Project Title:

E-LEARNING PORTAL FOR JAVA NETWORK SECURITY

Guide: Shailaja Gogate

Members: Monish Madani Nayan Gawande Priya Patole

SOFWARE REQUIREMENT SPECIFICATION 1. INTRODUCTION

1.1 Purpose: The main purpose of document is to present a detailed description of our E-learning Portal. It will explain the purpose and the features of the system, the interfaces of the system, what the system will do, the constraints under which it must operate and how the system will react to external stimuli. The main purpose of making this java Network Security Portal is: To help Java users to exploit the strengths of Java and make it more secure. To answer the questions, from the point of view of people who want to use Java, but want to do so reliably, securely and safely. It focuses, on how a Java system can be broken into and how to avoid those dangers. Mainly it focuses on how Java can be made secure and how to exploit its strengths. The goal is to provide practical help to the various groups involved in making a Java-based application or Web site into an industrialstrength commercial proposition. 1.2 Scope:

Various groups have different needs and different skills, which this portal meets in its different parts. The scope behind Java Network Security Portal is: The first part is aimed at Java Network Security concepts and models. It clears all the theoretical concepts of Network Security. The second part goes into more detail on how Java security works, and is aimed more at system and network administrators and programmers, who need to know more of what is going on i.e. it deals with the demonstration of all the algorithms that are related to Java network security. The third part, consist of all the Case Studies related to algorithms that are demonstrated in part two. And the last part consist of question and answer session, where the users can ask for doubts, and submit the queries and get it solved.

1.3 AWT AES CERT

Acronyms and Abbreviations: Abstract Windows Toolkit, the Java package for creating GUIs Advanced Encryption standard Computer Emergency Response Team, an organization that acts as a clearing house of information about security problems Java Cryptography Extension Data Encryption Standard, a bulk (symmetric key) encryption algorithm Hypertext markup language A message digest (secure hash) algorithm from RSA Corp A bulk (symmetric key) encryption algorithm that allows variable key sizes Rivest, Shamir and Adleman formed the RSA corporation to market cryptographic software and algorithms, in particular the public key encryption mechanism that also bears their initials Secure Hash Algorithm Secure Sockets Layer World Wide Web, usually refers to systems using HTTP

JCE DES HTML MD5 RC4 RSA

SHA SSL WWW

1.4

References:

1) Java 2 Network Security Marco Pistoia, Duane F. Reller Deepak Gupta, Milind Nagnur, Ashok K. Ramani

2. OVERALL DESCRIPTION
2.1 Product Perspective:

This portal overall contains the information related to Java Network Security. It is only a part of the whole Network Security. It is mainly based on 4 pillars of Network Security: Confidentiality Authentication Integrity Non-Repudiation Algorithms based on these pillars will be demonstrated in this portal. 2.2 User Characteristics: The user is expected to be internet literate. The user is supposed to be windows literate and to be able to use the buttons, pull down menus, and similar tools. It is also assumed that the user converses in English language. 2.3 Product Functions: The major features that this portal will provide to the users are as follows: Explanation of various algorithms that are used to understand the techniques of Encryption and Decryption. Demonstrating the working of the algorithms. Explanation and the exploration of the source codes. Various case studies related to each algorithm. MCQs (tests) and facilities to submit their queries and get it solved. 2.4 Operating environment: Here the only thing with which user can operate this portal is by having internet connection. The algorithms that that are provided in this portal (in back end) are completely and purely based on java language. The front end that the users see will be done using html language. The user has to visit the portal and login and then he can use the information provided.

3. SPECIFIC REQUIREMENTS
3.1 External Interface 3.1.1 User Interface: The user interface will consist of the following features: Login for the users. Displaying the algorithms user want to select for carrying out encryption. Facility for users to write their own encryption algorithms and test it with the help of NSS. User friendly messages to avoid user from making mistakes. Final display of the outcome. 3.2 Software Quality Attributes: Portability: The system has been programmed in Java which makes it platform independent and portable. Consistent: Consistency of the contents should be protected. Affordability: It is free of cost.

Maintainability: Maintenance of the system shall be done according to the maintenance contract.

