Universal Mail Transporter

Universal Mail Transporter
1. INTRODUCTION
Division Of Computer Engineering, SOE, CUSAT
1.1 INTRODUCTION
This document outlines the various details of "Universal Mail Transporter" including the functional and non functional requirements. It also describes the interface for the system. The objective of this project is to develop an application, which provides security for mail sending completely platform independent. The software is interfaced with SMTP server of Google and the content is encrypted and send. The user needs a G-mail account. This project incorporates ideas of mail sending through an application .UMT which can be used with any mail server application (Yahoo, G-mail, HotMail, RediffMail etc.). The design goal was to develop a set of interfaces that would help in setting up mailing enviournment. But the interfaces were such that the data could be sent not only to mail server, but also to any server capable of understanding mail protocols. That brought almost every J2EE server into picture. Thus APIs created for mail exchange provided a means to exchange huge amounts of data. So the main features are: To login to UMT with User id and Password. If new user register in UMT. Provide option Message Writing System (Drafts, Formatting). Encrypt message and send. Logout the session
1.2 PROJECT OBJECTIVE

Communication is the backbone of any enterprise. Communication, without exchange of data, is unimaginable. In the context of communication between Enterprise level applications, the amount of data would be huge. So using traditional approaches in Electronic Data Interchange wouldnt suffice.

UMT is an innovative email system that provides high-level protection for emails on the Internet. UMT users have safe and secure email correspondence. Only the sender and recipient of UMT can access emails sent through this service. The design goal was to develop a set of interfaces that would help in setting up an emailing environment. But the interfaces were such that the data could be sent not only to mail server, but also to any server capable of understanding mail protocols. That brought almost every J2EE server into the picture. Thus APIs created for mail exchange provided a means to exchange huge amounts of data.
1.3 PROJECT OVERVIEW

UMT has been developed on the principles of public key cryptography, which uses a pair of asymmetric keys (public and private) for encryption/decryption. The public key is freely distributed to all interested parties, and can only be used to encrypt data. The private key is available to a mailbox owner only, and it is used to decrypt messages.
If anyone from the user's correspondents wants to write a secure letter to that user, he will encrypt the letter using the user's public key. When the email is received, the user decrypts it using the private key. No one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key. The Java Mail Application Programming Interface (API) provides a set of abstract classes defining objects that comprise a mail system. The API defines classes like Message, Store and Transport. The API can be extended and can be sub classed to provide new protocols and to add functionality when necessary. In addition, the API provides concrete subclasses of the abstract classes. These subclasses, including Mime Message and MimeBodyPart, implement widely used Internet mail protocols. The Java Mail API doesn't properly validate authenticated user message number attribute, allowing authenticated users to view other's messages. This is a loophole in mail APIs which is overcome in this project using high end security measures. It makes use of the complex Rivest Shamir Adleman (RSA) encryption algorithm to

provide a default security level to the client with the use public and private key pair. This involves generation of public and private key pairs and encrypting the message typed by using any of the pairs generated. The decryption of the message is being done at the receiver end by using the other key pair. This particular Algorithm is used to provide a default level security for each and every message send and received. 1.3.1 CRYPTOGRAPHY Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. It is the science of encoding and decoding secret messages. Cryptography is the science of translating messages into ciphers or codes. The
protection of sensitive communications has been the purpose of cryptography for most of history. The beginnings of cryptology can be traced to the hieroglyphics of early Egyptian civilization (c.1900 B.C.). Ciphering has always been considered vital for diplomatic and military secrecy. Recent successes in applying certain aspects of computer science and physics to cryptology seem to be leading to more secure systems in which encryption is implemented with sophisticated digital electronics. Encryption is the process of taking any form of data (plaintext) message and scrambling it so that it becomes unreadable to anyone, except the authorized receiver who has a key to decrypt it. Encryption produces a ciphertext (coded message). The process of turning the ciphertext back into a plaintext is called decryption. Encryption and decryption require the use of some secret information, called a key. Traditionally, Alice is the sender of the information, Bob is the authorized receiver, and the eavesdropper is obviously name Eve. The basic problem of distributing a key between Alice and Bob is to make a safe transfer despite eavesdropping attempts. A plaintext message is encrypted using the key. Only a person with the same key can decrypt it back to the plaintext (fig 1.1)
Fig 1.1
Cryptographic goals Of all the information security objectives the following four form a framework upon which the others will be derived: (1) privacy or confidentiality; (2) data integrity; (3) authentication; and (4) non-repudiation. 1. Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. 2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution. 3. Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed). 4. Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain Division Of Computer Engineering, SOE, CUSAT 5

actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such authorization was granted. A procedure involving a trusted third party is needed to resolve the dispute. A fundamental goal of cryptography is to adequately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities. There are a number of basic cryptographic tools (primitives) used to provide information security. Examples of primitives include encryption schemes, hash functions, and digital signature schemes. Provides a schematic listing of the primitives considered and how they relate. These primitives should be evaluated with respect to various criteria such as: Level of security This is usually difficult to quantify. Often it is given in terms of the number of operations required (using the best methods currently known) to defeat the intended objective. Typically the level of security is defined by an upper bound on the amount of work necessary to defeat the objective. This is sometimes called the work factor. Functionality Primitives will need to be combined to meet various information security objectives. Which primitives are most effective for a given objective will be determined by the basic properties of the primitives? Methods of operation. Primitives, when applied in various ways and with various inputs, will typically exhibit different characteristics; thus, one primitive could provide very different functionality depending on its mode of operation or usage. Performance

This refers to the efficiency of a primitive in a particular mode of operation. (For example, an encryption algorithm may be rated by the number of bits per second which it can encrypt.)
1.3.2 RSA ALGORITHM The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part of the British GCHQ) but this was a secret until 1997. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. Key Generation Algorithm Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. Compute n = pq and () phi = (p-1)(q-1). Choose an integer e, 1 < e < phi, such that gcd (e, phi) = 1. Compute the secret exponent d, 1 < d < phi, such that ed 1 (mod phi). The public key is (n, e) and the private key is (n, d). The values of p, q, and phi should also be kept secret. n is known as the modulus. e is known as the public exponent or encryption exponent. d is known as the secret exponent or decryption exponent. Encryption Sender A does the following: Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m.

