Upload
vijeta-karani
View
226
Download
0
Embed Size (px)
Citation preview
8/3/2019 Jns Doc Proj
1/33
Project Title:
E-LEARNING PORTAL FOR JAVA NETWORK SECURITY
Guide: Shailaja Gogate
Members: Monish MadaniNayan Gawande
Priya Patole
8/3/2019 Jns Doc Proj
2/33
SOFWARE REQUIREMENT SPECIFICATION
1. INTRODUCTION
1.1 Purpose:
The main purpose of document is to present a detailed description of ourE-learning Portal.
It will explain the purpose and the features of the system, the interfaces ofthe system, what the system will do, the constraints under which it mustoperate and how the system will react to external stimuli.
The main purpose of making this java Network Security Portal is: To help Java users to exploit the strengths of Java and make it
more secure.
To answer the questions, from the point of view of people whowant to use Java, but want to do so reliably, securely and safely.
It focuses, on how a Java system can be broken into and how toavoid those dangers.
Mainly it focuses on how Java can be made secure and how toexploit its strengths.
The goal is to provide practical help to the various groups involvedin making a Java-based application or Web site into an industrial-strength commercial proposition.
1.2 Scope:
Various groups have different needs and different skills, which this portal meetsin its different parts. The scope behind Java Network Security Portal is: The first part is aimed at Java Network Security concepts and models. It
clears all the theoretical concepts of Network Security. The second part goes into more detail on how Java security works, and is
aimed more at system and network administrators and programmers, whoneed to know more of what is going on i.e. it deals with the demonstrationof all the algorithms that are related to Java network security.
The third part, consist of all the Case Studies related to algorithms that aredemonstrated in part two.
And the last part consist of question and answer session, where the userscan ask for doubts, and submit the queries and get it solved.
8/3/2019 Jns Doc Proj
3/33
1.3 Acronyms and Abbreviations:
AWT Abstract Windows Toolkit, the Java package for creating GUIsAES Advanced Encryption standardCERT Computer Emergency Response Team, an organization that acts
as a clearinghouse of information about security problemsJCE Java Cryptography ExtensionDES Data Encryption Standard, a bulk (symmetric key) encryption
algorithmHTML Hypertext markup language
MD5 A message digest (secure hash) algorithm from RSA Corp
RC4 A bulk (symmetric key) encryption algorithm that allows variablekey sizes
RSA Rivest, Shamir and Adleman formed the RSA corporation to market
cryptographic software and algorithms, in particular the public keyencryption mechanism that also bears their initialsSHA Secure Hash AlgorithmSSL Secure Sockets LayerWWW World Wide Web, usually refers to systems using HTTP
1.4 References:
1) Java 2 Network Security
Marco Pistoia, Duane F. RellerDeepak Gupta, Milind Nagnur, Ashok K. Ramani
8/3/2019 Jns Doc Proj
4/33
2. OVERALL DESCRIPTION
2.1 Product Perspective:
This portal overall contains the information related to Java Network
Security. It is only a part of the whole Network Security. It is mainly based on 4 pillars of Network Security:
Confidentiality Authentication
Integrity Non-Repudiation
Algorithms based on these pillars will be demonstrated in this portal.
2.2 User Characteristics:
The user is expected to be internet literate.
The user is supposed to be windows literate and to be able to use thebuttons, pull down menus, and similar tools.
It is also assumed that the user converses in English language.
2.3 Product Functions:
The major features that this portal will provide to the users are as follows:
Explanation of various algorithms that are used to understand thetechniques of Encryption and Decryption.
Demonstrating the working of the algorithms.
Explanation and the exploration of the source codes. Various case studies related to each algorithm. MCQs (tests) and facilities to submit their queries and get it solved.
2.4Operating environment:
Here the only thing with which user can operate this portal is by havinginternet connection.
The algorithms that that are provided in this portal (in back end) arecompletely and purely based on java language.
The front end that the users see will be done using html language.
The user has to visit the portal and login and then he can use theinformation provided.
8/3/2019 Jns Doc Proj
5/33
3. SPECIFIC REQUIREMENTS
3.1 External Interface
3.1.1 User Interface:
The user interface will consist of the following features: Login for the users.
