A Mini Project Report

On

PHISHING ATTACK PREVENTION

USING CRYPTOGRAPHY

Submitted in partial fulfillment of the

Requirements for the award of the degree

MASTER OF COMPUTER APPLICATIONS

Submitted By
J. RAJESH (22MC201A22)

Under the guidance of

Ms. B. LAKSHMI PRASANNA
Assistant Professor

Department of Information Technology

ANURAG UNIVERSITY
(Affiliated to JNTU-HYD, Approved by AICTE and NBA
Accredited)
Venkatapur (V), Ghatkesar(M), Medchal-Malkajgiri district,
Hyderabad, Telangana,500088
1
 2022-2024
ANURAG UNIVERSITY
(Affiliated to JNTU-HYD, Approved by AICTE and NBA Accredited)

Venkatapur (V), Ghatkesar (M), Medchal district, Hyderabad, Telangana,500088

Department of Information Technology

CERTIFICATE
This is to certify that the project report entitled “PHISHING ATTACK PREVENTION
USING CRYPTOGRAPHY” is a Bonafide work done and submitted by J. RAJESH
(22MC201A22) in partial fulfillment of the requirements for the award of the degree of Master
of computer Applications from Anurag University, Affiliated to Jawaharlal Nehru
Technological University, Hyderabad during the academic year 2023-2024 and the Bonafide
work has not been submitted elsewhere for the award of any other degree.

Internal Guide H.O.D

Ms.B.LAKSHMI PRASANNA Dr. K. S. Reddy

Assistant Professor Professor

Department of IT Dean, Academics and Planning

External Examiner

2
 ACKNOWLEDGEMENT

We would like to express our sincere thanks to Dr. K.S. Reddy, Dean, Academics and
Planning, Head of the Department of Information Technology, Anurag University, Ghatkesar,
whose motivation in the field of software development has made us to overcome all hardships
during the course of study and successful completion of project.

We would like to express our profound sense of gratitude to all for having helped us in
completing this dissertation. We would like to express our deep-felt gratitude and sincere thanks
to our guide Ms.B.LAKSHMI PRASANNA Assistant Professor, Department of Information
Technology, Anurag University, Ghatkesar, for his skillful guidance, timely suggestions and
encouragement in completing this project.

We extend our sincere thanks to Mr.Vijaya Kumar, Dean, School of Engineering,

Dr. K.S. Reddy, Dean, Academics and Planning, Head of the Department of Information
Technology, of Anurag University, Venkatapur(V), Ghatkesar(M), Medchal-Malkajgiri. Dist,
for their encouragement and constant help.

Finally, we would like to express our heartfelt thanks to our parents who were very supportive
both financially and mentally and for their encouragement to achieve our set goals.

J. RAJESH (22MC201A22)

3
 DECLARATION

This is to Certify that the project work entitled “PHISHING ATTACK PREVENTION
USING CRYPTOGRAPHY” submitted to Anurag University in partial fulfillment of the
requirement for the award of the Degree of Master of Computer Applications (MCA), is an
original work carried out by J. RAJESH (22MC201A22) under the guidance of
Ms.B.LAKSHMI PRASANNA , Assistant Professor in the Department of Information
Technology. This matter embodied in this project is a genuine work, done by the students and
has not been submitted whether the university or to any other university/Institute for the
fulfillment of the requirement of any course of study.

J. RAJESH (22MC201A22)

4
 ABSTRACT

Phishing is an attempt by an individual or a group to thieve personal confidential information

such as passwords, credit card information etc from unsuspecting sufferer for burglary, financial
gain and other criminal activities. The first defense should be strengthening the authentication
mechanism in a web application. A simple username and password based authentication is not
sufficient for web sites providing critical financial transactions. Here we have advised a new way
for phishing websites classification to solve the problem of phishing.

Phishing websites involves a collection of key within its content-parts as well as the browser-
based security indicators provided along with the website. The use of images is try to keep the
privacy of image captcha by dissolve the original image captcha into two shares that are stored in
separate database servers such that the original image captcha can be acknowledged only when
both are available together the individual sheet images do not confess the status of the original
image captcha. Once the original image captcha is announced to the user it can be used as the
password. Several solutions have been suggested to handle phishing.

