SECURE EMAIL TRANSACTION SYSTEM.

ABSTRACT

Communication is the backbone of any enterprise. Communication, without exchange of data, is unimaginable. In the context of communication between Enterprise level applications, the amount of data would be huge. So using traditional approaches in Electronic Data Interchange wouldn t suffice.

!or our pro"ect we have introduced and incorporated the theoretical ideas of Cryptography directly into the sending and receiving of e#mails through our e#mail application. $e use %S& Encryption System application. 'he challenging task of using %S& Encryption has never been tried before on an email application.

It makes use of %S& Cryptographic System along with the re(uired text for the mail from user. 'his is a default security system for message sending .'o enable cryptographic features into the message text for email application, generation of keys plays a significant role. 'he public and private keys should be generated depending upon the user input on the key selected and based on the bit value for which the operations should be performed .

'he amount of sophistication involved in sending a secured message is the main feature of this application. 'his level of security would definitely give the hackers a hard chase even coming close to knowing the message content TABLE OF CONTENTS CHAPTER TITLE PAGE NO.

ABSTRACT LIST OF TABLES LIST OF FIGURES

iv viii

vii

1.

INTRODUCTION

) ) ) 0 1 2 4

).) )./ )./.) )././ )./.0 )./.3

*%+,EC' +-,EC'I.E *%+,EC' +.E%.IE$ Cryptography %S& algorithm -asic Encryption process ,ava mail &*I

).0

'++5 S'6D7 ,ava 9S &ccess

)8 )8 ): )1 )4 /8 /) /) /) // /0 /0 /3 /: /1

).0.) ).0./ /. 0. 3. :.

SYSTEM ANALYSIS SYSTEM REQUIREMENT SYSTEM SPECIFICATION SYSTEM DESIGN :.) 9&,+% S7S'E9 DESI;< &C'I.I'7 Input design +utput design *rogram design 5+;IC&5 DESI;<

:.).) :.)./ :.).0

:./

1. =. 2.

SYSTEM DEVELOPMENT SYSTEM IMPLEMENTATION TESTING

1. =. 2.

SCREENSHOTS MAINTENANCE CONCLUSION RESUME REFERENCES LIST OF TABLES

/2 00 03 0: 01

'able *age

).) 6ser Information LIST OF FIGURES

!igure

*age 3 /2

).)

Encryption#Decryption Desktop !orm Encrypti on ! orm Decryption !orm >ey 9anager >ey ;eneration 9ailing !orm

/4 08 0) 0) 0/

2.) 2./ 2.0 2.3 2.: 2.1

).)*%+,EC' +-,EC'I.E Communication is the backbone of any enterprise. Communication, without exchange of data, is unimaginable. In the context of communication between Enterprise level applications, the amount of data would be huge. So using traditional approaches in Electronic Data Interchange wouldn t suffice.

SE'S is an innovative email system that provides high#level protection for emails on the Internet. SE'S users have safe and secure email correspondence. +nly the sender and recipient of SE'S can access emails sent through this service. 'he design goal was to develop a set of interfaces that would help in setting up an emailing environment. -ut the interfaces were such that the data could be sent not only to mail server, but also to any server capable of understanding mail protocols. 'hat brought almost every ,/EE server into the picture. 'hus &*Is created for mail exchange provided a means to exchange huge amounts of data.

)./ *%+,EC' +.E%.IE$

SE'S has been developed on the principles of public key cryptography, which uses a pair of asymmetric keys ?public and private@ for encryptionAdecryption. 'he public key is freely distributed to all interested parties, and can only be used to encrypt data. 'he private key is available to a mailbox owner only, and it is used to decrypt messages.

If anyone from the user s correspondents wants to write a secure letter to that user, he will encrypt the letter using the user s public key.

'he public key will be stored in the database as shown below

'able).) 6ser Information

uname %achael Senator ,eff Stevens 'racy $itney

6email Senator BrCyahoo.com "eff steve Crediffmail.com 'racy88: Cyahoo.com

u*ub>ey 313/)0/):23)0/)0)0/)/0)00 0/)=24)/8231))0)0/)30)3=4 4:)04=0:24/1:1/38338:1310

$hen the email is received, the user decrypts it using the private key. <o one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key.

