Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com
A Project report
on
IMPROVING MOBILE BANKING SECURITY USING STEGANOGRAPHY
submitted in partial fulfillment of the requirement for the award of degree of
BACHELOR OF TECHNOLOGY
in
COMPUTER SCIENCE & ENGINEERING
by
2010
www.jntuworld.com
www.jntuworld.com
CERTIFICATE
This is to certify that the project entitled “IMPROVING MOBILE BANKING SECURITY
USING STEGANOGRAPHY” is being submitted by
H. O. D.
www.jntuworld.com
www.jntuworld.com
ACKNOWLEDGEMENT
I would like to express my gratitude to all the people behind the screen who helped
me to transform an idea into a real application.
I would like to thank my internal guide Mr. M.SRINIVAS REDDY for his
technical guidance, constant encouragement and support in carrying out my project at
college.
I would also like to thank my external guide Ms. S. SOWJANYA for her
technical guidance and support in carrying out my project at PANTECH
SOLUTIONS PVT. LTD.
The satisfaction and euphoria that accompany the successful completion of the task
would be great but incomplete without the mention of the people who made it possible
with their constant guidance and encouragement crowns all the efforts with success. In this
context, I would like thank all the other staff members, both teaching and non-teaching, who
have extended their timely help and eased my task.
www.jntuworld.com
www.jntuworld.com
CONTENTS
Abstract
List of Figures
List of Tables
List of Screens
Symbols & Abbreviations
1. INTRODUCTION
1.1 Motivation 1
1.2 Problem definition 2
1.3 Objective of Project 3
1.4 Limitations of Project 3
1.5 Organization of Documentation 3
2. LITERATURE SURVEY
2.1 Introduction 4
2.2 Existing System 5
2.3 Disadvantages of Existing system 5
2.4 Proposed System 6
2.5 Conclusion 7
3. ANALYSIS
3.1 Introduction 8
3.2 Software Requirement Specification 13
3.2.1 User requirement 13
3.2.2 Software requirement 14
3.2.3 Hardware requirement 25
3.3 Content diagram of Project 30
3.4 Algorithms ad Flowcharts 31
3.5 Conclusion 33
4. DESIGN
4.1 Introduction 34
4.2 DFD / ER / UML diagram (any other project diagrams) 34
4.3 Module design and organization 40
4.4 Conclusion 46
www.jntuworld.com
www.jntuworld.com
7. CONCLUSION 84
REFERENCES 85
www.jntuworld.com
www.jntuworld.com
ABSTRACT
www.jntuworld.com
www.jntuworld.com
Upon development of m-commerce as one of the new branches of e- commerce, m-banking has
emerged as one of the main divisions of m-commerce. As the m-banking was received very well, it has
embarked upon supply of various services based on different systems and with the aid of various services
such as the Short Messaging Service (SMS). However, in spite of its advantages, m-banking is facing some
challenges as well. One of these challenges is the issue of security of this system. This paper presents a
method for increasing security of the information requested by users with the use of Steganography
method. In this method, instead of direct sending of the information, it is hidden in a picture by the
password. Then the address of the picture is sent to the user. After entering the password, the user can
witness the information extracted from the picture if the password is entered correctly. This project is
written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones,
models N71 and 6680.
In this method, the information is never placed on the internet and exchanged on plain form. Thus,
the possibility of disclosure of information is very low. No user password is exchanged between the server
and the mobile phone. Therefore there is no risk of disclosure of user password. In this method, the amount
of information exchanged between user and the banking system decreases, so the responding speed of the
bank system increases. Steganography is a relatively modem method in secret exchange of information.
Therefore, the possibility of disclosure and extraction of its information esp. in mobile phones is much
lower.
The Steganography algorithm advantages are:
a) The password is not stored in the Stego-image; so it is difficult to detect the password.
b) Because the password is used, it is difficult to detect the information hidden in the image.
c) The decoding program uses a few kilobytes of memory. Also the program is fast enough.
www.jntuworld.com
www.jntuworld.com
LIST OF FIGURES
1. Water Fall Model
2. JVM (Java Virtual Machine)
3. Content diagram of the project
4. Flowchart of the project
5. Class diagram
6. Use case diagram
7. Sequence diagram
8. Enable Path settings
LIST OF TABLES
1. User Account Table
2. User Info Table
3. User Transaction Table
LIST OF SCREENS
1. Login Page
2. Banking option
3. Account Details
4. Transfer Money
5. Home page for Mobile Emulator
6. Login Screen
7. Banking Option Screen
8. Steganography image
9. Display Account Details
10. Money Transfer option
ii
www.jntuworld.com
www.jntuworld.com
iii
www.jntuworld.com
www.jntuworld.com
INTRODUCTION
www.jntuworld.com
www.jntuworld.com
1. INTRODUCTION
1.1 MOTIVATION
At the current stage in the evolution of online content, many companies are
focusing on a single part of the value chain, mainly on delivery, and they are able to
gain a competitive advantage there. Because content delivery to a mobile device is
currently a bottleneck, and because it is also not obvious which delivery models are
the best, concentrating on delivery makes sense at the current juncture.
Mobile content has some very specific constraints which have to do with the
small screen of the devices, the device’s relatively limited wireless bandwidth as well
www.jntuworld.com
www.jntuworld.com
as the small storage and processing capacity on the device. Furthermore, among the
devices there is a considerable spread in capacities. Standard mobile phones tend to
have a small color screen, a numerical keyboard for entering data, and most have the
capability to run small Java applications. Smart phones have a somewhat larger
screen, additional input devices such as a keyboard to enter text, and most run a
simple operating system. Brew and Windows Me are examples of two popular smart
phone operating systems.
