Implementation Of Secure Confidential-document Transfer And Storage.
BORANG PENGESAHAN STATUS TESIS*
JUDUL: fMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT
TRANSFER AND STORAGE
seipngajZセRPQ
セRM
Saya DANIE DANIAL BIN MOHAMED SALIM
(HURUF BESAR)
mengaku membenarkan tesis (PSM/Sarjana!Dok.1:or FaJsafah) ini disimpan di
Perpustakaan FakuJti Teknologi Maklumat dan Komunikasi dengan syarat-syarat
kegunaan seperti berikut:
l.
2.
3.
4.
Tesis adaJah hakmilik Uni versiti TeknikaJ Malaysia Melaka
Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan untuk tujuan pengajian sahaja
Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan tesis ini sebagai bahan pertukaran antara institusi
pengajian tinggi.
** Sila tandakan (/)
I
SULIT
(Mengandungi maklumat yang
berdarjah keselamatan atau kepentingan
Malaysia seperti yang termaktub di
daJam AKTA RAHSIA RASMI 1972)
TERHAD
(Mengandungi maklumat TERHAD
yang telah ditentukan oleh organisasi/
badan di mana penyelidikan dijaJankan)
TIDAK TERHAD
(T
Alamat tetap: No 2 JaJan MP 11,
Melaka Perdana Resort Homes,
75450 A er Kerob,
Mel aka
Tarikh :
M
::L'l
セ セ
/s /
セ
M
1- 0
1 )-
andセeliI@
DR SHEKH FAISAL BIN ABDUL
LATIP
Nama Penyelia
Tarikh :
© Universiti Teknikal Malaysia Melaka
..9.q /
セ@
I
;Lo I 1--
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER
AND STORAGE
DANIE DANLAL BIN MOHAMED SALIM
This report is submitted in partial fulfilment of the requirements for the
Bachelor of Computer Science (Software Development)
FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY
UNIVERSrTI TEKNIKAL MALAYSIA MELAKA
2012
© Universiti Teknikal Malaysia Melaka
II
DECLARATION
I hereby declare this project report entitled
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER
AND STORAGE
is written by me and is my own effort and that no part has been plagiarized without
citations.
'214'
STUDENT
1
Date
1/'i/;fll
L
(DANf{I;ANIAL BIN MOHAMED SALIM)
SUPERVISOR
_
Hdセ@
⦅LFセ
N⦅
ᄋ@ _
_
Date: [;)_.'\
SHEKH F AISAL BIN ABDUL LATIP)
© Universiti Teknikal Malaysia Melaka
Ig--} Q..o\
セ@
Ill
DEDICATION
To my beloved parents, Mohamed Salim Abbas and Faziah Omar
To my supervisor, Dr.Shekh Faisal Bin Abdul Latip
To my sisters and brothers
To my cooperative friends
© Universiti Teknikal Malaysia Melaka
IV
ACKNOWLEDGEMENTS
Alhamdulillah, Thanks to Allah SWT, whom with His v,rilling g•ve me the
opportunity to complete this Final Year Project which is titled Implementation of Secure
Confidential-Document Transfer and Storage. This final year project report was prepared
for Faculty of Information and Communication Technology (FTMK), Universiti
Teknikal Malaysia Melaka (UTeM), basically for student in final year to complete the
undergraduate program that leads to the degree of Bachelor of Computer Science. This
report is baseq on the methods given by the university.
Firstly, I would like to express my deepest thanks to my supervisor, Dr Shekh
FaisaJ Bin Abdul Latip for the inspirational instruction and guidance to me during this
project. His guidance helped me in all the time in my project. I could not have imagined
having a better supervisor for my project.
Deepest thanks and appreciation to my parents, siblings, and friends for their
cooperation, encouragement, constructive suggestion and full of support for the report
completion, from the beginning till the end.
© Universiti Teknikal Malaysia Melaka
v
ABSTRACT
This project describes the development of a system which main objectives are
to enhance the security and efficiency of the current system of file sharing and
message sharing process. This idea of implementing a system that employs a clientserver architecture which involves a certificate authority (CA), which acts as a server
to issue a digital certificate and monitor all the client activities, and a client that uses
encryption technology in order to secure the content of the message and the files,
came up after studying the outdated and unsecure method of UTEMs process of
vetting exam question paper.
For this project, the development focused on the client side. The client side
will use a face recognition, which will be authenticated by the server. The client will
use AES algorithm and RSA algorithm in encryption the messages or files before
sharing or distributing the messages/files to other client. Each user will have their
own digital certificate, issued by the certification authority. User can use the client to
search for other online or offline user, validate their digital certificate and even send
an ofiline message. The client also features a separate decrypting tools to decrypt
received files at any time.
The interfaces and buttons will attempt to replicate the design and styles of
commercial system. The design also will be developed and focused primarily to
promote user friendly. This project will be developed in such a way that I can be run
even using low hardware and software specification, so that I can be run by most
computer. The system will be developed using VB.net languages, luxandFace SDK,
and developed for Windows environment.
© Universiti Teknikal Malaysia Melaka
VI
ABSTRAK
Projek ini menerangkan prose pembangunan sistem dimana objektif
utamanya adalah untuk meningkatkan keselamatan dan kecekapan sistem semasa
proses perkongsian fail dan perkongsian mesej. Idea untuk melaksanakan satu
sistem yang menggunakan seni bina client-server yang melibatkan certification
authority (CA), yang bertindak sebagai pelayan untuk mengeluarkan digital
certificate dan memantau semua ak.'tiviti client, dan client yang menggunakan
teknologi encryption untuk menjamin kandungan mesej dan fail-fail tersebut, timbul
selepas mengkaji kaedah yang ketinggalan zaman dan tidak selamat, yg digunakan
oleh UTEMs dalam proses vetting kertas soalan peperiksaan.
