A Project Report

On

VERIFICATION FOR MIDDLEMAN ATTACK FOR

DATA SECURITY

Submitted in Partial Fulfillment of the Requirements

For the award of the Degree of

Bachelor of Technology in

Electronics and Computer Engineering (ECM)

By

A VENKATESH 13311A1910

M UDAYABHASKER 13311A1917

D DINESH KUMAR 13311A1944

Under the Guidance / Supervision of

V PADMAVATHI

(Associate Professor)

1
 Department of Electronics & Computer Engineering

Sreenidhi Institute of Science & Technology (Autonomous)

2016-17

DEPARTMENT OF ELECTRONICS & COMPUTER ENGINEERING

SREENIDHI INSTITUTE OF SCIENCE & TECHNOLOGY (AUTONOMOUS)

Yamnampet, Ghatkesar, Hyderabad 501301.

CERTIFICATE

This is to certify that the Project work entitled VERIFICATION FOR MIDDLEMAN
ATTACK FOR DATA SECURITY, submitted by A VENKATESH bearing Roll No.
13311A1910 and UDAYABHASKER bearing Roll No. 13311A1917 and D DINESH KUMAR
bearing Roll No. 13311A1944, towards partial fulfilment for the award of Bachelors Degree in
Electronics & Computer Engineering from Sreenidhi Institute of Science & Technology,
Ghatkesar, Hyderabad, is a record of bonafide work done by him/ her. The results embodied in
the work are not submitted to any other University or Institute for award of any degree or
diploma.

V PADMAVATHI NEMMANI SWAPNA

2
Internal Guide Project Coordinator

Assoc. Professor Assoc. Professor

SHASIDHAR

Head of the Department External Examiner

Designation

ACKNOWLEDGEMENT

We thank almighty for guiding me throughout the major project and also would like to
thank all those who have contributed to the completion of the project and helped us with
valuable suggestions for improvement.

We are extremely grateful to Dr. Shasidhar, Head of the Department for providing us with the
best faculty, facilities and the atmosphere for the creative work guidance and the encouragement.
we would like to thank our coordinator Nemmani Swapna, Assoc. Professor and also our
internal guide V. Padmavathi, Assoc. Professor for all help and support extend to us. We thank
all Staff members of our college and friends for extending their cooperation during the course of
our major project.

Above all we would like to thank our parents without whose blessings; we would not
have been able to accomplish my goal.

3
 CONTENTS
Page No.

CHAPTER 1: INTRODUCTION
1.1 Introduction

1.2 Aim of the Project

CHAPTER 2: LITERATURE SURVEY

2.1 Existing System

2.2 Proposed System

CHAPTER 3: REQUIREMENT ANLAYSIS

3.1 Introduction
3.2 Development Cycle
3.3 Data Base Design
3.4 Use case Diagrams
3.5 Class Diagram
3.6 Sequence Diagram

4
 3.7 Activity Diagram
3.8 State Chart Diagram

CHAPTER 4: SYSTEM DESIGN

4.1 Modules
4.2 Proposed Algorithms

4.3 Testing
4.4 Screen Shots

CHAPTER 5: Results
5.1 Comparison of Results
CHAPTER 6: CONCLUSION & FUTURE SCOPE
REFERENCES

APPENDICES

5
6
 CHAPTER 1
INTRODUCTION

1.1. INTRODUCTION

Data security is an important aspect of data and computer communication and networks. Now a
days, data has no boundaries. Due to networking, data can move from any place to any place at
any time. The data is often corrupted, modified and/or lost. Computer and Network security
research and development mainly focused on five to six general security services that encompass
the various functions required of an information security facility.

The security services provided are:

Confidentiality
Authentication
Integrity
Non-repudiation
Access control
Availability
Uses:

Some of the more simple applications are secure-communication, identification, authentication,

and secret sharing. More complicated applications include systems for electronic commerce,
certification, secure electronic mail, key recovery, and secure computer access.