Functionality: Logon Capabilities: The system shall provide the users with logon capabilities. Alerts: The system can alert the user in case of any problems. Usability: The system shall allow the users to access the system from the Internet using HTML. The system uses a web browser as an interface. Since all users are familiar with the general usage of browsers, no specific training is required. The system is user friendly and self-explanatory. Availability:

The system is available 100% for the user and is used 24 hrs a day and 365 days a year. The system shall be operational 24 hours a day and 7 days a week. Accuracy: The accuracy of the system is limited by the accuracy of the speed at which the user uses the system. Response Time: The Information page should be able to be downloaded within a minute. The system shall respond to the user in not less than two seconds from the time of the request submittal. The system shall be allowed to take more time when doing large processing jobs.

4.0 REQUIREMENTS
4.1 Functional Requirements: The user should be able to use the given information on-line through the designed portal. The user is supposed to first login to the portal. As the front page is partitioned into 4 parts i.e. i) Theory, ii) Demonstration, iii) Case studies, and iv) MCQs, the user can choose as per his requirement. When the user selects his area of interest, page related to that topic will get displayed. 4.1.1 Login by user The portal should allow the user to login under a secure system. 4.1.2 Users area of interest The portal should allow the user to select the area of his choice, whether it is understanding the theory concepts or doing the practical demonstration or studying the case studies related to a particular topic. As soon as the user selects a particular topic, the page related to that topic should be displayed. 4.1.2.1 Inputs List of menus. Selection of a topic according to users choice 4.1.2.2 Processing User will be validated. If the user selects theory from the menu, then whole theory concepts related to that topic will get displayed in front of the user. If the user selects demonstration from the menu, then first the list of all the algorithms will be displayed. Now suppose the user selects 1 particular algorithm which he wants to learn, an applet page will get displayed which will ask the user to give some input for the code. When this text is typed, this becomes an input for the code to run. Now there will be a button on screen called Encrypt, whenever user clicks on this button the encrypted data will occur and also the steps of encryption will be shown. There will be 1 more button called Decrypt, this will decrypt the encrypted data and will show the final output along with the decryption steps. 4.1.2.3 Outputs The user is provided with the page that shows encrypted and the decrypted data along with the steps that are taken to achieve it.

SCOPE, FUNCTIONAL AND NON-FUNCTIONAL REQUIREMENTS, TECHNOLOGY AND TOOLS

1.1 Scope: The E-learning portal for java network security is a website which will help all its users to understand all the concepts in security along with examples. It will provide a platform on which users can actually perform all the programs related to security. This project will help to understand the techniques of Encryption, Decryption attacks and defenses. It will explain various algorithms used: AES, DES, MD-5, RSA, ECC. This portal will demonstrate the working of the algorithms and also will give explanation of the source codes along with Exploration of the source code. The website will contain various case study related to each algorithm and various books for learning the subjects thoroughly. It will also contain the Test based on MCQs 1.2 Functional Requirements: The user should be able to use the given information on-line through the designed portal. The user is supposed to first login to the portal. As the front page is partitioned into 4 parts i.e. i) Theory, ii) Demonstration, iii) Case studies, and iv) MCQs, the user can choose as per his requirement. When the user selects his area of interest, page related to that topic will get displayed. Login by user The portal should allow the user to login under a secure system. Users area of interest The portal should allow the user to select the area of his choice, whether it is understanding the theory concepts or doing the practical demonstration or studying the case studies related to a particular topic. As soon as the user selects a particular topic, the page related to that topic should be displayed. 1.3 Non-Functional Requirements: 1.3.1 Usability:

Speed of Use The portal shall be designed to give maximum speed of use. The user will never face the problem with respect to overloads on server and website running slow Required User Ability The Portal shall be designed in such a way that the user should know how to use a website and how to implement java codes. The user is required to have a detailed knowledge of basic operations in java. Learnability The portal shall be designed to assist the user in understanding the functionality of the website. 1.3.2 Reliability The portal shall be required to have high reliability and recover from a crash without any loss of data. 1.3.3 Performance: Throughput The portal shall have high throughput Response Time The portal shall be designed such that the response time will be as low as possible Resource Usage The portal shall be designed such that the resource usage should be minimum and accuracy will be high. Degraded under Overload Conditions The portal shall be designed such that it doesnt degrade under overload conditions. 1.3.4 Security The Portal should provide a protection of data held in the database. A simple user cannot access the administrator area. The Portal should not be getting hacked by a user. 1.3.5 Supportability: Ease of Installation The portal shall provide a SDK security toolkit which will be easy to install and with the help of this toolkit the user will be able to run all java security programs..

