CHAPTER 1

INTRODUCTION AND H/W & S/W REQUIREMENTS:

An introduction to “Online Secure Information Sending System”. In this project we

will provide a secure information sending system through encryption to users. Our
system will allow you to send and receive encrypted and signed email with any other
user in there contact (and with your instructor and grader). We are going to use both
symmetric-key and public-key techniques in this project, thus tying together several of
the concepts of encryption through AES thro. As usual, we’ll use Open SSL as our
toolkit, either via the command-line interface (easiest) or via system calls (you’ll need
the Open SSL book for this!).Online mailing system is a web application through
which users can send mails to one another through World Wide Web.

CRYPTOGRAPHY:

Cryptography is a Greek word. Which comes from two words Crypto + Graph in
meaning "Hidden or Secret "+ "Writing or Study". It is used for Encryption and
Decryption for sending E-mails. The many schemes used for Encryption constitute the
area of Study is known as Cryptography, Such a schemes is known as a Cryptographic
System or a Cipher. Technic used for Decryption a message without any knowledge
of the Encryption details fill in the area of cryptanalysis is what a \the layperson calls
breaking the code.

ENCRYPTION:

Encryption is a process of Enciphering which means Converting Plaintext to Cipher

text. Firstly the original text i.e. clear text is converted into bytes and then for the AES

1
algorithm to perform encryption, we need to generate Key and IV using the derived
bytes and the symmetric key. Using Memory Stream and Crypto Stream the clear text
is encrypted and written to byte array and finally the byte array is converted to
Base64String and returned which is the final outcome i.e. the corresponding encrypted
text.

 DECRYPTION:

Decryption is a process of deciphering which means Converting Cipher text to

Plaintext. Firstly the encrypted text i.e. cipher text is converted into bytes and then
similar to the encryption process here too we will generate Key and IV using the
derived bytes and the symmetric key. Using Memory Stream and Crypto Stream the
cipher text is decrypted and written to byte array and finally the byte array is
converted to Base64String and returned, which is the decrypted original text.

2
Aims and Objectives:

The Objective of “InfoSecure” is to sending secure information make extremely user

friendly. The provider is specified first the mail and the messages would be sent
automatically. We can also schedule the messages according to our timings as well.
This application is extremely useful for sites that give predominant importance to
customer service. The clients mail id is stored and the mails to that id is sent by the
admin either instantly or by scheduling the mail, by scheduling the mail the messages
would be sent automatically.

InfoSecure providing a Common platform for encryption and decryption

(Cryptography) through AES Algorithm in ASP.Net using C#. This website makes
use of Symmetric (Same) Key AES Algorithm for Encryption and Decryption.

As a result, the only way to protect the online information sending is through the use
of cryptography. The past 20 years has seen numerous efforts to make secure internet
information possible, if not ubiquitous.

There are followings objectives:

 The main objective is that the sanded message should be reached at the
authenticated person.
 The secured information should not be accessed by unauthorized person.

3
System Requirement

• It is recommended that the minimum configuration for clients is as appended below-

HARDWARE REQUIREMENTS:

 Microprocessor:Pentium-4 class processor.

 Processor Speed:450 megahertz or Above
 RAM:512B RAM or Above
 Hard Disk:120GB Hard Disk or Above

SOFTWARE REQUIREMENT

 Platform : Windows XP or Above

 Operating System:Windows XP Professional
 Integrated Development Environment : Microsoft Visual
Studio2012( 4.5)
 Front-End Tool :ASP.Net with C#, AJAX, CSS
 Back-End Tool : MS-SQL Server 2008
 Data Base : SQL Server
 Web Server : IIS 7.0(Internet Information Server)

4
 CHAPTER 2
PROBLEM IDENTIFICATION & FEASIBILITY STUDY:

Problem Identification:
Identity-based cryptography is a type of public-key cryptography in which a publicly
known string representing an individual or organization is used as a public key. The
public string could include an email address, domain name, or a physical IP address.

The first implementation of identity-based signatures and an email-address

based public-key infrastructure (PKI) was developed by Adi Shamir in 1984,[1] which
allowed users to verify digital signatures using only public information such as the
user's identifier.

Under Shamir's scheme, a trusted third party would deliver the private key to the user
after verification of the user's identity, with verification essentially the same as that
required for issuing a certificate in a typical PKI.

Shamir similarly proposed identity-based encryption, which appeared particularly

attractive since there was no need to acquire an identity's public key prior to
encryption. However, he was unable to come up with a concrete solution, and
identity-based encryption remained an open problem for many years. The first
practical implementations were finally devised by Sakai in 2000,[2] and Boneh and
Franklin in 2001.[3] These solutions were based on bilinear pairings. Also in 2001, a
solution was developed independently by Clifford Cocks.

5
Identity-based systems allow any party to generate a public key from a known identity
value such as an ASCII string. A trusted third party, called the Private Key
Generator (PKG), generates the corresponding private keys. To operate, the PKG first
publishes a master public key, and retains the corresponding master private
key (referred to as master key). Given the master public key, any party can compute a
public key corresponding to the identity by combining the master public key with the
identity value. To obtain a corresponding private key, the party authorized to use the
identity ID contacts the PKG, which uses the master private key to generate the
private key for identity ID.

