Jns Doc Proj

8/3/2019 Jns Doc Proj

1/33

Project Title:

E-LEARNING PORTAL FOR JAVA NETWORK SECURITY

Guide: Shailaja Gogate

Members: Monish MadaniNayan Gawande

Priya Patole


2/33

SOFWARE REQUIREMENT SPECIFICATION

1. INTRODUCTION

1.1 Purpose:

The main purpose of document is to present a detailed description of ourE-learning Portal.

It will explain the purpose and the features of the system, the interfaces ofthe system, what the system will do, the constraints under which it mustoperate and how the system will react to external stimuli.

The main purpose of making this java Network Security Portal is: To help Java users to exploit the strengths of Java and make it

more secure.

To answer the questions, from the point of view of people whowant to use Java, but want to do so reliably, securely and safely.

It focuses, on how a Java system can be broken into and how toavoid those dangers.

Mainly it focuses on how Java can be made secure and how toexploit its strengths.

The goal is to provide practical help to the various groups involvedin making a Java-based application or Web site into an industrial-strength commercial proposition.

1.2 Scope:

Various groups have different needs and different skills, which this portal meetsin its different parts. The scope behind Java Network Security Portal is: The first part is aimed at Java Network Security concepts and models. It

clears all the theoretical concepts of Network Security. The second part goes into more detail on how Java security works, and is

aimed more at system and network administrators and programmers, whoneed to know more of what is going on i.e. it deals with the demonstrationof all the algorithms that are related to Java network security.

The third part, consist of all the Case Studies related to algorithms that aredemonstrated in part two.

And the last part consist of question and answer session, where the userscan ask for doubts, and submit the queries and get it solved.


3/33

1.3 Acronyms and Abbreviations:

AWT Abstract Windows Toolkit, the Java package for creating GUIsAES Advanced Encryption standardCERT Computer Emergency Response Team, an organization that acts

as a clearinghouse of information about security problemsJCE Java Cryptography ExtensionDES Data Encryption Standard, a bulk (symmetric key) encryption

algorithmHTML Hypertext markup language

MD5 A message digest (secure hash) algorithm from RSA Corp

RC4 A bulk (symmetric key) encryption algorithm that allows variablekey sizes

RSA Rivest, Shamir and Adleman formed the RSA corporation to market

cryptographic software and algorithms, in particular the public keyencryption mechanism that also bears their initialsSHA Secure Hash AlgorithmSSL Secure Sockets LayerWWW World Wide Web, usually refers to systems using HTTP

1.4 References:

1) Java 2 Network Security

Marco Pistoia, Duane F. RellerDeepak Gupta, Milind Nagnur, Ashok K. Ramani


4/33

2. OVERALL DESCRIPTION

2.1 Product Perspective:

This portal overall contains the information related to Java Network

Security. It is only a part of the whole Network Security. It is mainly based on 4 pillars of Network Security:

Confidentiality Authentication

Integrity Non-Repudiation

Algorithms based on these pillars will be demonstrated in this portal.

2.2 User Characteristics:

The user is expected to be internet literate.

The user is supposed to be windows literate and to be able to use thebuttons, pull down menus, and similar tools.

It is also assumed that the user converses in English language.

2.3 Product Functions:

The major features that this portal will provide to the users are as follows:

Explanation of various algorithms that are used to understand thetechniques of Encryption and Decryption.

Demonstrating the working of the algorithms.

Explanation and the exploration of the source codes. Various case studies related to each algorithm. MCQs (tests) and facilities to submit their queries and get it solved.

2.4Operating environment:

Here the only thing with which user can operate this portal is by havinginternet connection.

The algorithms that that are provided in this portal (in back end) arecompletely and purely based on java language.

The front end that the users see will be done using html language.

The user has to visit the portal and login and then he can use theinformation provided.


5/33

3. SPECIFIC REQUIREMENTS

3.1 External Interface

3.1.1 User Interface:

The user interface will consist of the following features: Login for the users.