Computes the ciphertext c = m^e mod n. Sends the ciphertext c to B.
Decryption Recipient B does the following: Uses his private key (n, d) to compute m = c^d mod n. Extracts the plaintext from the integer representative m.
1.3.3 STEGANOGRAPHY Steganography is the technique of hiding confidential information within any media. Steganography is often confused with cryptography because the two are similar in the way that they both are used to protect confidential information. The difference between the two is in the appearance in the processed output; the output of steganography operation is not apparently visible but in cryptography the output is scrambled so that it can draw attention. Steganlysis is process to detect of presence of steganography. In this article we have tried to elucidate the different approaches towards implementation of steganography using multimedia file (text, static image, audio and video) and Network IP datagram as cover. Also some methods of steganalysis will be discussed. The most widely used technique today is hiding of secret messages into a digital image. This steganography technique exploits the weakness of the human visual system (HVS). HVS cannot detect the variation in luminance of color vectors at higher frequency side of the visual spectrum. A picture can be represented by a collection of color pixels. The individual pixels can be represented by their optical characteristics like 'brightness', 'chroma' etc. Each of these characteristics can be digitally expressed in terms of 1s and 0s. For example: a 24-bit bitmap will have 8 bits, representing each of the threecolor values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Hence, if the terminal recipient of the data is nothing but human visual system (HVS) then the Least Significant Bit (LSB) can be used for something else other than color information. Division Of Computer Engineering, SOE, CUSAT 8

This technique can be directly applied on digital image in bitmap format as well as for the compressed image format like JPEG. In JPEG format, each pixel of the image is digitally coded using discrete cosine transformation (DCT). The LSB of encoded DCT components can be used as the carriers of the hidden message. The details of above techniques are explained below: Modification of LSB of a cover image in 'bitmap' format In this method binary equivalent of the message (to be hidden) is distributed among the LSBs of each pixel. For example we will try to hide the character A into an 8-bit color image. We are taking eight consecutive pixels from top left corner of the image. The equivalent binary bit pattern of those pixels may be like this: 00100111 11101001 11001000 00100111 11001000 11101001 11001000 00100111 Then each bit of binary equivalence of letter 'A' i.e. 01100101 are copied serially (from the left hand side) to the LSB's of equivalent binary pattern of pixels,resulting the bit pattern will become like this: 00100110 11101001 11001001 00100110 11001000 11101001 11001000 00100111 The only problem with this technique is that it is very vulnerable to attacks such as image compression and formatting. Apply of LSB technique during discrete cosine transformation (DCT) [4] on cover image. The following steps are followed in this case: 1.The Image is broken into data units each of them consists of 8 x 8 block of pixels. 2.Working from top-left to bottom-right of the cover image, DCT is applied to each pixel of each data unit. 3.After applying DCT, one DCT Coefficient is generated for each pixel in data unit. 4.Each DCT coefficient is then quantized against a reference quantization table. 5. The LSB of binary equivalent the quantized DCT coefficient can be replaced by a bit from secret message. 6. Encoding is then applied to each modified quantized DCT coefficient to produce compressed Stego Image.
Figure 2: Example of still imagery steganography. Left hand side image is the original cover image, where as right hand side does embedding a text file into the cover image make the stego image. 1.3.3 THE BASIC ENCRYPTION PROCESS The basic process ensures that when the user feeds the message, the message is delivered to the other end using proper security measures. This is where the RSA algorithm is used as a default security measure for each and every mail being sent out to the other end. The RSA algorithm itself only encrypts numbers. All computer data is ultimately just binary numbers, so the message could be broken into segments and RSA can be applied to each segment. Generation of keys The RSA encryption and decryption makes use of key pairs. Two big random prime numbers are generated which in turn calculates the variables used to produce the keys. The variables are used to generate the public and private keys. The message typed by the user is encrypted by using the private key. When decrypted with the public key it reproduces the original message. This process is secure, because the only way to decrypt and reproduce the original text is by knowing the private key. Choice of Key Size The feature to select the key size is provided to the user for increasing the complexity of the message.
10