5
 TABLE OF CONTENTS

TITLE

CHAPTERS PAGE NO

Chapter 1 Introduction

1.1 Overview 9

1.2 Objectives 10

1.3 Problem Statement 11

1.4 Scope of Project 12

1.5 System Requirements 13

1.6 Existing System 14

1.7 Proposed System 14

Chapter 2 Literature Survey 15

Chapter 3 Methodology

3.1 Encryption Methodology 17

3.2 Decryption Methodology 18

3.3 Key Management 18

3.4 Use Cases 19

Chapter 4 Design and Analysis

4.1 Design Objectives 21

4.2 Data Flow Diagrams 21

4.3 Unified Modeling Language 25

4.4 UML Diagrams 27

6
Chapter 5 Usage 29

Chapter 6 Future Improvements 29

Chapter 7 Creation of Code 30

Chapter 8 Algorithm 30

Chapter 9 Flow Chart 31

Chapter 10 Implementation of Code

10.1 DES Algorithm 32

Chapter 11 Testing & Result 35

Chapter 12 Analysis Report 37

Chapter 13 Future Scope 38

Chapter 14 Conclusion 41

Chapter 15 References 42

7
 LIST OF FIGURES

Figure Number Name of Figure Page Number

Fig.1.1 Flow chart model 32
Data Encryption
Standard (DES).
Fig.1.2 Demonstration of 35
message to encrypt.

Fig.1.3 Demonstration of 36
encryption data
Fig.1.4 Demonstration of 36
decrypted data

1. INTRODUCTION

8
1.1 Overview

Online transactions are nowadays become very common and there are various attacks present
behind this. In these types of various attacks, phishing is determined as a major security threat
and new inventive ideas are rising with this in each second so defending mechanism should also
be so powerful. Thus the security in these cases be very high and should not be easily tractable
with implementation easiness. Today, most applications are only as secure as their basic system.
Since the design and technology of middleware has improved regularly, their detection is a
difficult problem. As a result, it is nearly impossible to be sure whether a computer that is
connected to the internet can be considered believable and secure or not.

Phishing blackmail are also becoming a problem for online banking and ecommerce users. The
query is how to handle applications that needs a high level of surveillance. Phishing is a form of
online identity theft that plans to take responsive information such as online banking passwords
and credit card information from users. Phishing scams have been receiving huge press coverage
because such attacks have been expanded in number and elegance. one definition of phishing is
given as “it is a criminal activity using social engineering techniques.

Phishers attempt to dishonestly acquire precise information, such as passwords and credit card
details, by pretend as a trustworthy person or business in an electronic communication”. The
conduct of identity theft with this acquired sensitive information has also become easier with the
use of technology and identity theft can be described as “a crime in which the impostor obtains
key pieces of information such as Social Security and driver's license numbers and uses them for
his or her own gain”.

Communication channels such as email, WebPages, IRC and instant messaging services are
popular. In all cases the phisher must act like a trusted source for the user to believe. To date, the
most successful phishing attacks have been initiated by email – where the phisher impersonates
the sending authority So here introduces a new method which can be used as a safe way against
phishing which is named as "A novel approach against Anti-phishing using visual
cryptography". As the name suggests ,here the website cross checks its own identity and
confirms that it is a trusted website (to use bank transaction, Ecommerce and online booking
system etc.) before the end users and make the both the sides of the system secure as well as an
authenticated one. The approach of image processing and an improved visual cryptography is
used.

9
1.2 Objectives

Cryptography plays a crucial role in preventing and mitigating phishing attacks by focusing on
specific objectives aimed at securing communication, authenticating entities, and safeguarding
sensitive information. The primary objectives of cryptography in the prevention of phishing
attacks include

1.Secure Communication Channels:

The use of cryptographic protocols, such as TLS (Transport Layer Security) for secure
communication over the internet, helps protect data in transit. This is crucial for preventing man-
in-the-middle attacks that could intercept sensitive information.

2. Digital Signatures:

Digital signatures can be used to verify the authenticity of a message or sender. This can help
users confirm the legitimacy of emails or messages they receive, reducing the risk of falling for
phishing attempts.

3. Public Key Infrastructure (PKI):

PKI is a framework that manages digital keys and certificates, providing a way to verify the
identity of entities in a communication. It can be used to establish secure communication
channels and authenticate websites, reducing the risk of phishing.

4. End-to-End Encryption:

Implementing end-to-end encryption in messaging and communication platforms ensures that

only the intended recipients can access the content of messages. This prevents unauthorized
parties, including phishing attackers, from intercepting and reading sensitive information.

10
5. Multi-Factor Authentication (MFA):

While not strictly cryptographic, MFA adds an extra layer of security by requiring users to
provide multiple forms of identification. Cryptographic tokens or codes generated through
algorithms are often part of the MFA process.

It's important to note that even with strong cryptographic measures in place, user education and
awareness are crucial components of a comprehensive security strategy. Phishing attacks often
exploit human vulnerabilities, so a holistic approach that combines technical measures with user
training is essential for effective cybersecurity.

