Professional Documents
Culture Documents
INTRODUCTION
OBJECTIVE
As a lot of confidential data are being transferred day in day out to/from the
companies, there are possibilities that the data may be lost accidently or stolen
intentionally. This is not reliable as it could be a serious threat to the organizations.
The project is an application to make sure that the data being transferred over the
Internet is secured and confidential. It is very important that this data being
transferred does not fall into wrong hands to avoid any financial or informative
losses that can be harmful to the organization. Moreover, the storage of the dataand
its transfer are accessed by the authorized persons only hence providing a secure
way to manage and transfer
Security measures must be incorporated into computer systems whenever they
are potential targets for malicious or mischievous attacks. This is especially for
systems which handle financial transactions or confidential, classified or other
information whose secrecy and integrity are critical. With the need to protect the
integrity and privacy of information belonging to individuals and organizations, we
have developed this system. .
SCOPE
The secured file transfer over the Internet is an effort which aims at
providing security to the files being transferred over the Internet. The
user is assured about the fact that no unauthorized person can access the
file and misuse the information in the file. This project after
development can be used for any type of enterprise need to transfer their
Pace Institute of Technology and Sciences Page 1
A web application for secured file downloading system
files from one place to other at right time to the right person. This
project after development can be used for any type of enterprise need to
transfer their files from one place to other at right time to the right
person. It requires active internet connection, without it the file would
not be transferred. It can be used by any type of enterprise and
businesses with little modification. This project can be made in such a
way that, individual enterprise need not be given individual copies but
single software on a server can be used by multiple enterprises. Even if
the file goes to the wrong person, he will not be able to access the data
from that file because of the encryption and decryption strategy. An
organization has to register to use this application. The activation will be
done after the registration by e-mail validation. There would be session
management, profile management. Private key generation (saved by
user) and public key generation (stored on user profile). There would
also be File Upload & encryption with symmetric encryption, key to be
sent via e-mail, online file storage, list for users to select file/share
recipient, notification to download via e-mail, add/delete/edit metadata
for files, resharing of files uploaded multiple times. One to one file
transfer would simply consist of the sender uploading the file on the
server with encryption and using its own private key and the recipient’s
public key. The recipient will then decrypt the file and use its private
key and sender’s public key to download it from the server.
Abstract—
Algorithm[1]
A large prime number p and a random number g which is prime and less than
the initially chosen prime number is chosen.
Then after from {0,…,p-1} there are chosen the elements x1,x2,…,x2n+1,
preferably distinct .
Calculate y1=gx1 mod p,y2=gx2 mod p,…, y2n+1=gx2n+1 mod p.
The public key is {p,g,y1,y2,…….,y2n+1} and the private key consists of
{x1,x2,…,x2n+1}.
The sender encrypts message m knowing the public key as : choose a random
element k from {0 ,…, p-1} and calculates c1=gk mod p,c21=m.x1k mod p,
c22=m.x2k mod p,… , c22n+1=m.x2n+1k mod p, c2= c21. c23. c25. c27…./c22.
c24. c26…. then sends the encrypted message (c1, c2) to the recipient.
To decrypt the message (c1, c2), calculate c2. c1x2. c1x4. c1x6 …/ c1x1. c1x3.
c1x5. c1x7…= (c21. c23. c25. c27…/ c22. c24. c26…)( c1x2. c1x4. c1x6…/ c1x1.
EXISTING SYSTEM:
At present, the Elgamal encryption algorithm works by sending data to the receiver
who has just one private key to decrypt the data .The entire process is as follows :
Key generation : The receiver who wishes to get message, chooses a large prime
number p, a random number g which is also prime and less than the prime number
initially chosen and a random integer x from 0 to (p-1). He then calculates
y=gx mod p
The public key of the sender is (p , g , y) and his private key is x.
Encryption by the sender : The sender generates an integer k lying between 0 to
(p-1). He then calculates
r = gk mod p
and
t = (yk. M) mod p
and transmits (r , t) as the encrypted message .