'he ,ava9ail &pplication *rogramming Interface ?&*I@ provides a set of abstract classes defining ob"ects that comprise a mail system. 'he &*I defines classes like 9essage, Store and 'ransport. 'he &*I can be extended and can be subclassed to provide new protocols and to add functionality when necessary. In addition, the &*I provides concrete subclasses of the abstract classes. 'hese subclasses, including 9ime9essage and 9ime-ody*art, implement widely used Internet mail protocols. 'he ,ava9ail &*I doesn t properly validate authenticated user message number attribute, allowing authenticated users to view other s messages. 'his is a loophole in mail &*I s which is overcome in this pro"ect using high end security measures. It makes use of the complex %ivest Shamir &dleman?%S&@ encryption algorithm to provide a default security level to the client with the use public and private key pair. 'his involves generation of public and private key pairs and encrypting the message typed. 'his level of security would definitely give the hackers a hard chase to even coming close to knowing the message content.

)./.) Crytography Cryptography is the study of mathematical techni(ues related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. It is the science of encoding and decoding secret messages.

Cryptography is the science of translating messages into ciphers or codes. 'he protection of sensitive communications has been the purpose of cryptography for most of history. 'he beginnings of cryptology can be traced to the hieroglyphics of early Egyptian civiliDation ?)488 -.C.@. Ciphering has always been considered vital for diplomatic and military secrecy. %ecent successes in applying certain aspects of computer science and physics to cryptology seem to be leading to more secure systems in which encryption is implemented with sophisticated digital electronics.

Encryption is the process of taking any form of data ?plaintext@ message and scrambling it so that it becomes unreadable to anyone, except the authoriDed receiver who has a key to decrypt it. Encryption produces a ciphertext ?coded message@. 'he process of turning the ciphertext back into a plaintext is called decryption. Encryption and decryption re(uire the use of some secret information, called a key. 'raditionally, &lice is the sender of the information, -ob is the authoriDed receiver, and the eavesdropper is obviously name Eve. 'he basic problem of distributing a key between &lice and -ob is to make a safe transfer despite eavesdropping attempts. & plaintext message is encrypted using the key. +nly a person with the same key can decrypt it back to the plaintext?!igure ).)@. Cryptographic ;oals

!ig ).)

Encryption#Decryption

+f all the information security ob"ectives the following four form a framework upon which the others will be derivedE ?)@ privacy or confidentiality F?/@ data integrity F ?0@ authentication F and ?3@ non#repudiation .

).Confidentiality is a service used to keep the content of information from all but those authoriDed to have it. Secrecy is a term synonymous with confidentiality and privacy.'here are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible.

/. Data integrity is a service which addresses the unauthoriDed alteration of data. 'o assure data integrity, one must
have the ability to detect data manipulation by unauthoriDed parties. Data manipulation includes such things as insertion, deletion, and substitution.

0. &uthentication is a service related to identification. 'his function applies to both entities and information itself.
'wo parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. !or these reasons this aspect of cryptography is usually subdivided into two ma"or classesE entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity ?for if a message is modified, the source has changed@.

3. <on#repudiation

is

service

which

prevents

an

entity

from

denying

previous

commitments

or actions. $hen disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. !or example, one entity may authoriDe the purchase of property by another entity and later deny such authoriDation was granted. & procedure

involving a trusted third party is needed to resolve the dispute. & fundamental goal of cryptography is to ade(uately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities.

'here are a number of basic cryptographic tools ?primitives@ used to provide information security. Examples of primitives include encryption schemes , hash functions , and digital signature schemes which provides a schematic listing of the primitives considered and how they relate. 'hese primitives should be evaluated with respect to various criteria such asE

). 5evel of security. 'his is usually difficult to (uantify. +ften it is given in terms of the number of operations
re(uired ?using the best methods currently known@ to defeat the intended ob"ective. 'ypically the level of security is defined by an upper bound on the amount of work necessary to defeat the ob"ective. 'his is sometimes called the work factor.

/. !unctionality. *rimitives will need to be combined to meet various information security ob"ectives. 'he
primitives that are most effective for a given ob"ective will be determined by the basic properties of the primitives.

0. 9ethods of operation. *rimitives, when applied in various ways and with various inputs, will typically exhibit
different characteristicsF thus, one primitive could provide very different functionality depending on its mode of operation or usage.

3. *erformance. 'his refers to the efficiency of a primitive in a particular mode of operation. ?!or example, an
encryption algorithm may be rated by the number of bits per second which it can encrypt.@

)././ %S& &lgorithm 'he %S& algorithm is named after %on %ivest, &di Shamir and 5en &dleman, who invented it in )4==. 'he basic techni(ue was first discovered in )4=0 by Clifford Cocks of CES; ?part of the -ritish ;CGH@ but this was a secret until )44=. 'he %S& algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. >ey ;eneration &lgorithm

).