Displaying the algorithms user want to select for carrying out encryption.

Facility for users to write their own encryption algorithms and test it withthe help of NSS.

User friendly messages to avoid user from making mistakes.

Final display of the outcome.

3.2 Software Quality Attributes:

Portability:

The system has been programmed in Java which makes it platformindependent and portable.

Consistent:

Consistency of the contents should be protected. Affordability:

It is free of cost.

Maintainability:

Maintenance of the system shall be done according to themaintenance contract.

Functionality:

Logon Capabilities: The system shall provide the users with logoncapabilities.

Alerts: The system can alert the user in case of any problems. Usability:

The system shall allow the users to access the system from theInternet using HTML.

The system uses a web browser as an interface.

Since all users are familiar with the general usage of browsers, nospecific training is required.

The system is user friendly and self-explanatory. Availability:


6/33

The system is available 100% for the user and is used 24 hrs a dayand 365 days a year. The system shall be operational 24 hours a dayand 7 days a week.

Accuracy:

The accuracy of the system is limited by the accuracy of the speed at

which the user uses the system. Response Time:

The Information page should be able to be downloaded within aminute.

The system shall respond to the user in not less than two secondsfrom the time of the request submittal.

The system shall be allowed to take more time when doing largeprocessing jobs.


7/33

4.0 REQUIREMENTS

4.1 Functional Requirements: The user should be able to use the given information on-line through the

designed portal.

The user is supposed to first login to the portal. As the front page is partitioned into 4 parts i.e. i) Theory, ii)

Demonstration, iii) Case studies, and iv) MCQs, the user can choose asper his requirement.

When the user selects his area of interest, page related to that topic willget displayed.

4.1.1 Login by user The portal should allow the user to login under a secure system.

4.1.2 Users area of interest

The portal should allow the user to select the area of his choice, whether itis understanding the theory concepts or doing the practical demonstrationor studying the case studies related to a particular topic.

As soon as the user selects a particular topic, the page related to thattopic should be displayed.

4.1.2.1 Inputs List of menus. Selection of a topic according to users choice

4.1.2.2 Processing

User will be validated. If the user selects theory from the menu, then whole theory concepts

related to that topic will get displayed in front of the user. If the user selects demonstration from the menu, then first the list of all

the algorithms will be displayed. Now suppose the user selects 1 particularalgorithm which he wants to learn, an applet page will get displayed whichwill ask the user to give some input for the code. When this text is typed,this becomes an input for the code to run. Now there will be a button onscreen called Encrypt, whenever user clicks on this button the encrypteddata will occur and also the steps of encryption will be shown. There willbe 1 more button called Decrypt, this will decrypt the encrypted data and

will show the final output along with the decryption steps.4.1.2.3 Outputs The user is provided with the page that shows encrypted and the

decrypted data along with the steps that are taken to achieve it.


8/33

SCOPE, FUNCTIONAL AND NON-FUNCTIONALREQUIREMENTS, TECHNOLOGY AND TOOLS

1.1 Scope:

The E-learning portal for java network security is a website which will help allits users to understand all the concepts in security along with examples. It

will provide a platform on which users can actually perform all the programs

related to security.

This project will help to understand the techniques of Encryption,

Decryption attacks and defenses. It will explain various algorithms used:

AES, DES, MD-5, RSA, ECC. This portal will demonstrate the working of the

algorithms and also will give explanation of the source codes along with

Exploration of the source code. The website will contain various case study

related to each algorithm and various books for learning the subjects

thoroughly. It will also contain the Test based on MCQs

1.2 Functional Requirements:

The user should be able to use the given information on-line through thedesigned portal.The user is supposed to first login to the portal.As the front page is partitioned into 4 parts i.e. i) Theory, ii)Demonstration, iii) Case studies, and iv) MCQs, the user can choose asper his requirement.When the user selects his area of interest, page related to that topic willget displayed.

Login by userThe portal should allow the user to login under a secure system.

