</div> <!-- /footer -->
</div> <!-- /main -->
</body>
</html>
Action.jsp
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<%@ page import="java.sql.*"%>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta
http-equiv="content-language" content="cs" />
<meta name="robots" content="all,follow" />
<meta name="author" content="All: ... [Nazev webu - www.url.cz]; e-mail:
info@url.cz" />
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">
<!--
.style1 {font-family:
-->
</style>
</head>
<body id="www-url-cz">
<!-- Main -->
<div id="main" class="box">
<!-- Header -->
<div id="header">
<!--Logotyp -->
<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />
<br />
<font size="1"> For Clientside Security </font>
<hr class="noscreen" />
<!-- Quick links -->
<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>
<hr />
</div>
<!-- Search -->
</div>
<!-- /header -->
<!-- Main menu (tabs) -->
<div id="tabs" class="noprint">
<%
boolean flag = false;
String n = request.getParameter("name");
String p = request.getParameter("pass");
String add = request.getRemoteAddr();
%>
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="#">Home<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="myacc.jsp?name=<%=n%>">My Account<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="compose.jsp?name=<%=n%>">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>
</ul>
<hr class="noscreen" />
</div> <!-- /tabs -->
<!-- Page (2 columns) -->
<div id="page" class="box">
<div id="page-in" class="box">
<!-- Content -->
<div id="content">
<!-- Article -->
<div class="article">
<h2><span>Welcome <%=n%> !</span><br>
<FONT SIZE="5" face = "Monotype Corsiva">
<a href ="showmail.jsp?name=<%=n%>">Inbox </a></FONT></h2>
<h3> About WebIBC </h3><p>
WebIBC is a pure JavaScript/HTML based Web security system aiming at providing Web 2.0 applications with strong cryptography. With WebIBC a user can protect herself even against evil Web application service provider. WebIBC also provides a mechanism for Web application service providers that they can guarantee they will not do evil. Before using WebIBC the user should authenticate himself to a trusted third party to retrieve his private key used in the system. The key is generated by the trusted third party and is binded with user's identity. User will use this key to cipher a message. </p>
<%
// out.println(n);
//out.println(p);
//session.setAttribute("username",n);
//session.setAttribute("passwr",p);
//session.setAttribute("ipaddr",add);
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st = con.createStatement();
//out.println(p);
String query="select * from user where username='"+n+"' and password= '"+p+"'";
ResultSet rs =st.executeQuery(query);
//String cn = rs.getString("country");
//String ct = rs.getString("city");
if(rs.next())
{
//out.println(uname);
//out.println(pass);
//if(uname.equals(n) && pass.equals(p))
//
{
java.util.Date d = new java.util.Date();
//long intime = d.getTime();
//int intime1 = d.getDate();
int intime2 = d.getHours();
int intime3 = d.getMinutes();
int intime4 = d.getSeconds();
String h = Integer.toString(intime2);
String m = Integer.toString(intime3);
String s = Integer.toString(intime4);
//int intime5 = d.getMonth();
//int intime6 = d.getYear();
String t = h+":"+m+":"+s;
//out.println(t+uname+pass);
}
else
{
response.sendRedirect("index.html");
}
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
%>
</p>
</div> <!-- /article -->
</div> <!-- /content -->
<!-- Right column -->
<div id="col" class="noprint">
<div id="col-in">
<!-- About Me -->
<h3><span><a href="#">About Me</a></span></h3>
<div id="about-me">
<p><strong><%=n%></strong><br />
</p>
</div> <!-- /about-me -->
<hr class="noscreen" />
<!-- Category -->
<h3 ><span>Contacts</span></h3>
<%
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st1 = con1.createStatement();
//out.println(p);
String query1="select mail from user ";
ResultSet rs1 =st1.executeQuery(query1);
while(rs1.next())
{
out.println(rs1.getString("mail"));
