Enhanced security for online Exam

8/12/2019 Enhanced security for online Exam

1/82

Enhanced Security for Online Exam Using GroupCryptography

Complete Proposal:

Development of the Web has contributed to the growth of Internet learning and online

exams, Internet and Online exams have not been extensively adopted. An Internet based

exam is defined in this project as one that ta e place over the unsure of yourself web, and

where no proctor is in the same place as the examinees. !y project propose an improved

safe filled Internet exam organi"ation setting mediated by group cryptography methods

using distant monitoring and control of ports and input. #he objective domain of this

project is that of Internet exams for any subject$s contest in any level of %ducation, as

well as exams in online university courses with students in various different locations.

&roject proposes a trouble'free solution to the issue of security and cheating for online

exams. #his solution uses an enhanced in the On line E xam sa fety organi"ed system

which is based on group cryptography with e'monitoring methods

Existing System

Different dishonest patterns exists in present organi"ation together with photocopying the

answers of others, inter'changing answers, penetrating the web for answers, using the

information and software saved on the student$s computer and discussing the exam by

mailing system, phone, or immediate messaging or using (igbee etc.

Disadvantages

)* +tages of contact between teachers and students decreases.

* #he tendency to copy in the online exams and cheat by students increases.

-* #he system must rely on students$ sincerity, honesty or their having an reputation

code

Proposed System


2/82

&roject introduces a clarification to the issue of safety and cheating for web based exams.

#his solution uses an enhanced sa fety organi"e system in the On line E xam which is

based on collection based cryptography with an e'monitoring methodologies.

#he cryptography supports superior safety organi"es for the web exam process, as well as

validation and veracity. #he e'monitoring provides a proctor role to distinct location

examinees to prevent copying and cheating over the internet based online examination

systems, and thus removes the prere uisite of having to go to a permanent location. #he

target of this project is web based exams of any type and exams in online university

courses with students at distinct locations.

&roject undergoes administer an internet based examination at a static time with the same

uestions for all examinees, just li e an off'line exam, but without restricting the physical

place of the examinees. #his system enable many inds of tests to be given online, it can provide teachers with well again evaluation principles for students and may put in to

improving the uality of education.

Advantages

)* web based exam management system having some monitoring method to prevent

and to detect cheating and copying

* Without regard to position and time.

-* Avoid intercepting or interfering with communications during an exam conductedthrough web.

Soft are !e"uirements

/ Operating system 0' Windows 1& &rofessional

/ 2ront %nd 0' 3isual +tudio 445, A+&.net, 67

/ 8ac end 0' +9: +erver 44;

#ard are !e"uirements

/ +D DI+? 0 @4 8


3/82

/ >A! 0 ;) !8

Pro$ect Plans and %ethods &nvolved:

The modules involved are:

Administrator

Key Generation

Student Exam Modules

Results and Reports

Video Conference and Desktop Capturing

Administrator:-

In t is module Administrator is a!ing t e task to manage t e information

a"out t e Examiners# $roctors and students and e can also add# update or

delete t e information a"out t e Examination centers and t e candidates

applying for t e exams t roug internet% Also sc edule t e information a"out

t e exams and generate keys using Asymmetric algorit ms accessing t e

&uestion papers upload "y different type of examiners ' o are uploading&uestion papers to t e data"ase and e can also add t e marks for t e

student after completion of t eir exams% (ere key management plays a !ital

role in pro!iding security and safety to t e online examination processes%

Admin 'ill encrypt t e ans'er upload "y t e examiners ' o are preparing

online exams using AES algorit m%

Key Generation:-

In t is module Admin as t e 'ork to sc edule t e information a"out t e

Exams and e is a"le to send pu"lic and pri!ate keys to t e students "ased

on t e re&uested sc edule in order to generate keys 'e user group key

generator "ased algorit ms in t is application t is module place a role of

identifying t e student attending t e exam using p oto comparisons and a"le


4/82

to monitor t e systems ' ere students are access t e online examination

application "y desktop capturing mec anism%

Students Exam Modules:-

In t is module student can c eck t e information pro!ided "y t e

administrator pu"lic keys and pri!ates% )y using keys e is a"le login

to t e exam 'indo' can ans'er t e &uestion% Immediately after exam

starts a !ideo conference "et'een examiners and students to identify

t e "e a!iors of t e students and capturing of images for e!ery * to +

seconds in order to identify t e genuinely of t e student at t e time of

results% All t e ,S) $orts of t e C%$%, are disa"ling in order to a!oid

copying of ans'ers from t ird party de!ices% An interface is de!eloping

in suc a 'ays ' ic a!oids access of key"oard and ot er menus of

-perating system%

Results and Reports:-

. is module contains all t e information a"out t e results generated

"y t e Administrator and a lot rank cards to t e students "ased on

t eir "e a!iors and performance during t e online examination% Admin

can generate reports "ased on grades allotted "y online examination

system

Video Conferen e and !es"top Capturin#

. is module contains all t e information a"out Video conference

"et'een student and examiner t ese * modules 'ill "e automatically

initiali/ed immediately after starting up t e application 0-nline

Examination systems1 a li!e !ideo 'ill "e telecasted of student and


5/82

sa!e to t e student data"ase to t e ser!er% . e e!ents and "e a!iors

of t e student during t e online exam process

Resear h Methods:

2% 3ogging4client registers is5 er personal data 6login# pass'ord7

a% confirmation is taking place after su"mitting data

"% aut entication error is signali/ed "y fault message

c% if aut entication doesn8t return error# user is allo'ed tosystem

*% Managing students 9 called "y examiner

a% inspector adds# remo!es and modifies students data%

"% if examiner did not insert re&uired data 6login# pass'ord#and image 'ill uploaded to t e ser!er data"ase at t e timeof registration7 else system returns error message

c% if data is registered and users enter all !alid information'it !alid data correctly# accepting message is "eings o'n

+% $reparing exams

a% examiner is permitted to decide categories and num"er of&uestions from indi!idual exam

"% examiner adds t e amount of correct ans'ers 6in :7re&uired to pass t e exam and ans'ers entered "yexaminer 'ill "e encrypted using AES5DES algorit m topro!ide security to t e ans'ers from ackers or intruders%

c% examiner sets time and sc edule of exam

;% Acti!ating Exam

a% Examiner acti!ate exam using a pu"lic and pri!ate keygenerated "y t e examiners so t at students can run it%


6/82


7/82

lapses of t e existing electronic4examination structure 'it t e aim ofameliorating and emergent a ne' satisfactory e4Exam system t attakes care of t e existing system8s c allenges and safety measureslapses% Students t at participated in t e online exams 'ere c osen forinter!ie' and &uestionnaire% )ased on t e examination of t e

inter!ie's and study of t e existing electronic online test andexamination system# some anomalies 'ere exposed and a ne' e4exams system 'as de!eloped to 'ipe out t ese anomalies% . e ne'system uses data encryption in order to protect t e &uestions sent tot e e4Examination center t roug t e internet or intranet and a !ideoconference "ased de!ices are connected to a!oid c eating in t e onlineexamination process% -nline examination as "een ig ly payingattention and appropriate in "ot learning and educational aspects%. e "est met od to e!aluate t e a"ility and kno'ledge of an indi!idualis t roug examination process% .o t is conclusion# !arious met ods

as "een in 'ork in examining t e capa"ility of an personality# startingfrom manual means of using paper and pencil to electronic# fromspoken to 'rite# practical to t eoretical and many ot ers%. e current information tec nology 'ay of examining students is t euse of electronic systems in position of manual or paper tec ni&ue' ic 'as c aracteri/ed "y uge examination leakages#impersonations# demand for satisfaction "y teac ers# inducement4taking "y super!isors and in!igilators of examinations%