Displaying the algorithms user want to select for carrying out encryption.
Facility for users to write their own encryption algorithms and test it withthe help of NSS.
User friendly messages to avoid user from making mistakes.
Final display of the outcome.
3.2 Software Quality Attributes:
Portability:
The system has been programmed in Java which makes it platformindependent and portable.
Consistent:
Consistency of the contents should be protected. Affordability:
It is free of cost.
Maintainability:
Maintenance of the system shall be done according to themaintenance contract.
Functionality:
Logon Capabilities: The system shall provide the users with logoncapabilities.
Alerts: The system can alert the user in case of any problems. Usability:
The system shall allow the users to access the system from theInternet using HTML.
The system uses a web browser as an interface.
Since all users are familiar with the general usage of browsers, nospecific training is required.
The system is user friendly and self-explanatory. Availability:
8/3/2019 Jns Doc Proj
6/33
The system is available 100% for the user and is used 24 hrs a dayand 365 days a year. The system shall be operational 24 hours a dayand 7 days a week.
Accuracy:
The accuracy of the system is limited by the accuracy of the speed at
which the user uses the system. Response Time:
The Information page should be able to be downloaded within aminute.
The system shall respond to the user in not less than two secondsfrom the time of the request submittal.
The system shall be allowed to take more time when doing largeprocessing jobs.
8/3/2019 Jns Doc Proj
7/33
4.0 REQUIREMENTS
4.1 Functional Requirements: The user should be able to use the given information on-line through the
designed portal.
The user is supposed to first login to the portal. As the front page is partitioned into 4 parts i.e. i) Theory, ii)
Demonstration, iii) Case studies, and iv) MCQs, the user can choose asper his requirement.
When the user selects his area of interest, page related to that topic willget displayed.
4.1.1 Login by user The portal should allow the user to login under a secure system.
4.1.2 Users area of interest
The portal should allow the user to select the area of his choice, whether itis understanding the theory concepts or doing the practical demonstrationor studying the case studies related to a particular topic.
As soon as the user selects a particular topic, the page related to thattopic should be displayed.
4.1.2.1 Inputs List of menus. Selection of a topic according to users choice
4.1.2.2 Processing
User will be validated. If the user selects theory from the menu, then whole theory concepts
related to that topic will get displayed in front of the user. If the user selects demonstration from the menu, then first the list of all
the algorithms will be displayed. Now suppose the user selects 1 particularalgorithm which he wants to learn, an applet page will get displayed whichwill ask the user to give some input for the code. When this text is typed,this becomes an input for the code to run. Now there will be a button onscreen called Encrypt, whenever user clicks on this button the encrypteddata will occur and also the steps of encryption will be shown. There willbe 1 more button called Decrypt, this will decrypt the encrypted data and
will show the final output along with the decryption steps.4.1.2.3 Outputs The user is provided with the page that shows encrypted and the
decrypted data along with the steps that are taken to achieve it.
8/3/2019 Jns Doc Proj
8/33
SCOPE, FUNCTIONAL AND NON-FUNCTIONALREQUIREMENTS, TECHNOLOGY AND TOOLS
1.1 Scope:
The E-learning portal for java network security is a website which will help allits users to understand all the concepts in security along with examples. It
will provide a platform on which users can actually perform all the programs
related to security.
This project will help to understand the techniques of Encryption,
Decryption attacks and defenses. It will explain various algorithms used:
AES, DES, MD-5, RSA, ECC. This portal will demonstrate the working of the
algorithms and also will give explanation of the source codes along with
Exploration of the source code. The website will contain various case study
related to each algorithm and various books for learning the subjects
thoroughly. It will also contain the Test based on MCQs
1.2 Functional Requirements:
The user should be able to use the given information on-line through thedesigned portal.The user is supposed to first login to the portal.As the front page is partitioned into 4 parts i.e. i) Theory, ii)Demonstration, iii) Case studies, and iv) MCQs, the user can choose asper his requirement.When the user selects his area of interest, page related to that topic willget displayed.
Login by userThe portal should allow the user to login under a secure system.
