Sample M.tech Thesis Contents

8/11/2019 Sample M.tech Thesis Contents

1/85

1. INTRODUCTION

Anonymizing networks such as TOR, routes traffic through independent nodes in

separate administrative domains to hide a client’s IP address. Unfortunately, some users

have misused such networks—under the cover of anonymity, users have repeatedly

defaced popular Web sites such as Wikipedia. Since Web site administrators cannot

blacklist individual malicious users’ IP addresses, they blacklist the entire anonymizing

network.

Such measures eliminate malicious activity through anonymizing networks at the cost

of denying anonymous access to behaving users. In other words, a few “bad apples” can

spoil the fun for all. (This has happened repeatedly with Tor.1) There are several solutions

to this problem, each providing some degree of accountability. In pseudonymous credential

systems, users log into Web sites using pseudonyms, which can be added to a blacklist if auser misbehaves. Unfortunately, this approach results in pseudonymity for all users, and

weakens the anonymity provided by the anonymizing network.

Anonymous credential systems employ group signatures. Basic group signatures allow

servers to revoke a misbehaving user’s anonymity by complaining to a group manager.

Servers must query the group manager for every authentication, and thus, lacks scalability.

Traceable signatures allow the group manager to release a trapdoor that allows all

signatures generated by a particular user to be traced; such an approach does not provide

the backward unlinkability that we desire, where a user’s accesses before the complaint

remain anonymous. Backward unlinkability allows for what we call subjective blacklisting,where servers can blacklist users for whatever reason since the privacy of the blacklisted

user is not at risk.

Further, approaches without backward unlinkability need to pay careful attention to

when and why a user must have all their connections linked, and users must worry about

whether their behaviors will be judged fairly. Subjective blacklisting is also better suited to

servers such as Wikipedia, where misbehaviors such as questionable edits to a Webpage,

are hard to define in mathematical terms.

In some systems, misbehavior can indeed be defined precisely. For instance, doublespending of an “e-coin” is considered misbehavior in anonymous e-cash systems following

which the offending user is deanonymized. Unfortunately, such systems work for only

narrow definitions of misbehavior—it is difficult to map more complex notions of

misbehavior onto “double spending” or related approaches.

Verifier-local revocation (VLR) fixes this shortcoming by requiring the server

(“verifier”) to perform only local updates during revocation. Unfortunately, VLR requires

heavy computation at the server that is linear in the size of the blacklist. For example, for a

blacklist with 1,000 entries, each authentication would take tens of seconds, a prohibitive


2/85

cost in practice. In contrast, our scheme takes the server about one millisecond per

authentication, which is several thousand times faster than VLR.

1.1 Problem Definition

Dynamic accumulators a revocation operation results in a new accumulator and public

parameters for the group and all other existing users’ credentials must be updated, making

it impractical. Verifier-local revocation (VLR) fixes this shortcoming by requiring the

server (“verifier”) to perform only local updates during revocation. Unfortunately, VLR

requires heavy computation at the server that is linear in the size of the blacklist. For

example, for a blacklist with 1,000 entries, each authentication would take tens of seconds,

a prohibitive cost in practice.

1.2 Existing System and its limitations

Existing users’ credentials must be updated, making it impractical. Verifier-local

revocation (VLR) fixes this shortcoming by requiring the server (“verifier”) to perform

only local updates during revocation. Unfortunately, VLR requires heavy computation at

the server that is linear in the size of the blacklist.

Anonymous authentication, backward unlinkability, subjective blacklisting, fast

authentication speeds, rate-limited anonymous connections, revocation auditability (where

users can verify whether they have been blacklisted), and also addresses the Sybil attack to

make its deployment practical.

1.3 Proposed System

We present a secure system called Nymble, which provides all the following properties:

anonymous authentication, backward unlinkability, subjective blacklisting, fast



make its deployment practical In Nymble, users acquire an ordered collection of nymbles,

a special type of pseudonym, to connect to websites. Without additional information, these

nymbles are computationally hard to link, and hence using the stream of nymbles simulates

anonymous access to services.

Websites, however, can blacklist users by obtaining a seed for a particular nymble,

allowing them to link future nymbles from the same user — those used before the

complaint remains unlinkable. Servers can therefore blacklist anonymous users without

knowledge of their IP addresses while allowing behaving users to connect anonymously.

Our system ensures that users are aware of their blacklist status before they present a

nymble, and disconnect immediately if they are blacklisted. Although our work applies to

anonymizing networks in general, we consider Tor for purposes of exposition. In fact, any


3/85

number of anonymizing networks can rely on the same Nymble system, blacklisting

anonymous users regardless of their anonymizing network(s) of choice.

• Blacklisting anonymous users. We provide a means by which servers can blacklist users

of an anonymizing network while maintaining their privacy.

• Practical performance. Our protocol makes use of inexpensive symmetric cryptographic

operations to significantly outperform the alternatives.

• Open-source implementation. With the goal of contributing a workable system, we have

built an open source implementation of Nymble, which is publicly available. We provide

performance statistics to show that our system is indeed practical.

1.4 Advantages of Proposed System

We present a secure system called Nymble, which provides all the following properties:

anonymous authentication, backward unlinkability, subjective blacklisting, fast



make its deployment practical In Nymble, users acquire an ordered collection of nymbles,

a special type of pseudonym, to connect to websites. Without additional information, these

nymbles are computationally hard to link, and hence using the stream of nymbles simulates

anonymous access to services.

Figure.1 Project Architecture


4/85

1.5 Feasibility Study

The feasibility of the project is analyzed in this phase and business proposal is put forth

with a very general plan for the project and some cost estimates. During system analysis

the feasibility study of the proposed system is to be carried out. This is to ensure that the

proposed system is not a burden to the company. For feasibility analysis, some

understanding of the major requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

• ECONOMICAL FEASIBILITY

• TECHNICAL FEASIBILITY

•

SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on the

organization. The amount of fund that the company can pour into the research and

development of the system is limited. The expenditures must be justified. Thus the

developed system as well within the budget and this was achieved because most of the

technologies used are freely available. Only the customized products had to be purchased.

TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical

requirements of the system. Any system developed must not have a high demand on the

available technical resources. This will lead to high demands on the available technical

resources. This will lead to high demands being placed on the client. The developed system

must have a modest requirement, as only minimal or null changes are required for

implementing this system.

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This

includes the process of training the user to use the system efficiently. The user must not

feel threatened by the system, instead must accept it as a necessity. The level of acceptance

by the users solely depends on the methods that are employed to educate the user about the

system and to make him familiar with it. His level of confidence must be raised so that he

is also able to make some constructive criticism, which is welcomed, as he is the final user

of the system.


5/85

1.6 Hardware and Software Requirements

HARDWARE REQUIREMENTS:

• System : Pentium IV 2.4 GHz.

• Hard Disk : 40 GB.

• Floppy Drive : 1.44 Mb.

• Monitor : 15 VGA Colour.

• Mouse : Logitech.

• Ram : 512 Mb.

SOFTWARE REQUIREMENTS:

• Operating system : Windows 7.