. ere is a rising "ody of in!estigation is focused on mounting

impro!ed 'ays to super!ise e4exams met ods and e4learning systems%Some of t is researc focused on a !ariety of section of t e systemand t ese includes Sc ramm looked at a e4learning 'e" "asedsystem t at could simply offer and grade mat ematical &uestions 'itinFnite lack of complaint% . erefore it needs t e a"ility for in andoutput of numerical formulas# t e dynamic generation of plots and t egeneration of random 'ords and statistics%. is is 'e" "ased onlineexamination sc eme# t e system carry out t e test and auto4gradingfor students exams% . e system facilitates conducting exams#collection of ans'ers# auto marking t e su"missions and manufacture

of reports for t e exam% It supports many kinds of &ueries% It 'as usedt roug online and is t erefore suita"le for "ot limited and distantexamination% . e system could assist lecturers# instructors# teac ersand ot ers ' o are prepared to create ne' exams or edit presentedones as 'ell as students participating in t e exams


8/82

'iterature Survey:

(raud and Cheating control:

>esearch is on case study that describes the researchers$ attempts to article and stop

frauds and cheating on their web based exams. #hey present facts of their hard wor to

decrease both the probability and force of cheating on'line. +uggestions are offered that

are planned to provide direction for others wishing to pursue web based online exams in

their classes over the past several years, a number of academics have espoused the value

of using on'line exams in classes as opposed to the face'to'face paper exams that are

traditionally given in the college classroom. !ost often, on'line exams are used in

conjunction with a distance'learning course where all the course material is administered

on'line. #heoretically, however, many of the benefits associated with using online exams

in a distance e'learning course should also be present if on'line exams are used in a more

traditional course. #his paper used on'line exams in just that style. Although we teachdivide sections of lessons that get together face'to'face twice a wee , and decided to

explore the possibility of administering web based online exams to our learners on'line.

#he possible remuneration of doing this are many and comprise ever'increasing grading

correctness, minimi"ing the grading time, and provided that students with instant

feedbac . &ossibly even more importantly, web based internet exams can free of charge

up time in class to pursue other nowledge behaviors. In most lessons, the time available

always seems to run out earlier than the amount of main material that re uirements to be

covered. If exams are ta en out of the classroom and administer over the web, then many

instructors would find four or more extra class session in which they could cover added

material. Or, they may wish to cover the same amount of information to be shared to the

students attending online exams, but cover it in better depth. As this paper will essay, we

establish all of these profit and more when administering our exams web based exams.


9/82

While I am very pleased with our first nowledge, a irritating uestion persisted. Bamely,

i concerned that student may have been cheating or doing fraud on the exams, and that

the cheating and fraud may have been widespread. As such, i too a number of steps to

aim to notice any cheating on the web baesd exams. In adding, I too a amount of steps

to try to minimi"e the impact of whatever cheating did occur that did not get detected. In

the sections that follow, we will first describe our course and learning environment in

detail. Additionally, we will see to document many of the ways that students could

potentially cheat on on'line exams. 2urthermore, we will outline the specific steps we

too to detect it and minimi"e its impact. #o conclude, we will share some of our positive

experiences with on'line testing in general, and will outline additional steps we plan to

ta e in the future to improve their effectiveness in the classroom. 8efore describing the

various means of cheating on the exam, it is important for us to discuss our testing protocol so that it is clear what students are and are not allowed to do. At the beginning

of every exam, we include a paragraph that reads in part, C#his is not an open boo or

open notes exam. #his exam is to be ta en during the allotted time period without the aid

of boo s, notes, or other students.


10/82

the opportunity that students have to utili"e inappropriate material. If our exams had no

time limit, the temptation to avoid studying and rely instead on loo ing up answers

during the exam would be greater. 8y providing only forty'five seconds per uestion, we

limit the students$ ability to engage in this. We also tend to as lengthy, application'based

uestions. #hese uestions ta e more time to process and are more difficult to loo up in

the textboo because the answers re uire a synthesis of information as opposed to a

simple recitation of a fact. While we could ta e this one step further and re uire essay

uestions, we have not pursued that yet, but may do so in the future. #iming the tests also

ma es it more difficult for students to collaborate during the exam. We add a further

level of difficulty to any attempt at collaboration by scrambling the order of the test

uestions on each exam. #his prevents students from simply as ing each other the answer

to uestion six, for example, because the uestion order will be different on each exam.In a similar vein, we also ta e steps to minimi"e the li elihood that someone other than

the student is ta ing the exam. One of the primary ways we do this is to have multiple

assignments due during the course of the semester. In a typical semester, each student

will need to submit over twenty separate assignments on'line. Although it may be

relatively easy for them to get help on one of them or even a few of them, it will be

considerably tougher and G or more costly to find someone willing to complete every

on'line activity for them.


11/82

O,E!A'' ASSESS%E*) O( O*-'&*E E.A%S

Overall, we are uite pleased with the impact that using on'line exams has had in our

classes. 8y using this method, we have freed up three entire class periods worth of time.

We have used this time to have class discussions that were more in'depth and focused

than time normally allowed. We have also been able to add more group activities and

experiences that re uire students to ta e some of the theoretical concepts we discuss in

class and apply them to their personal lives. +tudent satisfaction with this approach has

been high. Bot only do the students enjoy the flexibility of ta ing the exams at a time that

is convenient for them, they also report learning more in the classroom. 8ecause we are

able to use experiential exercises in class that we did not have time to use before, they

also report greater satisfaction with the material. It is more meaningful to them because

they have internali"ed more of it. #his would be more difficult to accomplish if we werenot able to free up class time by using on'line exams. On'line exams would not be

possible if we did not have cheating under control. 8y ta ing the steps we have to detect

cheating and minimi"e its impact, we have been able to ta e class exams offline

and have had a more rewarding classroom experience for our students. We are very

encouraged by the initial results.

(U)U!E S)EPS

While this study does help provide some insight as to how to detect cheating and

minimi"e its impact, the wor in this area is just beginning. As more and more academics

decide to explore the possibility of using this form of testing, additional steps need to be

ta en to ensure that cheating is minimi"ed. As such, it is important that further research

be devoted to this crucial topic. One area ripe for further exploration is to underta e

additional steps to enhance the testing protocol that is used. As an example, some schools

have reported success in having students formally sign honor codes before ta ing exams.

It may be beneficial to see what impact this might have in an online testing environment.

Another potentially promising area that we plan to explore is to loo at whether or not

student personality characteristics might influence their propensity to cheat. We are

currently collecting data on such variables as student self'efficacy and self'esteem to see

whether or not there might be a significant relationship between them and subse uent


12/82

cheating on exams. #o conclude, we encourage other instructors to engage in this field of

research. #he benefits of using online exams are numerous, but until teachers and

administrators can be reasonably assured that cheating is not rampant, they will not be

fully utili"ed in the classroom and many of these benefits will go unreali"ed. 8y

continuing to explore the topic of cheating on online exams, the problem can be further

minimi"ed and the general classroom experience can be enhanced.

Group Cryptograp y

Exam Groups


13/82

Algorithms:

#he D%+ FData %ncryption +tandard* algorithm is the most widely used encryptionalgorithm in the world. 2or many years, and among many people, Hsecret code ma ingHand D%+ have been synonymous. And despite the recent coup by the %lectronic 2rontier2oundation in creating a 4,444 machine to crac D%+'encrypted messages, D%+ willlive on in government and ban ing for years to come through a life' extending versioncalled Htriple'D%+.H

=ow does D%+ wor J #his article explains the various steps involved in D%+'encryption,illustrating each step by means of a simple example. +ince the creation of D%+, manyother algorithms Frecipes for changing data* have emerged which are based on design

principles similar to D%+. Once you understand the basic transformations that ta e placein D%+, you will find it easy to follow the steps involved in these more recent algorithms.

8ut first a bit of history of how D%+ came about is appropriate, as well as a loo towardthe future.

)he DES Algorithm &llustrated

D%+ is a block cipher ''meaning it operates on plaintext bloc s of a given si"e FK@'bits*and returns ciphertext bloc s of the same si"e. #hus D%+ results in a permutation among


14/82

the LK@ Fread this as0 H to the K@th powerH* possible arrangements of K@ bits, each ofwhich may be either 4 or ). %ach bloc of K@ bits is divided into two bloc s of - bitseach, a left half bloc ' and a right half ! . F#his division is only used in certainoperations.*

Example: :et % be the plain text message % M 4) -@;KN5 A86D%2, where % is inhexadecimal Fbase )K* format. >ewriting % in binary format, we get the K@'bit bloc oftext0

% M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4))))' M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4)))! M )444 )44) )4)4 )4)) ))44 ))4) )))4 ))))

#he first bit of % is H4H. #he last bit is H)H. We read from left to right.

