Final Documentation

Identity Based Cryptography for client side security in
Web Application
Abstract
Secure communication is an intrinsic requirement of today’s world of on-line

transactions. Whether exchanging financial, business or personal information, people
want to know with whom they are communicating (authentication) and they wish to
ensure that the information is neither modified (data integrity) nor disclosed
(confidentiality) in transit. The growing popularity of web applications in the last few
years has led users to give the management of their data to online application providers,
which will endanger the security and privacy of the users. In this project, we present
WebIBC, which integrates public key cryptography into web applications without any
browser plug-ins. Security is best achieved by encrypting the message in browser it self.
The implementation and performance evaluation demonstrate that WebIBC is secure and
efficient both in theory and practice
1|WebIBC
INTRODUCTION
OBJECTIVE:
To integrate identity based cryptography with web applications(here web-email
system) without using any browser plug-in which is used to access local or cryptographic
files such as smart card and USB token.
• Here In our project we will do all cryptographic operations at the browser itself.
• All cryptographic operations are all based on the WebIBC for achieving the best
client side security.
 Public key (public parameters) and private key pair are obtained by using
Combined Public Key (CPK) technique, which uses elliptic curve cryptography
algorithm.
2|WebIBC
 Encryption and decryption are done in the client side browser.
1.1SCOPE:
Web Application (here web-mail) enhanced with web Identity Based
Cryptography have the following features:
 When sending email using IBC there is no need for an online lookup to obtain the
recipient's certificate.
 Certificate Authority and certificates are not necessary.
 Browser side plug-ins are not necessary so the web application becomes light
weight and it can be run on slower systems also.
1. SYSTEM ANALYSIS
2.1 EXISTING SYSTEM:
• All cryptographic operations are all done at the server side .

• In existing system, security is achieved through certificate management and
certificate authority by using traditional Public Key Cryptography.
• The public key authentication will increase the communication cost and
storage capacity.
• Cryptographic operations all are done at MSA(Message Submission Agent),
which is a server in the web of network.
2.2 DISADVANTAGES:
3|WebIBC
• Application providers can open the contents in the Mail without the
permission of users.
• Key generation is difficult.
• Intruder can crack the key Security is achieved through certificate
management and certificate authority by using traditional Public Key
Cryptography
2.3 PROPOSED SYSTEM:
 Enhancing web application with web Identity Based Cryptography and Private
Key Generator( Trusted Authority)
 Every user needs to authenticate him to authority by providing some

credentials he has owned the identity, and the authority will extract the private
key from the master secret according to user’s identity.
 The public and private key pair is generated using one of the Identity Based
Cryptographic(IBC) Techniques
 It should be noticed that all the cryptography operations are all done within
the browser, and the server can only receive the cipher text. The security and
privacy of end users can be protected from attacks both on network and server
side. From another point of view, server is also free from the burden of
cryptography operations which means WebIBC is a good model for
distributed computation based on web browsers.
2.4 ADVANTAGES:
• As message is encrypting in the browser itself, the security is high and

application providers can’t understand the message.
• The security is high due to Elliptic Curve Cryptography (ECC).
• Private Key is very secret to the user (Trusted Authority).
4|WebIBC
3. SYSTEM DESIGN
3.1 HARDWARE REQUIREMENTS:
PROCESSOR : PENTIUM IV 2.6 GHz

RAM : 512 MB DD RAM
MONITOR : 15” COLOR
HARD DISK : 20 GB
CD DRIVE : LG 52X
3.2 SOFTWARE REQUIREMENTS:
FRONT END : J2ee (JSP)

OPERATING SYSTEM : Window’s Xp
5|WebIBC
BACK END : MS Access 2003
APPLICATION SERVER: BEA Web logic server.
3.3 UML DIAGRAMS:
3.3.1 USE CASE DIAGRAM:
Log into an email server
User 1 User 2
Send encrypted message
Decrypt message
Register with unique credentials

Issue private key
Private Key generator
3.3.2 SEQUENCE DIAGRAMS:
6|WebIBC
USER 1 USER 2 PRIVATE KEY
MAIL SERVER
GENERATOR
Generate private keys
Send the Encrypted message with user2’s reference index
Deliver the message to user2
Contact key server for key
Send private key
Decrypt the message with private key
3.3.3 ACTIVITY DIAGRAMS:
7|WebIBC
Creating the new User account for Authentication and for sending the mail :
NO
new user?
YES
open login page and

enter details in
user account details
registration form
compose mail
submit registration form and
create a new account
Sending an Encrypted Message:
Get recipient Email ID
Encrypt the message using ECIES with public key
Send Email
OBTAINING THE PRIVATE KEY:
8|WebIBC
Get user id and other credentials for
authentication
Construct Master key matrix
Extract private key from

Master key matrix
Issue it through any secured

channel
3.3.4 DATA FLOW DIAGRAM:
LEVEL 0:
PUBLIC KEY
(ARBITRARY
TEXT MSG STRING)
TO BE
ENCRYPTE
D
WEB
APPLICATION SECURELY
WITH IDENTITY TRANSFERRE
BASED D ENCRYPTED
CRYPTOGRAPHY EMAIL
LEVEL 1 :
9|WebIBC
Username, password,
USER registration details, txt
msg
EMAIL
DATABASE
EMAIL
Encrypted mail
SERVE
R
Unique
credentials, Secret key
password
PRIVATE Approval msg
KEY
GENERATO
R
Generated
master key
USER
CREDENTIA
L
DATABASE
3.4 FEASIBILITY STUDY:
3.4.1 JAVA
Java was designed to meet all the real world requirements with its key features, which
are explained in the following paragraph.
SIMPLE AND POWERFUL
Java was designed to be easy for the professional programmer to learn and use
efficiently. Java makes itself simple by not having surprising features. Since it exposes
the inner working of a machine, the programmer can perform his desired actions
without fear. Unlike other programming systems that provide dozens of complicated
10 | W e b I B C
ways to perform a simple task, Java provides a small number of clear ways to achieve
a given task.
SECURE
Today everyone is worried about safety and security. People feel that conducting
commerce over the Internet is a safe as printing the credit card number on the first
page of a Newspaper. Threatening of viruses and system hackers also exists. To
overcome all these fears java has safety and security as its key design principle.
Using Java Compatible Browser, anyone can safely download java applets
without the fear of viral infection or malicious intent. Java achieves this protection by
confining a java program to the java execution environment and by making it
inaccessible to other parts of the computer. We can download applets with confidence
that no harm will be done and no security will be breached.
PORTABLE
In java, the same mechanism that gives security also helps in portability. Many types
of computers and operating systems are in use throughout the world and are connected
to the internet. For downloading programs through different platforms connected to
the internet, some portable, executable code is needed. Java’s answer to these
problems is its well designed architecture.
OBJECT-ORIENTED
Java was designed to be source-code compatible with any other language. Java
team gave a clean, usable, realistic approach to objects. The object model in java is
simple and easy to extend, while simple types, such as integers, are kept as high-
performance non -objects.
DYNAMIC
11 | W e b I B C
Java programs carry with them extensive amounts of run-time information that is used
to verify and resolve accesses to objects at run-time. Using this concept it is possible
to dynamically link code. Dynamic property of java adds strength to the applet
environment, in which small fragments of byte code may be dynamically updated on a
running system.
NEWLY ADDED FEATURES IN JAVA 2
• SWING is a set of user interface components that is entirely implemented in java