;enerate two large random primes, p and (, of approximately e(ual siDe such that their product n

= pq is of the re(uired bit length, e.g. )8/3 bits.

/. Compute n I p( and ?4@ phi I ?p#)@?(#)@. 0. Choose an integer e, ) J e J phi, such that gcd?e, phi@ I ). 3. :.
Compute the secret exponent d, ) J d J phi, such that ed I ) ?mod phi@. 'he public key is ?n, e@ and the private key is ?n, d@. 'he values of p, (, and phi should also be

kept secret.

K K K

n is known as the modulus. e is known as the public exponent or encryption exponent. d is known as the secret exponent or decryption exponent.

Encryption

Sender & does the followingE#

). +btains the recipient - s public key ?n, e@. /. %epresents the plaintext message as a positive integer m. 0. Computes the ciphertext c I me mod n. 3. Sends the ciphertext c to -.
Decryption %ecipient - does the followingE#

). 6ses his private key ?n, d@ to compute m I cd mod n. /. Extracts the plaintext from the integer representative m.
Digital signing Sender & does the followingE#

). Creates a message digest of the information to be sent. /. %epresents this digest as an integer m between 8 and n#). 0. 6ses her private key ?n, d@ to compute the signature s I md mod n. 3. Sends this signature s to the recipient, -.
Signature verification %ecipient - does the followingE#

). 6ses sender & s public key ?n, e@ to compute integer v I se mod n.

/. Extracts the message digest from this integer.

0. Independently computes the message digest of the information that has been signed.

If both message digests are identical, the signature is valid.

)./.0 -asic Encryption *rocess 'he basic process ensures that when the user feeds the message, the message is delivered to the other end using proper security measures. 'his is where the %S& algorithm is used as a default security measure for each and every mail being sent out to the other end. 'he %S& algorithm itself only encrypts numbers. &ll computer data is ultimately "ust binary numbers, so the message could be broken into segments and %S& can be applied to each segment. ;eneration of keys 'he %S& encryption and decryption makes use of key pairs. 'wo big random prime numbers are generated which in turn calculates the variables used to produce the keys. 'he variables are used to generate the public and private keys. 'he message typed by the user is encrypted by using the private key. $hen decrypted with the public key it reproduces the original message. 'his process is secure, because the only way to decrypt and reproduce the original text is by knowing the private key. Choice of >ey SiDe 'he feature to select the key siDe is provided to the user for increasing the complexity of the message. Sender s choice for Encryption $hen the sender has to send a message to the receiver, heAshe must be sure of the encryption levels re(uired before sending the message. 'his system provides the user to make the choice of generating digital certificates or digital signature. Digital Signatures and Certificates $ith %S&, the encryption and decryption techni(ues are very similar. &fter typing in the message and selecting the key siDe the user makes a choice of how he has to encrypt it. 'he cipher text produced is a digital signature. $hen decrypted with the public key it reproduces the original message. 'his process is secure, because the only way to decrypt a particular message ?encrypted by the public key@ is by applying the private key. &fter typing in the message and selecting the key siDe, then the user makes the choice of how he has to encrypt it.

)./.3

,ava9ail

&*I

Sending of Emails 'he encrypted messages are send to the form where the mails are to be send and from this point ,ava9ail &*I takes over. $henever a particular mail is being sent, there are various protocols which are being used to deliver the mail. *rotocols are rules that define an exact format for communication between systems. In the case of sender mailing systems, there are two main protocolsE L S9'*?Simple message transfer protocol@ &ny email client, to transfer mail, contacts the S9'* server of the organiDation that, in turn, delivers the message to the recipient s S9'* server. L 9I9E?9ultiple Internet mail Extension@ 9I9E is about the attachment and type of content being delivered. %eceiving an Email 'he message is received by the receiver and is moved on to the decryption phase which shows the actual data to the image. &s the sender the receiver also has the particular protocols used in receiving the Email. 'he protocols areE L *+*0?*ost office protocol#.ersion 0@ *+*0 "ust ensures that each user has his or her own mailbox. L I9&*?Internet 9essage access protocol@ $hile *+* is for offline access of messages, I9&* is for online access.