D%+ operates on the K@'bit bloc s using key si"es of ;K' bits. #he eys are actually storedas being K@ bits long, but every 5th bit in the ey is not used Fi.e. bits numbered 5, )K, @,- , @4, @5, ;K, and K@*. =owever, we will nevertheless number the bits from ) to K@,going left to right, in the following calculations. 8ut, as you will see, the eight bits justmentioned get eliminated when we create sub eys.

Example: :et / be the hexadecimal ey / M )--@;NN 886D22). #his gives us as the binary ey Fsetting ) M 444), - M 44)), etc., and grouping together every eight bits, ofwhich the last one in each group will be unused*0

/ M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444)

#he D%+ algorithm uses the following steps0

Step 0: Create 01 su23eys4 each of hich is 56-2its long7#he K@'bit ey is permuted according to the following table, PC-0 . +ince the first entry inthe table is H;NH, this means that the ;Nth bit of the original ey / becomes the first bit ofthe permuted ey / P. #he @ th bit of the original ey becomes the second bit of the

permuted ey. #he @th bit of the original ey is the last bit of the permuted ey. Boteonly ;K bits of the original ey appear in the permuted ey.


15/82

PC-1

57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4

Example: 2rom the original K@'bit ey

/ M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444)

we get the ;K'bit permutation

/ P M ))))444 4))44)) 44)4)4) 4)4)))) 4)4)4)4 )4))44) )44)))) 444))))

Bext, split this ey into left and right halves, C 0 and D 0, where each half has 5 bits.

Example: 2rom the permuted ey / P, we get

C 0 M ))))444 4))44)) 44)4)4) 4)4)))) D 0 M 4)4)4)4 )4))44) )44)))) 444))))

With C 0 and D 0 defined, we now create sixteen bloc s C n and D n, )QMnQM)K. %ach pairof bloc s C n and D n is formed from the previous pair C n-1 and D n-1 , respectively, for n M ),

, ..., )K, using the following schedule of Hleft shiftsH of the previous bloc . #o do a left

shift, move each bit one place to the left, except for the first bit, which is cycled to theend of the bloc .

Iteration Number of Number Left Shifts

1 1 2 1 3 2 4 2 5 2 6 2 7 2

8 2 9 1 10 2 11 2 12 2 13 2 14 2 15 2 16 1


16/82

#his means, for example, C 3 and D 3 are obtained from C 2 and D 2, respectively, by two leftshifts, and C 16 and D 16 are obtained from C 15 and D 15, respectively, by one left shift. In allcases, by a single left shift is meant a rotation of the bits one place to the left, so that afterone left shift the bits in the 5 positions are the bits that were previously in positions ,-,..., 5, ).

Example: 2rom original pair C 0 and D 0 we obtain0

C 0 M ))))4444))44))44)4)4)4)4)))) D 0 M 4)4)4)4)4))44))44))))444))))

C 1 M )))4444))44))44)4)4)4)4))))) D 1 M )4)4)4)4))44))44))))444))))4

C 2 M ))4444))44))44)4)4)4)4)))))) D 2 M 4)4)4)4))44))44))))444))))4)

C 3 M 4444))44))44)4)4)4)4)))))))) D 3 M 4)4)4))44))44))))444))))4)4)

C 4 M 44))44))44)4)4)4)4))))))))44 D 4 M 4)4))44))44))))444))))4)4)4)

C 5 M ))44))44)4)4)4)4))))))))4444 D 5 M 4))44))44))))444))))4)4)4)4)

C 6 M 44))44)4)4)4)4))))))))4444))

D 6 M )44))44))))444))))4)4)4)4)4)

C 7 M ))44)4)4)4)4))))))))4444))44 D 7 M 4))44))))444))))4)4)4)4)4))4

C 8 M 44)4)4)4)4))))))))4444))44)) D 8 M )44))))444))))4)4)4)4)4))44)

C 9 M 4)4)4)4)4))))))))4444))44))4 D 9 M 44))))444))))4)4)4)4)4))44))

C 10 M 4)4)4)4))))))))4444))44))44) D 10 M ))))444))))4)4)4)4)4))44))44

C 11 M 4)4)4))))))))4444))44))44)4) D 11 M ))444))))4)4)4)4)4))44))44))

C 12 M 4)4))))))))4444))44))44)4)4) D 12 M 444))))4)4)4)4)4))44))44))))


17/82

C 13 M 4))))))))4444))44))44)4)4)4) D 13 M 4))))4)4)4)4)4))44))44))))44

C 14 M )))))))4444))44))44)4)4)4)4) D 14 M )))4)4)4)4)4))44))44))))444)

C 15 M )))))4444))44))44)4)4)4)4))) D 15 M )4)4)4)4)4))44))44))))444)))

C 16 M ))))4444))44))44)4)4)4)4)))) D 16 M 4)4)4)4)4))44))44))))444))))

We now form the eys K n, for )QMnQM)K, by applying the following permutation table toeach of the concatenated pairs C n D n. %ach pair has ;K bits, but PC-8 only uses @5 ofthese.

PC-2

14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

#herefore, the first bit of K n is the )@th bit of C n D n, the second bit the )Nth, and so on,ending with the @5th bit of K n being the - th bit of C n D n.

Example: 2or the first ey we have C 1 D 1 M )))4444 ))44))4 4)4)4)4 )4))))))4)4)4) 4))44)) 44))))4 44))))4

which, after we apply the permutation PC-8 , becomes

K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4

2or the other eys we have

K 2 M 4))))4 4))4)4 )))4)) 4))44) ))4))4 ))))44 )44))) )44)4)

K 3 M 4)4)4) 4))))) ))44)4 44)4)4 4)4444 )4))44 )))))4 4))44) K 4 M 4)))44 )4)4)4 ))4))) 4)4))4 ))4))4 ))44)) 4)4)44 4)))4) K 5 M 4))))) 44)))4 ))4444 444))) )))4)4 ))4)4) 44)))4 )4)444 K 6 M 4))444 )))4)4 4)4)44 )))))4 4)4)44 444))) )4))44 )4)))) K 7 M )))4)) 44)444 4)44)4 ))4))) ))))4) )4444) )444)4 ))))44 K 8 M ))))4) )))444 )4)444 )))4)4 ))4444 4)44)) )4)))) )))4)) K 9 M )))444 44))4) )4)))) )4)4)) )))4)) 4))))4 4))))4 44444) K 10 M )4))44 4))))) 44))4) 444))) )4)))4 )44)44 4))44) 44))))


18/82

K 11 M 44)444 4)4)4) )))))) 4)44)) ))4))) )4))4) 44)))4 444))4 K 12 M 4)))4) 4)4))) 444))) ))4)4) )44)4) 444))4 4))))) )4)44) K 13 M )44)4) ))))44 4)4))) 4)444) )))))4 )4)4)) )4)44) 44444) K 14 M 4)4))) ))4)44 44)))4 ))4))) ))))44 )4)))4 4)))44 )))4)4 K 15 M )4)))) )))44) 444))4 44))4) 44)))) 4)44)) ))))44 44)4)4

K 16 M ))44)4 ))44)) ))4))4 44)4)) 4444)) )4444) 4))))) ))4)4)

+o much for the sub eys. Bow we loo at the message itself.

Step 8: Encode each 15-2it 2loc3 of data7

#here is an initial permutation &P of the K@ bits of the message data % . #his rearrangesthe bits according to the following table, where the entries in the table show the newarrangement of the bits from their initial order. #he ;5th bit of % becomes the first bit of&P. #he ;4th bit of % becomes the second bit of &P. #he Nth bit of % is the last bit of &P.

IP

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

Example: Applying the initial permutation to the bloc of text % , given previously, weget

% M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4))))&P M ))44 ))44 4444 4444 ))44 ))44 )))) )))) )))) 4444 )4)4 )4)4 )))) 4444 )4)4)4)4

=ere the ;5th bit of % is H)H, which becomes the first bit of &P. #he ;4th bit of % is H)H,which becomes the second bit of &P. #he Nth bit of % is H4H, which becomes the last bitof &P.