1.3 Problem statement

The problem statement for using cryptography to protect against phishing attacks involves
addressing the limitations of current security measures in mitigating the risks associated with
social engineering and deceptive tactics employed by attackers. Phishing attacks exploit human
vulnerabilities to trick individuals into divulging sensitive information, such as login credentials
or financial details. While cryptography is a powerful tool for securing data, it faces challenges
in directly addressing the complex nature of phishing attacks. The problem can be outlined as
follows

1.Human Factor Exploitation:

Phishing attacks primarily target the human element through social engineering, making
individuals susceptible to manipulation. Cryptography alone cannot prevent users from being
deceived by deceptive emails, fake websites, or fraudulent communications.

2.Lack of User Authentication:

Many phishing attacks rely on impersonation tactics, where attackers pretend to be legitimate
entities. While cryptography can provide secure communication channels, it may not directly
authenticate the legitimacy of the entities involved, leaving users vulnerable to phishing
attempts.

11
3.Email Spoofing and Identity Deception:
Phishers often employ techniques like email spoofing to create messages that appear to come
from trusted sources. Cryptographic measures, such as digital signatures, can help verify the
integrity of messages, but they may not be widely adopted or easily understood by all users.

4.Difficulty in Verifying Website Authenticity:

Cryptography can secure website communication through protocols like HTTPS, but users may
struggle to differentiate between legitimate and phishing websites. Attackers often use look-alike
URLs or employ tactics to make malicious sites appear secure, bypassing cryptographic
protections.

5.Limited Impact on Stolen Credentials:

Even if login credentials are encrypted during transmission, once a user falls victim to a phishing
attack and divulges their information, cryptography alone cannot prevent unauthorized access by
attackers who possess valid credentials.

1.4 Scope of Project

The scope of a project focused on using cryptography to protect against phishing attacks can be
broad and multifaceted, encompassing various aspects of cybersecurity. The project could
involve a combination of technical, educational, and policy-related initiatives. Below is a
suggested scope for such a project

1. Understanding the Threat Landscape:

Conduct a comprehensive analysis of the current phishing threat landscape, identifying common
attack vectors, tactics, and techniques employed by attackers. This understanding will inform the
development of effective countermeasures.

2. Cryptographic Protocols and Technologies:

12
Explore and implement state-of-the-art cryptographic protocols and technologies that can
enhance the security of communication channels, email systems, and online interactions. This
may include the use of digital signatures, encryption algorithms, and secure key management.

3. User Education and Awareness:

Design and implement a comprehensive user education program focused on raising awareness
about phishing threats and promoting best practices. This may include tutorials, simulated
phishing exercises, and the dissemination of educational materials.

1.5 System Requirements

Software Requirements

The minimum requirements for detection and prevention of phishing attacks are:
 Operating System : Windows 2000/XP
 Documentation Tool : Ms word 2000
 Programming Tools : Java

Hardware Requirements

The minimum hardware requirements are:

 Hard disk : 20 GB and above

 RAM : 256 MB and above
 Processor speed : 1.6 GHz and above

1.6 Existing System

13
Cryptography itself is not a direct solution for preventing phishing attacks. Phishing attacks
typically involve social engineering, where attackers attempt to trick individuals into revealing
sensitive information such as usernames, passwords, or financial details. While cryptography
plays a crucial role in securing communication channels and data, it may not directly address the
human factors exploited in phishing attacks.

That being said, encryption and cryptographic techniques can contribute to overall security
measures that help protect against various types of cyber threats, including phishing. Here are
some ways in which cryptography can be applied within the broader context of security

1.7 Proposed System

A proposed system for cryptography in the prevention of phishing attacks involves incorporating
cryptographic techniques and best practices to mitigate the risks associated with phishing threats.
The goal is to secure communication channels, authenticate entities, and protect sensitive
information from unauthorized access. Below is an outline of a proposed system for
cryptography in the prevention of phishing attacks

2. LITERATURE SURVEY

As of my last knowledge update in January 2022, I don't have access to a specific literature
survey on the topic of cryptography for the prevention of phishing attacks. However, I can
provide you with a general overview of key themes and areas of research in this domain. Keep in
mind that new research and publications may have emerged since then.

1. Email Authentication Protocols:

14
Literature often discusses the effectiveness of email authentication protocols like SPF, DKIM,
and DMARC in preventing email spoofing and phishing. Researchers explore the
implementation challenges and propose improvements to enhance email security.