Untuk projek ini, focus tertumpu lebih kepada client. Sahagian client akan
menggunakan pengenalan muka, yang akan disahkan oleh pelayan. Pelanggan akan
menggunakan algoritma AES dan algoritma RSA dalam penyulitan mesej atau fail
sebelum berkongsi atau mengedar mesej I fail kepada pelanggan lain. Setiap
pengguna akan mempunyai digital certificate mereka sendiri, yang dikeluarkan oleh
certification authority. Pengguna boleh menggunakan klien untuk mencari pengguna
lain secara online atau offline, mengesahkan digital certifica te masing-masing dan
juga menghantar mesej offline. Client juga mempunyai fungsi yang berasingan, iaitu
alat decrypting untuk menyahsulitkannya yang fail diterima pada bila-bila masa.
Interface dan butang akan cuba direka dengan meniru reka bentuk dan gaya
sistem komersial. Reka bentukjuga akan dibangunkan dengan memberi tumpuan
untuk mempromosikan mesra pengguna. Projek ini akan dibangunkan supaya boleh
berfungsi walaupun menggunakan perkakasan yang rendah dan spesifikasi perisian,
supaya ianya boleh dikendalikan oleh kebanyakkan komputer. Sistem ini akan
dibangunkan dengan menggunakan VB.NET, luxandFace SDK, dan dibangunkan
untuk persekitaran Windows.
© Universiti Teknikal Malaysia Melaka
VJI
TABLE OF CONTENT
SUBJECT
CHAPTER
CHAPTERl
PAGE
DECLARATION
II
DEDICATION
Ill
ACKNOWLEGEMENT
iv
ABSTRACT
v
ABSTRAK
VI
TABLE OF CONTENTS
VII
LIST OF TABLE
xii
LIST OF FIGURES
xiv
LIST OF ABBREVIATION
XVI
LIST OF ATtACHMENT
XVII
INTRODUCTION
1.1
Project Background
1.2
Problem Statement
2
1.3
Objectives
...,_,
1.4
Scopes
3
1. 5
Project Significant
4
1.6
Conclusion
5
© Universiti Teknikal Malaysia Melaka
VIII
CHAPTER II
LITERITURE RIVIEW AND PROJECT
METHODOLOGY
2.1
Introduction
6
2.2
Facts and Finding
6
2.2.1
Facts On Cryptography
7
2.2.1.1
Symmetric Key Cryptography
7
2.2.1 .2
Asymmetric Key Cryptography
8-9
2.2.1.3
Public Key InfTastructure (PKJ)
9-10
2.2.1.4
Secure Messaging
10-11
2.2. 1.5
Message Digest
II
2.2.1.6
Digital Signature
11-1 2
2.2.2
2.2.3
Facts On Biometric
12
2.2.2. 1 Facial Recognition
13
Case Study
14
2.2.3.1
14-15
UTeM Vetting Process
2.2.3.2 Secure Electronic Registration
and Voting Experiment Case
Study
15-17
2.3
Project Methodology
17-19
2.4
Project Requirement
19
2.4.1
Software Requirement
20
2.4.2
Hardware Requirement
21 -22
2.4
CHAPTKRIO
Project Schedule and Milestone
23
ANALYSTS
3. 1
3.2
Introduction
24
Problem Analysis
24
3.2.1 Analysis of the Current System
24-26
© Universiti Teknikal Malaysia Melaka
IX
3.2.1 Identified Problems
3.3 Requirement Analysis
3.4
CHAPTER IV
26
27
3.3 .1 Data Requirement
27
3.3.2 Functional Requirement
28
3.3.3 Use Case Diagram
29-30
3.3.4 Software Requirement
30-31
3.3.4 Hardware Requirement
32
32
Conclusion
DESIGN
4.1
Introduction
4.2
High Level Design
33
..,..,
.).)