Bext divide the permuted bloc &P into a left half L 0 of - bits, and a right half 0 of - bits.

Example: 2rom &P, we get L 0 and 0

L 0 M ))44 ))44 4444 4444 ))44 ))44 )))) )))) 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4


19/82

We now proceed through )K iterations, for )QM nQM)K, using a function ! which operateson two bloc s''a data bloc of - bits and a ey K n of @5 bits''to produce a bloc of -

bits. 'et 9 denote .O! addition4 2it-2y-2it addition modulo 8; . #hen for n goingfrom ) to )K we calculate

L n M n-1 n M L n-1 P ! F n-1 , K n*

#his results in a final bloc , for n M )K, of L 16 16 . #hat is, in each iteration, we ta e theright - bits of the previous result and ma e them the left - bits of the current step. 2orthe right - bits in the current step, we 1O> the left - bits of the previous step with thecalculation ! .

Example: 2or n M ), we have

K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4

L 1 M 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4 1 M L0 P ! F 0, K 1*

It remains to explain how the function ! wor s. #o calculate ! , we first expand each bloc n-1 from - bits to @5 bits. #his is done by using a selection table that repeats some ofthe bits in n-1 . WeRll call the use of this selection table the function E . #hus EF n-1 * has a- bit input bloc , and a @5 bit output bloc .

:et E be such that the @5 bits of its output, written as 5 bloc s of K bits each, are obtained by selecting the bits in its inputs in order according to the following table0

E BIT-SELECTION TABLE

32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

#hus the first three bits of EF n-1 * are the bits in positions - , ) and of n-1 while thelast bits of EF n-1 * are the bits in positions - and ).

Example: We calculate EF 0* from 0 as follows0

0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4)

FBote that each bloc of @ original bits has been expanded to a bloc of K output bits.*


20/82

Bext in the ! calculation, we 1O> the output EF n-1 * with the ey K n0

K n P EF n-1 *.

Example: 2or K 1 , EF 0*, we have

K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4)

K 1PEF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))).

We have not yet finished calculating the function ! . #o this point we have expanded n-1 from - bits to @5 bits, using the selection table, and 1O>ed the result with the ey K n .We now have @5 bits, or eight groups of six bits. We now do something strange with eachgroup of six bits0 we use them as addresses in tables called H S 2oxes H. %ach group of six

bits will give us an address in a different S box. :ocated at that address will be a @ bitnumber. #his @ bit number will replace the original K bits. #he net result is that the eight

groups of K bits are transformed into eight groups of @ bits Fthe @'bit outputs from the S boxes* for - bits total.

Write the previous result, which is @5 bits, in the form0

K n P EF n-1 * M " 1 " 2 " 3 " 4 " 5 " 6 " 7 " 8,

where each " i is a group of six bits. We now calculate

# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 %

where # i $" i % referres to the output of the i 'th S box.

#o repeat, each of the functions #1& #2&'''& #8, ta es a K'bit bloc as input and yields a @' bit bloc as output. #he table to determine # 1 is shown and explained below0

S1

Column Number

Row

No. 0 1 2 3 4 5 6 ! " 10 11 12 13 14 15

0 14 4 13 1 2 15 11 ! 3 10 6 12 5 " 0

1 0 15 4 14 2 13 1 10 6 12 11 " 5 3 ! 2 4 1 14 ! 13 6 2 11 15 12 " 3 10 5 0

3 15 12 ! 2 4 " 1 5 11 3 14 10 0 6 13

If # 1 is the function defined in this table and " is a bloc of K bits, then # 1$"% isdetermined as follows0 #he first and last bits of " represent in base a number in thedecimal range 4 to - For binary 44 to ))*. :et that number be i . #he middle @ bits of " represent in base a number in the decimal range 4 to ); Fbinary 4444 to ))))*. :et that


21/82

number be ( . :oo up in the table the number in the i 'th row and ( 'th column. It is anumber in the range 4 to ); and is uni uely represented by a @ bit bloc . #hat bloc is theoutput # 1$"% of # 1 for the input " . 2or example, for input bloc " M 4))4)) the first bit isH4H and the last bit H)H giving 4) as the row. #his is row ). #he middle four bits areH))4)H. #his is the binary e uivalent of decimal )-, so the column is column number )-.

In row ), column )- appears ;. #his determines the outputS ; is binary 4)4), so that theoutput is 4)4). =ence # 1F4))4))* M 4)4).

#he tables defining the functions # 1 &''' 8 are the following0

S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

S2

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

S3

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

S4

7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

S5

2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

S6

12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

S


22/82

4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S!

13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Example: 2or the first round, we obtain as the output of the eight S boxes0

K 1 P EF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))).

# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 % M 4)4) ))44 )444 44)4 )4)) 4)4))44) 4)))

#he final stage in the calculation of ! is to do a permutation P of the S 'box output toobtain the final value of ! 0

! MPF # 1$" 1 %# 2$" 2 %'''# 8$" 8 %*

#he permutation P is defined in the following table. P yields a - 'bit output from a - 'bitinput by permuting the bits of the input bloc .

P

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

Example: 2rom the output of the eight S boxes0

# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 % M 4)4) ))44 )444 44)4 )4)) 4)4))44) 4)))

we get

! M 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4))

1 M L0 P ! F 0 , K 1 *


23/82

M ))44 ))44 4444 4444 ))44 ))44 )))) ))))P 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4))M )))4 )))) 4)44 )4)4 4))4 4)4) 4)44 4)44

In the next round, we will have L 2 M 1, which is the bloc we just calculated, and then

we must calculate 2 M L 1 ) !$ 1 & K 2 %, and so on for )K rounds. At the end of the sixteenthround we have the bloc s L 16 and 16 . We then re*er+e the order of the two bloc s intothe K@'bit bloc

16 L 16

and apply a final permutation &P-0 as defined by the following table0

IP -1

40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31

38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

#hat is, the output of the algorithm has bit @4 of the preoutput bloc as its first bit, bit 5as its second bit, and so on, until bit ; of the preoutput bloc is the last bit of the output.

Example: If we process all )K bloc s using the method defined previously, we get, onthe )Kth round,

L 16 M 4)44 44)) 4)44 44)4 44)) 44)4 44)) 4)44 16 M 4444 )4)4 4)44 ))44 ))4) )44) )44) 4)4)

We reverse the order of these two bloc s and apply the final permutation to

16 L 16 M 4444)4)4 4)44))44 ))4))44) )44)4)4) 4)4444)) 4)4444)4 44))44)444))4)44

, -1 M )4444)4) )))4)444 444)44)) 4)4)4)44 4444)))) 4444)4)4 )4))4)4444444)4)

which in hexadecimal format is

5;%5)-;@424A8@4;.

#his is the encrypted form of % M 4) -@;KN5 A86D%20 namely, C M5;%5)-;@424A8@4;.


24/82

Decryption is simply the inverse of encryption, follwing the same steps as above, butreversing the order in which the sub eys are applied.

DES %odes of Operation

#he D%+ algorithm turns a K@'bit message bloc % into a K@'bit cipher bloc C . If eachK@'bit bloc is encrypted individually, then the mode of encryption is called .lectronicCo/e "ook F%68* mode. #here are two other modes of D%+ encryption, namely Chain

"lock Co/in F686* and Cipher ee/back F628*, which ma e each cipher blocdependent on all the previous messages bloc s through an initial 1O> operation.

Crac3ing DES

8efore D%+ was adopted as a national standard, during the period B8+ was solicitingcomments on the proposed algorithm, the creators of public ey cryptography, !artin=ellman and Whitfield Diffie, registered some objections to the use of D%+ as an

encryption algorithm. =ellman wrote0 HWhit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault,may be extremely vulnerable to attac by an intelligence organi"ationH Fletter to B8+,October , ) N;*.