Content is driving the market for carriers of every stripe. For the mobile
operator, content ranges from information that is mobility-independent (such as a
weather forecasts) to mobile-specific content (such as ring tones). Further, mobile
content can be relatively static (such as a web page or a photo) or highly dynamic
(such as traffic information). Beyond a set of requirements particular to mobility,
managing, updating, and archiving website content as well as maintaining technical
and customer information is a major business operation demanding up to-date
systems.
The existing system which we use is banking through computer using internet
which is not portable, that is we have to do ever work sitting at home, this makes a lot
of time useless this is a drawback, this necessarily requires a computer at home, now-
a-days as technology is increasing prices are also increasing so buying a computer
costs an individual higher and internet may not be available at the place where he is
residing these are some of the drawbacks of the existing system.
www.jntuworld.com
www.jntuworld.com
4- Availability.
• Used to increase the convenience of the customers and reduces banking costs.
1.4 LIMITATIONS OF THE PROJECT
Mobile banking application is already in use as many banks are directly launching
their own web sites which an be accessed by the mobiles, but the problem here is the
language which uses in this process is Web Markup Language which eats lot of time
to process and there is no security as there security implementations are pretty
ordinary, this has been overcome by introducing a concept of JAR file developed
using J2ME which directly after installing can get in to contact with the administrator
and also by using a method called Steganography it provides much better security.
www.jntuworld.com
www.jntuworld.com
LITERATURE
SURVEY
www.jntuworld.com
www.jntuworld.com
2. LITERATION SURVEY
2.1 INTRODUCTION
Steganography is one of the fundamental ways by which data can be kept
confidential. This article will offer a brief introductory discussion of steganography: what
it is, how it can be used, and the true implications it can have on information security.
What is Steganography?
Steganography Tools
There are a vast number of tools that are available for steganography. An
important distinction that should be made among the tools available today is the
difference between tools that do steganography, and tools that do steganalysis, which is
the method of detecting steganography and destroying the original message. Steganalysis
focuses on this aspect, as opposed to simply discovering and decrypting the message,
because this can be difficult to do unless the encryption keys are known.
For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site.
Niels Provos's site, is also a great reference site, but is currently being relocated, so keep
checking back on its progress.
www.jntuworld.com
www.jntuworld.com
The plethora of tools available also tends to span the spectrum of operating
systems. Windows, DOS, Linux, Mac, and Unix: you name it, and you can probably find
it.
In the existing system of the project we had just e-banking that is usage through
computers, here users can bank through the internet from a personal computer located at
a particular point of place or through a mobile which uses WML (Web Markup
Language); it downloads the contents from the internet.
As mentioned above we can use both personal computer and the mobile for banking
but the problem here is when we use a personal computer it is required that the person
has to be compulsorily at a place which requires time, he can’t carry his computer with
him where ever he go it is a drawback, to over come with this usage of ecommerce
through mobile has been introduced here we can do banking from any place but the
www.jntuworld.com
www.jntuworld.com
problem here is it completely uses WML for the purpose. When WML is used it
repeatedly has to download every bit of data from the internet which takes a lot of time,
for which mobile E banking by using J2ME has been introduced.
As the above disadvantages can’t be solved with in this application has been
proposed and also the security will be much improved than the existing system as we are
implementing the special method called Steganography, here in this we develop a jar file
by using J2ME for banking a customer here will get a unique ID & Password once he
dumps the application in to the mobile and after installing he gets the page to get started
with. Here after he enters the ID & Password he gets logged in and he will have an easily
understandable interface where he can have two options i.e. account details and money
transfer. In this process the applications gets interacted not to an internet server but to the
administrator server which makes easy processing and takes no time.
Proactive and simple alerting services reduces branch/ call center costs
M-banking is expected to account for an increasingly high proportion of
transactions.
Mobile device can be an ideal POS device allowing transactions to be authorized
in many more places than ever before
Mobile services are expected to generate access to new business opportunities &
new alliances across business sectors
High market penetration (up to 80% in some countries) and still growing.
6
www.jntuworld.com
www.jntuworld.com
2.5CONCLUSION
This paper presents a method for increasing security of the information requested
by users with the use of steganography method. In this method, instead of direct
sending of the information, it is hidden in a picture by the password. After entering
the password, the user can witness the information extracted from the picture if the
password is entered correctly.
www.jntuworld.com
www.jntuworld.com
ANALYSIS
www.jntuworld.com
www.jntuworld.com
3. ANALYSIS
3.1 INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to
analyze the problem and understand its context. The first activity in the phase is studying
the existing system and other is to understand the requirements and domain of the new
system. Both the activities are equally important but the first activity serves as a basis of
giving the functional specifications and then successful design of the proposed system.
Understanding the properties and requirements of a new system is more difficult and
requires creative thinking as well as understanding of existing system is also difficult.
Improper understanding of present system can lead diversion from solution.
Requirement Analysis
Project Planning
System Design
Detail Design
Coding
Unit Testing
System Integration & Testing
www.jntuworld.com
www.jntuworld.com
Here the linear ordering of these activities is critical. At the end of the phase, the
output of one phase is the input to other phase. The output of each phase should be
consistent with the overall requirement of the system. Some of the qualities of spiral
model are also incorporated like after the people concerned with the project review
completion of each of the phase the work done.
WATER FALL Model has been chosen because all requirements were known
before and the objective of our software development is the computerization/automation
of an already existing manual working system.
www.jntuworld.com
www.jntuworld.com
3.1.2.1 GUI’S
For flexibility, the User Interface has been developed with a graphics concept in
mind, associated through a browser interface. The GUI’S at the top level have been
categorized as:
10
www.jntuworld.com
www.jntuworld.com
11
www.jntuworld.com
www.jntuworld.com
available in-house at NIC or are available as free as open source. The work for the project
is done with the current equipment and existing software technology. Necessary
bandwidth exists for providing a fast feedback to the users irrespective of the number of
users using the system.