Decryption of the ciphertext : The receiver with his private key
calculates
t. r-x
which gives the plaintext .But in this algorithm , as there is just one
private key , it can be gessed by any intruder and is thus not reliable.
PROPOSED SYSTEM:
This paper focuses on the issues related to the data security aspect of cloud
computing. Cryptoniteis a secure Cloud storage repository that addresses these
requirements using a StrongBoxmodel for shared key management. We describe
c2. c1x2. c1x4. c1x6 …/ c1x1. c1x3. c1x5. c1x7…= (c21. c23. c25. c27…/ c22.
c24. c26…)( c1x2. c1x4. c1x6…/ c1x1. c1x3.c1x5. c1x7…) = (m .y1k. m . y3k. m
. y5k. m . y7k…/ m .y2k. m . y4k. m . y6k…)( c1x2. c1x4. c1x6…/ c1x1. c1x3.
c1x5. c1x7…) = m.
Literature survey
The Theoretical background of the mainly used to know how to get interacted with
user and to know the updates and to obtain the solutions to our problems.
PHP
PHP, one of the Web’ s most popular programming languages. According to Net
craft ( www.netcraft.com ), PHP was running on more than 20 million Web servers
in July 2007 ( http://www.php.net/usage.php ). At the time of writing, it ’ s the
fourth most popular programming language in the world according to TIOBE (
http://www.tiobe.com/index.php/ content/paper info/topic/ ), beaten only by Java,
C, and C++. With the introduction of version 5.3, there’s never been a better time
to learn PHP.
What exactly does the phrase “dynamic, interactive Websites ” mean? A dynamic
Web page is a page whose contents can change automatically each time the page is
viewed. Contrast this with a static Web page, such as a simple HTML file, which
looks the same each time it’ s displayed (at least until the page is next edited).
Meanwhile, an = interactive Web site is a site that responds to input from its
visitors. A Web forum is a good example users can post new messages to the
forum, which are then displayed on the site for all to see. Another simple example
is a “ contact us ” form, where visitors interact with the page by filling out and
sending a form, which is then emailed to the Webmaster.
FEATURES OF PHP:
Simple
Secure
Portable
SIMPLE:
It is simple for professional programmer to learn & they can use it effectively. If
we already know structure oriented programming, then learning php is very easy.
SECURE:
As we know many people are effected by viral infection when they download an
executable file or program. Rather than, virus programs we have malicious
programs that can gather private information, such as credit card number, bank
account balances & passwords by searching the contents of your computers local
file system.
PORTABLE:
As already we have discussed about compatibility of operating system, computers,
chips. In Internet the programs have to be dynamically downloaded to all the
various types of platforms like windows for wamp ,linux for lamp and support all
platforms using xampp.
Database Management System (DBMS):
Hardware: The processor(s) and associated main memory that are used to support
the execution of database system software..
Software: The layer between the physical database and the users that handles all
requests from the user for access to the database.
Application Programmers
End User
Database Administrator (DBA)
TYPES OF DBMS
There are four major categories of DBMS data models.
Hierarchical
Network
Inverted
Relational
relational model. The relational database management system uses only its
relational capabilities to manage the information stored in the database. The
relational model has three different aspects.
Structures.
Operation.
Integrity rules.
Structures:
They are well-defined objects that store the data of a database structure and the
data contained within them can be manipulated by operations.
Operations:
They are clearly defined actions that allow users to manipulate the data and
structures of a database. The operations on a database must adhere to a predefined
set of integrity rules.
