Project Report

On

DIGITAL
SIGNATURE

1
 Digital Signature

Prepared by

AMARDEEP
(B.Tech – VIth Sem)

Submitted to

Indrapreet kour

Project Guide

Neeraj kumar

DECLARATION

2
I Amardeep student of B-Tech program, VI Semester of 2009 – 2010 batch
at Galgotia’s College of Engineering & Technology do hereby declare that
this report entitled “Digital Signature“ has been carried out by me
during this Semester and the same work has not been copied from any
source directly without acknowledging for the part/ section that has been
adopted from published / non-published works.

AMARDEEP
__________________

ACKNOWLEDGEMENT

3
Success is not a destination, but a journey. I have realized it even better
during my Internship Program. A journey to the corporate culture with
and all those who were associated with it, has fascinated me towards
consultancy culture and the feel of working in a healthy and inspirational
work environment.

At the outset, I would like to take the opportunity to thank all those
people who constantly motivated and provided me with inspirational
guidance during the course of my internship.

I express my deepest and most sincere thanks to my project guide,

and for all their guidance and help that they have extended
throughout the project and provided an inspiration for taking the
project to its completion .

A special thanks to our Trainers, who provided me with valuable

insights and without whose kind guidance, I would not have been able
to complete this course.
Also very much thankful to Mr. Neeraj for all his guidance
and help.

I would also like to express my regard to all the staff members,

teaching, non-teaching staff and friends for helping me in the course
of my endeavor which helped me undertake the project in a better
fashion and without whose timely help and inspiration this humble
effort would not have taken a proper shape.

INDEX & TABLES

4
1. About Organization
2. About Project
3. Objective
4. Project Profile
5. Problem Definition
6. Proposed System and Targeted User
7. Specific Requirement Specifications
8. System Development
7. Data Design
Entity-Relationship Diagram
8. System Design
UML
Data Flow Diagram
9. User Interface Design
Screen Shots
10. Bibliography

5
ABOUT THE ORGANISATION

6
 About Organization
Introduction

Mission: A Mission Statement defines the organization's

purpose and primary objectives. Its prime function is internal – to
define the key measure or measures of the organization’s success –
and its prime audience is the leadership team and stockholders.

Mission Statement Creation

1. To create your mission statement, first identify your

organization’s “winning idea”.

This is the idea or approach that will make your organization

stand out from its competitors, and is the reason that customers
will come to you and not your competitors (see tip below).
 
2. Next identify the key measures of your success. Make sure you
choose the most important measures (and not too many of
them!)
 
3. Combine your winning idea and success measures into a
tangible and measurable goal.
 
4. Refine the words until you have a concise and precise statement
of your mission, which expresses your ideas, measures and
desired result.

Vision: Vision Statements also define the organizations

purpose, but this time they do so in terms of the organization’s values

7
rather than bottom line measures (values are guiding beliefs about
how things should be done.) The vision statement communicates both
the purpose and values of the organization. For employees, it gives
direction about how they are expected to behave and inspires them to
give their best. Shared with customers, it shapes customers’
understanding of why they should work with the organization .

Vision Statement Creation

Once you’ve created your mission statement, move on to create your

vision statement:

1. First identify your organization’s mission. Then uncover the

real, human value in that mission.
2. Next, identify what you, your customers and other stakeholders
will value most about how your organization will achieve this
mission. Distil these into the values that your organization has
or should have.
3. Combine your mission and values, and polish the words until
you have a vision statement inspiring enough to energize and
motivate people inside and outside your organization.

8
Values: To start on this journey of brining value to the enterprise, an
organization must first determine a direction and pathways to success.  To
build an ITAM Program, it will begin with three solid foundation processes:

1. Backed by Policy: ITAM as with other business practices must be

backed by enterprise-wide policy.  All policies should be clearly
written, easily understood and uniformly enforced across the
enterprise.  Without strong policy to back the ITAM initiative your
program is certain to fail.
2. Communication & Education: The intent and progress of the ITAM
program must be communicated regularly to those impacted as well as
internally selling or marketing your program’s successes in order to
maintain the backing necessary for continuation. All within the
organization should be educated at some basic level regarding their
involvement and the impact the ITAM program has on their role or
job function.
3. Program: IT Asset Management is clearly not a project and needs to
be communicated and understood as such.  As a program, it does not
have an end date and requires ongoing management as any other core
business practice

9
Quality: 23 August 2010 06:42 am , Dr. Bill Curtis, Director,
Consortium for IT Software Quality (CISQ) and the co-author of
Capability Maturity Model (CMM) .

Dr. Bill Curtis, Director, Consortium

for IT Software Quality (CISQ) and
the co-author of Capability Maturity
Model (CMM), in an email interview
with Geetaj Channana, talks about the
need for standards in software
development.