4.2.1
System Architecture
33
4.2.2
User Interface Design
34-41
4.2.2.1 Navigation Design
41 -42
4.2.2.3 Input Design
42-43
Database Design
43
4.2.3.1 Conceptual and Logical
43
4.2.3
Database Desig n
4.3
43
Detailed Design
4.3.1
Software Design
4.3.1.1 Pseudo Code
4.3.2
Physical database design
4.3.2. 1 Data Definition Language
44
44
45
45
(DDL)
4.4
CHAPTER V
Conclusion
46
IMPLEMENTATION
5.1
Introduction
© Universiti Teknikal Malaysia Melaka
47
X
5.2
Software Development Environment Setup
48
5.3
Software Configuration Management
49
5.3.1
Configuration Environment Setup
5.3.2
Version Control Procedure
49
52
5.4
Implementation Status
53
5.5
Conclusion
54
CHAPTER Vl
TESTING
6.1
Introduction
55
6.2
Test Plan
55
6.2.1
Test Organization
6.2.1.1
System tester
56
6.2.1.2
Hardware tester
57
6.2.2
Test Environment
Location/environment
58
6.2.2.2
Hardware
59
6.2.2.3
Software
59
6.2.2.4
Firmware configurations and
6.2.3
Test Schedule
Test Strategy
6.3.1
6.4
58
6.2.2.1
Preparations
6.3
56
Classes ofTests
Test Design
6.4.1
Test Description
60
61
63
63
64
64
6.5
Test Result and Analysis
68
6.6
Conclusion
76
© Universiti Teknikal Malaysia Melaka
XI
CHAPTER VIJ
7. 1
PROJECT CONCLUSION
Observation on Weaknesses and Strengths
7.1.1
System Strengths
78
78
7.1.1.1
Security
78
7. 1.1.2
Practicality and User Friendly
79
7.1.1.3
7. 1.2
Compatibility
System Weaknesses
7.1.2.1
79
Not Operations System
Universal
7 .1.2.2
79
Hardware Reliant
80
80
7.2
Contribution
80
7.3
Conclusion
80
References
81
Bibliography
82
Appendices A (Gantt chart)
83
Appendices B (User Manual)
85
© Universiti Teknikal Malaysia Melaka
Xll
LIST OF TABLES
TITLE
TABLE
PAGE
2.1
Facial Recognition Application
13
2.2
Software Requirement
20
2.3
Hardware Requirement
21
2.4
Milestone
23
3.1
Data Requirement for the -Digital Certificate Generator for
Corporate Public Key Infrastructure
27
3.2
Software Requirement
30
3.3
Hardware Requirement
32
4.1
Features of Facial Recognition Module
35
4.2
Login Input Design
42
4.3
Enroll Input Design
42
5.1
Version Control Procedure for the system
53
5.2
Implementation Status
53
6.1
List of System Tester
56
6.2
List ofTester
57
6.3
Hardware Requirement
59
6.4
Test module of SCDTSS
61
6.5
Classes of Tests
63
6.6
Login Test Case
65
6.7
Connection to Server Test Case
65
© Universiti Teknikal Malaysia Melaka
XIt!
6.8
Search digital certificate
66
6.9
Generate secret key
67
6.10
Encrypting message
67
6.11
Encrypting file
68
6.13
Test Result and Analysis for Login Module
68
6.14
Test Result and Analysis of downloading digital certificate
70
6.15
Test Result and Analysis of searching others staff digital
certificate
70
6.16
Test Result and Analysis of generating secret key
71
6.17
Test Result and Analysis of encrypting and sending message
72
6.18
Test Result and Analysis of Company Profile
74
6.19
Test Result and Analysis of showing expanded information
75
© Universiti Teknikal Malaysia Melaka
XIV
LrST OF FIGURES
TITLE
FIGURE
PAGE
2.1
Symmetric Cryptography
7
2.2
Symmetric Cryptography
8
2.3
RSA algorithm
9
2.4
Public Key Infrastructure (PKI)
10
2.5
Private/Public Key Usage
10
2.6
Message Digest Implementation
11
2.7
Digital Signature
12
2.8
Facial Recognition P rocess
13
2.9
Vetting Procedure In UTeM
14
2. 10
Architecture of SERVE
16
2.11
Implementation of digital signature in SERVE
16
2.12
How SERVE defends against attack
17
2.13
Rapid Application Development (RAD) Cycle
18
3. 1
Vetting procedure in UTeM
25
3.2
Flow chart for certificate registration
28
3.3
Data flow diagram
29
3.4
Use case diagram
30
4.1
The system architecture
34
4.2
Facial SDK 66 recognized point
36
4.3
Log-in Interface
36
© Universiti Teknikal Malaysia Melaka
XV
4.4
Log in successful interface
37
4.5
Distribution of digital certificate by CA
38
4.6
Searching for digital certificate Interface
38
4.7
Process ofvalidating the certificate
39
4.8
Mouse position on the status strip
39
4.9
Main Interface
40
4. 10
Message Transmission process
40
4.11
Expanded View of the main menu
41
4. 12
Navigation design
42
4.13
Entity Relationship Diagram
43
4.14
SQL Statement to save digital certificate into database
46
4.15
SQL statement to select digital certificate from the database
46
5. l
Environment Architecture of SCDTSS
48
5.2
Configuration Management Principles
50
5.3
Configuration Management for manag ing version
51
5.4
Numbering version scheme
52
6.1
Login Interface
69
6.2
Error message when login failed
70
6.3
Download digital certificate message box
70
6.4
Inserting Secret key
71
6.5
Insert staff ID
72
6.6
Certificate found
72
6.7
Key successfully generated
73
6.8
Message sent and received
74
6.9
Encrypting files
75
6.10
Additional information displayed on the bottom ofthe main
76
menu.
© Universiti Teknikal Malaysia Melaka
XVI
LIST OF ABBREVlA TIONS
ABBREVIATION
WORD/DESCRIPTION
DFD
Data Flow Diagram
DDL
Data Definition Language
ERD
Entity Relationship Diagram
UTeM
Universiti Teknikal Malaysia Melaka
© Universiti Teknikal Malaysia Melaka
XVII
LIST OF ATTACHMENTS
ATTACHMENTS
TITLE
PAGE
A
Gantt chart
84
B
User Manual
86
© Universiti Teknikal Malaysia Melaka
1
CHAPTER I
INTRODUCTION
l.l Project Backgnmnd
Everybody needs a sense of security and pri vacy in their life. This is the basic
needs of human. This basic need also apply in the IT and cyber world. As an
indi vidual, we need to secure anything that is private and personal to us.
As an
organization, it is essential that sensitive data being protected. A breach of such
security and privacy could result in safety concern, and loss in terms of profit for
organization. That is why we need to secure anything that is important and private to
us.