).0 '++5 S'6D7

'he tools that are used in our pro"ect are described in detail below ).0.) ,ava

,ava was developed at Sun 9icrosystems. $ork on ,ava initially began with the goal of creating a platform# independent language and +S for consumer electronics. 'he original intent was to use CMM, but as work progressed in this direction, developers identified that creating their own language would serve them better. 'oday ,ava is both a programming language and an environment for executing programs written in ,ava 5anguage. 6nlike traditional compilers, which convert source code into machine level instructions, the ,ava compiler

translates "ava source code into instructions that are interpreted by the runtime ,ava .irtual 9achine. So unlike languages like C and CMM, on which ,ava is based, ,ava is an interpreted language.

,ava is the first programming language designed from ground up with network programming in mind. 'he core &*I for ,ava includes classes and interfaces that provide uniform access to a diverse set of network protocols.

$hy Is ,ava InterestingN

In one of their early papers about the language, Sun described ,ava as followsE ,avaE & simple, ob"ect#oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high#performance, multithreaded, and dynamic language. Sun acknowledges that this is (uite a string of buDDwords, but the fact is that, for the most part, they aptly describe the language. In order to understand why ,ava is so interesting, let s take a look at the language features behind the buDDwords.

+b"ect#+riented

,ava is an object-oriented programming language. &s a programmer, this means that you focus on the data in your application and methods that manipulate that data, rather than thinking strictly in terms of procedures. In an ob"ect# oriented system, a class is a collection of data and methods that operate on that data. 'aken together, the data and methods describe the state and behavior of an ob"ect. Classes are arranged in a hierarchy, so that a subclass can inherit behavior from its superclass. 6nlike CMM, ,ava was designed to be ob"ect#oriented from the ground up. 9ost things in ,ava are ob"ectsF the primitive numeric, character, and boolean types are the only exceptions. Strings are represented by ob"ects in ,ava, as are other important language constructs like threads. & class is the basic unit of compilation and of execution in ,avaF all ,ava programs are classes.

Interpreted

,ava is an interpreted languageE the ,ava compiler generates byte#codes for the ,ava .irtual 9achine ?,.9@, rather than native machine code. 'o actually run a ,ava program, you use the ,ava interpreter to execute the compiled byte#codes. -ecause ,ava byte#codes are platform#independent, ,ava programs can run on any platform that the ,.9 ?the interpreter and run#time system@ has been ported to.

&rchitecture <eutral and *ortable

-ecause ,ava programs are compiled to an architecture neutral byte#code format, a ,ava application can run on any system, as long as that system implements the ,ava .irtual 9achine. 'his is a particularly important for applications distributed over the Internet or other heterogeneous networks. &pplications in ,ava can run on all platforms. 'he fact that ,ava is interpreted and defines a standard, architecture neutral, byte#code format is one big part of being portable

Dynamic and Distributed

,ava is a dynamic language. &ny ,ava class can be loaded into a running ,ava interpreter at any time. 'hese dynamically loaded classes can then be dynamically instantiated. <ative code libraries can also be dynamically loaded. Classes in ,ava are represented by the Class classF you can dynamically obtain information about a class at run#time.

'he distributed nature of ,ava really shines when combined with its dynamic class loading capabilities. 'ogether, these features make it possible for a ,ava interpreter to download and run code from across the Internet. Simple

,ava is a simple language. 'he ,ava designers were trying to create a language that a programmer could learn (uickly, so the number of language constructs has been kept relatively small. &nother design goal was to make the language look familiar to a ma"ority of programmers, for ease of migration.

%obust

,ava has been designed for writing highly reliable or robust software. ,ava certainly doesn t eliminate the need for software (uality assuranceF it s still (uite possible to write buggy software in ,ava. Gowever, ,ava does eliminate certain types of programming errors, which makes it considerably easier to write reliable software. ,ava is a strongly typed language, which allows for extensive compile#time checking for potential type#mismatch problems. Secure

+ne of the most highly touted aspects of ,ava is that it s a secure language. 'his is especially important because of the distributed nature of ,ava. ,ava was designed with security in mind, and provides several layers of security controls that protect against malicious code, and allow users to comfortably run untrusted programs such as applets. Some security holes were found in early versions of ,ava, but these flaws were fixed almost as soon as they were found, and it seems reasonable to expect that any future holes will be fixed "ust as (uickly.

Gigh#*erformance

,ava is an interpreted language, so it is never going to be as fast as a compiled language like C. !urthermore, the speed#critical sections of the ,ava run#time environment, that do things like string concatenation and comparison, are implemented with efficient native code. &s a further performance boost, many ,ava interpreters now include O"ust in timeO compilers that can translate ,ava byte#codes into machine code for a particular C*6 at run#time.. 'he performance of ,ava s interpreted byte#codes is much better than the high#level scripting languages ?even *erl@, but it still offers the simplicity and portability of those languages.

