View
224
Download
0
Category
Preview:
Citation preview
BORANG PENGESAHAN STATUS TESIS*
JUDUL: fMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER AND STORAGE
SESIPENGAJIAN:~2~01~2~------------------------------------
Saya DANIE DANIAL BIN MOHAMED SALIM (HURUF BESAR)
mengaku membenarkan tesis (PSM/Sarjana!Dok.1:or FaJsafah) ini disimpan di Perpustakaan FakuJti Teknologi Maklumat dan Komunikasi dengan syarat-syarat kegunaan seperti berikut:
l. Tesis adaJah hakmilik Universiti TeknikaJ Malaysia Melaka 2. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan untuk tujuan pengajian sahaja 3. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan tesis ini sebagai bahan pertukaran antara institusi pengajian tinggi.
4. ** Sila tandakan (/)
SULIT
TERHAD
I TIDAK TERHAD
Alamat tetap: No 2 JaJan MP 11,
(Mengandungi maklumat yang berdarjah keselamatan atau kepentingan Malaysia seperti yang termaktub di daJam AKT A RAHSIA RASMI 1972)
(Mengandungi maklumat TERHAD yang telah ditentukan oleh organisasi/ badan di mana penyelidikan dijaJankan)
(T ANDA~ELIA) Melaka Perdana Resort Homes, 75450 A er Kerob,
DR SHEKH F AISAL BIN ABDUL LA TIP
Mel aka Nama Penyelia
Tarikh : ::L 'l /s / 1-0 1 )---~~~---
Tarikh : ..9. q / ~ I ;Lo I 1--
© Universiti Teknikal Malaysia Melaka
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER AND STORAGE
DANIE DANLAL BIN MOHAMED SALIM
This report is submitted in partial fulfilment of the requirements for the Bachelor of Computer Science (Software Development)
FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY UNIVERSrTI TEKNIKAL MALAYSIA MELAKA
2012
© Universiti Teknikal Malaysia Melaka
II
DECLARATION
I hereby declare this project report entitled
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER
AND STORAGE
is written by me and is my own effort and that no part has been plagiarized without
citations.
STUDENT '214' Date1 1/'i /;fll L
(DANf{I;ANIAL BIN MOHAMED SALIM)
SUPERVISOR _ ______,&~..._______· _ _ Date: [;)_.'\ I g--} Q..o\ ~ (D~ SHEKH F AISAL BIN ABDUL LA TIP)
© Universiti Teknikal Malaysia Melaka
Ill
DEDICATION
To my beloved parents, Mohamed Salim Abbas and Faziah Omar
To my supervisor, Dr.Shekh Faisal Bin Abdul Latip
To my sisters and brothers
To my cooperative friends
© Universiti Teknikal Malaysia Melaka
IV
ACKNOWLEDGEMENTS
Alhamdulillah, Thanks to Allah SWT, whom with His v,rilling g•ve me the
opportunity to complete this Final Year Project which is titled Implementation of Secure
Confidential-Document Transfer and Storage. This final year project report was prepared
for Faculty of Information and Communication Technology (FTMK), Universiti
Teknikal Malaysia Melaka (UTeM), basically for student in final year to complete the
undergraduate program that leads to the degree of Bachelor of Computer Science. This
report is baseq on the methods given by the university.
Firstly, I would like to express my deepest thanks to my supervisor, Dr Shekh
FaisaJ Bin Abdul Latip for the inspirational instruction and guidance to me during this
project. His guidance helped me in all the time in my project. I could not have imagined
having a better supervisor for my project.
Deepest thanks and appreciation to my parents, siblings, and friends for their
cooperation, encouragement, constructive suggestion and full of support for the report
completion, from the beginning till the end.
© Universiti Teknikal Malaysia Melaka
v
ABSTRACT
This project describes the development of a system which main objectives are
to enhance the security and efficiency of the current system of file sharing and
message sharing process. This idea of implementing a system that employs a client
server architecture which involves a certificate authority (CA), which acts as a server
to issue a digital certificate and monitor all the client activities, and a client that uses
encryption technology in order to secure the content of the message and the files,
came up after studying the outdated and unsecure method of UTEMs process of
vetting exam question paper.