the user can use a look and feel that is either specific to a particular operating
system or uniform across operating systems.
• Collections are a group of objects. Java provides several types of collection, such
as linked lists, dynamic arrays, and hash tables, for our use. Collections offer a
new way to solve several common programming problems.
• Various tools such as javac, java and javadoc have been enhanced. Debugger and
profiler interfaces for the JVM are available.
• Performance improvements have been made in several areas. A JUST-IN-TIME

(JIT) compiler is included in the JDK.
• Digital certificates provide a mechanism to establish the identity of a user, which

can be referred as electronic passports.
• Various security tools are available that enable the user to create the user to create
and store cryptographic keys ad digital certificates, sign Java Archive(JAR) files,
and check the signature of a JAR file.
SWING
Swing components facilitate efficient graphical user interface (GUI)
development. These components are a collection of lightweight visual components.
Swing components contain a replacement for the heavyweight AWT components as
well as complex user interface components such as Trees and Tables.
Swing components contain a pluggable look and feel (PL & F). This
allows all applications to run with the native look and feel on different platforms. PL
& F allows applications to have the same behavior on various platforms. JFC contains
operating system neutral look and feel. Swing components do not contain peers.
12 | W e b I B C
Swing components allow mixing AWT heavyweight and Swing lightweight
components in an application.
The major difference between lightweight and heavyweight components is

that lightweight components can have transparent pixels while heavyweight
components are always opaque. Lightweight components can be non-rectangular
while heavyweight components are always rectangular.
Swing components are Java Bean compliant. This allows components to

be used easily in a Bean aware application building program. The root of the majority
of the Swing hierarchy is the JComponent class. This class is an extension of the
AWT Container class.
Swing components comprise of a large percentage of the JFC release. The
Swing component toolkit consists of over 250 pure Java classes and 75 Interfaces
contained in about 10 Packages. They are used to build lightweight user interfaces.
Swing consists of User Interface (UI) classes and non- User Interface classes. The
non-User Interface classes provide services and other operations for the UI classes.
Swing offers a number of advantages, which include
• Wide variety of Components

• Pluggable Look and Feel
• MVC Architecture
• Keystroke Handling
• Action Objects
• Nested Containers
• Virtual Desktops
• Compound Borders
• Customized Dialogues
• Standard Dialog Classes
• Structured Table and Tree Components
• Powerful Text Manipulation
• Generic Undo Capabilities
• Accessibility Support
3.4.2 TESTING
The purpose of testing is to discover errors. Testing is the process of trying to

discover every conceivable fault or weakness in a work product. It provides a way to
13 | W e b I B C
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.
3.4.2.1 TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program input produces valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific
business process, application, and/or system configuration. Unit tests ensure that each
unique path of a business process performs accurately to the documented specifications
and contains clearly defined inputs and expected results.
Integration testing
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned with
the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically
aimed at exposing the problems that arise from the combination of components.
Functional test
Functional tests provide a systematic demonstration that functions tested are

available as specified by the business and technical requirements, system documentation,
and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
14 | W e b I B C
Output : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes must
be considered for testing. Before functional testing is complete, additional tests are
identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets requirements.
It tests a configuration to ensure known and predictable results. An example of system
testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration
points.
White Box Testing

White Box Testing is a testing in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is
purpose. It is used to test areas that cannot be reached from a black box level.
Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in
which the software under test is treated, as a black box .you cannot “see” into it. The test
provides inputs and responds to outputs without considering how the software works.
Unit Testing:
Unit testing is usually conducted as part of a combined code and unit test phase of
the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
Test strategy and approach

Field testing will be performed manually and functional tests will be written in
detail.
Test objectives
• All field entries must work properly.
15 | W e b I B C
• Pages must be activated from the identified link.
• The entry screen, messages and responses must not be delayed.
Features to be tested
• Verify that the entries are of the correct format
• No duplicate entries should be allowed
• All links should take the user to the correct page.
Integration Testing
Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error.
Integration testing for Database Synchronization:
 Testing the links that call the Change Username & password, Migration and
Synchronization screens etc.
 The username should be retained throughout the application in the form of hidden
variables or by using cookies.
 If the login user does not have enough privileges to invoke a screen, the link
should be disabled.
 Any modification in the Master server should be reflected in the Slave server.
 The XML file should retrieve only the records, which have been modified.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
16 | W e b I B C
Acceptance testing for Data Synchronization:
 Users have separate roles to modify the database tables.