9ultithreaded

,ava is a multithreaded languageF it provides support for multiple threads of execution ?sometimes called lightweight processes@ that can handle different tasks. &n important benefit of multithreading is that it improves the interactive performance of graphical applications for the user. ,ava makes programming with threads much easier, by providing built#in language support for threads

,ava %untime Environment

'he runtime environment used to execute the code. It is made up of the "ava language and "ava virtual machine. It is portable and it is platform neutral.

,ava tools

It is used by the developers to create "ava code. 'hey include "ava compiler, "ava interpreter, classes, libraries and applet viewer.

,ava &pplication

&pplications are programs written in "ava to carry out certain tasks on stand alone local computer. Execution of a stand alone program involves two steps.

K K

Compiling the source code into byte code using "avac. Executing byte code program using " ava interpreter.

,ava &pplets

,ava applets are pieces of "ava code that are embedded in G'95 document using the applet tag. $hen the browser encounters such code it automatically download it and execute it.

,ava .irtual 9achine

It is a specification to which "ava codes must be written. &ll "ava code is to be compiled to be used in this nonexistent virtual machine. $riting the code which compiles in ,.9 ensures platform independence.

).0./ 9s &ccess $hat is a databaseN Huite simply, it s an organiDed collection of data. & database management system ?D-9S@ such as &ccess, !ile9aker *ro, +racle or SH5 Server provides you with the software tools you need to organiDe that data in a flexible manner. It includes facilities to add, modify or delete data from the database, ask (uestions ?or (ueries@ about the data stored in the database and produce reports summariDing selected contents. 9icrosoft &ccess provides users with one of the simplest and most flexible D-9S solutions on the market today. %egular users of 9icrosoft products will en"oy the familiar $indows Olook and feelO as well as the tight integration with other 9icrosoft +ffice family products. &n abundance of wiDards lessen the complexity of administrative tasks and the ever#present 9icrosoft +ffice Gelper is available for those who care to use it. -efore purchasing &ccess, be sure that your system meets 9icrosoft s minimum system re(uirements.

CHAPTER 15SYSTEM ANALYSIS

System analysis is the process of identification of the ob"ectives and re(uirements, evaluation of alternative solutions and recommendation for a more feasible solution. In other words, system analysis is the step#by#step process of gathering, recording and interpreting facts. It is the reduction of an entire system by studying the various operations. It includes studying the problems encountered in the present system and introducing a new computer system into an organiDation. 'he main aim of analysis is to determine problem areas and decide on solutions to reduce or eliminate them.

System analysis itself breaks into two stages. *reliminary and Detailed. During preliminary analysis the analyst list the ob"ectives of the proposed system. 'hese findings come together in the preliminary report. +nce the preliminary report is approved, the system analysis phase advances into a second stage. During detailed analysis re(uired data and information are collected and a detailed study is made.

During analysis, data are collected on the available files, decision points, and transactions of the system using various tools like data flow diagram.

!easibility Study

In any pro"ect, feasibility analysis is a very important stage. !easibility study is system proposal according to its workability, impact on the operation, ability to meet user needs and efficient use of resources. &ny pro"ect may face scarcity in resources, time or workforce. &n important outcome of the preliminary investigation is the determination whether the system re(uested is feasible or not. 'he key considerations involved in the feasibility analysis are technical, operational, and economic.

'echnical !easibility

'echnical feasibility is the most important of all types of feasibility analysis. 'echnical feasibility deals with hardware as well as software re(uirements. &n idea from the outline design to system re(uirements in terms of inputs outputs, files and procedures is drawn and the type of hardware, software, and the methods re(uired for running the systems are analyDed. >eeping in mind of the above considerations, the resource availability at this company was observed. It was found that the company has the sufficient resources to develop the current pro"ectF hence the system is technically feasible.

Economic !easibility

Economic analysis is the most fre(uently used method for evaluating the effectiveness of the software, more commonly known as the cost Abenefit analysis. 'he procedure is to determine the benefits and savings that are expected from a candidate system and compare them with costs. If the benefits outweigh cost, the decision is made to design and implement the systemF otherwise further alternatives have to be made. Gere it is seen that no new hardware or software is needed for the development of the system. Gence the pro"ect is economically feasible for development in this company.