1.2 AIM:

The aim of this project is to develop an efficient means of protection in the process of
transmission of data so that the security of the data could be ensured and any possible attacks that
may happen in the course of transmission process could be checked by implementing certain
algorithms. This provides both the sender and the receiver of the data to make sure that the
confidentiality of the data is not compromised.

7
 CHAPTER 2

LITERATURE SURVEY

2.1 EXISTING SYSTEM:

It is important for the Internet users to understand that regular email and file transfers offers no
privacy and can actually be read by many people other than who it is sent to. Your Internet
Service Provider (ISP) probably keeps a copy on its computer copies of documents sent from a
networked computer are probably kept behind and all of the internet computers the email goes
through on its way to the recipient can keep a copy. The administrators of all these computers
can read your documents if they choose to and they can send it to anyone they might want to.
Anyone that can intercept your document can alter your file content and anyone can send
document that looks as if you sent it.

2.2 PROPOSED SYSTEM:

With Cryptographic encryption, all of these people can have free access to your email and other
documents and still have no idea as to its content that is real privacy.

With Cryptographic Tamper evidence you can digitally sign your emails and documents
Automatically, and it will calculate a complex mathematical value called a hash based on the
exact content of your email message, and will the encrypt the value to your private key. The
recipient of your email will use their Tamper evidence software to automatically make the same
calculation. If the calculations match that is proof that the message has not been altered. And
since only you have the private key that encrypted the hash value that was now decrypted with
your public key this is proof that only you could have made the digital signature. So when
Tamper evidence says that the signature is authentic, that proves that the message is both
unaltered.

8
2.3SOFTWARE AND HARDWARE REQUIREMENTS

2.3.1 Hardware Requirements:

Processor : Intel or Pentium II-400MHZ or higher

RAM : 64MB and higher
Hard Disk : 20GB

2.3.2 Software Requirements:

Programming Language : Java

Java Version : JDK1.7

:
Operating System Windows

2.4 FEASIBILITY STUDY:

Feasibility study is conducted once the problem is clearly understood. Feasibility study is a high
level capsule version of the entire system analysis and design process. The objective is to
determine quickly and at a minimum expense how to solve a problem. The purpose of
Feasibility study is not to solve the problem but to determine if the problem is worth solving.

The System has been tested for feasibility in the following points:

Technical Feasibility

Operational Feasibility

Economic Feasibility

2.4.1 Technical Feasibility

The purpose of assessing Technical feasibility is to gain an understanding of the organizations

ability to construct the proposed system. This analysis should include an assessment of hardware,

9
software and operation environments to be used as well as system size and complexity. The
requirements for the projects are highly structured and easily obtainable. Most of the user groups
would be familiar with the application area since they are already using the same for other areas.

2.4.2 Operational Feasibility

The purpose of Operational feasibility is to assess the degree to which a proposed system solves
business problems or takes advantage of business and analysis opportunities. Your assessment of
operational feasibility should also include an analysis of how the proposed system will affect
organizational structure and procedures. This business problem of security can be solved by the
proposed system through encryption and decryption.

2.4.3 Economic Feasibility

The purpose for assessing the Economic feasibility is to identify the financial benefits and cost
associated with the development of the project. Economic feasibility is definitely feasible from
economic point of view because the Software and Hardware requirements and the number of
operating personnel required for the operation of this project minimum.

2.4.4 Data Security

Data security is an important aspect of data and computer communication and networks. Now a
day, data has no boundary. Due to networking, data can move from any place to any place at any
time. The data is often corrupted, modified and/or lost. Computer and Network security research
and development mainly focused on five to six general security services that encompass the
various functions required of an information security facility. The security services provided are:

2.4.5 Confidentiality:

It ensures that the information in a computer system and transmitted information are accessible
only for reading by authorized parties.

2.4.6 Authentication:

It ensures that the origin of a message or electronic document is correctly identified, with an
assurance that the identity is not false.

2.4.7 Integrity:

10
It ensures that only authorized parties are able to modify computer system assets and transmitted
information. Modification includes writing, changing status, deleting, etc of transmitted
messages.