• Coding Language : JDK 1.6

• Tools : Tomcat 6

1.7 Functional Requirements

Functional requirements specify which output file should be produced from the given

file they describe the relationship between the input and output of the system, for each

functional requirement a detailed description of all data inputs and their source and the

range of valid inputs must be specified.

1.8 Non-Functional Requirements

Describe user-visible aspects of the system that are not directly related with the

functional behavior of the system. Non-Functional requirements include quantitative

constraints, such as response time (i.e. how fast the system reacts to user commands.) or

accuracy (i.e. how precise are the systems numerical answers.)

1.9 Pseudo Requirements

The client that restricts the implementation of the system imposes these requirements.

Typical pseudo requirements are the implementation language and the platform on which

the system is to be implemented. These have usually no direct effect on the users’ view of

the system.


6/85

2. LITERATURE SURVEY

Literature survey is the most important step in software development process. Before

developing the tool it is necessary to determine the time factor, economy n company

strength. Once these things are satisfied, ten next steps are to determine which operating

system and language can be used for developing the tool. Once the programmers start

building the tool the programmers need lot of external support. This support can be

obtained from senior programmers, from book or from websites. Before building the

system the above consideration r taken into account for developing the proposed system.

To limit the number of identities a user can obtain (called the Sybil attack), the Nymble

system binds nymbles to resources that are sufficiently difficult to obtain in great numbers.

For example, we have used IP addresses as the resource in our implementation, but our

scheme generalizes to other resources such as email addresses, identity certificates, andtrusted hardware. We address the practical issues related with resource-based blocking in

Section 8, and suggest other alternatives for resources. We do not claim to solve the Sybil

attack. This problem is faced by any credential system, and we suggest some promising

approaches based on resource-based blocking since we aim to create a real-world

deployment. The user must first contact the Pseudonym Manager (PM) and demonstrate

control over a resource; for IP-address blocking, the user must connect to the PM directly

(i.e., not through a known anonymizing network), as shown.

We assume the PM has knowledge about Tor routers, for example, and can ensure that

users are communicating with it directly.6 Pseudonyms are deterministically chosen basedon the controlled resource, ensuring that the same pseudonym is always issued for the

same resource. Note that the user does not disclose what server he or she intends to

connect to and the PM’s duties are limited to mapping IP addresses (or other resources) to

pseudonyms. As we will explain, the user contacts the PM only once per linkability

window (e.g., once a day).

2.1 Previous Work Done in Blocking of Users in Anonymizing Networks

2.1.1 Pseudonymous Credential Systems

Pseudonymity technology is technology that allows individuals to reveal or prove

information about themselves to others, without revealing their full identity. A credential

system is a system in which users can obtain credentials from organizations and

demonstrate possession of these credentials.

The idea of Pseudonymous credential systems [11] was first put forwarded by “Anna

Lysyanskaya”, “R.L.Rivest” and “A.Sahai” in 1999 even before anonymous networks were

developed.


7/85

In pseudonymous credential systems, users log into websites using pseudonyms.

Pseudonyms are the false names used to hide users’ actual identities and maintain

anonymity.

Pseudonyms are generated by Tor client program itself and they are used to log into

websites. Server maintains the blacklist of mischievous users by using pseudonyms

provided by the users.

Advantages:

• Simple to implement

• Less computational

Drawbacks:

• It results in pseudonymity for all users

• Weakens the anonymity

Figure.2. Pseudonymous System flow diagram


8/85

2.1.2 Anonymous Credential Systems

An anonymous credential system consists of users and organizations. Organizations

know the users only by pseudonyms. The basic system comprises protocols for a user to

join the system, register with an organization, obtain multi-show credentials, and show

such credentials.

Anonymous credential system [10] was the innovation of “J.Camenisch” and “Anna

Lysyanskaya” in the year 2001. They used the concept of “Group signatures” to make the

system more efficient and anonymous.

Anonymous credential system consists of three parties i.e. users, an authority, and

verifiers. These systems employ group signatures which allow servers to revoke a

misbehaving user’s anonymity by complaining to a group manager.

Figure.3. Anonymous Credential Systems

Servers must query the group manager for every authentication and hence this system lacks

scalability.

Advantages:

• Digital signatures ensure the security of system to some extent.

Drawbacks:

• Lacks scalability

• Backward unlinkability is not possible


9/85

• Servers can find users’ IP addresses by using traceable signatures

2.1.3 Verifier-local revocation (VLR)

In order to overcome the problem of lack of backward unlinkability VLR [7] isproposed in 2004 by “Dan Boneh” and “Hovav Shacham”. An approach of membership

revocation in group signatures is verifier-local revocation. In this approach, only verifiers

are involved in the revocation mechanism, while signers have no involvement. Thus, since

signers have no load, this approach is suitable for mobile environments. This scheme

satisfies backward unlinkability to some extent. The backward unlinkability means that

even after a member is revoked, signatures produced by the member before the revocation

remains anonymous.

Verifier-local revocation requires the server (“verifier”) to perform only local updates

during revocation. Hence, there will be lot of burden on the server.

Advantages:

• Local updating is possible

• Backward unlinkability

Drawbacks:

• Heavy computational at server side

• Time consuming

• Less Secure

Hence, due to the unsatisfied results of the existing systems, we implemented the new

Nymble system which can give us the fruitful results which we need.

2.2 Proposed Work

Previously developed systems have so many drawbacks which restricted Tor and other

anonymizing networks’ usage in the organizations. Hence, Nymble systems are proposed

in order to overcome all those weaknesses and make the Tor a safe and efficient network.

In Nymble, users need to acquire an ordered collection of nymbles which is a special

type of pseudonym in order to connect with websites. There is no restriction on the type of

anonymizing network used i.e. it is not necessary that only Tor should be used here.

Nymble system has various modes of interaction to different modules.


10/85


11/85

3. ANALYSIS AND DESIGN

3.1 Modules Description

3.1.1 Nymble Manager

Servers can therefore blacklist anonymous users without knowledge of their IP

addresses while allowing behaving users to connect anonymously. Our system ensures that

users are aware of their blacklist status before they present a nymble, and disconnect

immediately if they are blacklisted. Although our work applies to anonymizing networks in

general, we consider Tor for purposes of exposition. In fact, any number of anonymizing

networks can rely on the same Nymble system, blacklisting anonymous users regardless of

their anonymizing network(s) of choice.

3.1.2 Pseudonym Manager

The user must first contact the Pseudonym Manager (PM) and demonstrate control over

a resource; for IP-address blocking, the user must connect to the PM directly (i.e., not

through a known anonymizing network), ensuring that the same pseudonym is always

issued for the same resource.

3.1.3 Blacklisting a User

Users who make use of anonymizing networks expect their connections to be

anonymous. If a server obtains a seed for that user, however, it can link that user’ssubsequent connections. It is of utmost importance, then, that users be notified of their

blacklist status before they present a nymble ticket to a server. In our system, the user can

download the server’s blacklist and verify her status. If blacklisted, the user disconnects

immediately.

