DESIGN AND IMPLEMENTATION OF SECURITY MANAGEMENT

USING DATA ENCRYPTION AND DECRYPTION TECHNIQUE

(A CASE STUDY OF M.I.S ABDU- GUSAU POLYTECHNIC)

TABLE OF CONTENTS

Title Page

Declaration

Certification

Acknowledgment

Dedication

Table of Contents

Abstract

CHAPTER ONE

INTRODUCTION

1.1 Background of the Study

1.2 Statement of the Problems

1.3 Research questions

1.4 Significance of the Study

1.5 Aim and Objectives of the Study

1.6 Scope and Limitations of the Study

1.7 Definition of some terms

CHAPTER TWO

LITERATURE REVIEW

2.1 Introduction

2.2 Overview of Security

2.3 Review of Related Work

2.4 Understanding Security Protocol

2.5 Data Encryption Overview

2.6 The Rijndael Algorithm (Advanced Encryption Standard)

2.7 The AES Cipher

2.8 Analysis of the Current System

2.9 Analysis of Proposed System

2.10 Types of security Management System

CHAPTER THREE

METHODOLOGY

ii
3.1 Introduction

3.2 System Analysis Design

3.3 Objective of Design

3.4 Software Design Methodology

3.5 Rapid Application Development {RAD}

3.6 Choice of Programming Language

3.7 Overall System Dataflow Diagram

3.8 Application Dashboard and Menu Design

3.9 Algorithm for Each Module

3.10 Design of Input and Output Format

3.11 Creating a Protocol between Parties

CHAPTER FOUR

DATA ANALYSIS/RESULT/FINDINGS AND DISCUSSION

4.1 Introduction

4.2 Overview of the Implementation

4.3 Hardware and Software Requirement

4.4 Procedure for Software Installation

4.5 Launching the Application

4.6 System Documentation

iii
4.7 System User Guide

4.8 Results/Finding

4.9 Problems Encountered and Solution

4.10 Discussion

CHAPTER FIVE

SUMMARY, CONCLUSION AND RECOMMENDATIONS

5.1 Introduction

5.2 Summary

5.3 Conclusion

5.4 Recommendation

REFERENCE

APPENDIX I SOURCE CODE

LIST OF FIGURES/TABLES

iv
Figure 2.1 Encrypting and decrypting with a key

Figure 2.2 The AES byte representation

Figure 3.1 The system dataflow diagram

Figure 3.2 Application dashboard

Figure 3.3 Application login window

Figure 3.4 File encryption process

Figure 3.5 File decryption process

Figure 3.6 Security protocol description

Table 3.1 Acceptable input formats

Table 4.1 Hardware and Software Requirements

v
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

CHAPTER ONE

INTRODUCTION

1.1 Background of the Study

Digital security today has taken a new dimension, a new style and a strategic

approach which tends to secure data travelling across the globe through a public

vehicle called the internet. Data cannot be over-secured with the available

threats that can turn to reality, small or large, minor or important; there is a need

to build a secure wall around them (AnandaMitra 2010). The traditional method

most computer users use in securing data is to lock them with applications, use

passwords from programs like Microsoft Word, Excel and PowerPoint. This

method is same as no protection especially when data contain useful details that

need to be enclosed by two parties such as pay slips, financial records, military

data’s and more.

Data encryption is a useful form of doing this; it employs technique that locks

out information from any unauthorized user. Nowadays, data can be hijacked

and cracked with intense logic, exposure to facts and experience inM.I.S-

management information security as well. With this in view, there is need to do

even more to ensure that sensitive data is protected through its life-cycle. This

will create a sense of security and assurance that the transited information is

locked-out to only authorized personnel. However, the fact remains that any

data that is exposed to a third-party stand a chance to be compromised no matter

6
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

how secure, it may only take some time. This process may be attempted for so

many reasons best known to the person.

Hacking has gained its ground in countries where MIS has stood very firm like

USA, England, Canada, India etc., most of our security systems are built by

these same professional hackers. Cyber-attack is also a way to gain access to

personal, business or government systems and compromise sensitive data’s

which may not be protected or lightly protected. Data’s sent over the internet

are open to hijackers who can sniff them from the network, our mailboxes,

secured cloud storage systems etc. at little or no cost.

Encryption has long been used by military and governments to facilitate secret

communication. It is now commonly used in protecting information within

many kinds of civilian systems. For example, the Computer Security Institute

reported that in 2007, 71% of companies surveyed utilized encryption for some

of their data in transit, and 53% utilized encryption for some of their data in

storage. Encryption can be used to protect data "at rest", such as information

stored on computers and storage devices (e.g. USB flash drives). In recent years

there have been numerous reports of confidential data such as customers'

personal records being exposed through loss or theft of laptops or backup

drives. Encrypting such data at rest helps protect them should physical security

measures fail. Digital rights management systems, which prevent unauthorized

use or reproduction of copyrighted material and protect software against reverse

7
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

engineering (see also copy protection), is another somewhat different example

of using encryption on data at rest.