ARCHITECTURE:
Two processes (or tasks) are of concern on the server: the database (MySQL, for
us) and the web server (usually Apache or Microsoft IIS). The PHP processor runs
under control of the web server and executes the PHP files that compose the
application. The four labels in the server box correspond to the elements of the so-
called LAMP stack: operating system (Linux), web server (Apache), database
(MySQL), and language (PHP). As I’ll explain, the first doesn’t have to be Linux
and the second doesn’t have to be Apache. Generally, the last two don’t have to be
MySQL and PHP, but they are in this book, since that’s our focus. There are
usually lots of applications running on the client, but only the browser that’s
connected to the web server running the PHP application is of concern to us. Since
you’re a developer, you also care about the development platform, which consists
of two essential applications, at least: an editor that can create and modify PHP
files and a transfer utility that can copy those files to the web server, typically an
FTP (File Transfer Protocol) or SFTP (Secure File Transfer Protocol) utility,
sometimes built into the editor. It’s convenient to reproduce the whole server
platform on the development system so the PHP files can be accessed directly by
the editor, and so you can run the application locally. Fig illustrates this process.
When the application is ready to deploy, an FTP utility copies the PHP files to the
remote server, as figure shows
Client-Server Architecture
The server platform runs on an operating system, naturally, and on that runs the
web server and the database system,MySQL. For us, the web server is programmed
in PHP, and I’ll give my reasons why that’s almost always my choice, and that of
lots of other people, too.
The LAMP Stack “LAMP” is a clever term for the Linux-Apache-MySQL-PHP
stack, but it’s not strictly speaking a stack, because, while the web server certainly
runs under the operating system, and PHP runs on the web server, the database
runs directly on the operating system, independently of the web server. (Two other
popular languages also begin with the letter: PERL and Python, so sometimes the P
in LAMP refers to one of them.)
All of my examples will be for UNIX-like operating systems and Apache, and I’ll
make sure I’m clear about that when it matters. So, in essence, it’s the MP part of
LAMP that we care about, with P standing for PHP. Some 99% of everything in
Server Operating System
According to w3techs.com, 65% of web sites run on some form of UNIX and the
other 35% run on Windows. There’s really nothing else out there. (They list Mac
OS separately, but it’s UNIX as far as PHP/MySQL development is concerned.)
There are four areas of Windows differences at the PHP level.
1. Path and file name differences.
2. Different line endings in text files.
3. API (application program interface) differences that affect a few PHP functions.
They’re
clearly noted in the PHP documentation.
4. Command lines executed from a PHP program or directly from the shell or
command
processor.
The chief path and file name differences are as follows:
Windows accepts forward slashes in paths in most PHP functions, but you might
get a backslash in a path supplied by a user interactively or when you read one
from a file. I usually convert backslashes to forward ones whenever I input a path
on Windows. Native However, both formats are common on both systems, so this
isn’t really a I’ve dealt with Mac OS and Windows differences a lot in my native
applications that run on those systems, but never in my PHP/MySQL applications,
because I’ve managed to avoid ever running on a Windows server. Your life may
not be so simple, however.
Pace Institute of Technology and Sciences Page 14
A web application for secured file downloading system
Web Server You’ll almost always use Apache as the web server on systems and
IIS on Window systems, although Apache also runs on Windows.
Apache configuration is hard to learn, but there are two saving graces for
PHP/MySQL programmers. You rarely have to do much with Apache directly,
aside from occasionally editing an.htaccess file to establish options for a
directory.Apache is so widely used that if you Google whatever issue you’re
wrestling with, you’ll usually Usability issues aside, Apache is efficient, reliable,
cheap, well-documented, and ubiquitous, so it’s my web server of choice, by a
wide margin. Your primary interface with Apache is with the file system that it
uses. Every web site has a document root on the server, and your PHP files need to
go under that root directory, or in a subdirectory of it.
In the past, MySQL supported such a limited form of SQL that it was annoying to
use for a database professional spoiled by a more complete system like Oracle or
PostgreSQL. But recent versions have changed that, and I now find that it has
everything I want except for check conditions. My reason for preferring MySQL
is simply that I find life easier if I use just one set of platform technologies, and
because MySQL is always there and works extremely well, it’s always my first
choice.