IP-address blocking is employed by Internet services. There are, however, some

inherent limitations to using IP addresses as the scarce resource. If a user can obtain

multiple addresses she can circumvent both nymble-based and regular IP-address blocking.

Subnet-based blocking alleviates this problem, and while it is possible to modify our

system to support subnet-based blocking, new privacy challenges emerges; a morethorough description is left for future work.

3.1.4 Nymble-Authenticated Connection

Blacklistability assures that any honest server can indeed block misbehaving users.

Specifically, if an honest server complains about a user that misbehaved in the current

linkability window, the complaint will be successful and the user will not be able to

“nymble-connect,” i.e., establish a Nymble-authenticated connection, to the server

successfully in subsequent time periods (following the time of complaint) of that

linkability window.


12/85

Rate-limiting assures any honest server that no user can successfully nymble-connect to

it more than once within any single time period. Non-frameability guarantees that any

honest user who is legitimate according to an honest server can nymble-connect to that

server. This prevents an attacker from framing a legitimate honest user, e.g., by getting the

user blacklisted for someone else’s misbehavior. This property assumes each user has a

single unique identity.

When IP addresses are used as the identity, it is possible for a user to “frame” an honest

user who later obtains the same IP address. Non-frameability holds true only against

attackers with different identities (IP addresses).

A user is legitimate according to a server if she has not been blacklisted by the server,

and has not exceeded the rate limit of establishing Nymble-connections. Honest servers

must be able to differentiate between legitimate and illegitimate users.

Anonymity protects the anonymity of honest users, regardless of their legitimacy

according to the (possibly corrupt) server; the server cannot learn any more information

beyond whether the user behind (an attempt to make) a nymble-connection is legitimate or

illegitimate.

3.2 Data flow diagrams

The DFD is also called as bubble chart. It is a simple graphical formalism that can beused to represent a system in terms of the input data to the system, various processing

carried out on these data, and the output data is generated by the system.

A data flow diagram (DFD) is a graphical representation of the "flow" of data through

an information system, modeling its process aspects. Often they are a preliminary step used

to create an overview of the system which can later be elaborated. DFDs can also be used

for the visualization of data processing (structured design).

A DFD shows what kinds of information will be input to and output from the system,

where the data will come from and go to, and where the data will be stored. It does notshow information about the timing of processes, or information about whether processes

will operate in sequence or in parallel (which is shown on a flowchart).


13/85

Figure.5. DFD for Nymble Modules

Figure.6. Overview Flowchart of whole project


14/85


15/85

Figure.8. DFD for Client


16/85

3.3 UML Diagrams

3.3.1 Use case Diagram

Figure.9. Use case Diagram for user login and server login


17/85

3.3.2 Class Diagram

Figure.10. Class Diagram for user and nymble manager interaction


18/85

3.3.3 Sequence Diagram

Figure.11. Sequence Diagram for client, server and Nymble Manager interactions

Client Nymble Manager

invoke

connection established

connected

validation

user name,password

to verify

verified

valid/invalid user

valid user

file requested

checked

original/fake

file shown

exit


19/85

3.3.4 Activity Diagram

Figure.12. Activity Diagram for user and server


20/85

3.3.5 Collaboration Diagram

Figure.13. Collaboration Diagram for Nymble System


21/85

4. IMPLEMENTATION

4.1 Process Specification

4.1.1 Input Design

The input design is the link between the information system and the user. It comprises

the developing specification and procedures for data preparation and those steps are

necessary to put transaction data in to a usable form for processing can be achieved by

inspecting the computer to read data from a written or printed document or it can occur by

having people keying the data directly into the system. The design of input focuses on

controlling the amount of input required, controlling the errors, avoiding delay, avoiding

extra steps and keeping the process simple. The input is designed in such a way so that it

provides security and ease of use with retaining the privacy. Input Design considered the

following things:

• What data should be given as input?

• How the data should be arranged or coded?

• The dialog to guide the operating personnel in providing input.

• Methods for preparing input validations and steps to follow when error occur.

4.1.2 Objectives

• Input Design is the process of converting a user-oriented description of the input

into a computer-based system. This design is important to avoid errors in the data

input process and show the correct direction to the management for getting correct

information from the computerized system.

• It is achieved by creating user-friendly screens for the data entry to handle large

volume of data. The goal of designing input is to make data entry easier and to be

free from errors. The data entry screen is designed in such a way that all the data

manipulates can be performed. It also provides record viewing facilities.

• When the data is entered it will check for its validity. Data can be entered with the

help of screens. Appropriate messages are provided as when needed so that the user

will not be in maize of instant. Thus the objective of input design is to create an

input layout that is easy to follow


22/85

4.1.3 Output Design

A quality output is one, which meets the requirements of the end user and presents the

information clearly. In any system results of processing are communicated to the users and

to other system through outputs. In output design it is determined how the information is to

be displaced for immediate need and also the hard copy output. It is the most important and

direct source information to the user. Efficient and intelligent output design improves the

system’s relationship to help user decision-making.

• Designing computer output should proceed in an organized, well thought out

manner; the right output must be developed while ensuring that each output

element is designed so that people will find the system can use easily and

effectively. When analysis design computer output, they should Identify the

specific output that is needed to meet the requirements.

• Select methods for presenting information.

• Create document, report, or other formats that contain information produced by the

system.

The output form of an information system should accomplish one or more of the following

objectives.

• Convey information about past activities, current status or projections of the

• Future.

• Signal important events, opportunities, problems, or warnings.

• Trigger an action.

• Confirm an action.

4.2 Techniques Used

4.2.1 Blacklisting anonymous users

We provide a means by which servers can blacklist users of an anonymizing network

while maintaining their privacy.

4.2.2 Practical performance

Our protocol makes use of inexpensive symmetric cryptographic operations to

significantly outperform the alternatives.


23/85

4.2.3 Open-source implementation

With the goal of contributing a workable system, we have built an open-source

implementation of Nymble, which is publicly available. We provide performance statistics

to show that our system is indeed practical.

4.3 Algorithms Used

4.3.1 Algorithm for Pseudonym Creation

READ uid

nym = MA.Mac(uid, nymKey)

mac = MA.Mac(nym, macKey)

pnym = Mac(nym, mac)

WRITE pnym

Explanation:

• A pseudonym “pnym” has 2 components “nym” and “mac”. “nym” is a pseudo-

random mapping of the user’s identity and PM’s secret key “nymKey”.

• “mac” is a MAC(message authentication code) that the NM uses to verify the

integrity of the pseudonym.

4.3.2 Algorithm for Granting Nymble Tickets

READ pnym

IF pnym is Matched

nymble = pnym.Keygen()

ELSE

nymble = -1

ENDIF

WRITE nymble

Explanation:

A “nymble” is a pseudorandom number, which serves as an identifier for a particular time

period. Here, we are using “middle square” pseudo random generation.


24/85

Keygen()

{

Double pnym=pnym*pnym;

Int len=pnym.length;

Double nymble=pnym.charAt(len/2-1)+pnym.charAt(len/2)+pnym.charAt(len/2+1)+

pnym.charAt(len/2+2);

}

4.3.3 Algorithm for Notifying Users about their Status

READ uid, pwd, bl

IF ip(uid) Є bl

status = 1

ELSE

status = 0

ENDIF

WRITE status

Explanation:

bl is the blacklist which maintains the list of blocked users. If at all, user is in bl, then he is

prohibited from accessing files and he is notified about his status.

