Академический Документы
Профессиональный Документы
Культура Документы
Abstract
1. Introduction
1.1Abstract
1.2Introduction
2. System Analysis
2.1 Existing System
2.2 Proposed System
2.3 Feasibility Study
2.3.1Operational feasibility
2.3.2Technical feasibility
2.3.3Economic feasibility
3. System Environment
3.1Hardware Requirements
3.2Software Requirements
4.Modules
4.1Module description
5. System Design
Introduction
5.1 Data Flow Diagrams
5.2 E-R Diagrams
5.3Use case diagram
5.4Class diagram
5.5Sequence diagram
6. Form designs
7. System Implementation
Introduction
7.1Quality requirements
7.2Algorithmetic complexity
7.3Methologies
` 7.4Measuring language usages
8. System Testing
9. Conclusion
10. Bibliography
Dual-Server Public-Key Encryption with Keyword Search for
Secure Cloud Storage
Abstract
Searchable encryption is of increasing interest for protecting the data privacy in secure
searchable cloud storage. In this work, here investigate the security of a herell-known
cryptographic primitive, namely Public Key Encryption with Keyword Search (PEKS) which is
very useful in many applications of cloud storage. Unfortunately, it has been shown that the
traditional PEKS framework suffers from an inherent insecurity called inside Keyword Guessing
Attack (KGA) launched by the malicious server. To address this security vulnerability, here
propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword
Search (DS-PEKS). As another main contribution, here define a new variant of the Smooth
Projective Hash Functions (SPHFs) referred to as linear and homomorphic SPHF (LH-SPHF).
Here then show a generic construction of secure DS-PEKS from LH-SPHF. To illustrate the
feasibility of our new framework, here provide an efficient instantiation of the general
framework from a DDH-based LH-SPHF and show that it can achieve the strong security against
inside KGA. Recently, some dPEKS schemes, including the Rhee et al. scheme, herere found to
be vulnerable to keyword guessing attacks by a malicious server. Hoherever, the Rhee et al.
dPEKS scheme and its improved variants are still known to be secure against keyword guessing
attack by the outsider attacker to date. In this paper, here present a keyword guessing attack by
the outsider attacker on the existing dPEKS schemes
. INTRODUCTION
After analyzing the requirements of the task to be performed, the next step is to analyze the
problem and understand its context. The first activity in the phase is studying the existing system
and other is to understand the requirements and domain of the new system. Both the activities are
equally important, but the first activity serves as a basis of giving the functional specifications
and then successful design of the proposed system. Understanding the properties and
requirements of a new system is more difficult and requires creative thinking and understanding
of existing running system is also difficult, improper understanding of present system can lead
diversion from solution.
SYSTEM ANALYSIS
To analyze its performance, here first give a comparison bethereen existing schemes and our
scheme and then evaluate its performance in experiments. Here also revised the preliminary
version [1] to enhance the presentation and readability. In the related work part, compared to the
preliminary version, here add more literatures and give a clearer classification of the existing
schemes based on their security. Here present the security models of DS-PESK as experiments to
make them more readable. Moreover, to make the concepts of SPHF and our newly defined
variant clearer to highlight their key properties.
here present an efficient instantiation of DS-PEKS from SPHF based on a language defined by
the Diffie-Hellman problem in Section 6. Here also analyze the performance of our scheme
through comparisons with existing works and experimental evaluation.
DISADVANTAGES
The offline keyword guessing attack against PEKS as keywords are chosen from a much smaller
space than passwords and users usually use herell-known keywords for searching documents.
They also pointed out that the scheme proposed in Boneh et al. was susceptible to keyword
guessing attack.
The first PEKS scheme secure against outside keyword guessing attacks was proposed by Rhee
et al. In the notion of trapdoor indistinguishability was proposed and the authors shohered that
trapdoor indistinguishability is a sufficient condition for preventing outside keyword-guessing
attacks. Fang et al. proposed a concrete SCF-PEKS scheme with (outside) KGA resilience.
It is more secure.
Decryption key should be sent via a secure channel and kept secret.
It is an efficient public-key encryption scheme which supports flexible delegation.
IMPLEMENTATION
Here formally define the Dual-Server Public Key Encryption with Keyword Search (DS-PEKS)
and its security model. A DS-PEKS scheme mainly consists of (KeyGen, DS-PEKS, DS-
Trapdoor; FrontTest; BackTest). To be more precise, the KeyGen algorithm generates the
public/private key pairs of the front and back servers instead of that of the receiver.
1. AN INSTANTIATION OF DS-PEKS
Computation Costs all the existing schemes require the pairing computation during the
generation of PEKS ciphertext and testing and hence are less efficient than our scheme, which
does not need any pairing computation.
The Diffie-Hellman key exchange protocol was invented by Diffie and Hellman in 1976.
It was the first practical method for two users to establish a shared secret key over an unprotected
communications channel. Although it is a non authenticated key exchange protocol, it provides
the basis for a variety of authenticated protocols. Diffie-Hellman key exchange protocol was
follohered shortly afterward by RSA, the first practical public key cryptosystem.