2. Cryptography in Multi-Factor Authentication (MFA):

Studies may investigate the role of cryptography in strengthening authentication processes,
including the use of cryptographic tokens or biometrics in multi-factor authentication systems.

3. End-to-End Encryption in Messaging Platforms:

Research explores the adoption of end-to-end encryption in messaging apps to secure
communications and prevent phishing attacks that target users through deceptive messages.

4. Behavioral Analysis and Cryptography:

Some literature delves into the combination of cryptographic methods with behavioral analysis to
identify phishing attempts. This includes research on anomaly detection and user behavior
profiling.

5. Secure Login Processes:

Studies may focus on the cryptographic aspects of securing login processes, including the use of
secure communication protocols (e.g., HTTPS) and advanced cryptographic techniques to
protect user credentials.

6. Phishing Detection and Response:

Literature may address cryptographic methods for the detection of phishing attempts, as well as
cryptographic approaches to incident response and mitigation strategies following a successful
phishing attack.

7. Cryptographic Solutions for Identity Verification:

15
Researchers explore cryptographic mechanisms, including the use of digital certificates and
public-key infrastructure, to enhance the verification of identities in online interactions and
reduce the risk of impersonation.

8. User Education and Cryptographic Awareness:

Some literature may discuss the importance of user education in understanding cryptographic
measures for preventing phishing attacks. This includes studies on the effectiveness of
educational programs and awareness campaigns.

9. Blockchain and Cryptographic Trust Models:

Research may investigate the role of blockchain technology and cryptographic trust models in
enhancing the security of online transactions and communication, with potential applications in
preventing phishing.

10. Human Factors and Usability in Cryptographic Solutions:

Literature may address the usability challenges associated with cryptographic solutions and
explore ways to design user-friendly systems that effectively prevent phishing attacks without
overwhelming end-users.

When conducting a literature survey, you can use academic databases such as IEEE Xplore,
PubMed, or Google Scholar to search for recent publications and research papers. Relevant
keywords include "cryptography," "phishing prevention," "email security," "authentication
protocols," and similar terms. Reading through recent conference proceedings, journals, and
academic papers can provide a comprehensive understanding of the current state of research in
the field.

3.METHODOLOGY
16
The methodology of encryption and decryption involves transforming data in a way that ensures
confidentiality and privacy. Encryption is the process of converting plaintext into ciphertext,
making it unreadable without the proper decryption key. Decryption is the reverse process,
converting ciphertext back into plaintext using the decryption key. Here's an overview of the
methodology

3.1 Encryption Methodology:

Select a Cryptographic Algorithm:

Choose a suitable encryption algorithm based on your security requirements. Common
symmetric encryption algorithms include AES (Advanced Encryption Standard), DES (Data
Encryption Standard), and Blowfish.

Generate Encryption Key:

Generate a secret encryption key. The security of the encryption relies on the strength and
secrecy of this key.

Apply Encryption Algorithm:

Use the chosen algorithm and the encryption key to transform the plaintext into ciphertext. This
process may involve several rounds of substitution, permutation, and other operations depending
on the algorithm.

Store or Transmit Ciphertext:

Store or transmit the ciphertext securely. The encrypted data is safe from unauthorized access
without the decryption key.

3.2 Decryption Methodology:

Retrieve Ciphertext:

17
Obtain the ciphertext either from storage or during transmission.

Generate Decryption Key:

Use the same encryption key used for encryption to generate the decryption key. Symmetric
encryption requires the same key for both encryption and decryption.

Apply Decryption Algorithm:

Utilize the chosen decryption algorithm and the decryption key to reverse the encryption process,
converting the ciphertext back into plaintext.

Retrieve Plaintext:
Obtain the decrypted plaintext, making the original data readable and usable.

3.3 Key Management:

Key Generation:
Use a secure method to generate cryptographic keys. Key generation is a critical aspect of
encryption, and keys should be generated randomly with sufficient entropy.

Key Distribution:
Safely distribute encryption keys to authorized parties. For symmetric encryption, both the
sender and the receiver must possess the same secret key.

Key Storage:
Protect encryption keys from unauthorized access. Proper key management includes secure
storage to prevent key compromise.

18
Key Rotation:
Implement key rotation strategies to periodically change encryption keys. Regularly updating
keys enhances security.

3.4 Use Cases:

Data Encryption at Rest:

Encrypt sensitive data stored on disks or databases to protect it from unauthorized access.

Data Encryption in Transit:

Use encryption to secure data during transmission over networks, such as HTTPS for web
communication.

End-to-End Encryption:
Implement end-to-end encryption to secure communication between two parties, ensuring that
only the intended recipients can access the plaintext.