 The timestamp for all insertions and updating should be maintained.
 Users should have the ability to modify the privilege for a screen.
 Once the Synchronization starts, the Master server or Slave Server should not be
stopped without notifying the other.
 The XML file should be generated in short time, i.e., before the next modification
occurs.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Literature Review:
Testing Strategy:
A test strategy is a high-level description of the test levels and the testing within those levels
for an organization or program (one or more projects).
In the test strategy is described how the product risks of the stakeholders are mitigated in the
test levels, which test types are performed in the test levels, and which entry and exit criteria
apply.
The test strategy forms the basis for one or more (project) test plans.
Testing is an essential activity in a software process. Planning for software testing involves
establishing an overall testing strategy for a project.
The testing strategy includes organizing testing at three levels—unit, integration, and high-
order. It also involves procuring tools to automate testing and identifying the people who will
perform testing. In addition, planning is required for debugging—the process of diagnosing
and fixing the problems detected during testing.
3.4.2.2 TEST PLAN:
A test plan is a systematic approach to testing a system such as a machine or software. The
plan typically contains a detailed understanding of what the eventual workflow will be.
17 | W e b I B C
A test plan documents the strategy that will be used to verify and ensure that a hardware
product or system meets its design specifications and other requirements. A test plan is usually
prepared by or with significant input from Test Engineers.
Depending on the product and the responsibility of the organization to which the test plan
applies, a test plan may include one or more of the following:
• Design Verification or Compliance test - to be performed during the development or

approval stages of the product, typically on a small sample of units.
• Manufacturing or Production test - to be performed during preparation or assembly
of the product in an ongoing manner for purposes of performance verification and quality
control.
• Acceptance or Commissioning test - to be performed at the time of delivery or
installation of the product.
• Service and Repair test - to be performed as required over the service life of the
product.
A complex system may have a high level test plan to address the overall requirements and
supporting test plans to address the design details of subsystems and components.
Test plan document formats can be as varied as the products and organizations to which they
apply, but there are three major elements of a test strategy that should be described in the test
plan: Test Coverage, Test Methods, and Test Responsibilities.
Test coverage in the test plan states what requirements will be verified during what stages of
the product life. Test Coverage is derived from design specifications and other requirements,
such as safety standards or regulatory codes, where each requirement or specification of the
design ideally will have one or more corresponding means of verification. Test coverage for
different product life stages may overlap, but will not necessarily be exactly the same for all
stages. For example, some requirements may be verified during Design Verification test, but
not repeated during Acceptance test. Test coverage also feeds back into the design process,
since the product may have to be designed to allow test access
Test methods in the test plan state how test coverage will be implemented. Test methods may
be determined by standards, regulatory agencies, or contractual agreement, or may have to be
created new. Test methods also specify test equipment to be used in the performance of the
tests and establish pass/fail criteria. Test methods used to verify hardware design requirements
can range from very simple steps, such as visual inspection, to elaborate test procedures that
are documented separately as Test Cases under various Test Scenarios.
18 | W e b I B C
Test responsibilities include what organizations will perform the test methods and at each stage
of the product life. This allows test organizations to plan, acquire or develop test equipment
and other resources necessary to implement the test methods for which they are responsible.
Test responsibilities also includes, what data will be collected, and how that data will be stored
and reported (often referred to as "deliverables"). One outcome of a successful test plan should
be a record or report of the verification of all design specifications and requirements as agreed
upon by all parties.
Test coverage of code:
Code coverage is a measure used in software testing. It describes the degree to which the
source code of a program has been tested. It is a form of testing that inspects the code directly
and is therefore a form of white box testing. Currently, the use of code coverage is extended to
the field of digital hardware, the contemporary design methodology of which relies on
Hardware description languages (HDLs).
Code coverage techniques were amongst the first techniques invented for systematic
software testing. The first published reference was by Miller and Maloney in
Communications of the ACM in 1963.
To measure how well the program is exercised by a test suite, one or more coverage
criteria are used. There are a number of coverage criteria, the main ones being:
• Function coverage - Has each function in the program been executed?

• Statement coverage - Has each line of the source code been executed?
• Decision coverage (also known as Branch coverage) - Has each control structure
(such as an if statement) evaluated both to true and false?
• Condition coverage - Has each Boolean sub-expression evaluated both to true
and false (this does not necessarily imply decision coverage)?
• Path coverage - Has every possible route through a given part of the code been
executed?
• Entry/exit coverage - Has every possible call and return of the function been
executed?
Safety-critical applications are often required to demonstrate that testing achieves 100%
of some form of code coverage.
Some of the coverage criteria above are connected. For instance, path coverage implies
decision, statement and entry/exit coverage. Decision coverage implies statement
coverage, because every statement is part of a branch.
19 | W e b I B C
Full path coverage, of the type described above, is usually impractical or impossible. Any
module with a succession of n decisions in it can have up to 2n paths within it; loop
constructs can result in an infinite number of paths. Many paths may also be infeasible, in
that there is no input to the program under test that can cause that particular path to be
executed. However, a general-purpose algorithm for identifying infeasible paths has been
proven to be impossible [citation needed] (such an algorithm could be used to solve the halting
problem). Techniques for practical path coverage testing instead attempt to identify
classes of code paths that differ only in the number of loop executions, and to achieve
"basis path" coverage the tester must cover all the path classes.
The target software is built with special options or libraries and/or run under a special
environment such that every function that is exercised (executed) in the program(s) is
mapped back to the function points in the source code. This process allows developers
and quality assurance personnel to look for parts of a system that are rarely or never
accessed under normal conditions (error handling and the like) and helps reassure test
engineers that the most important conditions (function points) have been tested. The
resulting output is then analyzed to see what areas of code have not been exercised and
the tests are updated to include these areas as necessary. Combined with other code
coverage methods, the aim is to develop a rigorous, yet manageable, set of regression
tests.
Test engineers can look at code coverage test results to help them devise test cases and
input or configuration sets that will increase the code coverage over vital functions. Two
common forms of code coverage used by testers are statement (or line) coverage and path
(or edge) coverage. Line coverage reports on the execution footprint of testing in terms of
which lines of code were executed to complete the test. Edge coverage reports which
branches or code decision points were executed to complete the test. They both report a
coverage metric, measured as a percentage. The meaning of this depends on what form(s)
of code coverage have been used, as 67% path coverage is more comprehensive than
67% statement coverage.
Generally, code coverage tools and libraries exact a performance and/or memory or other
resource cost which is unacceptable to normal operations of the software. Thus, they are
only used in the lab. As one might expect, there are classes of software that cannot be
feasibly subjected to these coverage tests, though a degree of coverage mapping can be
approximated through analysis rather than direct testing.
There are also some sorts of defects which are affected by such tools. In particular, some
race conditions or similar real time sensitive operations can be masked when run under
code coverage environments; and conversely, some of these defects may become easier
to find as a result of the additional overhead of the testing code.
20 | W e b I B C
Code coverage may be regarded as a more up-to-date incarnation of debugging in that the
automated tools used to achieve statement and path coverage are often referred to as
“debugging utilities”. These tools allow the program code under test to be observed on
screen whilst the program is executing; additionally, commands and keyboard function
keys are available to allow the code to be “stepped” through literally line by line.
Alternatively, it is possible to define pinpointed lines of code as “breakpoints” which will
allow a large section of the code to be executed, then stopping at that point and
displaying that part of the program on screen. Judging where to put breakpoints is based
on a reasonable understanding of the program indicating that a particular defect is
thought to exist around that point. The data values held in program variables can also be
examined and, in some instances, altered (with care) to try out “what if” scenarios.
Clearly, use of a debugging tool is more the domain of the software engineer at a unit test
level and it is more likely that the software tester will ask the software engineer to
perform this[citation needed]. However, it is useful for the tester to understand the concept of a
debugging tool.
Test management:
Test management is the activity of managing some tests. A test management tool is a
Software used by Quality Assurance team to manage the tests (automatic or not) that
have been previously specified. It is often associated with automation software. Test
Management Tools often include Requirements and/or Specifications management
modules that allow to automatically generate the RTM (Requirement Test Matrix) which
is one of the main metric to know the functional coverage of the SUT (System Under
Test). This consists in checking how many requirements and/or specifications are covered
by the available tests (do not mix with code coverage which is a totally different
concept).
Test definition includes: test plan, association with product Requirements and
Specifications. Eventually, some relationship can be set between tests so that precedence
can be established. i.e. if test A is parent of test B and if test A is failing, then it may be
useless to perform test B. Tests should also be associated with priorities. Every change on
a test must be versioned so that the QA team has a comprehensive view of the history of
the test.
Testing Tools :
1. Testing is a process of executing a program with the intent of finding an error.