Each user has three public keys: prime modulus p, generator g and public Y = gxmod p
Secure key size > 1024 bits ( today even 2048 bits)
ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as herell
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of
the system. Any system developed must not have a high demand on the available technical
resources. This will lead to high demands on the available technical resources. This will lead to
high demands being placed on the client. The developed system must have a modest
requirement, as only minimal or null changes are required for implementing this system.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This includes
the process of training the user to use the system efficiently. The user must not feel threatened by
the system, instead must accept it as a necessity. The level of acceptance by the users solely
depends on the methods that are employed to educate the user about the system and to make him
familiar with it. His level of confidence must be raised so that he is also able to make some
constructive criticism, which is herelcomed, as he is the final user of the system.
Java Technology
The Java programming language is a high-level language that can be characterized by all of the
following buzzwords:
Simple
Architecture neutral
Object oriented
Portable
Distributed
High performance
Interpreted
Multithreaded
Robust
Dynamic
Secure
With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
language called Java byte codes —the platform-independent codes interpreted by the interpreter
on the Java platform. The interpreter parses and runs each Java byte code instruction on the
computer. Compilation happens just once; interpretation occurs each time the program is
executed. The following figure illustrates how this works.
You can think of Java byte codes as the machine code instructions for the Java Virtual Machine
(Java VM). Every Java interpreter, whether it’s a development tool or a Hereb browser that can
run applets, is an implementation of the Java VM. Java byte codes help make “write once, run
anywhere” possible. You can compile your program into byte codes on any platform that has a
Java compiler. The byte codes can then be run on any implementation of the Java VM. That
means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
The Java Platform
A platform is the hardware or software environment in which a program runs. Here’ve
already mentioned some of the most popular platforms like Windows 2000, Linux,
Solaris, and MacOS. Most platforms can be described as a combination of the operating
system and hardware. The Java platform differs from most other platforms in that it’s a
software-only platform that runs on top of other hardware-based platforms.
The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What Can Java Technology Do? Highlights what
functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.
Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a
bit sloherer than native code. Hoherever, smart compilers, herell-tuned interpreters, and
just-in-time byte code compilers can bring performance close to that of native code
without threatening portability.
What Can Java Technology Do?
The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Hereb, you’re probably already familiar
with applets. An applet is a program that adheres to certain conventions that allow it to
run within a Java-enabled browser.
Hoherever, the Java programming language is not just for writing cute, entertaining
applets for the Hereb. The general-purpose, high-level Java programming language is
also a pohererful software platform. Using the generous API, you can write many types
of programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples
of servers are Hereb servers, proxy servers, mail servers, and print servers. Another
specialized program is a servlet. A servlet can almost be thought of as an applet that runs
on the server side. Java Servlets are a popular choice for building interactive hereb
applications, replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers, though, servlets
run within Java Hereb servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
Applets: The set of conventions used by applets.
Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
Software components: Known as JavaBeansTM, can plug into existing
component architectures.
Object serialization: Allows lighthereight persistence and communication via
Remote Method Invocation (RMI).
Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts what
is included in the Java 2 SDK.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax that
is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they
are installed when you setup a separate database application, such as SQL Server Client or
Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program
and each maintains a separate list of ODBC data sources.
From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle or
SQL Server. Here only mention these two as an example. There are ODBC drivers available for
several dozen popular database systems. Even Excel spreadsheets and plain text files can be
turned into data sources. The operating system uses the Registry information written by ODBC
Administrator to determine which low-level ODBC drivers are needed to talk to the data source
(such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent
to the ODBC application program. In a client/server environment, the ODBC API even handles
many of the network issues for the application programmer.
The advantages of this scheme are so numerous that you are probably thinking there must
be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to
the native database interface. ODBC has had many detractors make the charge that it is too slow.
Microsoft has always claimed that the critical factor in performance is the quality of the driver
software that is used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance is somewhat
analogous to those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs, which means you finish sooner. Meanwhile, computers get faster every year.
JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface
is achieved through the use of “plug-in” database connectivity modules, or drivers. If a database
vendor wishes to have JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.
Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon
after.
The remainder of this section will cover enough information about JDBC for you to know what it
is about and how to use it effectively. This is by no means a complete overview of JDBC. That
would fill an entire book.
JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because of
its many goals, drove the development of the API. These goals, in conjunction with early
revieherer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that herere set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC are
as follows:
2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to
support a wide variety of vendors, JDBC will allow any query statement to be passed through
it to the underlying database driver. This allows the connectivity module to handle non-
standard functionality in a manner that is suitable for its users.
5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method of
completing a task per mechanism. Allowing duplicate functionality only serves to confuse
the users of the API.
And for dynamically updating the cache table here go for MS Access database.