If(status==1)

System.out.println(“This user is blacklisted and hence don’t have permission for

accessing”);

else if(status==0)

System.out.println(“You are not Blacklisted”)


25/85

4.4 Technology Description

4.4.1 Java Technology

Java technology is both a programming language and a platform.

4.4.2 The Java Programming Language

The Java programming language is a high-level language that can be characterized by all

of the following buzzwords:

• Simple

• Architecture neutral

• Object oriented

• Portable

• Distributed

• High performance

• Interpreted

• Multithreaded

• Robust

• Dynamic

• Secure

With most programming languages, you either compile or interpret a program so that

you can run it on your computer. The Java programming language is unusual in that a

program is both compiled and interpreted. With the compiler, first you translate a program

into an intermediate language called Java byte codes —the platform-independent codes

interpreted by the interpreter on the Java platform. The interpreter parses and runs each

Java byte code instruction on the computer. Compilation happens just once; interpretation

occurs each time the program is executed.


26/85

The following figure illustrates how this works.

Figure.14.Working of Interpreter

You can think of Java byte codes as the machine code instructions for the Java Virtual

Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web

browser that can run applets, is an implementation of the Java VM. Java byte codes help

make “write once, run anywhere” possible. You can compile your program into byte codes

on any platform that has a Java compiler. The byte codes can then be run on any

implementation of the Java VM. That means that as long as a computer has a Java VM, the

same program written in the Java programming language can run on Windows 2000, a

Solaris workstation, or on an iMac.

Figure.15. Working of Java Program


27/85

4.4.3 The Java Platform

A platform is the hardware or software environment in which a program runs. We’ve

already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris,

and MacOS. Most platforms can be described as a combination of the operating system

and hardware. The Java platform differs from most other platforms in that it’s a software-

only platform that runs on top of other hardware-based platforms.

The Java platform has two components:

• The Java Virtual Machine (Java VM)

• The Java Application Programming Interface (Java API)

You’ve already been introduced to the Java VM. It’s the base for the Java platform and

is ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide

many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is

grouped into libraries of related classes and interfaces; these libraries are known as

packages. The next section called What Can Java Technology Do? Highlights what

functionality some of the packages in the Java API provide.

The following figure depicts a program that’s running on the Java platform. As the

figure shows, the Java API and the virtual machine insulate the program from the

hardware.

Figure.16. Java API

Native code is code that after you compile it, the compiled code runs on a specifichardware platform. As a platform-independent environment, the Java platform can be a bit

slower than native code. However, smart compilers, well-tuned interpreters, and just-in-

time byte code compilers can bring performance close to that of native code without

threatening portability.

4.4.4 What Can Java Technology Do?

The most common types of programs written in the Java programming language are

applets and applications. If you’ve surf the Web, you’re probably already familiar with


28/85

applets. An applet is a program that adheres to certain conventions that allow it to run

within a Java-enabled browser.

However, the Java programming language is not just for writing cute, entertaining

applets for the Web. The general-purpose, high-level Java programming language is also a

powerful software platform. Using the generous API, you can write many types of

programs.

An application is a standalone program that runs directly on the Java platform. A

special kind of application known as a server serves and supports clients on a network.

Examples of servers are Web servers, proxy servers, mail servers, and print servers.

Another specialized program is a servlet. A servlet can almost be thought of as an applet

that runs on the server side. Java Servlets are a popular choice for building interactive web

applications, replacing the use of CGI scripts. Servlets are similar to applets in that they are

runtime extensions of applications. Instead of working in browsers, though, servlets run

within Java Web servers, configuring or tailoring the server.

How does the API support all these kinds of programs? It does so with packages of

software components that provides a wide range of functionality. Every full

implementation of the Java platform gives you the following features:

• The essentials: Objects, strings, threads, numbers, input and output, data structures,

system properties, date and time, and so on.

• Applets: The set of conventions used by applets.

• Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram

Protocol) sockets, and IP (Internet Protocol) addresses.

• Internationalization: Help for writing programs that can be localized for users

worldwide. Programs can automatically adapt to specific locales and be displayed

in the appropriate language.

• Security: Both low level and high level, including electronic signatures, public and

private key management, access control, and certificates.

• Software components: Known as JavaBeansTM

, can plug into existing component

architectures.

• Object serialization: Allows lightweight persistence and communication via

Remote Method Invocation (RMI).

• Java Database Connectivity (JDBCTM

): Provides uniform access to a wide range

of relational databases.


29/85

The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,

collaboration, telephony, speech, animation, and more. The following figure depicts what

is included in the Java 2 SDK.

Figure.17. Java IDE

4.4.5 How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java programming

language. Still, it is likely to make your programs better and requires less effort than other

languages. We believe that Java technology will help you do the following:

• Get started quickly: Although the Java programming language is a powerful

object-oriented language, it’s easy to learn, especially for programmers already

familiar with C or C++.

• Write less code: Comparisons of program metrics (class counts, method counts,

and so on) suggest that a program written in the Java programming language can be

four times smaller than the same program in C++.

• Write better code: The Java programming language encourages good coding

practices, and its garbage collection helps you avoid memory leaks. Its object

orientation, its JavaBeans component architecture, and its wide-ranging, easily

extendible API let you reuse other people’s tested code and introduce fewer bugs.

• Develop programs more quickly: Your development time may be as much as

twice as fast versus writing the same program in C++. Why? You write fewer lines

of code and it is a simpler programming language than C++.

• Avoid platform dependencies with 100% Pure Java: You can keep your

program portable by avoiding the use of libraries written in other languages. The


30/85

100% Pure JavaTM

Product Certification Program has a repository of historical

process manuals, white papers, brochures, and similar materials online.

• Write once, run anywhere: Because 100% Pure Java programs are compiled into

machine-independent byte codes, they run consistently on any Java platform.

• Distribute software more easily: You can upgrade applets easily from a central

server. Applets take advantage of the feature of allowing new classes to be loaded

“on the fly,” without recompiling the entire program.

4.4.6 ODBC

Microsoft Open Database Connectivity (ODBC) is a standard programming interface

for application developers and database systems providers. Before ODBC became a de

facto standard for Windows programs to interface with database systems, programmers had

to use proprietary languages for each database they wanted to connect to. Now, ODBC has

made the choice of the database system almost irrelevant from a coding perspective, which

is as it should be. Application developers have much more important things to worry about

than the syntax that is needed to port their program from one database to another when

business needs suddenly change.

Through the ODBC Administrator in Control Panel, you can specify the particular

database that is associated with a data source that an ODBC application program is writtento use. Think of an ODBC data source as a door with a name on it. Each door will lead you

to a particular database. For example, the data source named Sales Figures might be a SQL

Server database, whereas the Accounts Payable data source could refer to an Access

database. The physical database referred to by a data source can reside anywhere on the

LAN.