Encryption is one of the most effective methods to secure a files or
application. This process of encryption hides the contents of a message in a way that
the original information is recovered only through a decryption process. The purpose
of Encryption is to prevent unauthorized parties from viewing or modifying the data.
Encryption occurs when the data is passed through some substitute technique,
shifting technique, table references or mathematical operations. All those processes
generate a different form of that data. The unencrypted data is referred to as the
plaintext and the encrypted data as the cipher text, which is representation of the
original data in a difference form.
Key-based algorithms use an Encryption key to encrypt the message. There
are two general categories for key-based Encryption: Symmetric Encryption which
uses a single key to encrypt and decrypt the message and Asymmetric Encryption
which uses two different keys - a public key to encrypt the message, and a private
key to decrypt it. Currently, there are several types o f key based Encryption
© Universiti Teknikal Malaysia Melaka
2
algorithms such as: HASH, RSA, AES, BLOWFISH, RC6, and others but all of
these algorithms depend on high mathematical manipulations.
In this project, a secure classified-document transfer and storage application
·will be developed, to address the problem of security attack and security flaw, and
provide a secure method of sharing and storing classified documents.
1.2 Problem Statements
Security and privacy has been considered a basic need for human. It is crucial to
protect individual or organization privacy and sensitive as failure to do so might
cause trouble, problem and even crimes involving theft, fraudulence, and industrial
spying. However, the current culture and society still take security issue for granted.
Most individual and organization only employed and implemented minimum security
measure at most, and the rest are still ignorance on issue related to security and
privacy. The majority of business and educational institution are still using paper
based submission, which is very unsecure way of circulating or transmitting sensitive
and private information. To address this problem, most has already adopted a system
that can send the soft-copy of the private files or messages, over the network, such as
LAN or WAN. But still this method are not considered as a safer alternative as the
files and messages can still be intercepted or sniffed. Message wrote in a plain-text
format can easily be sniffed and read using Wireshark, a network monitoring tools
that are available on the internet, free for download. File that was intercepted can
readily be run or opened. Without applying an encryption on these messages or files,
there is no use in migrating from paper-based system to computerized network based
system.
Furthermore, with the current method or system, there is no way to be sure that
there is no impersonation occur, which means that the person we are communication
with are no an impersonator. There is also no effective way to ensure the integrity of
the message, and proof of origin (non-repudiation). If there is a dispute, a
complication will arise because the sender can deny the content of the message or
even deny having sent it.
© Universiti Teknikal Malaysia Melaka
3
In short, the current method of sharing and sending classified information or files
have no:
•
Confidentiality to prevent unauthorized disclosure or information.
•
Integrity to prevent unauthorized modification or substitution of information.
•
Availability which prevent unauthorized withholding of information or
resources (denial of service)
•
Non repudiation, to avoid sender from deny the content of the message or
even deny having sent it
1.3 Objectives
There are four main objective of the project. They are:
•
To develop an application that is capable of sending and storing files/message
securely by means of encryption technology.
•
To provide the application with better security by implementing biometricsface recognition login
•
To ensure the developed software is user-friendly, practical and lightweight.
1.4 Scope
•
Encryption Algorithm
For this project, only block cipher encryption will be implemented. The
encryption algorithm are Advanced Encryption Standard (AES) or rijndael
algorithm and RSA algorithm.
Stream cipher will not be use, as it is deemed unsuitable for this project
This project will not explore or analyze these algorithm and its mathematical
formulae in details.
© Universiti Teknikal Malaysia Melaka
4
•
Environment
This application
IS
intended to be used on windows operating system
environment, and this project will on limits its scope on window environment.
•
Workstation
This application is intended to be use on computer, laptops and netbook.
Therefore this project will not cover on its usability, or guarantee its stability
in other device such as mobile phone or tablet pc.
•
Digital Certificate and Certification Authority
Although this application rely on digital certificate to accomplish its
objectives, this project do not cover on the subjects of generation of the
asymmetric key (private/public key), creation of digital certificate, and its
distribution.
1.5 Project Significance
The implementation of encryption method in securing messages and files,
will surely increased the level of privacy and security of individual or organization.
Files and messages can be send and distributed freely without worrying about the
content being exposed or sniffed, as the content is encrypted and the cipher text is
useless to those who did not know the private key. This will surely increase the
productivity and stability of individual or organization.
1.6 Conclusion
Security and privacy remains as one of the basic needs of human being. It is
also important for large organization and business. To an individual, protecting this
means protecting their safety, and to a business organization protecting and security
© Universiti Teknikal Malaysia Melaka
5
means protecting their money. Therefore to ensure privacy and security,
cryptography is one of the best and practical methods.
That is why protecting and securing files and messages by means of
encryption is the main focus o f th.is project, where the software is expected to be
simple, user friendly and yet practical and full with features .
In the next chapter, the report will explain about literature review and project
methodology used throughout the project. The literature review discusses the domain
related to the project.
© Universiti Teknikal Malaysia Melaka
6
CHAPTER II
LITERATURE REVIEW AND PROJECT METHODOLOGY
2.1 Introduction
This chapter will discuss in details on literature review related to the project
and also the methodology used in researching and completing the project. The
purpose of this chapter is to conduct the research about the other systems or
applications that are similar to the system that will be developed. All aspect is
studied in order to develop a system that is more effective. Furthermore, the
discussion is also including the methodologies, techniques, hardware and software
that being used in other research. The comparison between them is analyzed to
highlight the differences thus determine the better solutions for this project.
2.2 Facts and finding
Approach, passed research, reference and case study will be discussed under
this topic. The approach will be supported from a publish materials or passed
research.