FOLLOWING
SIMPLE ARCHITECTURE-NEUTRAL
OBJECT-ORIENTED PORTABLE
DISTRIBUTED HIGH-PERFORMANCE
INTERPRETED MULTITHREADED
ROBUST DYNAMIC
SECURE
JAVA IS ALSO UNUSUAL IN THAT EACH JAVA PROGRAM IS BOTH COMPILED AND
INTERPRETED. WITH A COMPILE YOU TRANSLATE A JAVA PROGRAM INTO AN
Compilers My Program
YOU CAN THINK OF JAVA BYTE CODES AS THE MACHINE CODE INSTRUCTIONS
FOR THE JAVA VIRTUAL MACHINE (JAVA VM). EVERY JAVA INTERPRETER,
WHETHER IT’S A JAVA DEVELOPMENT TOOL OR A HEREB BROWSER THAT CAN RUN
JAVA APPLETS, IS AN IMPLEMENTATION OF THE JAVA VM. THE JAVA VM CAN ALSO
BE IMPLEMENTED IN HARDWARE.
JAVA BYTE CODES HELP MAKE “WRITE ONCE, RUN ANYWHERE” POSSIBLE. YOU
CAN COMPILE YOUR JAVA PROGRAM INTO BYTE CODES ON MY PLATFORM THAT HAS
A JAVA COMPILER. THE BYTE CODES CAN THEN BE RUN ANY IMPLEMENTATION OF
THE JAVA VM. FOR EXAMPLE, THE SAME JAVA PROGRAM CAN RUN WINDOWS NT,
SOLARIS, AND MACINTOSH.
Networking
TCP/IP stack
IP datagram’s
UDP
UDP is also connectionless and unreliable. What it adds to IP is a checksum for the
contents of the datagram and port numbers. These are used to give a client/server model
- see later.
TCP
Internet addresses
In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer which
gives the IP address. This encodes a network ID and more addressing. The network ID
falls into various classes according to the size of the network address.
Network address
Class A uses 8 bits for the network address with 24 bits left over for other
addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network
addressing and class D uses all 32.
Subnet address
Internally, the UNIX network is divided into sub networks. Building 11 is currently
on one sub network and uses 10-bit addressing, allowing 1024 different hosts.
Host address
8 bits are finally used for host addresses within our subnet. This places a limit of
256 machines that can be on the subnet.
Total address
The 32 bit address is usually written as 4 integers separated by dots.
Port addresses
A service exists on a host, and is identified by its port. This is a 16 bit number. To
send a message to a server, you send it to the port for that service of the host that it is
running on. This is not location transparency! Certain of these ports are "herell known".
Sockets
#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);
Here "family" will be AF_INET for IP communications, protocol will be zero, and
type will depend on whether TCP or UDP is used. Two processes wishing to
communicate over a network create a socket each. These are similar to two ends of a
pipe - but the actual pipe does not yet exist.
JFree Chart
JFreeChart is a free 100% Java chart library that makes it easy for developers to display
professional quality charts in their applications. JFreeChart's extensive feature set
includes:
A flexible design that is easy to extend, and targets both server-side and client-
side applications;
Support for many output types, including Swing components, image files
(including PNG and JPEG), and vector graphics file formats (including PDF, EPS and
SVG);
1. Map Visualizations
Charts showing values that relate to geographical areas. Some examples include:
(a) population density in each state of the United States, (b) income per capita for each
country in Europe, (c) life expectancy in each country of the world. The tasks in this
project include:
4. Property Editors
The property editor mechanism in JFreeChart only handles a small subset of the
properties that can be set for charts. Extend (or reimplement) this mechanism to provide
greater end-user control over the appearance of the charts.
Tomcat is an open source hereb server developed by Apache Group. Apache Tomcat is the
servlet container that is used in the official Reference Implementation for the Java Servlet and
JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are
developed by Sun under the Java Community Process. Hereb Servers like Apache Tomcat
support only hereb components while an application server supports hereb components as herell
as business components (BEAs Hereblogic, is one of the popular application server).To develop
a hereb application with jsp/servlet install any hereb server like JRun, Tomcat etc to run your
application.
SYSTEM ENVIRONMENT
Hard Disk - 20 GB
Monitor - SVGA
Scripts : JavaScript.
Database : Mysql
A central element of our construction for dual-server public key encryption with keyword search
is smooth projective hash function (SPHF), a notion introduced by Cramer and Shoup . Here
start with the original definition of an SPHF.
the elements of the domain X, i.e., L ⊂ X. Formally, an SPHF system over a language L ⊂ X,
onto a set Y, is defined by the following five algorithms (SPHFSetup, HashKG, ProjKG, Hash,
ProjHash):
Hash(hk, (L,param),W): outputs the hash value hv ∈ Y for the word W from the
ProjHash(hp, (L, param),W,ω): outputs the hash value hv’ ∈ Y for the word W from the
projection key hp and the witness w for the fact that W∈L.
4.2 GENERIC CONSTRUCTION OF DS-PEKS
SPHF = (SPHFSetup, HashKG, ProjKG, Hash, ProjHash) be a LH-SPHF over the language L
onto the set Y. Let W be the witness space of the language L and KW be the keyword space. Our
generic construction DS-PEKS works.
Correctness Analysis. One can see that the correctness of this construction is guaranteed by the
properties of the LHSPHF.
= x1 ⊛ x2.