Schedule !easibility

Schedule feasibility is concerned with the completion of the pro"ect development within the fixed time span. It is an important factor as it can affect other factors like machine availability, tools, cost development and delay in the development of other systems. -esides these, this pro"ect is assigned to the student as an academic exercise to be completed within a fixed period of time. Operati !a" Fea#i$i"it%

'he purpose of the operational feasibility study is to determine whether the new system would be used if it is developed and implementedN $ill there be resistance from users that will undermine the possible application benefitsN !rom the outputs of the meeting that was held with the system users, it was found that all of them support the development of new system. 'he positive response from them encouraged in building such a system.

CHAPTER 1& SYSTEM REQUIREMENT

&fter analyDing the re(uirements for our pro"ect we had come to the conclusion that our pro"ect users re(uire the following re(uirements.

Sender s %e(uirement

L <eeds a more user friendly interface. L 9ore and more security. L Security feature which are controlled by the user. L Complexity of the security. L 'he account bound with a separate username and password for every user. L <eeds an algorithm which can achieve integrity and authentication.
%eceiver s %e(uirement

L &ccess to the *+*0 server of the mail server from where the mails are going to be extracted. L <eeds a friendlier interface. L <eeds a security feature which could make the cryptanalysis more secure.
'he hardware and software re(uirements for the development phase of our pro"ect areE Software %e(uirements E

'ool 6sed !ront end -ack end

E <et-eans :.: E ,ava, ,/EE. E 9S &ccess

Gardware %e(uirements E

E *entium I. E /:1 9E 38 ;E 9S Compatible E Standard )83 >eys E Standard ):O E ).33 9*rocessor %&9 Capacity Gard Disk Space 9ouse >eyboard 9onitor !loppy Disk Drive

CHAPTER 1'SYSTEM DESIGN

'he most creative and challenging phase of the system life cycle is system design. 'he term design describes a final system and the process by which it is developed. It refers to the technical specification that will be applied in implementing the candidate system. It also include the construction of programs and program testing. 'he (uestion involved here is OGow the problem is solvedO.

System design is a transition from the user#oriented document to the document#oriented program or database personnel. It emphasiDes translating performance specification into the design specification and it involves conceiving and planning and then carrying out the plan for generating the necessary reports and outputs. Design phase acts as the bridge between the software re(uirements specifications and implementation phase , which satisfies the re(uirements

:.) 9&,+% S7S'E9 DESI;< &C'I.I'IES :.).) Input

DesignE

Input design is a process of converting user#oriented input to computer based format. It also includes determining the record media ,method of input, speed of capture and entry into the system. Input design consist of developing specification and procedures for data procedure for data preparations, those necessary steps into put transaction data into usable form of processing, data entry and activity of putting the data into computer for processing. !ive ob"ectives guiding the design are input focus on controlling the amount of input re(uired, avoiding delay, controlling error and keeping the steps simple. 'he following are decided by the system analyst during design phaseE

K K

'he data to input 'he details of how data should be arranged or coded

'he data item and transaction needed validation to detect errors.

&ll input processes have been designed with at most care to avoid entry of any kind of invalid data into the system. 'he input screens have been validated effectively in order to give the most accurate input details. *oints to be noted while designing the input screens are

K K K K

Don t overcrowd the input screen >eep the same style among the screens &sk for confirmation of critical data .alidate data as soon as possible on inputs

In our pro"ect the input design includes storing the informations like user name, email id, public key into the table named userData

:.)./ +utput DesignE

+utput are the most important and direct source of information to the user and to the management. Intelligent output design will improve the systems relationship with the user and help in decision making. +utput are also used to provide a permanent hard copy for the later consultation. 'hey are obtained in the form of response to the re(uests.

In our pro"ect by entering the user name the program automatically loads the public key and email id of that particular user thereby facilitating the user not to remember all these informations.

:.).0 *rogram Design E +n the design phase, the re(uirements analyDed during analysis phase are taken into consideration. 'he structure re(uire, the control flow etc are decided for efficient functioning of the system that was to be developed.

$e have to design the facilities for generating public keys and private keys,to encrypt a given text,decrypt it back,to mail an encrypted message with attachment facility.