out.println("<br>");
}
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
%>
<hr class="noscreen" />
<hr class="noscreen" />
<!-- Links -->
<hr class="noscreen" />
</div> <!-- /col-in -->
</div> <!-- /col -->
</div> <!-- /page-in -->
</div> <!-- /page -->
<!-- Footer -->
<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a href="#header" title="Back on top ^">^<span></span></a></p></div>
<hr class="noscreen" />
<p id="createdby">created by <a href="http://www.nuvio.cz">satesh | Spiro</a> <!-- DON´T REMOVE, PLEASE! --></p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com">www.Spiro.com</a></p>
</div> <!-- /footer -->
</div> <!-- /main -->
</body>
</html>
Register.jsp
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta
http-equiv="content-language" content="cs" />
<meta name="robots" content="all,follow" />
<meta name="author" content="All: ... [Nazev webu - www.url.cz]; e-mail:
info@url.cz" />
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">
<!--
.style1 {font-family:
-->
</style>
<script type="text/javascript">
function validate()
{
if(document.getElementById("name").value=="")
{
alert("Enter Username");
return false
}
if(document.getElementById("pass").value=="")
{
alert("Enter password");
return false
}
return true
}
</script>
</head>
<body id="www-url-cz">
<!-- Main -->
<div id="main" class="box">
<!-- Header -->
<div id="header">
<!--Logotyp -->
<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />
<br />
<font size="1"> For Clientside Security </font>
<hr class="noscreen" />
<!-- Quick links -->
<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>
<hr />
</div>
<!-- Search -->
</div>
<!-- /header -->
<!-- Main menu (tabs) -->
<div id="tabs" class="noprint">
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="index.html">Login<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="#">Register<span class="tab-l"></span><span class="tab-r"></span></a></li>
</ul>
<hr class="noscreen" />
</div> <!-- /tabs -->
<!-- Page (2 columns) -->
<div id="page" class="box">
<div id="page-in" class="box">
<!-- Content -->
<div id="content">
<!-- Article -->
<div class="article">
<h2><span>Register</span></h2>
<form method="post" name = "register" onSubmit="return validate()" action="regres.jsp" >
<p>
<table width="316" border="0" >
<tr >
<td><span class="style1"><font size="3">Username</font></span></td>
<td><input type = "text" name = "uname" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Password</font></span></td>
<td><input type = "password" name = "pass" id= "pass" />
</td>
</tr>
<tr >
<td><span class="style1"><font size="3">Name</font></span></td>
<td><input type = "text" name = "name" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Gender</font></span></td>
<td> <select name="sex" >
<option value="MALE">MALE</option>
<option value="FEMALE">FEMALE</option>
</select>
</td>
</tr>
<tr >
<td><span class="style1"><font size="3">Country</font></span></td>
<td> <select name="country" >
<option value="Select Nationality">Select Country</option>
<option value='ABW'>
<option value='AFG'>AFGANISTAN</option>
<option value='AGO'>
<option value='AND'>PRINCIPALITY OF ANDORRA</option>
<option value='ANT'>NETHERLANAD ANTILLES</option>
<option value='ARG'>
<option value='ARM'>
<option value='ATG'>ANTIQUA AND BARBUDA</option>
<option value='AUS'>
<option value='AUT'>
<option value='AZE'>AZERBEIJAN</option>
<option value='BEL'>
<option value='BEN'>
<option value='BFA'>BURKINOFASO</option>
<option value='BGR'>
<option value='BHR'>
<option value='BLR'>
<option value='BLZ'>
<option value='BOL'>
<option value='BON'>
<option value='BRA'>
<option value='BRB'>
<option value='BTN'>
<option value='BWA'>
<option value='CAN'>
<option value='CHL'>
<option value='CHN'>
<option value='
<option value='COM'>UNION OF COMOROS</option>
<option value='CPV'>
<option value='CRC'>
<option value='CRI'>
<option value='CUB'>
<option value='CYP'>
<option value='CYP'>
<option value='CYR'>CYRIA</option>
<option value='CZC'>CZECH</option>