For this project, the development focused on the client side. The client side
will use a face recognition, which will be authenticated by the server. The client will
use AES algorithm and RSA algorithm in encryption the messages or files before
sharing or distributing the messages/files to other client. Each user will have their
own digital certificate, issued by the certification authority. User can use the client to
search for other online or offline user, validate their digital certificate and even send
an ofiline message. The client also features a separate decrypting tools to decrypt
received files at any time.
The interfaces and buttons will attempt to replicate the design and styles of
commercial system. The design also will be developed and focused primarily to
promote user friendly. This project will be developed in such a way that I can be run
even using low hardware and software specification, so that I can be run by most
computer. The system will be developed using VB.net languages, luxandFace SDK,
and developed for Windows environment.
© Universiti Teknikal Malaysia Melaka
VI
ABSTRAK
Projek ini menerangkan prose pembangunan sistem dimana objektif
utamanya adalah untuk meningkatkan keselamatan dan kecekapan sistem semasa
proses perkongsian fail dan perkongsian mesej. Idea untuk melaksanakan satu
sistem yang menggunakan seni bina client-server yang melibatkan certification
authority (CA), yang bertindak sebagai pelayan untuk mengeluarkan digital
certificate dan memantau semua ak.'tiviti client, dan client yang menggunakan
teknologi encryption untuk menjamin kandungan mesej dan fail-fail tersebut, timbul
selepas mengkaji kaedah yang ketinggalan zaman dan tidak selamat, yg digunakan
oleh UTEMs dalam proses vetting kertas soalan peperiksaan.
Untuk projek ini, focus tertumpu lebih kepada client. Sahagian client akan
menggunakan pengenalan muka, yang akan disahkan oleh pelayan. Pelanggan akan
menggunakan algoritma AES dan algoritma RSA dalam penyulitan mesej atau fail
sebelum berkongsi atau mengedar mesej I fail kepada pelanggan lain. Setiap
pengguna akan mempunyai digital certificate mereka sendiri, yang dikeluarkan oleh
certification authority. Pengguna boleh menggunakan klien untuk mencari pengguna
lain secara online atau offline, mengesahkan digital certifica te masing-masing dan
juga menghantar mesej offline. Client juga mempunyai fungsi yang berasingan, iaitu
alat decrypting untuk menyahsulitkannya yang fail diterima pada bila-bila masa.
Interface dan butang akan cuba direka dengan meniru reka bentuk dan gaya
sistem komersial . Reka bentukjuga akan dibangunkan dengan memberi tumpuan
untuk mempromosikan mesra pengguna. Projek ini akan dibangunkan supaya boleh
berfungsi walaupun menggunakan perkakasan yang rendah dan spesifikasi perisian,
supaya ianya boleh dikendalikan oleh kebanyakkan komputer. Sistem ini akan
dibangunkan dengan menggunakan VB.NET, luxandFace SDK, dan dibangunkan
untuk persekitaran Windows.