Planned Maintenance The portal shall be designed such that maintenance can be done easily. Upgraded The website will be kept upgraded with all the books and with latest knowledge of all attacks and viruses that are available. Ease of Testing The portal shall be designed such that errors if any can be detected and effectively eliminated. 1.3.6 Infrastructure Clients The portal requires Internet Connection and a standard web browser hosted on server. A high speed Internet is required Servers The portal shall require server to host the project; the server should be equipped with Apache Tomcat 5.5.X and a java domain server. Networks The portal shall require Internet Connection . Web Services The portal shall require Hypertext Transfer Protocol (HTTP) 1.3.7 Implementation Constraints Languages The portal shall be JSP and Java Operating Portals The portal shall be Platform independent Databases The portal shall have database so as to keep a track of a particular user 1.4 Technology and Tools: Java: Java is strongly associated with the internet because of the fact that the first application program was written in java. All the algorithms will be developed using the java codes.

JSP:

JSP is the scripting language which is going to be used for producing dynamic web pages. The website will be designed using html and JSP. JSP will also be used for the server side scripting. JSP offers many advantages for us; as it is fast, stable, secure, easy to use and open source MySQL: MySQL will be used for the databases to store all the e-mail, passwords and users details. This is because MySQL is a good relational database management portal (RDBMS) that runs as the server providing multi-user access to a number of databases. In addition to this, MySQL is an open source portal and is thus easily accessible. It also takes a very less storage space in the disk and hence the database gives remarkable performance.

1.5. Technical Specifications: The website will cater to users with broadband internet connections and higherend personal computers. Table 1. list the site's target specifications. Recommended system configurations for optimal viewing will be listed on the Home page and in the Help page. Screen Resolution: 1024 X 768 (currently 42% of all users) Browser: Internet Explorer 5 + (currently 89% of all users) Page Size: 50-150 K (1 to 3 seconds download for broadband)

SOFTWARE PROJECT MANAGEMENT PLAN

3.1 Overview E-learning portal for JAVA NETWORK SECURITY is basically an introduction to networking algorithms which we are using for the purpose of users familiarity with these algorithms and their implementation. By using Electronic portal, user can access our site from anywhere at any time. This site contains demonstration, questionnaires and test cases related to network security algorithms. As such type of site is not available online, we will launch it for users who are interested in NETWORK SECURITY. 3.2 Project Scope E-learning portal provides all the information related to network security. This site will be very user friendly which mostly help for the people from Government sector and defence agencies, Financial institutions employees, Technician of Internet service provider and everyone who wants to protect their web site. From this site, he/she can get relevant information about security which they can use in their day to day life. It contains the different algorithms and their implementation in JAVA. It helps to understand the techniques of Encryption, Decryption attacks and defenses and also explain various algorithms used: AES,DES,MD-5,RSA, etc with explanation and exploration of source code.So, when user gives any input to the particular program then the site will show you the output for that. The site will also ask for the queries and questions related to the algorithm which we have selected. It also includes in build and previous users test cases on the site. In all, it is very much handy Portal for them who wants to secure their sites and learning for those people, who knows security measures little bit. 3.3 Organization Project Organization 3.3.1 Team Members Role External Guide Internal Guide Project Members

Organisation Name Ms. Shailaja Gogate Monish Madhani,Nayan Gawande, Priya Patole.

3.3.2 Project Internal Functions Sr No. Functions 1. Requirement Gathering 2. 3. Design Coding

Organisation:Name Monish Madhani,Nayan Gawande, Priya Patole. Monish Madhani,Nayan Gawande, Priya Patole. Monish Madhani,Nayan Gawande, Priya Patole.

4. 5. 6. 7. 8. 9.