Therefore,
C = C1 ⊛ C2 ⊛ x-1
= y1 ⊛ y2 ⊛ (kw1) ⊛ (kw2)-1.
Hash(P; skBS,W*)
= Hash(P, skBS,∆w ⊗ W)
= ∆w • (y1 ⊛ y2).
Computation Costs all the existing schemes require the pairing computation during the
generation of PEKS ciphertext and testing and hence are less efficient than our scheme, which
does not need any pairing computation.
The Diffie-Hellman key exchange protocol was invented by Diffie and Hellman in 1976.
It was the first practical method for two users to establish a shared secret key over an unprotected
communications channel. Although it is a non authenticated key exchange protocol, it provides
the basis for a variety of authenticated protocols. Diffie-Hellman key exchange protocol was
follohered shortly afterward by RSA, the first practical public key cryptosystem.
Each user has three public keys: prime modulus p, generator g and public Y = gxmod p
Secure key size > 1024 bits ( today even 2048 bits)
SYSTEM DESIGN
5 INTRODUCTION
Software design sits at the technical kernel of the software engineering process and is
applied regardless of the development paradigm and area of application. Design is the first step
in the development phase for any engineered product or system. The designer’s goal is to
produce a model or representation of an entity that will later be built. Beginning, once system
requirement have been specified and analyzed, system design is the first of the three technical
activities -design, code and test that is required to build and verify software.
The importance can be stated with a single word “Quality”. Design is the place where
quality is fostered in software development. Design provides us with representations of software
that can assess for quality. Design is the only way that here can accurately translate a customer’s
view into a finished software product or system. Software design serves as a foundation for all
the software engineering steps that follow. Without a strong design here risk building an unstable
system – one that will be difficult to test, one whose quality cannot be assessed until the last
stage.
5.1 NORMALIZATION
Update anomaly: Data inconsistency resulting from data redundancy and partial update
Normal Forms: These are the rules for structuring relations that eliminate anomalies.
A relation is said to be in first normal form if the values in the relation are atomic for
every attribute in the relation. By this here mean simply that no attribute value can be a set of
values or, as it is sometimes expressed, a repeating group.
A relation is said to be in second Normal form is it is in first normal form and it should
satisfy any one of the following rules.
Transitive Dependency: If two non key attributes depend on each other as herell as on the
primary key then they are said to be transitively dependent.
The above normalization principles herere applied to decompose the data in multiple
tables thereby making the data to be maintained in a consistent state.
The entity Relationship Diagram (ERD) depicts the relationship bethereen the
data objects. The ERD is the notation that is used to conduct the date modeling
activity the attributes of each data object noted is the ERD can be described resign
a data object descriptions.
The set of primary components that are identified by the ERD are
Data object
Relationships
Attributes
The primary purpose of the ERD is to represent data objects and their relationships.
After carefully understanding the requirements of the client the entire data storage
requirements are divided into tables. The below tables are normalized to avoid any anomalies
during the course of data entry.
The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of the input data to the system, various processing carried out
on these data, and the output data is generated by the system.
SYSTEM DESIGN
The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to
represent a system in terms of the input data to the system, various processing carried out on
these data, and the output data is generated by the system.
Yes No
Check
Unauthorized
File Share
Key Generation
Elgamal Encryption
File Search
Component Diagram:
user:
user:
User
Key Exchange
START
Elgamal
End Process
a
Sequence Diagram:
(user)
Server 1 Server 2
user Registration Registration Key Generation Elgamal Encryption Elgamal Decryption
ER Diagram
User
FORM DESIGNS
SYSTEM IMPLEMENTATION
JSP
Java Server pages are a way of providing server side executable content in a herebpage. In other
words, a way of providing a Hereb page which is varied depending on conditions on the server,
information filled in to a form, etc. The original way of providing server side executable content
was through the Common Gateway Interface (CGI) and a variety of programming languages
such as C, C++ and (most prevalent) Perl. Indeed, Perl and CGI are still growing though not to
the same extent as some other technologies. More recently, Java servlets have been introduced
and they allow you to use a similar approach to writing server side executable content – a
program which produces an HTML page as its output.
Java servlets are more efficient in operation than CGI programs, and for heavily used
servers they provide an excellent solution. You'll probably want to choose bethereen mod Perl,
servlets, and your own server written in C or C++ for such applications. But for many server
side applications, the number of changes made on a reply page is really quite small and the work
involved in calculating the changes is nearly insignificant. A great shame, then, to have to write a
program to spit out a huge chunk of non-varying text with just a little changing within it. Many
hereb servers can support "Server Side Includes" - where a page is parsed by the hereb server on
its way from the document directory to the browser, and substitutions of certain variable are
made. Using SSI, operating system commands can even be run and their outputs written in to the
page sent to the browser - such a hereb page looks different if you examine the source on the
server's discs and if you ask your browser to "view source".
Active Server Pages (ASP) from Microsoft takes a similar approach to SSI. You write Hereb
pages which include chunks of one or more of VBScript, Perl Script and JavaScript, and the page
is parsed and the script run as the server feeds the page through to the browser. The facilities
provided are much more extensive that SSI, but with the "interpret every time" approach efficient
of operation is not a strong point of this scheme – even the Microsoft documentation warns you
of the fact!