2.4.8 Non-repudiation:

This means that neither the sender nor the receiver of a message be able to deny the transmission.

2.4.9 Access control:

This means that the access to information resources may be controlled by or for the target
system.

2.4.10 Availability:

This means that computer system assets to be available to authorized parties when needed. The
objectives of data security are twofold: to prevent eavesdropping to get access of data, and in
case, data is stolen to make it difficult to understand the stolen data. These objectives are met
through different approaches of data security. The physical technique of data security is the
oldest form of security, and is used in telephone lines. Data would be safe, if computing
equipment and lines are all physically protected. In data communication among computers,
however, this technique is hardly used. Instead, logical techniques are employed. These
techniques include coding methods, spread spectrum and encryption or cryptography and digital
signature.

11
 CHAPTER 3

REQUIREMENTS ANALYSIS
3.1 Proposed System Design:

Using the proposed system senders can digitally sign their documents automatically, this system
will calculate a complex mathematical value called a hash based on the exact content of message,
and will then encrypt the value to the senders private key. The recipients of this will use this
software to automatically make the same calculation.

On Sender side the following operations will be performed on the content of the message before
sending:

Create a Hash value/Digital Signature

Encrypt the message

Merge the encrypted message and the Hash value/Digital Signature Send the message

On the Receiver side the following operations will be performed on the received message or
Document.

Demerge

Decrypt

Generate Hash/digital Signature of the decrypted message

12
 Compare the received and generated Hash/digital Signature
If the calculations match that is proof that the message has not been altered. And since only you
have the private key that encrypted the hash value that was now decrypted with your public key
this is proof that only you could have made the digital signature. So when this software gives
that the signature is good, that proves that the message is both unaltered and the sender is also
authenticated.

3.2 RSA algorithm

Description of the Algorithm

The RSA algorithm is as follows:

Take two large prime numbers, P and Q.

Compute their product, N = P*Q.

Compute the function if N as F(N) = (P-1)(Q-1).

Choose a number, E less than N and relatively prime to F(N) . This means that E and F(N) have
no common factors other than 1.

Find another number D such that D*E mod F(N) = 1.

The values E and D are called the public and private exponents respectively.

The public key is the pair (N, E) and the private key is (N, D).

ENCRYPTION:

Suppose Alice wants to send a message M to Bob. Alice creates the cipher

text C by exponentiation

13
 C = ME mod N,

Where E and N are Bobs public key. Alice sends C to Bob.

DECRYPTION:

To decrypt the cipher text C, Bob also exponentiates:

M = CD mod N

The relationship between E and D ensures that Bob correctly recovers M.

Since only Bob knows D, only Bob can decrypt the message.

Security of RSA:

Decryption by someone who doesnt know E would involve finding the Dth root of the
encrypted message (mod N) which is accepted as a computationally intractable problem even
with fairly small numbers it would take powerful computers hundreds of years to do this.

It is also important to determine E given the public key. To find E, you Need to know D and M.
As N = P*Q and F(N) = (P-1)(Q-1), to find M you would have to break N up into its prime
factors. Again, this is a computationally intractable problem.

Provided large prime numbers are used for P and Q. They should be on the order of 10 75 to
10100 .Then if W would take powerful computers hundreds of years to determine the secret key
from the public key.

3.3 Generation of Hash codes

One-way hash functions:

A one-way hash function converts an arbitrary-length message into a fixed length hash. This is
another one of cryptographys tricks like an encryption algorithm; a one-way hash function
converts a plaintext message into gibberish. However, unlike an encryption algorithm, there is no
way to go backwards with a one-way hash function .with the correct key, one can always decrypt
cipher text encrypted with an encryption algorithm it is impossible to reverse a one way hash
function to get the original input from the output value.

14
This is an important difference: An encryption algorithm does not destroy any information. For
any given cipher text (and a key), there is only one correct plaintext that could have produced
that cipher text. A one-way hash function destroys information. For any given output of a one-
way hash function, several messages could have produced that output.