Sender's choice for Encryption When the sender has to send a message to the receiver, he/she must be sure of the encryption levels required before sending the message. This system provides the user to make the choice of generating digital certificates or digital signature.
1.3.4 JAVAMAIL API The Java Mail Application Programming Interface (API) provides a set of abstract classes defining objects that comprise a mail system. The API defines classes like Message, Store and Transport. The API can be extended and can be sub classed to provide new protocols and to add functionality when necessary. In addition, the API provides concrete subclasses of the abstract classes. These subclasses, including Mime Message and MimeBodyPart, implement widely used Internet mail protocols. The Java Mail API is designed to make adding electronic mail capability to simple applications easy, while also supporting the creation of sophisticated user interfaces. It includes appropriate convenience classes which encapsulate common mail functions and protocols. It fits with other packages for the Java platform in order to facilitate its use with other Java APIs, and it uses familiar programming models. The Java Mail API is therefore designed to satisfy the following development and runtime requirements: Simple, straightforward class design is easy for a developer to learn and implement. Use of familiar concepts and programming models support code development that interfaces well with other Java APIs.Lightweight classes and interfaces make it easy to add basic mail-handling tasks to any application. When the Security issues come into picture Java mail API proper validate
authenticated user message number attribute, allowing authenticated users to view other's messages. This is a loophole in mail APIs which is overcome in this project using high end security measures used in this project. The RSA algorithm is implemented at the client level to provide default security measures to the user. The
11

implementation of RSA includes the generation of public and private key pairs and encrypting the message typed by using any of the pairs generated. The decryption of the message is being done at the receiver end by using the other key pair. This particular algorithm is used to provide a default level security for each and every message send and received. SENDING OF EMAILS The encrypted messages are send to the form where the mails are to be send and from this point Java Mail API takes over. Whenever a particular mail is being sent, there are various protocols which are being used to deliver the mail. Protocols are rules that define an exact format for communication between systems. In the case of sender mailing systems, there are two main protocols: SMTP (Simple message transfer protocol) Any email client, to transfer mail, contacts the SMTP server of the organization that, in turn, delivers the message to the recipients SMTP server. MIME (Multiple Internet mail Extension) MIME is about the attachment and type of content being delivered. RECEIVING AN EMAIL The message is received by the receiver and is moved on to the decryption phase which shows the actual data to the image. As the sender the receiver also has the particular protocols used in receiving the Email. The protocols are: POP3 (Post office protocol-Version 3) POP3 just ensures that each user has his or her own mailbox. IMAP (Internet Message access protocol) While POP is for offline access of messages, IMAP is for online access.
2. PROBLEM IDENTIFICATION
12
2.1 EXISTING SYSTEM

In the last few years, there has been a vast growth in the use of email applications all over the world. New email applications like Gmail, Yahoo Mail etc. have revolutionized the way we perceive and interact with an email application. These applications has forced and challenged other popular email applications to improve its services and thereby seize a substantial number of users to use their technology. In an era where technology has no defined bounds to its growth, the usage of new facilities could have a negative or positive impact to the overall service of the email application. For example: If we visualize a person sending a message to another, there could be quite a few in number trying to hack the content, especially if its a very important message. A user with wrong intentions can cause a lot of damage. In order to overcome such an issue, security of the data becomes a major concern. LIMITATIONS OF THE EXISTING SYSTEM Sharing of files in network may lead to infringement of security. There will be possibilities for unauthorized access of data. It provides the storing of data in an unprotected mode. Password leakage may occur and it leads to the unauthorized access of data. The intruders will affect original data.
2.2 PROPOSED SYSTEM The Java mail uses a default RSA algorithm which generates the public and private key pair using the two random numbers. These random numbers are used to get the value of n as well as the value of phi[n], which in turn produces the public and private key pairs. The public and private key pairs generated are used to encrypt and decrypt the message typed. The complexity of RSA is verified by the modulus operation used and the usage of prime and co prime numbers. ADVANTAGES OF PROPOSED SYSTEM
13

High level Data security. Can incorporate with any E-mail. Simple & User Friendly. It is a platform independent. Intruders cannot read or modify data.
3. SYSTEM STUDY
3.1 SYSTEM REQUIREMENTS
14

Senders Requirement Needs a more user friendly interface. More and more security. Security feature which are controlled by the user.
Complexity of the security The account bound with a separate username and password for every user. Needs an algorithm which can achieve integrity and authentication.
Receivers Requirement Access to the POP3 server of the mail server from where the mails are going to be extracted. Needs a friendlier interface. Needs a security feature which could make the cryptanalysis more secure.
3.2. REQUIREMENT ANALYSIS

HARDWARE REQUIREMENTS: Processor : Pentium IV 15

RAM Capacity Hard Disk Space Mouse Keyboard Monitor Floppy Disk Drive : 256 MB : : : : 40 GB Standard 104 Keys Standard 15 1.44 MB :MS Compatible
SOFTWARE REQUIREMENTS: Tool Used Front end Back end JAVA Java is a language which is simpler to understand, easier to implement and yet portable across different platforms, than any other OOPS language. It is currently popular because it is compiled to machine independent byte code. This allows programmers to write one kind of program code for all platforms. Not only it is a powerful programming language built to secure, cross-platform and international, but also java is being continually extended to provide language feature and libraries that elegantly handle problems that are difficult in traditional programming languages. Java based systems are easier to understand and express. Classes designed to fit the problem tend to express it better. Java produces a maximum leverage with libraries. This is accomplished by casting libraries into new data types (classes), so that bringing a library means adding new types to the language. Another feature of java is its efficient error handling system, which adds to the robustness to the system. Java exception handling is a way to guarantee that an error is noticed, and that something happens as a result. The primary economic motivation for selecting java is the easy use of existing code in the form of class libraries. Some features of java language are as follows: Division Of Computer Engineering, SOE, CUSAT 16 : : : NetBeans 6.0 Java, J2EE. MYSQL
Object Oriented: Java provides Object Oriented Programming language mechanisms that help to implement the object-oriented model. They are encapsulation, inheritance and polymorphism. Encapsulation - is the mechanism that binds together code and the data it manipulates, and keeps both safe from outside interference and misuse. Inheritance - is the process by which one object acquires the properties of another object. This is important because it supports the concept of hierarchical classification. Polymorphism - is a feature that allows one interface to be used for a general class of actions. Multithreaded: Java support multithreaded programming, which allows writing programs that do many things simultaneously. Multithreading enables to write very efficient programs that make maximum use of CPU, because idle time can be kept to a minimum. Distributed: Java is designed for distributed environment of the Internet, because it handles TCP/IP protocols. Infact, accessing a resource using a URL is not much different from accessing a file. Java also supports Remote method invocation (RMI).This feature enables a program to invoke methods across a network. Portability: Java provides a run-time system which is called Java Virtual Machine, translating a java program into byte code makes it much easier to run a program in a wide verity of environments. The execution of byte code by the JVM helps solve the major problems associated with downloading programs over the internet. The goal of JVM is Write Once; Run anywhere, Any Time, Forever.
Security: When use Java compatible Web browser, one can safely download Java applets without fear of viral infection or malicious intent. Java achieves this protection by confining a Java program to the Java execution environment and not allowing it access to other parts of computer. Java Runtime Environment
17