2. A good test case is one that has a high probability of finding an as yet
undiscovered error.
3. A successful test is one that uncovers an as yet undiscovered error.
21 | W e b I B C
Testing should systematically uncover different classes of errors in a minimum
amount of time and with a minimum amount of effort. A secondary benefit of
testing is that it demonstrates that the software appears to be working as stated in
the specifications. The data collected through testing can also provide an
indication of the software's reliability and quality. But, testing cannot show the
absence of defect -- it can only show that software defects are present.
Database testing
• Use Integration testing

• MbUnit,NUnit,XUnit Rollback attributes
• Transaction Scope
Web Testing
• Ivonna and Type mock

• Team System Web Test
• NUnitASP Watin
• Watir
• Selenium
UI Testing
• N Uniforms
• Project White
• Team System UI Tests
• Type mock Isolator
• · Threading Related Testing

• Microsoft Chess
• Typemock Racer
• Osherove.ThreadTester
·General Testing
• Pex
Acceptance Testing
22 | W e b I B C
• Fit & Fitness
• Watin and Watir and selenium
4. IMPLEMENTATION
4.1 MODULE DESCRIPTION:
IBC Modules:
 Authentication module
 Encryption Module
 KEY Server
 Decryption Module
Key Generation and authenticating:
This module will perform the authentication process. Every user must register to
the E-Mail server as well as Key-Server. The E-Mail server will issue the Login Details
and the key-Server will generate the public and private key for each and every user. Thus
it allows only authorized users to access our E-Mail server.
Algorithm Explanation:
Here in this module, we are using the Elliptic curve cryptography combined
public key (ECCCPK) algorithm, which has been proved that effective in terms of both
theoretically as well as practically . This scheme was proposed by Shamir, This
algorithm provides equal security with lesser key sizes comparatively RSA and other
schemes.
Procedure:
We need to agree for some common security issues before developing the algorithm.
Those are elliptic curve equation and the coefficients of the curve equation , as well as
the constant of the curve .
 Here we are assuming that the curve equation as y2=x3+ax+b(mod p)[from base
paper].
 As mentioned above we are assuming that a and b as 1, and p as 23. here we made
a,b as 1 just for the sake of reducing the complexity and p as 23 because there is
no need of making much value as it is enough having 16 points on the curve.
23 | W e b I B C
 Now we continuously change x and y values for finding the points which will
satisfy the curve equation.
 These all points becomes the 4x4 Master key matrix.
 Now we will change the Mail ID of the subscriber into index form by making use
of any predefined factions providing by the standard languages.
 Now pair belongs to that index become the private key (x element in pair)
 Now we will store these keys securely in key server , which don’t have any
permission to unauthorized users.
Sending an Encrypted E-mail:
This module is useful in achieving the security for our whole system by
encrypting the E-Mail with one of the IBE technique . before sending the mail to the E-
Mail server. Thus server will receive only the cipher text , because the E-mail message is
encrypted in the client browser itself.
Algorithm Explanation:
Here for performing the encryption and decryption we are using an algorithm called
Elliptic curve integrated encryption scheme (ECIES) which is an algorithm comes under
the ECC basis.
Procedure:
We will encrypt the message using the standard equation C=Mpu mod P
Where
 C is cipher text
 M is Plain message
 Pu is public key (recipient mail ID)
 P is Constant we assumed at above key generation scheme(23).
Key issuing:
The Key-Server module will issue the private key to the users those who want to
read the mail. Before issuing the private key to the user it will verify the user weather he
is an authorized user or not.
Decrypting the received mail:
The decryption module will decrypt the Received mail by using the downloaded
private key from key-Server. After decrypting the mail the user can able to read that mail,
unless he can’t read the Mail.
24 | W e b I B C
4.2 CODING
Module 1 coding;
Module -1
Index.html
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="content-language" content="cs" />
<meta name="robots" content="all,follow" />
<meta name="author" content="All: ... [Nazev webu - www.url.cz]; e-mail: info@url.cz"