3.1.3.2 Operational Feasibility
Proposed projects are beneficial only if they can be turned out into information
system. That will meet the organization’s operating requirements. Operational feasibility
aspects of the project are to be taken as an important part of the project implementation.
Some of the important issues raised are to test the operational feasibility of a project
includes the following:
Is there sufficient support for the management from the users?
Will the system be used and work properly if it is being developed and implemented?
Will there be any resistance from the user that will undermine the possible application
benefits?
This system is targeted to be in accordance with the above-mentioned issues. The
well-planned design would ensure the optimal utilization of the computer resources and
would help in the improvement of performance status.
12
www.jntuworld.com
www.jntuworld.com
Purpose: The main purpose for preparing this document is to give a general insight into
the analysis and requirements of the existing system or situation and for determining the
operating characteristics of the system.
Scope: This Document plays a vital role in the development life cycle (SDLC) and it
describes the complete requirement of the system. It is meant for use by the developers
and will be the basic during testing phase. Any changes made to the requirements in the
future will have to go through formal change approval process.
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements of
the system?
Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work on
it and also the documents of the system.
Conducting any user training that might be needed for using the system.
Maintaining the system for a period of one year after installation.
3.2.1 User Requirements
User name and Password for the website for the purpose of banking issued by the
administrator.
A mobile phone with GPRS access.
Sim card from any network which supports WAP.
13
www.jntuworld.com
www.jntuworld.com
Language: JAVA
Front End: J2ME
Back End: My SQL
Web Server: Apache Tomcat
Build Tools: Apache ANT
Testing Tool: J2ME unit test
3.2.2.1 Java
The JAVA language was created by James Gosling in June 1991 for use in a set
top box project. The language was initially called Oak, after an oak tree that stood outside
Gosling's office - and also went by the name Green - and ended up later being renamed to
Java, from a list of random words. Gosling's goals were to implement a virtual machine
and a language that had a familiar C/C++ style of notation. The first public
implementation was Java 1.0 in 1995. It promised "Write Once, Run anywhere"
(WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its
security was configurable, allowing network and file access to be restricted. Major web
browsers soon incorporated the ability to run secure Java applets within web pages. Java
quickly became popular. With the advent of Java 2, new versions had multiple
configurations built for different types of platforms. For example, J2EE was for
enterprise applications and the greatly stripped down version J2ME was for mobile
applications. J2SE was the designation for the Standard Edition. In 2006, for marketing
purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively.
In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body and
later the Ecma International to formalize Java, but it soon withdrew from the process.
Java remains a de facto standard that is controlled through the Java Community Process.
At one time, Sun made most of its Java implementations available without charge
although they were proprietary software. Sun's revenue from Java was generated by the
selling of licenses for specialized products such as the Java Enterprise System. Sun
distinguishes between its Software Development Kit (SDK) and Runtime Environment
14
www.jntuworld.com
www.jntuworld.com
(JRE) which is a subset of the SDK, the primary distinction being that in the JRE, the
compiler, utility programs, and many necessary header files are not present.
On 13 November 2006, Sun released much of Java as free software under the
terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the
process, making Java’s entire core code open source, aside from a small portion of code
to which Sun did not hold the copyright.
15
www.jntuworld.com
www.jntuworld.com
VM). The java launcher tool then runs your application with an instance of the Java
Virtual Machine.
Through the Java VM, the same application is capable of running on multiple
platforms.
16
www.jntuworld.com
www.jntuworld.com
Java platform
A platform is the hardware or software environment in which a program runs.
We've already mentioned some of the most popular platforms like Microsoft Windows,
Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the
operating system and underlying hardware. The Java platform differs from most other
platforms in that it's a software-only platform that runs on top of other hardware-based
platforms.
The Java platform has two components:
The Java Virtual Machine
The Java Application Programming Interface (API)
You've already been introduced to the Java Virtual Machine; it's the base for the
Java platform and is ported onto various hardware-based platforms.
The API is a large collection of ready-made software components that provide
many useful capabilities. It is grouped into libraries of related classes and interfaces;
these libraries are known as packages.
(The API and JVM insulate the program from the underlying hardware)
As a platform-independent environment, the Java platform can be a bit slower
than native code. However, advances in compiler and virtual machine technologies are
bringing performance close to that of native code without threatening portability.
www.jntuworld.com
www.jntuworld.com
One of the unique advantages of the concept of a runtime engine is that errors
(exceptions) should not 'crash' the system. Moreover, in runtime engine environments
such as Java there exist tools that attach to the runtime engine and every time that an
exception of interest occurs they record debugging information that existed in memory at
the time the exception was thrown (stack and heap values). These Automated Exception
Handling tools provide 'root-cause' information for exceptions in Java programs that run
in production, testing or development environments.
1
(JVM) implementations that are optimized for the type of systems they are targeted at.
For example, the K Virtual Machine (KVM) is a JVM optimized for resource constrained
devices, such as mobile phones and PDAs.
The following characteristics are shared among the three Java editions:
Write Once Run Anywhere: because Java technology relies on Java byte-code that is
interpreted by a virtual machine, applications written in Java can run on similar types
of systems (servers, desktop systems, mobile devices) independent of the underlying
operating system and processor. For example, a developer doesn't need to develop
and maintain different versions of the same application to run on a Nokia
18
www.jntuworld.com
www.jntuworld.com
Security: while on the Internet, people are used to secure data transactions and
downloading files or email messages that may contain viruses, few wireless networks
today support standard Internet protocols, and wireless operators are concerned by the
security issues associated with the download of standard C applications on their
networks. Java technology features a robust security model: before any application is
executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity.