File Encryption:
Encrypt files or entire directories to protect their contents from unauthorized access.

Database Encryption:

Encrypt sensitive data within a database to safeguard it from potential breaches .

Communication Encryption:
Secure communication channels using encryption to prevent eavesdropping and man-in-the-
middle attacks.

19
Remember, the choice of encryption algorithms and key management practices should align with
the specific security requirements and the nature of the data being protected. Always follow
best practices and stay informed about advancements in cryptography to maintain a secure
approach.

4. DESIGN AND ANALYSIS

4.1 DESIGN OBJECTIVES:

Design is the first step in moving from problem domain to the solution domain. Design
is essentially the bridge between requirements specification and the final solution.

The goal of design process is to produce a model or representation of a system, which can
be used later to build that system. The produced model is called the “Design of the System”. It
is a plan for a solution for the system.

4.2 DATA FLOW DIAGRAMS

A data flow diagram is graphical tool used to describe and analyze

movement of data through a system. These are the central tool and the basis from which the other
20
components are developed. The transformation of data from input to output, through processed,
may be described logically and independently of physical components associated with the
system. These is known as the logical data flow diagrams. The physical data flow diagrams show
the actual implements and movement of data between people, departments and workstations. A
full description of a system actually consists of a set of data flow diagrams. Using two familiar
notations Yourdon, Gane and Sarson notation develops the data flow diagrams. Each component
in a DFD is labeled with a descriptive name. Process is further identified with a number that will
be used for identification purpose. The development of DFD’S is done in several levels. Each
process in lower level diagrams can be broken down into a more detailed DFD in the next level.
The top-level diagram is often called a “context diagram”.

Context Diagram:

It contains a single process, but it plays a very important role in studying the
current system. The context diagram defines the system that will be studied in the sense that it
determines the boundaries. Anything that is not inside the process identified in the context
diagram will not be part of the system study. It represents the entire software element as a single
bubble with input and output data indicated by incoming and outgoing arrows respectively.

A DFD is also known as a “bubble chart” has the purpose of clarifying system requirements and
identifying major transformations that will become programs in system design. So it is the
starting point of the design to the lowest level of detail. A DFD consists of a series of bubbles
joined by data flows in the system.

DFD SYMBOLS:

In the DFD, there are four symbols

1. A square defines a source(originator) or destination of system data

2. An arrow identifies data flow. It is the pipeline through which the information flows.
Data move in a specific direction from an origin to a destination.
3. A circle or a bubble represents a process that transforms incoming data flow into
outgoing data flows.

21
 4. An open rectangle is a data store, data at rest or a temporary repository of data

Symbols Elementary references

Process that transforms data flow

Data Flow

Source or Destination of data

Data Store

CONSTRUCTING A DFD:

Several rules of thumb are used in drawing DFD’S:

1. Process should be named and numbered for an easy interface. Each name should be
representative of the process.

2. The direction of flow is from top to bottom and from left to right. Data traditionally flow
from source to the destination although they may flow back to the source. One way to
indicate this is to draw long flow line back to a source. An alternative way is to repeat the
source symbol as a destination. Since it is used more than once in the DFD it is marked
with a short diagonal.
3. When a process is exploded into lower level details, they are numbered.

22
 4. The names of data stores and destinations are written in capital letters. Process and
dataflow names have the first letter of each work capitalized.
A DFD typically shows the minimum contents of data store. Each data store
should contain all the data elements that flow in and out.
Questionnaires should contain all the data elements that flow in and out.
Missing interfaces redundancies and like is then accounted for often through interviews.

Salient features of DFD’S:

1. The DFD shows flow of data, not of control loops and decision are controlled
considerations do not appear on a DFD.
2. The DFD does not indicate the time factor involved in any process whether the data
flow take place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD.
Types of data flow diagrams

DFD’s are of two types

(a) Physical DFD

(b) Logical DFD

1. Physical DFD:

Structured analysis states that the current system should be first understand
correctly. The physical DFD is the model of the current system and is used to ensure that the
current system has been clearly understood. Physical DFDs shows actual devices, departments,
and people etc., involved in the current system

2. Logical DFD:

Logical DFDs are the model of the proposed system. They clearly should show the
requirements on which the new system should be built. Later during design activity this is taken
as the basis for drawing the system’s structure charts.

23
RULES GOVERNING THE DFD’S:

PROCESS

1. No process can have only outputs.

2. No process can have only inputs. If an object has only inputs than it must be a sink.

3. A process has a verb phrase level.

DATA STORE

1. Data cannot move directly from one data store to another data store, a process must move
data.

2. Data cannot move directly from an outside source to a data store, a process, which
retrieves, must move data from the source and place the data into data store.

