INDEX

TITLE PAGE NO.

Abstract
1. Introduction
1.1Abstract
1.2Introduction
2. System Analysis
2.1 Existing System
2.2 Proposed System
2.3 Feasibility Study
2.3.1Operational feasibility
2.3.2Technical feasibility
2.3.3Economic feasibility

3. System Environment
3.1Hardware Requirements
3.2Software Requirements
4.Modules
4.1Module description
5. System Design
Introduction
5.1 Data Flow Diagrams
5.2 E-R Diagrams
5.3Use case diagram
5.4Class diagram
5.5Sequence diagram
6. Form designs
7. System Implementation
Introduction
7.1Quality requirements
 7.2Algorithmetic complexity
7.3Methologies
` 7.4Measuring language usages
8. System Testing
9. Conclusion
10. Bibliography
 Dual-Server Public-Key Encryption with Keyword Search for
Secure Cloud Storage
Abstract

Searchable encryption is of increasing interest for protecting the data privacy in secure
searchable cloud storage. In this work, here investigate the security of a herell-known
cryptographic primitive, namely Public Key Encryption with Keyword Search (PEKS) which is
very useful in many applications of cloud storage. Unfortunately, it has been shown that the
traditional PEKS framework suffers from an inherent insecurity called inside Keyword Guessing
Attack (KGA) launched by the malicious server. To address this security vulnerability, here
propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword
Search (DS-PEKS). As another main contribution, here define a new variant of the Smooth
Projective Hash Functions (SPHFs) referred to as linear and homomorphic SPHF (LH-SPHF).
Here then show a generic construction of secure DS-PEKS from LH-SPHF. To illustrate the
feasibility of our new framework, here provide an efficient instantiation of the general
framework from a DDH-based LH-SPHF and show that it can achieve the strong security against
inside KGA. Recently, some dPEKS schemes, including the Rhee et al. scheme, herere found to
be vulnerable to keyword guessing attacks by a malicious server. Hoherever, the Rhee et al.
dPEKS scheme and its improved variants are still known to be secure against keyword guessing
attack by the outsider attacker to date. In this paper, here present a keyword guessing attack by
the outsider attacker on the existing dPEKS schemes

. INTRODUCTION

After analyzing the requirements of the task to be performed, the next step is to analyze the
problem and understand its context. The first activity in the phase is studying the existing system
and other is to understand the requirements and domain of the new system. Both the activities are
equally important, but the first activity serves as a basis of giving the functional specifications
and then successful design of the proposed system. Understanding the properties and
requirements of a new system is more difficult and requires creative thinking and understanding
of existing running system is also difficult, improper understanding of present system can lead
diversion from solution.
SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

To analyze its performance, here first give a comparison bethereen existing schemes and our
scheme and then evaluate its performance in experiments. Here also revised the preliminary
version [1] to enhance the presentation and readability. In the related work part, compared to the
preliminary version, here add more literatures and give a clearer classification of the existing
schemes based on their security. Here present the security models of DS-PESK as experiments to
make them more readable. Moreover, to make the concepts of SPHF and our newly defined
variant clearer to highlight their key properties.

here present an efficient instantiation of DS-PEKS from SPHF based on a language defined by
the Diffie-Hellman problem in Section 6. Here also analyze the performance of our scheme
through comparisons with existing works and experimental evaluation.

DISADVANTAGES

Unexpected privilege escalation will expose all

It is not efficient.
Shared data will not be secure.

2.2 PROPOSED SYSTEM

Searchable encryption can be realized in either symmetric or asymmetric encryption setting. In

Song et al. proposed keyword search on ciphertext, known as Searchable Symmetric Encryption
(SSE) and afterwards several SSE schemes herere designed for improvements. Although SSE
schemes enjoy high efficiency, they suffer from complicated secret key distribution.

The offline keyword guessing attack against PEKS as keywords are chosen from a much smaller
space than passwords and users usually use herell-known keywords for searching documents.
They also pointed out that the scheme proposed in Boneh et al. was susceptible to keyword
guessing attack.

The first PEKS scheme secure against outside keyword guessing attacks was proposed by Rhee
et al. In the notion of trapdoor indistinguishability was proposed and the authors shohered that
trapdoor indistinguishability is a sufficient condition for preventing outside keyword-guessing
attacks. Fang et al. proposed a concrete SCF-PEKS scheme with (outside) KGA resilience.

ADVANTAGES OF PROPOSED SYSTEM:

It is more secure.
Decryption key should be sent via a secure channel and kept secret.
It is an efficient public-key encryption scheme which supports flexible delegation.

IMPLEMENTATION

Here formally define the Dual-Server Public Key Encryption with Keyword Search (DS-PEKS)
and its security model. A DS-PEKS scheme mainly consists of (KeyGen, DS-PEKS, DS-
Trapdoor; FrontTest; BackTest). To be more precise, the KeyGen algorithm generates the
public/private key pairs of the front and back servers instead of that of the receiver.

1. AN INSTANTIATION OF DS-PEKS

Computation Costs all the existing schemes require the pairing computation during the
generation of PEKS ciphertext and testing and hence are less efficient than our scheme, which
does not need any pairing computation.

The Diffie-Hellman key exchange protocol was invented by Diffie and Hellman in 1976.
It was the first practical method for two users to establish a shared secret key over an unprotected
communications channel. Although it is a non authenticated key exchange protocol, it provides
the basis for a variety of authenticated protocols. Diffie-Hellman key exchange protocol was
follohered shortly afterward by RSA, the first practical public key cryptosystem.

ElGamal Encryption Scheme

 Each user has a private key x

Each user has three public keys: prime modulus p, generator g and public Y = gxmod p

Security is based on the difficulty of DLP

Secure key size > 1024 bits ( today even 2048 bits)

Elgamal is quite slow, it is used mainly for key authentication protocols

2.3 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is put forth with a
very general plan for the project and some cost estimates. During system analysis the feasibility
study of the proposed system is to be carried out. This is to ensure that the proposed system is
not a burden to the company. For feasibility analysis, some understanding of the major
requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

 ECONOMICAL FEASIBILITY
 TECHNICAL FEASIBILITY
 SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as herell
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.

TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of
the system. Any system developed must not have a high demand on the available technical
resources. This will lead to high demands on the available technical resources. This will lead to
high demands being placed on the client. The developed system must have a modest
requirement, as only minimal or null changes are required for implementing this system.

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This includes
the process of training the user to use the system efficiently. The user must not feel threatened by
the system, instead must accept it as a necessity. The level of acceptance by the users solely
depends on the methods that are employed to educate the user about the system and to make him
familiar with it. His level of confidence must be raised so that he is also able to make some
constructive criticism, which is herelcomed, as he is the final user of the system.

Java Technology

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be characterized by all of the
following buzzwords:

 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure
With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
language called Java byte codes —the platform-independent codes interpreted by the interpreter
on the Java platform. The interpreter parses and runs each Java byte code instruction on the
computer. Compilation happens just once; interpretation occurs each time the program is
executed. The following figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual Machine
(Java VM). Every Java interpreter, whether it’s a development tool or a Hereb browser that can
run applets, is an implementation of the Java VM. Java byte codes help make “write once, run
anywhere” possible. You can compile your program into byte codes on any platform that has a
Java compiler. The byte codes can then be run on any implementation of the Java VM. That
means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
The Java Platform
A platform is the hardware or software environment in which a program runs. Here’ve
already mentioned some of the most popular platforms like Windows 2000, Linux,
Solaris, and MacOS. Most platforms can be described as a combination of the operating
system and hardware. The Java platform differs from most other platforms in that it’s a
software-only platform that runs on top of other hardware-based platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What Can Java Technology Do? Highlights what
functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.
 Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a
bit sloherer than native code. Hoherever, smart compilers, herell-tuned interpreters, and
just-in-time byte code compilers can bring performance close to that of native code
without threatening portability.
What Can Java Technology Do?
The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Hereb, you’re probably already familiar
with applets. An applet is a program that adheres to certain conventions that allow it to
run within a Java-enabled browser.

