Professional Documents
Culture Documents
Project outline
Our Project is based on the tools which deals with the security issues related
with the message passing over internet.
Before the Internet, computer security was limited to 'closed systems' or network
computers such as offices or banks where only people physically in the office could use the
computer system. It was quite easy for the network supervisor to set up user names and
passwords and since that time people have become used to logging on before they can use
these types of computers or resources.
With the advent of the Internet, computers users can now work in an 'open system' and
security has become much more complicated. Even though you can now connect your home
or office computer to the Internet and perform remote transactions without leaving the
building you still want to be sure that the transaction is secure. The transaction takes place
through the Internet by bouncing the information through various computers before it
reaches, for example, the bank's computer. You want to be sure that no one observes the
transaction along the way and collects or modifies your transaction information.
This is where computer security comes in. There are many different types of security systems
though most use a process called encryption. When you connect to your bank or other
service to make a transaction you are often required to send your account number or user
name as well as a Personal Identification Number (PIN) or password for verification. This
information should only be sent after establishing a secure connection. If you are using an
Internet browser you will see a small closed lock appear in the window of the browser. Once
you are connected to a secure server any information you send or receive is scrambled or
encrypted using a mathematical formula and then reassembled or decrypted at the other
end. The computer user usually will not notice this happening as they perform their secure
transaction. Anyone with criminal intent who intercepts your transaction will be treated to a
stream of garbled nonsense - (e.g.. qANQR1DBwU4D560EJv6XqrMQB)!
As the amount of crucial business conducted via email increases, so does the amount of
Spam, viruses, hacking, fraud, and other malicious activity. Unless precautions are taken,
email can leave you and your business open to escalating security and privacy risks.
Our project contains four modules with the help of these modules we have tried to remove all
the above mentioned risk involved in message transfer through mail.
Steganography
In Steganography a digital picture (which contain large amounts of data) are used to
hide messages on the Internet and on other communication media. It is not clear how
commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing
each of the three color values (red, green, and blue) at each pixel. If we consider just the blue
there will be 28 different values of blue. The difference between 11111111 and 11111110 in
the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least
significant bit can be used (more or less undetectably) for something else other than color
information. If we do it with the green and the red as well we can get one letter of ASCII text
for every three pixels. Stated somewhat more formally, the objective for making
steganographic encoding difficult to detect is to ensure that the changes to the carrier (the
original signal) due to the injection of the payload (the signal to covertly embed) are visually
(and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the
noise floor of the carrier.
Project aim
We also wanted to provide reliable, accurate, flexible and user-friendly software. The
main objectives of our project are as follows: -
Reliability:-The project is reliable in working. If there may be any error in any tool of the
project, then it is easily handled and also it is easy to use for the user of it. The errors that
would be made by the user are easily handled.
Accuracy: - The project also provides accuracy to the user. The data that is entered by the
user is stored as it is entered, in an accurate form. It can be viewed any time as needed and it
will be displayed in their accurate form.
Flexibility:-The project is flexible in working. It can be run on each system and can be
moved to any other system. It can accept any small changes. If needed a slight change
can be made in future to it. Thus, it is flexible.
User-friendly:- The interface of the software is very user-friendly. Thus the user of it will
feel very easy to work on it. This is a need for the software because the software is also for a
general person and also for the professionals.
Easy to use: - The software is easy to use for the user. The project has a user-friendly
interface and easy tools to handle all the options. Thus, it is easy to use software.
Much of the syntax of Java is the same as C and C++. One major difference is that
Java does not have pointers. However, the biggest difference is that you must write object
oriented code in Java. Procedural pieces of code can only be embedded in objects. In the
following we assume that the reader has some familiarity with a programming language. In
particular, some familiarity with the syntax of C/C++ is useful.
In Java we distinguish between applications, which are programs that perform the
same functions as those written in other programming languages, and applets, which are
programs that can be embedded in a Web page and accessed over the Internet. Our initial
focus will be on writing applications. When a program is compiled, a byte code is produced
that can be read and executed by any platform that can run Java.
Features of Java
• Platform Independence
o The Write-Once-Run-Anywhere ideal has not been achieved (tuning for
different platforms usually required), but closer than with other languages.
• Object Oriented
o Object oriented throughout - no coding outside of class definitions, including
main ().
o An extensive class library available in the core language packages.
• Robust
o Exception handling built-in, strong type checking (that is, all data must be
declared an explicit type), local variables must be initialized.