3. A data store has a noun phrase level.

4.3 UNIFIED MODELING LANGUAGE:

UML stands for Unified Modeling Language are a third generation method for specifying,
visualizing and documenting the artifacts of an object oriented system under development.
Object modeling is the process by which the logical objects in the real world (problem space) are
represented (mapped) by the actual objects in the program (logical or a mini world). This visual
representation of the objects, their relationships and their structures is for the ease of
understanding. This is a step while developing any product after analysis.

The goal from this is to produce a model of the entities involved in the project which later
need to be built. The representations of the entities that are to be used in the product being
developed need to be designed.
24
 Software design is a process that gradually changes as various new, better and more
complete methods with a broader understanding of the whole problem in general come into
existence.

The Unified Modeling Language encompasses a number of models.

 Use case diagrams

 Class diagrams
 Sequence diagrams

USECASE DIAGRAM

Use case diagram consists of use cases and actors and shows the interaction between them. The
key points are:

 The main purpose is to show the interaction between the use cases and the actor.

 To represent the system requirement from user’s perspective.

 The use cases are the functions that are to be performed in the module.

 An actor could be the end-user of the system or an external system.

CLASS DIAGRAM

Class Diagram consists of the classes and the objects and the interaction between them. It
mainly deals with the interaction between classes in the system, their behavior and properties of
the system. Apart from classes this also provides inheritance relationships in the project. Class
diagrams consist of basically two parts: first one is the member variables and class variables and
the second part consists of the total number of methods available in the class.

SEQUENCE DIAGRAM

25
 The purpose of sequence diagram is to show the flow of functionality through a use case. In
other words, we call it a mapping process in terms of data transfers from the actor through the
corresponding objects.

The key points are:

 The main purpose is to represent the logical flow of data with respect to a process

 A sequence diagram displays the objects and not the classes.

4.4 UML DIAGRAMS

USE CASE DIAGRAM

26
CLASS DIAGRAM:

27
 5.USAGE
1.Fractioning of the text into 64-bit blocks
2.Initial permutation of blocks
28
3.Breakdown of the blocks into two parts: left and right, named L and R
4.Permutation and substitution steps repeated 16 times
5.Re-joining of the left and right parts then inverse initial permutation

6.FUTURE IMPROVEMENTS

The cryptography prevention of phishing attacks project lays the groundwork for future
enhancements and refinements.

 Graphical User Interface (GUI):

Implement a GUI for a more intuitive and user-friendly experience.

 Advanced Security Measures:

Explore and implement additional security measures, such as rate limiting and protection against
common attacks.

 Extended User Management Features:

Enhance user management features, including password recovery and account deletion.

7. CREATION OF CODE

DES is a symmetric encryption system that uses 64-bit blocks, 8 bits of which are used for parity
checks. The key therefore has a "useful" length of 56 bits, which means that only 56 bits are
actually used in the algorithm. The algorithm involves carrying out combinations, substitutions
and permutations between the text to be encrypted and the key, while making sure the operations
can be performed in both directions. The key is ciphered on64 bits and made of 16 blocks of 4

29
bits, generally denoted k1 to k16. Given that "only" 56 bits are actually used for encrypting,
there can be 256 different keys.

8. ALGORITH

STEP-1: Read the 64-bit plain text.

STEP-2: Split it into two 32-bit blocks and store it in two different arrays.

STEP-3: Perform XOR operation between these two arrays.

STEP-4: The output obtained is stored as the second 32-bit sequence and the original second 32-
bit sequence forms the first part.

STEP-5: Thus the encrypted 64-bit cipher text is obtained in this way. Repeat the same
process for the remaining plain text characters.

9. FLOW CHART

30
Fig.1.1 flowchart model for Data Encryption Standard (DES).

10. IMPLEMENTATION OF CODE

10.1 DES Algorithm

31
DES.java

import javax.swing.*;

import java.security.SecureRandom; import javax.crypto.Cipher;

import javax.crypto.KeyGenerator; import javax.crypto.SecretKey;

import javax.crypto.spec.SecretKeySpec; import java.util.Random ;

class DES {

byte[] skey = new byte[1000]; String skeyString;

static byte[] raw;

String inputMessage,encryptedData,decryptedMessage; public DES()

try

generateSymmetricKey(); inputMessage=JOptionPane.showInputDialog(null,"Enter message to

encrypt");

byte[] ibyte = inputMessage.getBytes(); byte[] ebyte=encrypt(raw, ibyte);