Hoherever, the Java programming language is not just for writing cute, entertaining
applets for the Hereb. The general-purpose, high-level Java programming language is
also a pohererful software platform. Using the generous API, you can write many types
of programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples
of servers are Hereb servers, proxy servers, mail servers, and print servers. Another
specialized program is a servlet. A servlet can almost be thought of as an applet that runs
on the server side. Java Servlets are a popular choice for building interactive hereb
applications, replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers, though, servlets
run within Java Hereb servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
  Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
 Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
 Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
 Software components: Known as JavaBeansTM, can plug into existing
component architectures.
 Object serialization: Allows lighthereight persistence and communication via
Remote Method Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts what
is included in the Java 2 SDK.

How Will Java Technology Change My Life?

Here can’t promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and requires less
 effort than other languages. Here believe that Java technology will help you do the
following:
 Get started quickly: Although the Java programming language is a pohererful
object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
 Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language can
be four times smaller than the same program in C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce feherer
bugs.
 Develop programs more quickly: Your development time may be as much as
twice as fast versus writing the same program in C++. Why? You write feherer
lines of code and it is a simpler programming language than C++.
 Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The
100% Pure JavaTM Product Certification Program has a repository of historical
process manuals, white papers, brochures, and similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
 Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded
“on the fly,” without recompiling the entire program.

ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax that
is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they
are installed when you setup a separate database application, such as SQL Server Client or
Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program
and each maintains a separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle or
SQL Server. Here only mention these two as an example. There are ODBC drivers available for
several dozen popular database systems. Even Excel spreadsheets and plain text files can be
turned into data sources. The operating system uses the Registry information written by ODBC
Administrator to determine which low-level ODBC drivers are needed to talk to the data source
(such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent
to the ODBC application program. In a client/server environment, the ODBC API even handles
many of the network issues for the application programmer.
The advantages of this scheme are so numerous that you are probably thinking there must
be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to
the native database interface. ODBC has had many detractors make the charge that it is too slow.
Microsoft has always claimed that the critical factor in performance is the quality of the driver
software that is used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance is somewhat
analogous to those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs, which means you finish sooner. Meanwhile, computers get faster every year.

JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface
is achieved through the use of “plug-in” database connectivity modules, or drivers. If a database
vendor wishes to have JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.
Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon
after.
The remainder of this section will cover enough information about JDBC for you to know what it
is about and how to use it effectively. This is by no means a complete overview of JDBC. That
would fill an entire book.

JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because of
its many goals, drove the development of the API. These goals, in conjunction with early
revieherer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that herere set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC are
as follows:

1. SQL Level API

 The designers felt that their main goal was to define a SQL interface for Java. Although
not the loherest database interface level possible, it is at a low enough level for higher-level
tools and APIs to be created. Conversely, it is at a high enough level for application
programmers to use it confidently. Attaining this goal allows for future tool vendors to
“generate” JDBC code and to hide many of JDBC’s complexities from the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to
support a wide variety of vendors, JDBC will allow any query statement to be passed through
it to the underlying database driver. This allows the connectivity module to handle non-
standard functionality in a manner that is suitable for its users.

3. JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal
allows JDBC to use existing ODBC level drivers by the use of a software interface. This
interface would translate JDBC calls to ODBC and vice versa.
4. Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that they
should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method of
completing a task per mechanism. Allowing duplicate functionality only serves to confuse
the users of the API.

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less error
appear at runtime.

7. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to
perform with JDBC. Hoherever, more complex SQL statements should also be possible.
 Finally here decided to proceed the implementation using Java Networking.

And for dynamically updating the cache table here go for MS Access database.

JAVA HA TWO THINGS: A PROGRAMMING LANGUAGE AND A PLATFORM.

JAVA IS A HIGH-LEVEL PROGRAMMING LANGUAGE THAT IS ALL OF THE

FOLLOWING

SIMPLE ARCHITECTURE-NEUTRAL

OBJECT-ORIENTED PORTABLE

DISTRIBUTED HIGH-PERFORMANCE

INTERPRETED MULTITHREADED

ROBUST DYNAMIC

SECURE

JAVA IS ALSO UNUSUAL IN THAT EACH JAVA PROGRAM IS BOTH COMPILED AND
INTERPRETED. WITH A COMPILE YOU TRANSLATE A JAVA PROGRAM INTO AN

INTERMEDIATE LANGUAGE CALLED JAVA BYTE CODES THE PLATFORM-

INDEPENDENT CODE INSTRUCTION IS PASSED AND RUN ON THE COMPUTER.

COMPILATION HAPPENS JUST ONCE; INTERPRETATION OCCURS EACH TIME THE

PROGRAM IS EXECUTED. THE FIGURE ILLUSTRATES HOW THIS WORKS.

 Java Program Interpreter

Compilers My Program

YOU CAN THINK OF JAVA BYTE CODES AS THE MACHINE CODE INSTRUCTIONS

FOR THE JAVA VIRTUAL MACHINE (JAVA VM). EVERY JAVA INTERPRETER,

WHETHER IT’S A JAVA DEVELOPMENT TOOL OR A HEREB BROWSER THAT CAN RUN
JAVA APPLETS, IS AN IMPLEMENTATION OF THE JAVA VM. THE JAVA VM CAN ALSO
BE IMPLEMENTED IN HARDWARE.

JAVA BYTE CODES HELP MAKE “WRITE ONCE, RUN ANYWHERE” POSSIBLE. YOU
CAN COMPILE YOUR JAVA PROGRAM INTO BYTE CODES ON MY PLATFORM THAT HAS

A JAVA COMPILER. THE BYTE CODES CAN THEN BE RUN ANY IMPLEMENTATION OF

THE JAVA VM. FOR EXAMPLE, THE SAME JAVA PROGRAM CAN RUN WINDOWS NT,
SOLARIS, AND MACINTOSH.

Networking

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

 TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a
connectionless protocol.

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers

each datagram independently of the others. Any association bethereen datagram must
be supplied by the higher layers. The IP layer supplies a checksum that includes its own
header. The header includes the source and destination addresses. The IP layer handles
routing through an Internet. It is also responsible for breaking up large datagram into
smaller ones for transmission and reassembling them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the
contents of the datagram and port numbers. These are used to give a client/server model
- see later.
TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It

provides a virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer which
gives the IP address. This encodes a network ID and more addressing. The network ID
falls into various classes according to the size of the network address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other
addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network
addressing and class D uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is currently
on one sub network and uses 10-bit addressing, allowing 1024 different hosts.

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of
256 machines that can be on the subnet.

Total address
 The 32 bit address is usually written as 4 integers separated by dots.

Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To
send a message to a server, you send it to the port for that service of the host that it is
running on. This is not location transparency! Certain of these ports are "herell known".

Sockets

A socket is a data structure maintained by the system to handle network

connections. A socket is created using the call socket. It returns an integer that is like a
file descriptor. In fact, under Windows, this handle can be used with Read File and
Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero, and
type will depend on whether TCP or UDP is used. Two processes wishing to
communicate over a network create a socket each. These are similar to two ends of a
pipe - but the actual pipe does not yet exist.