• Security
o No memory pointers
o A program runs inside the virtual machine sandbox.
o Array index limit checking
o Code pathologies reduced by
byte code verifier - checks classes after loading
Class loader - confines objects to unique namespaces. Prevents loading
a hacked "java.lang.SecurityManager" class, for example.
Security manager - determines what resources a class can access such
as reading and writing to the local disk.
• Dynamic Binding
o The linking of data and methods to where they are located, is done at run-time.
This differs from C++, which uses static binding. This can result in fragile
classes for cases where linked code is changed and memory pointers then
point to the wrong addresses.
• Good Performance
o Interpretation of byte codes slowed performance in early versions, but
advanced virtual machines with adaptive and just-in-time compilation and
other techniques now typically provide performance up to 50% to 100% the
speed of C++ programs.
• Threading
o Lightweight processes, called threads, can easily be spun off to perform
multiprocessing.
o Can take advantage of multiprocessors where available
o Great for multimedia displays.
• Built-in Networking
o Java was designed with networking in mind and comes with many classes to
develop sophisticated Internet communications.
Features such as eliminating memory pointers and by checking array limits greatly help to
remove program bugs. The garbage collector relieves programmers of the big job of memory
management. These and the other features can lead to a big speedup in program development
compared to C/C++ programming.
Java was designed to be easy to use and is therefore easy to write, compile, debug,
and learn than other programming languages.
• Java is object-oriented.
• Java is platform-independent.
• By using Java, one program can be run on many different platforms. This means that
you do not need to put your efforts on developing a different version of software for
each platform.
• There are many programmers who can understand and write code in Java, so that
many people can participate in developing open source software.
• In many cases, a Java virtual machine can prevent an incorrectly written application
program from causing problems to the rest of your computing environment.
One of the most significant advantages of Java is its ability to move easily from one computer
system to another. The ability to run the same program on many different systems is crucial
to World Wide Web software, and Java succeeds at this by being platform-independent at
both the source and binary levels.
Because of Java's robustness, ease of use, cross-platform capabilities and security features, it
has become a language of choice for providing worldwide Internet solutions.
The NetBeans Platform allows applications to be developed from a set of modular software
components called modules. A module is a Java archive file that contains Java classes written
to interact with the NetBeans Open APIs and a manifest file that identifies it as a module.
Applications built on modules can be extended by adding new modules. Since modules can
be developed independently, applications based on the NetBeans platform can be extended by
third party developers.
Modularity: All the functions of the IDE are provided by modules. Each module provides a
well defined function, such as support for the Java language, editing, or support for the CVS
versioning system, and SVN. NetBeans contains all the modules needed for Java
development in a single download, allowing the user to start working immediately. Modules
also allow NetBeans to be extended. New features, such as support for other programming
languages, can be added by installing additional modules. For instance, Sun Studio, Sun Java
Studio Enterprise, and Sun Java Studio Creator from Sun Microsystems are all based on the
NetBeans IDE.
Current Versions: NetBeans IDE 6.5 extended the existing Java EE features (including Java
Persistence support, EJB 3 and JAX-WS). Additionally, the NetBeans Enterprise Pack
supports development of Java EE 5 enterprise applications, including SOA visual design
tools, XML schema tools, web services orchestration (for BPEL), and UML modeling. The
NetBeans IDE Bundle for C/C++ supports C/C++ projects.
NetBeans IDE 6.0 builds upon the previous version 5.5.1, which introduced comprehensive
support for developing IDE modules and rich client applications based on the NetBeans
platform, a new GUI builder (formerly known as "Project Matisse"), new and redesigned
The current version is NetBeans IDE 6.5.1, which was released in March 2009.
License: From July 2006 through 2007, NetBeans IDE was licensed under Sun's Common
Development and Distribution License (CDDL), a license based on the Mozilla Public
License (MPL). In October 2007, Sun announced that NetBeans would henceforth be offered
under a dual license of the CDDL and the GPL version 2 licenses, with the GPL linking
exception for GNU Classpath.
Let us create a simple console application using the same IDE. With the NetBeans IDE open,
go through the following steps:
• Go to File -> New project (or you can directly press the "New Project" button) as
highlighted in the following figure.
• You will be presented with a "New Project" window. Select "General" in the
"categories" and "Java Application" in the "Projects" (as shown in the figure below).
• Once it looks like the above, click on "Finish." At this moment, you will not see any
code (like you did in the previous section).