Users area of interestThe portal should allow the user to select the area of his choice, whether itis understanding the theory concepts or doing the practical demonstrationor studying the case studies related to a particular topic.As soon as the user selects a particular topic, the page related to thattopic should be displayed.
1.3 Non-Functional Requirements:
1.3.1 Usability:
8/3/2019 Jns Doc Proj
9/33
Speed of UseThe portal shall be designed to give maximum speed of use. The user willnever face the problem with respect to overloads on server and websiterunning slow
Required User AbilityThe Portal shall be designed in such a way that the user should know howto use a website and how to implement java codes. The user is required tohave a detailed knowledge of basic operations in java.
LearnabilityThe portal shall be designed to assist the user in understanding thefunctionality of the website.
1.3.2 ReliabilityThe portal shall be required to have high reliability and recover from a
crash without any loss of data.
1.3.3 Performance:
ThroughputThe portal shall have high throughput
Response TimeThe portal shall be designed such that the response time will be as low aspossible
Resource UsageThe portal shall be designed such that the resource usage should beminimum and accuracy will be high.
Degraded under Overload ConditionsThe portal shall be designed such that it doesnt degrade under overloadconditions.
1.3.4 SecurityThe Portal should provide a protection of data held in the database.
A simple user cannot access the administrator area.
The Portal should not be getting hacked by a user.
1.3.5 Supportability:
Ease of InstallationThe portal shall provide a SDK security toolkit which will be easy to installand with the help of this toolkit the user will be able to run all java securityprograms..
8/3/2019 Jns Doc Proj
10/33
Planned MaintenanceThe portal shall be designed such that maintenance can be done easily.
UpgradedThe website will be kept upgraded with all the books and with latest
knowledge of all attacks and viruses that are available.
Ease of TestingThe portal shall be designed such that errors if any can be detected andeffectively eliminated.
1.3.6 Infrastructure
ClientsThe portal requires Internet Connection and a standard web browserhosted on server. A high speed Internet is required
ServersThe portal shall require server to host the project; the server should beequipped with Apache Tomcat 5.5.X and a java domain server.
NetworksThe portal shall require Internet Connection.Web ServicesThe portal shall require Hypertext Transfer Protocol (HTTP)
1.3.7 Implementation Constraints
LanguagesThe portal shall be JSP and Java
Operating PortalsThe portal shall be Platform independent
DatabasesThe portal shall have database so as to keep a track of a particular user
1.4 Technology and Tools:
Java:Java is strongly associated with the internet because of the fact that the firstapplication program was written in java. All the algorithms will be developedusing the java codes.
JSP:
8/3/2019 Jns Doc Proj
11/33
JSP is the scripting language which is going to be used for producingdynamic web pages. The website will be designed using html and JSP. JSPwill also be used for the server side scripting. JSP offers many advantages forus; as it is fast, stable, secure, easy to use and open source
MySQL:MySQL will be used for the databases to store all the e-mail, passwords andusers details. This is because MySQL is a good relational databasemanagement portal (RDBMS) that runs as the server providing multi-useraccess to a number of databases. In addition to this, MySQL is an opensource portaland is thus easily accessible. It also takes a very less storagespace in the disk and hence the database gives remarkable performance.
1.5. Technical Specifications:
The website will cater to users with broadband internet connections and higher-end personal computers. Table 1. list the site's target specifications.Recommended system configurations for optimal viewing will be listed on theHome page and in the Help page.
Screen Resolution: 1024 X 768 (currently 42% of all users)Browser: Internet Explorer 5 + (currently 89% of
all users)Page Size: 50-150 K (1 to 3 seconds download for
broadband)
http://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_system8/3/2019 Jns Doc Proj
12/33
SOFTWARE PROJECT MANAGEMENT PLAN
3.1 OverviewE-learning portal for JAVA NETWORK SECURITY is basically an introduction tonetworking algorithms which we are using for the purpose of users familiarity
with these algorithms and their implementation. By using Electronic portal, usercan access our site from anywhere at any time. This site contains demonstration,questionnaires and test cases related to network security algorithms. As suchtype of site is not available online, we will launch it for users who are interested inNETWORK SECURITY.