:./ 5+;IC&5 DESI;<

5ogical design describes the format of inputs, outputs, and procedures that meets the user re(uirements. 'he design covers the followingE o %eviews the current physical system. o *repares the output specification. o *repares the Input specifications. o *repares control specifications. System development is a series of operations performed to manipulate data to produce output from a computer system. 'his is highly dependent on the programming language used. 'he principle activities during the development phase can be divided into two ma"or related se(uences E

). External system development /. Internal system development

'he ma"or external system development activities are E

). Implementation /. *lanning 0. E(uipment ac(uisition 3. Installation

'he ma"or internal system development activities are E

). Computer program development /. *erformance testing

'he implementation stage is the next step towards the problem solution. Gere the details like which coding language is used is decided and the coding is done in the specified language.

'he implementation is the practical "ob of putting a theoretical design in the practice. It may involve the complete implementation of a computer complex or the introduction of one small subsystem.

'he implementation phase of a pro"ect covers the period from the acceptance of the test design to its satisfactory operation support by the appropriate user and operations manual. It is a ma"or operation across the whole organiDational structure and re(uires a great deal of planning. *lanning for implementation must begin from the initial conception of the pro"ect. It re(uires a thorough knowledge of the new system, its personal needs, hardware and software re(uirements, file and procedure conversion activities, etc. +nly the analyst is responsible for creating the new system will possess this knowledge. Ge can plan, schedule and co# ordinate but has no executive powers.

CHAPTER (1 TESTING

System testing is the stage of implementation, which is aimed at ensuring that the system works accurately and efficiently before live operation commences. 'esting is vital to the success of the system. &n elaborate testing of data is prepared and the system is tested using this test data. $hile testing errors are noted and corrections are made. 'he users are trained to operate the developed system. -oth hardware and software securities are made to run the developed system successfully in future. 'esting stepsE

K K K K K

6nit 'esting Integration 'esting .alidation 'esting +utput 'esting 6ser &cceptance 'esting

6nit 'esting

6nit testing focuses verification efforts on the smallest unit of software design, the module. 'his is also known as O9odule 'estingO. 'he modules are tested separately. 'his testing is carried out during programming stage itself. In these testing steps each 9odule is found to be working satisfactorily as regard to the expected output from the module.

Integration 'esting

Integration testing is a systematic techni(ue for constructing tests to uncover errors associated within the interface. In this pro"ect, all the modules combined, and then entire *rogram is tested as a whole. 'hus in the integration testing step, all the errors uncovered are corrected for the next testing steps.

.alidation 'esting

.alidation testing is where re(uirements established as a part of software re(uirement analysis is validated against the software that has been constructed. 'his test provides the final assurance that the software meets all functional, behavioral and performance re(uirements .'he errors, which are uncovered during integration testing, are corrected during this phase.

+utput 'esting

&fter performing the validation testing, the next step is output testing of the proposed system since no system could be useful if it does not produce the re(uired output in the specific format. 'he output generated or displayed by the system under consideration is tested asking the users about the format re(uired by them. Gere, the output is considered into two waysE one is on the screen and the other is printed format. 'he output format on the screen is found to be correct as the format designed according to the user needs .!or the hard copy also, the output comes out as specified by the user. Gence output testing doesn t result in any connection in the system.

6ser &cceptance 'esting

6ser acceptance of a system is the key factor for the success of any system. 'he system under consideration is tested for user acceptance by constantly keeping in touch with the prospective system users at time of development. 'he testing of the software began along with coding. Since the design was fully ob"ect#oriented, first the interfaces were developed and tested. 'hen unit testing was done for every module in the software for various inputs, such that each line of code is at least once executed &fter all modules were coded the integration test were carried out. Some minor errors were found in the output at the earlier stage and each of them was corrected. In the implementation of user interface part no ma"or errors were found. &fter the software was completely developed, the testing was done. SCREEN SHOTS

'he form below will be displayed after a successful login.

CHAPTER )

Fi* '.1 De#+t p F r,

'he form below is to encrypt the message. $e entered a message in the first text area shown in the form. <ext the keys are generated by clicking the ;enerate >ey button and after that enter the password and click the Encrypt button. 'he encrypted message will be displayed on the second text area

Fi* '.( E!-r%pti ! F r,

'his form is to decrypt the message. 'he encrypted message from the Encryption !orm is entered into the first text area and then the private key is entered and ;enerate button is pressed. &fter that the password is entered and Decrypt button is pressed. If all are correct the original message ie the encrypted message is displayed in the second text area.

Fi* '.. De-r%pti ! F r, 'his form is to generate keys. !irst users key information is generated and click the either the Save button for saving the details or click the Save P 9ail for sending it to another person

Fi* './ 0e% Ge!erati !

