Universal Mail Transporter
Universal Mail Transporter
Universal Mail Transporter
1. INTRODUCTION
1.1 INTRODUCTION
This document outlines the various details of "Universal Mail Transporter" including the functional and non functional requirements. It also describes the interface for the system. The objective of this project is to develop an application, which provides security for mail sending completely platform independent. The software is interfaced with SMTP server of Google and the content is encrypted and send. The user needs a G-mail account. This project incorporates ideas of mail sending through an application .UMT which can be used with any mail server application (Yahoo, G-mail, HotMail, RediffMail etc.). The design goal was to develop a set of interfaces that would help in setting up mailing enviournment. But the interfaces were such that the data could be sent not only to mail server, but also to any server capable of understanding mail protocols. That brought almost every J2EE server into picture. Thus APIs created for mail exchange provided a means to exchange huge amounts of data. So the main features are: To login to UMT with User id and Password. If new user register in UMT. Provide option Message Writing System (Drafts, Formatting). Encrypt message and send. Logout the session
If anyone from the user's correspondents wants to write a secure letter to that user, he will encrypt the letter using the user's public key. When the email is received, the user decrypts it using the private key. No one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key. The Java Mail Application Programming Interface (API) provides a set of abstract classes defining objects that comprise a mail system. The API defines classes like Message, Store and Transport. The API can be extended and can be sub classed to provide new protocols and to add functionality when necessary. In addition, the API provides concrete subclasses of the abstract classes. These subclasses, including Mime Message and MimeBodyPart, implement widely used Internet mail protocols. The Java Mail API doesn't properly validate authenticated user message number attribute, allowing authenticated users to view other's messages. This is a loophole in mail APIs which is overcome in this project using high end security measures. It makes use of the complex Rivest Shamir Adleman (RSA) encryption algorithm to
protection of sensitive communications has been the purpose of cryptography for most of history. The beginnings of cryptology can be traced to the hieroglyphics of early Egyptian civilization (c.1900 B.C.). Ciphering has always been considered vital for diplomatic and military secrecy. Recent successes in applying certain aspects of computer science and physics to cryptology seem to be leading to more secure systems in which encryption is implemented with sophisticated digital electronics. Encryption is the process of taking any form of data (plaintext) message and scrambling it so that it becomes unreadable to anyone, except the authorized receiver who has a key to decrypt it. Encryption produces a ciphertext (coded message). The process of turning the ciphertext back into a plaintext is called decryption. Encryption and decryption require the use of some secret information, called a key. Traditionally, Alice is the sender of the information, Bob is the authorized receiver, and the eavesdropper is obviously name Eve. The basic problem of distributing a key between Alice and Bob is to make a safe transfer despite eavesdropping attempts. A plaintext message is encrypted using the key. Only a person with the same key can decrypt it back to the plaintext (fig 1.1)
Fig 1.1
Cryptographic goals Of all the information security objectives the following four form a framework upon which the others will be derived: (1) privacy or confidentiality; (2) data integrity; (3) authentication; and (4) non-repudiation. 1. Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. 2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution. 3. Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed). 4. Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain Division Of Computer Engineering, SOE, CUSAT 5
1.3.2 RSA ALGORITHM The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part of the British GCHQ) but this was a secret until 1997. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. Key Generation Algorithm Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. Compute n = pq and () phi = (p-1)(q-1). Choose an integer e, 1 < e < phi, such that gcd (e, phi) = 1. Compute the secret exponent d, 1 < d < phi, such that ed 1 (mod phi). The public key is (n, e) and the private key is (n, d). The values of p, q, and phi should also be kept secret. n is known as the modulus. e is known as the public exponent or encryption exponent. d is known as the secret exponent or decryption exponent. Encryption Sender A does the following: Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m.
Decryption Recipient B does the following: Uses his private key (n, d) to compute m = c^d mod n. Extracts the plaintext from the integer representative m.