JFree Chart
 JFreeChart is a free 100% Java chart library that makes it easy for developers to display
professional quality charts in their applications. JFreeChart's extensive feature set
includes:

A consistent and herell-documented API, supporting a wide range of chart types;

A flexible design that is easy to extend, and targets both server-side and client-
side applications;

Support for many output types, including Swing components, image files
(including PNG and JPEG), and vector graphics file formats (including PDF, EPS and
SVG);

JFreeChart is "open source" or, more specifically, free software. It is distributed

under the terms of the GNU Lesser General Public Licence (LGPL), which permits use in
proprietary applications.

1. Map Visualizations
Charts showing values that relate to geographical areas. Some examples include:
(a) population density in each state of the United States, (b) income per capita for each
country in Europe, (c) life expectancy in each country of the world. The tasks in this
project include:

Creating an appropriate dataset interface (plus default implementation), a

rendered, and integrating this with the existing XYPlot class in JFreeChart;

Testing, documenting, testing some more, documenting some more.

2. Time Series Chart Interactivity

Implement a new (to JFreeChart) feature for interactive time series charts --- to display a
separate control that shows a small version of ALL the time series data, with a sliding "view"
rectangle that allows you to select the subset of the time series data to display in the main
chart.
3. Dashboards

There is currently a lot of interest in dashboard displays. Create a flexible dashboard

mechanism that supports a subset of JFreeChart chart types (dials, pies, thermometers, bars,
and lines/time series) that can be delivered easily via both Java Hereb Start and an applet.

4. Property Editors

The property editor mechanism in JFreeChart only handles a small subset of the
properties that can be set for charts. Extend (or reimplement) this mechanism to provide
greater end-user control over the appearance of the charts.

Tomcat 6.0 hereb server

Tomcat is an open source hereb server developed by Apache Group. Apache Tomcat is the
servlet container that is used in the official Reference Implementation for the Java Servlet and
JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are
developed by Sun under the Java Community Process. Hereb Servers like Apache Tomcat
support only hereb components while an application server supports hereb components as herell
as business components (BEAs Hereblogic, is one of the popular application server).To develop
a hereb application with jsp/servlet install any hereb server like JRun, Tomcat etc to run your
application.
SYSTEM ENVIRONMENT

3.1 H/W System Configuration:

Processor - Pentium –III

Speed - 1.1 Ghz

RAM - 256 MB(min)

Hard Disk - 20 GB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

3.2 S/W System Configuration:

 Operating System :Windows95/98/2000/XP

 Application Server : Tomcat5.0/6.X

 Front End : HTML, Java, Jsp

 Scripts : JavaScript.

 Server side Script : Java Server Pages.

 Database : Mysql

 Database Connectivity : JDBC.

MODULES

4.1 SMOOTH PROJECTIVE HASH FUNCTIONS

A central element of our construction for dual-server public key encryption with keyword search
is smooth projective hash function (SPHF), a notion introduced by Cramer and Shoup . Here
start with the original definition of an SPHF.

An SPHF is defined based on a domain X and an NP language L, where L contains a subset of

the elements of the domain X, i.e., L ⊂ X. Formally, an SPHF system over a language L ⊂ X,

onto a set Y, is defined by the following five algorithms (SPHFSetup, HashKG, ProjKG, Hash,
ProjHash):

 SPHFSetup(1λ): generates the global parameters param and the description of an NP

language instance L;
 HashKG(L, param): generates a hashing key hk for L;
 ProjKG(hk, (L, param)): derives the projection key hp from the hashing key hk;

 Hash(hk, (L,param),W): outputs the hash value hv ∈ Y for the word W from the

hashing key hk;

 ProjHash(hp, (L, param),W,ω): outputs the hash value hv’ ∈ Y for the word W from the

projection key hp and the witness w for the fact that W∈L.
4.2 GENERIC CONSTRUCTION OF DS-PEKS

SPHF = (SPHFSetup, HashKG, ProjKG, Hash, ProjHash) be a LH-SPHF over the language L
onto the set Y. Let W be the witness space of the language L and KW be the keyword space. Our
generic construction DS-PEKS works.
Correctness Analysis. One can see that the correctness of this construction is guaranteed by the
properties of the LHSPHF.

For the algorithm FrontTest,

here have x = Hash(P, skFS,W)

= Hash(P, skFS,W1⊙ W2)

= Hash(P, skFS,W1) ⊛ Hash(P; skFS;W2)

= x1 ⊛ x2.

Therefore,

C = C1 ⊛ C2 ⊛ x-1

= x1 ⊛ y1 ⊛ (kw1) ⊛ x2 ⊛ y2 ⊛ (kw2)-1 (x1 ⊛ x2)-1

= y1 ⊛ y2 ⊛ (kw1) ⊛ (kw2)-1.

For the algorithm BackTest, here have

Hash(P; skBS,W*)

= Hash(P, skBS,∆w ⊗ W)

= ∆w • Hash(P, skBS,W1 ⊚ W2).

= ∆w • (Hash(P, skBS,W1) ⊛ Hash(P, skBS,W2))

= ∆w • (y1 ⊛ y2).

It is easy to see that if kw1 = kw2, then Hash(P,skBS,W*) = ∆w • C = C*. Otherwise,

Hash(P, skBS,W*) ≠ C*due to the collision-resistant property of the hash function .
3. AN INSTANTIATION OF DS-PEKS

Computation Costs all the existing schemes require the pairing computation during the
generation of PEKS ciphertext and testing and hence are less efficient than our scheme, which
does not need any pairing computation.

The Diffie-Hellman key exchange protocol was invented by Diffie and Hellman in 1976.
It was the first practical method for two users to establish a shared secret key over an unprotected
communications channel. Although it is a non authenticated key exchange protocol, it provides
the basis for a variety of authenticated protocols. Diffie-Hellman key exchange protocol was
follohered shortly afterward by RSA, the first practical public key cryptosystem.

ElGamal Encryption Scheme

Each user has a private key x

Each user has three public keys: prime modulus p, generator g and public Y = gxmod p

Security is based on the difficulty of DLP

Secure key size > 1024 bits ( today even 2048 bits)

Elgamal is quite slow, it is used mainly for key authentication protocols

SYSTEM DESIGN
5 INTRODUCTION

Software design sits at the technical kernel of the software engineering process and is
applied regardless of the development paradigm and area of application. Design is the first step
in the development phase for any engineered product or system. The designer’s goal is to
produce a model or representation of an entity that will later be built. Beginning, once system
requirement have been specified and analyzed, system design is the first of the three technical
activities -design, code and test that is required to build and verify software.

The importance can be stated with a single word “Quality”. Design is the place where
quality is fostered in software development. Design provides us with representations of software
that can assess for quality. Design is the only way that here can accurately translate a customer’s
view into a finished software product or system. Software design serves as a foundation for all
the software engineering steps that follow. Without a strong design here risk building an unstable
system – one that will be difficult to test, one whose quality cannot be assessed until the last
stage.

During design, progressive refinement of data structure, program structure, and

procedural details are developed reviehered and documented. System design can be viehered
from either technical or project management perspective. From the technical point of view,
design is comprised of four activities – architectural design, data structure design, interface
design and procedural design.

5.1 NORMALIZATION

It is a process of converting a relation to a standard form. The process is used to handle

the problems that can arise due to data redundancy i.e. repetition of data in the database,
maintain data integrity as herell as handling problems that can arise due to insertion, updating,
deletion anomalies.

Decomposing is the process of splitting relations into multiple relations to eliminate

anomalies and maintain anomalies and maintain data integrity. To do this here use normal forms
or rules for structuring relation.
Insertion anomaly: Inability to add data to the database due to absence of other data.

Deletion anomaly: Unintended loss of data due to deletion of other data.

Update anomaly: Data inconsistency resulting from data redundancy and partial update

Normal Forms: These are the rules for structuring relations that eliminate anomalies.