Sun Microsystems bought MySQL in 2008, and Oracle bought Sun about two
years later, so now, somewhat ironically, Oracle owns MySQL. Despite some
concern that Oracle might neglect MySQL development and/or support in order
not to cannibalize Oracle sales, it hasn’t done so, and MySQL remains just as
viable as ever. Nonetheless,
there’s some unease with that situation, so the MySQL original authors have taken
the open source MySQL code and produced a compatible system called MariaDB,
which aims to be binary compatible with it. As MySQL is still the version most
widely supported by hosting companies and cloud servers, that’s the one I use.
Pace Institute of Technology and Sciences Page 15
A web application for secured file downloading system
Do what you can to make sure you’re using at least Version 5.5 of MySQL, as
that’s the version I’m going to assume you have in this book.
HTML:
CSS :
CSS Stands for "Cascading Style Sheet." Cascading style sheets are used to format
the layout of Web pages. They can be used to define text styles, table sizes, and
other aspects of Web pages that previously could only be defined in a page's
HTML. The basic purpose of CSS is to separate the content of a web document
(written in any mark up language) from its presentation (that is written using
Cascading Style SheetsCSS gives the option of selecting various style schemes and
rules according to the requirements and it also allows the same HTML document to
be presented in more than one varying style.
JAVA SCRIPT
Pace Institute of Technology and Sciences Page 17
A web application for secured file downloading system
PHP
SQL
SQL stands for Structured Query Language. SQL lets us access and manipulate
databases. SQL is an ANSI (American National Standards Institute) standard. SQL
can execute queries against a database ,retrieve data from a database, insert records
Functional Requirements:
MODULES:
1.Admin
2.User
3.Tpa
MODULE DESCRIPTION:
Admin
Admin control the user and tp.a It maintain the data about user and tpa.Its duty is
to upload files ,view files,and view users.
User:
User request the key for the encrypted data. And the user download the key and get
the required data.
TPA
Tpa is used to support the admin. It contains the encrypted files and view the
users.
Non-Functional Requirements
Non-functional requirements are requirements that specify criteria that can be used
to judge the operation of a system, rather than specific behaviors. This should be
contrasted with functional requirements that specify specific behavior or functions.
In general, functional requirements define what a system is supposed to do whereas
non-functional requirements define how a system is supposed to be. Non-
functional requirements are often called qualities of a system. Other terms for non-
functional requirements are "constraints", "quality attributes", "quality goals" and
"quality of service requirements". Qualities, aka. Non-functional requirements, can
be divided into two main categories.
Scalability:
merely having the technology to provide a user service is not sufficient. The
service-provider involvement requires that different infrastructure services be
available. This information helps service providers to determine where to invest
next. The data-collection facility is that service want to integrate into their service
and system.
Interoperability:
It is important that the interface is simple and intuitive Instead of making products
and services ever more sophisticated, they must be made intuitive, simple, and
useful in solving problems.
Reliability:
Portability:
In order to be more portable we use Application server Tomcat5.0 and even the
voice server is independent of the platform.
Extensibility:
The application should be widely extensible, where we can include many services
like fax can be added in to UMS server. Also many call routing mechanism can be
included.
Efficiency:
Hardware specifications:-
Software requirements:-
Technology : PHP
Database : MYSQL
Tool : Notepad++.
SYSTEM STUDY
FEASIBILITY STUDY:
The feasibility of the project is analyzed in this phase and business proposal is
put forth with a very general plan for the project and some cost estimates.
During system analysis the feasibility study of the proposed system is to be
carried out. This is to ensure that the proposed system is not a burden to the
company.
Three key considerations involved in the feasibility analysis are
ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research
and development of the system is limited. The expenditures must be justified.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand
on the available technical resources. This will lead to high demands on the
available technical resources.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user.
This includes the process of training the user to use the system efficiently. The user
must not feel threatened by the system, instead must accept it as a necessity
confidence must be raised so that he is also able to make some constructive
criticism, which is welcomed, as he is the final user of the system.