Users area of interestThe portal should allow the user to select the area of his choice, whether itis understanding the theory concepts or doing the practical demonstrationor studying the case studies related to a particular topic.As soon as the user selects a particular topic, the page related to thattopic should be displayed.

1.3 Non-Functional Requirements:

1.3.1 Usability:


9/33

Speed of UseThe portal shall be designed to give maximum speed of use. The user willnever face the problem with respect to overloads on server and websiterunning slow

Required User AbilityThe Portal shall be designed in such a way that the user should know howto use a website and how to implement java codes. The user is required tohave a detailed knowledge of basic operations in java.

LearnabilityThe portal shall be designed to assist the user in understanding thefunctionality of the website.

1.3.2 ReliabilityThe portal shall be required to have high reliability and recover from a

crash without any loss of data.

1.3.3 Performance:

ThroughputThe portal shall have high throughput

Response TimeThe portal shall be designed such that the response time will be as low aspossible

Resource UsageThe portal shall be designed such that the resource usage should beminimum and accuracy will be high.

Degraded under Overload ConditionsThe portal shall be designed such that it doesnt degrade under overloadconditions.

1.3.4 SecurityThe Portal should provide a protection of data held in the database.

A simple user cannot access the administrator area.

The Portal should not be getting hacked by a user.

1.3.5 Supportability:

Ease of InstallationThe portal shall provide a SDK security toolkit which will be easy to installand with the help of this toolkit the user will be able to run all java securityprograms..


10/33

Planned MaintenanceThe portal shall be designed such that maintenance can be done easily.

UpgradedThe website will be kept upgraded with all the books and with latest

knowledge of all attacks and viruses that are available.

Ease of TestingThe portal shall be designed such that errors if any can be detected andeffectively eliminated.

1.3.6 Infrastructure

ClientsThe portal requires Internet Connection and a standard web browserhosted on server. A high speed Internet is required

ServersThe portal shall require server to host the project; the server should beequipped with Apache Tomcat 5.5.X and a java domain server.

NetworksThe portal shall require Internet Connection.Web ServicesThe portal shall require Hypertext Transfer Protocol (HTTP)

1.3.7 Implementation Constraints

LanguagesThe portal shall be JSP and Java

Operating PortalsThe portal shall be Platform independent

DatabasesThe portal shall have database so as to keep a track of a particular user

1.4 Technology and Tools:

Java:Java is strongly associated with the internet because of the fact that the firstapplication program was written in java. All the algorithms will be developedusing the java codes.

JSP:


11/33

JSP is the scripting language which is going to be used for producingdynamic web pages. The website will be designed using html and JSP. JSPwill also be used for the server side scripting. JSP offers many advantages forus; as it is fast, stable, secure, easy to use and open source

MySQL:MySQL will be used for the databases to store all the e-mail, passwords andusers details. This is because MySQL is a good relational databasemanagement portal (RDBMS) that runs as the server providing multi-useraccess to a number of databases. In addition to this, MySQL is an opensource portaland is thus easily accessible. It also takes a very less storagespace in the disk and hence the database gives remarkable performance.

1.5. Technical Specifications:

The website will cater to users with broadband internet connections and higher-end personal computers. Table 1. list the site's target specifications.Recommended system configurations for optimal viewing will be listed on theHome page and in the Help page.

Screen Resolution: 1024 X 768 (currently 42% of all users)Browser: Internet Explorer 5 + (currently 89% of

all users)Page Size: 50-150 K (1 to 3 seconds download for

broadband)
http://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_systemhttp://en.wikipedia.org/wiki/Relational_database_management_system


12/33

SOFTWARE PROJECT MANAGEMENT PLAN

3.1 OverviewE-learning portal for JAVA NETWORK SECURITY is basically an introduction tonetworking algorithms which we are using for the purpose of users familiarity

with these algorithms and their implementation. By using Electronic portal, usercan access our site from anywhere at any time. This site contains demonstration,questionnaires and test cases related to network security algorithms. As suchtype of site is not available online, we will launch it for users who are interested inNETWORK SECURITY.