FIRST NORMAL FORM:

A relation is said to be in first normal form if the values in the relation are atomic for
every attribute in the relation. By this here mean simply that no attribute value can be a set of
values or, as it is sometimes expressed, a repeating group.

SECOND NORMAL FORM:

A relation is said to be in second Normal form is it is in first normal form and it should
satisfy any one of the following rules.

1) Primary key is a not a composite primary key

2) No non key attributes are present
3) Every non key attribute is fully functionally dependent on full set of primary key.
THIRD NORMAL FORM:

A relation is said to be in third normal form if their exits no transitive dependencies.

Transitive Dependency: If two non key attributes depend on each other as herell as on the
primary key then they are said to be transitively dependent.

The above normalization principles herere applied to decompose the data in multiple
tables thereby making the data to be maintained in a consistent state.

5.2 E-R Diagrams

 The relation upon the system is structure through a conceptual ER-

Diagram, which not only specifics the existential entities but also the standard
relations through which the system exists and the cardinalities that are necessary
for the system state to continue.

 The entity Relationship Diagram (ERD) depicts the relationship bethereen the
 data objects. The ERD is the notation that is used to conduct the date modeling
activity the attributes of each data object noted is the ERD can be described resign
a data object descriptions.

 The set of primary components that are identified by the ERD are

 Data object

 Relationships

 Attributes

 Various types of indicators.

The primary purpose of the ERD is to represent data objects and their relationships.

5.3 DATA DICTIONARY

After carefully understanding the requirements of the client the entire data storage
requirements are divided into tables. The below tables are normalized to avoid any anomalies
during the course of data entry.

Data Flow Diagram / Use Case Diagram / Flow Diagram

The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of the input data to the system, various processing carried out
on these data, and the output data is generated by the system.

SYSTEM DESIGN

Data Flow Diagram / Use Case Diagram / Flow Diagram

The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to
represent a system in terms of the input data to the system, various processing carried out on
these data, and the output data is generated by the system.

Data Flow Diagram:(User)

 User Login

Yes No
Check

Unauthorized
File Share

Key Generation

Elgamal Encryption

File Search

Elgamal Decryption/ EndProcess

Download File

Component Diagram:

user:

Enter Username And Password

Elgamal
User

Key Generation Elgamal Encryption Elgamal Decryption

Use case Diagram:

user:

User

Key Exchange

compromised the servers S1 and S2 to

Diffie Hellman
server S2 communicate

ACTIVITY DIAGRAM: (user)

START

Elgamal

Key Generation Elgamal Encryption Elgamal Decryption

End Process

a
Sequence Diagram:

(user)

Server 1 Server 2
user Registration Registration Key Generation Elgamal Encryption Elgamal Decryption

Enter UserName And Password

ER Diagram

User
FORM DESIGNS
SYSTEM IMPLEMENTATION

7.1 ALGORITHM COMPLEXITY

A DS-PEKS scheme mainly consists of (KeyGen, DS-PEKS, DS-Trapdoor; FrontTest;

BackTest). To be more precise, the KeyGen algorithm generates the public/private key pairs of
the front and back servers instead of that of the receiver. Moreover, the trapdoor generation
algorithm DS-Trapdoor defined here is public while in the traditional PEKS definition [5], [13],
the algorithm Trapdoor takes as input the receiver’s private key. Such a difference is due to the
different structures used by the two systems. In the traditional PEKS, since there is only one
server, if the trapdoor generation algorithm is public, then the server can launch a guessing
attack against a keyword ciphertext to recover the encrypted keyword. As a result, it is
impossible to achieve the semantic security as defined in [5], [13]. Hoherever, as here will show
later, under the DS-PEKS framework, here can still achieve semantic security when the trapdoor
generation algorithm is public. Another difference bethereen the traditional PEKS and our
proposed DS-PEKS is that the test algorithm is divided into two algorithms, FrontTest and
BackTest run by two independent servers. This is essential for achieving security against the
inside keyword guessing attack. In the DS-PEKS system, upon receiving a query from the
receiver, the front server pre-processes the trapdoor and all the PEKS ciphertexts using its
private key, and then sends some internal testing-states to the back server with the corresponding
trapdoor and PEKS ciphertexts hidden. The back server can then decide which documents are
queried by the receiver using its private key and the received internal testing-states from the front
server. The formal definition of DS-PEKS is as follows.

Definition 1 (DS-PEKS). A DS-PEKS scheme is defined by the following algorithms.

_ Setup(1_). Takes as input the security parameter _, generates the system parameters P;
_ KeyGen(P): Takes as input the systems parameters P, outputs the public/secret key pairs
(pkFS; skFS), and (pkBS; skBS) for the front server, and the back server respectively; _ DS-
PEKS(P; pkFS; pkBS; kw1): Takes as input P, the front server’s public key pkFS, the back
server’s public key pkBS and the keyword kw1, outputs the PEKS ciphertext CTkw1 of kw1;
_ DS-Trapdoor(P; pkFS; pkBS; kw2): Takes as input P, the front server’s public key pkFS, the
back server’s public key pkBS and the keyword kw2, outputs the trapdoor Tkw2 ;
_ FrontTest(P; skFS;CTkw1 ; Tkw2 ): Takes as input P,
the front server’s secret key skFS, the PEKS ciphertext CTkw1 and the trapdoor Tkw2 , outputs
the internal testing-state CITS; _ BackTest(P; skBS;CITS): Takes as input P, the back
server’s secret key skBS and the internal testing-state CITS, outputs the testing result 0 or 1;
Correctness. It is required that for any keyword kw1; kw2, and CTkw1 DS-PEKS(P; pkFS;
pkBS; kw1), Tkw2 DS-Trapdoor(P; pkFS; pkBS; kw2), here have BackTest(P; skBS;CITS) =
( 1 kw1 = kw2; 0 kw1 6= kw2: where CITS FrontTest(P; skFS;CTkw1 ; Tkw2 ):

2.2 Security Models

In this subsection, here formalise the following security models for a DS-PEKS scheme against
the adversarial front and back servers, respectively. One should note that both the front server
and the back server here are supposed to be “honest but curious” and will not collude with each
other. More precisely, both the servers perform the testing strictly following the scheme
procedures but may be curious about the underlying keyword. Here should note that the
following security models also imply the security guarantees against the outside adversaries
which have less capability compared to the servers.

Adversarial Front Server. In this part, here define the security

against an adversarial front server.Here introduce two games, namely semantic-security against
chosen keyword attack
1.1 and indistinguishability against keyword guessing attack1

7.2 MEASURING LANGUAGE

JSP

Java Server pages are a way of providing server side executable content in a herebpage. In other
words, a way of providing a Hereb page which is varied depending on conditions on the server,
information filled in to a form, etc. The original way of providing server side executable content
was through the Common Gateway Interface (CGI) and a variety of programming languages
such as C, C++ and (most prevalent) Perl. Indeed, Perl and CGI are still growing though not to
the same extent as some other technologies. More recently, Java servlets have been introduced
and they allow you to use a similar approach to writing server side executable content – a
program which produces an HTML page as its output.
 Java servlets are more efficient in operation than CGI programs, and for heavily used
servers they provide an excellent solution. You'll probably want to choose bethereen mod Perl,
servlets, and your own server written in C or C++ for such applications. But for many server
side applications, the number of changes made on a reply page is really quite small and the work
involved in calculating the changes is nearly insignificant. A great shame, then, to have to write a
program to spit out a huge chunk of non-varying text with just a little changing within it. Many
hereb servers can support "Server Side Includes" - where a page is parsed by the hereb server on
its way from the document directory to the browser, and substitutions of certain variable are
made. Using SSI, operating system commands can even be run and their outputs written in to the
page sent to the browser - such a hereb page looks different if you examine the source on the
server's discs and if you ask your browser to "view source".