The difference between encryption algorithms and one-way hash functions, several messages
could have produced that output. Another difference between encryption algorithms and one-way
hash functions is that one-way hash functions do not have a key. No secrecy is involved in the
one-way hash function; the security is in the lack of ability to go the other way. This property
makes it a useful way to identity a message.

Think of a one-way hash function as a fingerprint. Just as a fingerprint uniquely identifies an

individual, a one-way hash function uniquely in identifies an arbitrary-length message. At least,
that the idea. Technically its a lie.

One-way hash values are usually small: 16or 20 bytes. Messages can be large, very large. Its a
simple to show that an infinite number of difference messages will hash to the same one-way
hash value. But remember, the chances of any two messages hashing to the same value are
minute enough to be negligible. Showing that there is an arbitrarily large number in one thing,
but finding two messages that hash to the same value is another, this is where really clever
mathematicians come on. One-way hash functions are designed so that it is infeasible to create a
message that hashes to a particular value, or to create two different messages that hash to the
same value.

3.4 Hash Function:

A hash value is generated by a function H of the form

H =H(M)

Where M is a variable length message and H(M) is the fixed length hash value. The hash value is
appended to the message at the source at a time when the message is assumed or known to be
correct. The receiver authenticates the message by recomputing the hash value. Because the hash
functions are typically quite complex, it is useful to examine next some very simple hash

15
functions to get a feel for the issues involved. We then look at several approaches to hash
function design.

Requirements for a Hash Function

The purpose of a hash function is to produce a fingerprint of a file, message, or other block of
data. To be useful for message authentication, a hash function H must have the following
properties.

H can be applied to a block of data of any size.

H produces a fixed length output.

H (X) is relatively easy to compute for any given x, making both hardware and software
implementation practical.

For any given code h, it is computationally infeasible to find x such that H(X)=h . This is
sometimes referred to in the literature as the one way property for any given block x, it is
computationally infeasible to find y!=x with H(y)= H(x).this is sometimes referred as weak
collision resistance.

It is computationally infeasible to find any pare (x, y) such that H(x)= H(y). This is sometimes
referred as strong collision resistance.

Simple Hash Functions:

All hash functions operate using the following general principles. The input (messages, files,
etc.) is viewed as a sequence of n-bit blocks. The input is processed one block at a time in an
iterative fashion to produce an n-bit hash function.

SHA-1 Logic:

The algorithm takes as input a message with a maximum length of less than 2(64) bits and
produces as output a 160-bit message digest. The input is processed in 512-bit blocks.

The overall processing of a message follows the structure.

16
Step1: Append padding bits. The message is padded so that its length is congruent to 488 modulo
512(length=488 mod 512).padding is always added even if the message is already of the desired
length. Thus, the number of padding bits is in the range of 1 to 512. The padding consists of a
single 1-bit followed by the necessary number of 0-bits.

Step2: Append length. A block of 64 bits is appended to the message. This block is treated as an
unsigned 64-bit integer (most significant byte first) and contains the length of the original
message (before the padding).

Step3: Initialize MD buffer. A 160-bit buffer is used to hold intermediate and final results of the
hash function. The buffer can be represented as five 32-bit register(A,B,C,D,E).these register are
initialized to the following 32-bit integers(hexadecimal values):

A = 67452301 B = EFCDAB89 C = 98BADCFE

D = 10325476 E = C3D2E1F0

Note that the first four values are the same as those used in MD5. However in the case of SHA-1,
these values are stored in big Endian format, which is the most significant byte of a word in the
low-address byte position as 32-bit strings, the Initialization values (in hexadecimal) appear as
follows.

Word A: 67 45 23 01 Word B: EF CD AB 89

Word C: 10 32 54 76 Word D: C3 D2 E1 F0

Step 4: process message in 512-bit (16-word) blocks. The heart of the algorithm is a module
that consists of four rounds of processing of 20 steps each.

The four rounds have a similar structure, but each uses a different primitive logical function,
which we refer to as f1, f2, f3, and f4.