<option value='DAK'>
<option value='DEU'>
<option value='DNK'>
<option value='DOM'>
<option value='DZA'>
<option value='ECU'>
<option value='EGY'>
<option value='ERI'>
<option value='ESP'>
<option value='EST'>
<option value='ETH'>
<option value='FIJ'>
<option value='FIN'>
<option value='FRA'>
<option value='GBR'>
<option value='GEO'>
<option value='GHA'>
<option value='GMB'>
<option value='GNB'>GUINEA BISSAU</option>
<option value='GRC'>
<option value='GRD'>
<option value='GTM'>
<option value='GUY'>
<option value='HKG'>HONG KONG SPL ADMN REGION</option>
<option value='HND'>
<option value='HNG'>
<option value='HRV'>
<option value='IDN'>
<option value='
<option value='IRA'>
<option value='IRL'>
<option value='IRQ'>
<option value='ISR'>
<option value='ITA'>
<option value='JAM'>
<option value='JOR'>
<option value='JPN'>
<option value='KAZ'>KAZAKSTAN</option>
<option value='KEN'>
<option value='KGZ'>KYRGYSTAN</option>
<option value='KHM'>
<option value='KNA'>
<option value='KOR'>KOREA (NORTH)</option>
<option value='KWT'>
<option value='LAO'>
<option value='LBN'>
<option value='LBR'>
<option value='LBY'>
<option value='LCA'>
<option value='LKA'>
<option value='LSO'>
<option value='LTU'>
<option value='LUX'>
<option value='LVA'>
<option value='MDG'>
<option value='MDV'>
<option value='MEX'>
<option value='MKD'>
<option value='MLI'>
<option value='MLT'>
<option value='MMR'>
<option value='MNG'>
<option value='MOR'>
<option value='MOZ'>
<option value='MRT'>
<option value='MUS'>
<option value='MWI'>
<option value='MYS'>
<option value='
<option value='NAR'>
<option value='NGA'>
<option value='NIA'>
<option value='NIB'>DAR-US-SALAM</option>
<option value='NIG'>
<option value='NLD'>
<option value='NOR'>
<option value='NPL'>
<option value='NZL'>
<option value='OMN'>
<option value='PAN'>
<option value='PER'>
<option value='PHL'>PHILLIPINES</option>
<option value='PNG'>PAPUA NEW GUINEA</option>
<option value='POL'>
<option value='PRK'>KOREA (SOUTH)</option>
<option value='PRT'>
<option value='QAT'>
<option value='REU'>
<option value='ROU'>
<option value='RUS'>
<option value='RWA'>
<option value='SAU'>
<option value='SBN'>
<option value='SDN'>
<option value='SGP'>
<option value='SNG'>
<option value='SOM'>
<option value='SUR'>
<option value='SVK'>
<option value='SWE'>
<option value='SWZ'>
<option value='SYC'>SEYCHELES</option>
<option value='SYR'>
<option value='TCD'>
<option value='TGO'>
<option value='THA'>
<option value='TJK'>
<option value='TKM'>
<option value='TTO'>TRINIDAD & TOBAGO</option>
<option value='TUN'>
<option value='TUR'>
<option value='TWN'>
<option value='TZA'>
<option value='UAE'>UAE</option>
<option value='UGA'>
<option value='UKR'>
<option value='
<option value='UZB'>
<option value='VAT'>HOLY SEE VATICAN</option>
<option value='VCT'>SAINT VINCENT AND GRENADINES</option>
<option value='VEN'>
<option value='VEN'>VENEZULA</option>
<option value='VNM'>
<option value='YEM'>
<option value='YER'>
<option value='YUG'>SERBIA AND MONTEGRO</option>
<option value='ZAF'>
<option value='ZAR'>
<option value='ZMB'>
<option value='ZWE'>
</select>
</td>
</tr>
<tr >
<td><span class="style1"><font size="3">City</font></span></td>
<td><input type = "text" name = "city" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">E-mail ID</font></span></td>
<td><input type = "text" name = "mail" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font
size="3">
<td><input type = "text" name = "phone" id="name" /></td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td>
<input type="submit" name="Submit" value="Submit" align = "right" /></td></tr>
</table>
<p class="info noprint"> </p>
</form>
</p>
</div> <!-- /article -->
</div> <!-- /content -->
<!-- Right column -->
<div id="col" class="noprint">
<div id="col-in">
<!-- Category -->
<h3 ><span>WebIBC</span></h3>
<ul id="category">
<br><br>
<FONT SIZE="2" face="
</ul>
<hr class="noscreen" />
<hr class="noscreen" />
<!-- Links -->
<hr class="noscreen" />
</div> <!-- /col-in -->
</div> <!-- /col -->
</div> <!-- /page-in -->