10
About Project

11
 Abstract

The security of information available to an organization was

primarily provided through physical and administrative means. For
example, rugged file cabinets with a combination lock were used for
storing sensitive documents and personnel screening procedures
were employed during the hiring process. With the introduction of
the computer, the need for automated tools for protecting files and
other information stored on the computer became evident.

This is especially the case for a shared system and the need is
even more acute for a network. Computer networks were primarily
used by university researches for sending e-mail, and by corporate
employees for sharing printers. Under these conditions, security was
not given much attention. Today, since the world is going global, and
trillions of data are transferred daily across networks, security is
looming on the horizon as a potentially massive problem. The generic
name for the collection of tools designed to protect data and to thwart
hackers is Computer Security.
In the project titled “Digital Signatures” security is ensured
in the Messaging System of an organization. In this application, if an
employee wishes to send confidential information to another
employee connected through the intranet of their organization, he

12
first signs the message and then sends it to the recipient. He signs the
message using Digital Signatures. The person who receives the
message validates the sender and if the message is from an authorized
employee, he reads the message. The above operation is performed
using Digital Signature Algorithm (DSA). This application
makes sure that the security services Authentication, Secrecy,
Integrity, and Non-repudiation are provided to the user. Therefore,
intruders cannot gain access to classified information.

13
2. INTRODUCTION
Scope
The project is confined to the intranet in an organization. This
application makes sure that security services such as secrecy,
authentication, integrity and non-repudiation are provided to the
communicating parties.
Objective
This project has been developed keeping in view the security
features that need to be implemented in the networks following the
fulfillment of these objectives:

 To develop an application that deals with the security threats

that arise in the network.
 To enable the end-users as well as the organizations come out
with a safe messaging communication without any threats from
intruders or unauthorized people.
 To deal with the four inter-related areas of network security
namely Secrecy, Authentication, Non-repudiation and Integrity.
Project Overview
This application makes use of Digital Signature Algorithm

(DSA) along with a hash function. The hash code is provided as

input to a signature function along with a random number

generated for this particular signature. The signature function also

depends on the sender’s private key and a set of parameters known

14
 to a group of At the receiving end, verification is performed. The

receiver generates a quantity that is a function of the public-key

components, the sender’s public key, and the hash code of the

incoming message. If this quantity matches with one of the

components of the signature, then the signature is validated.

This application makes sure that the security services

Authentication, Secrecy, Integrity, and Non-repudiation are provided
to the user.

 This application allows to keep the information out of the hands

of unauthorized persons. This is called Secrecy.

 It also deals with determining whom a person is communicating

with before revealing sensitive information or entering a
business deal. This is called Authentication.

 Non-repudiation deals with proving that a particular

message was sent by a particular person in case he denies it
later.

 Integrity makes sure whether a particular message has been

modified or something has been added to it.

15
Project Profile

DigitalSignature (A secure Messaging

► Product Name :
system)

This application makes sure that

the security services
Authentication, Secrecy,
Integrity, and Non-
► Project Objective :
repudiation are provided to the
user. Therefore, intruders
cannot gain access to classified
information.

► SDLC Model : Water Fall Model

Development
► : Java/J2EE
Technologies

Oracle Weblogic Application Server

► Application Server :
Enterprise Edition
Back-End Oracle Database 10g Enterprise
► :
Database Edition

► Location : ………. ,Noida

16
Problem Definition

Message authentication protects two parties who exchange

messages from any third party. However, it does not protect the two
parties against each other. Several forms of disputes between the two
parties are possible.

For example, suppose that A sends an authenticated message to

B. Consider the following disputes that could arise:

1. B may forge a different message and claim that it came from A.

B would simply have to create a message and append an
authentication code using the key that A and B share.

2. A may deny sending the message. Because it is possible for B to

forge a message, there is no way to prove that A did in fact send the
message.

The most attractive solution to this problem is the Digital Signature.

The Digital Signature is analogous to the handwritten signature. It
must have the following properties:

 It must be able to verify the author and the date and time of the
signature.

 It must be able to authenticate the contents at the time of the

signature.

 The signature must be verified by third parties, to resolve disputes.

17
Thus, the digital signature function includes the authentication
function.

Based on the above properties, the following requirements can

be formulated for the digital signatures:

 The signature must be a bit pattern that depends on the

message being signed.

 The signature must use some information unique to the

sender, to prevent both forgery and denial.

 It must be relatively easy to produce the digital signature.

 It must be relatively easy to recognize and verify the digital

signature.

 It must be computationally infeasible to forge a digital signature,

either by constructing a new message for an existing digital
signature or by constructing a fraudulent digital signature for a
given message.