© Universiti Teknikal Malaysia Melaka
VJI
TABLE OF CONTENT
CHAPTER SUBJECT PAGE
DECLARATION II
DEDICATION Ill
ACKNOWLEGEMENT iv
ABSTRACT v
ABSTRAK VI
TABLE OF CONTENTS VII
LIST OF TABLE xii
LIST OF FIGURES xiv
LIST OF ABBREVIATION XVI
LIST OF ATtACHMENT XVII
CHAPTERl INTRODUCTION
1.1 Project Background
1.2 Problem Statement 2
1.3 Objectives ..., _,
1.4 Scopes 3
1. 5 Project Significant 4
1.6 Conclusion 5
© Universiti Teknikal Malaysia Melaka
CHAPTER II LITERITURE RIVIEW AND PROJECT
METHODOLOGY
CHAPTKRIO
2.1
2.2
2.3
2.4
2.4
3. 1
3.2
Introduction
Facts and Finding
2.2.1 Facts On Cryptography
2.2.1.1 Symmetric Key Cryptography
2.2.1 .2 Asymmetric Key Cryptography
2.2.1.3 Public Key InfTastructure (PKJ)
2.2.1.4 Secure Messaging
2.2. 1.5 Message Digest
2.2.1.6 Digital Signature
2.2.2 Facts On Biometric
2.2.2.1 Facial Recognition
2.2.3 Case Study
2.2.3.1 UTeM Vetting Process
2.2.3.2 Secure Electronic Registration
and Voting Experiment Case
Study
Project Methodology
Project Requirement
2.4.1 Software Requirement
2.4.2 Hardware Requirement
Project Schedule and Milestone
ANALYSTS
Introduction
Problem Analysis
3.2.1 Analysis of the Current System
© Universiti Teknikal Malaysia Melaka
6
6
7
7
8-9
9-10
10-11
II
11-1 2
12
13
14
14-15
15-17
17-19
19
20
21 -22
23
24
24
24-26
VIII
IX
3.2.1 Identified Problems 26
3.3 Requirement Analysis 27
3.3 .1 Data Requirement 27
3.3.2 Functional Requirement 28
3.3.3 Use Case Diagram 29-30
3.3.4 Software Requirement 30-31
3.3.4 Hardware Requirement 32
3.4 Conclusion 32
CHAPTER IV DESIGN
4.1 Introduction 33
4.2 High Level Design ..,.., .).)
4.2.1 System Architecture 33
4.2.2 User Interface Design 34-41
4.2.2.1 Navigation Design 41 -42
4.2.2.3 Input Design 42-43
4.2.3 Database Design 43
4.2.3.1 Conceptual and Logical 43
Database Design
4.3 Detailed Design 43
4.3.1 Software Design 44
4.3.1.1 Pseudo Code 44
4.3.2 Physical database design 45
4.3.2. 1 Data Definition Language 45
(DDL)
4.4 Conclusion 46
CHAPTER V IMPLEMENTATION
5.1 Introduction 47
© Universiti Teknikal Malaysia Melaka
X
5.2 Software Development Environment Setup 48
5.3 Software Configuration Management 49
5.3.1 Configuration Environment Setup 49
5.3.2 Version Control Procedure 52
5.4 Implementation Status 53
5.5 Conclusion 54
CHAPTER Vl TESTING
6.1 Introduction 55
6.2 Test Plan 55
6.2.1 Test Organization 56
6.2.1.1 System tester 56
6.2.1.2 Hardware tester 57
6.2.2 Test Environment 58
6.2.2.1 Location/environment 58
6.2.2.2 Hardware 59
6.2.2.3 Software 59
6.2.2.4 Firmware configurations and
Preparations 60
6.2.3 Test Schedule 61
6.3 Test Strategy 63
6.3.1 Classes ofTests 63
6.4 Test Design 64
6.4.1 Test Description 64
6.5 Test Result and Analysis 68
6.6 Conclusion 76
© Universiti Teknikal Malaysia Melaka
CHAPTER VIJ PROJECT CONCLUSION
7. 1 Observation on Weaknesses and Strengths
7.1.1 System Strengths
7.1.1.1 Security
78
78
78
7. 1.1.2 Practicality and User Friendly 79
7.1.1.3 Compatibility 79
7.1.2 System Weaknesses 79
7.1.2.1 Not Operations System
Universal 80
7.2
7.3
7.1.2.2 Hardware Reliant
Contribution
Conclusion
References
Bibliography
Appendices A (Gantt chart)
Appendices B (User Manual)
© Universiti Teknikal Malaysia Melaka
80
80
80
81
82
83
85
XI
Xll
LIST OF TABLES
TABLE TITLE PAGE
2.1 Facial Recognition Application 13
2.2 Software Requirement 20
2.3 Hardware Requirement 21
2.4 Milestone 23
3.1 Data Requirement for the -Digital Certificate Generator for
Corporate Public Key Infrastructure 27
3.2 Software Requirement 30
3.3 Hardware Requirement 32
4.1 Features of Facial Recognition Module 35
4.2 Login Input Design 42
4.3 Enroll Input Design 42
5.1 Version Control Procedure for the system 53
5.2 Implementation Status 53
6.1 List of System Tester 56
6.2 List ofTester 57
6.3 Hardware Requirement 59
6.4 Test module of SCDTSS 61
6.5 Classes of Tests 63
6.6 Login Test Case 65
6.7 Connection to Server Test Case 65
© Universiti Teknikal Malaysia Melaka
X It!