• Go to the "Projects" window, open up "DesktopHelloWorld," right click on "Source
Packages," go to new -> JFrame Form as shown below.
• Similarly add a "JLabel," set its "text" to empty and rename it "lblMsg."
• Next, double click on the button (which opens the code window) and modify your
code as follows:
• Hit F5 to execute your project (along with debugging). It will present you with the
following figure.
These facilities are so much useful that even the best organizations are
becoming over dependent on them. Every information that they require is transmitted over
internet. Apart from the facilities provided by internet & its services there is a threat of the
data to be exposed even to the unauthorized person which in turn will not be able to maintain
the security issues related with the message transferred.
Existing System
The security provided now a days by the email servers are not fully visible
to the client or users to ensure their message security. Even the expert eavesdroppers or
hackers can easily retrieve or can misuse our data. In other words to say that the security
provided to us are only server side not by the users sending their data. So to provide the
security belief to the user it is better to be done even also on client side done by user.
This project intends to design, program and implement the tools that
can be used to ensure the security, integrity, confidentiality of the messages or data at the user
level. In this project we provide the tools to encrypt or decrypt the data, hide the data in
image, audio, video files using the private secret key & then to send the file as email to the
Steganography tool Page 16
user who knows that secret key will only be able to access the message. Another important
tool in the project provides the facility to send the larger files as email. Using that tool user
can compress or decompress the larger which he is intending to email.
System Analysis
Expected features
Be Platform Independent
As the internet more precisely the email facility that we use now a days are platform
independent i.e. it can run on any on any operating system (Linux, Windows Xp/Vista, mac,
etc). So it was a challenge to develop such tools that may be able to run on any platform with
Be extensible
System Requirements
The following section describes the hardware and the software requirements for
developing this project.
Hardware Requirements
Software Requirements
• Jdk 1.6.0
• NetBeans IDE 6.0
• Jre 1.6.0
• jCreator v4.50.
Functional Requirements
Steganography
• STEGANOGRAPHY
TEXT
Message
Message
Embedding
text in +
image/audi Image/audio
o file
Image
/audio file
Output
Image/audio file
KE
Y
On a DFD, data items flow from an external data source or an internal data store to an
internal data store or an external data sink, via an internal process.
A DFD provides no information about the timing or ordering of processes, or about whether
processes will operate in sequence or in parallel. It is therefore quite different from a
flowchart, which shows the flow of control through an algorithm, allowing a reader to
determine what operations will be performed, in what order, and under what circumstances,
but not what kinds of data will be input to and output from the system, nor where the data
will come from and go to, nor where the data will be stored (all of which are shown on a
DFD).
Notations
G
Image
Image
STEGANOGRA &
PHY Message
INTERFACE
Image
EXTRACTI Message
NG
DFD of Steganography
Steganography
Message is retrieved from the image using the same secret key
Software Testing, depending on the testing method employed, can be implemented at any
time in the development process, however the most test effort is employed after the
requirements have been defined and coding process has been completed.
There are many approaches to software testing. Reviews, walkthroughs or inspections are
considered as static testing, whereas actually executing programmed code with a given set of
test cases is referred to as dynamic testing. The former can be, (and unfortunately in practice
often is) omitted, whereas the latter takes place when programs begin to be used for the first
time - which is normally considered the beginning of the testing stage. This may actually
begin before the program is 100% complete in order to test particular sections of code
(modules or discrete functions). For example, Spreadsheet programs are, by their very nature,
tested to a large extent "on the fly" during the build process as the result of some calculation
or text manipulation is shown interactively immediately after each formula is entered.
• Verification: Have we built the software right (i.e., does it match the specification?)?
It is process based.
• Validation: Have we built the right software (i.e., is this what the customer wants?)? It
is product based.
The terms verification and validation are commonly used interchangeably in the industry; it is
also common to see these two terms incorrectly defined. According to the IEEE Standard
Glossary of Software Engineering Terminology:
Testing methods
Software testing methods are traditionally divided into black box testing and white box
testing. These two approaches are used to describe the point of view that a test engineer takes
when designing test cases.
Black box testing treats the software as a "black box," without any knowledge of internal
implementation. Black box testing methods include: equivalence partitioning, boundary value
analysis, all-pairs testing, fuzz testing, model-based testing, traceability matrix, exploratory
testing and specification-based testing.