1.3.3 STEGANOGRAPHY Steganography is the technique of hiding confidential information within any media. Steganography is often confused with cryptography because the two are similar in the way that they both are used to protect confidential information. The difference between the two is in the appearance in the processed output; the output of steganography operation is not apparently visible but in cryptography the output is scrambled so that it can draw attention. Steganlysis is process to detect of presence of steganography. In this article we have tried to elucidate the different approaches towards implementation of steganography using multimedia file (text, static image, audio and video) and Network IP datagram as cover. Also some methods of steganalysis will be discussed. The most widely used technique today is hiding of secret messages into a digital image. This steganography technique exploits the weakness of the human visual system (HVS). HVS cannot detect the variation in luminance of color vectors at higher frequency side of the visual spectrum. A picture can be represented by a collection of color pixels. The individual pixels can be represented by their optical characteristics like 'brightness', 'chroma' etc. Each of these characteristics can be digitally expressed in terms of 1s and 0s. For example: a 24-bit bitmap will have 8 bits, representing each of the threecolor values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Hence, if the terminal recipient of the data is nothing but human visual system (HVS) then the Least Significant Bit (LSB) can be used for something else other than color information. Division Of Computer Engineering, SOE, CUSAT 8
Figure 2: Example of still imagery steganography. Left hand side image is the original cover image, where as right hand side does embedding a text file into the cover image make the stego image. 1.3.3 THE BASIC ENCRYPTION PROCESS The basic process ensures that when the user feeds the message, the message is delivered to the other end using proper security measures. This is where the RSA algorithm is used as a default security measure for each and every mail being sent out to the other end. The RSA algorithm itself only encrypts numbers. All computer data is ultimately just binary numbers, so the message could be broken into segments and RSA can be applied to each segment. Generation of keys The RSA encryption and decryption makes use of key pairs. Two big random prime numbers are generated which in turn calculates the variables used to produce the keys. The variables are used to generate the public and private keys. The message typed by the user is encrypted by using the private key. When decrypted with the public key it reproduces the original message. This process is secure, because the only way to decrypt and reproduce the original text is by knowing the private key. Choice of Key Size The feature to select the key size is provided to the user for increasing the complexity of the message.
10
1.3.4 JAVAMAIL API The Java Mail Application Programming Interface (API) provides a set of abstract classes defining objects that comprise a mail system. The API defines classes like Message, Store and Transport. The API can be extended and can be sub classed to provide new protocols and to add functionality when necessary. In addition, the API provides concrete subclasses of the abstract classes. These subclasses, including Mime Message and MimeBodyPart, implement widely used Internet mail protocols. The Java Mail API is designed to make adding electronic mail capability to simple applications easy, while also supporting the creation of sophisticated user interfaces. It includes appropriate convenience classes which encapsulate common mail functions and protocols. It fits with other packages for the Java platform in order to facilitate its use with other Java APIs, and it uses familiar programming models. The Java Mail API is therefore designed to satisfy the following development and runtime requirements: Simple, straightforward class design is easy for a developer to learn and implement. Use of familiar concepts and programming models support code development that interfaces well with other Java APIs.Lightweight classes and interfaces make it easy to add basic mail-handling tasks to any application. When the Security issues come into picture Java mail API proper validate
authenticated user message number attribute, allowing authenticated users to view other's messages. This is a loophole in mail APIs which is overcome in this project using high end security measures used in this project. The RSA algorithm is implemented at the client level to provide default security measures to the user. The
11
2. PROBLEM IDENTIFICATION
12
2.2 PROPOSED SYSTEM The Java mail uses a default RSA algorithm which generates the public and private key pair using the two random numbers. These random numbers are used to get the value of n as well as the value of phi[n], which in turn produces the public and private key pairs. The public and private key pairs generated are used to encrypt and decrypt the message typed. The complexity of RSA is verified by the modulus operation used and the usage of prime and co prime numbers. ADVANTAGES OF PROPOSED SYSTEM
13
3. SYSTEM STUDY
3.1 SYSTEM REQUIREMENTS
14
Complexity of the security The account bound with a separate username and password for every user. Needs an algorithm which can achieve integrity and authentication.
Receivers Requirement Access to the POP3 server of the mail server from where the mails are going to be extracted. Needs a friendlier interface. Needs a security feature which could make the cryptanalysis more secure.