/>
<meta name="copyright" content="Design/Code: Vit Dlouhy [Nuvio - www.nuvio.cz]; e-
mail: vit.dlouhy@nuvio.cz" />
<title>CrystalX</title>
<meta name="description" content="..." />
<meta name="keywords" content="..." />
<link rel="index" href="./" title="Home" />

<link rel="stylesheet" media="screen,projection" type="text/css" href="./css/main.css" />
<link rel="stylesheet" media="print" type="text/css" href="./css/print.css" />
<link rel="stylesheet" media="aural" type="text/css" href="./css/aural.css" />
<style type="text/css">

</style>
<script type="text/javascript">
function validate()
{
if(document.getElementById("name").value=="")
25 | W e b I B C
{
alert("Enter Username");
return false
}
if(document.getElementById("pass").value=="")
{
alert("Enter password");
return false
}
return true
}
</script>
</head>
<body id="www-url-cz">


<div id="main" class="box">


<div id="header">

<h1 id="logo"><strong>IBC</strong></h1><br /><br /><br />

<br />
<font size="1">  For Clientside Security </font>
<hr class="noscreen" />


<div class="noscreen noprint">
<p><em>Quick links: <a href="#content">content</a>, <a href="#tabs">navigation</a>,

<a href="#search">search</a>.</em></p>
<hr />
</div>


</div>



<div id="tabs" class="noprint">
26 | W e b I B C
<h3 class="noscreen">Navigation</h3>
<ul class="box">
<li><a href="#">Login<span class="tab-l"></span><span class="tab-
r"></span></a></li>
<li><a href="register.jsp">Register<span class="tab-l"></span><span class="tab-
r"></span></a></li>
</ul>

</div> 


<div id="page" class="box">
<div id="page-in" class="box">


<div id="content">


<div class="article">
<h2><span>Login</span></h2>
<form method="post" name = "login" onSubmit="return validate()" action="action.jsp"

>
<p>
<table width="316" border="0" >
<tr >
<td><span class="style1"><font size="3">Username</font></span></td>
<td><input type = "text" name = "name" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Password</font></span></td>
<td><input type = "password" name = "pass" id= "pass" />
</td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td>
<input type="submit" name="Submit" value="Submit" align = "right" /></td></tr>
</table>
27 | W e b I B C
<p class="info noprint"> </p>
</form>
</p>
</div> 

</div> 


<div id="col" class="noprint">
<div id="col-in">

<h3 ><span>WebIBC</span></h3>
<ul id="category">
<br><br>
<FONT SIZE="2" face="Georgia">" <i>WebIBC may use your email address to
personalize your experience on their website.</i>"</FONT> <br><br>
</ul>

</div> 

</div> 
</div> 

</div> 


<div id="footer">
<div id="top" class="noprint"><p><span class="noscreen">Back on top</span> <a
href="#header" title="Back on top ^">^<span></span></a></p></div>
28 | W e b I B C
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com"></a></p>
</div> 
</div> 
</body>
</html>
Action.jsp
<head>
<%@ page import="java.sql.*"%>

/>


</style>
</head>

29 | W e b I B C


<div id="header">


<br />


<hr />
</div>


</div>


<%
boolean flag = false;

String n = request.getParameter("name");
String p = request.getParameter("pass");
String add = request.getRemoteAddr();
%>
<ul class="box">
<li><a href="#">Home<span class="tab-l"></span><span class="tab-
r"></span></a></li>
<li><a href="myacc.jsp?name=<%=n%>">My Account<span class="tab-
l"></span><span class="tab-r"></span></a></li>
<li><a href="compose.jsp?name=<%=n%>">Compose<span class="tab-
l"></span><span class="tab-r"></span></a></li>
<li><a href="#">Contact<span class="tab-l"></span><span class="tab-
r"></span></a></li>
30 | W e b I B C
</ul>

</div> 



<div id="content">


<h2><span>Welcome <%=n%> !</span><br>

       <FONT SIZE="5" face = "Monotype
Corsiva">
<a href ="showmail.jsp?name=<%=n%>">Inbox </a></FONT></h2>
<h3> About WebIBC </h3><p>

      WebIBC is a pure JavaScript/HTML based
Web security system aiming at providing Web 2.0 applications with strong cryptography.
With WebIBC a user can protect herself even against evil Web application service
provider. WebIBC also provides a mechanism for Web application service providers that
they can guarantee they will not do evil. Before using WebIBC the user should
authenticate himself to a trusted third party to retrieve his private key used in the system.
The key is generated by the trusted third party and is binded with user's identity. User
will use this key to cipher a message. </p>
<%
// out.println(n);
//out.println(p);
//session.setAttribute("username",n);
//session.setAttribute("passwr",p);
//session.setAttribute("ipaddr",add);
try
{
31 | W e b I B C
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
//out.println("1");
Connection con = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st = con.createStatement();
//out.println(p);
String query="select * from user where username='"+n+"' and password= '"+p+"'";
ResultSet rs =st.executeQuery(query);
//String cn = rs.getString("country");
//String ct = rs.getString("city");
if(rs.next())
{
//out.println(uname);
//out.println(pass);
//if(uname.equals(n) && pass.equals(p))
// {
java.util.Date d = new java.util.Date();

//long intime = d.getTime();
//int intime1 = d.getDate();
int intime2 = d.getHours();
int intime3 = d.getMinutes();
int intime4 = d.getSeconds();
String h = Integer.toString(intime2);
String m = Integer.toString(intime3);
String s = Integer.toString(intime4);
//int intime5 = d.getMonth();
//int intime6 = d.getYear();
String t = h+":"+m+":"+s;
//out.println(t+uname+pass);
else
{
32 | W e b I B C
response.sendRedirect("index.html");
}
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
%>
</p>

<div id="col-in">


<h3><span><a href="#">About Me</a></span></h3>
<div id="about-me">
<p><strong><%=n%></strong><br />
</p>
</div> 
33 | W e b I B C