© Universiti Teknikal Malaysia Melaka
JUDUL: fMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT
TRANSFER AND STORAGE
seipngajZセRPQ
セRM
Saya DANIE DANIAL BIN MOHAMED SALIM
(HURUF BESAR)
mengaku membenarkan tesis (PSM/Sarjana!Dok.1:or FaJsafah) ini disimpan di
Perpustakaan FakuJti Teknologi Maklumat dan Komunikasi dengan syarat-syarat
kegunaan seperti berikut:
l.
2.
3.
4.
Tesis adaJah hakmilik Uni versiti TeknikaJ Malaysia Melaka
Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan untuk tujuan pengajian sahaja
Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat saJinan tesis ini sebagai bahan pertukaran antara institusi
pengajian tinggi.
** Sila tandakan (/)
I
SULIT
(Mengandungi maklumat yang
berdarjah keselamatan atau kepentingan
Malaysia seperti yang termaktub di
daJam AKTA RAHSIA RASMI 1972)
TERHAD
(Mengandungi maklumat TERHAD
yang telah ditentukan oleh organisasi/
badan di mana penyelidikan dijaJankan)
TIDAK TERHAD
(T
Alamat tetap: No 2 JaJan MP 11,
Melaka Perdana Resort Homes,
75450 A er Kerob,
Mel aka
Tarikh :
M
::L'l
セ セ
/s /
セ
M
1- 0
1 )-
andセeliI@
DR SHEKH FAISAL BIN ABDUL
LATIP
Nama Penyelia
Tarikh :
© Universiti Teknikal Malaysia Melaka
..9.q /
セ@
I
;Lo I 1--
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER
AND STORAGE
DANIE DANLAL BIN MOHAMED SALIM
This report is submitted in partial fulfilment of the requirements for the
Bachelor of Computer Science (Software Development)
FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY
UNIVERSrTI TEKNIKAL MALAYSIA MELAKA
2012
© Universiti Teknikal Malaysia Melaka
II
DECLARATION
I hereby declare this project report entitled
IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER
AND STORAGE
is written by me and is my own effort and that no part has been plagiarized without
citations.
'214'
STUDENT
1
Date
1/'i/;fll
L
(DANf{I;ANIAL BIN MOHAMED SALIM)
SUPERVISOR
_
Hdセ@
⦅LFセ
N⦅
ᄋ@ _
_
Date: [;)_.'\
SHEKH F AISAL BIN ABDUL LATIP)
© Universiti Teknikal Malaysia Melaka
Ig--} Q..o\
セ@
Ill
DEDICATION
To my beloved parents, Mohamed Salim Abbas and Faziah Omar
To my supervisor, Dr.Shekh Faisal Bin Abdul Latip
To my sisters and brothers
To my cooperative friends
© Universiti Teknikal Malaysia Melaka
IV
ACKNOWLEDGEMENTS
Alhamdulillah, Thanks to Allah SWT, whom with His v,rilling g•ve me the
opportunity to complete this Final Year Project which is titled Implementation of Secure
Confidential-Document Transfer and Storage. This final year project report was prepared
for Faculty of Information and Communication Technology (FTMK), Universiti
Teknikal Malaysia Melaka (UTeM), basically for student in final year to complete the
undergraduate program that leads to the degree of Bachelor of Computer Science. This
report is baseq on the methods given by the university.
Firstly, I would like to express my deepest thanks to my supervisor, Dr Shekh
FaisaJ Bin Abdul Latip for the inspirational instruction and guidance to me during this
project. His guidance helped me in all the time in my project. I could not have imagined
having a better supervisor for my project.
Deepest thanks and appreciation to my parents, siblings, and friends for their
cooperation, encouragement, constructive suggestion and full of support for the report
completion, from the beginning till the end.
© Universiti Teknikal Malaysia Melaka
v
ABSTRACT
This project describes the development of a system which main objectives are
to enhance the security and efficiency of the current system of file sharing and
message sharing process. This idea of implementing a system that employs a clientserver architecture which involves a certificate authority (CA), which acts as a server
to issue a digital certificate and monitor all the client activities, and a client that uses
encryption technology in order to secure the content of the message and the files,
came up after studying the outdated and unsecure method of UTEMs process of
vetting exam question paper.
For this project, the development focused on the client side. The client side
will use a face recognition, which will be authenticated by the server. The client will
use AES algorithm and RSA algorithm in encryption the messages or files before
sharing or distributing the messages/files to other client. Each user will have their
own digital certificate, issued by the certification authority. User can use the client to
search for other online or offline user, validate their digital certificate and even send
an ofiline message. The client also features a separate decrypting tools to decrypt
received files at any time.
The interfaces and buttons will attempt to replicate the design and styles of
commercial system. The design also will be developed and focused primarily to
promote user friendly. This project will be developed in such a way that I can be run
even using low hardware and software specification, so that I can be run by most
computer. The system will be developed using VB.net languages, luxandFace SDK,
and developed for Windows environment.
© Universiti Teknikal Malaysia Melaka
VI
ABSTRAK
Projek ini menerangkan prose pembangunan sistem dimana objektif
utamanya adalah untuk meningkatkan keselamatan dan kecekapan sistem semasa
proses perkongsian fail dan perkongsian mesej. Idea untuk melaksanakan satu
sistem yang menggunakan seni bina client-server yang melibatkan certification
authority (CA), yang bertindak sebagai pelayan untuk mengeluarkan digital
certificate dan memantau semua ak.'tiviti client, dan client yang menggunakan
teknologi encryption untuk menjamin kandungan mesej dan fail-fail tersebut, timbul
selepas mengkaji kaedah yang ketinggalan zaman dan tidak selamat, yg digunakan
oleh UTEMs dalam proses vetting kertas soalan peperiksaan.