SOFTWARE REQUIREMENTS: Tool Used Front end Back end JAVA Java is a language which is simpler to understand, easier to implement and yet portable across different platforms, than any other OOPS language. It is currently popular because it is compiled to machine independent byte code. This allows programmers to write one kind of program code for all platforms. Not only it is a powerful programming language built to secure, cross-platform and international, but also java is being continually extended to provide language feature and libraries that elegantly handle problems that are difficult in traditional programming languages. Java based systems are easier to understand and express. Classes designed to fit the problem tend to express it better. Java produces a maximum leverage with libraries. This is accomplished by casting libraries into new data types (classes), so that bringing a library means adding new types to the language. Another feature of java is its efficient error handling system, which adds to the robustness to the system. Java exception handling is a way to guarantee that an error is noticed, and that something happens as a result. The primary economic motivation for selecting java is the easy use of existing code in the form of class libraries. Some features of java language are as follows: Division Of Computer Engineering, SOE, CUSAT 16 : : : NetBeans 6.0 Java, J2EE. MYSQL
Object Oriented: Java provides Object Oriented Programming language mechanisms that help to implement the object-oriented model. They are encapsulation, inheritance and polymorphism. Encapsulation - is the mechanism that binds together code and the data it manipulates, and keeps both safe from outside interference and misuse. Inheritance - is the process by which one object acquires the properties of another object. This is important because it supports the concept of hierarchical classification. Polymorphism - is a feature that allows one interface to be used for a general class of actions. Multithreaded: Java support multithreaded programming, which allows writing programs that do many things simultaneously. Multithreading enables to write very efficient programs that make maximum use of CPU, because idle time can be kept to a minimum. Distributed: Java is designed for distributed environment of the Internet, because it handles TCP/IP protocols. Infact, accessing a resource using a URL is not much different from accessing a file. Java also supports Remote method invocation (RMI).This feature enables a program to invoke methods across a network. Portability: Java provides a run-time system which is called Java Virtual Machine, translating a java program into byte code makes it much easier to run a program in a wide verity of environments. The execution of byte code by the JVM helps solve the major problems associated with downloading programs over the internet. The goal of JVM is Write Once; Run anywhere, Any Time, Forever.
Security: When use Java compatible Web browser, one can safely download Java applets without fear of viral infection or malicious intent. Java achieves this protection by confining a Java program to the Java execution environment and not allowing it access to other parts of computer. Java Runtime Environment
17
Java Virtual Machine It is a specification to which java codes must be written. All java code is to be compiled to be used in this nonexistent virtual machine. Writing the code which compiles in JVM ensures platform independence. ADVANTAGES OF JAVA
18
Java is Robust Java is secure Java is portable Java is garbage collected Java is small Java is dynamic
MY SQL What is a database? Quite simply, it's an organized collection of data. A database management system (DBMS) such as Access, FileMaker Pro, Oracle or SQL Server provides you with the software tools you need to organize that data in a flexible manner. It includes facilities to add, modify or delete data from the database, ask questions (or queries) about the data stored in the database and produce reports summarizing selected contents. MYSQL provides user with one of the simplest DBMS solutions in the market today. MYSQL is a multithreaded, multi-user SQL database management system (DBMS). NETBEANS IDE The Net Beans Platform allows applications to be developed from a set of modular software components called modules. A module is a Java archive file that contains Java classes written to interact with the Net Beans Open APIs and a manifest files that Identifies it as a module. Applications built on modules can be extended by adding new modules. Since modules can be developed independently, applications based on the Net Beans platform can be easily and powerfully extended by third party developers. NETBEANS PLATFORM
19
The Net Beans Mobility Pack is a tool for developing applications that run on mobile phones. Mobility Pack can be used to write, test, and debug applications for the Java Micro Edition platform (Java ME platform) technology-enabled mobile devices. It integrates support for the Mobile Information Device Profile (MIDP) 2.0, the Connected Limited Device Configuration (CLDC) 1.1. You can easily integrate third-party emulators for a robust testing environment. JAVA DATA BASE CONNECTIVITY (JDBC) Java Data Base Connectivity is a set of relational database objects and methods for interacting with SQL data sources. The JDBC APIs are part of the enterprise APIs of
20
JAVA SWING Swing is a GUI toolkit for Java. Swing is one part of the Java Foundation Class (JFC).Swing includes Graphical User Interface (GUI) widgets such as text boxes, buttons, split-panes and tables. Swing widgets provide more sophisticated GUI Division Of Computer Engineering, SOE, CUSAT 21
22
The purpose of the operational feasibility study is to determine whether the new system would be used if it is developed and implemented? Will there be resistance from users that will undermine the possible application benefits? From the outputs of the meeting that was held with the system users, it was found that all of them support the development of new system. The positive response from them encouraged in building such a system.