Diffie and =ellman then outlined a Hbrute forceH attac on D%+. F8y Hbrute forceH ismeant that you try as many of the L;K possible eys as you have to before decryptingthe ciphertext into a sensible plaintext message.* #hey proposed a special purposeHparallel computer using one million chips to try one million eys eachH per second, andestimated the cost of such a machine at 4 million.

2ast forward to ) 5. Ender the direction of Tohn ilmore of the %22, a team spent4,444 and built a machine that can go through the entire ;K'bit D%+ ey space in anaverage of @.; days. On Tuly )N, ) 5, they announced they had crac ed a ;K'bit ey in;K hours. #he computer, called Deep 6rac , uses N boards each containing K@ chips, andis capable of testing 4 billion eys a second.

Despite this, as recently as Tune 5, ) 5, >obert :itt, principal associate deputy attorneygeneral at the Department of Tustice, denied it was possible for the 28I to crac D%+0H:et me put the technical problem in context0 It too )@,444 &entium computers wor ingfor four months to decrypt a single message . . . . We are not just tal ing 28I and B+AUneeding massive computing powerV, we are tal ing about every police department.H

>esponded cryptograpy expert 8ruce +chneier0 H . . . the 28I is either incompetent orlying, or both.H +chneier went on to say0 H#he only solution here is to pic an algorithmwith a longer eyS there isnRt enough silicon in the galaxy or enough time before the sun

burns out to brute' force triple'D%+H F Crypto-Gram , 6ounterpane +ystems, August );,) 5*.

)riple-DES


25/82

#riple'D%+ is just D%+ with two ;K'bit eys applied. iven a plaintext message, the firstey is used to D%+' encrypt the message. #he second ey is used to D%+'decrypt the

encrypted message. F+ince the second ey is not the right ey, this decryption justscrambles the data further.* #he twice'scrambled message is then encrypted again withthe first ey to yield the final ciphertext. #his three'step procedure is called triple'D%+.

#riple'D%+ is just D%+ done three times with two eys used in a particular order. F#riple'D%+ can also be done with three separate eys instead of only two. In either case theresultant ey space is about L)) .*

!SA Overvie :

Generating Pu2lic and Private /eys2irst, as we mentioned above, before any transmission happens, the +erver had

calculated its public and secret eys. =ere is how.

).)* pic two prime numbers, weRll pic p M - and M ))). * calculate n M p M - )) M --).-* calculate " M F p ' ) * F ' ) * M F - ' ) * F )) ' ) * M 4).@* choose a prime number , such that is co'prime to ", i.e, " is not divisible

by . We have several choices for 0 N, )), )-, )N, ) Fwe cannot use ;, because4 is divisible by ;*. :etRs pic MN Fsmaller , Hless mathH*.

).;* +o, the numbers n M -- and M N become the +erverRs public ey.).K* Bow, still done in advance of any transmission, the +erver has to calculate

itRs secret ey. =ere is how.).N* j M ) F mod " *).5* N j M ) F mod 4 *). * F N j * G 4 M J with the remainder of ) Fthe HJH here means0 Hsomething,

but donRt wory about itHS we are only interested in the remainder*. +ince weselected Fon purpose* to wor with small numbers, we can easily conclude that

) G 4 gives HsomethingH with the remainder of ). +o, N j M ), and j M -.#his is our secret ey. We !E+# BO# give this ey away.

Bow, after the +erver has done the above preparatory calculations in advance,we can begin our message transmission from our 8rowser to the +erver. 2irst,the 8rowser re uests from the +erver, the +erverRs public ey, which the +erverobliges, i.e., it sends nM-- and MN bac to the 8rowser. Bow, we said that the8rowser has a &lain message &M)@, and it wants to encrypt it, before sending itto the +erver. =ere is how the encryption happens on the 8rowser.


26/82

Section 87 Encrypting the message=ere is the encryption math that 8rowser executes.

.)* & L M % F mod n *HLH means Hto the power ofH& is the &lain message we want to encryptn and are +erverRs public ey Fsee +ection )*% is our %ncrypted message we want to generate

After plugging in the values, this e uation is solved as follows0. * )@ L N M % F mod -- *

#his e uation in %nglish says0 raise )@ to the power of N, divide this by --,giving the remainder of %.

.-* )4;@)-;4@ G -- M -) @[email protected] Fwell, I lied when I said that this is H&enciland &aperH method only.


27/82

8rowser started withX

Well thatRs about it. While we did not discuss the theory behind the formulaeinvolved I hope that you got at least a basic idea of how the public eycryptography using the >+A algorithm wor s.

57 DES&G*

570 An Overvie of Uml #he E!: is a language for

3isuali"ing

+pecifying

6onstructing

Documenting

#hese are the artifacts of a software'intensive system. #he three major elements of E!:

are0

#he E!:$s basic building bloc s

#he rules that dictate how those building bloc s may be put together.

+ome common mechanisms that apply throughout the E!:.

578 =asic =uilding =loc3s of Uml

#he vocabulary of E!: encompasses three inds of building bloc s0

#hings.

>elationships.

Diagrams.

57870 )hings in Uml


28/82

#hey are the abstractions that are first'class citi"ens in a model. #here are four

inds of things in the E!:

+tructural things.

8ehavioral things.

rouping things.

Annotational things.

#hese things are the basic object oriented building bloc s of the E!:. #hey are

used to write well'formed models.

5787070 Structural things+tructural things are the nouns of the E!: models. #hese are mostly static parts

of the model, representing elements that are either conceptual or physical. In all, there are

seven inds of +tructural things.

Class

A class is a description of a set of objects that share the same attributes,

operations, relationships, and semantics. A class implements one or more interfaces.

raphically a class is rendered as a rectangle, usually including its name, attributes and

operations, as shown below.

Colla2oration

6ollaboration defines an interaction and is a society of roles and other elements

that wor together to provide some cooperative behavior that$s bigger than the sum of all

the elements. raphically, collaboration is rendered as an ellipse with dashed lines,

usually including only its name as shown below.

Main Dis tance Table

Link : StringDistance:Interger Cost:Interger Predecessor:StringSucessor:String

UpDate()

Chain ofResponsi$ility


29/82

Use Case

Ese case is a description of a set of se uence of actions that a system performs

that yields an observable result of value to a particular thing in a model. raphically, Ese

6ase is rendered as an ellipse with dashed lines, usually including only its name as shown

below.

Active Class

An active class is a class whose objects own one or more processes or threads and

therefore can initiate control activity. raphically, an active class is rendered just li e a

class, but with heavy lines usually including its name, attributes and operations as shown

below.

5787078 =ehavioral things 8ehavioral #hings are the dynamic parts of E!: models. #hese are the verbs of a

model, representing behaviour over time and space.

&nteraction

An interaction is a behavior that comprises a set of messages exchanged among a

set of objects within a particular context to accomplish a specific purpose. raphically, a

message is rendered as a direct line, almost always including the name if its operation, as

shown below. Display

57878 !elationships in Uml

#here are four inds of relationships in the Eml

). Dependency

. Association

-. enerali"ation

@. >eali"ation

07 Dependency: #his is relationship between two classes whenever one class is

completely dependent on the other class. raphically the dashed line represents it with

arrow pointing to the class that it is being depended on.


30/82

87 Association: It is a relationship between instances of the two classes. #here is an

association between two classes if an instance of one class must now about the other in

order to perform its wor . In a diagram, an association is a lin connecting two classes.

raphically it is represented by line as shown.

ation: An inheritance is a lin indicating one class is a super class of the

other. A generali"ation has a triangle pointing to the super class. raphically it is

represented by line with a triangle at end as shown.

57 !eali>ation:

5787< Diagrams in Uml

Diagrams play a very important role in the E!:. #he some of the modeling diagrams

as follows0

Ese 6ase Diagram.

6lass Diagram.

Object Diagram.

+e uence Diagram.

6ollaboration Diagram.

+tate 6hart Diagram.

Activity Diagram.

6omponent Diagram.

Deployment Diagram

,se case diagram

A use case diagram identifies the functionality provided by the system FEse cases*,identifies users who interact with system FActor* and provides association between users

and Ese cases. #hese models behavior of system with respect to users. It shows dynamic

aspects of the system when user interacts with the system. A Ese case can have all


31/82

possible interaction of users with use cases graphically. #hus Ese case diagram models

use cases view of a system.