6.8 Search digital certificate 66
6.9 Generate secret key 67
6.10 Encrypting message 67
6.11 Encrypting file 68
6.13 Test Result and Analysis for Login Module 68
6.14 Test Result and Analysis of downloading digital certificate 70
6.15 Test Result and Analysis of searching others staff digital
certificate 70
6.16 Test Result and Analysis of generating secret key 71
6.17 Test Result and Analysis of encrypting and sending message 72
6.18 Test Result and Analysis of Company Profile 74
6.19 Test Result and Analysis of showing expanded information 75
© Universiti Teknikal Malaysia Melaka
XIV
LrST OF FIGURES
FIGURE TITLE PAGE
2.1 Symmetric Cryptography 7
2.2 Symmetric Cryptography 8
2.3 RSA algorithm 9
2.4 Public Key Infrastructure (PKI) 10
2.5 Private/Public Key Usage 10
2.6 Message Digest Implementation 11
2.7 Digital Signature 12
2.8 Facial Recognition Process 13
2.9 Vetting Procedure In UTeM 14
2.10 Architecture of SERVE 16
2.1 1 Implementation of digital signature in SERVE 16
2.12 How SERVE defends against attack 17
2.13 Rapid Application Development (RAD) Cycle 18
3.1 Vetting procedure in UTeM 25
3.2 Flow chart for certificate registration 28
3.3 Data flow diagram 29
3.4 Use case diagram 30
4.1 The system architecture 34
4.2 Facial SDK 66 recognized point 36
4.3 Log-in Interface 36
© Universiti Teknikal Malaysia Melaka
XV
4.4 Log in successful interface 37
4.5 Distribution of digital certificate by CA 38
4.6 Searching for digital certificate Interface 38
4.7 Process ofvalidating the certificate 39
4.8 Mouse position on the status strip 39
4.9 Main Interface 40
4.10 Message Transmission process 40
4.11 Expanded View of the main menu 41
4.12 Navigation design 42
4.13 Entity Relationship Diagram 43
4.14 SQL Statement to save digital certificate into database 46
4.15 SQL statement to select digital certificate from the database 46
5. l Environment Architecture of SCDTSS 48
5.2 Configuration Management Principles 50
5.3 Configuration Management for managing version 51
5.4 Numbering version scheme 52
6.1 Login Interface 69
6.2 Error message when login failed 70
6.3 Download digital certificate message box 70
6.4 Inserting Secret key 71
6.5 Insert staff ID 72
6.6 Certificate found 72
6.7 Key successfully generated 73
6.8 Message sent and received 74
6.9 Encrypting files 75
6.10 Additional information displayed on the bottom ofthe main
menu. 76
© Universiti Teknikal Malaysia Melaka
ABBREVIATION
DFD
DDL
ERD
UTeM
LIST OF ABBREVlA TIONS
WORD/DESCRIPTION
Data Flow Diagram
Data Definition Language
Entity Relationship Diagram
Universiti Teknikal Malaysia Melaka
© Universiti Teknikal Malaysia Melaka
XVI
ATTACHMENTS
A
B
LIST OF ATTACHMENTS
TITLE
Gantt chart
User Manual
© Universiti Teknikal Malaysia Melaka
PAGE
84
86
XVII
1
CHAPTER I
INTRODUCTION
l.l Project Backgnmnd
Everybody needs a sense of security and privacy in their life. This is the basic
needs of human. This basic need also apply in the IT and cyber world. As an
individual, we need to secure anything that is private and personal to us. As an
organization, it is essential that sensitive data being protected. A breach of such
security and privacy could result in safety concern, and loss in terms of profit for
organization. That is why we need to secure anything that is important and private to
us.
Encryption is one of the most effective methods to secure a files or
application. This process of encryption hides the contents of a message in a way that
the original information is recovered only through a decryption process. The purpose
of Encryption is to prevent unauthorized parties from viewing or modifying the data.
Encryption occurs when the data is passed through some substitute technique,
shifting technique, table references or mathematical operations. All those processes
generate a different form of that data. The unencrypted data is referred to as the
plaintext and the encrypted data as the cipher text, which is representation of the
original data in a difference form.
Key-based algorithms use an Encryption key to encrypt the message. There
are two general categories for key-based Encryption: Symmetric Encryption which
uses a single key to encrypt and decrypt the message and Asymmetric Encryption
which uses two different keys - a public key to encrypt the message, and a private
key to decrypt it. Currently, there are several types o f key based Encryption
© Universiti Teknikal Malaysia Melaka
2
algorithms such as: HASH, RSA, AES, BLOWFISH, RC6, and others but all of
these algorithms depend on high mathematical manipulations.
In this project, a secure classified-document transfer and storage application
·will be developed, to address the problem of security attack and security flaw, and
provide a secure method of sharing and storing classified documents.
1.2 Problem Statements
Security and privacy has been considered a basic need for human. It is crucial to
protect individual or organization privacy and sensitive as failure to do so might
cause trouble, problem and even crimes involving theft, fraudulence, and industrial
spying. However, the current culture and society still take security issue for granted.
