Escolar Documentos
Profissional Documentos
Cultura Documentos
Public-key digital certificate has been widely used in public-key infrastructure (PKI)
to provide user public key authentication. However, the public-key digital certificate itself
cannot be used as a security factor to authenticate user. In this paper, we propose the concept
of generalized digital certificate (GDC) that can be used to provide user authentication and
key agreement.
A GDC contains users public information, such as the information of users digital
drivers license, the information of a digital birth certificate, etc., and a digital signature of the
public information signed by a trusted certificate authority (CA). However, the GDC does not
contain any users public key. Since the user does not have any private and public key pair,
key management in using GDC is much simpler than using public-key digital certificate.
The digital signature of the GDC is used as a secret token of each user that will never
be revealed to any verifier. Instead, the owner proves to the verifier that he has the knowledge
of the signature by responding to the verifiers challenge. Based on this concept, we propose
both discrete logarithm (DL)-based and integer factoring (IF)-based protocols that can
achieve user authentication and secret key establishment.
TABLE OF CONTENTS
1. INTRODUCTION
5. SAMPLE CODE
30
6. OUTPUT SCREENS
48
7. SYSTEM TESTING
57
8. CONCLUSION
63
9. FUTURE ENHANCEMENTS
65
10. BIBLIOGRAPHY
67
1. INTRODUCTION
1.1 Overview:
We propose an innovative approach which enables a user to be authenticated
and a shared secret session key be established with his communication partner using any
general form of digital certificates, such as a digital drivers license, a digital birth
certificate or a digital ID, etc. We call this kind of digital certificate as a generalized digital
certificate (GDC).
A GDC contains users public information and a digital signature of this
public information signed by a trusted CA. However, in GDC, the public information does
not contain any users public key. Since user does not have any private and public key pair,
this type of digital certificate is much easier to manage than the X.509 public-key digital
certificates. The digital signature of the GDC is used as a secret token of each user.
The owner of a GDC never reveals signature of GDC to a verifier in
plaintext. Instead, the owner computes a response to the verifiers challenge to prove that
he has the knowledge of the digital signature. Thus, owning a GDC can provide user
authentication in a digital world. In addition, a secret session key can be established
between the verifier and the certificate owner during this interaction.
There are three entities in a digital certificate application. They are the
following: a) Certificate Authority (CA): CA is the person or organization that digitally
signs a statement with its private key. In PKI applications, the X.509 public-key digital
certificate contains a statement, including the users public key, and a digital signature of
the statement. The difference between the GDC and the existing public-key digital
certificate is that in a GDC, the public information does not contain any users public key.
b) Owner of a GDC: The owner of the GDC is the person who receives the GDC from a
trusted CA over a secure channel. The owner needs to compute a valid answer in
response to the verifiers challenged question in order to be authenticated and establish a
secret session key. c) Verifier: The verifier is the person who challenges the owner of a
GDC and validates the answer using the owners public information and CAs public key.
In most paper-world user identification applications, a trusted authority is
responsible for issuing identification card with user information, such as user name and a
personal photo on the card, to each user. Each user can be successfully identified if the user
owns a legitimate paper certificate and matches the photo on the card. The built-in
tamper-resistant technology made the identification cards very difficult to be forged.
Therefore, owning a paper certificate is the factor in the authentication process. In this
paper, our goal is to propose a similar solution in electronic-world applications. We call it
the generalized digital certificate (GDC).
A GDC contains public information of the user and a digital signature of the
public information signed by a trusted certificate authority. The digital signature will never
be revealed to the verifier. Therefore, the digital signature of a GDC becomes a security
factor that can be used for user authentication.
public-key digital certificate has been widely used in public-key infrastructure (PKI) to
provide authentication on the users public key contained in the certificate. The user is
authenticated if he is able to prove that he has the knowledge of the private key
corresponding to the public key specified in the X.509 public-key digital certificate.
However, the public key digital certificate itself cannot be used to authenticate a user since
a public-key digital certificate contains only public information and can be easily recorded
and played back once it has been revealed to a verifier.