Specification-based testing
The black box tester has no "bonds" with the code, and a tester's perception is very
simple: a code must have bugs. Using the principle, "Ask and you shall receive,"
black box testers find bugs where programmers don't. But, on the other hand, black
box testing has been said to be "like a walk in a dark labyrinth without a flashlight,"
because the tester doesn't know how the software being tested was actually
constructed. That's why there are situations when (1) a black box tester writes many
test cases to check something that can be tested by only one test case, and/or (2) some
parts of the back end are not tested at all.
Therefore, black box testing has the advantage of "an unaffiliated opinion," on the one hand,
and the disadvantage of "blind exploring," on the other.
White box testing, by contrast to black box testing, is when the tester has access to the
internal data structures and algorithms (and the code that implement these)
Grey box testing involves having access to internal data structures and algorithms for
purposes of designing the test cases, but testing at the user, or black-box level. Manipulating
input data and formatting output do not qualify as "grey box," because the input and output
are clearly outside of the "black-box" that we are calling the system under test. This
distinction is particularly important when conducting integration testing between two
modules of code written by two different developers, where only the interfaces are exposed
for test. Grey box testing may also include reverse engineering to determine, for instance,
boundary values or error messages.
Acceptance testing
1. A smoke test is used as an acceptance test prior to introducing a build to the main
testing process.
Regression Testing
Regression testing is any type of software testing that seeks to uncover software
regressions. Such regression occurs whenever software functionality that was previously
working correctly stops working as intended. Typically regressions occur as an unintended
consequence of program changes. Common methods of regression testing include re-running
previously run tests and checking whether previously fixed faults have re-emerged.
• Performance testing checks to see if the software can handle large quantities of data or
users. This is generally referred to as software scalability. This activity of Non
Functional Software Testing is often times referred to as Load Testing.
• Stability testing checks to see if the software can continuously function well in or
above an acceptable period. This activity of Non Functional Software Testing is often
times referred to as enduration test.
• Usability testing is needed to check if the user interface is easy to use and understand.
• Security testing is essential for software which processes confidential data and to
prevent system intrusion by hackers.
• Internationalization and localization is needed to test these aspects of software, for
which a pseudo localization method can be used.
In contrast to functional testing, which establishes the correct operation of the software
(correct in that it matches the expected behavior defined in the design requirements), non-
functional testing verifies that the software functions properly even when it receives invalid
or unexpected inputs. Software fault injection, in the form of fuzzing, is an example of non-
functional testing. Non-functional testing, especially for software, is designed to establish
whether the device under test can tolerate invalid or unexpected inputs, thereby establishing
the robustness of input validation routines as well as error-handling routines. Various
commercial non-functional testing tools are linked from the Software fault injection page;
Process: Read the file and embed the message in the file.
Process: Read the file and extract the message from the file.
We have learnt many lessons during the development of this project. It taught a practical
lesson on the importance of software engineering. We found ourselves many times that
implementation was halt because there is uncertainty how the final system operates, it required us to
jump back and forth to revisit design stage, and do some more research on a particular topic.
Programming on embedded platform is a completely new to us. It required us to learn JAVA in which
we had never done programming before. Even though JAVA is a sub branch of J2SE which we have
been programming for the past few years in the course, there are many differences between them.
Programming in a completely new language was quite challenging at some time of the development
process, many new problems have been identified along the way, but the pleasure of seeing the
system run on actual e-mail technology was rather rewarding.
Research for this project has deepened our knowledge of current internet technology such as
the advantages and the limitations that E-mail have.
Although part of the system does not function probably, but we are pleased
with the final results. After all, software project is about experimenting and learning new topic, and
absorbing new experience which could be used in the future.
The scope changes that usually cause problems are those where the perception of
what was in and out of scope was different between various parties. The Project Manager
assumed there would only be four or five reports, and the business assumed ten to twenty.
Nobody felt it was worth talking about because they assumed the other person thought the
same way they did.
Since there are one or two known system issues that still have not been solved, it
would be nice to see a full functional working version of the system as defined in the report
in the future.
The important tool provided in our project is steganography that provides the user to
send the private messages by hiding it into any image, audio, video files. To increase its
efficiency, reliability, performance we can implement it on the bit level, this will not effect
the entities of the files so as to increase the performance by preserving the entities of the files
up to some extent.
All of the above tools are the best tools to ensure the security related issues at the
client side. It will be better to use if it will be embed within the browser so as it can come
with the interface of the e mail portals used now a days. And it will be even more easy to use
by the users.
1. www.wikipedia.org
4. E-books of JAVA.
5. Java 2 by E.balagurusamy
7. www.google.co.in