Once an application is running, it cannot access system resources outside of a
'sandbox,' preventing applications from acting as viruses. Finally, Java applications
can take advantage of standard data encryption solutions (SSL or Elliptic Curve
Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, W-
CDMA), providing a robust infrastructure for Mcommerce and enterprise application
access.
Rich graphical user interface: you may remember that the first demonstration of
Java technology was done using an animated character on a web page. While
animated GIF files have made this use of the technology obsolete on desktop systems,
mobile devices can benefit from richer GUI APIs that allow for differentiation of
services and the development of compelling applications.
Network awareness: while Java applications can operate in disconnected mode, they
are network-aware by default, allowing applications to be dynamically downloaded
over a network. Additionally, Java is network-agnostic, in the sense that Java
applications can exchange data with a backend server over any network protocol,
whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA,
TDMA, PHS, CDPD, Mobitex, and so on.
19
www.jntuworld.com
www.jntuworld.com
Contrary to the web browser model, which requires continuous connectivity and
offers a limited user interface and security experiences, J2ME allows applications to be
dynamically downloaded to a mobile device in a secure fashion. J2ME applications can
be posted on a Web server, allowing end users to initiate the download of an application
they select through a micro browser or other application locator interface. Wireless
operators, content providers, and ISVs can also push a set of J2ME applications and
manage them remotely. The Java provisioning model puts the responsibility of checking
the compatibility of the applications (such as version of the J2ME specification used,
memory available on the handset) on the handset itself, allowing the end user to ignore
the intricacies associated with typical desktop systems.
Once a J2ME application is deployed on a mobile device, it stays there until the
user decides to upgrade or remove it. The application can be operated in disconnected
mode (such as standalone game, data entry application) and store data locally, providing
a level of convenience that is not available on current browser-based solutions. Because
the application resides locally, the user doesn't experience any latency issues, and the
application can offer a user interface (drop-down menus, check boxes, animated icons)
that is only matched by native C applications. The level of convenience is increased
because the user can control when the application initiates a data exchange over the
wireless network. This allows for big cost savings on circuit0switched networks, where
wireless users are billed per minute, and allows a more efficient exchange of data, since
many applications can use a store and forward mechanism to minimize network latency.
20
www.jntuworld.com
www.jntuworld.com
Let's look at how Java technology fits in the wireless service evolution.
Originally, analog technology was sufficient to handle voice services, but the quality of
the calls was sketchy and multiple radio networks competed with one another.
Today we take advantage of the second generation of networks and services (2G
networks), which use digital networks and web browser technologies. This provides
access to data services, but markup languages present some limitations. Markup
languages are a step in the right direction, but browser-based applications don't work
21
www.jntuworld.com
www.jntuworld.com
when out of coverage-require air time for even simple operations (such as entering
appointments in browser-based calendar) - offer a limited user interface paradigm
(character-based, static black and white images, cumbersome navigation interface).
For application developers, this means that you can use your favorite
programming language and your favorite development tools, rather than learning a new
programming environment. There are over 2.5 million developers who have already
developed applications using the Java programming language, primarily on the server
side. Once these developers become familiar with the small set of J2ME APIs, it becomes
relatively easy to develop small client modules that can exchange data with server
applications over the wireless network.
The challenges that remain the same for Java, WAP, or native APIs is that small
screens and limited input interfaces require developers to put some effort into the
development of the application user interface. In other worlds, small devices force
developers to abandon bad or lazy programming techniques.
Many people expect to see new type of applications developed with J2ME. You
can argue that the application categories would remain the same, except for a few
exceptions such as location services and data applications that integrate with telephony
functionality. The outcome is likely to be applications that are context sensitive
(immediacy, location, personal or professional use) and are migrating from a character-
based interface (browser-based applications) to a graphical environment, providing
developers and end users with an unmatched level of flexibility. Just think about the
evolution from DOS or mainframe applications to Windows, MacOS, or Solaris graphical
22
www.jntuworld.com
www.jntuworld.com
As far as adoption of J2ME, the prognostics are rather good. Evans Data recently
conducted a survey2 among 500 wireless application developers, concluding that more
developers will use Java and J2ME to develop wireless applications (30%) than native C
APIs (Palm OS, Pocket PC, EPOC) or even WAP.
The market that J2ME will penetrate the fastest is the Japanese market, with
Nikkei Market Access3 forecasting a penetration rate of 40% this year. NTT DoCoMo,
who started shipping J2ME enabled I-mode phones at the end of January, has already
sold 1 million units, and they expect the number to increase to 3 million by the end of
September. The two other major Japanese wireless operators (KDDI and J-Phone) will
join DoCoMo in the deployment of J2ME enabled handsets by the end of the summer.
The benefits of Java technology as provided by J2ME in the wireless arena are
many and varied. From its Write Once Run Anywhere flexibility, to its robust security
features, to its support for off-line processing and local data storage, to its leverage of any
wireless infrastructure, to its fine-tuned control of data exchange, J2ME is a natural
platform for wireless application development. The numbers bear this out -- the ranks of
J2ME developers are growing fast.
23
www.jntuworld.com
www.jntuworld.com
3.2.2.3 MySQL
MySQL is a relational database management system (RDBMS) that runs as a
server providing multi-user access to a number of databases. MySQL is primarily
an RDBMS and therefore ships with no GUI tools to administer MySQL databases or
manage data contained within. Users may use the included command-line tools, or
download MySQL Frontends from various parties that have developed desktop software
and web applications to manage MySQL databases, build database structure, and work
with data records.