Definition

A Ese case diagram is a set of use cases, actors and relationships between them.

A use case diagram contains0

Ese cases.

Actors.

Association between them.

enerali"ation between Actors.

Include, extend, generali"ation, relationships.


32/82

Use Case:


33/82


34/82

Deployment:


35/82

State:7?

Class Diagram:Registration

name : Stringpass ord : StringP!otograp! : "#te

Connect D"() $dd Users()

Loginusername : StringPass ord : StringImage : "#te

$ut!enticate()%enerate&e#s()

'ome Pagepri ate&e# : StringSc!edule : Date

access*+am()ideoCon,erence()

desktopRestrict()

Marker studentDetails : Integer access-$

updateMarks()contact*+aminer()

ResultstudentIde+amDetails

getResult()get%rade()

Data (lo :


36/82

An Introduction to .NET FrameworkAn Introduction to .NET FrameworkT!e .NET Framework is a Microso,t.s de elopment plat,orm

It o,,ers to de elop so,t are applications

It as released b# Microso,t Corporation in /00/ Later on se eral impro ements takeplace in 1*T 2rame ork3 !ic! makes it as muc! strong3 ad anced and more e,,icient

plat,orm ,or building di,,erent kinds o, so,t are applications

4!# it is called as 5plat,orm6 is3 it acts as plat,orm ,or multiple languages3 tools and

libraries

It o,,ers isuall# stunning user e+periences3 !ic! is mostl# re7uired toda#8s competiti e

programming orld

It o,,ers muc! ad anced securit# ,eatures ne er be,ore

Supports do9ens o, languages like C 3 ;" 1*T3 ;C


37/82

1*T o,,ers a 2rame ork ,or building applications and !ig!>,idelit#

e+periences in 4indo s t!at blend toget!er application UI3 documents3 and media

content3 !ile e+ploiting t!e ,ull po er o, t!e computer 4P2 (4indo s Presentation

2oundation) o,,ers de elopers support ,or /D and ?D grap!ics3 !ard are accelerated

e,,ects3 scalabilit# to di,,erent ,orm ,actors3 interacti e data isuali9ation3 and superior

content readabilit#

Seam%ess and Secured En&ironment:

$pplication securit# is a big deal t!ese da#s@ per!aps t!e most closel#

e+amined ,eature o, an# ne application 1*T o,,ers its best secured en ironment at

run time So t!at it is !ig!l# impossible to access t!e 1*T application and its related

data b# t!e un>aut!ori9ed users A !ackers

T!e assem#%' (t!e compiled code o, 1*T ,rame ork) contains t!e

securit# in,ormation like !ic! categories o, users or !o can access t!e class or

met!od So t!at e can sa# t!at 1*T 2rame ork applications are muc! secured

T!e securit# can be impro ed in t!e $SP 1*T 4eb Sites b# Securit#

models like Integrated 4indo s $ut!entication3 Microso,t Passport $ut!entication3

2orms $ut!entication3 and Client Certi,icate aut!entication

(u%ti Language Support:1*T pro ides a multi>language de elopment plat,orm3 so #ou can ork

in t!e programming language #ou pre,er T!e 6ommon :anguage >untime FA

part of .B%# 2ramewor ) pro ides support ,or ? Microso,t de eloped languagesand se eral ot!er languages ,rom ot!er endors

Languages Supported #' .NET Framework

Languages )rom (icroso)t;isual C 1*T;isual "asic 1*T;isual C


38/82

2ortran3'askell3B 3Mercur#3Mondrian3=beron3

P#t!on3IronP#t!on3RP%3Sc!eme3Small Talk3Standard ML

F%exi#%e "ata Access:

1*T 2rame ork supports ,le+ible accessibilit# o, database data it!

$D= 1*T ($cti e Data =b ects 1*T) $D= 1*T is a set o, classes t!at e+pose

data access ser ices to t!e 1*T programmer $D= 1*T pro ides a ric! set o,

components ,or creating distributed3 data>s!aring applications It is an integral part o,

t!e 1*T 2rame ork3 pro iding access to relational3 ML3 and application data

Modules of .NET

+. !,.NET -! S*arp.NET /-Language

It is !ig!l# used 1*T programminglanguage3 used b# most o, t!e 1*Tprogrammers

It borro s some programming,eatures ,rom 5C6 and some ot!er programming ,eatures ,rom 5C


39/82


40/82

5. 1indows App%ications

T!ese applications are designed similar to t!e 54indo s6 operating s#stem

&no n as % U I (%rap!ical User Inter,ace) applications

=,,ers grap!ical ,eatures like mouse pointer3 colors3 ,onts3 buttons3 te+t bo+es etc

6. 1indows Ser&ices

$ 4indo s ser ice is a long>running e+ecutable application


41/82

T!ese can run onl# on indo s plat,orms

T!ese per,orm speci,ic ,unctions as background process

Doesn8t contain user inter,ace or doesn8t re7uire an# user interaction

4indo s ser ices can be con,igured to start !en t!e operating s#stemis booted and run in t!e background as long as 4indo s is running3 or t!e# can bestarted manuall# !en re7uired

*+amples:

i 4indo s Time

ii 4indo s $udio

iii $nti>;irus Securit#

i Database ser ices like S7l Ser er3 M# S7l3 =racle etc

IIS State Ser icesi "atter# Po er Suppl# Status on Laptops

etcTo see t!e all t!e installed indo s ser ices on t!e s#stem3 click on 5Start6 E5Control Panel6 E 5$dministrati e Tools6 E 5Ser ices6
http://en.wikipedia.org/wiki/Bootinghttp://en.wikipedia.org/wiki/Bootinghttp://en.wikipedia.org/wiki/Booting


42/82

7. 1e# Sites 8 1e# App%ications

T!ese are most ,re7uentl# used applications b# e er# internet literature

In modern li,e e er# business (commercial) A educational A ser ice orientedorgani9ations are !a ing t!eir o n eb sites

Some ot!er eb sites are o,,ering general purpose ser ices t!at can be used b#an#bod# like *>Mail3 Searc! *ngines3 and "logs etc

So3 t!ere is muc! demand ,or t!ese applications in modern so,t are de elopmentindustr#

In 1*T 2rame ork3 t!e eb sites can be de eloped using t!e tec!nolog# called $SP 1*T

*+:

i. http0GGwww.yahoo.comG

ii. http0GGwww.google.co.inGiii. http0GGwww.or ut.comG

iv. http0GGwww.hotmail.comG

9. 1e# Ser&ices
http://www.yahoo.com/http://www.google.co.in/http://www.orkut.com/http://www.hotmail.com/http://www.yahoo.com/http://www.google.co.in/http://www.orkut.com/http://www.hotmail.com/


43/82

4eb Ser ices are simple and eas# to understand

T!ese can be de eloped using again $SP 1*T

T!ese are also kno n as 5 eb applications6 similar to 5 eb sites6 "ut 4eb sitese+pose certain user inter,ace (in t!e ,orm o, eb pages) to t!e end>user@ 4ebser ices e+pose a certain programming logic !ic! can be accessed t!roug!anot!er eb site

*+amples:

i =nline s!opping re7uires credit card aut!entication

ii. a#/sms com accesses t!e mail ser ices o, Fa!oo and %mail

1*at we need to %earn .NET1*at we need to %earn .NETTo get started it! 1*T Programming3 t!e programmer must !a e pre ious

kno ledge in t!e ,ollo ing languages

!