3.2 Project ScopeE-learning portal provides all the information related to network security. This sitewill be very user friendly which mostly help for the people from Governmentsector and defence agencies, Financial institutions employees, Technician ofInternet service provider and everyone who wants to protect their web site. From

this site, he/she can get relevant information about security which they can use intheir day to day life. It contains the different algorithms and their implementationin JAVA. It helps to understand the techniques of Encryption, Decryption attacksand defenses and also explain various algorithms used: AES,DES,MD-5,RSA,etc with explanation and exploration of source code.So, when user gives anyinput to the particular program then the site will show you the output for that. Thesite will also ask for the queries and questions related to the algorithm which wehave selected. It also includes in build and previous users test cases on the site.In all, it is very much handy Portal for them who wants to secure their sites andlearning for those people, who knows security measures little bit.

3.3 OrganizationProject Organization

3.3.1 Team MembersRole Organisation NameExternal GuideInternal Guide Ms. Shailaja GogateProject Members Monish Madhani,Nayan Gawande,

Priya Patole.

3.3.2 Project Internal Functions

Sr No. Functions Organisation:Name1. Requirement Gathering Monish Madhani,Nayan Gawand

Priya Patole.2. Design Monish Madhani,Nayan Gawand

Priya Patole.3. Coding Monish Madhani,Nayan Gawand

Priya Patole.


13/33

4. Quality Assurance Monish Madhani5. System Test Lead Priya Patole6. Validation Lead Nayan Gawande7. Configuration Management Nayan Gawande8. Change Management Nayan Gawande

9. Deployment Monish Madhani,Priya Patole

3.3.3 Project TeamOrganisation:Name AvailabilityMonish Madhani 100%Nayan Gawande 100%

Priya Patole 100%

3.4 Schedule

3.4.1 Schedule and MilestoneMilestones Description Milestone Criteria Planned

DateM0 Problem Definition

ApprovalSubmit project Scope 10/08/2011

M1 Approval of Scope,Functional and Non-Functional Requirements,Tools & Technology

Submit Requireddocuments

24/08/2011

M2 Prepare Software ProjectManagement Plan

Submit Software ProjectManagement Plan

31/08/2011

M3 Prepare SoftwareRequirement Specification

Submit SoftwareRequirementSpecification

07/09/2011

M4 Prepare Software DesignDocument Data andArchitecture

Submit SoftwareDesign DocumentData and Architecture

14/09/2011

M5 Prepare Software DesignDocument UserInterface,Procedural/Component

Submit Software DesignDocument UserInterface,Procedural/Component

21/09/2011

M6 Prepare System Test

Document

Submit System Test

Document

28/09/2011

M7 Prepare ImplementationDemonstration

ImplementationDemonstration

05/10/2011

M8 Prepare ReportSubmission

Submit Report Not known

3.4.2 Development ProcessThe Spiral Model will be used owing to the modular nature of the project


14/33

It will contain the following phases:

Customer Communication

Planning

Risk Analysis

Engineering

Construction and Release

Customer Evaluation and Feedback

3.4.3 Development EnvironmentItem Applied ForMethodsUse Case Requirement capturingGantt Chart Project SchedulingToolsRational Rose Design

Microsoft Project Project SchedulingEclipse CodingLanguagesUML DesignJava Core Logic, GUI

3.5 Risk ManagementProject Risk Management Plan PurposeA Project Risk Management Plan is a controlling document that incorporatesgoals, strategies and methods for performing risk management on the project.The Project Risk Management Plan describes all aspects of the risk

identification, estimation, evaluation and control processes. The purpose ofdeveloping such a plan is to determine the approach for cost-effectivelyperforming risk management on the project.Stakeholders Roles and Responsibilities:Role Risk Management