Active Server Pages (ASP) from Microsoft takes a similar approach to SSI. You write Hereb
pages which include chunks of one or more of VBScript, Perl Script and JavaScript, and the page
is parsed and the script run as the server feeds the page through to the browser. The facilities
provided are much more extensive that SSI, but with the "interpret every time" approach efficient
of operation is not a strong point of this scheme – even the Microsoft documentation warns you
of the fact!

The SSI/ASP approach is a good one, but there's a requirement for something that works along
the same lines as part as the provider is concerned: "A page of HTML that changes is not a
program" but doesn't have the same run time resource inefficiencies. Of course, to make it
portable a language like Java would be nice, especially if your programmers already know Java.

The OO abilities and large class libraries will minimize what's needed in each individual
hereb page ... and so came about Java Server pages, or JSP. JSP is much more recent than ASP
(SSI has been around for a very long time); much of the documentation, etc., being dated early
2000 and as I write this material, anyone who's already using it is an "early adopter" whereas
ASP, servlets, etc., are already herell established. Time will tell us if the design promise of JSP
gets translated into a heavily used product.

The JSP specification was written by Sun, and they provide a test reference server.
Hoherever, you'll probably find that Apache "Tomcat" will become the big kid on the block as a
JSP Server; it's open source, freely available, and here see no reason why it shouldn't be just as
robust as the rest of Apache's Hereb server!

• A language for developing JSP pages, which are text-based documents that describe how to
process a request and construct a response

• Constructs for accessing server-side objects

• Mechanisms for defining extensions to the JSP language

A JSP page is a text-based document that contains two types of text: static template data, which
can be expressed in any text-based format, such as HTML, SVG, WML, and XML; and JSP
elements, which construct dynamic content. A syntax card and reference for the JSP elements are
available at

http://java.sun.com/products/jsp/technical.html#syntax

The Life Cycle of a JSP Page

A JSP page services requests as a servlet. Thus, the life cycle and many of the capabilities of JSP
pages (in particular the dynamic aspects) are determined by Java Servlet technology. When a
request is mapped to a JSP page, it is handled by a special servlet that first checks whether the
JSP page’s servlet is older than the JSP page. If it is, it translates the JSP page into a servlet class
and compiles the class. During development, one of the advantages of JSP pages over servlets is
that the build process is performed automatically.

Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer
Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under
the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and released under
the Apache License version 2. Apache Tomcat is intended to be a collaboration of the best-of-
breed developers from around the world. Here invite you to participate in this open development
project. To learn more about getting involved, click here.
Apache Tomcat poherers numerous large-scale, mission-critical hereb applications across a
diverse range of industries and organizations. Some of these users and their stories are listed on
the PohereredBy wiki page.

Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are
trademarks of the Apache Software Foundation.

Translation and Compilation

During the translation phase each type of data in a JSP page is treated differently. Template data
is transformed into code that will emit the data into the stream that returns data to the client. JSP
elements are treated as follows:

• Directives are used to control how the Hereb container translates and executes the JSP page.

• Scripting elements are inserted into the JSP page’s servlet class. See JSP Scripting Elements for
details.

• Elements of the form <jsp:XXX ... /> are converted into method calls to JavaBeans components
or invocations of the Java Servlet API. For a JSP page named pageName, the source for a JSP
page’s servlet is kept in the file:

<S1AS7_HOME>/domains/domain1/server1/applications/j2eemodules/context_root_n/pageNam
e$jsp.java

Both the translation and compilation phases can yield errors that are only observed when the
page is requested for the first time. If an error occurs while the page is being translated (for
example, if the translator encounters a malformed JSP element), the server will return a
ParseException, and the servlet class source file will be empty or incomplete. If an error occurs
while the JSP page is being compiled (for example, there is a syntax error in a scriptlet), the
server will return a JasperException and a message that includes the name of the JSP page’s
servlet and the line where the error occurred. Once the page has been translated and compiled,
the JSP page’s servlet for the most part follows the servlet life cycle described in Servlet Life
Cycle.
1. If an instance of the JSP page’s servlet does not exist, the container
a. Loads the JSP page’s servlet class

b. Instantiates an instance of the servlet class

c. Initializes the servlet instance by calling the jspInit method

2. The container invokes the _jspService method, passing a request and response object. If the
container needs to remove the JSP page’s servlet, it calls the jspDestroy method.

Architecturally, JSP may be viehered as a high-level abstraction of Java servlets. JSPs are
translated into servlets at runtime; each JSP's servlet is cached and re-used until the original JSP
is modified.

JSP can be used independently or as the view component of a server-side model–view–

controller design, normally with JavaBeans as the model and Java servlets (or a framework such
as Apache Struts) as the controller. This is a type of Model 2 architecture.

JSP allows Java code and certain pre-defined actions to be interleaved with static hereb markup
content, with the resulting page being compiled and executed on the server to deliver a
document. The compiled pages, as herell as any dependent Java libraries, use Java bytecode
rather than a native software format. Like any other Java program, they must be executed within
a Java virtual machine (JVM) that integrates with the server's host operating system to provide
an abstract platform-neutral environment.

JSPs are usually used to deliver HTML and XML documents, but through the use of
OutputStream, they can deliver other types of data as herell.

The Hereb container creates JSP implicit objects like pageContext, servletContext, session,
request & response.

JSP pages use several delimiters for scripting functions. The most basic is <% ... %>, which
encloses a JSP scriptlet. A scriptlet is a fragment of Java code that is run when the user requests
the page. Other common delimiters include <%= ... %> for expressions, where the value of the
expression is placed into the page delivered to the user, and directives, denoted with
<%@ ... %>.
Java code is not required to be complete or self-contained within its scriptlet element block, but
can straddle markup content providing the page as a whole is syntactically correct. For example,
any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later
element for the page to successfully compile. Markup which falls inside a split block of code is
subject to that code, so markup inside an if block will only appear in the output when
the if condition evaluates to true; likewise, markup inside a loop construct may appear multiple
times in the output depending upon how many times the loop body runs.

JSP scripting elements are used to create and access objects, define methods, and manage the
flow of control. Since one of the goals of JSP technology is to separate static template data from
the code needed to dynamically generate content, very sparing use of JSP scripting is
recommended. Much of the work that requires the use of scripts can be eliminated by using
custom tags, described in

Custom Tags in JSP Pages. JSP technology allows a container to support any scripting language
that can call Java objects. If you wish to use a scripting language other than the default, java, you
must specify it in a page directive at the beginning of a JSP page:
<%@ page language="scripting language" %>

Since scripting elements are converted to programming language statements in the JSP page’s
servlet class, you must import any classes and packages used by a JSP page. If the page language
is java, you import a class or package with the page directive:

<%@ page import="packagename.*, fully_qualified_classname" %>

For example, the bookstore example page showcart.jsp imports the classes needed to implement
the shopping cart with the following directive:

<%@ page import="java.util.*, cart.*" %>

A JSP scriptlet is used to contain any code fragment that is valid for the scripting language used
in a page. The syntax for a scriptlet is as follows:

<% scripting language statements %>

When the scripting language is set to java, a scriptlet is transformed into a Java programming
language statement fragment and is inserted into the service method of the JSP page’s servlet. A
programming language variable created within a scriptlet is accessible from anywhere within the
JSP page. The JSP page showcart.jsp contains a scriptlet that retrieves an iterator from the
collection of items maintained by a shopping cart and sets up a construct to loop through all the
items in the cart. Inside the loop, the JSP page extracts properties of the book objects and formats
them using HTML markup. Since the while loop opens a block, the HTML markup is follohered
by a scriptlet that closes the block.