3.2 Project ScopeE-learning portal provides all the information related to network security. This sitewill be very user friendly which mostly help for the people from Governmentsector and defence agencies, Financial institutions employees, Technician ofInternet service provider and everyone who wants to protect their web site. From
this site, he/she can get relevant information about security which they can use intheir day to day life. It contains the different algorithms and their implementationin JAVA. It helps to understand the techniques of Encryption, Decryption attacksand defenses and also explain various algorithms used: AES,DES,MD-5,RSA,etc with explanation and exploration of source code.So, when user gives anyinput to the particular program then the site will show you the output for that. Thesite will also ask for the queries and questions related to the algorithm which wehave selected. It also includes in build and previous users test cases on the site.In all, it is very much handy Portal for them who wants to secure their sites andlearning for those people, who knows security measures little bit.
3.3 OrganizationProject Organization
3.3.1 Team MembersRole Organisation NameExternal GuideInternal Guide Ms. Shailaja GogateProject Members Monish Madhani,Nayan Gawande,
Priya Patole.
3.3.2 Project Internal Functions
Sr No. Functions Organisation:Name1. Requirement Gathering Monish Madhani,Nayan Gawand
Priya Patole.2. Design Monish Madhani,Nayan Gawand
Priya Patole.3. Coding Monish Madhani,Nayan Gawand
Priya Patole.
8/3/2019 Jns Doc Proj
13/33
4. Quality Assurance Monish Madhani5. System Test Lead Priya Patole6. Validation Lead Nayan Gawande7. Configuration Management Nayan Gawande8. Change Management Nayan Gawande
9. Deployment Monish Madhani,Priya Patole
3.3.3 Project TeamOrganisation:Name AvailabilityMonish Madhani 100%Nayan Gawande 100%
Priya Patole 100%
3.4 Schedule
3.4.1 Schedule and MilestoneMilestones Description Milestone Criteria Planned
DateM0 Problem Definition
ApprovalSubmit project Scope 10/08/2011
M1 Approval of Scope,Functional and Non-Functional Requirements,Tools & Technology
Submit Requireddocuments
24/08/2011
M2 Prepare Software ProjectManagement Plan
Submit Software ProjectManagement Plan
31/08/2011
M3 Prepare SoftwareRequirement Specification
Submit SoftwareRequirementSpecification
07/09/2011
M4 Prepare Software DesignDocument Data andArchitecture
Submit SoftwareDesign DocumentData and Architecture
14/09/2011
M5 Prepare Software DesignDocument UserInterface,Procedural/Component
Submit Software DesignDocument UserInterface,Procedural/Component
21/09/2011
M6 Prepare System Test
Document
Submit System Test
Document
28/09/2011
M7 Prepare ImplementationDemonstration
ImplementationDemonstration
05/10/2011
M8 Prepare ReportSubmission
Submit Report Not known
3.4.2 Development ProcessThe Spiral Model will be used owing to the modular nature of the project
8/3/2019 Jns Doc Proj
14/33
It will contain the following phases:
Customer Communication
Planning
Risk Analysis
Engineering
Construction and Release
Customer Evaluation and Feedback
3.4.3 Development EnvironmentItem Applied ForMethodsUse Case Requirement capturingGantt Chart Project SchedulingToolsRational Rose Design
Microsoft Project Project SchedulingEclipse CodingLanguagesUML DesignJava Core Logic, GUI
3.5 Risk ManagementProject Risk Management Plan PurposeA Project Risk Management Plan is a controlling document that incorporatesgoals, strategies and methods for performing risk management on the project.The Project Risk Management Plan describes all aspects of the risk
identification, estimation, evaluation and control processes. The purpose ofdeveloping such a plan is to determine the approach for cost-effectivelyperforming risk management on the project.Stakeholders Roles and Responsibilities:Role Risk Management
ResponsibilityAssignment
Project team members The project teammembers are responsiblefor the Project RiskManagement Plan beingimplemented and for
reporting to the ProjectSponsor and ManagementGroup
Monish MadhaniNayan GawandePriya Patole
8/3/2019 Jns Doc Proj
15/33
Risk Management Process and ActivitiesRisk ManagementActivity
Risk Management TaskDescription
Ownership(Participants)
Inadequate Requirementdata
Brain Storming sessionwith client
Monish Madhani
Defects in Modules Test every modules aftercompletion Nayan Gawande,Priya Patole.Error in syntax of code Verify code Nayan Gawande,
Priya Patole.Incomplete Testing Rigorous Testing Nayan Gawande,
Priya Patole.Late submission ofmodules
Frequent Meetings andprogress report
Nayan Gawande
Risk Assesment and Management TableRisk Type Risk and
Description
Risk
Chance
Risk
Impact
Risk
Priority
Risk
OwnerRequirementRisk
The datacollectedfrom theclient couldbeincompleteorambiguous
Medium Medium Medium
TechnologicalRisk
Defects inmodules:
The modulecouldmalfunction
High High High
TechnologicalRisk
Defects incode:The syntaxcould not besyntacticallycorrect orthestructure
could not bewell defined
Medium Medium Medium
TechnologicalRisk
InadequateTesting:The testingperformedcould beinadequate
Medium Medium Medium
8/3/2019 Jns Doc Proj
16/33
leading todefect.