Quality Assurance System Test Lead Validation Lead Configuration Management Change Management Deployment

Monish Madhani Priya Patole Nayan Gawande Nayan Gawande Nayan Gawande Monish Madhani,Priya Patole

3.3.3 Project Team Organisation:Name Monish Madhani Nayan Gawande Priya Patole

Availability 100% 100% 100%

3.4 Schedule 3.4.1 Schedule and Milestone Milestones Description M0 M1 Problem Definition Approval Approval of Scope, Functional and NonFunctional Requirements, Tools & Technology Prepare Software Project Management Plan Prepare Software Requirement Specification

Milestone Criteria Submit project Scope Submit Required documents

Planned Date 10/08/2011 24/08/2011

M2 M3

M4

M5

M6 M7 M8

Prepare Software Design 14/09/2011 Document Data and Architecture Prepare Software Design 21/09/2011 Document User Interface, Procedural/Component Prepare System Test 28/09/2011 Document Prepare Implementation 05/10/2011 Demonstration Prepare Report Not known Submission 3.4.2 Development Process The Spiral Model will be used owing to the modular nature of the project

Submit Software Project Management Plan Submit Software Requirement Specification Submit Software Design Document Data and Architecture Submit Software Design Document User Interface, Procedural/Component Submit System Test Document Implementation Demonstration Submit Report

31/08/2011 07/09/2011

It will contain the following phases: Customer Communication Planning Risk Analysis Engineering Construction and Release Customer Evaluation and Feedback 3.4.3 Development Environment Item Methods Use Case Gantt Chart Tools Rational Rose Microsoft Project Eclipse Languages UML Java Applied For Requirement capturing Project Scheduling Design Project Scheduling Coding Design Core Logic, GUI

3.5 Risk Management Project Risk Management Plan Purpose A Project Risk Management Plan is a controlling document that incorporates goals, strategies and methods for performing risk management on the project. The Project Risk Management Plan describes all aspects of the risk identification, estimation, evaluation and control processes. The purpose of developing such a plan is to determine the approach for cost-effectively performing risk management on the project. Stakeholders Roles and Responsibilities: Role Risk Management Assignment Responsibility Project team members The project team Monish Madhani members are responsible Nayan Gawande for the Project Risk Priya Patole Management Plan being implemented and for reporting to the Project Sponsor and Management Group

Risk Management Process and Activities Risk Management Risk Management Task Activity Description Inadequate Requirement Brain Storming session data with client Defects in Modules Test every modules after completion Error in syntax of code Verify code Incomplete Testing Late submission of modules Rigorous Testing Frequent Meetings and progress report

Ownership (Participants) Monish Madhani Nayan Gawande, Priya Patole. Nayan Gawande, Priya Patole. Nayan Gawande, Priya Patole. Nayan Gawande

Risk Assesment and Management Table Risk Type Risk and Risk Description Chance Requirement The data Medium Risk collected from the client could be incomplete or ambiguous Technological Defects in High Risk modules: The module could malfunction Technological Defects in Medium Risk code: The syntax could not be syntactically correct or the structure could not be well defined Technological Inadequate Medium Risk Testing: The testing performed could be inadequate

Risk Impact Medium

Risk Priority Medium

Risk Owner

High

High

Medium

Medium

Medium

Medium

leading to defect. Estimation Late Medium Risk submissions of modules: The modules could be submitted later than the scheduled time Technological Addeition of High Risk new modules: Addition of new modules could lead to system failure Tool Risk Defect in Low Server: Defects in server could cause the system to fail 3.6 Communication and Reporting Type of Method/ Frequency/Sc Communic Tool hedule ation Internal Communication: Project Brain Weekly and Meetings Stormin on event g Sharing of project data Milestone Meetings Email When available

Medium

Medium

High

High

High

Medium

Information

Participants/Res ponsible

Project status,problems,risks ,changed requirements All project documentation and reports Project status (progress)

Project manager Project Team Members Project Manager(s) Project Team Members Project manager Sub-project manager

Brain Stormin g

Before Milestones

External Communication and Reporting: Project Email On event Project Report -Status -Progress -Forecast -Risks 3.7 Delivery Plan 3.7.1 Deliverables and Receivers Ident. Deliverable Planned Date D1 Project Report D2 D3 D4 User Manual Source Code Technical Reference

Project Manager Sub-Project Managers

Receiver Ms.Shailaja Gogate Ms.Shailaja Gogate Ms.Shailaja Gogate Ms.Shailaja Gogate

3.8 Gantt Chart

SOFTWARE DESIGN DOCUMENT

INTRODUCTION PURPOSE OF THIS DOCUMENT The purpose of this document is to present project design, to give detail on project architecture and data flow diagrams. INTENDED AUDIENCE This document is intended for : Team members usage to guide team members on the implementation. Project guide to see how the project will be structured. SCOPE This document will abstract implementation details on the level of modules, so we will not deal with the details of how every module will be implemented, but rather specify each of the modules purpose, interface and function. The database will be presented in its final form.