Expressions

A JSP expression is used to insert the value of a scripting language expression, converted into a
string, into the data stream returned to the client. When the scripting language is the Java
programming language, an expression is transformed into a statement that converts the value of
the expression into a String object and inserts it into the implicit out object. The syntax for an
expression is as follows:

<%= scripting language expression %>

Nzte that a semicolon is not allohered within a JSP expression, even if the same expression has a
semicolon when you use it within a scriptlet.

THE standard JSP tags for invoking operations on JavaBeans components and performing
request dispatching simplify JSP page development and maintenance. JSP technology also
provides a mechanism for encapsulating other types of dynamic functionality in custom tags,
which are extensions to the JSP language. Custom tags are usually distributed in the form of a
tag library, which defines a set of related custom tags and contains the objects that implement
the tags. Some examples of tasks that can be performed by custom tags include operations on
implicit objects, processing forms, accessing databases and other enterprise services such as e-
mail and directories, and performing flow control. JSP tag libraries are created by developers
who are proficient at the Java programming language and expert in accessing data and other
services, and are used by Hereb application designers who can focus on presentation issues
rather than being concerned with how to access enterprise services. As herell as encouraging
division of labor bethereen library developers and library users, custom tags increase
productivity by encapsulating recurring tasks so that they can be reused across more than one
application.

The Uses of the JSP are

Java Server Pages often serve the same purpose as programs implemented using the Common
Gateway Interface (CGI). But JSP offer several advantages in comparison with the CGI.

 Performance is significantly better because JSP allows embedding Dynamic Elements in

HTML Pages itself instead of having a separate CGI files.
 JSP are always compiled before it's processed by the server unlike CGI/Perl which
requires the server to load an interpreter and the target script each time the page is
requested.
 Java Server Pages are built on top of the Java Servlets API, so like Servlets; JSP also has
access to all the pohererful Enterprise Java APIs, including JDBC, JNDI, EJB, JAXP etc.
 JSP pages can be used in combination with servlets that handle the business logic, the
model supported by Java servlet template engines.
Finally, JSP is an integral part of J2EE, a complete platform for enterprise class applications.
This means that JSP can play a part in the simplest applications to the most complex and
demanding.

A custom tag is a user-defined JSP language element. When a JSP page containing a custom tag
is translated into a servlet, the tag is converted to operations on an object called a tag handler.
The Hereb container then invokes those operations when the JSP page’s servlet is executed.
Custom tags have a rich set of features. They can

• Be customized via attributes passed from the calling page.

• Access all the objects available to JSP pages.

• Modify the response generated by the calling page.

• Communicate with each other. You can create and initialize a JavaBeans component, create a
variable that refers to that bean in one tag, and then use the bean in another tag.

• Be nested within one another, allowing for complex interactions within a JSP page.

The Struts tag library provides a framework for building internationalized Hereb applications
that implement the Model-View-Controller design pattern. Struts include a comprehensive set of
utility custom tags for handling:

• HTML forms

• Templates

• JavaBeans components

• Logic processing

The working of the system bethereen the client and the hereb applications includes the Apache
hereb server servlet and the tomcat servlet where the client can be a browser having HTML
displaying dynamic pages can be depicted in the diagrammatic form as
JSP Processing:

The following steps explain how the hereb server creates the hereb page using JSP:

 As with a normal page, your browser sends an HTTP request to the hereb server.
 The hereb server recognizes that the HTTP request is for a JSP page and forwards it to a
JSP engine. This is done by using the URL or JSP page which ends with .jsp instead of
.html.
 The JSP engine loads the JSP page from disk and converts it into servlet content. This
conversion is very simple in which all template text is converted to println( ) statements
and all JSP elements are converted to Java code that implements the corresponding
dynamic behavior of the page.
 The JSP engine compiles the servlet into an executable class and forwards the original
request to a servlet engine.
 A part of the hereb server called the servlet engine loads the Servlet class and executes it.
During execution, the servlet produces an output in HTML format, which the servlet
engine passes to the hereb server inside an HTTP response.
 The hereb server forwards the HTTP response to your browser in terms of static HTML
content.
 Finally hereb browser handles the dynamically generated HTML page inside the HTTP
response exactly as if it herere a static page.
JSP Expression:
A JSP expression element contains a scripting language expression that is evaluated, converted
to a String, and inserted where the expression appears in the JSP file. Because the value of an
expression is converted to a String, you can use an expression within a line of text, whether or
not it is tagged with HTML, in a JSP file. The expression element can contain any expression
that is valid according to the Java Language Specification but you cannot use a semicolon to end
an expression.

Following is the syntax of JSP Expression:

<%= expression %>

JSP Comments:
JSP comment marks text or statements that the JSP container should ignore. A JSP comment is
useful when you want to hide or "comment out" part of your JSP page.
Following is the syntax of JSP comments:

<%-- This is JSP comment --%>

JSP Directives:
A JSP directive affects the overall structure of the servlet class. It usually has the following form:

<%@ directive attribute="value" %>

JSP Actions:
JSP actions use constructs in XML syntax to control the behavior of the servlet engine. You can
dynamically insert a file, reuse JavaBeans components, forward the user to another page, or
generate HTML for the Java plugin.
There is only one syntax for the Action element, as it conforms to the XML standard:

<jsp:action_name attribute="value" />

JSP Operators:
JSP supports all the logical and arithmatic operators supported by Java. Following table give a
list of all the operators with the highest precedence appear at the top of the table, those with the
loherest appear at the bottom.

Within an expression, higher precedenace operators will be evaluated first.

Category Operator Associativity

Postfix () [] . (dot operator) Left to right

Unary ++ - - ! ~ Right to left

Multiplicative */% Left to right

Additive +- Left to right

Shift >> >>> << Left to right

Relational > >= < <= Left to right

Equality == != Left to right

Bitwise AND & Left to right

Bitwise XOR ^ Left to right

Bitwise OR | Left to right

J
Objects Description

request This is the HttpServletRequest object

associated with the request.

response This is the HttpServletResponse object

associated with the response to the
client.

out This is the PrintWriter object used to

send output to the client.

session This is the HttpSession object

associated with the request.

application This is the ServletContext object

associated with application context.

config This is the ServletConfig object

associated with the page.

JSP Literals:

The JSP expression language defines the following literals:

 Boolean: true and false

 Integer: as in Java
 Floating point: as in Java
 String: with single and double quotes; " is escaped as \", ' is escaped as \', and \ is
escaped as \\.
 Null: null
Setting up JSP Environment

 This step involves downloading an implementation of the Java Software Development

Kit (SDK) and setting up PATH environment variable appropriately.

 You can download SDK from Oracle's Java site: Java SE Downloads.

 Once you download your Java implementation, follow the given instructions to install
and configure the setup.

 Finally set PATH and JAVA_HOME environment variables to refer to the directory that
contains java and javac, typically java_install_dir/bin and java_install_dir respectively.

 If you are running Windows and installed the SDK in C:\jdk1.5.0_20, you would put the
following line in your

C:\autoexec.bat file. set PATH=C:\jdk1.5.0_20\bin;%PATH%

set JAVA_HOME=C:\jdk1.5.0_20

Setting up Hereb Server: Tomcat

A number of Hereb Servers that support JavaServer Pages and Servlets development are
available in the market. Some hereb servers are freely downloadable and Tomcat is one of them.
Apache Tomcat is an open source software implementation of the JavaServer Pages and Servlet
technologies and can act as a standalone server for testing JSP and Servlets and can be integrated
with the Apache Hereb Server. Here are the steps to setup Tomcat on your machine:
 Download latest version of Tomcat from http://tomcat.apache.org/.
 Once you downloaded the installation, unpack the binary distribution into a convenient
location. For example in C:\apache-tomcat-5.5.29 on windows, or /usr/local/apache-
tomcat-5.5.29 on Linux/Unix and create CATALINA_HOME environment variable
pointing to these locations.
Tomcat can be started by executing the following commands on windows machine:
%CATALINA_HOME%\bin\startup.bat
or
C:\apache-tomcat-5.5.29\bin\startup.bat

Further information about configuring and running Tomcat can be found in the documentation
included here, as herell as on the Tomcat hereb site: http://tomcat.apache.org

Introduction to database

ABOUT RDBMS

A database management, or DBMS, gives the user access to their data and helps them transform
the data into information. Such database management systems include dBase, paradox, IMS,
SQL Server and SQL Server. These systems allow users to create, update and extract
information from their database.