EstimationRisk
Latesubmissionsof modules:
Themodulescould besubmittedlater thanthescheduledtime
Medium Medium Medium
TechnologicalRisk
Addeition ofnewmodules:
Addition ofnewmodulescould leadto systemfailure
High High High
Tool Risk Defect inServer:Defects inserver couldcause the
system tofail
Low High Medium
3.6 Communication and ReportingType ofCommunication
Method/Tool
Frequency/Schedule
Information Participants/Responsible
Internal Communication:ProjectMeetings
BrainStorming
Weekly andon event
Projectstatus,problems,risks,changed
requirements
Project managerProject TeamMembers
Sharing ofprojectdata
Email Whenavailable
All projectdocumentation andreports
ProjectManager(s)Project TeamMembers
MilestoneMeetings
BrainStorming
BeforeMilestones
Project status(progress)
Project managerSub-projectmanager
8/3/2019 Jns Doc Proj
17/33
External Communication and Reporting:ProjectReport
Email On event Project-Status-Progress-Forecast
-Risks
Project ManagerSub-ProjectManagers
3.7 Delivery Plan3.7.1 Deliverables and Receivers
Ident. Deliverable Planned Date ReceiverD1 Project Report Ms.Shailaja
GogateD2 User Manual Ms.Shailaja
GogateD3 Source Code Ms.Shailaja
Gogate
D4 TechnicalReference
Ms.ShailajaGogate
3.8 Gantt Chart
8/3/2019 Jns Doc Proj
18/33
SOFTWARE DESIGN DOCUMENT
INTRODUCTION
PURPOSE OF THIS DOCUMENTThe purpose of this document is to present project design, to give detail onproject architecture and data flow diagrams.
INTENDED AUDIENCEThis document is intended for :Team members usage to guide team members on the implementation.Project guide to see how the project will be structured.
SCOPEThis document will abstract implementation details on the level of modules, sowe will not deal with the details of how every module will be implemented, butrather specify each of the modules purpose, interface and function. The databasewill be presented in its final form.
8/3/2019 Jns Doc Proj
19/33
USE CASE DIAGRAMUse case for login:-
Display home page
Already a member
Not a member
Enter name and password
Display Register pageRegister memb
User
Display login page
Verify member
Update database
Software
8/3/2019 Jns Doc Proj
20/33
Use case for learning:-
Softw
Click on Learning Tab
Display topics
Select a topic
User
Display Information
8/3/2019 Jns Doc Proj
21/33
Use case for demonstration:-
So
Click on demonstration tab
Display demo algorithms
Select a demo algorithm
User
Display demonstration of selected
algorithm
8/3/2019 Jns Doc Proj
22/33
Use case for running a demo algorithm:-
Softw
Encryption button
Decryption Button
Click on demonstration tab
Output for encryption
Click on encryption button
Output of decryption
Click on Decryption button
User
8/3/2019 Jns Doc Proj
23/33
Use case for case studies:-
Select a particular case study
Click on case studies tab
List various case study examplesUser
Display the case study
Software
8/3/2019 Jns Doc Proj
24/33
8/3/2019 Jns Doc Proj
25/33
CLASS DIAGRAM :-
8/3/2019 Jns Doc Proj
26/33
SEQUENCE DIAGRAM:Sequence diagram for login:-
: User: User : login: login : Home page: Home page: software: software : Database: Database : Re
p
: Re
p
: Registered
User
: Registered
User
: Unregistered
user
: Unregistered
user
goes to( )
sends details to( )
verify member( )
present( )
not_present( )
display( )
display( )
accept( )
register( )
update( )
8/3/2019 Jns Doc Proj
27/33
Sequence diagram for learning:-
learning tab :
Subject
learning tab :
Subject
: User: User topic : Subjecttopic : Subject : software: software
select( )
accept( )
display( )
display( )
select( )
accept( )
8/3/2019 Jns Doc Proj
28/33
Sequence diagram for demonstration:-
: User: User demonstration
tab : Subject
demonstration
tab : Subject
demo
algorithm...