<h3 ><span>Contacts</span></h3>
<%
try
{
//out.println("1");
Connection con1 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st1 = con1.createStatement();
//out.println(p);
String query1="select mail from user ";
ResultSet rs1 =st1.executeQuery(query1);

while(rs1.next())
{
out.println(rs1.getString("mail"));
out.println("<br>");
}
}
catch(Exception ae)
{
out.println(ae);
ae.printStackTrace();
}
%>

</div> 

</div> 
</div> 

</div> 

34 | W e b I B C
<div id="footer">
<p id="createdby">created by <a href="http://www.nuvio.cz">satesh | Spiro</a> </p>
<p id="copyright">© 2009 <a
href="mailto:my@mail.com">www.Spiro.com</a></p>
</div> 
</div> 
</body>
</html>
Register.jsp
<head>

/>


</style>
35 | W e b I B C
<script type="text/javascript">
function validate()
{
if(document.getElementById("name").value=="")
{
alert("Enter Username");
return false
}
if(document.getElementById("pass").value=="")
{
alert("Enter password");
return false
}
return true
}
</script>
</head>




<div id="header">


<br />


<hr />
</div>

36 | W e b I B C
</div>


<ul class="box">
<li><a href="index.html">Login<span class="tab-l"></span><span class="tab-
r"></span></a></li>
<li><a href="#">Register<span class="tab-l"></span><span class="tab-
r"></span></a></li>
</ul>

</div> 



<div id="content">


<h2><span>Register</span></h2>
<form method="post" name = "register" onSubmit="return validate()"

action="regres.jsp" >
<p>
<table width="316" border="0" >
<tr >
<td><span class="style1"><font size="3">Username</font></span></td>
<td><input type = "text" name = "uname" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Password</font></span></td>
<td><input type = "password" name = "pass" id= "pass" />
</td>
</tr>
<tr >
37 | W e b I B C
<td><span class="style1"><font size="3">Name</font></span></td>
<td><input type = "text" name = "name" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Gender</font></span></td>
<td> <select name="sex" >
<option value="MALE">MALE</option>
<option value="FEMALE">FEMALE</option>
</select>
</td>
</tr>
<tr >
<td><span class="style1"><font size="3">Country</font></span></td>
<td> <select name="country" >
<option value="Select Nationality">Select Country</option>
<option value='ABW'>ARUBA</option>
<option value='AFG'>AFGANISTAN</option>
<option value='AGO'>ANGOLA</option>
<option value='AND'>PRINCIPALITY OF ANDORRA</option>
<option value='ANT'>NETHERLANAD ANTILLES</option>
<option value='ARG'>ARGENTINA</option>
<option value='ARM'>ARMENIA</option>
<option value='ATG'>ANTIQUA AND BARBUDA</option>
<option value='AUS'>AUSTRALIA</option>
<option value='AUT'>AUSTRIA</option>
<option value='AZE'>AZERBEIJAN</option>
<option value='BEL'>BELGIUM</option>
<option value='BEN'>BENIN</option>
<option value='BFA'>BURKINOFASO</option>
38 | W e b I B C
<option value='BGR'>BULGARIA</option>
<option value='BHR'>BAHRAIN</option>
<option value='BLR'>BELARUS</option>
<option value='BLZ'>BELIZE</option>
<option value='BOL'>BOLIVIA</option>
<option value='BON'>BONAIRE</option>
<option value='BRA'>BRAZIL</option>
<option value='BRB'>BARBADOS</option>
<option value='BTN'>BHUTAN</option>
<option value='BWA'>BOTSWANA</option>
<option value='CAN'>CANADA</option>
<option value='CHL'>CHILE</option>
<option value='CHN'>CHINA</option>
<option value='COL'>COLOMBIA</option>
<option value='COM'>UNION OF COMOROS</option>
<option value='FRA'>FRANCE</option>
<option value='GBR'>UK</option>
<option value='GEO'>GEORGIA</option>
<option value='GHA'>GHANA</option>
<option value='GMB'>GAMBIA </option>
<option value='GNB'>GUINEA BISSAU</option>
39 | W e b I B C
<option value='GRC'>GREECE</option>
<option value='GRD'>GRENADA</option>
<option value='GTM'>GUATEMALA</option>
<option value='GUY'>GUYANA</option>
<option value='HKG'>HONG KONG SPL ADMN REGION</option>
<option value='HND'>HONDURAS </option>
<option value='HNG'>HUNGARY</option>
<option value='HRV'>CROATIA</option>
<option value='IDN'>INDONESIA</option>
<option value='IND'>INDIA</option>
<option value='IRA'>IRAN</option>
<option value='IRL'>IRELAND</option>
<option value='IRQ'>IRAQ</option>
<option value='ISR'>ISRAEL</option>
<option value='ITA'>ITALY</option>
<option value='MDV'>MALDIVES</option>
<option value='MEX'>MEXICO</option>
<option value='MKD'>ARUBA</option>
<option value='MLI'>MALI </option>
<option value='MLT'>MALTA</option>
<option value='MMR'>MYANMAR</option>
40 | W e b I B C
<option value='MNG'>MONGOLIA</option>
<option value='MOR'>MOROCCO</option>
<option value='MOZ'>MOZAMBIQUE</option>
<option value='MRT'>MAURITANIA </option>
<option value='MUS'>MAURITIUS</option>
<option value='MWI'>MALAWI</option>
<option value='MYS'>MALAYSIA</option>
<option value='NAM'>NAMIBIA</option>
<option value='NAR'>NIGER</option>
<option value='NGA'>NIGERIA</option>
<option value='NIA'>IVORY COAST</option>
<option value='NIB'>DAR-US-SALAM</option>
<option value='NIG'>PALESTINE</option>
<option value='NLD'>NETHERLANDS</option>
<option value='NOR'>NORWAY</option>
<option value='NPL'>NEPAL</option>
<option value='NZL'>NEW ZEALAND</option>
<option value='OMN'>OMAN</option>
<option value='PAN'>PANAMA</option>
<option value='PER'>PERU</option>
<option value='PHL'>PHILLIPINES</option>
41 | W e b I B C
<option value='PNG'>PAPUA NEW GUINEA</option>
<option value='POL'>POLAND</option>
<option value='PRK'>KOREA (SOUTH)</option>
<option value='PRT'>PORTUGAL</option>
<option value='QAT'>QATAR</option>
<option value='REU'>REUNION ISLAND</option>
<option value='ROU'>ROMANIA</option>
<option value='RUS'>RUSSIA</option>
<option value='RWA'>RWANDA</option>
<option value='SAU'>SAUDI ARABIA</option>
<option value='SBN'>REPUBLIC OF SLOVANIA</option>
<option value='SDN'>SUDAN</option>
<option value='SGP'>SINGAPORE</option>
<option value='SNG'>SENEGAL</option>
<option value='SOM'>SOMALIA</option>
<option value='SUR'>SURINAM</option>
<option value='SVK'>SLOVAKIA</option>
<option value='SWE'>SWEDEN</option>
<option value='SWZ'>SWITZERLAND</option>
<option value='SYC'>SEYCHELES</option>
<option value='SYR'>SYRIA</option>
42 | W e b I B C
<option value='TCD'>CHAD</option>
<option value='TGO'>TOGO</option>
<option value='THA'>THAILAND</option>
<option value='TJK'>TAJIKISTAN</option>
<option value='TKM'>TURKMENISTAN</option>
<option value='TTO'>TRINIDAD & TOBAGO</option>
<option value='TUN'>TUNISIA</option>
<option value='TUR'>TURKEY</option>
<option value='TWN'>TAIWAN </option>
<option value='TZA'>TANZANIA</option>
<option value='UAE'>UAE</option>
<option value='UGA'>UGANDA</option>
<option value='UKR'>UKRAINE</option>
<option value='USA'>USA</option>
<option value='UZB'>UZBEKISTAN</option>
<option value='VAT'>HOLY SEE VATICAN</option>
<option value='VCT'>SAINT VINCENT AND GRENADINES</option>
<option value='VEN'>VENEZUELA</option>
<option value='VEN'>VENEZULA</option>
<option value='VNM'>VIETNAM</option>
<option value='YEM'>YEMEN</option>
<option value='YER'>YEREVAN</option>
43 | W e b I B C
<option value='YUG'>SERBIA AND MONTEGRO</option>
<option value='ZAF'>SOUTH AFRICA</option>
<option value='ZAR'>ZAIRE</option>
<option value='ZMB'>ZAMBIA</option>
<option value='ZWE'>ZIMBABWE</option>
</select>
</td>
</tr>
<tr >
<td><span class="style1"><font size="3">City</font></span></td>
<td><input type = "text" name = "city" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">E-mail ID</font></span></td>
<td><input type = "text" name = "mail" id="name" /></td>
</tr>
<tr >
<td><span class="style1"><font size="3">Mobile </font></span></td>
<td><input type = "text" name = "phone" id="name" /></td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td>
<input type="submit" name="Submit" value="Submit" align = "right" /></td></tr>
</table>
<p class="info noprint"> </p>
</form>
</p>
44 | W e b I B C
<div id="col-in">