Each round takes as input the current 512-bit block being processed (Yq) and the 160-bit buffer
value ABCDE and updates the contents of the buffer. Each round also makes use of an additive
constant Kt, where 0 < t < 79 indicates one of the 80 steps across four rounds. In fact, only for
distinct constants are used.

17
The output of the fourth round (eightieth step) is added to the input to the first round (CVq) to
produce CVq+1. The addition is done independently for each of the five words in the buffer with
each of the corresponding words in CVq using addition modulo 2(32).

Step 5: Output: After all L 512-bit blocks have been processed, the output from the Lth stage is
the 160-bit message digest. We can summarize the behaviour of SHA-1 as follow

CVo = IV

CVq+1 = SUM32 (CVq, ABCDEq)

MD = CVLWhere

IV = initial value of the ABCDE buffer, defined in step3

ABCDEq = the output of the last round of processing of the qth message blocks

L = the number of blocks in the message (including padding and length Fields)

SUM32 = Addition modulo2 (32) performed separately on each word of the pair

MD = final message digest value

SHA-1 Compression Function

18
 Fig 3.4.1 SHA-1 Processing of a Single

CVq+1

Let us look in more detail at the logic in each of the 80 rounds of the processing of one 512-bit
block. Each rounds of round is of the form (fig given below)

A, B, C, D, E (E + f (t, B, C, D) + S5 (A) + Wt + Kt), A, S30 (B), C, D

A, B, C, D, E = the five words of the buffer

T = step number; 0<= t <=79

19
 F(t,B,C,D) = Primitive logical function for step1

Sk = Circular left shift (rotation) of the 32-bit argument by k-bits

Wt = a 32-bit word derived from the current 512-bit input block

Kt = an additive constant; four distinct values are used, a defined

previously.

+ = addition modulo 232

Each primitive function takes three 32-bit words as input and produces a 32-bit word output.
Each function performs a set of bit wise logical operations; that is, the nth bit of the output is
a function of the nth bit of the three inputs. The functions can be summarized as follows:

The logical operators (AND, OR, NOT, XOR) are represented by the symbols (, , ,
). As can be seen, only three different functions are used. For 0<= t <=19, the function is
the conditional function: if B then C else D. For 20 <= t <=39 and 60 <= t<= 79, the function
produces a parity bit. For 40 <= t <= 59, the function is true if two or three of the arguments
are true, it remains to indicate how the 32-bit word values W t are derived from the 512-bit
message. The first 16 values of Wt are taken directly from the 16 words of the current block.
The remaining values are defined as follows:

Wt = S1(Wt-16 Wt-14 Wt-8 Wt-3)Thus, in the first 16 steps of processing, the value of Wt is
equal to the corresponding word in the message block. For the remaining 64 steps, the value of
W consists of the circular left shift by one bit of the XOR of four of the preceding values of Wt.
This is a notable difference from MD5 and RIPEMD-160, both of which use one of the 16 words
of a message block directly as input to each p function; only the order of the words is permuted
from round to round. SHA-1 expands the 16 block words to 80 words for use in the compression
function. This introduces a great deal of redundancy and interdependence to the message blocks
that are compressed, which complicates the tasks of finding the different message blocks that
maps to the same compression function output.

20
 A B C D

ft

Kt

A B C D

Figure 3.4.2 Elementary SHA Operation (single step)

3.5 Java Technology:

Java technology is both a programming language and a platform.

The Java Programming Language

21
The Java programming language is a high-level language that can be characterized by all of the
following buzzwords:

Simple

Architecture neutral

Object oriented

Portable

Distributed

High performance

Interpreted

Multithreaded

Robust

Dynamic

Secure

The Java Platform

The Java Virtual Machine (Java VM)

The Java Application Programming Interface (Java API) youve already been introduced to the

Java VM. Its the base for the Java platform and is ported onto various hardware-based
platforms. The Java API is a large collection of ready-made software components that provide
many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as packages.
The next section, What Can Java Technology Do? Highlights what functionality some of the
packages in the Java API provide.