</div> <!-- /page -->
<!-- Footer -->
<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a href="#header" title="Back on top ^">^<span></span></a></p></div>
<hr class="noscreen" />
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> <!-- DON´T REMOVE, PLEASE! --></p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com"></a></p>
</div> <!-- /footer -->
</div> <!-- /main -->
</body>
</html>
READMAIL.jsp
<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<%@ page import="java.sql.* , java.util.*,java.io.File.*" %>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<!-- Declaration-->
<%! String sno,str2,str3,str1,str4,str5,str6,str7,str8; %>
<!-- main coding-->
<%
str1=request.getParameter("uname");
str2=request.getParameter("pass");
str3=request.getParameter("name");
str4=request.getParameter("sex");
str5=request.getParameter("country");
str6=request.getParameter("city");
str7=request.getParameter("mail");
str8=request.getParameter("phone");
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con0 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st0 = con0.createStatement();
//out.println(p);
String query="select * from user where username='"+str1+"'";
ResultSet rs =st0.executeQuery(query);
//String vname = rs.getString(1);
if(rs.next()== true)
{
String str = "Username already exist ! ";
response.sendRedirect("register.jsp?str="+str+"");
}
else
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:ibc");
Statement st=con.createStatement();
Statement st1=con.createStatement();
Statement st2=con.createStatement();
Statement st3=con.createStatement();
String app="INSERT INTO user(username,password,name,sex,country,city,mail,mobile) values( '"+str1+"','"+str2+"','"+str3+"','"+str4+"','"+str5+"','"+str6+"','"+str7+"','"+str8+"')";
String app1 = "INSERT INTO authen(username) values('"+str1+"')";
String app2 = "INSERT INTO mailserverdb(username) values('"+str1+"')";
String app3 = "INSERT INTO keyserverdb(username,mail) values('"+str1+"','"+str7+"')";
int i=st.executeUpdate(app);
int j=st1.executeUpdate(app1);
int k=st2.executeUpdate(app2);
int l=st3.executeUpdate(app3);
File f= new File("D:/IBC/mailserver/"+str3);
f.mkdir();
//out.println("User Registered Sucessfully");
con.close();
response.sendRedirect("sucess.jsp");
}
}
catch(Exception e)
{
out.println(e);
}%>
</body>
</html>
Compose.jsp
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<%@ page import="java.sql.*"%>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="content-language" content="cs"
/>
<meta name="robots" content="all,follow" />
<meta name="author"
content="All: ... [Nazev
webu - www.url.cz]; e-mail: info@url.cz" />
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">
<!--
.style1 {font-family:
-->
</style>
</head>
<body id="www-url-cz">
<!-- Main -->
<div id="main" class="box">
<!-- Header -->
<div id="header">
<!--Logotyp -->
<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />
<br />
<font size="1"> For Clientside Security </font>
<hr class="noscreen" />
<!-- Quick links -->
<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>
<hr />
</div>
<!-- Search -->
</div>
<!-- /header -->
<!-- Main menu (tabs) -->
<div id="tabs" class="noprint">
<%
boolean flag = false;
String n = request.getParameter("name");
String p = request.getParameter("pass");
String add = request.getRemoteAddr();
String from = null;
%>
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="showmail.jsp?name=<%=n%>">Inbox<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="myacc.jsp?name=<%=n%>">About Me<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="compose.jsp?name=<%=n%>">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>
/ul>
<hr class="noscreen" />
</div> <!-- /tabs -->
<!-- Page (2 columns) -->
<div id="page" class="box">
<div id="page-in" class="box">
<!-- Content -->
<div id="content">
<!-- Article -->
<div class="article">
<h2> Send a Cryptographic Message </h2>
</p>
</div> <!-- /article -->
<FORM METHOD="post" ACTION="msgsend.jsp" >
<%