Most individual and organization only employed and implemented minimum security
measure at most, and the rest are still ignorance on issue related to security and
privacy. The majority of business and educational institution are still using paper
based submission, which is very unsecure way of circulating or transmitting sensitive
and private information. To address this problem, most has already adopted a system
that can send the soft-copy of the private files or messages, over the network, such as
LAN or WAN. But still this method are not considered as a safer alternative as the
files and messages can still be intercepted or sniffed. Message wrote in a plain-text
format can easily be sniffed and read using Wireshark, a network monitoring tools
that are available on the internet, free for download. File that was intercepted can
readily be run or opened. Without applying an encryption on these messages or files,
there is no use in migrating from paper-based system to computerized network based
system.
Furthermore, with the current method or system, there is no way to be sure that
there is no impersonation occur, which means that the person we are communication
with are no an impersonator. There is also no effective way to ensure the integrity of
the message, and proof of origin (non-repudiation). If there is a dispute, a
complication will arise because the sender can deny the content of the message or
even deny having sent it.
© Universiti Teknikal Malaysia Melaka
3
In short, the current method of sharing and sending classified information or files
have no:
• Confidentiality to prevent unauthorized disclosure or information.
• Integrity to prevent unauthorized modification or substitution of information.
• Availability which prevent unauthorized withholding of information or
resources (denial of service)
• Non repudiation, to avoid sender from deny the content of the message or
even deny having sent it
1.3 Objectives
There are four main objective of the project. They are:
• To develop an application that is capable of sending and storing files/message
securely by means of encryption technology.
• To provide the application with better security by implementing biometrics
face recognition login
• To ensure the developed software is user-friendly, practical and lightweight.
1.4 Scope
• Encryption Algorithm
For this project, only block cipher encryption will be implemented. The
encryption algorithm are Advanced Encryption Standard (AES) or rijndael
algorithm and RSA algorithm.
Stream cipher will not be use, as it is deemed unsuitable for this project
This project will not explore or analyze these algorithm and its mathematical
formulae in details.
© Universiti Teknikal Malaysia Melaka
4
• Environment
This application IS intended to be used on windows operating system
environment, and this project will on limits its scope on window environment.
• Workstation
This application is intended to be use on computer, laptops and netbook.
Therefore this project will not cover on its usability, or guarantee its stability
in other device such as mobile phone or tablet pc.
• Digital Certificate and Certification Authority
Although this application rely on digital certificate to accomplish its
objectives, this project do not cover on the subjects of generation of the
asymmetric key (private/public key), creation of digital certificate, and its
distribution.
1.5 Project Significance
The implementation of encryption method in securing messages and files,
will surely increased the level of privacy and security of individual or organization.
Files and messages can be send and distributed freely without worrying about the
content being exposed or sniffed, as the content is encrypted and the cipher text is
useless to those who did not know the private key. This will surely increase the
productivity and stability of individual or organization.
1.6 Conclusion
Security and privacy remains as one of the basic needs of human being. It is
also important for large organization and business. To an individual, protecting this
means protecting their safety, and to a business organization protecting and security
© Universiti Teknikal Malaysia Melaka
means protecting their money. Therefore to ensure privacy and security,
cryptography is one of the best and practical methods.
That is why protecting and securing files and messages by means of
encryption is the main focus of th.is project, where the software is expected to be
simple, user friendly and yet practical and full with features .
5
In the next chapter, the report will explain about literature review and project
methodology used throughout the project. The literature review discusses the domain
related to the project.
© Universiti Teknikal Malaysia Melaka
6
CHAPTER II
LITERATURE REVIEW AND PROJECT METHODOLOGY
2.1 Introduction
This chapter will discuss in details on literature review related to the project
and also the methodology used in researching and completing the project. The
purpose of this chapter is to conduct the research about the other systems or
applications that are similar to the system that will be developed. All aspect is
studied in order to develop a system that is more effective. Furthermore, the
discussion is also including the methodologies, techniques, hardware and software
that being used in other research. The comparison between them is analyzed to
highlight the differences thus determine the better solutions for this project.
2.2 Facts and finding
Approach, passed research, reference and case study will be discussed under
this topic. The approach will be supported from a publish materials or passed
research.
© Universiti Teknikal Malaysia Melaka
Recommended