Untuk projek ini, focus tertumpu lebih kepada client. Sahagian client akan
menggunakan pengenalan muka, yang akan disahkan oleh pelayan. Pelanggan akan
menggunakan algoritma AES dan algoritma RSA dalam penyulitan mesej atau fail
sebelum berkongsi atau mengedar mesej I fail kepada pelanggan lain. Setiap
pengguna akan mempunyai digital certificate mereka sendiri, yang dikeluarkan oleh
certification authority. Pengguna boleh menggunakan klien untuk mencari pengguna
lain secara online atau offline, mengesahkan digital certifica te masing-masing dan
juga menghantar mesej offline. Client juga mempunyai fungsi yang berasingan, iaitu
alat decrypting untuk menyahsulitkannya yang fail diterima pada bila-bila masa.
Interface dan butang akan cuba direka dengan meniru reka bentuk dan gaya
sistem komersial. Reka bentukjuga akan dibangunkan dengan memberi tumpuan
untuk mempromosikan mesra pengguna. Projek ini akan dibangunkan supaya boleh
berfungsi walaupun menggunakan perkakasan yang rendah dan spesifikasi perisian,
supaya ianya boleh dikendalikan oleh kebanyakkan komputer. Sistem ini akan
dibangunkan dengan menggunakan VB.NET, luxandFace SDK, dan dibangunkan
untuk persekitaran Windows.
© Universiti Teknikal Malaysia Melaka
VJI
TABLE OF CONTENT
SUBJECT
CHAPTER
CHAPTERl
PAGE
DECLARATION
II
DEDICATION
Ill
ACKNOWLEGEMENT
iv
ABSTRACT
v
ABSTRAK
VI
TABLE OF CONTENTS
VII
LIST OF TABLE
xii
LIST OF FIGURES
xiv
LIST OF ABBREVIATION
XVI
LIST OF ATtACHMENT
XVII
INTRODUCTION
1.1
Project Background
1.2
Problem Statement
2
1.3
Objectives
...,_,
1.4
Scopes
3
1. 5
Project Significant
4
1.6
Conclusion
5
© Universiti Teknikal Malaysia Melaka
VIII
CHAPTER II
LITERITURE RIVIEW AND PROJECT
METHODOLOGY
2.1
Introduction
6
2.2
Facts and Finding
6
2.2.1
Facts On Cryptography
7
2.2.1.1
Symmetric Key Cryptography
7
2.2.1 .2
Asymmetric Key Cryptography
8-9
2.2.1.3
Public Key InfTastructure (PKJ)
9-10
2.2.1.4
Secure Messaging
10-11
2.2. 1.5
Message Digest
II
2.2.1.6
Digital Signature
11-1 2
2.2.2
2.2.3
Facts On Biometric
12
2.2.2. 1 Facial Recognition
13
Case Study
14
2.2.3.1
14-15
UTeM Vetting Process
2.2.3.2 Secure Electronic Registration
and Voting Experiment Case
Study
15-17
2.3
Project Methodology
17-19
2.4
Project Requirement
19
2.4.1
Software Requirement
20
2.4.2
Hardware Requirement
21 -22
2.4
CHAPTKRIO
Project Schedule and Milestone
23
ANALYSTS
3. 1
3.2
Introduction
24
Problem Analysis
24
3.2.1 Analysis of the Current System
24-26
© Universiti Teknikal Malaysia Melaka
IX
3.2.1 Identified Problems
3.3 Requirement Analysis
3.4
CHAPTER IV
26
27
3.3 .1 Data Requirement
27
3.3.2 Functional Requirement
28
3.3.3 Use Case Diagram
29-30
3.3.4 Software Requirement
30-31
3.3.4 Hardware Requirement
32
32
Conclusion
DESIGN
4.1
Introduction
4.2
High Level Design
33
..,..,
.).)