 It must be practical to retain a copy of the digital signature in

storage.

Proposed System & Targeted User

Existing system
These days almost all organizations around the globe use a
messaging system to transfer data among their employees through
their exclusive intranet. But the security provided is not of high

18
standards. More and more unauthorized people are gaining access to
confidential data.

Disadvantages:
 The validity of sender is not known.
 The sender may deny sending a message that he/she has
actually sent and similarly the receiver may deny the receipt that
he/she has actually received.
 Unauthorized people can gain access to classified data.
 Intruders can modify the messages or the receiver himself may
modify the message and claim that the sender has sent it.

Proposed system
The system will provide the following security services:

Confidentiality:
Confidentiality is the protection of transmitted data from passive
attacks. With respect to the release of message contents, several
levels of protection can be identified. The broadest service protects all
user data transmitted between two users over a period of time. For
example, if a virtual circuit is set up between two systems, this broad

protection would prevent the release of any user data transmitted over
the virtual circuit. Narrower forms of this service can also be defined,
including the protection of a single message or even specific fields
within a message. These refinements are less useful than the broad
approach and may even be more complex and expensive to
implement. The other aspect of confidentiality is the protection of

19
traffic flow from analysis. This requires that an attacker not be able to
observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.

Authentication:
The authentication service is concerned with assuring that a
communication is authentic. In the case of a single message, such as a
warning or alarm signal, the function of the authentication service is to
assure the recipient that the message is from the source that it claims
to be from. In the case of an ongoing interaction, such as the
connection of a terminal to a host, two aspects are involved. First, at
the time of connection initiation, the service assures that the two
entities are authentic (i.e. that each is the entity that it claims to be).
Second, the service must assure that the connection is not interfered
with in such a way that a third party can masquerade as one of the
two legitimate parties for the purposes of unauthorized transmission or
reception.
Integrity:
Integrity basically means ensuring that the data messages are
not modified. An integrity service that deals with a stream of
messages assures that messages are received as sent, with no

duplication, insertion, modification, reordering or replays. The

destruction of data is also covered under this service. Thus the
integrity service addresses both message modification and denial of
service.

20
Non-repudiation:
Non-repudiation prevents either sender or receiver from denying
a transmitted message. Thus, when a message is sent, the receiver
can prove that the message was in fact sent by the alleged sender.
Similarly, when a message is received, the sender can prove that the
message was in fact received by the alleged receiver.

21
System Requirement Specification

 Client Configuration

Intel Pentium IV or equivalent with :

- 512 MB RAM
- 80GB Hard Disk
- OS: Windows 2000 / XP (includes Internet Explorer
version 6)
- Word processing software (Open office / MS Office)
- 100 MBPS Ethernet Card

 Server Configuration
4 Servers each with following configuration :
- 1 CPU
- OS: Windows 2000 / XP (includes Internet Explorer
version 6)
- RAM : 16 GB Minimum
- 120GB X 3 Hard Disk
- Oracle Application Server 10g Enterprise Edition
- Oracle Database 10g Enterprise Edition

22
Data Design

23
24
System Design

25
UML Diagram

26
Data flow diagrams

27
28
2ND Level DFD’S

29
Compose Mail

30
Validate Mail

31
Create Certificate

32
Sent Mail

33
34
SCREEN SHOTS

35
Screen Shots

Screen 1 - Login Screen

36
 Screen 2 – Home Screen

 This is home page of Administrator

37
 This is home page of User

38
Screen 2 – Create Certificate

39
40
 Screen 3 – Compose

 Writing

41
 Attaching files

42
43
 Encryption

44
 Signing

45
46
Screen 4 – Registration

47
48
Screen 5 – Edit Profile

49
Screen 6 – Change Password

50
Screen 7 – Forgot Password

51
52
53
Screen 7 – Sent Mail

54
55
56
 Bibliography

57
Bibliography
Web Resources

 www.java.sun.com
Official Java Website
 www.java.sun.com/developer/onlineTraining/J2EE/Intro
2/j2ee.html
Training for J2EE
 www.java.sun.com/j2se/1.4.2/docs/api/index.html
J2SE Online Documentation from Sun

 www.w3schools.com
JavaScript Tutorials

BOOKS

 API DOCS –JAVA, J2EE, Java Mail, Java Servlets, JSPs

By: Sun Microsystems

 Java2 - The Complete Reference(7TH Edition)

By: Herbert Schildt

 JSP - The Complete Reference

By: Philhanna

 Oracle 10g
By: Ivan Baross

 Software Engineering
By: Roger Pressman

 Head First Servlets & JSP

By: Bryan Bashan, Kathy Sierra & Bert Bates

58