ResponsibilityAssignment

Project team members The project teammembers are responsiblefor the Project RiskManagement Plan beingimplemented and for

reporting to the ProjectSponsor and ManagementGroup

Monish MadhaniNayan GawandePriya Patole


15/33

Risk Management Process and ActivitiesRisk ManagementActivity

Risk Management TaskDescription

Ownership(Participants)

Inadequate Requirementdata

Brain Storming sessionwith client

Monish Madhani

Defects in Modules Test every modules aftercompletion Nayan Gawande,Priya Patole.Error in syntax of code Verify code Nayan Gawande,

Priya Patole.Incomplete Testing Rigorous Testing Nayan Gawande,

Priya Patole.Late submission ofmodules

Frequent Meetings andprogress report

Nayan Gawande

Risk Assesment and Management TableRisk Type Risk and

Description

Risk

Chance

Risk

Impact

Risk

Priority

Risk

OwnerRequirementRisk

The datacollectedfrom theclient couldbeincompleteorambiguous

Medium Medium Medium

TechnologicalRisk

Defects inmodules:

The modulecouldmalfunction

High High High

TechnologicalRisk

Defects incode:The syntaxcould not besyntacticallycorrect orthestructure

could not bewell defined


TechnologicalRisk

InadequateTesting:The testingperformedcould beinadequate



16/33

leading todefect.

EstimationRisk

Latesubmissionsof modules:

Themodulescould besubmittedlater thanthescheduledtime


TechnologicalRisk

Addeition ofnewmodules:

Addition ofnewmodulescould leadto systemfailure

High High High

Tool Risk Defect inServer:Defects inserver couldcause the

system tofail

Low High Medium

3.6 Communication and ReportingType ofCommunication

Method/Tool

Frequency/Schedule

Information Participants/Responsible

Internal Communication:ProjectMeetings

BrainStorming

Weekly andon event

Projectstatus,problems,risks,changed

requirements

Project managerProject TeamMembers

Sharing ofprojectdata

Email Whenavailable

All projectdocumentation andreports

ProjectManager(s)Project TeamMembers

MilestoneMeetings

BrainStorming

BeforeMilestones

Project status(progress)

Project managerSub-projectmanager


17/33

External Communication and Reporting:ProjectReport

Email On event Project-Status-Progress-Forecast

-Risks

Project ManagerSub-ProjectManagers

3.7 Delivery Plan3.7.1 Deliverables and Receivers

Ident. Deliverable Planned Date ReceiverD1 Project Report Ms.Shailaja

GogateD2 User Manual Ms.Shailaja

GogateD3 Source Code Ms.Shailaja

Gogate

D4 TechnicalReference

Ms.ShailajaGogate

3.8 Gantt Chart


18/33

SOFTWARE DESIGN DOCUMENT

INTRODUCTION

PURPOSE OF THIS DOCUMENTThe purpose of this document is to present project design, to give detail onproject architecture and data flow diagrams.

INTENDED AUDIENCEThis document is intended for :Team members usage to guide team members on the implementation.Project guide to see how the project will be structured.

SCOPEThis document will abstract implementation details on the level of modules, sowe will not deal with the details of how every module will be implemented, butrather specify each of the modules purpose, interface and function. The databasewill be presented in its final form.


19/33

USE CASE DIAGRAMUse case for login:-

Display home page

Already a member

Not a member

Enter name and password

Display Register pageRegister memb

User

Display login page

Verify member

Update database

Software


20/33

Use case for learning:-

Softw

Click on Learning Tab

Display topics

Select a topic

User

Display Information


21/33

Use case for demonstration:-

So

Click on demonstration tab

Display demo algorithms

Select a demo algorithm

User

Display demonstration of selected

algorithm


22/33

Use case for running a demo algorithm:-

Softw

Encryption button

Decryption Button

Click on demonstration tab

Output for encryption

Click on encryption button

Output of decryption

Click on Decryption button

User


23/33

Use case for case studies:-

Select a particular case study

Click on case studies tab

List various case study examplesUser

Display the case study

Software


24/33


25/33

CLASS DIAGRAM :-


26/33

SEQUENCE DIAGRAM:Sequence diagram for login:-

: User: User : login: login : Home page: Home page: software: software : Database: Database : Re

p

: Re

p

: Registered

User

: Registered

User

: Unregistered

user

: Unregistered

user

goes to( )

sends details to( )

verify member( )

present( )

not_present( )

display( )

display( )

accept( )

register( )

update( )