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st1 = con1.createStatement();
//out.println(p);
String query1="select * from user where username='"+n+"' ";
ResultSet rs1 =st1.executeQuery(query1);
while(rs1.next())
{
from = rs1.getString("mail");
}
out.println("<table cellpadding=20 ><tr><td>From : </td><td><font size=5 face=times new roman>"+from+"</font></td></tr>");
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
%>
<tr><td>TO :</td><td><input type = "text" name="to" size ="40" /></td></tr>
<tr><td>Subject :</td><td><input type = "text" name="subject" size ="40"/></td></tr>
<tr><td> </td><td><textarea cols="50" rows="20" name="message" ></textarea></td></tr>
<tr><td> </td><td><input type="submit" name="submit" value=" Send " ></td></tr>
</table>
<INPUT TYPE="hidden" NAME="from" value="<%=from%>">
<INPUT TYPE="hidden" NAME="name" value="<%=n%>">
</FORM>
</div> <!-- /content -->
<!-- Right column -->
<div id="col" class="noprint">
<div id="col-in">
<!-- About Me -->
<h3><span><a href="#">About Me</a></span></h3>
<div id="about-me">
<p><strong><%=n%></strong><br />
</p>
</div> <!-- /about-me -->
<hr class="noscreen" />
<!-- Category -->
<h3 ><span>Contacts</span></h3>
<hr class="noscreen" />
<hr class="noscreen" />
<!-- Links -->
<hr class="noscreen" />
</div> <!-- /col-in -->
</div> <!-- /col -->
</div> <!-- /page-in -->
</div> <!-- /page -->
<!-- Footer -->
<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a href="#header" title="Back on top ^">^<span></span></a></p></div>
<hr class="noscreen" />
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> <!-- DONT REMOVE, PLEASE! --></p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com"></a></p>
</div> <!-- /footer -->
</div> <!-- /main -->
</body>
</html>
Sendmail.jsp
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<%@ page import="java.sql.*,java.io.*"%>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="content-language" content="cs"
/>
<meta name="robots" content="all,follow" />
<meta name="author"
content="All: ... [Nazev
webu - www.url.cz]; e-mail: info@url.cz" />
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">
<!--
.style1 {font-family:
-->
</style>
</head>
<body id="www-url-cz">
<!-- Main -->
<div id="main" class="box">
<!-- Header -->
<div id="header">
<!--Logotyp -->
<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />
<br />
<font size="1"> For Clientside Security </font>
<hr class="noscreen" />
<!-- Quick links -->
<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>, <a href="#search">search</a>.</em></p>
<hr />
</div>
<!-- Search -->
</div>
<!-- /header -->
<!-- Main menu (tabs) -->
<div id="tabs" class="noprint">
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="#">Home<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="#">About Me<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="compose.jsp">Compose<span class="tab-l"></span><span class="tab-r"></span></a></li>
<li><a href="#">Contact<span class="tab-l"></span><span class="tab-r"></span></a></li>
</ul>
<hr class="noscreen" />
</div> <!-- /tabs -->
<!-- Page (2 columns) -->
<div id="page" class="box">
<div id="page-in" class="box">
<!-- Content -->
<div id="content">
<!-- Article -->
<div class="article">
<table width="200" border="1">
<%
boolean flag = false;
String n = request.getParameter("name");
String p = request.getParameter("pass");
String add = request.getRemoteAddr();
String name=null,sub=null,msgdate=null,msgtime=null,message=null,mailaddr=null;
java.util.Date d = new java.util.Date();
int intime5 = d.getDate();
int intime6 = d.getMonth();
int intime7 = d.getYear();
String dt = Integer.toString(intime5);
String mon = Integer.toString(intime6+1);
String year = Integer.toString(intime7+1900);
//int intime5 = d.getMonth();
//int intime6 = d.getYear();
String cdate = dt+"-"+mon+"-"+year;
//get date
int intime2 = d.getHours();
int intime3 = d.getMinutes();
int intime4 = d.getSeconds();
String h = Integer.toString(intime2);
String m = Integer.toString(intime3);