The runtime environment used to execute the code. It is made up of the java language and java virtual machine. It is portable and it is platform neutral. Java tools It is used by the developers to create java code. They include java compiler, java interpreter, classes, libraries and applet viewer. Java Application Applications are programs written in java to carry out certain tasks on stand local computer. Execution of a stand alone program involves two steps. Java Applets Java applets are pieces of java code that are embedded in HTML document using the applet tag. When the browser encounters such code it automatically download it and execute it. Compiling the source code into byte code using javac. Executing byte code program using java interpreter. alone
Java Virtual Machine It is a specification to which java codes must be written. All java code is to be compiled to be used in this nonexistent virtual machine. Writing the code which compiles in JVM ensures platform independence. ADVANTAGES OF JAVA
18
Java is Robust Java is secure Java is portable Java is garbage collected Java is small Java is dynamic
MY SQL What is a database? Quite simply, it's an organized collection of data. A database management system (DBMS) such as Access, FileMaker Pro, Oracle or SQL Server provides you with the software tools you need to organize that data in a flexible manner. It includes facilities to add, modify or delete data from the database, ask questions (or queries) about the data stored in the database and produce reports summarizing selected contents. MYSQL provides user with one of the simplest DBMS solutions in the market today. MYSQL is a multithreaded, multi-user SQL database management system (DBMS). NETBEANS IDE The Net Beans Platform allows applications to be developed from a set of modular software components called modules. A module is a Java archive file that contains Java classes written to interact with the Net Beans Open APIs and a manifest files that Identifies it as a module. Applications built on modules can be extended by adding new modules. Since modules can be developed independently, applications based on the Net Beans platform can be easily and powerfully extended by third party developers. NETBEANS PLATFORM
19

The Net Beans Platform is a reusable framework for simplifying the development of other desktop applications. When an application based on the Net Beans Platform is run, the platform's Main class is executed. Available modules are located, placed in an in-memory registry, and the modules' startup tasks are executed. Generally, a module's code is loaded into memory only as it is needed. Applications can install modules dynamically. Any application can include the Update Center module to allow users of the application to download digitally-signed upgrades and new features directly into the running application. Installing an upgrade or a new release does not force users to download the entire application again. The platform offers services common to desktop applications, allowing the developer to focus on the logic specific to his application. Among the features of the platform are: User interface management (e.g. menus and toolbars) User settings management Storage management (saving and loading any kind of data) Window management Wizard framework (supports step-by-step dialogs)
The Net Beans Mobility Pack is a tool for developing applications that run on mobile phones. Mobility Pack can be used to write, test, and debug applications for the Java Micro Edition platform (Java ME platform) technology-enabled mobile devices. It integrates support for the Mobile Information Device Profile (MIDP) 2.0, the Connected Limited Device Configuration (CLDC) 1.1. You can easily integrate third-party emulators for a robust testing environment. JAVA DATA BASE CONNECTIVITY (JDBC) Java Data Base Connectivity is a set of relational database objects and methods for interacting with SQL data sources. The JDBC APIs are part of the enterprise APIs of
20

Java 1.1.1 and thus are part of all Java Virtual Machine (JVM) implementations. A Java program first opens a connection to database, makes a Statement object, passes SQL statements to the underlying DBMS through the Statement object, and retrieves the result as well as information about the result UMT. I n an enterprise computing which is largely the black art of managing huge databases, people associated with the enterprise need to be able to use and update the data easily, quickly and securely. The powerful Java Data Base Connectivity (JDBC) suite Java SQL.* Package realizes Java's promise as a serious business programming tools. Java Database Connectivity is a standard SQL database access interface providing uniform access to a wide range of relational databases. It also provides a common base on which higher level tools and interfaces can be built. This comes with an "ODBC bridge". That bridge is a library, which implements JDBC in terms of ODBC standard API. There are many types of drivers used in connecting such as Native API. The driver used here is JDBC-ODBC Bridge. JDBC-ODBC Bridge plus ODBC driver is the crudest possible solution. Applets access database using a combination of JDBC-ODBC Bridge and an ODBC driver. This requires both drivers to be installed on the user's computer - a very cumbersome solution for both Internet and Intranet. JDBC is designed to enable people to access information in database from within platform neutral Java applet and applications; this means that programmer's can built a common database access tool for all of organization computers. With JDBC included in the core Java distributions, every Java Platform can run JDBC code.
JAVA SWING Swing is a GUI toolkit for Java. Swing is one part of the Java Foundation Class (JFC).Swing includes Graphical User Interface (GUI) widgets such as text boxes, buttons, split-panes and tables. Swing widgets provide more sophisticated GUI Division Of Computer Engineering, SOE, CUSAT 21