4.2.1
System Architecture
33
4.2.2
User Interface Design
34-41
4.2.2.1 Navigation Design
41 -42
4.2.2.3 Input Design
42-43
Database Design
43
4.2.3.1 Conceptual and Logical
43
4.2.3
Database Desig n
4.3
43
Detailed Design
4.3.1
Software Design
4.3.1.1 Pseudo Code
4.3.2
Physical database design
4.3.2. 1 Data Definition Language
44
44
45
45
(DDL)
4.4
CHAPTER V
Conclusion
46
IMPLEMENTATION
5.1
Introduction
© Universiti Teknikal Malaysia Melaka
47
X
5.2
Software Development Environment Setup
48
5.3
Software Configuration Management
49
5.3.1
Configuration Environment Setup
5.3.2
Version Control Procedure
49
52
5.4
Implementation Status
53
5.5
Conclusion
54
CHAPTER Vl
TESTING
6.1
Introduction
55
6.2
Test Plan
55
6.2.1
Test Organization
6.2.1.1
System tester
56
6.2.1.2
Hardware tester
57
6.2.2
Test Environment
Location/environment
58
6.2.2.2
Hardware
59
6.2.2.3
Software
59
6.2.2.4
Firmware configurations and
6.2.3
Test Schedule
Test Strategy
6.3.1
6.4
58
6.2.2.1
Preparations
6.3
56
Classes ofTests
Test Design
6.4.1
Test Description
60
61
63
63
64
64
6.5
Test Result and Analysis
68
6.6
Conclusion
76
© Universiti Teknikal Malaysia Melaka
XI
CHAPTER VIJ
7. 1
PROJECT CONCLUSION
Observation on Weaknesses and Strengths
7.1.1
System Strengths
78
78
7.1.1.1
Security
78
7. 1.1.2
Practicality and User Friendly
79
7.1.1.3
7. 1.2
Compatibility
System Weaknesses
7.1.2.1
79
Not Operations System
Universal
7 .1.2.2
79
Hardware Reliant
80
80
7.2
Contribution
80
7.3
Conclusion
80
References
81
Bibliography
82
Appendices A (Gantt chart)
83
Appendices B (User Manual)
85
© Universiti Teknikal Malaysia Melaka
Xll
LIST OF TABLES
TITLE
TABLE
PAGE
2.1
Facial Recognition Application
13
2.2
Software Requirement
20
2.3
Hardware Requirement
21
2.4
Milestone
23
3.1
Data Requirement for the -Digital Certificate Generator for
Corporate Public Key Infrastructure
27
3.2
Software Requirement
30
3.3
Hardware Requirement
32
4.1
Features of Facial Recognition Module
35
4.2
Login Input Design
42
4.3
Enroll Input Design
42
5.1
Version Control Procedure for the system
53
5.2
Implementation Status
53
6.1
List of System Tester
56
6.2
List ofTester
57
6.3
Hardware Requirement
59
6.4
Test module of SCDTSS
61
6.5
Classes of Tests
63
6.6
Login Test Case
65
6.7
Connection to Server Test Case
65
© Universiti Teknikal Malaysia Melaka
XIt!
6.8
Search digital certificate
66
6.9
Generate secret key
67
6.10
Encrypting message
67
6.11
Encrypting file
68
6.13
Test Result and Analysis for Login Module
68
6.14
Test Result and Analysis of downloading digital certificate
70
6.15
Test Result and Analysis of searching others staff digital
certificate
70
6.16
Test Result and Analysis of generating secret key
71
6.17
Test Result and Analysis of encrypting and sending message
72
6.18
Test Result and Analysis of Company Profile
74
6.19
Test Result and Analysis of showing expanded information
75
© Universiti Teknikal Malaysia Melaka
XIV
LrST OF FIGURES
TITLE
FIGURE
PAGE
2.1
Symmetric Cryptography
7
2.2
Symmetric Cryptography
8
2.3
RSA algorithm
9
2.4
Public Key Infrastructure (PKI)
10
2.5
Private/Public Key Usage
10
2.6
Message Digest Implementation
11
2.7
Digital Signature
12
2.8
Facial Recognition P rocess
13
2.9
Vetting Procedure In UTeM
14
2. 10
Architecture of SERVE
16
2.11
Implementation of digital signature in SERVE
16
2.12
How SERVE defends against attack
17
2.13
Rapid Application Development (RAD) Cycle
18
3. 1
Vetting procedure in UTeM
25
3.2
Flow chart for certificate registration
28
3.3
Data flow diagram
29
3.4
Use case diagram
30
4.1
The system architecture
34
4.2
Facial SDK 66 recognized point
36
4.3
Log-in Interface
36
© Universiti Teknikal Malaysia Melaka
XV
4.4
Log in successful interface
37
4.5
Distribution of digital certificate by CA
38
4.6
Searching for digital certificate Interface
38
4.7
Process ofvalidating the certificate
39
4.8
Mouse position on the status strip
39
4.9
Main Interface
40
4. 10
Message Transmission process
40
4.11
Expanded View of the main menu
41
4. 12
Navigation design
42
4.13
Entity Relationship Diagram
43
4.14
SQL Statement to save digital certificate into database
46
4.15
SQL statement to select digital certificate from the database
46
5. l
Environment Architecture of SCDTSS
48
5.2
Configuration Management Principles
50
5.3
Configuration Management for manag ing version
51
5.4
Numbering version scheme
52
6.1
Login Interface
69
6.2
Error message when login failed
70
6.3
Download digital certificate message box
70
6.4
Inserting Secret key
71
6.5
Insert staff ID
72
6.6
Certificate found
72
6.7
Key successfully generated
73
6.8
Message sent and received
74
6.9
Encrypting files
75
6.10
Additional information displayed on the bottom ofthe main
76
menu.
© Universiti Teknikal Malaysia Melaka
XVI
LIST OF ABBREVlA TIONS
ABBREVIATION
WORD/DESCRIPTION
DFD
Data Flow Diagram
DDL
Data Definition Language
ERD
Entity Relationship Diagram
UTeM
Universiti Teknikal Malaysia Melaka
© Universiti Teknikal Malaysia Melaka
XVII
LIST OF ATTACHMENTS
ATTACHMENTS
TITLE
PAGE
A
Gantt chart
84
B
User Manual
86
© Universiti Teknikal Malaysia Melaka
1
CHAPTER I
INTRODUCTION
l.l Project Backgnmnd
Everybody needs a sense of security and pri vacy in their life. This is the basic
needs of human. This basic need also apply in the IT and cyber world. As an
indi vidual, we need to secure anything that is private and personal to us.
As an
organization, it is essential that sensitive data being protected. A breach of such
security and privacy could result in safety concern, and loss in terms of profit for
organization. That is why we need to secure anything that is important and private to
us.
Encryption is one of the most effective methods to secure a files or
application. This process of encryption hides the contents of a message in a way that
the original information is recovered only through a decryption process. The purpose
of Encryption is to prevent unauthorized parties from viewing or modifying the data.