24
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
26
www.jntuworld.com
www.jntuworld.com
27
www.jntuworld.com
www.jntuworld.com
Security
Easy to use
Portability
Keeping in view the above description of the input types and input media, it can
be said that most of the inputs are of the form of internal and interactive. As Input data is
to be the directly keyed in by the user, the keyboard can be considered to be the most
suitable input device.
28
www.jntuworld.com
www.jntuworld.com
29
www.jntuworld.com
www.jntuworld.com
INPUT
STEGO IMAGE
NETWORK
KEY
Processing
Processing
(Hiding
Mechanism) (Extracting Mechanism)
OUTPUT
Secret
KEY
e (Data)
30
www.jntuworld.com
www.jntuworld.com
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated. The output obtained as a result of
encryption performed in Module 3 is embedded in an image which is of Portable
Network Graphics format i.e. image with ‘.png’ extension. The process of embedding
consists of the following steps:
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
31
www.jntuworld.com
www.jntuworld.com
32
www.jntuworld.com
www.jntuworld.com
3.5 CONCLUSION
33
www.jntuworld.com
www.jntuworld.com
DESIGN
www.jntuworld.com
www.jntuworld.com
4. DESIGN
4.1 INTRODUCTION
www.jntuworld.com
www.jntuworld.com
L o g in S e rvle t
M ai n u s e rA c c o u n t
c m d L o g in u s e rn a m e
c m d E x it p a s s w o rd
c m dB ac k db
t x t U s e rn a m e Tra n s fe r
t x t P a s s w o rd e x e c u t e Q u e ry ()
t ra n s fe rF o rm
t x t IP d o G e t ()
t x t To A c c o u n t
t x t TP a s s w o rd
s t a rt A p p () tx tA m ount
c o m m a n d A c t io n ()
c a llL o g in S e rvle t () a p p e n d ()
a d d C o m m a n d ()
t ra n s a ct io n
is p ro c e s s ed
Tra n s fe rS e rvle t
db S t e g a n o g ra p h
rs m e s s a g e B y te s
rs1 e x tr a c t d a ta
e x e c ut e Q u e ry () e m b e d M e s s a g e ()
g e tD o u b le ( ) ret ri e ve M es s a g e ()
35
www.jntuworld.com
www.jntuworld.com
Transfer Money
Steganography
bank ing
Customer
Account details
36
www.jntuworld.com
www.jntuworld.com
C u s to m e r A u t h e n t i c a t io n L o g in T ra n s a c t io n S te ga n o g ra ph y p ro c e s s e d
w a n t s t h e d e ta i l s
A u t h e n t ic a t io n is d o n e
i f s u c c e s s fu l t h e n l o g i n
r e q u e s t fo r m o n e y tr a n s fe r
p e r fo r m s s t e g a n o g r a p h y
t h e a m o u n t is s e n t
37
www.jntuworld.com
www.jntuworld.com
Mobile Server
Client
Authenticate
Send Data
Exit
38
www.jntuworld.com
www.jntuworld.com
Money Transfer
Mobile Server
Client
Enter Username& password
Authenticate
Send Details
Update database
Exit
39
www.jntuworld.com
www.jntuworld.com
• Admin Modules
• Client Side MIDlet Modules (j2me)
• Implementing Steganography
4.3.1 Admin Module
The client first opens the Bank’s web page by specifying its URL. Next, the client
is requested to enter the unique Username and Password for authentication purpose. If
entered correctly, the user is logged on to the next page.
The next page displays the account number, account type and balance details of
the client. Also, two more options are displayed to the user. Depending on the user’s
need, any one of the options can be selected. The “Account details” option, if selected
displays the account details along with details about the last few transactions made by the
40
www.jntuworld.com
www.jntuworld.com
client. “Transfer money” option is used for transferring funds from one account to
another account. The user is requested to enter the account number to which money has
to be transferred, the amount to transfer and the transaction password.
In this module no security measures have been implemented. This module has
been performed to confirm the communication path between the server and the client.
JSP:
The JSP syntax adds additional XML-like tags, called JSP actions, to be
used to invoke built-in functionality. Additionally, the technology allows
for the creation of JSP tag libraries that act as extensions to the standard
HTML or XML tags. Tag libraries provide a platform independent way of
extending the capabilities of a Web server.
JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler
may generate a servlet in Java code that is then compiled by the Java
compiler, or it may generate byte code for the servlet directly. JSPs can
also be interpreted on-the-fly reducing the time taken to reload changes.
41
www.jntuworld.com
www.jntuworld.com
• Main - Which prefers the main Login page passes the request to
the server
• Details – from the server we have a details (mini – statement) to
the client
• Transfer – these option which transfers the amount to the other
account.
Mobile Banking comes very handy by reducing the stress of the customer to go to the
bank, the delay for enquiry and transaction etc. Every customer who has an account in the
bank and wishes to enhance his privacy, he will be given software by the bank which can
be exclusively used only by that account holding person i.e. the software the customer
holds can only perform his transaction and viewing of his account details corresponding
to his account number.
First the user has to be authenticated. For this he is requested for the ‘Username’,
‘Password’ and the IP of the server along with the port number. These values have to be
authenticated by the server. For this, first we encrypt the Username by using the
42
www.jntuworld.com
www.jntuworld.com
password as the key. We then hide the data in a picture using Steganography. This data is
sent to IP entered by the user, which is nothing but the server along with the Account
number.
The server then receives the image along with the account number. The server
then finds the password corresponding to the account number from the database. It then
retrieves the data from the image by performing steganography and decryption by using
the password as the key. If the server is able to retrieve the data, then the password and
username are considered correct and hence the user is authenticated. The database
corresponding to authentication is similar. Now two options will be displayed to the user
namely, ‘Account Details’ and ‘Transaction’. The user then has to select one among
these.