components than the earlier Abstract Window Toolkit. Since they are written in pure Java, they run the same on all platforms, unlike the AWT, which is tied to the underlying platforms windowing system. Swing supports pluggable look and feel-not by using the native platforms facilities, but by roughly emulating them. This means we can get any supported look and feel on any platform. The disadvantage of lightweight components is possibly slower execution. The advantage is uniform behavior on all platforms. Swing refers to the new library of GUI controls (buttons, sliders, checkboxes, etc.) that replaces the somewhat weak and inflexible AWT controls. Features of Swing Lightweight. Not built on native window-system windows. Much bigger set of built-in controls. Trees, image buttons, tabbed panes, sliders, toolbars, color choosers, tables, text areas to display HTML or RTF, etc. Much more customizable. Can change border, text alignment, or add image to almost any control. Can customize how minor features are drawn. Can separate internal representation from visual appearance. Pluggable look and feel. Can change look and feel at runtime, or design own look and feel. Many miscellaneous new features. Double-buffering built in, tool tips, dock able tool bars, keyboard accelerators, custom cursors, etc.
3.3 SYSTEM ANALYSIS

System analysis is the process of identification of the objectives and requirements, evaluation of alternative solutions and recommendation for a more feasible solution. In other words, system analysis is the step-by-step process of gathering, recording and Interpreting facts. It is the reduction of an entire system by studying the various operations. It includes studying the problems encountered in the present system and introducing a new computer system into an organization. The main aim of analysis is to determine problem areas and decide on solutions to reduce or eliminate them.
22

System analysis itself breaks into two stages. Preliminary and Detailed. During preliminary analysis the analyst list the objectives of the proposed system. These findings come together in the preliminary report. Once the preliminary report is approved, the system analysis phase advances into a second stage. During detailed analysis required data and information are collected and a detailed study is made. During analysis, data are collected on the available files, decision points, and transactions of the system using various tools like data flow diagram.
3.4 FEASIBILITY ANALYSIS

A feasibility study is a test of system proposal according to its workability, impact on the organization, ability to meet user needs and effective use of resources. The objective of feasibility study is not to solve the problem, but to acquire a sense of its scope. During the study, the problem definition is crystallized and aspects of problem to be included in the system are determined, consequently costs and benefits are estimated with greater detail at this stage. The result of feasibility study is a system formal proposal. This is simply a form of documenting or detailing the nature and scope Division Of Computer Engineering, SOE, CUSAT 23

of proposed solution. The proposed summarizes what is known and what is going to be done. The key considerations involved in the feasibility analysis are technical, economic, and operational. Technical Feasibility Technical feasibility is the most important of all types of feasibility analysis. Technical feasibility deals with hardware as well as software requirements. An idea from the outline design to system requirements in terms of inputs outputs, files and procedures is drawn and the type of hardware, software, and the methods required for running the systems are analyzed. Keeping in mind of the above considerations, the resource availability at this company was observed. It was found that the company has the sufficient resources to develop the current project; hence the system is technically feasible. Economic Feasibility Economic analysis is the most frequently used method for evaluating the effectiveness of the software, more commonly known as the cost /benefit analysis. The procedure is to determine the benefits and savings that are expected from a candidate system and compare them with costs. If the benefits outweigh cost, the decision is made to design and implement the system; otherwise further alternatives have to be made. Here it is seen that no new hardware or software is needed for the development of the system. Hence the project is economically feasible for development in this company. Schedule Feasibility Schedule feasibility is concerned with the completion of the project development within the fixed time span. It is an important factor as it can affect other factors like machine availability, tools, cost development and delay in the development of other systems. Besides these, this project is assigned to the student as an academic exercise to be completed within a fixed period of time. Operational Feasibility Division Of Computer Engineering, SOE, CUSAT 24
The purpose of the operational feasibility study is to determine whether the new system would be used if it is developed and implemented? Will there be resistance from users that will undermine the possible application benefits? From the outputs of the meeting that was held with the system users, it was found that all of them support the development of new system. The positive response from them encouraged in building such a system.
4. SYSTEM REQUIREMENT SPECIFICATION

4.1 DESIGN PLAN
The most creative and challenging phase of the system life cycle is system design. The term design describes a final system and the process by which it is developed. It refers to the technical specification that will be applied in implementing the candidate system. It also include the construction of program s and program testing. The question involved here is How the problem is solved. System design is a transition from the user-oriented document to the document-oriented program or database personnel. It emphasizes translating performance specification into
25

the design specification and it involves conceiving and planning and then carrying out the plan for generating the necessary reports and outputs. Design phase acts as the bridge between the software requirements specifications and implementation phase, which satisfies the requirements Major System Design Activities 4.1.1 Input Design 4.1.2 Output Design 4.1.3 Program Design 4.1.1 Input Design: Input design is a process of converting user-oriented input to computer based format. It also includes determining the record media, Method of input, speed of capture and entry into the system. Input design consist of developing specification and procedures for data procedure for data preparations, those necessary steps into put transaction data into usable form of processing, data entry and activity of putting the data into computer for processing. Five objectives guiding the design are input focus on controlling the amount of input required,
avoiding delay, controlling error and keeping the steps simple. The following are the details the system analysts decide while designing: The data to input The details of how data should be arranged or coded The data item and transaction needed validation to detect errors. All input processes have bee designed with at most care to avoid entry of any kind of invalid data into the system. The input screens have been validated effectively in order to give the most accurate input details. Points to be noted while designing the input screens are Dont overcrowd the input screen Division Of Computer Engineering, SOE, CUSAT 26