(2or Procedural Programming *+perience)

! -or 220 ;now%edge

(2or =b ect =riented Programming *+perience)

S


44/82

T!e remaining programmers ere using C or C


45/82


46/82

Remote use of a dedicated administrator connection -3E Automation system procedures System procedures for Data"ase Mail and SH3 Mail Ad oc remote &ueries 6t e -$ELR- SE. and -$ELDA.AS-,RCE functions7 SH3 Ser!er e" Assistant xp% mdshell a!aila"ility

. e features ena"led for !ie'ing are (..$ endpoints Ser!ice )roker endpoint

. e SH3 Ser!er Surface Area Configuration command4line interface# sac%exe# permitsyou to import and export settings% . is ena"les you to standardi/e t e configurationof a group of SH3 Ser!er *JJ< instances% Nou can import and export settings on aper4instance "asis and also on a per4ser!ice "asis "y using command4lineparameters% ?or a list of command4line parameters# use t e -& command4line option%Nou must a!e sysadmin pri!ilege to use t is utility% . e follo'ing code is an

example of exporting all settings from t e default instance of SH3 Ser!er on ser!er2and importing t em into ser!er*

sac out server1.out S server1 ! a"min I #SS$LS%&'%&

sac in server1.out S server2

en you upgrade an instance of SH3 Ser!er to SH3 Ser!er *JJ< "y performing anin4place upgrade# t e configuration options of t e instance are unc anged% ,seSH3 Ser!er Surface Area Configuration to re!ie' feature usage and turn off featurest at are not needed% Nou can turn off t e features in SH3 Ser!er Surface AreaConfiguration or "y using t e system stored procedure# sp% onfi#ure % (ere is anexample of using sp% onfi#ure to disallo' t e execution of xp% mdshell on a

SH3 Ser!er instance

(( )**o+ a"vance" o,tions to be chan-e".

% %/ s, confi-ure sho+ a"vance" o,tions 1

(( !,"ate the current* confi-ure" va*ue for a"vance" o,tions.

&%/ N I !&%

(( isab*e the feature.

% %/ s, confi-ure , cm"she** 0

(( !,"ate the current* confi-ure" va*ue for this feature.

&%/ N I !&%

G-


47/82

In SH3 Ser!er *JJ


48/82

en c oosing ser!ice accounts# consider t e principle of least pri!ilege% . e ser!iceaccount s ould a!e exactly t e pri!ileges t at it needs to do its o" and no morepri!ileges% Nou also need to consider account isolationB t e ser!ice accounts s ouldnot only "e different from one anot er# t ey s ould not "e used "y any ot er ser!iceon t e same ser!er% -nly t e first t'o account types in t e list a"o!e a!e "ot oft ese properties% Making t e SH3 Ser!er ser!ice account an administrator# at eit era ser!er le!el or a domain le!el# "esto's too many unneeded pri!ileges and s ouldne!er "e done% . e 3ocal System account is not only an account 'it too manypri!ileges# "ut it is a s ared account and mig t "e used "y ot er ser!ices on t esame ser!er% Any ot er ser!ice t at uses t is account as t e same set up pri!ilegesas t e SH3 Ser!er ser!ice t at uses t e account% Alt oug Let'ork Ser!ice asnet'ork access and is not a indo's superuser account# it is a s area"le account%. is account is usea"le as a SH3 Ser!er ser!ice account only if you can ensure t atno ot er ser!ices t at use t is account are installed on t e ser!er%

,sing a local user or domain user t at is not a indo's administrator is t e "estc oice% If t e ser!er t at is running SH3 Ser!er is part of a domain and must accessdomain resources suc as file s ares or uses linked ser!er connections to ot er

computers running SH3 Ser!er# a domain account is t e "est c oice% If t e ser!er isnot part of a domain 6for example# a ser!er running in t e perimeter net'ork 6alsokno'n as t e DMO7 in a e" application7 or does not need to access domainresources# a local user t at is not a indo's administrator is preferred%

Creating t e user account t at 'ill "e used as a SH3 Ser!er ser!ice account is easierin SH3 Ser!er *JJ< t an in pre!ious !ersions% en SH3 Ser!er *JJ< is installed# a

indo's group is created for eac SH3 Ser!er ser!ice# and t e ser!ice account isplaced in t e appropriate group% .o create a user t at 'ill ser!e as a SH3 Ser!erser!ice account# simply create an ordinary account t at is eit er a mem"er of t e,sers group 6non4domain user7 or Domain ,sers group 6domain user7% Duringinstallation# t e user is automatically placed in t e SH3 Ser!er ser!ice group and t egroup is granted exactly t e pri!ileges t at are needed%

If t e ser!ice account needs additional pri!ileges# t e pri!ilege s ould "e granted tot e appropriate indo's group# rat er t an granted directly to t e ser!ice useraccount% . is is consistent 'it t e 'ay access control lists are "est managed in

indo's in general% ?or example# t e a"ility to use t e SH3 Ser!er Instant ?ileInitiali/ation feature re&uires t at t e $erform Volume Maintenance .asks user rig ts"e set in t e Group $olicy Administration tool% . is pri!ilege s ould "e granted toSH3Ser!er*JJ


49/82

SH3 Ser!er *JJ< re&uires t at t e ser!ice account a!e less pri!ilege t an inpre!ious !ersions% Specifically# t e pri!ilege Act As $art of t e -perating System6SEQ.C)QLAME7 is not re&uired for t e ser!ice account unless SH3 Ser!er *JJ< isrunning on t e Microsoft indo's Ser!er *JJJ S$; operating system% After doingan upgrade in place# use t e Group $olicy Administration tool to remo!e t ispri!ilege%

. e SH3 Ser!er Agent ser!ice account re&uires sysadmin pri!ilege in t eSH3 Ser!er instance t at it is associated 'it % In SH3 Ser!er *JJ


50/82

"ot indo's accounts and SH3 Ser!er4specific accounts 6kno'n as SH3 logins7 arepermitted% en SH3 logins are used# SH3 login pass'ords are passed across t enet'ork for aut entication% . is makes SH3 logins less secure t an indo's logins%

It is a "est practice to use only indo's logins ' ene!er possi"le% ,sing indo'slogins 'it SH3 Ser!er ac ie!es single sign4on and simplifies login administration%$ass'ord management uses t e ordinary indo's pass'ord policies and pass'ordc ange A$Is% ,sers# groups# and pass'ords are managed "y system administratorsBSH3 Ser!er data"ase administrators are only concerned 'it ' ic users and groupsare allo'ed access to SH3 Ser!er and 'it aut ori/ation management%

SH3 logins s ould "e confined to legacy applications# mostly in cases ' ere t eapplication is purc ased from a t ird4party !endor and t e aut entication cannot "ec anged% Anot er use for SH3 logins is 'it cross4platform client4ser!er applicationsin ' ic t e non4 indo's clients do not possess indo's logins% Alt oug usingSH3 logins is discouraged# t ere are security impro!ements for SH3 logins inSH3 Ser!er *JJ


51/82

*et or3 ConnectivityA standard net'ork protocol is re&uired to connect to t e SH3 Ser!er data"ase%. ere are no internal connections t at "ypass t e net'ork% SH3 Ser!er *JJ t t!name. e tF

&es,onse.&e"irect= +e*come.as, ?F

K K K K

KK

usin- S stemFusin- S stem./o**ectionsFusin- S stem./onfi-urationFusin- S stem. ataFusin- S stem.LinGFusin- S stem.BebFusin- S stem.Beb.Securit Fusin- S stem.Beb.!IFusin- S stem.Beb.!I.Atm*/ontro*sFusin- S stem.Beb.!I.Beb/ontro*sFusin- S stem.Beb.!I.Beb/ontro*s.Beb:artsFusin- S stem. m*.LinGFusin- S stem. ata.SG*/*ientFusin- S stem.Bin"o+s. ormsF

usin- S stem.Securit ./r ,to-ra,h Fusin- S stem.I Fusin- S stem. e tFusin- S stem. ia-nosticsF

,ub*ic ,artia* c*ass # % am E S stem.Beb.!I. :a-eH SG*/onnection cnF SG*/omman" cm"F SG* ata&ea"er "rF SG* ata)"a,ter a",F ata ab*e "tF static int &o+In"e F strin- cnstr >

Server>.F ruste" /onnection>trueF atabase>as,F F static b te M b tes >)S/II%nco"in- .)S/II. et; tes= Qero/oo* ?F ,rotecte" voi" :a-e Loa"= obJect sen"er %vent)r-s e? H