The ODBC system files are not installed on your system by Windows 95. Rather, they

are installed when you setup a separate database application, such as SQL Server Client or

Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called

ODBCINST.DLL. It is also possible to administer your ODBC data sources through astand-alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this

program and each maintains a separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be

written to use the same set of function calls to interface with any data source, regardless of

the database vendor. The source code of the application doesn’t change whether it talks to

Oracle or SQL Server. We only mention these two as an example. There are ODBC drivers

available for several dozen popular database systems. Even Excel spreadsheets and plain

text files can be turned into data sources. The operating system uses the Registry

information written by ODBC Administrator to determine which low-level ODBC drivers


31/85


32/85

early reviewer feedback, have finalized the JDBC class library into a solid framework for

building database applications in Java.

The goals that were set for JDBC are important. They will give you some insight as to

why certain classes and functionalities behave the way they do. The eight design goals for

JDBC are as follows:

I. SQL Level API

The designers felt that their main goal was to define a SQL interface for Java. Although

not the lowest database interface level possible, it is at a low enough level for higher-level

tools and APIs to be created. Conversely, it is at a high enough level for application

programmers to use it confidently. Attaining this goal, allows for future tool vendors to

“generate” JDBC code and to hide many of JDBC’s complexities from the end user.

II. SQL Conformance

SQL syntax varies as you move from database vendor to database vendor. In an effort

to support a wide variety of vendors, JDBC will allow any query statement to be passed

through it to the underlying database driver. This allows the connectivity module to handle

non-standard functionality in a manner that is suitable for its users.

III. JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal

allows JDBC to use existing ODBC level drivers by the use of a software interface. This

interface would translate JDBC calls to ODBC and vice versa.

IV. Provide a Java interface that is consistent with the rest of the Java system

Because of Java’s acceptance in the user community thus far, the designers feel that

they should not stray from the current design of the core Java system.

V. Keep it simple

This goal probably appears in all software design goal listings. JDBC is no exception.

Sun felt that the design of JDBC should be very simple, allowing for only one method of

completing a task per mechanism. Allowing duplicate functionality only serves to confuse

the users of the API.

VI. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less error

appear at runtime.


33/85

VII. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are simple

SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to

perform with JDBC. However, more complex SQL statements should also be possible.

Finally, we decided to precede the implementation using Java Networking and for

dynamically updating the cache table we go for MS Access database.

Java has two things: a programming language and a platform.

Java is a high-level programming language that is all of the following

Simple Architecture-neutral

Object-oriented Portable

Distributed High-performance

Interpreted multithreaded

Robust Dynamic

Secure

Java is also unusual in that each Java program is both compiled and interpreted. With a

compile you translate a Java program into an intermediate language called Java byte codes

the platform-independent code instruction is passed and run on the computer.

Compilation happens just once; interpretation occurs each time the program is executed.

The figure illustrates how this works.


34/85

Figure.18. Java Program going through Compilers and Interpreter

You can think of Java byte codes as the machine code instructions for the Java Virtual

Machine (Java VM). Every Java interpreter, whether it’s a Java development tool or a Web

browser that can run Java applets, is an implementation of the Java VM. The Java VM can

also be implemented in hardware.

Java byte codes help make “write once, run anywhere” possible. You can compile your

Java program into byte codes on my platform that has a Java compiler. The byte codes can

then be run any implementation of the Java VM. For example, the same Java program can

run Windows NT, Solaris, and Macintosh.


35/85

4.4.9 Networking

(a) TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a

connectionless protocol.

(b) IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers each

datagram independently of the others. Any association between datagram must be supplied

by the higher layers. The IP layer supplies a checksum that includes its own header. The

header includes the source and destination addresses. The IP layer handles routing through

an Internet. It is also responsible for breaking up large datagram into smaller ones for

transmission and reassembling them at the other end.

(c) UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the

contents of the datagram and port numbers. These are used to give a client/server model -

see later.

(d) TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides

a virtual circuit that two processes can use to communicate.


36/85

• Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address

scheme for machines so that they can be located. The address is a 32 bit integer which

gives the IP address. This encodes a network ID and more addressing. The network ID

falls into various classes according to the size of the network address.

• Network address

Class A uses 8 bits for the network address with 24 bits left over for other addressing.

Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class

D uses all 32.

• Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is currently on

one sub network and uses 10-bit addressing, allowing 1024 different hosts.

• Host address

8 bits are finally used for host addresses within our subnet. This places a limit of 256

machines that can be on the subnet.

• Total address

The 32 bit address is usually written as 4 integers separated by dots.

• Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To send

a message to a server, you send it to the port for that service of the host that it is running

on. This is not location transparency! Certain of these ports are "well known".


37/85

(e) Sockets

A socket is a data structure maintained by the system to handle network connections. A

socket is created using the call socket. It returns an integer that is like a file descriptor. In

fact, under Windows, this handle can be used with Read File and Write File functions.

#include

#include

int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero, and type

will depend on whether TCP or UDP is used. Two processes wishing to communicate over

a network create a socket each. These are similar to two ends of a pipe - but the actual pipe

does not yet exist.

(f) JFree Chart

JFreeChart is a free 100% Java chart library that makes it easy for developers to display

professional quality charts in their applications. JFreeChart's extensive feature set includes:

• A consistent and well-documented API, supporting a wide range of chart types.

• A flexible design that is easy to extend, and targets both server-side and client-side

applications.

• Support for many output types, including Swing components, image files

(including PNG and JPEG), and vector graphics file formats (including PDF, EPS

and SVG).

• JFreeChart is "open source" or, more specifically, free software. It is distributed

under the terms of the GNU Lesser General Public License (LGPL), which permits

use in proprietary applications.

• Map Visualizations

Charts showing values that relate to geographical areas. Some examples include:

(a) population density in each state of the United States, (b) income per capita for

each country in Europe, (c) life expectancy in each country of the world. The tasks

in this project include: Sourcing freely redistributable vector outlines for the

countries of the world, states/provinces in particular countries (USA in particular,

but also other areas); Creating an appropriate dataset interface (plus default

implementation), a rendered, and integrating this with the existing XYPlot class in

JFreeChart; Testing, documenting, testing some more, documenting some more.

• Time Series Chart Interactivity


38/85

Implement a new (to JFreeChart) feature for interactive time series charts to display

a separate control that shows a small version of ALL the time series data, with a

sliding "view" rectangle that allows you to select the subset of the time series data

to display in the main chart.

• Dashboards

There is currently a lot of interest in dashboard displays. Create a flexible

dashboard mechanism that supports a subset of JFreeChart chart types (dials, pies,

thermometers, bars, and lines/time series) that can be delivered easily via both Java

Web Start and an applet.

• Property Editors

The property editor mechanism in JFreeChart only handles a small subset of theproperties that can be set for charts. Extend this mechanism to provide greater end-

user control over the appearance of the charts.