A traditional digital signature provides authentication of a given message to
the receiver. However, this approach can sometimes violate the signers privacy. A
malicious receiver can reveal the senders digital signature to any third-party without the
senders consent. Subsequently, anyone can access the signers public key and validate the
digital signature. In 1989, Chaum and Antwerpen [5] introduced the notion of an
undeniable signature, which enables the signer to have a complete control over his/her
signature. The verification of an undeniable signature requires participation of the message
signer. However, this arrangement can prevent undesirable verifiers from validating the
signature. The real problem of the undeniable signature is that the signer needs to
authenticate the verifier before helping the verifier to validate the undeniable signature
Semantic similarity between entities changes over time and across domains.
SYSTEM ANALYSIS
SYSTEM ANALYSIS
SWINGS
Swing is a large set of components ranging from the very simple, such as labels, to the
very complex, such as tables, trees, and styled text documents. Almost all Swing components
are derived from a single parent called JComponent which extends the AWT Container class.
For this reason, Swing is best described as a layer on top of AWT rather than a
replacement for it. Following figure shows a partial JComponent hierarchy. If you compare
this with the AWT Component hierarchy of figure 1.1, you will notice that each AWT
component has a Swing equivalent that begins with the prefix J. The only exception to this
is the AWT Canvas class, for which JComponent, JLabel, or JPanel can be used as a
replacement. You will also notice many Swing classes that dont have AWT counterparts.
Following Figure represents only a small fraction of the Swing library, but this
fraction contains the classes you will be dealing with the most. The rest of Swing exists to
provide extensive sup-port and customization capabilities for the components these classes
define.
javax.swing
Contains the most basic Swing components, default component models and interfaces. (Most of the classes shown in figure 1.2 are contained in this package.)
javax.swing.border
Contains the classes and interfaces used to define specific border styles. Note that
borders can be shared by any number of Swing components, as they are not components
themselves.
javax.swing.colorchooser
Contains classes and interfaces that support the JColorChooser component, which is
used for color selection. (This package also contains some interesting undocu-mented private
classes.)
javax.swing.event
Contains all Swing-specific event types and listeners. Swing components also support events and listeners defined in java.awt.event and java.beans.
FEASIBILITY STUDY
Preliminary investigation examine project feasibility, the likelihood the system will be
useful to the organization. The main objective of the feasibility study is to test the Technical,
Operational and Economical feasibility for adding new modules and debugging old running
system. All system is feasible if they are unlimited resources and infinite time. There are
aspects in the feasibility study portion of the preliminary investigation:
Technical Feasibility
Operational Feasibility
Economical Feasibility
TECHNICAL FEASIBILITY:
The technical issue usually raised during the feasibility stage of the investigation
includes the following:
Do the proposed equipments have the technical capacity to hold the data required to
use the new system?
Will the proposed system provide adequate response to inquiries, regardless of the
number or location of users?
Are there technical guarantees of accuracy, reliability, ease of access and data
security?
OPERATIONAL FEASIBILITY:
Proposed projects are beneficial only if they can be turned out into information
system. That will meet the organizations operating requirements. Operational feasibility
aspects of the project are to be taken as an important part of the project implementation.
Some of the important issues raised are to test the operational feasibility of a project includes
the following:
Will the system be used and work properly if it is being developed and implemented?
Will there be any resistance from the user that will undermine the possible application
benefits?
This system is targeted to be in accordance with the above-mentioned issues.
Beforehand, the management issues and user requirements have been taken into
consideration. So there is no question of resistance from the users that can undermine the
possible application benefits.
The well-planned design would ensure the optimal utilization of the computer
resources and would help in the improvement of performance status.
ECONOMICAL FEASIBILITY:
A system can be developed technically and that will be used if installed must still be a
good investment for the organization. In the economical feasibility, the development cost in
creating the system is evaluated against the ultimate benefit derived from the new systems.
Financial benefits must equal or exceed the costs.
SYSTEM DESIGN
The analysis representation describes a usage scenario from the end-users perspective.
In this model the data and functionality are arrived from inside the system.
.
Implementation Model View
In this the structural and behavioural as parts of the system are represented as they
are to be built.
In this the structural and behavioural aspects of the environment in which the system is to be
implemented are represented
Sequence Diagram:
A sequence diagram in Unified Modelling Language (UML) is a kind of interaction
diagram that shows how processes operate with one another and in what order. It is a
construct of a Message Sequence Chart. Sequence diagrams are sometimes called event
diagrams, event scenarios, and timing diagrams.