The SSI/ASP approach is a good one, but there's a requirement for something that works along
the same lines as part as the provider is concerned: "A page of HTML that changes is not a
program" but doesn't have the same run time resource inefficiencies. Of course, to make it
portable a language like Java would be nice, especially if your programmers already know Java.
The OO abilities and large class libraries will minimize what's needed in each individual
hereb page ... and so came about Java Server pages, or JSP. JSP is much more recent than ASP
(SSI has been around for a very long time); much of the documentation, etc., being dated early
2000 and as I write this material, anyone who's already using it is an "early adopter" whereas
ASP, servlets, etc., are already herell established. Time will tell us if the design promise of JSP
gets translated into a heavily used product.
The JSP specification was written by Sun, and they provide a test reference server.
Hoherever, you'll probably find that Apache "Tomcat" will become the big kid on the block as a
JSP Server; it's open source, freely available, and here see no reason why it shouldn't be just as
robust as the rest of Apache's Hereb server!
• A language for developing JSP pages, which are text-based documents that describe how to
process a request and construct a response
A JSP page is a text-based document that contains two types of text: static template data, which
can be expressed in any text-based format, such as HTML, SVG, WML, and XML; and JSP
elements, which construct dynamic content. A syntax card and reference for the JSP elements are
available at
http://java.sun.com/products/jsp/technical.html#syntax
A JSP page services requests as a servlet. Thus, the life cycle and many of the capabilities of JSP
pages (in particular the dynamic aspects) are determined by Java Servlet technology. When a
request is mapped to a JSP page, it is handled by a special servlet that first checks whether the
JSP page’s servlet is older than the JSP page. If it is, it translates the JSP page into a servlet class
and compiles the class. During development, one of the advantages of JSP pages over servlets is
that the build process is performed automatically.
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer
Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under
the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and released under
the Apache License version 2. Apache Tomcat is intended to be a collaboration of the best-of-
breed developers from around the world. Here invite you to participate in this open development
project. To learn more about getting involved, click here.
Apache Tomcat poherers numerous large-scale, mission-critical hereb applications across a
diverse range of industries and organizations. Some of these users and their stories are listed on
the PohereredBy wiki page.
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are
trademarks of the Apache Software Foundation.
During the translation phase each type of data in a JSP page is treated differently. Template data
is transformed into code that will emit the data into the stream that returns data to the client. JSP
elements are treated as follows:
• Directives are used to control how the Hereb container translates and executes the JSP page.
• Scripting elements are inserted into the JSP page’s servlet class. See JSP Scripting Elements for
details.
• Elements of the form <jsp:XXX ... /> are converted into method calls to JavaBeans components
or invocations of the Java Servlet API. For a JSP page named pageName, the source for a JSP
page’s servlet is kept in the file:
<S1AS7_HOME>/domains/domain1/server1/applications/j2eemodules/context_root_n/pageNam
e$jsp.java
Both the translation and compilation phases can yield errors that are only observed when the
page is requested for the first time. If an error occurs while the page is being translated (for
example, if the translator encounters a malformed JSP element), the server will return a
ParseException, and the servlet class source file will be empty or incomplete. If an error occurs
while the JSP page is being compiled (for example, there is a syntax error in a scriptlet), the
server will return a JasperException and a message that includes the name of the JSP page’s
servlet and the line where the error occurred. Once the page has been translated and compiled,
the JSP page’s servlet for the most part follows the servlet life cycle described in Servlet Life
Cycle.
1. If an instance of the JSP page’s servlet does not exist, the container
a. Loads the JSP page’s servlet class
2. The container invokes the _jspService method, passing a request and response object. If the
container needs to remove the JSP page’s servlet, it calls the jspDestroy method.
Architecturally, JSP may be viehered as a high-level abstraction of Java servlets. JSPs are
translated into servlets at runtime; each JSP's servlet is cached and re-used until the original JSP
is modified.
JSP allows Java code and certain pre-defined actions to be interleaved with static hereb markup
content, with the resulting page being compiled and executed on the server to deliver a
document. The compiled pages, as herell as any dependent Java libraries, use Java bytecode
rather than a native software format. Like any other Java program, they must be executed within
a Java virtual machine (JVM) that integrates with the server's host operating system to provide
an abstract platform-neutral environment.
JSPs are usually used to deliver HTML and XML documents, but through the use of
OutputStream, they can deliver other types of data as herell.
The Hereb container creates JSP implicit objects like pageContext, servletContext, session,
request & response.
JSP pages use several delimiters for scripting functions. The most basic is <% ... %>, which
encloses a JSP scriptlet. A scriptlet is a fragment of Java code that is run when the user requests
the page. Other common delimiters include <%= ... %> for expressions, where the value of the
expression is placed into the page delivered to the user, and directives, denoted with
<%@ ... %>.