String encryptedData = new String(ebyte); System.out.println("Encrypted message

"+encryptedData); JOptionPane.showMessageDialog(null,"Encrypted Data "+"\
n"+encryptedData);

byte[] dbyte= decrypt(raw,ebyte);

String decryptedMessage = new String(dbyte); System.out.println("Decrypted message

"+decryptedMessage); JOptionPane.showMessageDialog(null,"Decrypted Data "+"\
n"+decryptedMessage);

32
}

catch(Exception e)

System.out.println(e);

void generateSymmetricKey() { try {

Random r = new Random(); int num = r.nextInt(10000);

String knum = String.valueOf(num); byte[] knumb = knum.getBytes();

skey=getRawKey(knumb);

skeyString = new String(skey);

System.out.println("DES Symmetric key = "+skeyString);

catch(Exception e)

System.out.println(e);

private static byte[] getRawKey(byte[] seed) throws Exception

33
{

KeyGenerator kgen = KeyGenerator.getInstance("DES"); SecureRandom sr =

SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed);

kgen.init(56, sr);

SecretKey skey = kgen.generateKey(); raw = skey.getEncoded();

return raw;

private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {

SecretKeySpec skeySpec = new SecretKeySpec(raw, "DES");

Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

byte[] encrypted = cipher.doFinal(clear); return encrypted;

private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception

SecretKeySpec skeySpec = new SecretKeySpec(raw, "DES");

Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.DECRYPT_MODE, skeySpec);

byte[] decrypted = cipher.doFinal(encrypted); return decrypted;

public static void main(String args[]) { DES des = new DES();

34
 11. TESTING AND RESULT

Fig.1.2. demonstration of message to encrypt.

35
Fig.1.3. demonstration of encryption data.

Fig.1.4. demonstration of decrypted data.

36
 12. ANALYSIS REPORT

The Data Encryption Standard (DES) was a symmetric-key algorithm widely used for encryption
of electronic data. However, it has been largely replaced by more secure algorithms due to its
vulnerability to brute-force attacks. Here's an analysis report on DES

1.Background
Description: DES is a block cipher that operates on 64-bit blocks of data with a 56-bit key. It
was adopted as a federal standard in 1977 by the National Institute of Standards and Technology
(NIST) in the United States.

Use Cases: Originally used for a wide range of applications, including financial transactions,
email encryption, and secure communication.

2. Keyfeatures:
Block Size: 64 bits.

Key Size: 56 bits.

Feistel Network: DES uses a Feistel network structure, where the data block is divided into two
halves, and a series of operations are performed on each half.

3. Strengths:
Widely Adopted: DES was widely adopted and served as the de facto encryption standard for
many years.

Feistel Structure: The Feistel network structure provides a balanced approach to encryption and
decryption.

4. Weaknesses and Vulnerabilities:

Key Length: The key length of 56 bits became a significant vulnerability as computational
power increased, making DES susceptible to brute-force attacks.

Security Concerns: Research demonstrated vulnerabilities, and DES was gradually replaced by
more secure algorithms.

Known Attacks: Differential cryptanalysis and linear cryptanalysis demonstrated effective

attacks against DES.

37
 13. FUTURE SCOPE

The field of encryption is dynamic, and ongoing research and development continually strive to
enhance the security and efficiency of cryptographic techniques. Here are some potential future
improvements in encryption:

1. Quantum-Safe Cryptography:
As quantum computers advance, they pose a threat to current public-key cryptography (e.g.,
RSA and ECC). Quantum-safe cryptographic algorithms, such as lattice-based cryptography or
hash-based cryptography, are being explored to resist quantum attacks.

2. Post-Quantum Cryptography Standardization:

Standardization efforts are underway to identify and establish post-quantum cryptographic
algorithms that can replace current algorithms vulnerable to quantum attacks. This includes
efforts by organizations like NIST (National Institute of Standards and Technology).

3. Homomorphic Encryption:
Homomorphic encryption allows computations to be performed on encrypted data without
decrypting it. Advancements in making homomorphic encryption more practical for real-world
applications could greatly enhance privacy and security in cloud computing scenarios.

4. Zero-Knowledge Proofs:
Zero-knowledge proofs allow one party (the prover) to prove to another party (the verifier) that
they know a specific piece of information without revealing the information itself. These could
find applications in authentication and identity verification.

5. Fully Homomorphic Encryption:

38
Fully homomorphic encryption enables both addition and multiplication operations on encrypted
data. Improvements in efficiency and performance could lead to broader adoption in secure data
processing applications.