String s = Integer.toString(intime4);
//int intime5 = d.getMonth();
//int intime6 = d.getYear();
String t = h+":"+m+":"+s;
%>
<h2> Welcome <%=n%> </h2>
</p>
<FORM METHOD="post" ACTION="msgsend.jsp" >
<%
out.println("<table cellpadding=20 ><tr><td width =100><h4>From</h4></td><td width=200><h4>Subject</h4></td><td><h4>Date</h4></td><td><h4>Time</h4></td></h2></tr>");
out.println("<tr><td colspan=4>-------------------------------------------------------------------------------------------</td></tr>");
out.println("<tr><td>Admin</td><td>Welcome to IBC</td><td>"+cdate+"</td><td>"+t+"</td></h2></tr>");
out.println("<tr><td colspan=4>-------------------------------------------------------------------------------------------</td></tr>");
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st1 = con1.createStatement();
//out.println(p);
String query1="select mail from user where username='"+n+"' ";
ResultSet rs1 =st1.executeQuery(query1);
while(rs1.next())
{
mailaddr=rs1.getString("mail");
}
//out.println(mailaddr);
}
catch(Exception ae)
{
out.println(ae+"1");
ae.printStackTrace();
}
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con2 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st2 = con2.createStatement();
//out.println(p);
String query2="select * from mailserverdb where toaddr='"+mailaddr+"' ";
ResultSet rs2= st2.executeQuery(query2);
while(rs2.next())
{
name=rs2.getString("username");
//out.println(from);
sub=rs2.getString("subject");
//out.println(sub);
message=rs2.getString("message");
//out.println(message);
msgdate=rs2.getString("msgdate");
//out.println(msgdate);
msgtime=rs2.getString("msgtime");
out.println("<tr><td>"+name+"</td><td>"+sub+"</td><td>"+msgdate+"</td><td>"+msgtime+"</td></tr>");
out.println("<tr><td colspan=4>----------------------------------------------------</td></tr>");
}
}
catch(Exception a)
{
out.println(a+"2");
a.printStackTrace();
}
%>
</table>
</FORM>
</div> <!-- /article -->
</div> <!-- /content -->
<!-- Right column -->
<div id="col" class="noprint">
<div id="col-in">
<!-- About Me -->
<h3><span><a href="#">About Me</a></span></h3>
<div id="about-me">
<p><strong><%=n%></strong><br />
</p>
</div> <!-- /about-me -->
<hr class="noscreen" />
<!-- Category -->
<h3 ><span>Contacts</span></h3>
<%/*
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st1 = con1.createStatement();
//out.println(p);
String query1="select mail from user ";
ResultSet rs1 =st1.executeQuery(query1);
while(rs1.next())
{
out.println(rs1.getString("mail"));
out.println("<br>");
}
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
*/%>
<hr class="noscreen" />
<hr class="noscreen" />
<!-- Links -->
<hr class="noscreen" />
</div> <!-- /col-in -->
</div> <!-- /col -->
</div> <!-- /page-in -->
</div> <!-- /page -->
<!-- Footer -->
<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a href="#header" title="Back on top ^">^<span></span></a></p></div>
<hr class="noscreen" />
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> <!-- DONT REMOVE, PLEASE! --></p>
<p id="copyright">© 2009 <a href="mailto:my@in.com"></a></p>
</div> <!-- /footer -->
</div> <!-- /main -->
</body>
</html>
CHAPTER-12
FUTURE WORK
In this project, Encryption is done using text .In future data will be encrypted using image or picture.
CHAPTER-13
CONCLUSION
We finally conclude An Identity Base Encryption (IBE) scheme is a public-key cryptosystem where any string is a valid public key. In particular, email addresses and dates can be public keys. For many situations in distributed network environments, Identity Base cryptography is a must during communications.
BIBLIOGRAPHY
- Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, Xianghao Nan- “WebIBC: Identity Based Cryptography for Client Side Security in Web Applications”, IEEE, 2008
- Yongjun Ren,Jiandong Wang, Youdong Zhang,Liming Fang – “Identity-Based Key Issuing Protocol for Ad Hoc Networks”, 2007 IEEE International Conference on Computational Intelligence and Security
Comments
Post a Comment