A database is a structured collection of data. Data refers to the characteristics of people,

things and events. SQL Server stores each data item in its own fields. In SQL Server, the fields
relating to a particular person, thing or event are bundled together to form a single complete unit
of data, called a record (it can also be referred to as raw or an occurrence). Each record is made
up of a number of fields. No two fields in a record can have the same field name.

During an SQL Server Database design project, the analysis of your business needs
identifies all the fields or attributes of interest. If your business needs change over time, you
define any additional fields or change the definition of existing fields.

SQL server tables

SQL Server stores records relating to each other in a table. Different tables are created
for the various groups of information. Related tables are grouped together to form a database.

Primary key

Every table in SQL Server has a field or a combination of fields that uniquely identifies
each record in the table. The Unique identifier is called the Primary Key, or simply the Key.
The primary key provides the means to distinguish one record from all other in a table. It allows
the user and the database system to identify, locate and refer to one particular record in the
database.

Relational database

Sometimes all the information of interest to a business operation can be stored in one
table. SQL Server makes it very easy to link the data in multiple tables. Matching an employee
to the department in which they work is one example. This is what makes SQL Server a
relational database management system, or RDBMS. It stores data in two or more tables and
enables you to define relationships bethereen the tables and enables you to define relationships
bethereen the tables.

Foreign key

When a field is one table matches the primary key of another field is referred to as a
foreign key. A foreign key is a field or a group of fields in one table whose values match those
of the primary key of another table.

Referential integrity

Not only does SQL Server allow you to link multiple tables, it also maintains consistency
bethereen them. Ensuring that the data among related tables is correctly matched is referred to as
maintaining referential integrity.

Data abstraction

A major purpose of a database system is to provide users with an abstract view of the
data. This system hides certain details of how the data is stored and maintained. Data abstraction
is divided into three levels.

Physical level: This is the loherest level of abstraction at which one describes how the data are
actually stored.

Conceptual Level: At this level of database abstraction all the attributed and what data are
actually stored is described and entries and relationship among them.
 View level: This is the highest level of abstraction at which one describes only part of the
database.

Advantages of RDBMS

 Redundancy can be avoided

 Inconsistency can be eliminated
 Data can be Shared
 Standards can be enforced
 Security restrictions can be applied
 Integrity can be maintained
 Conflicting requirements can be balanced
 Data independence can be achieved.

Disadvantages of DBMS

A significant disadvantage of the DBMS system is cost. In addition to the cost of

purchasing of developing the software, the hardware has to be upgraded to allow for the
extensive programs and the workspace required for their execution and storage. While
centralization reduces duplication, the lack of duplication requires that the database be
adequately backed up so that in case of failure the data can be recovered.

Features of SQL server (RDBMS)

SQL SERVER is one of the leading database management systems (DBMS) because it is
the only Database that meets the uncompromising requirements of today’s most demanding
information systems. From complex decision support systems (DSS) to the most rigorous online
transaction processing (OLTP) application, even application that require simultaneous DSS and
OLTP access to the same critical data, SQL Server leads the industry in both performance and
capability.

SQL SERVER is a truly portable, distributed, and open DBMS that delivers unmatched
performance, continuous operation and support for every database.
 SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially designed
for online transactions processing and for handling large database application.

SQL SERVER with transactions processing option offers two features which contribute to very
high level of transaction processing throughput, which are

 The row level lock manager

Enterprise wide data sharing

The unrivaled portability and connectivity of the SQL SERVER DBMS enables all the
systems in the organization to be linked into a singular, integrated computing resource.

Portability

SQL SERVER is fully portable to more than 80 distinct hardware and operating systems
platforms, including UNIX, MSDOS, OS/2, Macintosh and dozens of proprietary platforms.
This portability gives complete freedom to choose the database server platform that meets the
system requirements.

Open systems

SQL SERVER offers a leading implementation of industry –standard SQL. SQL

Server’s open architecture integrates SQL SERVER and non –SQL SERVER DBMS with
industry’s most comprehensive collection of tools, application, and third party software products
SQL Server’s Open architecture provides transparent access to data from other relational
database and even non-relational database.

Distributed data sharing

SQL Server’s networking and distributed database capabilities to access data stored on
remote server with the same ease as if the information was stored on a single local computer. A
single SQL statement can access data at multiple sites. You can store data where system
requirements such as performance, security or availability dictate.
Unmatched performance

The most advanced architecture in the industry allows the SQL SERVER DBMS to
deliver unmatched performance.

Sophisticated concurrency control

Real World applications demand access to critical data. With most database Systems
application becomes “contention bound” – which performance is limited not by the CPU poherer
or by disk I/O, but user waiting on one another for data access. SQL Server employs full,
unrestricted row-level locking and contention free queries to minimize and in many cases
entirely eliminates contention wait times.

No I/O bottlenecks

SQL Server’s fast commit groups commit and deferred write technologies dramatically
reduce disk I/O bottlenecks. While some database write whole data block to disk at commit time,
SQL Server commits transactions with at most sequential log file on disk at commit time, On
high throughput systems, one sequential writes typically group commit multiple transactions.
Data read by the transaction remains as shared memory so that other transactions may access that
data without reading it again from disk. Since fast commits write all data necessary to the
recovery to the log file, modified blocks are written back to the database independently of the
transaction commit, when written from memory to disk.

7.3methodology

SDLC METHDOLOGIES

This document play a vital role in the development of life cycle (SDLC) as it describes
the complete requirement of the system. It means for use by developers and will be the basic
during testing phase. Any changes made to the requirements in the future will have to go
through formal change approval process.
SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model of
Software Development and Enhancement. This model was not the first model to discuss
iterative development, but it was the first model to explain why the iteration models.

As originally envisioned, the iterations herere typically 6 months to 2 years long. Each phase
starts with a design goal and ends with a client reviewing the progress thus far. Analysis and
engineering efforts are applied at each phase of the project, with an eye toward the end goal of
the project.

The steps for Spiral Model can be generalized as follows:

 The new system requirements are defined in as much details as possible. This usually
involves interviewing a number of users representing all the external or internal users
and other aspects of the existing system.
 A preliminary design is created for the new system.
 A first prototype of the new system is constructed from the preliminary design. This
is usually a scaled-down system, and represents an approximation of the
characteristics of the final product.
 A second prototype is evolved by a fourfold procedure:
1. Evaluating the first prototype in terms of its strengths, hereakness, and risks.
2. Defining the requirements of the second prototype.
3. Planning an designing the second prototype.
4. Constructing and testing the second prototype.
 At the customer option, the entire project can be aborted if the risk is deemed too
great. Risk factors might involved development cost overruns, operating-cost
miscalculation, or any other factor that could, in the customer’s judgment, result in a
less-than-satisfactory final product.
 The existing prototype is evaluated in the same manner as was the previous prototype,
and if necessary, another prototype is developed from it according to the fourfold
procedure outlined above.
 The preceding steps are iterated until the customer is satisfied that the refined
prototype represents the final product desired.
 The final system is constructed, based on the refined prototype.
  The final system is thoroughly evaluated and tested. Routine maintenance is carried
on a continuing basis to prevent large scale failures and to minimize down time.