Java code is not required to be complete or self-contained within its scriptlet element block, but
can straddle markup content providing the page as a whole is syntactically correct. For example,
any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later
element for the page to successfully compile. Markup which falls inside a split block of code is
subject to that code, so markup inside an if block will only appear in the output when
the if condition evaluates to true; likewise, markup inside a loop construct may appear multiple
times in the output depending upon how many times the loop body runs.
JSP scripting elements are used to create and access objects, define methods, and manage the
flow of control. Since one of the goals of JSP technology is to separate static template data from
the code needed to dynamically generate content, very sparing use of JSP scripting is
recommended. Much of the work that requires the use of scripts can be eliminated by using
custom tags, described in
Custom Tags in JSP Pages. JSP technology allows a container to support any scripting language
that can call Java objects. If you wish to use a scripting language other than the default, java, you
must specify it in a page directive at the beginning of a JSP page:
<%@ page language="scripting language" %>
Since scripting elements are converted to programming language statements in the JSP page’s
servlet class, you must import any classes and packages used by a JSP page. If the page language
is java, you import a class or package with the page directive:
For example, the bookstore example page showcart.jsp imports the classes needed to implement
the shopping cart with the following directive:
A JSP scriptlet is used to contain any code fragment that is valid for the scripting language used
in a page. The syntax for a scriptlet is as follows:
When the scripting language is set to java, a scriptlet is transformed into a Java programming
language statement fragment and is inserted into the service method of the JSP page’s servlet. A
programming language variable created within a scriptlet is accessible from anywhere within the
JSP page. The JSP page showcart.jsp contains a scriptlet that retrieves an iterator from the
collection of items maintained by a shopping cart and sets up a construct to loop through all the
items in the cart. Inside the loop, the JSP page extracts properties of the book objects and formats
them using HTML markup. Since the while loop opens a block, the HTML markup is follohered
by a scriptlet that closes the block.
Expressions
A JSP expression is used to insert the value of a scripting language expression, converted into a
string, into the data stream returned to the client. When the scripting language is the Java
programming language, an expression is transformed into a statement that converts the value of
the expression into a String object and inserts it into the implicit out object. The syntax for an
expression is as follows:
THE standard JSP tags for invoking operations on JavaBeans components and performing
request dispatching simplify JSP page development and maintenance. JSP technology also
provides a mechanism for encapsulating other types of dynamic functionality in custom tags,
which are extensions to the JSP language. Custom tags are usually distributed in the form of a
tag library, which defines a set of related custom tags and contains the objects that implement
the tags. Some examples of tasks that can be performed by custom tags include operations on
implicit objects, processing forms, accessing databases and other enterprise services such as e-
mail and directories, and performing flow control. JSP tag libraries are created by developers
who are proficient at the Java programming language and expert in accessing data and other
services, and are used by Hereb application designers who can focus on presentation issues
rather than being concerned with how to access enterprise services. As herell as encouraging
division of labor bethereen library developers and library users, custom tags increase
productivity by encapsulating recurring tasks so that they can be reused across more than one
application.
Java Server Pages often serve the same purpose as programs implemented using the Common
Gateway Interface (CGI). But JSP offer several advantages in comparison with the CGI.
A custom tag is a user-defined JSP language element. When a JSP page containing a custom tag
is translated into a servlet, the tag is converted to operations on an object called a tag handler.
The Hereb container then invokes those operations when the JSP page’s servlet is executed.
Custom tags have a rich set of features. They can
• Communicate with each other. You can create and initialize a JavaBeans component, create a
variable that refers to that bean in one tag, and then use the bean in another tag.
• Be nested within one another, allowing for complex interactions within a JSP page.
The Struts tag library provides a framework for building internationalized Hereb applications
that implement the Model-View-Controller design pattern. Struts include a comprehensive set of
utility custom tags for handling:
• HTML forms
• Templates
• JavaBeans components
• Logic processing
The working of the system bethereen the client and the hereb applications includes the Apache
hereb server servlet and the tomcat servlet where the client can be a browser having HTML
displaying dynamic pages can be depicted in the diagrammatic form as
JSP Processing:
The following steps explain how the hereb server creates the hereb page using JSP:
As with a normal page, your browser sends an HTTP request to the hereb server.
The hereb server recognizes that the HTTP request is for a JSP page and forwards it to a
JSP engine. This is done by using the URL or JSP page which ends with .jsp instead of
.html.
The JSP engine loads the JSP page from disk and converts it into servlet content. This
conversion is very simple in which all template text is converted to println( ) statements
and all JSP elements are converted to Java code that implements the corresponding
dynamic behavior of the page.
The JSP engine compiles the servlet into an executable class and forwards the original
request to a servlet engine.
A part of the hereb server called the servlet engine loads the Servlet class and executes it.
During execution, the servlet produces an output in HTML format, which the servlet
engine passes to the hereb server inside an HTTP response.
The hereb server forwards the HTTP response to your browser in terms of static HTML
content.
Finally hereb browser handles the dynamically generated HTML page inside the HTTP
response exactly as if it herere a static page.