6. Blockchain and Distributed Ledger Technologies:

Cryptographic techniques play a pivotal role in securing blockchain networks. Ongoing research
aims to improve the efficiency and scalability of cryptographic algorithms within blockchain
protocols while maintaining a high level of security.

7. Post-Quantum Secure Cryptographic Protocols:

Beyond just replacing current algorithms, there's ongoing work on designing entirely new
cryptographic protocols that are inherently secure against quantum attacks. This includes
research on secure multi-party computation and secure communication protocols.

8. Lightweight Cryptography:
With the rise of IoT devices and resource-constrained environments, there is a growing need for
lightweight cryptographic algorithms that maintain a balance between security and efficiency.

9. Advancements in Key Management:

Improvements in key management systems, including better methods for key generation,
distribution, and storage, are critical for maintaining the overall security of encrypted systems.

10. Security in a Post-Quantum World:

Preparing for the post-quantum era involves not only replacing cryptographic algorithms but also
rethinking security architectures. Research on security models that withstand quantum attacks
will be essential.

11. Interoperability and Standardization:

39
Ensuring interoperability between various cryptographic implementations and standardization
efforts are crucial for widespread adoption and seamless integration of secure communication
systems.

12. Usability and User Education:

Enhancements in making cryptographic tools more user-friendly and increasing user awareness
of encryption practices are essential for widespread adoption and effective security.

The future of encryption will likely involve a combination of advancements in

mathematical techniques, algorithmic improvements, and the development of secure systems
tailored to emerging technologies and threats. Collaboration between researchers, industry
professionals, and policymakers will be key to achieving these advancements while addressing
the evolving landscape of cybersecurity.

40
 14. CONCLUSION

Phishing has becoming a serious network security problem, causing finical lose of billions of
dollars to both consumers and e-commerce companies. And perhaps more fundamentally,
phishing has made e-commerce distrusted and less attractive to normal consumers. In this paper,
we have studied the characteristics of the hyperlinks that were embedded in phishing e-mails.
We then designed an anti-phishing algorithm, Link Guard, based on the derived characteristics.
Since Phishing Guard is characteristic based, it can not only detect known attacks, but also is
effective to the unknown ones.

The information security can easily be achieved by cryptography algorithm techniques a large
number of encryption algorithm have been developed for securing confidential data from the
cyberpunks. The aim of current Cryptography is to prevent data from hackers. The strength of
the system is dependent on the length of the key. But to achieve this a large computational time
is required, giving a large delay which can be harmful to us. The use of FPGAs can
help us to improve this limitation because FPGAs can give enhanced speed. This is due to fact
that the hardware implementation of most encryption algorithms can be done on FPGA. The
proposed scheme for DES algorithm has been optimised on the time required to generate the
keys or decode data. The algorithm and coding has been implemented on Model-Sim software
with the help of VHDL language. The synthesis has been done on Xilinx FPGA (Xilinx 9.1e)
and the faster clock frequency has been observed in comparison with classical DES.

41
 15. REFERENCES
Androutsopoulos, J. Koutsias, K.V. Chandrinos, and C.D. Spyropoulos. An Experimental
Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Encrypted
Personal E-mail Message.In Proc. SIGIR 2000, 2000.

 The Anti-phishing working group. http://www.antiphishing.org/.

 Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh, and John C.Mitchell. Client-
side defense against web-based identity theft. In Proc.NDSS 2004, 2004.
 Cynthia Dwork, Andrew Goldberg, and Moni Naor. On Memory-Bound Functions for
Fighting Spam. In Proc. Crypto 2003, 2003.
 EarthLink. ScamBlocker. http://www.earthlink.net/software/free/toolbar/.
 David Geer. Security Technologies Go Phishing. IEEE Computer, 38(6):18–21, 2005.
 John Leyden.Trusted search software labels fraud site as ’safe’
http://www.theregister.co.uk/2005/09/27/untrusted search/.
 Microsoft.Sender ID
Framework.http://www.microsoft.com/mscorp/safety/technologies/senderid/
default.mspx.
 Netcraft. Net craft toolbar. http://toolbar.netcraft.com/.
 PhishGuard.com.Protect Against Internet Phishing Scams .http://www.phishguard.com/.
 Jonathan B. Postel. Simple Mail Transfer
Protocol.RFC821:http://www.ietf.org/rfc/rfc0821.txt.
 Georgina Stanley. Internet Security-Gone phishing. http://www.cyota.com/news.asp?
id=114.
 MengWengWong. Sender ID SPF. http://www.openspf.org/whitepaper.pdf. 7

42