<h3 ><span>WebIBC</span></h3>
<ul id="category">
<br><br>
<FONT SIZE="2" face="Georgia">" <i>WebIBC may use your email address to
personalize your experience on their website.</i>"</FONT> <br><br>
</ul>


</div> 

</div> 
</div> 

</div> 


<div id="footer">
<p id="createdby">created by <a href="http://www.nuvio.cz"></a> </p>
<p id="copyright">© 2009 <a href="mailto:my@mail.com"></a></p>
</div> 
</div> 
</body>
</html>
Regres.jsp
<%@ page contentType="text/html; charset=iso-8859-1" language="java"
import="java.sql.*" errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
45 | W e b I B C
<head>
<%@ page import="java.sql.* , java.util.*,java.io.File.*,java.lang.*" %>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>

<%! String sno,str2,str3,str1,str4,str5,str6,str7,str8; %>

<%
str1=request.getParameter("uname");
str2=request.getParameter("pass");
str3=request.getParameter("name");
str4=request.getParameter("sex");
str5=request.getParameter("country");
str6=request.getParameter("city");
str7=request.getParameter("mail");
str8=request.getParameter("phone");
try
{
//out.println("1");
Connection con0 = DriverManager.getConnection("jdbc:odbc:ibc");
//out.println(n);
Statement st0 = con0.createStatement();
//out.println(p);
46 | W e b I B C
String query="select * from user where mail='"+str7+"'";
ResultSet rs =st0.executeQuery(query);
if(rs.next()== true)
{
String str = "MailID "+str7+" already exist ! ";
response.sendRedirect("register.jsp?str="+str+"");
}
else
{
Connection con=DriverManager.getConnection("jdbc:odbc:ibc");
Statement st=con.createStatement();
Statement st1=con.createStatement();
String app="INSERT INTO user(username,password,name,sex,country,city,mail,mobile)
values('"+str1+"','"+str2+"','"+str3+"','"+str4+"','"+str5+"','"+str6+"','"+str7+"','"+str8+"');
String app1 = "INSERT INTO authen(username) values('"+str1+"')";
//unique key generation
char[] chars = str7.toCharArray();

StringBuffer strBuffer = new StringBuffer();
for (int i = 0; i < chars.length; i++)
{
strBuffer.append(Integer.toHexString(chars[i]));
}
String key=strBuffer.toString();
String key1=key.substring(0,5) ;
String key2=key.substring(5,10);
String key3=key.substring(10,key.length());
47 | W e b I B C
int skm[]=new int[16];
int count=0;
int a=1,b=1,p=23;
for(int yz=0;yz<23;yz++)
{
for(int xa=0;xa<23;xa++)
{
if(count <16)
{
if(yz*yz==((xa*xa*xa+a*xa+b)%p))
{
skm[count]=yz;
count++;
}
}
}
}
String app3 = "INSERT INTO keyserverdb(username,mail,key1,key2,key3)
values('"+str1+"','"+str7+"','"+key1+"','"+key2+"','"+key3+"')";
int i=st.executeUpdate(app);
int j=st1.executeUpdate(app1);
int l=st3.executeUpdate(app3);
File f= new File("D:/IBC/mailserver/"+str1);
f.mkdir();
File f1= new File("C:/Mailserver/"+str1);
f1.mkdir();
con.close() ;
response.sendRedirect("sucess1.jsp");
}
}
catch(Exception e)
48 | W e b I B C
{
out.println(e);
}
%>
</body>
</html>
4.3 CONCLUSION:
We finally conclude the best security can be achieve by performing the all
cryptographic techniques at browser using An Identity Base Encryption (IBE)
scheme , which is a public-key cryptosystem where any string is a valid public
key. In particular, email addresses and dates can be public keys. For many
situations in distributed network environments, Identity Base cryptography is a
must during communications.
Future Work:
In this project, Encryption is done using text .In future data will be encrypted
using image or picture.
49 | W e b I B C
4.4 SCREEN SHOTS:
50 | W e b I B C
51 | W e b I B C
52 | W e b I B C
53 | W e b I B C
54 | W e b I B C
55 | W e b I B C
56 | W e b I B C
5. BIBLIOGRAPHY
[1] CNN news: Yahoo accused of misleading congress.