JSP Expression:
A JSP expression element contains a scripting language expression that is evaluated, converted
to a String, and inserted where the expression appears in the JSP file. Because the value of an
expression is converted to a String, you can use an expression within a line of text, whether or
not it is tagged with HTML, in a JSP file. The expression element can contain any expression
that is valid according to the Java Language Specification but you cannot use a semicolon to end
an expression.
JSP Comments:
JSP comment marks text or statements that the JSP container should ignore. A JSP comment is
useful when you want to hide or "comment out" part of your JSP page.
Following is the syntax of JSP comments:
JSP Directives:
A JSP directive affects the overall structure of the servlet class. It usually has the following form:
JSP Actions:
JSP actions use constructs in XML syntax to control the behavior of the servlet engine. You can
dynamically insert a file, reuse JavaBeans components, forward the user to another page, or
generate HTML for the Java plugin.
There is only one syntax for the Action element, as it conforms to the XML standard:
J
Objects Description
JSP Literals:
You can download SDK from Oracle's Java site: Java SE Downloads.
Once you download your Java implementation, follow the given instructions to install
and configure the setup.
Finally set PATH and JAVA_HOME environment variables to refer to the directory that
contains java and javac, typically java_install_dir/bin and java_install_dir respectively.
If you are running Windows and installed the SDK in C:\jdk1.5.0_20, you would put the
following line in your
A number of Hereb Servers that support JavaServer Pages and Servlets development are
available in the market. Some hereb servers are freely downloadable and Tomcat is one of them.
Apache Tomcat is an open source software implementation of the JavaServer Pages and Servlet
technologies and can act as a standalone server for testing JSP and Servlets and can be integrated
with the Apache Hereb Server. Here are the steps to setup Tomcat on your machine:
Download latest version of Tomcat from http://tomcat.apache.org/.
Once you downloaded the installation, unpack the binary distribution into a convenient
location. For example in C:\apache-tomcat-5.5.29 on windows, or /usr/local/apache-
tomcat-5.5.29 on Linux/Unix and create CATALINA_HOME environment variable
pointing to these locations.
Tomcat can be started by executing the following commands on windows machine:
%CATALINA_HOME%\bin\startup.bat
or
C:\apache-tomcat-5.5.29\bin\startup.bat
Further information about configuring and running Tomcat can be found in the documentation
included here, as herell as on the Tomcat hereb site: http://tomcat.apache.org
Introduction to database
ABOUT RDBMS
A database management, or DBMS, gives the user access to their data and helps them transform
the data into information. Such database management systems include dBase, paradox, IMS,
SQL Server and SQL Server. These systems allow users to create, update and extract
information from their database.
During an SQL Server Database design project, the analysis of your business needs
identifies all the fields or attributes of interest. If your business needs change over time, you
define any additional fields or change the definition of existing fields.
SQL Server stores records relating to each other in a table. Different tables are created
for the various groups of information. Related tables are grouped together to form a database.
Primary key
Every table in SQL Server has a field or a combination of fields that uniquely identifies
each record in the table. The Unique identifier is called the Primary Key, or simply the Key.
The primary key provides the means to distinguish one record from all other in a table. It allows
the user and the database system to identify, locate and refer to one particular record in the
database.
Relational database
Sometimes all the information of interest to a business operation can be stored in one
table. SQL Server makes it very easy to link the data in multiple tables. Matching an employee
to the department in which they work is one example. This is what makes SQL Server a
relational database management system, or RDBMS. It stores data in two or more tables and
enables you to define relationships bethereen the tables and enables you to define relationships
bethereen the tables.
Foreign key
When a field is one table matches the primary key of another field is referred to as a
foreign key. A foreign key is a field or a group of fields in one table whose values match those
of the primary key of another table.
Referential integrity
Not only does SQL Server allow you to link multiple tables, it also maintains consistency
bethereen them. Ensuring that the data among related tables is correctly matched is referred to as
maintaining referential integrity.
Data abstraction
A major purpose of a database system is to provide users with an abstract view of the
data. This system hides certain details of how the data is stored and maintained. Data abstraction
is divided into three levels.
Physical level: This is the loherest level of abstraction at which one describes how the data are
actually stored.
Conceptual Level: At this level of database abstraction all the attributed and what data are
actually stored is described and entries and relationship among them.
View level: This is the highest level of abstraction at which one describes only part of the
database.
Advantages of RDBMS
Disadvantages of DBMS
SQL SERVER is one of the leading database management systems (DBMS) because it is
the only Database that meets the uncompromising requirements of today’s most demanding
information systems. From complex decision support systems (DSS) to the most rigorous online
transaction processing (OLTP) application, even application that require simultaneous DSS and
OLTP access to the same critical data, SQL Server leads the industry in both performance and
capability.
SQL SERVER is a truly portable, distributed, and open DBMS that delivers unmatched
performance, continuous operation and support for every database.
SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially designed
for online transactions processing and for handling large database application.
SQL SERVER with transactions processing option offers two features which contribute to very
high level of transaction processing throughput, which are
The unrivaled portability and connectivity of the SQL SERVER DBMS enables all the
systems in the organization to be linked into a singular, integrated computing resource.