Encryption is also used to protect data in transit, for example data being

transferred via networks (e.g. the Internet, e-commerce), mobile telephones,

wireless microphones, wireless intercom systems, Bluetooth devices and bank

automatic teller machines. There have been numerous reports of data in transit

being intercepted in recent years. Data should also be encrypted when

transmitted across networks in order to protect against eavesdropping of

network traffic by unauthorized users.

This study aims to create a new protocol for data’s security which will be based

on the Advanced Encryption Standard (AES) which is a specification for the

encryption of electronic data established by the US National Institute of

Standards and Technology (NIST).

1.2 Statement of the Problems

Due to the numerous damages that can be done to a computer connected to the

internet, one of which is to implant spywares and viruses to monitor and send

user data to a hacker, computer users like MIS-management information system

faces lots of problems in handling these challenges which can be disastrous to

corporate firms, governments arms and other parastatals. These problems

includes

i. Unauthorized access to personal computer and data

8
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

ii. Lack of security enforcement on sensitive data

iii. Usage of non-trusted software to secure valuable data

iv. Existing security systems fail to create a single link between data

transferred by two parties

v. Easy breakage into data which tends to be secured

Weak security and encryption standards are found in data created by most

applications such as Microsoft Word, Excel, database data and special purpose

reports.

1.3 Research question

Below are some of the questions encountered during the research:

 Can designing and implementation of Advanced Encryption Standard be

a solution to unauthorized access to personal computer and data?

 May the supply of security majors help in solving lack of security

enforcement on sensitive data?

 When AES (Advance Encryption Standard) and Data Encryption

Standard where used in designing cryptography can the result be solution

to non-trusted software to secure the valuable data?

 Can provisions of link between the data transfer by the two parties bridge

the gap between the parties?

 Can Design and implementation of this software using cryptography

secure the data which is easily broken before?

9
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

1.4 Significance of the Study

Security is a part of MIS (Management information Security) that cannot be

ignored in any form; any small hole identified in any system can become a large

road for illegal and traceless movements which can do damages to our data.

This study is therefore important since

i. It creates a secure environment for exchanging data

ii. It gives a clear knowledge of how sensitive and important data can be

protected

This study uses a deep programming approach to bring life to the basics of this

work

1.5 Aim and Objectives of the Study

This study is a developmental research which employs the Advanced

Encryption Standard to build a security protocol for data which are highly

sensitive to the owner a case study of MIS- informationsystem

AbduGusaupolytechnic. It combines an already existing security format with a

new approach to aid data security in the 21st century. it aims

i. To develop a security protocol for sensitive and valuable data

ii. To build a system based on AES and user key of choice to give a very

high level of security

iii. To develop a simple but well-structured system which can handle data

encryption and decryption

10
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

iv. To provide a new technique that will enhance the integrity of data which

are transferred over the internet or any other form

v. To expose the importance of using AES in data security

1.6 Scope and Limitation of the Study

This research scope covers the message security, message integrity, user’s

authentication and key management of message.

These data can be of any format and any size which will be processed at a very

high rate. The software is meant to work in accordance to the aims and

objectives stated above to tackle the stated problems. Also it is built as a

desktop application which will run only on windows machine.

Some constraint identified in this research is the amount of time available to

build the software, availability of experienced MIS security personnel’s or

hackers to fully try their best on the output of the project.Searching information

about computer security through Data Encryption and another problem since the

secrete key has to be sent to the receiver of the encrypted data, it is hard to

securely pass the key over the network to the receiver.

1.7 Definitionof SomeTerms

 IMPLEMENTATION; is the carrying out, execution, or practice of a plan, a

method, or any design, idea, model, specification, standard or policy of doing

11
 For more project topics and materials visit: https://www.classgist.com
Enquiries: https://www.classgist.com/contactus.aspx

something. Is the action that must follow any preliminary thinking in order for

something to actually happen.

 SECURITY; the set of access control and permission that are used to determine

if a server can grant a request for a service or resource from a client.

 PASSWORD; an identity that defines authorized users of a computer in order

to gain access to the system.

 SOFTWARE; A collection of computer programs that runs as a group to

accomplish as set of objectives which could be referred to as job.

 ENCRYPTION; The process of converting ordinary information (plain text)

into unintelligible gibberish (that is cipher text).

 DATA ENCRYPTION;translates data into another form, or code, so that only

people with access to a secret key (formally called a decryption key) or

password can read it. Encryption data is commonly referred to as cipher text

 DECRYPTION; The reverse, moving from unintelligible cipher text to plain

text.

 DATA DECRYPTION; is the process of taking encoded or encrypted text or

other data and converting it back into text that you or the computer can read

and understand.

 CRYPTOGRAPHY;this is used to hide data from public view and to ensure

that the integrity and privacy of any data sent across a network has not been

compromised.

12