If the user selects this option a request is sent to the server. The server then
processes this request and sends the reply to the mobile client. In the act of processing,
the server finds the account details of that particular account number. This data is
encrypted and then hidden in a picture using steganography. The mobile client then
receives this image. The password is requested from the user. Using this password, the
data is retrieved and displayed to the user.
43
www.jntuworld.com
www.jntuworld.com
• Steganography is the art and science of writing hidden messages in such a way
that no one apart from the sender and intended recipient even realizes there is a
hidden message.
Usually 24-bit or 8-bit files are used to store digital images. The former one provides
more space for information hiding; however, it can be quite large. The colored
representations of the pixels are derived from three primary colors: red, green and blue.
24-bit images use 3 bytes for each pixel, where each primary color is represented by 1
byte. Using 24-bit images each pixel can represent 16,777,216 color values. We can use
the lower two bits of these color channels to hide data, then the maximum color change in
a pixel could be of 64-color values, but this causes so little change that is undetectable for
44
www.jntuworld.com
www.jntuworld.com
the human vision system. This simple method is known as Least Significant Bit insertion
as in figure 3.5.
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated.
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
45
www.jntuworld.com
www.jntuworld.com
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as ‘00’.
Step 5: The cipher text is AND operated with the binary equivalent of ‘03’ to retrieve the
last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green and
Blue color step 4 is repeated and before doing step 5 right bit shifting is performed to the
cipher text in the incremental order of 2 till all the 8 bits are embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
4.4 CONCLUSION
In this way we can design the layout of the project which is to be implemented during the
construction phase. Thus we will have a clear picture of the project before being coded.
Hence any necessary enhancements can be made during this phase and coding can be
started
46
www.jntuworld.com
www.jntuworld.com
IMPLEMENTATION
&
RESULTS
www.jntuworld.com
www.jntuworld.com
5.1 INTRODUCTION
The implementation part is the most important phase of the project. In this phase, we
code the entire project in the chosen software according to the design laid during the
previous phase. The code has to be in such a way that the user requirements are satisfied
and also not complicated for the user i.e., the user interface or GUI has to be easy to
navigate. The code should be efficient in all terms like space, easy to update, etc. In this
manner, we can complete the coding part of the project and later it can be sent for testing
before being delivered to the customer
import java.util.*;
ResourceBundle bundle =
ResourceBundle.getBundle("MessageResources");
jdbcDriver = bundle.getString("jdbc.driver");
dbURL = bundle.getString("jdbc.url");
47
www.jntuworld.com
www.jntuworld.com
username = bundle.getString("jdbc.user");
password = bundle.getString("jdbc.password");
PreparedStatement st = connection.prepareStatement(query);
return st.executeQuery();
return st.executeUpdate();
try
connection.close();
sqlException.printStackTrace();
connection = null;
}
protected void finalize()
{
close();
}}
48
www.jntuworld.com
www.jntuworld.com
import java.util.*;
import javax.microedition.lcdui.*;
import javax.microedition.midlet.*;
import javax.microedition.io.*;
Detail detail;
Transfer transfer;
public Main(){
detail.mainMidlet = this;
transfer.mainMidlet = this;
display = Display.getDisplay(this);
49
www.jntuworld.com
www.jntuworld.com
showLoginForm();
if(c == cmdLogin)
try
gau.setValue(2);
display.setCurrent(frm);
ipAddress = txtIP.getString();
password = txtPassword.getString();
gau.setValue(4);
hideMessage();
gau.setValue(6);
callLoginServlet();
} catch (Exception e)
showError(e.toString());
50
www.jntuworld.com
www.jntuworld.com
else if (c == cmdExit)
destroyApp(false);
notifyDestroyed();
else {
switch(menu.getSelectedIndex()) {
new Thread(this).start();
HttpConnection hc = null;
try {
hc = (HttpConnection) Connector.open(url);
//hc.setRequestProperty("User-Agent","Profile/MIDP-2.0
Configuration/CLDC-1.1");
//hc.setRequestProperty("User-Account", "001002001");
hc.setRequestMethod(HttpConnection.POST);
oStrm = hc.openOutputStream();
51
www.jntuworld.com
www.jntuworld.com
oStrm.write(byteRGB);
if (hc.getResponseCode() == HttpConnection.HTTP_OK)
iStrm = hc.openInputStream();
if (length > 0)
iStrm.read(resopnseData);
if(data.equals("EC999")){
showError("Invalid Username/Password");
}else if(data.equals("EC899")){
showError("Database Error");
}else {
firstname = data;
password = txtPassword.getString();
showMenu(firstname);
} else {
} else {
showError("Response error");
showError(ioe.toString());
} finally {
try {
if (oStrm != null)
52
www.jntuworld.com
www.jntuworld.com
oStrm.close();
if (iStrm != null)
iStrm.close();
if (hc != null)
hc.close();
showError(ioe.toString());
}}}
loginForm.append(txtUsername);
loginForm.append(txtPassword);
loginForm.append(txtIP);
loginForm.addCommand(cmdLogin);
loginForm.addCommand(cmdExit);
loginForm.setCommandListener(this);
display.setCurrent(loginForm);
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
www.jntuworld.com
www.jntuworld.com
menu.addCommand(cmdExit);
menu.setCommandListener(this);
display.setCurrent(menu);