65/82

username. e t > /onvert . oStrin-=SessionM username ?F strin- str > se*ect e amt ,e from *o-in +hereusername> R username. e t R F cn > ne+ SG*/onnection =cnstr?F cn. ,en=?F cm" > ne+ SG*/omman" =str cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H et ,e. e t > /onvert . oStrin-="r. et'a*ue=0??F

K "r./*ose=?F cn./*ose=?F

strin- sG*str > se*ect O from ne+Guestions +heresubJect> Ret ,e. e tR F cn > ne+ SG*/onnection =cnstr?F

a", > ne+ SG* ata)"a,ter =sG*str cn?F ataSet "s > ne+ ataSet =?F cn. ,en=?F a",. i**="s?F "t > "s. ab*esM0 F &o+In"e > 0F "is,*a =?F cn./*ose=?F K ,ub*ic static strin- ecr ,t= strin- cr ,te"Strin-? H if = Strin- .IsNu** r%m,t =cr ,te"Strin-?? H thro+ ne+ )r-umentNu**% ce,tion = he strin- +hich nee"s to be "ecr ,te" can notbe nu**. ?F K %S/r ,toService:rovi"er cr ,to:rovi"er > ne+

%S/r ,toService:rovi"er =?F #emor Stream memor Stream > ne+ #emor Stream = /onvert . rom;ase64Strin-=cr ,te"Strin-??F /r ,toStream cr ,toStream > ne+ /r ,toStream =memor Stream cr ,to:rovi"er./reate ecr ,tor=b tes b tes?/r ,toStream#o"e .&ea"?F Stream&ea"er rea"er > ne+ Stream&ea"er =cr ,toStream?F return rea"er.&ea" o%n"=?F K ,rivate voi" "is,*a =? H ata&o+ "ro+F "ro+ > "t.&o+sM&o+In"e F t tGno. e t > /onvert . oStrin-="ro+M1 ?F t t$ues. e t > /onvert . oStrin-="ro+M2 ?F


66/82

t t/hoice1. e t > ecr ,t= /onvert . oStrin-="ro+M3 ??F t t/hoice2. e t > ecr ,t= /onvert . oStrin-="ro+M4 ??F t t/hoice3. e t > ecr ,t= /onvert . oStrin-="ro+M5 ??F t t/hoice4. e t > ecr ,t= /onvert . oStrin-="ro+M6 ??F

K ,rotecte" voi" btn,re /*ic 0F #essa-e;o .Sho+= )*rea" at irst $uestion ?F K "is,*a =?F

K ,rotecte" voi" btnNe /*ic se*ect ans+er from ne+Guestions +hereGno> Rva*R an" subJect> Ret ,e. e tR F cn > ne+ SG*/onnection =cnstr?F cn. ,en=?F cm" > ne+ SG*/omman" =sG*Guer cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H if =&a"io;uttonList1.Se*ecte"Item. e t >> /hoice1 ? H strin- str > t t/hoice1. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice1 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>

/hoice2 ? H strin- str > t t/hoice2. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice2 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>

/hoice3 ? H strin- str > t t/hoice3. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H


67/82

#essa-e;o .Sho+= /orrect )ns+er /hoice3 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>

/hoice4 ? H strin- str > t t/hoice4. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice4 ?F K K K

&o+In"e RRF

if =&o+In"e >> "t.&o+s./ount? H &o+In"e > "t.&o+s./ount ( 1F btnSubmit.'isib*e > true F K "is,*a =?F

K ,rotecte" voi" btnSubmit /*ic


68/82

names,ace Screen/a,tureH ,ub*ic ,artia* c*ass orm1 E orm H )vi#ana-er avi#ana-er > ne+ )vi#ana-er = out,ut.avifa*se ?F int ScreenBi"th > Screen .:rimar Screen.;oun"s.Bi"thF int ScreenAei-ht > Screen .:rimar Screen.;oun"s.Aei-htF 'i"eoStream aviStream > nu** F ,ub*ic orm1=? H Initia*iVe/om,onent=?F K ,ub*ic voi" startrecor"in-=? H

ra,hics -F ;itma, b > ne+ ;itma, =ScreenBi"th ScreenAei-ht?F

- > ra,hics . romIma-e=b?F -./o, romScreen= :oint .%m,t :oint .%m,tScreen .:rimar Screen.;oun"s.SiVe?F aviStream.)"" rame=b?F b. is,ose=?F K ,rivate voi" button1 /*ic ra,hics . romIma-e=bi?F -./o, romScreen= :oint .%m,t :oint .%m,tScreen .:rimar Screen.;oun"s.SiVe?F aviStream > avi#ana-er.)""'i"eoStream= true 4 bi?F bi. is,ose=?F F F timer1.%nab*e" > true F K ,rivate voi" button2 /*ic fa*se F avi#ana-er./*ose=?F K

,rivate voi" timer1 ic


69/82

KK

usin- S stemFusin- S stem./o**ectionsFusin- S stem./onfi-urationFusin- S stem. ataFusin- S stem.LinGFusin- S stem.BebFusin- S stem.Beb.Securit Fusin- S stem.Beb.!IFusin- S stem.Beb.!I.Atm*/ontro*sFusin- S stem.Beb.!I.Beb/ontro*sFusin- S stem.Beb.!I.Beb/ontro*s.Beb:artsFusin- S stem. m*.LinGFusin- S stem. ata.SG*/*ientFusin- S stem.Bin"o+s. ormsFusin- S stem.Securit ./r ,to-ra,h Fusin- S stem.I Fusin- S stem. e tF

,ub*ic ,artia* c*ass )"min E S stem.Beb.!I. :a-e

H strin- cnstr >Server>.F ruste" /onnection>trueF atabase>as,F F

SG*/onnection cnF SG* ata&ea"er "rF strin- c1 c2 c3 c4 ansF static b te M b tes >)S/II%nco"in- .)S/II. et; tes= Qero/oo* ?F SG*/omman" cm"F int GnoF ,rotecte" voi" :a-e Loa"= obJect sen"er %vent)r-s e? H sessionName. e t > /onvert . oStrin-=SessionM username ?F

K ,rotecte" voi" btnSubmit /*ic


70/82

cm" > ne+ SG*/omman" =sG*Guer cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H tr H Gno > /onvert . oInt16="r. et'a*ue=0??F Gno > Gno R 1F K catch = Inva*i"/ast% ce,tion e ? H #essa-e;o .Sho+=e .#essa-e?F K

K

c1 > %ncr ,t=t t/hoice1. e t?F

c2 > %ncr ,t=t t/hoice2. e t?F c3 > %ncr ,t=t t/hoice3. e t?F c4 > %ncr ,t=t t/hoice4. e t?F ans > %ncr ,t=t t)ns. e t?F "r./*ose=?F strin- Guer > insert into ne+Guestionsva*ues= R ro, o+nList1. e tR R/onvert . oStrin-=Gno?R Rt t$ues. e t R R c1 R R c2 R R c3 R R c4R R ans R ? F cm" > ne+ SG*/omman" =Guer cn?F cm".% ecuteNon$uer =?F #essa-e;o .Sho+= $uestion !,"ate" Succesfu** ?F

cn./*ose=?F

&es,onse.&e"irect= )"min.as, ?F

K ,ub*ic static strin- %ncr ,t= strin- ori-ina*Strin-? H if = Strin- .IsNu** r%m,t =ori-ina*Strin-?? H thro+ ne+ )r-umentNu**% ce,tion = he strin- +hich nee"s to be encr ,te" cannot be nu**. ?F K %S/r ,toService:rovi"er cr ,to:rovi"er > ne+

%S/r ,toService:rovi"er =?F #emor Stream memor Stream > ne+ #emor Stream =?F /r ,toStream cr ,toStream > ne+ /r ,toStream =memor Stream


71/82

cr ,to:rovi"er./reate%ncr ,tor=b tes b tes?/r ,toStream#o"e .Brite?F StreamBriter +riter > ne+ StreamBriter =cr ,toStream?F +riter.Brite=ori-ina*Strin-?F +riter. *ush=?F cr ,toStream. *ush ina*;*oc


72/82


73/82


74/82


75/82


76/82


77/82


78/82


79/82


80/82


81/82


82/82

Documents

Enhanced security for online Exam