'his form is to save users information like user name, email id and public key

File SETSOption ;j Encrypt Decrypt

GenerateKey

ResetKey

I KeyManager I

Q
E!ter U#er Na,e 1 A*!i A*!i34/ 5%a6 .- , E!ter EMai" ID E!ter U#erP2$"i- 0e% P/$75/$75/t8515/1/.4/5.1/S9 &1.5.$7/S9/(/ &/' Save Close List Users

Fi* '.5 0e% Ma!a*er

'his form is to mail a message. !irst , using the !ile option the user has to login to his gmail account. 'hen the receiver s id ,sub"ect,message and other informations are entered. 'hen check the Encrypt check box and click the SE<D 9&I5 button to send the mail.

!ig 2.1 9ailing !orm

CHAPTER 14 MAINTENANCE

Development is a single activity. 9aintenance is a continuous activity. 9aintenance involves activities like inspections, corrections and enhancement. +nce the system is delivered and deployed, it enters the maintenance phase. 'he system need to be maintained not because of some of its components wear out and need to be replaced, but because there are some residual errors remaining in the system that must be removed as they are discovered. 'his includes activities related to debugging the software after it goes live, changes re(uired to address evolving software and enhancement to meet changing customer re(uirements. So maintenance phase involves E

K K K K

6nderstanding the effects of change. 'esting the new parts. %etesting the old parts that were not changed 9aking changes#to both the code and the documents.

'hese changes have to be signed by the user before the change can be carried out. Since re(uirement change re(uest involves cost, user will be cautious while re(uesting the software changes. 'he software will re(uire continued support. 'he system maintenance means the maintenance activities after and during the system development processes. 'his include activities related to debugging the software after it goes live, changes ac(uired to meet change in users re(uirement.

'hree types of maintenance are E

K K K

Corrective maintenance. &daptive maintenance. *erfective maintenance.

9aintenance phase identifies if there are any changes re(uired in the current system. If the changes are identified, then an analysis is made to identify if the changes are really re(uired. Cost benefit analysis is a way to find out if the change is really essential In the last few years , there has been a sudden growth in the usage of email applications all over the world. <ew email applications like ;mail, 7ahoo 9ail etc. have revolutioniDed the way we perceive and interact with an email application. It has forced and challenged other popular email applications to improve its services and thereby seiDe a substantial number of users to use their technology.

CHAPTER 14 MAINTENANCE

In an era where technology has no defined bounds to its growth, the usage of new facilities could have a negative or positive impact to the overall service of the email application. !or exampleE If we visualiDe a person sending a message to another, there could be (uite a few in number trying to hack the content, especially if it s a very important message. & user with wrong intentions can cause a lot of damage. In order to overcome such an issue, security of the data becomes a ma"or concern.

'he various popular e#mail applications currently being used to provide security all have a single encryption level and also loopholes to it has also been found. 'o make the transactions more secure, we implement complex algorithm to encrypt the message and then further embed the encrypted data in an image using steganography. 'his dual layer encryption provides a standard security to the data being sent and also provides the standard e# mail features.

'his system brings forth a completely new idea of message transaction and opens a new opportunity to a better means of data exchange.

+ur pro"ect began with the in#depth analysis of the re(uirements of our pro"ect and then we moved onto the interface analysis and implementation phase. &fter proper analysis and a well defined idea on how to develop this web based application, we then finaliDe on the look and feel of the different modules involved in our pro"ect and the control flow between them, depending upon the user input.

In the second module, completed a simple "ava mail based email application. &long with normal email operations, we incorporated %S& encryption system as a default encryption for the first layer of our dual layer security. 'he simple sending and receiving of mails through simple %S& was our primary target and after completion of this phase, we would further enhance the mailing and encryption capabilities for attachment transactions.

CHAPTER 14 MAINTENANCE

$e plan to introduce steganography as the second layer in the security feature for the dual layer security model. 'he encrypted text is then encoded into the image and is send to the appropriate address location.

$e also have plans to include enhancements which would further enhance this email application as a full fledged complete email application which would include more user defined features.

REFERENCES

). /. 0. 3.

Gerbert Schildt:(44(; ,ava/E 'he Complete %eference,!ifth Edition , 'ata

9c ;raw Gill *ublication . 'im -oudreau F ,esse ;lick F Simeon ;reene F .aughn Spurlin F ,ack ,.

$oehr:(44.; <etbeansE 'he Definitive ;uide , + %eilly *ublication . www.google.com www.rsasecurity.com