27/33

Sequence diagram for learning:-

learning tab :

Subject

learning tab :

Subject

: User: User topic : Subjecttopic : Subject : software: software

select( )

accept( )

display( )

display( )

select( )

accept( )


28/33

Sequence diagram for demonstration:-

: User: User demonstration

tab : Subject

demonstration

tab : Subject

demo

algorithm...

demo

algorithm...

: software: software

select( )

accept( )

display( )

display( )

select( )

accept( )


29/33

Sequence diagram for case studies:-

: User: User case studies

tab : Subject

case studies

tab : Subject

examples :

Subject

examples :

Subject


select( )

display( )

accept( )

select( )

accept( )

display( )


30/33

Sequence diagram for queries:-

: User: User queries tab :

Subject

queries tab :

Subject

query page :

Subject

query page :

Subject


select( )

display( )

accept( )

display( )


31/33

SOFTWARE TEST CASE DOCUMENT

While testing a web application you need to consider following Cases: Functionality Testing

Performance Testing Usability Testing Server Side Interface Client Side Compatibility Security

Functionality:

In testing the functionality of the web sites the following should be tested:

Links

i. Internal Links

ii. External Links

iii. Mail Links

iv. Broken Links

Forms

i. Field validation

ii. Error message for wrong input

iii. Optional and Mandatory fields

Database

Testing will be done on the database integrity.

Cookies

Testing will be done on the client system side, on the temporary Internet files.

Performance :

Performance testing can be applied to understand the web sites scalability, or to

benchmark the performance in the environment of third party products such as

servers and middleware for potential purchase.

Connection Speed:

Tested over various networks like Dial Up, ISDN etc

Load:

i. What is the no. of users per time?

ii. Check for peak loads and how system behaves

iii. Large amount of data accessed by user Stress:

i. Continuous Load

ii. Performance of memory, CPU, file handling etc..

Usability:

Usability testing is the process by which the human-computer interaction


32/33

characteristics of a system are measured, and weaknesses are identified for

correction.

Ease of learning

Navigation

Subjective user satisfaction

General appearance

Server Side Interface:

In web testing the server side interface should be tested. This is done by verify

that communication is done properly. Compatibility of server with software,

hardware, network and database should be tested.

Client Side Compatibility:

The client side compatibility is also tested in various platforms, using various

browsers etc.

Security:

The primary reason for testing the security of a web is to identify potential

vulnerabilities and subsequently repair them.

Network Scanning

Vulnerability Scanning

Password Cracking

Log Review

Integrity Checkers

Virus Detection


33/33

2)Testcase

ID

Purpose Input Expectedoutput Actual output Y/N

1 To view the

Portal

Type the

URL

Website login

page opens

Website login

page opens

Y

2 Registering on

Portal

Click on

register

Registration page

opens

Registration

page opens

Y

3 Login on the

Portal

Click on

Login

Login page

opens

Login page

opens

Y

4 Connectivity to

database

user input

login and

password

Verify passwords

from database

and provides

access

Verify

passwords from

database and

provides

access

Y

5 Testing ofvarious

algorithms

Valuesinput by

user

Output given bythe algorithm with

values

Output given bythe algorithm

with values

Y

6 Connectivity

between

various

webpages

Check for

back

Previous page

opens

Previous page

opens

Y

7 Users

Providing

values

Input

given by

user

Give error with no

proper values

Give error with

no proper

values

Y

Documents

Jns Doc Proj