39/85

4.5 Sample Coding

4.5.1 Sample code for Client Login

Explanation: - The below code is used for the clients authorization purpose. It takes inputas username, key and password which is used as authentication method. If a user is

authorized, then it is allowed to view the resources or if a user is not an authorized user,

then login fails. Table 5.5.2 shows the test cases for the below code.

import java.rmi.*; //

import java.rmi.server.*;

import java.net.*; // package supporting TCP/IP based client-server connections

import java.io.*;

import javax.swing.*;

import java.awt.event.*;

import java.lang.*;

import java.awt.*;

import javax.swing.filechooser.FileSystemView; // FileSystemView is JFileChooser's

//gateway to the file system.this class is designed to intuit as much OS-specific file system

//information as possible.

import java.util.StringTokenizer; // allows an application to break a string into tokens.

import java.net.InetAddress; // represents an Internet Protocol (IP) address

import java.rmi.Naming;

import java.util.Date;

import java.util.Vector; // The Vector class implements a growable array of objects

import java.util.Random; // used to generate a stream of pseudorandom numbers

public class Login extends javax.swing.JFrame

{

RMISIntf ref;

JOptionPane op;


40/85

Vector v= new Vector(2);

String sss=null;

static String username;

/*creates new form Login*/

public Login()

{

initComponents();

}

private void initComponents()

{

jPan = new javax.swing.JPanel();

jLabel1 = new javax.swing.JLabel();

user = new javax.swing.JTextField();


submit = new javax.swing.JButton();

reset = new javax.swing.JButton();

exit = new javax.swing.JButton();

pass = new javax.swing.JPasswordField();


op=new JOptionPane();

getContentPane().setLayout(null);

jPanel1 = new javax.swing.JPanel();

listres = new javax.swing.JList();

jLab = new javax.swing.JLabel();

download = new javax.swing.JButton();

resArea = new TextArea();


41/85

save = new javax.swing.JButton();

getContentPane().setLayout(null);

getContentPane().setBackground(new Color(200,40,50));

addWindowListener(new java.awt.event.WindowAdapter()

{

public void windowClosing(java.awt.event.WindowEvent evt)

{

exitForm(evt);

}

}

jPan.setLayout(null);

jPan.setBackground(new java.awt.Color(200, 113, 181));

jPan.setBorder(new javax.swing.border.EtchedBorder());

jLab.setFont(new java.awt.Font("Arial", 0, 14));

jLab.setText("User ID:");

jPan.add(jLab);

jLab.setBounds(40, 40, 90, 30);

jPan.add(user);

user.setBounds(140, 40, 100, 30);

jLabel2.setFont(new java.awt.Font("Arial", 0, 14));

jLabel2.setText("Password:");

jPan.add(jLabel2);

jLabel2.setBounds(40, 90, 90, 30);

submit.setBackground(new java.awt.Color(204, 204, 255));

submit.setFont(new java.awt.Font("Arial", 0, 14));

submit.setForeground(new java.awt.Color(0, 0, 153));


42/85

submit.setText("Submit");

submit.addActionListener(new java.awt.event.ActionListener()

{

public void actionPerformed(java.awt.event.ActionEvent evt)

{

submitActionPerformed(evt);

}

}

jPan.add(submit);

submit.setBounds(20, 150, 80, 27);

reset.setBackground(new java.awt.Color(204, 204, 255));

reset.setFont(new java.awt.Font("Arial", 0, 14));

reset.setForeground(new java.awt.Color(0, 0, 153));

reset.setLabel("Reset");

reset.addActionListener(new java.awt.event.ActionListener()

{

public void actionPerformed(java.awt.event.ActionEvent evt)

{

resetActionPerformed(evt);

}

}


43/85

4.5.2 Sample code for Server Login

Explanation: - The below code is used for the servers authorization purpose. It takes input

as server name and password which is used as authentication method. If a server is

authorized, then it is allowed to view the resources, block the misbehaving users, view the

blacklist and modify the resources. If a server is not an authorized server, then login fails.

Table 5.5.1 shows the test cases for the below code.

public Server()

{

op=new JOptionPane();

contentpane = (JPanel) this.getContentPane();

StartSer = new JButton();

Startview = new JButton();

Startmobilealert=new JButton();

Adduser=new JButton();

Addserver=new JButton();

RemoveIP = new JPanel();

jLabel1 = new JLabel();

jList1 = new JList();

AddIP = new JButton();

removeIP = new JButton();

addIP = new JButton();

jPanel2 = new JPanel();

jLabel2 = new JLabel();

headlabl=new JLabel();

headlab2=new JLabel();

jList2 = new JList();


44/85


45/85

StartSer.setFont(new Font("Arial", 0, 18));

StartSer.setForeground(new Color(255, 255, 255));

StartSer.setText("Nymble Manager On..");

StartSer.setBorder(new BevelBorder(0));

StartSer.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent actionevent)

{

StartSerActionPerformed(actionevent);

}

}

contentpane.add(StartSer,null);

StartSer.setBounds(110, 430, 190, 23);

Startview.setBackground(new Color(225, 0, 225));

Startview.setFont(new Font("Arial", 0, 20));

Startview.setForeground(new Color(255, 255, 255));

Startview.setText("Misbehaviour Details");

Startview.setBorder(new BevelBorder(0));

Startview.addActionListener(new ActionListener() {


{

StartviewActionPerformed(actionevent);

}

}

contentpane.add(Startview,null);

Startview.setBounds(110, 490, 190, 23);

Startmobilealert.setBackground(new Color(225, 0, 225));


46/85

Startmobilealert.setFont(new Font("Arial", 0, 18));

Startmobilealert.setForeground(new Color(255, 255, 255));

Startmobilealert.setText("Android Mobile Service");

Startmobilealert.setBorder(new BevelBorder(0));

Startmobilealert.addActionListener(new ActionListener()) {


{

StartmobilealertActionPerformed(actionevent);

}

}

contentpane.add(Startmobilealert,null);

Startmobilealert.setBounds(110, 560, 190, 23);

Adduser.setBackground(new Color(225, 0, 225));

Adduser.setFont(new Font("Arial", 0, 18));

Adduser.setForeground(new Color(255, 255, 255));

Adduser.setText("Add NewUser");

Adduser.setBorder(new BevelBorder(0));

Adduser.addActionListener(new ActionListener()){


{

AdduserActionPerformed(actionevent);

}

}

contentpane.add(Adduser,null);

Adduser.setBounds(330, 430, 160, 23);

Addserver.setBackground(new Color(225, 0, 225));


47/85

Addserver.setFont(new Font("Arial", 0, 18));

Addserver.setForeground(new Color(255, 255, 255));

Addserver.setText("Server Registration");

Addserver.setBorder(new BevelBorder(0));

Addserver.addActionListener(new ActionListener()) {


{

AddserverActionPerformed(actionevent);

}

}

contentpane.add(Addserver,null);

Addserver.setBounds(330, 490, 160, 23);

RemoveIP.setLayout(null);

RemoveIP.setBackground(new Color(121, 123, 252));

RemoveIP.setBorder(new EtchedBorder());

jLabel1.setFont(new Font("Arial", 0, 18));

jLabel1.setText("blocking IP addresses(blacklist)");