System design
A data flow diagram is graphical tool used to describe and analyze movement of
data through a system. These are the central tool and the basis from which the
other components are developed. The transformation of data from input to output,
through processed, may be described logically and independently of physical
components associated with the system. These is known as the logical data flow
diagrams. The physical data flow diagrams show the actual implements and
movement of data between people, departments and workstations. Each component
in a DFD is labeled with a descriptive name. Process is further identified with a
number that will be used for identification purpose. Each process in lower level
Pace Institute of Technology and Sciences Page 24
A web application for secured file downloading system
diagrams can be broken down into a more detailed DFD in the next level. The top-
level diagram is often called a “context diagram”.
Context Diagram:
It contains a single process, but it plays a very important role in studying the
current system. The context diagram defines the system that will be studied in the
sense that it determines the boundaries. Anything that is not inside the process
identified in the context diagram will not be part of the system study. It represents
the entire software element as a single bubble with input and output data indicated
by incoming and outgoing arrows respectively.
A DFD is also known as a “bubble chart” has the purpose of clarifying system
requirements and identifying major transformations that will become programs in
system design. So it is the starting point of the design to the lowest level of detail.
A DFD consists of a series of bubbles joined by data flows in the system.
DFD SYMBOLS:
Data Flow
Data Store
CONSTRUCTING A DFD:
Process should be named and numbered for an easy interface. Each name
should be representative of the process.
The direction of flow is from top to bottom and from left to right. Data
traditionally flow from source to the destination although they may flow back to
the source. One way to indicate this is to draw long flow line back to a source. An
alternative way is to repeat the source symbol as a destination. Since it is used
more than once in the DFD it is marked with a short diagonal.
When a process is exploded into lower level details, they are numbered.
The names of data stores and destinations are written in capital letters.
Process and dataflow names have the first letter of each work capitalized.
A DFD typically shows the minimum contents of data store. Each data store should
contain all the data elements that flow in and out.
Questionnaires should contain all the data elements that flow in and out. Missing
interfaces redundancies and like is then accounted for often through interviews.
1. The DFD shows flow of data, not of control loops and decision are
controlled considerations do not appear on a DFD.
2. The DFD does not indicate the time factor involved in any process whether
the data flow take place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD.
Physical DFD:
Structured analysis states that the current system should be first understand
correctly. The physical DFD is the model of the current system and is used to
ensure that the current system has been clearly understood. Physical DFDs
Pace Institute of Technology and Sciences Page 27
A web application for secured file downloading system
shows actual devices, departments, and people etc., involved in the current
system.
Logical DFD:
Logical DFDs are the model of the proposed system. They clearly should show
the requirements on which the new system should be built. Later during design
activity this is taken as the basis for drawing the system’s structure charts.
PROCESS
DATA STORE
Data cannot move directly from one data store to another data store, a
process must move data.
Data cannot move directly from an outside source to a data store, a process,
which retrieves, must move data from the source and place the data into data store.
UML stands for Unified Modelling Language are a third generation method for
specifying, visualizing and documenting the artefacts of an object oriented system
under development. Object modelling is the process by which the logical objects in
the real world (problem space) are represented (mapped) by the actual objects in
the program (logical or a mini world).
The goal from this is to produce a model of the entities involved in the project
which later need to be built. The representations of the entities that are to be used
in the product being developed need to be designed.
USECASE DIAGRAM
Use case diagram consists of use cases and actors and shows the interaction
between them. The key points are:
The main purpose is to show the interaction between the use cases and
the actor.
To represent the system requirement from user’s perspective.
use cases are the functions that are to be performed in the module.
An actor could be the end-user of the system or an external system.
Admin UseCaseDiagram
User UseCaseDiagram
TPA UseCaseDiagram
CLASS DIAGRAM
Class Diagram consists of the classes and the objects and the interaction between
them. It mainly deals with the interaction between classes in the system, their
behavior and properties of the system. Apart from classes this also provides
inheritance relationships in the project. Class diagrams consist of basically two
parts: first one is the member variables and class variables and the second part
consists of the total number of methods available in the class.