USE CASE DIAGRAM

Use case for login:-

Software

Display login page User

Enter name and password

Verify member

Update database

Already a member Not a member

Display Register page Display home page

Register member

Use case for learning:-

User

Click on Learning Tab

Display topics Software

Select a topic

Display Information

Use case for demonstration:-

Click on demonstration tab

User

Display demo algorithms

Software Select a demo algorithm

Display demonstration of selected algorithm

Use case for running a demo algorithm:-

Encryption button

User

Click on demonstration tab Decryption Button

Output for encryption

Software

Click on encryption button

Click on Decryption button Output of decryption

Use case for case studies:-

Click on case studies tab

User

List various case study examples

Software

Select a particular case study

Display the case study

Use case for queries:-

User Click on queries tab

Software

Send a query

Email the solution requested

CLASS DIAGRAM :-

SEQUENCE DIAGRAM:
Sequence diagram for login:-

: User

: login

: software

: Home page

: Registered User

: Unregistered user

: Database

: Register page

goes to( )

sends details to( ) verify member( ) present( )

display( )

not_present( )

display( ) accept( )

register( ) update( )

Sequence diagram for learning:-

: User

learning tab : Subject select( )

topic : Subject

: software

accept( ) display( )

select( ) accept( )

display( )

Sequence diagram for demonstration:-

: User

demonstration tab : Subject select( )

demo algorithm...

: software

accept( )

display( )

select( )

accept( )

display( )

Sequence diagram for case studies:-

: User select( )

case studies tab : Subject

examples : Subject

: software

accept( )

display( )

select( )

accept( )

display( )

Sequence diagram for queries:-

: User

queries tab : Subject select( )

query page : Subject

: software

display( )

accept( )

display( )

SOFTWARE TEST CASE DOCUMENT

While testing a web application you need to consider following Cases: Functionality Testing Performance Testing Usability Testing Server Side Interface Client Side Compatibility Security Functionality: In testing the functionality of the web sites the following should be tested: Links i. Internal Links ii. External Links iii. Mail Links iv. Broken Links Forms i. Field validation ii. Error message for wrong input iii. Optional and Mandatory fields Database Testing will be done on the database integrity. Cookies Testing will be done on the client system side, on the temporary Internet files. Performance : Performance testing can be applied to understand the web sites scalability, or to benchmark the performance in the environment of third party products such as servers and middleware for potential purchase. Connection Speed: Tested over various networks like Dial Up, ISDN etc Load: i. What is the no. of users per time? ii. Check for peak loads and how system behaves iii. Large amount of data accessed by user Stress: i. Continuous Load ii. Performance of memory, CPU, file handling etc.. Usability: Usability testing is the process by which the human-computer interaction

characteristics of a system are measured, and weaknesses are identified for correction. Ease of learning Navigation Subjective user satisfaction General appearance Server Side Interface: In web testing the server side interface should be tested. This is done by verify that communication is done properly. Compatibility of server with software, hardware, network and database should be tested. Client Side Compatibility: The client side compatibility is also tested in various platforms, using various browsers etc. Security: The primary reason for testing the security of a web is to identify potential vulnerabilities and subsequently repair them. Network Scanning Vulnerability Scanning Password Cracking Log Review Integrity Checkers Virus Detection

2) Test case ID 1 2 3 4

Purpose

Input

Expectedoutput

Actual output

Y/N

To view the Portal Registering on Portal Login on the Portal Connectivity to database

Type the URL Click on register Click on Login user input login and password

Website login page opens Registration page opens Login page opens Verify passwords from database and provides access

Testing of various algorithms Connectivity between various webpages Users Providing values

Values input by user Check for back

Website login page opens Registration page opens Login page opens Verify passwords from database and provides access Output given by Output given by the algorithm with the algorithm values with values Previous page Previous page opens opens

Y Y Y Y

Input given by user

Give error with no Give error with proper values no proper values