Image image;
int[] dataRGB;
try {
image = Image.createImage("/earth.png");
byteRGB = getByte(dataRGB);
cipher += "*";
}}
return byteRGB;}}
54
www.jntuworld.com
www.jntuworld.com
import javax.microedition.lcdui.*;
import javax.microedition.io.*;
import java.io.*;
import javax.microedition.lcdui.Image;
import javax.microedition.lcdui.ImageItem;
import javax.microedition.lcdui.Item;
display = disp;
try
callDetailServlet();
catch (Exception e)
{
55
www.jntuworld.com
www.jntuworld.com
showError(e.toString());
}}
new Thread(this).start();
try
// http.setRequestProperty("User-Agent","Profile/MIDP-2.0
Configuration/CLDC-1.1");
// http.setRequestProperty("User-Account", "001002001");
http.setRequestMethod(HttpConnection.GET);
iStrm = http.openDataInputStream();
if (http.getResponseCode() == HttpConnection.HTTP_OK)
if (length != -1)
iStrm.readFully(imageData); }
else
int ch;
56
www.jntuworld.com
www.jntuworld.com
bStrm.write(ch);
imageData = bStrm.toByteArray();
bStrm.close();
int indexIntNewImage = 0;
| ImageItem.LAYOUT_NEWLINE_AFTER, "MBank");
imageForm.append(imageItem);
imageForm.append(tfPwd);
imageForm .addCommand(cmdDetail);
imageForm .setCommandListener(this);
display.setCurrent(imageForm);
}else {
showError("Response Error");
} }
catch (Exception e)
57
www.jntuworld.com
www.jntuworld.com
showError(e.toString());
finally
try {
iStrm.close();
if (http != null) {
try {
http.close();
{ }
{ }
{ }
if (c == cmdBack)
mainMidlet.showMenu(mainMidlet.firstname);
if (c == cmdDetail)
{
58
www.jntuworld.com
www.jntuworld.com
showDetail(imageData);
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
detailForm .append(item);
detailForm .append(item);
detailForm .append(item);
detailForm .append(item);
detailForm .append(item);
detailForm .append(item);
detailForm .append(item);
www.jntuworld.com
www.jntuworld.com
for(int i=0;i<transCount;i++){
detailForm .append(item);
} detailForm .addCommand(cmdBack);
detailForm .setCommandListener(this);
display.setCurrent(detailForm);
} }
import javax.microedition.io.*;
import java.io.*;
display = disp;
60
www.jntuworld.com
www.jntuworld.com
transferForm.append(txtToAccount);
transferForm.append(txtAmount);
transferForm.append(txtTPassword);
transferForm.addCommand(cmdSend);
transferForm.addCommand(cmdBack);
transferForm.setCommandListener(this);
display.setCurrent(transferForm);
{ }
if (c == cmdBack)
mainMidlet.showMenu(mainMidlet.firstname);
hideMessage();
callTransferServlet();
}catch (Exception e)
showError(e.toString());
} }
61
www.jntuworld.com
www.jntuworld.com
new Thread(this).start();
HttpConnection hc = null;
hc = (HttpConnection) Connector.open(url);
//hc.setRequestProperty("User-Agent","Profile/MIDP-2.0
Configuration/CLDC-1.1");
//hc.setRequestProperty("User-Account", "001002001");
hc.setRequestMethod(HttpConnection.POST);
oStrm = hc.openOutputStream();
oStrm.write(byteRGB);
if (hc.getResponseCode() ==
HttpConnection.HTTP_OK) {
iStrm = hc.openInputStream();
if (length > 0)
iStrm.read(resopnseData);
if(data.equals("EC999")){
showError("Invalid Username/Password");
}else if (data.equals("TEC100")) {
62
www.jntuworld.com
www.jntuworld.com
}else if(data.equals("TEC200")){
showError("Insuffidient Balance");
}else if(data.equals("TEC300")){
showError("Invalid Transfer
Account");
}else if(data.equals("TEC400")){
}else if(data.equals("TEC900")){
showMessage();
} else {
} else {
showError("Response error");
} finally {
try {
if (oStrm != null)
oStrm.close();
if (iStrm != null)
iStrm.close();
if (hc != null)
hc.close();
showError(ioe.toString()); }
63
www.jntuworld.com
www.jntuworld.com
newAlert.setTimeout( Alert.FOREVER );
display.setCurrent(newAlert);
messageForm.append("Transaction Successful");
messageForm.addCommand(cmdBack);
messageForm.setCommandListener(this);
display.setCurrent(messageForm); }
Image image;
int[] dataRGB;
try {
image = Image.createImage("/cube.png");
byteRGB = getByte(dataRGB);
cipher += "*";
www.jntuworld.com
www.jntuworld.com
return byteRGB;
}}
private Steganograph()
{ }
return byteRGB;
65
www.jntuworld.com
www.jntuworld.com
int c= 0;
int twoBitByteCnt = 0;
messageBytes[i] = (byte)(extractdata[twoBitByteCnt++]);
messageBytes[i] = (byte)(messageBytes[i] |
(extractdata[twoBitByteCnt++] << 2));
messageBytes[i] = (byte)(messageBytes[i] |
(extractdata[twoBitByteCnt++] << 4));
messageBytes[i] = (byte)(messageBytes[i] |
(extractdata[twoBitByteCnt++] << 6));
if((char)(messageBytes[i]) == '*')break;
extractedMsg.append((char)(messageBytes[i]));
return Message;
66
www.jntuworld.com
www.jntuworld.com
Installing Software
First of all install Java 1.6 and then Tomcat Apache 5.1 by specifying port number
as 8080. After that install MySQL database in your system. After installing MySQL,
install SQL Yog, an application which has GUI to organize MySQL databases. You can
install an IDE like ECLIPSE or an EditPlus editor to write Java programs (optional). You
can even write them in notepad also. For the purpose of Testing you need to install
J2MEUNIT testing tool.
Enable Path Settings
Now the path settings have to be enabled so that your system will be able to
recognize the above installed softwares. Note that correct path have to be given otherwise
it may raise an error. The following picture depicts the method of setting path:
67
www.jntuworld.com
www.jntuworld.com
Now we have to write code for all the pages using the concept of Java Server
Pages. It gives the user interface for the project. The server validation processes will be
handled by the Servlet Technology. All servlet programs have to be written and
interpreted for generating their .class files. The database programs can be implemented
using SQL Yog.