A sequence diagram shows, as parallel vertical lines (lifelines), different processes
or objects that live simultaneously, and, as horizontal arrows, the messages exchanged
between them, in the order in which they occur. This allows the specification of simple
runtime scenarios in a graphical manner.
Activity Diagram:
Activity diagrams are graphical representations of workflows
of stepwise
activities and actions with support for choice, iteration and concurrency.[1]
In the
Unified Modelling Language, activity diagrams can be used to describe the business and
operational step-by-step workflows of components in a system.
An activity diagram shows the overall flow of control. Activity diagrams are
constructed
from a
limited
repertoire of
Class Diagram:
In software engineering, a class diagram in the Unified Modelling Language
(UML) is a type of static structure diagram that describes the structure of a system by
showing the system's classes, their attributes, and the relationships between the classes.
The class diagram is the main building block in object oriented modelling.
They are being used both for general conceptual modelling of the systematic of the
application, and for detailed modelling translating the models into programming code.
The classes in a class diagram represent both the main objects and or interactions in
the application and the objects to be programmed. In the class diagram these classes are
represented with boxes which contain three parts:
A class with three sections:
The upper part holds the name of the class
The middle part contains the attributes of the class
The bottom part gives the methods or operations the class can take or undertake
SAMPLE CODE
Testing
Overview:
Testing Methodologies:
Black box Testing: is the testing process in which tester can perform testing on an
application without having any internal structural knowledge of application.
Usually Test Engineers are involved in the black box testing.
White box Testing: is the testing process in which tester can perform testing on an
application with having internal structural knowledge.
Usually the Developers are involved in white box testing.
Gray box Testing: is the process in which the combination of black box and white
box tonics are used.
Types of Testing
Unit testing
Unit testing refers to tests that verify the functionality of a specific section of code,
usually at the function level. In an object-oriented environment, this is usually at the class
level, and the minimal unit tests include the constructors and destructors These type of
tests are usually written by developers as they work on code (white-box style), to ensure
that the specific function is working as expected.
Integration testing
Integration testing is any type of software testing that seeks to verify the interfaces
between components against a software design. Software components may be integrated in
an iterative way or all together ("big bang"). Normally the former is considered a better
practice since it allows interface issues to be localised more quickly and fixed.
System testing
System testing tests a completely integrated system to verify that it meets its
requirements
Regression testing
Regression testing focuses on finding defects after a major code change has
occurred. Specifically, it seeks to uncover software regressions, or old bugs that have
come back. Such regressions occur whenever software functionality that was previously
working correctly stops working as intended.
Acceptance testing
Acceptance testing can mean one of two things:
1. A smoke test is used as an acceptance test prior to introducing a new build to the main
testing process, i.e. before integration or regression.
2. Acceptance testing performed by the customer, often in their lab environment on their
own hardware, is known as user acceptance testing (UAT). Acceptance testing may be
performed as part of the hand-off process between any two phases of development.
[citation needed]
Alpha testing
Alpha
testing
is
simulated
or
actual
operational
testing
by
potential
users/customers or an independent test team at the developers' site. Alpha testing is often
employed for off-the-shelf software as a form of internal acceptance testing, before the
software goes to beta testing. van Veenendaal, Erik. "Standard glossary of terms used in
Software Testing".
Beta testing
Beta testing comes after alpha testing. Versions of the software, known as beta
versions, are released to a limited audience outside of the programming team. The
software is released to groups of people so that further testing can ensure the product has few
faults or bugs. Sometimes, beta versions are made available to the open public to
increase the feedback field to a maximal number of future users.[citation needed]
Non-functional testing
TestCases:
Test No.
1.
Test Case
Invalid Log In Test:
By providing invalid
User name and
Password
Expected Output
A dialog Box to be
displayed saying
Invalid Login, Access
Denied
Actual Output
A dialog Box is
displayed saying
Invalid Login, Access
Denied
Result
Passed
Passed
passed
It will calculate
cipher text
Passed
5.
passed
Conclusion
In this paper, we have proposed a novel design in using a GDC for user
authentication and key establishment. In our design, a GDC does not contain
the users public key. Since the user does not have any private and public key
pair, this type of digital certificate is much easier to manage than the X.509
public-key digital certificates. Our approach can be applied to both DL-based
and IF-based public-key cryptosystems.
Future Scope
Bibliography