demo
algorithm...
: software: software
select( )
accept( )
display( )
display( )
select( )
accept( )
8/3/2019 Jns Doc Proj
29/33
Sequence diagram for case studies:-
: User: User case studies
tab : Subject
case studies
tab : Subject
examples :
Subject
examples :
Subject
: software: software
select( )
display( )
accept( )
select( )
accept( )
display( )
8/3/2019 Jns Doc Proj
30/33
Sequence diagram for queries:-
: User: User queries tab :
Subject
queries tab :
Subject
query page :
Subject
query page :
Subject
: software: software
select( )
display( )
accept( )
display( )
8/3/2019 Jns Doc Proj
31/33
SOFTWARE TEST CASE DOCUMENT
While testing a web application you need to consider following Cases: Functionality Testing
Performance Testing Usability Testing Server Side Interface Client Side Compatibility Security
Functionality:
In testing the functionality of the web sites the following should be tested:
Links
i. Internal Links
ii. External Links
iii. Mail Links
iv. Broken Links
Forms
i. Field validation
ii. Error message for wrong input
iii. Optional and Mandatory fields
Database
Testing will be done on the database integrity.
Cookies
Testing will be done on the client system side, on the temporary Internet files.
Performance :
Performance testing can be applied to understand the web sites scalability, or to
benchmark the performance in the environment of third party products such as
servers and middleware for potential purchase.
Connection Speed:
Tested over various networks like Dial Up, ISDN etc
Load:
i. What is the no. of users per time?
ii. Check for peak loads and how system behaves
iii. Large amount of data accessed by user Stress:
i. Continuous Load
ii. Performance of memory, CPU, file handling etc..
Usability:
Usability testing is the process by which the human-computer interaction
8/3/2019 Jns Doc Proj
32/33
characteristics of a system are measured, and weaknesses are identified for
correction.
Ease of learning
Navigation
Subjective user satisfaction
General appearance
Server Side Interface:
In web testing the server side interface should be tested. This is done by verify
that communication is done properly. Compatibility of server with software,
hardware, network and database should be tested.
Client Side Compatibility:
The client side compatibility is also tested in various platforms, using various
browsers etc.
Security:
The primary reason for testing the security of a web is to identify potential
vulnerabilities and subsequently repair them.
Network Scanning
Vulnerability Scanning
Password Cracking
Log Review
Integrity Checkers
Virus Detection
8/3/2019 Jns Doc Proj
33/33
2)Testcase
ID
Purpose Input Expectedoutput Actual output Y/N
1 To view the
Portal
Type the
URL
Website login
page opens
Website login
page opens
Y
2 Registering on
Portal
Click on
register
Registration page
opens
Registration
page opens
Y
3 Login on the
Portal
Click on
Login
Login page
opens
Login page
opens
Y
4 Connectivity to
database
user input
login and
password
Verify passwords
from database
and provides
access
Verify
passwords from
database and
provides
access
Y
5 Testing ofvarious
algorithms
Valuesinput by
user
Output given bythe algorithm with
values
Output given bythe algorithm
with values
Y
6 Connectivity
between
various
webpages
Check for
back
Previous page
opens
Previous page
opens
Y
7 Users
Providing
values
Input
given by
user
Give error with no
proper values
Give error with
no proper
values
Y