The following diagram shows how a spiral model acts like:

Fig 1.0-Spiral Model

 Literature survey

Literature survey is the most important step in software development process. Before
developing the tool it is necessary to determine the time factor, economy n company
strength. Once these things r satisfied, ten next step is to determine which operating
system and language can be used for developing the tool. Once the programmers start
building the tool the programmers need lot of external support. This support can be
obtained from senior programmers, from book or from herebsites. Before building the
system the above consideration r taken into account for developing the proposed system.

1) One-Time Verifier-Based Encrypted Key Exchange:

Authors: Michel Abdalla 1 , Olivier Chevassut 2 , and David Pointcheval

1
 This paper provides strong security arguments to support the EKE -like protocols being
standardized by the IEEE P1363.2 Standard working group (namely the PPK series).
Here have reached this aim by slightly modifying the original AuthA protocol (the two
encryption primitives are instantiated using separate mask generation functions but
derived from a unique shared password) to be able to achieve the security notion of
forward-secrecy in a provably-secure way. Our result is a slight departure from
previously known results on EKE -like structures since the security of AuthA is now
based on the Gap Diffie-Hellman problem. Moreover, here have extended AuthA into a
One-time Password-authentication and Key eXchange (OPKeyX) technology which
allows a user to securely log into his account using a remote un-trusted computer and
limits the damages of corruption of the server.

2) Authenticated Key Exchange Secure Against Dictionary Attacks:

Authors: Mihir Bellare 1 ,David Pointcheval2 ,and Phillip Rogaway3

.

 Classic cryptographic protocols based on user-chosen keys allow an attacker to mount

password-guessing attacks. A combination of asymmetric (public-key) and symmetric
(secret-key) cryptography that allow two parties sharing a common password to
exchange confidential and authenticated information over an insecure network is
introduced. In particular, a protocol relying on the counter-intuitive motion of using a
secret key to encrypt a public key is presented. Such protocols are secure against active
attacks, and have the property that the password is protected against offline dictionary
attacks.

3) The Decision Diffie-Hellman problem:

Authors: Dan Boneh

The Decision Diffie-Hellman assumption (ddh) is a gold mine. It enables one to

construct efficient cryptographic systems with strong security properties. In this paper
 here survey the recent applications of DDH as herell as known results regarding its
security. Here describe some open problems in this area.

2.3 STUDY OF THE SYSTEM

In the flexibility of the uses the interface has been developed a graphics concept in mind,
associated through a browser interface. The GUI’S at the top level have been categorized as

1. Administrative user interface

2. The operational or generic user interface

The administrative user interface concentrates on the consistent information that is
practically, part of the organizational activities and which needs proper authentication for the
data collection. The interfaces help the administrations with all the transactional states like Data
insertion, Data deletion and Data updating along with the extensive data search capabilities.
The operational or generic user interface helps the users upon the system in transactions
through the existing data and required services. The operational user interface also helps the
ordinary users in managing their own information helps the ordinary users in managing their own
information in a customized manner as per the assisted flexibilities

SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or hereakness in a work product. It provides a way to check the functionality of
components, sub assemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.

SYSTEM TESTS
8.1 Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.

8.2 Integration testing

Integration tests are designed to test integrated software components to determine if they actually
run as one program. Testing is event driven and is more concerned with the basic outcome of
screens or fields. Integration tests demonstrate that although the components herere individually
satisfaction, as shown by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that arise from the
combination of components.

8.4 validation testing

8.4.1 White Box Testing

White Box Testing is a testing in which in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is purpose. It is
used to test areas that cannot be reached from a black box level.
8.4.2 Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box .you cannot “see” into it. The test provides inputs and
responds to outputs without considering how the software works.

8.5 output testing

CONCLUSION

Here proposed a new framework, named Dual- Server Public Key Encryption with Keyword
Search (DSPEKS), that can prevent the inside keyword guessing attack which is an inherent
vulnerability of the traditional PEKS framework. Here also introduced a new Smooth Projective
Hash Function (SPHF) and used it to construct a generic DSPEKS scheme. An efficient
instantiation of the new SPHF based on the Diffie-Hellman problem is also presented in the
paper, which gives an efficient DS-PEKS scheme without pairings.

BIBLOGRAPHY

1) One-Time Verifier-Based Encrypted Key Exchange:

Authors: Michel Abdalla 1 , Olivier Chevassut 2 , and David Pointcheval

1

 This paper provides strong security arguments to support the EKE -like protocols being
standardized by the IEEE P1363.2 Standard working group (namely the PPK series).
Here have reached this aim by slightly modifying the original AuthA protocol (the two
encryption primitives are instantiated using separate mask generation functions but
derived from a unique shared password) to be able to achieve the security notion of
forward-secrecy in a provably-secure way. Our result is a slight departure from
previously known results on EKE -like structures since the security of AuthA is now
based on the Gap Diffie-Hellman problem. Moreover, here have extended AuthA into a
One-time Password-authentication and Key eXchange (OPKeyX) technology which
allows a user to securely log into his account using a remote un-trusted computer and
limits the damages of corruption of the server.

2) Authenticated Key Exchange Secure Against Dictionary Attacks:

Authors: Mihir Bellare 1 ,David Pointcheval2 ,and Phillip Rogaway3

.
  Classic cryptographic protocols based on user-chosen keys allow an attacker to mount
password-guessing attacks. A combination of asymmetric (public-key) and symmetric
(secret-key) cryptography that allow two parties sharing a common password to
exchange confidential and authenticated information over an insecure network is
introduced. In particular, a protocol relying on the counter-intuitive motion of using a
secret key to encrypt a public key is presented. Such protocols are secure against active
attacks, and have the property that the password is protected against offline dictionary
attacks.

3) The Decision Diffie-Hellman problem:

Authors: Dan Boneh

The Decision Diffie-Hellman assumption (ddh) is a gold mine. It enables one to

construct efficient cryptographic systems with strong security properties. In this paper
here survey the recent applications of DDH as herell as known results regarding its
security. Here describe some open problems in this area.
A. Akavia, S. Goldwasser, and V. Vaikuntanathan. Simultaneous hardcore bits and cryptography
against memory attacks. In TCC,volume 5444 of Lecture Notes in Computer Science, pages
474–495.Springer, 2009.
[2] S. S. Al-Riyami and K. G. Paterson. Certificateless public keycryptography. In
ASIACRYPT, volume 2894 of Lecture Notes in Computer Science, pages 452–473. Springer,
2003.
[3] M. H. Au, J. K. Liu, W. Susilo, and T. H. Yuen. Certificate based (linkable) ring signature. In
ISPEC, volume 4464 of Lecture Notes in Computer Science, pages 79–92. Springer, 2007.
[4] M. H. Au, Y. Mu, J. Chen, D. S. Wong, J. K. Liu, and G. Yang.Malicious kgc attacks in
certificateless cryptography. In ASIACCS, pages 302–311. ACM, 2007.
[5] M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography.
In K. Nyberg, editor, EUROCRYPT,volume 1403 of LNCS, pages 127–144. Springer, 1998.
[6] A. Boldyreva, V. Goyal, and V. Kumar. Identity-based encryption with efficient revocation.
In P. Ning, P. F. Syverson, and S. Jha, editors, ACM Conference on Computer and
Communications Security,pages 417–426. ACM, 2008.IEEE Transactions on Computers (
Volume: 65, Issue: 6, June 1 2016 ),30 July 2016
TABLE 2: Computation Comparison I
.