+Tomcat 1.6
+webapps
+bookstore
.jsp files
+images
+include
+WEB-INF
web.xml
+classes
+lib
+src
68
www.jntuworld.com
www.jntuworld.com
5.3.1 Forms
The following are some of the forms available in our project:
5.3.1.1 Login
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
import javax.sql.DataSource;
import java.util.ArrayList;
import java.sql.Connection;
import java.sql.Statement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class LoginServlet extends HttpServlet {
Database db = null;
ResultSet rs = null;
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String userAccount = "" ;
String username = "";
String password = "";
String firstname = "";
userAccount = request.getParameter("a");
response.setContentType("text/plain");
PrintWriter out=response.getWriter();
69
www.jntuworld.com
www.jntuworld.com
70
www.jntuworld.com
www.jntuworld.com
{
out.print(firstname);
} else {
out.print("EC999");
}
}else {
out.print("EC999");
}
}catch(SQLException e1){ out.print("EC899"); }
}
public void doGet(HttpServletRequest req, HttpServletResponse
resp)throws ServletException, IOException{
doPost(req, resp);
}
}
5.3.1.2 Registration
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.http.HttpSession.*;
import java.io.*;
import java.util.*;
import javax.sql.*;
public class UserRegistrationServlet extends HttpServlet
{
HttpSession hs;
PrintStream ps,ps1;
Connection con;
PreparedStatement st;
ResultSet rs;
String str=null;
71
www.jntuworld.com
www.jntuworld.com
72
www.jntuworld.com
www.jntuworld.com
lastnm = req.getParameter("lastnm");
password = req.getParameter("password");
stre = req.getParameter("st");
add = req.getParameter("add");
cit = req.getParameter("cit");
sta = req.getParameter("sta");
coun = req.getParameter("coun");
ph = req.getParameter("ph");
acno = req.getParameter("acno");
trapass = req.getParameter("trapass");
try {
Class.forName("com.mysql.jdbc.Driver");
con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/mbank",
"root", "password");
//String query = "insert into pat_info values(
st=con.prepareStatement("insert into userinfo
values('"+uname+"','"+password+"','"+fname+"','"+lastnm+"','"+stre+"','
"+add+"','"+cit+"','"+sta+"','"+coun+"','"+ph+"','"+acno+"','"+trapass+
"')");
i = st.executeUpdate();
System.out.println("query executed");
if(i!=0){
rd=req.getRequestDispatcher("regconfirm.jsp");
} else {
rd=req.getRequestDispatcher("error.html");
}
}catch (Exception e) {
rd=req.getRequestDispatcher("error.html");
e.printStackTrace();
}
rd.forward(req,res);
}
}
73
www.jntuworld.com
www.jntuworld.com
74
www.jntuworld.com
www.jntuworld.com
75
www.jntuworld.com
www.jntuworld.com
76
www.jntuworld.com
www.jntuworld.com
77
www.jntuworld.com
www.jntuworld.com
78
www.jntuworld.com
www.jntuworld.com
This project has been implemented for several users where the simple interfaces
provides an easy navigation for banking this enhaces security even much better than the
existing system as it implements a method called stenography hence it reduces the loss of
data.
5.4 CONCLUSION
In this way we implemented the project successfully with the help of J2ME for an
easy interaction of the user with the interfaces and enhanced security with less effort
work. We proceed to the next phase i.e., testing which is very important before delivering
the project.
79
www.jntuworld.com
www.jntuworld.com
TESTING
&
VALIDATION
www.jntuworld.com
www.jntuworld.com
6.1 INTRODUCTION
80
www.jntuworld.com
www.jntuworld.com
81
www.jntuworld.com
www.jntuworld.com
82
www.jntuworld.com
www.jntuworld.com
83
www.jntuworld.com
www.jntuworld.com
CONCLUSION
www.jntuworld.com
www.jntuworld.com
7 . CONCLUSION
We propose a Steganography to protect the messages. Steganography can be used
to maintain the confidentiality of valuable information, to protect the data from
possible sabotage, theft, or unauthorized viewing. Steganography can be used to tag
notes to online images (like post-it notes attached to paper files). Steganography is a
fascinating and effective method of hiding data that has been used throughout history.
Methods that can be employed to uncover such devious tactics, but the first step are
awareness that such methods even exist.
There are many good reasons as well to use this type of data hiding, including
watermarking or a more secure central storage method for such things as passwords,
or key processes. Regardless, the technology is easy to use and difficult to detect. The
more that you know about its features and functionality, the more ahead you will be
in the game.
Before going into the future enhancements as we came to know that
Steganography can also be performed with not only the images but also audio file,
within text etc. so in our future enhancements we can implement through the audio
file which it consists of music notes and we can embed the message into that music
notes so that we can provide better security.
84
www.jntuworld.com
www.jntuworld.com
REFERENCES
[1].T. Laukkanen, "Comparing consumer value creation in Internet and mobile banking,"
International Conference on Mobile Business (ICMB 2005), 11-13 July, 2005, pp. 655-
658.
2003 IEEE Wireless Communications and Networking, vol.3, pp. 2015- 2020, 16-20
March, 2003.
[6] M. Shirali Shahreza, "An Improved Method for Steganography on Mobile Phone",
WSEAS Transactions on Systems, Issue 7, vol. 4, pp. 955-957, July, 2005.
[7] B. Dukic, and M. Katic, "m-order - payment model via SMS within the m-banking,"
27th Int. Conference on Information Technology Interfaces, 20-23 June, 2005, pp. 93-98.
85
www.jntuworld.com