http://www.cnn.com/2007/US/10/16/yahoo.congress/.
[2] Epic online guide to practical privacy tools. http://www.epic.org/privacy/tools.html.
[3] Lynx: a text browser for the world wide web. http://lynx.browser.org/.
[4] UC Berkerly email stats.
http://www2.sims.berkeley.edu/research/projects/howmuch- info/internet/.
[5] W3m, a text-based browser and pager. http://w3m.sourceforge.net/.
[6] B. Adida. Beamauth: two-factor web authentication with a bookmark. In CCS ’07:
Proceedings of the 14th ACM conference on Computer and communications
security, pages 48–57, New York, NY, USA, 2007. ACM.
[7] T. Berners-Lee, R. Fielding, and L. Masinter. Uniform resource identifier (URI):
General syntex. http://www.ietf.org/rfc/rfc3986.txt, 2005.
[8] D. Boneh and X. Boyen. Secure identity based encryption without random oracles.
Proceedings of Crypto 2004, LNCS. Springer-Verlag, 2004.
[9] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing.
Lecture Notes in Computer Science, 2139, 2001.
[10] X. Boyen. General ad hoc encryption from exponent inversion ibe. In LNCS 4515,
Springer- Verlag, pages 394–411, 2007.
[11] B.Schneier. Applied cryptography: Protocols, algorithms, and source code in c,
second edition. 1996.
[12] C. Cocks. An identity based encryption scheme based on quadratic residues.
Lecture Notes In Computer Science, 2260:360–363, 2001.
[13] D. Hankerson, A. Menezes, and S. Vanstone. Guide to elliptic curve
cryptography. Springer-Verlag, 2004.
[14] F. Hess. Efficient identity based signature schemes based on pairings. In SAC
2002, LNCS 2595, Springer-Verlag, pages 310–324, 2003.
[15] C. Jackson, A. Barth, A. Bortz, W. Shao, and D. Boneh. Protecting browsers from
dns rebinding attack. ACM Conference on Computer and Communications
Security, 2007.
[16] C. Karlof, J.D.Tygar, D. Wagner, and U. Shankar. Dynamic pharming attacks and
locked same-orgin policies for web browsers. ACM Conference on Computer and
Communications Security, 2007.
[17] K. Paterson. ID-based signatures from pairings on elliptic curves, cryptology
eprint archive, report 2002/004.
http://citeseer.ist.psu.edu/paterson02idbased.html.
[18] B. Ramsdell. RFC 2633 - S/MIME version 3 message specification.
57 | W e b I B C

Final Documentation

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Documentation

Uploaded by

Copyright:

Available Formats

Identity Based Cryptography for client side security in

Secure communication is an intrinsic requirement of today’s world of on-line

 Certificate Authority and certificates are not necessary.

• All cryptographic operations are all done at the server side .

2.3 PROPOSED SYSTEM:

 Every user needs to authenticate him to authority by providing some

• As message is encrypting in the browser itself, the security is high and

• The security is high due to Elliptic Curve Cryptography (ECC).

• Private Key is very secret to the user (Trusted Authority).

3.1 HARDWARE REQUIREMENTS:

PROCESSOR : PENTIUM IV 2.6 GHz

3.2 SOFTWARE REQUIREMENTS:

FRONT END : J2ee (JSP)

3.3 UML DIAGRAMS:

3.3.1 USE CASE DIAGRAM:

Log into an email server

Register with unique credentials

Private Key generator

3.3.2 SEQUENCE DIAGRAMS:

Register with unique credentials

Register with unique credentials

Generate private keys

Send the Encrypted message with user2’s reference index

Deliver the message to user2

Contact key server for key

Send private key

Decrypt the message with private key

3.3.3 ACTIVITY DIAGRAMS:

open login page and

Sending an Encrypted Message:

Get recipient Email ID

Encrypt the message using ECIES with public key

OBTAINING THE PRIVATE KEY:

Construct Master key matrix

Extract private key from

Issue it through any secured

3.3.4 DATA FLOW DIAGRAM:

3.4 FEASIBILITY STUDY:

SIMPLE AND POWERFUL

NEWLY ADDED FEATURES IN JAVA 2

• SWING is a set of user interface components that is entirely implemented in java

• Performance improvements have been made in several areas. A JUST-IN-TIME

• Digital certificates provide a mechanism to establish the identity of a user, which

The major difference between lightweight and heavyweight components is

Swing components are Java Bean compliant. This allows components to

Swing offers a number of advantages, which include

• Wide variety of Components

The purpose of testing is to discover errors. Testing is the process of trying to

3.4.2.1 TYPES OF TESTS

Functional tests provide a systematic demonstration that functions tested are

Organization and preparation of functional tests is focused on requirements, key

White Box Testing

Black Box Testing

Test strategy and approach

Software integration testing is the incremental integration testing of two or more

Integration testing for Database Synchronization:

 Users have separate roles to modify the database tables.

3.4.2.2 TEST PLAN:

• Design Verification or Compliance test - to be performed during the development or

Test coverage of code:

• Function coverage - Has each function in the program been executed?

1. Testing is a process of executing a program with the intent of finding an error.

• Use Integration testing

<h2><span>Welcome <%=n%> !</span><br>