25
avoiding delay, controlling error and keeping the steps simple. The following are the details the system analysts decide while designing: The data to input The details of how data should be arranged or coded The data item and transaction needed validation to detect errors. All input processes have bee designed with at most care to avoid entry of any kind of invalid data into the system. The input screens have been validated effectively in order to give the most accurate input details. Points to be noted while designing the input screens are Dont overcrowd the input screen Division Of Computer Engineering, SOE, CUSAT 26
The output design is the key to the success of any system. Output is the key between the user and the sensor. The output must be concerned to the systems working, as it should. Output design consists of displaying specifications and procedures as data presentation. User never left with the confusion as to what is happening without appropriate error and acknowledges message being received. 4.1.3 Program Design:
27
28
A function is represented using a circle. This symbol is called a processes or a bubble. Bubbles are annotated with the names of corresponding functions. External Entity Symbol:
An external such as a user, project manager etc. is represented by a square. The external entities are essentially those physical entities external to the application system, which interact with the system by inputting data to the system or by consuming the data produced by the system. In addition to the human users the external entity symbol can be used to represent external hardware and software such as application software.
29
A directed arc or an arrow is used as a Data Flow Symbol. This represents the data flow occurring between two processes or between an external entity and a process; in direction of the Data Flow Arrow. Data flow symbol are annotated with corresponding data names. Data Store Symbol:
A data store represents a logical file; it is represented using two parallel lines. A logical file can represent either data store symbol, which can represent either data structure or a physical file on disk. Each data store is connected to a process means of data flow symbol. The direction of the data flow arrow shows whether data is being read from or written into a data store. An arrow flowing in or out of a data store implicitly represents the entire area of the data store and hence arrows connecting to a data store need not be annotated with the names of the corresponding data items. Output Symbol: The output symbol is used when a hard copy is produced and the user of the copies cannot be clearly specified or there are several users of the output. The DFD at the simplest level is referred to as the CONTEXT ANALYSIS DIAGRAM. These are expanded by level, each explaining its process in detail. Processes are numbered for easy identification and are normally labeled in block letters. Each data flow is labeled for easy understanding.
30
from the system. Here, the term users of the system also include the external system, which supply data to or receive data from the system. How to develop the DFD of a system : The SRS document is examined to determine: Different high-level functions that the system needs to perform. Data input to every high-level function. Data output from every high-level function. Interactions among the identified high level functions. These aspects of high-level functions are then represented in a diagrammatic form. This forms top level DFD. The high level functions described in the SRS document are examined. If there between three to seven high level requirements, then each of the high-level functions can be represented in the form of a bubble.
31
Sender
UMT Message Message Message
Receiver
32
Level 1 DFD
Receiver
R
Info
Key Generation
33
Public key
UMT Mail
Sender
Level 2 DFD
Sender
Key Manager
34
Database
Sender
Database
username
Retrieve public key & user name Public key Public key, Username
ENCRYPT
Encrypted message
35
UMT Mail
Receiver
Level 4 DFD
Receiver
DECRYPT Message
Receiver
36
5. DESIGN
5.1 DATABASE DESIGN
The primary need at the outset of design is the database. An important requirement in the design is the representation of data in different tables. The data items for tables are classified based on their characteristics. The relationships between the data items are identified in each table. Certain data that are unlikely to be changed and those that would facilitate the operation of the other processes are kept in the master tables. Similarly data that form a part of transaction are put into the transaction table. Thus, looking at the different data available, tables are carefully done aiming to achieve its main objective such as: Data Integration Data Independence Normalization Normalization is the process of analyzing the given relation schemas based on their Functional Dependencies and primary keys to achieve the desirable properties of Minimizing Redundancy Minimizing the insertion, deletion and updating anomalies.