Encryption occurs when the data is passed through some substitute technique,
shifting technique, table references or mathematical operations. All those processes
generate a different form of that data. The unencrypted data is referred to as the
plaintext and the encrypted data as the cipher text, which is representation of the
original data in a difference form.
Key-based algorithms use an Encryption key to encrypt the message. There
are two general categories for key-based Encryption: Symmetric Encryption which
uses a single key to encrypt and decrypt the message and Asymmetric Encryption
which uses two different keys - a public key to encrypt the message, and a private
key to decrypt it. Currently, there are several types o f key based Encryption
© Universiti Teknikal Malaysia Melaka
2
algorithms such as: HASH, RSA, AES, BLOWFISH, RC6, and others but all of
these algorithms depend on high mathematical manipulations.
In this project, a secure classified-document transfer and storage application
·will be developed, to address the problem of security attack and security flaw, and
provide a secure method of sharing and storing classified documents.
1.2 Problem Statements
Security and privacy has been considered a basic need for human. It is crucial to
protect individual or organization privacy and sensitive as failure to do so might
cause trouble, problem and even crimes involving theft, fraudulence, and industrial
spying. However, the current culture and society still take security issue for granted.
Most individual and organization only employed and implemented minimum security
measure at most, and the rest are still ignorance on issue related to security and
privacy. The majority of business and educational institution are still using paper
based submission, which is very unsecure way of circulating or transmitting sensitive
and private information. To address this problem, most has already adopted a system
that can send the soft-copy of the private files or messages, over the network, such as
LAN or WAN. But still this method are not considered as a safer alternative as the
files and messages can still be intercepted or sniffed. Message wrote in a plain-text
format can easily be sniffed and read using Wireshark, a network monitoring tools
that are available on the internet, free for download. File that was intercepted can
readily be run or opened. Without applying an encryption on these messages or files,
there is no use in migrating from paper-based system to computerized network based
system.
Furthermore, with the current method or system, there is no way to be sure that
there is no impersonation occur, which means that the person we are communication
with are no an impersonator. There is also no effective way to ensure the integrity of
the message, and proof of origin (non-repudiation). If there is a dispute, a
complication will arise because the sender can deny the content of the message or
even deny having sent it.
© Universiti Teknikal Malaysia Melaka
3
In short, the current method of sharing and sending classified information or files
have no:
•
Confidentiality to prevent unauthorized disclosure or information.
•
Integrity to prevent unauthorized modification or substitution of information.
•
Availability which prevent unauthorized withholding of information or
resources (denial of service)
•
Non repudiation, to avoid sender from deny the content of the message or
even deny having sent it
1.3 Objectives
There are four main objective of the project. They are:
•
To develop an application that is capable of sending and storing files/message
securely by means of encryption technology.
•
To provide the application with better security by implementing biometricsface recognition login
•
To ensure the developed software is user-friendly, practical and lightweight.
1.4 Scope
•
Encryption Algorithm
For this project, only block cipher encryption will be implemented. The
encryption algorithm are Advanced Encryption Standard (AES) or rijndael
algorithm and RSA algorithm.
Stream cipher will not be use, as it is deemed unsuitable for this project
This project will not explore or analyze these algorithm and its mathematical
formulae in details.
© Universiti Teknikal Malaysia Melaka
4
•
Environment
This application
IS
intended to be used on windows operating system
environment, and this project will on limits its scope on window environment.
•
Workstation
This application is intended to be use on computer, laptops and netbook.
Therefore this project will not cover on its usability, or guarantee its stability
in other device such as mobile phone or tablet pc.
•
Digital Certificate and Certification Authority
Although this application rely on digital certificate to accomplish its
objectives, this project do not cover on the subjects of generation of the
asymmetric key (private/public key), creation of digital certificate, and its
distribution.
1.5 Project Significance
The implementation of encryption method in securing messages and files,
will surely increased the level of privacy and security of individual or organization.
Files and messages can be send and distributed freely without worrying about the
content being exposed or sniffed, as the content is encrypted and the cipher text is
useless to those who did not know the private key. This will surely increase the
productivity and stability of individual or organization.
1.6 Conclusion
Security and privacy remains as one of the basic needs of human being. It is
also important for large organization and business. To an individual, protecting this
means protecting their safety, and to a business organization protecting and security
© Universiti Teknikal Malaysia Melaka
5
means protecting their money. Therefore to ensure privacy and security,
cryptography is one of the best and practical methods.
That is why protecting and securing files and messages by means of
encryption is the main focus o f th.is project, where the software is expected to be
simple, user friendly and yet practical and full with features .
In the next chapter, the report will explain about literature review and project
methodology used throughout the project. The literature review discusses the domain
related to the project.
© Universiti Teknikal Malaysia Melaka
6
CHAPTER II
LITERATURE REVIEW AND PROJECT METHODOLOGY
2.1 Introduction
This chapter will discuss in details on literature review related to the project
and also the methodology used in researching and completing the project. The
purpose of this chapter is to conduct the research about the other systems or
applications that are similar to the system that will be developed. All aspect is
studied in order to develop a system that is more effective. Furthermore, the
discussion is also including the methodologies, techniques, hardware and software
that being used in other research. The comparison between them is analyzed to
highlight the differences thus determine the better solutions for this project.
2.2 Facts and finding
Approach, passed research, reference and case study will be discussed under
this topic. The approach will be supported from a publish materials or passed
research.
© Universiti Teknikal Malaysia Melaka