RemoveIP.add(jLabel1);

jLabel1.setBounds(10, 10, 580, 40);

jList1.setBorder(new BevelBorder(1));

RemoveIP.add(jList1);

jList1.setBounds(200, 70, 150, 150);

AddIP.setBackground(new Color(0, 51, 204));

AddIP.setFont(new Font("Arial", 0, 15));

AddIP.setForeground(new Color(255, 255, 255));

AddIP.setText("View");


48/85

AddIP.setBorder(new SoftBevelBorder(0));

AddIP.addActionListener(new ActionListener() {


{

AddIPActionPerformed(actionevent);

}

}

removeIP.add(AddIP);

AddIP.setBounds(50, 150, 110, 25);

removeIP.setBackground(new Color(0, 51, 204));

removeIP.setFont(new Font("Arial", 0, 15));

removeIP.setForeground(new Color(255, 255, 255));

removeIP.setText("Delete IP");

removeIP.setBorder(new SoftBevelBorder(0));

removeIP.addActionListener(new ActionListener() {


{

removeIPActionPerformed(actionevent);

}

}

removeIP.add(removeIP);

removeIP.setBounds(50, 110, 110, 25);

/*new addip*/

addIP.setBackground(new Color(0, 51, 204));

addIP.setFont(new Font("Arial", 0, 15));

addIP.setForeground(new Color(255, 255, 255));


49/85


50/85

AddRes.setBorder(new SoftBevelBorder(0));

AddRes.addActionListener(new ActionListener() {


{

AddResActionPerformed(actionevent);

}

}

jPanel2.add(AddRes);

AddRes.setBounds(250, 70, 110, 25);

RemoveRes.setBackground(new Color(0, 51, 204));

RemoveRes.setFont(new Font("Arial", 0, 15));

RemoveRes.setForeground(new Color(255, 255, 255));

RemoveRes.setText("Remove ");

RemoveRes.setBorder(new SoftBevelBorder(0));

RemoveRes.addActionListener(new ActionListener() {


{

RemoveResActionPerformed(actionevent);

}

}


51/85

4.5.3 Sample code for Nymble manager

Explanation: - The below code is used for the Nymble Manager. It takes input as

pseudonym and generates the nymble ticket. This nymble ticket is a one-time ticket for a

particular user. Table 5.5.3 shows the test cases for the blocking of misbehaving users.

NymbleServer()

{

jl1=new JLabel("Nymble Server Name ");

jl2=new JLabel("Server Key ");

jb1=new JButton("Send");

jb2=new JButton("Reset");

jt1=new JTextField(10);

jt2=new JPasswordField(10);

ii=new ImageIcon("nymbleserver.png");

i2=new ImageIcon("nymbleserver1.PNG");

jl4=new JLabel(ii);

jl6=new JLabel(i2);

c = getContentPane();

c.setLayout(null);

c.setBackground(new Color(0,0,120));

c.show();

c.add(jl1);

c.add(jt1);

c.add(jl2);

c.add(jb1);

c.add(jb2);

c.add(jl4);


52/85

c.add(jl6);

c.add(jt2);

addWindowListener(new java.awt.event.WindowAdapter())

{

public void windowClosing(java.awt.event.WindowEvent evt)

{

exitForm(evt);

}

}

jl4.setBounds(30,20,728,68);

jl1.setBounds(20,110,200,25);

jt1.setBounds(150,110,100,25);

jl2.setBounds(50,145,200,25);

jt2.setBounds(150,145,100,25);

jb1.setBounds(70,235,100,25);

jb2.setBounds(180,235,100,25);

jl6.setBounds(300,105,485,309);

setSize(800,500);

setVisible(true);

setTitle("Server");

jb1.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent ae)

{

try {

if(!jt1.getText().equals("") && !jt2.getText().equals("")){


53/85

JOptionPane.showMessageDialog (null, "Authorised User", "Login Success",

JOptionPane.INFORMATION_MESSAGE);

VerifAdminLogin()

}

else

JOptionPane.showMessageDialog((Component) null, "Invalid password. Please try again.

", "Login Error", JOptionPane.INFORMATION_MESSAGE));

}

catch(Exception e) { System.out.println(e);

}

}

}

/* Database connection*/

void VerifAdminLogin()

{

Connection con=null;

String url="jdbc:odbc:nymble";

Statement st=null;

try

{

String val1=jt1.getText();

val1 = val1.trim();

String val2 = (String)jt2.getText();

val2 = val2.trim();

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

con=DriverManager.getConnection(url);

st = con.createStatement();


54/85


55/85

{

System.out.println("Exception raised is:"+ex);

}

finally

{

con=null;

}

}

}


56/85

4.6 Screenshots

SS.NO.1: Nymble Server


57/85


58/85

SS.NO.3: Nymble Server Valid Login


59/85

SS.NO.4: Nymble Manager with Resources and handling blocked IP-addresses


60/85

SS.NO.5: Misbehaving Users Info


61/85

SS.NO.6: Client Registration


62/85

SS.NO.7: Server Registration


63/85

SS.NO.8: User Login


64/85

SS.NO.9: User Login key


65/85

SS.NO.10: Available Resources


66/85

SS.NO.11: Accessing file


67/85


68/85

SS.NO.13: Nymble Web Page-1


69/85

SS.NO.14: Nymble Web Page-2


70/85

SS.NO.15: Server view via Android Mobile


71/85

SS.NO.16: Pseudonym Manager-1


72/85


73/85

SS.NO.18: Invalid PWD for 1st Time


74/85

SS.NO.19: Invalid PWD for 2nd Time


75/85

SS.NO.20: Invalid PWD for 3rd Time


76/85


77/85

5. TESTING AND DEBUGGING

5.1 TYPES OF TESTING

5.1.1 Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner workings,

structure or language of the module being tested. Black box tests, as most other kinds of

tests, must be written from a definitive source document, such as specification or

requirements document, such as specification or requirements document. It is a testing in

which the software under test is treated, as a black box .you cannot “see” into it. The test

provides inputs and responds to outputs without considering how the software works.

5.1.2 White Box Testing

White Box Testing is a testing in which the software tester has knowledge of the inner

workings, structure and language of the software, or at least its purpose. It is purpose. It is

used to test areas that cannot be reached from a black box level.

5.1.3 Unit Testing

Unit testing is usually conducted as part of a combined code and unit test phase of thesoftware lifecycle, although it is not uncommon for coding and unit testing to be conducted

as two distinct phases.

5.1.4 Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.

5.2 Test objectives

• All field entries must work properly.

• Pages must be activated from the identified link.

• The entry screen, messages and responses must not be delayed.


78/85

5.3 Features to be tested

• Verify that the entries are of the correct format

• No duplicate entries should be allowed

All links should take the user to the correct page.

5.3.1 System Testing

The purpose of testing is to discover errors. Testing is the process of trying to discover

every conceivable fault or weakness in a work product. It provides a way to check the

functionality of components, sub-assemblies, assemblies and/or a finished product It is the

process of exercising software with the intent of ensuring that the Software system meets

its requirements and user expectations and does not fail in an unacceptable manner. There

are various types of test. Each test type addresses a specific testing requirement.