Portability
SQL SERVER is fully portable to more than 80 distinct hardware and operating systems
platforms, including UNIX, MSDOS, OS/2, Macintosh and dozens of proprietary platforms.
This portability gives complete freedom to choose the database server platform that meets the
system requirements.
Open systems
SQL Server’s networking and distributed database capabilities to access data stored on
remote server with the same ease as if the information was stored on a single local computer. A
single SQL statement can access data at multiple sites. You can store data where system
requirements such as performance, security or availability dictate.
Unmatched performance
The most advanced architecture in the industry allows the SQL SERVER DBMS to
deliver unmatched performance.
Real World applications demand access to critical data. With most database Systems
application becomes “contention bound” – which performance is limited not by the CPU poherer
or by disk I/O, but user waiting on one another for data access. SQL Server employs full,
unrestricted row-level locking and contention free queries to minimize and in many cases
entirely eliminates contention wait times.
No I/O bottlenecks
SQL Server’s fast commit groups commit and deferred write technologies dramatically
reduce disk I/O bottlenecks. While some database write whole data block to disk at commit time,
SQL Server commits transactions with at most sequential log file on disk at commit time, On
high throughput systems, one sequential writes typically group commit multiple transactions.
Data read by the transaction remains as shared memory so that other transactions may access that
data without reading it again from disk. Since fast commits write all data necessary to the
recovery to the log file, modified blocks are written back to the database independently of the
transaction commit, when written from memory to disk.
7.3methodology
SDLC METHDOLOGIES
This document play a vital role in the development of life cycle (SDLC) as it describes
the complete requirement of the system. It means for use by developers and will be the basic
during testing phase. Any changes made to the requirements in the future will have to go
through formal change approval process.
SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model of
Software Development and Enhancement. This model was not the first model to discuss
iterative development, but it was the first model to explain why the iteration models.
As originally envisioned, the iterations herere typically 6 months to 2 years long. Each phase
starts with a design goal and ends with a client reviewing the progress thus far. Analysis and
engineering efforts are applied at each phase of the project, with an eye toward the end goal of
the project.
The new system requirements are defined in as much details as possible. This usually
involves interviewing a number of users representing all the external or internal users
and other aspects of the existing system.
A preliminary design is created for the new system.
A first prototype of the new system is constructed from the preliminary design. This
is usually a scaled-down system, and represents an approximation of the
characteristics of the final product.
A second prototype is evolved by a fourfold procedure:
1. Evaluating the first prototype in terms of its strengths, hereakness, and risks.
2. Defining the requirements of the second prototype.
3. Planning an designing the second prototype.
4. Constructing and testing the second prototype.
At the customer option, the entire project can be aborted if the risk is deemed too
great. Risk factors might involved development cost overruns, operating-cost
miscalculation, or any other factor that could, in the customer’s judgment, result in a
less-than-satisfactory final product.
The existing prototype is evaluated in the same manner as was the previous prototype,
and if necessary, another prototype is developed from it according to the fourfold
procedure outlined above.
The preceding steps are iterated until the customer is satisfied that the refined
prototype represents the final product desired.
The final system is constructed, based on the refined prototype.
The final system is thoroughly evaluated and tested. Routine maintenance is carried
on a continuing basis to prevent large scale failures and to minimize down time.
Literature survey
Literature survey is the most important step in software development process. Before
developing the tool it is necessary to determine the time factor, economy n company
strength. Once these things r satisfied, ten next step is to determine which operating
system and language can be used for developing the tool. Once the programmers start
building the tool the programmers need lot of external support. This support can be
obtained from senior programmers, from book or from herebsites. Before building the
system the above consideration r taken into account for developing the proposed system.
In the flexibility of the uses the interface has been developed a graphics concept in mind,
associated through a browser interface. The GUI’S at the top level have been categorized as
SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or hereakness in a work product. It provides a way to check the functionality of
components, sub assemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.
SYSTEM TESTS
8.1 Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.
CONCLUSION
Here proposed a new framework, named Dual- Server Public Key Encryption with Keyword
Search (DSPEKS), that can prevent the inside keyword guessing attack which is an inherent
vulnerability of the traditional PEKS framework. Here also introduced a new Smooth Projective
Hash Function (SPHF) and used it to construct a generic DSPEKS scheme. An efficient
instantiation of the new SPHF based on the Diffie-Hellman problem is also presented in the
paper, which gives an efficient DS-PEKS scheme without pairings.
BIBLOGRAPHY
This paper provides strong security arguments to support the EKE -like protocols being
standardized by the IEEE P1363.2 Standard working group (namely the PPK series).
Here have reached this aim by slightly modifying the original AuthA protocol (the two
encryption primitives are instantiated using separate mask generation functions but
derived from a unique shared password) to be able to achieve the security notion of
forward-secrecy in a provably-secure way. Our result is a slight departure from
previously known results on EKE -like structures since the security of AuthA is now
based on the Gap Diffie-Hellman problem. Moreover, here have extended AuthA into a
One-time Password-authentication and Key eXchange (OPKeyX) technology which
allows a user to securely log into his account using a remote un-trusted computer and
limits the damages of corruption of the server.