Keep the same style among the screens Ask for confirmation of critical data Validate data as soon as possible on inputs 4.1.2 Output Design: Designing computer output should proceed in an organized, well throughout manner; the right output element is designed so that people will find the system whether or executed. When we design an output we must identify the specific output that is needed to meet the system. The usefulness of the new system is evaluated on the basis of their output. Once the output requirements are determined, the system designer can decide what to include in the system and how to structure it so that the require output can be produced. For the proposed software, it is necessary that the output reports be compatible in format with the existing reports. The output must be concerned to the overall performance and the systems working, as it should. It consists of developing specifications and procedures for data preparation, those steps necessary to put the inputs and the desired output, i.e. maximum user friendly. Proper messages and appropriate directions can control errors committed by users.
The output design is the key to the success of any system. Output is the key between the user and the sensor. The output must be concerned to the systems working, as it should. Output design consists of displaying specifications and procedures as data presentation. User never left with the confusion as to what is happening without appropriate error and acknowledges message being received. 4.1.3 Program Design:
27

On the analysis based on the requirement the program is design taking into consideration all program aspects. The structure requires, the control flow etc are decided for efficient functioning of the system that was to be developed.
4.2 LOGICAL DESIGN

In logical the proposed system represents. Drawing the Data Flow Diagram of the proposed system 4.2.1 Data Flow Diagram (DFD) The DFD is also known as the bubble chart. It is a simple graphical formalism that can be used to represent a system in terms of data to the system, various processing carried out on these data and the output data generated by the system. The main reason why this DFD technique is so popular is so probably because of the fact that DFD is very simple to
28

understand and use. A DFD model uses very limited number of primitives symbols to represent the functions performed by a system and the data flow among these systems. Starting with a set of high level functions that a system performance of DFD model in hierarchically it represent various sub function. The Data Flow Diagramming technique also follows a simple set of intuitive concepts and rules. Data flow diagram (DFD) is used to show how data flows through the system and the processes that transfer the input data into output. Data flow diagram are a way of expressing system requirements in a graphical manner. DFD represents one of the most ingenious tools used for structured analysis In the normal convention, logical DFD can be completed using only four notations. Function Symbol:
A function is represented using a circle. This symbol is called a processes or a bubble. Bubbles are annotated with the names of corresponding functions. External Entity Symbol:
An external such as a user, project manager etc. is represented by a square. The external entities are essentially those physical entities external to the application system, which interact with the system by inputting data to the system or by consuming the data produced by the system. In addition to the human users the external entity symbol can be used to represent external hardware and software such as application software.
29

Data Flow Symbol:
A directed arc or an arrow is used as a Data Flow Symbol. This represents the data flow occurring between two processes or between an external entity and a process; in direction of the Data Flow Arrow. Data flow symbol are annotated with corresponding data names. Data Store Symbol:
A data store represents a logical file; it is represented using two parallel lines. A logical file can represent either data store symbol, which can represent either data structure or a physical file on disk. Each data store is connected to a process means of data flow symbol. The direction of the data flow arrow shows whether data is being read from or written into a data store. An arrow flowing in or out of a data store implicitly represents the entire area of the data store and hence arrows connecting to a data store need not be annotated with the names of the corresponding data items. Output Symbol: The output symbol is used when a hard copy is produced and the user of the copies cannot be clearly specified or there are several users of the output. The DFD at the simplest level is referred to as the CONTEXT ANALYSIS DIAGRAM. These are expanded by level, each explaining its process in detail. Processes are numbered for easy identification and are normally labeled in block letters. Each data flow is labeled for easy understanding.
30

4.2.2 Context Diagram: The context diagram is the most abstract data flow representation of a system. It represents the entire system as a single bubble. This bubble is labeled according to the main function of the system. The various external entities are also represented as incoming and outgoing arrows. These data flow arrows should be annotated with the corresponding data names. The name context diagram is well justified because it represents the context in the which the system is to exist, i.e. the external entities who would interact with the system and the specific data items they would be supplying to the system and the data items they would be receiving from the system. The context diagram is also called the Level 0 DFD. To develop the context diagram o the system, we have to analyze the SRS document to identify the difference types of users who would be using the system and the kinds of data they would be inputting to the system and the data they would be receiving
from the system. Here, the term users of the system also include the external system, which supply data to or receive data from the system. How to develop the DFD of a system : The SRS document is examined to determine: Different high-level functions that the system needs to perform. Data input to every high-level function. Data output from every high-level function. Interactions among the identified high level functions. These aspects of high-level functions are then represented in a diagrammatic form. This forms top level DFD. The high level functions described in the SRS document are examined. If there between three to seven high level requirements, then each of the high-level functions can be represented in the form of a bubble.
31

If there are more than seven bubbles, then some of them have to be combined. If there are less than three bubbles, then some of them need to be split. Each high-level function is decomposed into constituent sub-functions through the following set of activities: Different sub functions of the high-level functions are identified. Data input to each of these sub functions are identified. Data output from each of the sub functions is identified. Interactions among these sub functions are identified.
DATA FLOW DIAGRAM Context Level DFD
Sender
UMT Message Message Message
Receiver
32
Level 1 DFD
Receiver
R
Info
Key Generation
Public key, Private Key
Sends public Key
33
Public key
UMT Mail
Public key, username, mailid
Sender
Level 2 DFD
Sender
Key Manager
34
Database
Level 3 DFD Message
Sender
Database
username
Retrieve public key & user name Public key Public key, Username
ENCRYPT
Encrypted message
35
UMT Mail
Mail
Receiver
Level 4 DFD
Receiver
Encrypted message, Private Key
DECRYPT Message
Receiver
36
4.3 TEST PLAN