5.3.2 Integration Testing

Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by

interface defects.

The task of the integration test is to check that components or software applications, e.g.

components in a software system or – one step up – software applications at the company

level – interact without error.

5.3.3 Functional Testing

Functional tests provide systematic demonstrations that functions tested are available as

specified by the business and technical requirements, system documentation, and usermanuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.


79/85

Systems/Procedures : interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify

Business process flows; data fields, predefined processes, and successive processes must

be considered for testing. Before functional testing is complete, additional tests are

identified and the effective value of current tests is determined.

5.3.4 Test Case Table

(a) Table:

A database is a collection of data about a specific topic.

(b) Views of Table:

We can work with a table in two types,

I. Design View

II. Datasheet View

I. Design View

To build or modify the structure of a table we work in the table design view. We canspecify what kind of data will be hold.

II. Datasheet View

To add, edit or analyses the data itself we work in tables datasheet view mode.

5.3.5 Query

A query is a question that has to be asked the data. Access gathers data that answers the

question from one or more table. The data that make up the answer is either dynaset (if you

edit it) or a snapshot (it cannot be edited).Each time we run query, we get latest

information in the dynaset. Access either displays the dynaset or snapshot for us to view or

perform an action on it, such as deleting or updating.


80/85

5.4 Test Plan

Testing can be done in two ways

Bottom up approach

Top down approach

5.4.1 Bottom up approach

Testing can be performed starting from smallest and lowest level modules and

proceeding one at a time. For each module in bottom up testing a short program executes

the module and provides the needed data so that the module is asked to perform the way it

will when embedded within the larger system. When bottom level modules are tested

attention turns to those on the next level that use the lower level ones they are tested

individually and then linked with the previously examined lower level modules.

5.4.2 Top down approach

This type of testing starts from upper level modules. Since the detailed activities usually

performed in the lower level routines are not provided stubs are written. A stub is a module

shell called by upper level module and that when reached properly will return a message to

the calling module indicating that proper interaction occurred. No attempt is made to verify

the correctness of the lower level module.

5.5 Test Cases

Name: Nymble Server Login (SS.NO. 2 & 3) - Table.1

Test Inputs Actual Output Obtained Output Description

Valid Login Uid & pwd Success Success Test passed.

Passes the

control to the

Nymble

Menus.

Invalid Login Uid & pwd Failed Failed Test Passed.

Passes the

control to the

Error Page

with

appropriate

message


81/85

Name: Client Login (SS.NO. 9 & 11) - Table.2

Name: Blocking (SS.NO. 19, 20, 21 &22) - Table.3

Test Results: All the test cases mentioned above passed successfully. No defects

encountered.

Test Inputs Actual Output Obtained Output Description

Valid Login Uid & pwd Success Success Test passed.

Passes the

control to the

Resources

Menus.

Invalid Login Uid & pwd Failed Failed Test Passed.

Passes the

control to the

Error Page

with

appropriate

message

Test Inputs Condition Actual

Output

Obtained

Output

Description

Valid

Login

Uid

&

pwd

If

count2

Failed Failed Test Passed.

Passes the control to the Error Page with

appropriate message saying Blocked User.


82/85

6. CONCLUSION

We have proposed and built a comprehensive credential system called Nymble, which

can be used to add a layer of accountability to any publicly known anonymizing network.

Servers can blacklist misbehaving users while maintaining their privacy, and we show

how these properties can be attained in a way that is practical, efficient, and sensitive to the

needs of both users and services. We hope that our work will increase the mainstream

acceptance of anonymizing networks such as Tor, which has, thus far, been completely

blocked by several services because of users who abuse their anonymity.

IP addresses as the resource for limiting the Sybil attack, our current implementation

closely mimics IP-address blocking employed by Internet services. Hence, Nymble is far

better than the previous systems and also maintains strict anonymity without violating

anonymous networks’ rules.

Due to the immense growth in the field of computer science, new challenges for privacy

of users have emerged and hence possible improvements can be considered as future

enhancements.


83/85

7. REFERENCES/BIBLIOGRAPHY

[1] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A Practical and Provably Secure

Coalition-Resistant Group Signature, Scheme,” Proc. Ann. Int’l Cryptology Conf.

(CRYPTO), Springer, pp. 255-270, 2000.

[2] G. Ateniese, D.X. Song, and G. Tsudik, “Quasi-Efficient Revocation in Group

Signatures,” Proc. Conf. Financial Cryptography, Springer, pp. 183-197, 2002.

[3] M. Bellare, R. Canetti, and H. Krawczyk, “Keying Hash Functions for Message

Authentication,” Proc. Ann. Int’l Cryptology Conf. (CRYPTO), Springer, pp. 1-15, 1996.

[4] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “A Concrete Security Treatment of

Symmetric Encryption,” Proc. Ann. Symp. Foundations in Computer Science (FOCS), pp.

394-403, 1997.

[5] M. Bellare and P. Rogaway, “Random Oracles Are Practical: A Paradigm for

Designing Efficient Protocols,” Proc. First ACM Conf. Computer and Comm. Security, pp.

62-73, 1993.

[6] M. Bellare, H. Shi, and C. Zhang, “Foundations of Group Signatures: The Case of

Dynamic Groups,” Proc. Cryptographer’s Track at RSA Conf. (CT-RSA), Springer, pp.

136-153, 2005.

[7] D. Boneh and H. Shacham, “Group Signatures with Verifier-Local Revocation,” Proc.

ACM Conf. Computer and Comm. Security, pp. 168-177, 2004.

[8] S. Brands, “Untraceable Off-Line Cash in Wallets with Observers (Extended

Abstract),” Proc. Ann. Int’l Cryptology Conf. (CRYPTO), Springer, pp. 302-318, 1993.

[9] E. Bresson and J. Stern, “Efficient Revocation in Group Signatures,” Proc. Conf. Public

Key Cryptography, Springer, pp. 190-206, 2001.

[10] J. Camenisch and A. Lysyanskaya, “An Efficient System for Non- Transferable

Anonymous Credentials with Optional Anonymity Revocation,” Proc. Int’l Conf. Theory

and Application of Cryptographic Techniques (EUROCRYPT), Springer, pp. 93-118,2001.

[11] Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai and Stefan Wolf, “Pseudonym

Systems”, Selected Areas in Cryptography Lecture Notes in Computer Science, Springer,

Volume 1758/2000, 184-199, 2000.

[12] Cay S. Horstmann, “Big Java: Programming and Practice”, Third Edition, 2007.

[13] Joshua Bloch, “Effective Java”, 2nd

Edition, 2008.


84/85

[14] Craig Larman, “Applying UML and Patterns: An Introduction to Object-Oriented

Analysis and Design and Iterative Development (3rd Edition)”, 3rd

Edition, 2004.

[15] http://java.sun.com

[16] http://www.sourcefordgde.com

[17] http://www.networkcomputing.com/

[18] http://www.roseindia.com/

[19] http://www.java2s.com/


85/85

APPENDIX

Sample M.tech Thesis Contents

Documents

Transcript of Sample M.tech Thesis Contents