22
The following figure depicts a program thats running on the Java platform. As the figure shows,
the Java API and the virtual machine insulate the program from the hardware.

Figure 3.5 Java Platform

Native code is code that after you compile it, the compiled code runs on a specific hardware
platform. As a platform-independent environment, the Java platform can be a bit slower than
native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring performance close to that of native code without threatening portability.

Java and its Advantages

Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other peoples tested code and introduce fewer bugs.

Develop programs more quickly: Your development time may be as much as twice
as fast versus writing the same program in C++. Why? You write fewer lines of code
and it is a simpler programming language than C++.

Avoid platform dependencies with 100% Pure Java: You can keep your program
portable by avoiding the use of libraries written in other languages. The 100% Pure
JavaTM Product Certification Program has a repository of historical process manuals,
white papers, brochures, and similar materials online.

23
 Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.

Get started quickly: Although the Java programming language is a powerful object
oriented language, its easy to learn, especially for programmers already familiar with
C or C++.

Write less code: Comparisons of program metrics (class counts, method counts, and
so on) suggest that a program written in the Java programming language can be four
times smaller than the same program in C++.

24
 CHAPTER 4

SYSTEM DESIGN

4.1 Data Flow Diagrams

Data flow diagram is used to describe analysis, the movement of data through system stores
of data and delays in the system. Data flow diagrams are the central tool basing on which
components are developed. The transformation of data from input to output, through process
may be described logically and independently of physical components associated with the
system. They are called logical data flow diagrams. In contrast physical data flow diagrams
show the actual implementation and movement of data between people, department and
workstation.

The data flow diagrams show functional composition of the system. The first level of
conceptual level in context diagrams is followed by the description of the input and the
output for each of the entities, the next level of DFD is level 0, which shows the main
function in the system. Level 0 is followed by the description of the main function. The main
function is further broken into functions and sub functions.

Processes:

Processes show what the system does. Each process has one or more data inputs and
produces one or more data outputs. Circle in a DFD represents processes. Each process has
unique name and number. This name and number appear inside the circle, the circle that
represents the process in a DFD.

Process

25
 Fig 4.1.1

Data stores:

Processes can enter data or retrieve the data from data store. Each data store is represented by
thin line in the DFD and each data store has a unique name.

Fig 4.1.2

External entities:

External entities are outside the system but they either supply input data into the system use
the system output. They are entities over which the designer has no control. They may be
organizations, customers or other bodies with which the system interacts. Square or rectangle
may represent external entities. External entities that supply data into a system are sometimes
calls sources. External entities that use the system data are sometimes called sinks.

Data flow:

Named arrows are used to represent data flow.

Data Flow Diagrams Level-0:

26
 Fig 4.1.3

At Sender: Level-1

Fig 4.1.4

At Receiver:

27
 Fig 4.1.5

Data flow diagram for RSA:

28
Fig 4.1.6

29
 CHAPTER 5

CONCLUSION

The challenge of cryptography is developing a system in which it is impossible to determine the

key. This is accomplished the use of a one-way function. With a one-way function, it is
relatively easy to compute a result given some input values.

To encrypt data, enter the data plain text and an encryption to the encryption portion of the
algorithm. To decrypt the cipher text a proper decryption key is used at the decryption
portion of the algorithm.

The project work done herewith has given a lot of insight into the working of the Networking
programming environment. The program written for encryption and decryption using idea
Algorithm is tested on several textual files and results are observed. The program could
achieve a better secure transferring of files between the server and various clients.

Our system provides a cryptographic mechanism to detect adversarys presence within the
system even after the adversary learns all the secrets. Thus, while it still might not be
possible to distinguish the forger generated text from the legitimate ones, our new
mechanisms can at least make the tampering evident.

30
 CHAPTER 6
FUTURE
ENHANCEMENT

The program written could be extended to higher order to achieve a better secure transferring of
files between server and the various clients. As of now, At this point of time, the implementation
of this project is seen in its general perspective. But, it is possible in the future to integrate the
idea with the real time applications and browsers through which the scope of the project could
be understood even better.

31