The primary goal of a test plan is to define testing procedures that will ensure the software is functionally correct from a documentation perspective and will verify application scalability limits. It also proves that reliability and fail over aspects of the system can indeed survive instances of system failure. Test Procedure The procedure as follows: Prepare the test case. Record the expected results and verify whether in tune with actual results. If actual results are not in tune expected results do the necessary rework. Test again and check for the result. If the test results are satisfactory, wind up testing. Stop Criteria Testing can be wrapped up when: Actual test results matches with the expected ones. System performance well in the specified environment. Depending on the size of the project, test group prerequisites, scope, areas of primary concern, functional criteria, stress, criteria and failure modes following tests are planned. Unit Testing Division Of Computer Engineering, SOE, CUSAT 37

Integration Testing Validation Testing Output Testing User Acceptance Testing
5. DESIGN
5.1 DATABASE DESIGN
The primary need at the outset of design is the database. An important requirement in the design is the representation of data in different tables. The data items for tables are classified based on their characteristics. The relationships between the data items are identified in each table. Certain data that are unlikely to be changed and those that would facilitate the operation of the other processes are kept in the master tables. Similarly data that form a part of transaction are put into the transaction table. Thus, looking at the different data available, tables are carefully done aiming to achieve its main objective such as: Data Integration Data Independence Normalization Normalization is the process of analyzing the given relation schemas based on their Functional Dependencies and primary keys to achieve the desirable properties of Minimizing Redundancy Minimizing the insertion, deletion and updating anomalies.
38
Normalization is carried out for the following reasons: To structure the data so that perfect relationship between entries can be represented. To permit simple retrieval of data in response query and report requests. To reduce the need to restructure or reorganize data when new application requirement arises. Normalization consists of various levels: First Normal Form (1NF) A table is in 1NF if There are no duplicate rows in the table. Each cell is single valued. Entries in a column are of the same kind. Second Normal Form (2NF) Second Normal form is based on the concept of full functional dependency. A table (relation) is in 2NF if It is in First Normal Form and if all non-key attributes are dependent on the key. Dependent on only a part of the (composite) key, the definition of 2NF is sometimes phrased as, A table is in 2nF if it is in 1NF and if it has no partial dependencies. Third Normal Form (3NF) Third Normal Form is based on the concept of transitive dependency. A table (relation) is in 3NF if It is in Second Normal Form and if it has no transitive dependencies.
39
TABLES USED userdata Column Name Username Emailed Publickey Data Type Text Text Text Description Primary Key Not Null Not Null
5.2 USER INTERFACE DESIGN

User interface design creates an effective communication medium between a human and a computer. Following a set of interface design principles, design identifies interface objects and actions and then creates a screen layout that forms the basis for a user interface prototype. A software engineer designs the user interface by applying an iterative process that draws on predefined design principles. User interface design begins with the identification of the user, task and environmental requirements. Once user tasks have been identified, user scenarios are created and analyzed to define a set of interface objects and actions. These form the basis for the creation of screen layout that depicts graphical design and placement of icons, definition of descriptive screen test, specification and titling of windows, and specification of major and minor menu items. Tools are used to prototype and ultimately implement the design model, and the result is evaluated for quality. In this project the various forms were designed by keeping the layout of original forms in mind. The system is user friendly, the receiver generates the public key and send through mail, sender saves username, mail id and public key of the receiver, encrypted message send to the receiver, receiver decrypts the message, etc are done through the various forms collected and the input screens were designed accordingly. If user give any illegal values in this form, will give appropriate error message.
40
6. SYSTEM DEVELOPMENT
SYSTEM DEVELOPMENT System development is a series of operations performed to manipulate data to produce output from a computer system. This is highly dependent on the programming language used. The principle activities during the development phase can be divided into two major related sequences: External system development Internal system development The major external system development activities are: Implementation Planning Equipment acquisition Installation The major internal system development activities are: Computer program development Performance testing In one of their early papers about the language, Sun described Java as follows: Java: A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral,
41

portable, high-performance, multithreaded, and dynamic language. Sun acknowledges that this is quite a string of buzzwords, but the fact is that, for the most part, they aptly describe the language. In order to understand why Java is so interesting, let's take a look at the language features behind the buzzwords It has the following characteristics: Robust Portable Secure, Dynamic
7. SYSTEM TESTING
TESTING
System testing is the stage of implementation, which is aimed at ensuring that the system works accurately and efficiently before live operation commences. Testing is vital to the success of the system. An elaborate testing of data is prepared and the system is tested using this test data. While testing error noted and corrections are made. The users are trained to operate the developed system. Both hardware and software securities are made to run the developed system successfully in future. Testing steps: Unit Testing Integration Testing Validation Testing Output Testing User Acceptance Testing Unit Testing Unit testing focuses verification efforts on the smallest unit of software design, the module. This is also known as Module Testing. The modules are tested separately. This testing is carried out during programming stage itself. In these testing steps each
42