Class Diagram
SEQUENCE DIAGRAM
The main purpose is to represent the logical flow of data with respect to a
process
Sequence Diagram
Collaboration:
Collabaration
Activity Diagram:
Admin ActivityDiagram
User ActivityDiagram
TPA ActivityDiagram
User Registration.php
<table align="center">
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
</tr>
<tr>
<tr>
<td>
<div align="center">
</td>
</div></td>
</tr>
Pace Institute of Technology and Sciences Page 41
A web application for secured file downloading system
</table>
<?php
if(isset($_POST['sub']))
$a=$_POST['f1'];
$b=$_POST['f2'];
$c=$_POST['f3'];
$d=$_POST['f4'];
$e=$_POST['f5'];
$f=$_POST['f6'];
$g=$_POST['f7'];
$h=$_POST['f8'];
$i=$_POST['f9'];
$j=$_POST['f10'];
$k=$_POST['f11'];
mysql_connect("localhost","root","");
mysql_select_db("secure");
$data=mysql_query($sql)or die(mysql_error());
if($data)
//echo "<br>";
//echo "<center>";
else
echo "error";
//header('location:login.php');
//echo "</center>";
?>
</form>
TESTING
Testing is a process, which reveals errors in the program. It is the major quality
measure employed during software development. During testing, the program is
executed with a set of conditions known as test cases and the output is evaluated to
determine whether the program is performing as expected.
Defect detection
Reliability estimation
In order to make sure that the system does not have errors, the different levels of
testing strategies that are applied at differing phases of software development are:
Unit Testing:
Unit Testing is done on individual modules as they are completed and become
executable. It is confined only to the designer's requirements.
In this strategy some test cases are generated as input conditions that fully
execute all functional requirements for the program. This testing has been uses
to find errors in the following categories:
In this the test cases are generated on the logic of each module by drawing flow
graphs of that module and logical decisions are tested on all the cases.
It has been uses to generate the test cases in the following cases:
2. Integrating Testing:
Integration testing ensures that software and subsystems work together as a whole.
It tests the interface of all the modules to make sure that the modules behave
properly when integrated together.
3. System Testing:
Involves in-house testing of the entire system before delivery to the user. Its aim is
to satisfy the user the system meets all requirements of the client's specifications.
4. Acceptance Testing:
Validation:
The system has been tested and implemented successfully and thus ensured that all
the requirements as listed in the software requirements specification are completely
fulfilled. In case of erroneous input corresponding error messages are displayed.
COMPILING TEST
It was a good idea to do our stress testing early on, because it gave us time to fix
some of the unexpected deadlocks and stability problems that only occurred when
components were exposed to very high transaction volumes.
EXECUTION TEST
OUTPUT TEST
The successful output screens are placed in the output screens section above.
Test Objective: To check whether the user inserted data is available or not.
Test Description:When user click on Report url in new window view uploaded data
in all clouds.
The user user view data stored in clouds See all clouds have same data or not.
through this form
Test Objective: To check whether the user/administrator can login without his userid
Test Description: when a user or administrator clicks the link, a login form will be
displayed. In this form if user wants to login he has to enter userid and password. If he
doesn’t enter and then tries to login, he will get a message indicating “user id is
mandatory”
Test Objective: To check whether the user can change his password when desired
Test Description: when a user or administrator clicks the link to change the password,
then a window appears to reset password. In that a new password is given and then
updated.
The user/administrator will login through When user logins with new password then
the login form he should be allowed to login
RESULTS:
Home page
Download Page:
CONCLUSION
The project plan discussed in the previous section gives a clear perspective that
Secured File transfer gives a simple way to exchange files with security and
integrity of the data maintained.
FUTURE ENHANCEMENT:
REFERENCES:
[1] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in
Cloud Computing V2.1,” Tech. Rep., 2009.