38
Normalization is carried out for the following reasons: To structure the data so that perfect relationship between entries can be represented. To permit simple retrieval of data in response query and report requests. To reduce the need to restructure or reorganize data when new application requirement arises. Normalization consists of various levels: First Normal Form (1NF) A table is in 1NF if There are no duplicate rows in the table. Each cell is single valued. Entries in a column are of the same kind. Second Normal Form (2NF) Second Normal form is based on the concept of full functional dependency. A table (relation) is in 2NF if It is in First Normal Form and if all non-key attributes are dependent on the key. Dependent on only a part of the (composite) key, the definition of 2NF is sometimes phrased as, A table is in 2nF if it is in 1NF and if it has no partial dependencies. Third Normal Form (3NF) Third Normal Form is based on the concept of transitive dependency. A table (relation) is in 3NF if It is in Second Normal Form and if it has no transitive dependencies.
39
TABLES USED userdata Column Name Username Emailed Publickey Data Type Text Text Text Description Primary Key Not Null Not Null
40
6. SYSTEM DEVELOPMENT
SYSTEM DEVELOPMENT System development is a series of operations performed to manipulate data to produce output from a computer system. This is highly dependent on the programming language used. The principle activities during the development phase can be divided into two major related sequences: External system development Internal system development The major external system development activities are: Implementation Planning Equipment acquisition Installation The major internal system development activities are: Computer program development Performance testing In one of their early papers about the language, Sun described Java as follows: Java: A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral,
41
7. SYSTEM TESTING
TESTING
System testing is the stage of implementation, which is aimed at ensuring that the system works accurately and efficiently before live operation commences. Testing is vital to the success of the system. An elaborate testing of data is prepared and the system is tested using this test data. While testing error noted and corrections are made. The users are trained to operate the developed system. Both hardware and software securities are made to run the developed system successfully in future. Testing steps: Unit Testing Integration Testing Validation Testing Output Testing User Acceptance Testing Unit Testing Unit testing focuses verification efforts on the smallest unit of software design, the module. This is also known as Module Testing. The modules are tested separately. This testing is carried out during programming stage itself. In these testing steps each
42
43
After all modules were coded the integration test were carried out. Some minor errors were found in the output at the earlier stage and each of them was corrected. In the implementation of user interface part no major errors were found. After the software was completely developed, the testing was done.
44
8.2 MAINTENANCE
45
46
47
9. CONCLUSION
CONCLUSION
In the last few years, there has been a sudden growth in the usage of email applications all over the world. New email applications like Gmail, Yahoo Mail etc. have revolutionized the way we perceive and interact with an email application. It has forced and challenged other popular email applications to improve its services and thereby seize a substantial number of users to use their technology. In an era where technology has no defined bounds to its growth, the usage of new facilities could have a negative or positive impact to the overall service of the email application. For example: If we visualize a person sending a message to another, there could be quite a few in number trying to hack the content, especially if its a very important message. A user with wrong intentions can cause a lot of damage. In order to overcome such an issue, security of the data becomes a major concern. The various popular e-mail applications currently being used to provide security all have a single encryption level and also loopholes to it has also been found. To make the transactions more secure, we implement complex algorithm to encrypt the message. This dual layer encryption provides a standard security to the data being sent and also provides the standard e-mail features. This system brings forth a completely new idea of message transaction and opens a new opportunity to a better means of data exchange.
48
10. REFERENCES
REFERENCES
1.Java: The Complete Reference, by Herbert Schmidt ,Tata Mc Graw Hill Publication 2.J2EE: The Complete Reference, by Jim Keogh, Tata Mc Graw Hill Publication 3.Netbeans:The Definitive Guide, by Tim Boudreau, Jesse Glick, Simeon Greene, Vaughn Spurlin, Jack J. Woehr, O'Reilly Publication
WEBSITE
www.google.com
www.rsasecurity.com
49
50