Module is found to be working satisfactorily as regard to the expected output from the module. Integration Testing Integration testing is a systematic technique for constructing tests to uncover errors Associated within the interface. In this project, all the modules combined, and then entire Program is tested as a whole. Thus in the integration testing step, all the errors uncovered are corrected for the next testing steps. Validation Testing Validation testing is where requirements established as a part of software requirement analysis is validated against the software that has been constructed. This test provides the final assurance that the software meets all functional, behavioral and performance requirements .The errors, which are uncovered during integration testing, are corrected during this phase. Output Testing After performing the validation testing, the next step is output testing of the proposed system since no system could be useful if it does not produce the required output in the specific format. The Output generated or displayed by the system under consideration is tested asking the users about the format required by then. Here, the output is considered into two ways: one is on the screen and the other is printed format. The output format on the screen is found to be correct as the format designed according to the user needs .For the hard copy also, the output comes out as specified by the user. Hence output testing doesnt result in any connection in the system. User Acceptance Testing User acceptance of a system is the key factor for the success of any system. The system under consideration is tested for user acceptance by constantly keeping in touch with
43

the prospective system users at time of developing and making for Site Downloader system. The testing of the software began along with coding. Since the design was fully objectoriented, first the interfaces were developed and tested. Then unit testing was done for every module in the software for various inputs, such that each line of code is at least once executed
After all modules were coded the integration test were carried out. Some minor errors were found in the output at the earlier stage and each of them was corrected. In the implementation of user interface part no major errors were found. After the software was completely developed, the testing was done.
44
8. IMPLEMENTATION AND MAINTENANCE

8.1 SYSTEM IMPLEMENTATION
The implementation stage is the next step towards the problem solution. Here the details like which coding language is used is decided and the coding is done in the specified language. The implementation is the practical job of putting a theoretical design in the practice. It may involve the complete implementation of a computer complex or the introduction of one small subsystem. The implementation phase of a project covers the period from the acceptance of the test design to its satisfactory operation support by the appropriate user and operations manual. It is a major operation across the whole organizational structure and requires a great deal of planning. Planning for implementation must begin from the initial conception of the project. It requires a thorough knowledge of the new system, its personal needs, hardware and software requirements, file and procedure conversion activities, etc. Only the analyst is responsible for creating the new system will possess this knowledge. He can plan, schedule and co- ordinate but has no executive powers.
8.2 MAINTENANCE
45

Development is a single activity. Maintenance is a continuous activity. Maintenance involves activities like inspections, corrections and enhancement. Once the system is delivered and deployed, it enters the maintenance phase. The system need to be maintained not because of some of its components wear out and need to be replaced, but because there are some residual errors remaining in the system that must be removed as they are discovered. This includes activities related to debugging the software after it goes live, changes required to address evolving software and enhancement to meet changing customer requirements. So maintenance phase involves: Understanding the effects of change. Testing the new parts. Retesting the old parts that were not changed Making changes-to both the code and the documents. These changes have to be signed by the user before the change can be carried out. Since requirement change request involves cost, user will be cautious while requesting the software changes. The software will require continued support. The system maintenance means the maintenance activities after and during the system development processes. This include activities related to debugging the software after it goes live, changes acquired to meet change in users requirement. Three type of maintenance: Corrective maintenance. Adaptive maintenance. Perfective maintenance. Maintenance phase identifies if there are any changes required in the current system. If the changes are identified, then an analysis is made to identify if the changes are really required. Cost benefit analysis is a way to find out if the change is really essential.
8.3 FUTURE ENHANCEMENTS

The future enhancements have a very important role in any system that is developed and implemented. In case of Secure Email Transaction System, the future
46

enhancements expected are, the encrypted message is embedded in an image chosen randomly using Steganography and then sent to the respective recipient. This level of security would definitely give the hackers a hard chase to even coming close to knowing the message content. Steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file. The system has been made or designed, keeping the present and future requirements in mind. Proper consideration has been given for a wide range of enhancements in future throughout the development of the software. All the functions have been done carefully and successfully in software and if any development is necessary in future it can be done without affecting the design by adding additional modules to the system. The software is designed according to the present configuration files of various services and tools used.
47
9. CONCLUSION
CONCLUSION
In the last few years, there has been a sudden growth in the usage of email applications all over the world. New email applications like Gmail, Yahoo Mail etc. have revolutionized the way we perceive and interact with an email application. It has forced and challenged other popular email applications to improve its services and thereby seize a substantial number of users to use their technology. In an era where technology has no defined bounds to its growth, the usage of new facilities could have a negative or positive impact to the overall service of the email application. For example: If we visualize a person sending a message to another, there could be quite a few in number trying to hack the content, especially if its a very important message. A user with wrong intentions can cause a lot of damage. In order to overcome such an issue, security of the data becomes a major concern. The various popular e-mail applications currently being used to provide security all have a single encryption level and also loopholes to it has also been found. To make the transactions more secure, we implement complex algorithm to encrypt the message. This dual layer encryption provides a standard security to the data being sent and also provides the standard e-mail features. This system brings forth a completely new idea of message transaction and opens a new opportunity to a better means of data exchange.
48
10. REFERENCES
REFERENCES
1.Java: The Complete Reference, by Herbert Schmidt ,Tata Mc Graw Hill Publication 2.J2EE: The Complete Reference, by Jim Keogh, Tata Mc Graw Hill Publication 3.Netbeans:The Definitive Guide, by Tim Boudreau, Jesse Glick, Simeon Greene, Vaughn Spurlin, Jack J. Woehr, O'Reilly Publication
WEBSITE
www.google.com
www.rsasecurity.com
49
50

Universal Mail Transporter

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Universal Mail Transporter

Diunggah oleh

Hak Cipta:

Format Tersedia

Universal Mail Transporter

Division Of Computer Engineering, SOE, CUSAT