As a result, parties may encrypt messages (or verify signatures) with no prior
distribution of keys between individual participants. This is extremely useful in cases
where pre-distribution of authenticated keys is inconvenient or infeasible due to
technical restraints. However, to decrypt or sign messages, the authorized user must
obtain the appropriate private key from the PKG. A caveat of this approach is that the
PKG must be highly trusted, as it is capable of generating any user's private key and
may therefore decrypt (or sign) messages without authorization. Because any user's
private key can be generated through the use of the third party's secret, this system has
inherent key escrow. A number of variant systems have been proposed which remove
the escrow including certificate-based encryption, secure key issuing
cryptographyand certificateless cryptography.The steps involved are depicted in this
diagram:

6
Fig.1- ID Based Encryption: Offline and Online Steps

Encryption schemes

The most efficient identity-based encryption schemes are currently based

on bilinear pairings on elliptic curves, such as the Weil or Tate pairings. The
first of these schemes was developed by Dan Boneh and Matthew K.
Franklin (2001), and performs probabilistic encryption of arbitrary cipher texts

7
using an Elgamal-like approach. Though the Boneh-Franklin
scheme is provably secure, the security proof rests on relatively new
assumptions about the hardness of problems in certain elliptic curve groups.

Another approach to identity-based encryption was proposed by Clifford

Cocks in 2001. The Cocks IBE scheme is based on well-studied assumptions
(the quadratic residuosity assumption) but encrypts messages one bit at a time
with a high degree of ciphertext expansion. Thus it is highly inefficient and
impractical for sending all but the shortest messages, such as a session key for
use with a symmetric cipher.

System Planning is one of the important items to be considered before actually

beginning the project. Planning is performed on the issued like defining Life
Cycle Model and an organizational structure project, configuration management,
quality and validation activities.

In the process of the System Planning various phase-dependent tools, techniques

and notations are determined. Preliminary cost estimates for the system
development and preliminary development schedules are established. Preliminary
estimates of the computing resources required to operate and maintain the system
are developed, glossary of terms are prepared.

System Planning is one of the important items to be considered before actually

beginning the project. Planning is performed on the issued like defining
LifeCycleModel and an organizational structure project, configuration management,
quality and validation activities.

8
In the process of the System Planning various phase-dependent tools, techniques
and notations are determined. Preliminary cost estimates for the system
development and preliminary development schedules are established. Preliminary
estimates of the computing resources required to operate and maintain the system
are developed, glossary of terms are prepared.

Objectives:The main objectives of this study are as follows: -

The main objective of Online Secure Information Sending System is to provide an
automated system to maintain the resources of the Secure mail.

 To provide an user friendly and multi-user interface for handling the

application.
 To provide a user authentication and different interface depending upon the
type of user logged in
 To provide maximum level of security for the data.
 To provide the necessary reports to various users in time.

These are the main objectives of the Online Secure Information Sending System.

Benefits: A computer based information system is usually needed for the

following purposes.

Greater Processing Speed:

Using computers inherent ability to calculate, sort, retrieve data with greater speed
than that of the human doing we can get message by providing message key.
Visual Basic guaranties for the faster query processing thus we are satisfied with
Visual Basic itself supporting in this direction.
Better Accuracy and Improved Consistency:

9
The computer carries out computing steps including arithmetic accurately and
consistently from which really human is escaped which yields more fatigue and
boredom.
Cost Reduction:
Using computerization we can do the required operations with lower cost than any
other methods. Hence by computerization we can reduce the cost drastically

Advantages

One of the major advantages of any identity-based encryption scheme is that if there
are only a finite number of users, after all users have been issued with keys the third
party's secret can be destroyed. This can take place because this system assumes that,
once issued, keys are always valid (as this basic system lacks a method of key
revocation). The majority of derivatives of this system which have key revocation lose
this advantage.

Moreover, as public keys are derived from identifiers, IBE eliminates the need for a
public key distribution infrastructure. The authenticity of the public keys is guaranteed
implicitly as long as the transport of the private keys to the corresponding user is kept
secure (Authenticity, Integrity, Confidentiality).

Apart from these aspects, IBE offers interesting features emanating from the
possibility to encode additional information into the identifier. For instance, a sender
might specify an expiration date for a message. He appends this timestamp to the
actual recipient's identity (possibly using some binary format like X.509). When the
receiver contacts the PKG to retrieve the private key for this public key, the PKG can
evaluate the identifier and decline the extraction if the expiration date has passed.
Generally, embedding data in the ID corresponds to opening an additional channel
between sender and PKG with authenticity guaranteed through the dependency of the
private key on the identifier.

10
Drawbacks:

 If a Private Key Generator (PKG) is compromised, all messages protected over

the entire lifetime of the public-private key pair used by that server are also
compromised. This makes the PKG a high-value target to adversaries. To limit the
exposure due to a compromised server, the master private-public key pair could be
updated with a new independent key pair. However, this introduces a key-
management problem where all users must have the most recent public key for the
server
 Because the Private Key Generator (PKG) generates private keys for users, it
may decrypt and/or sign any message without authorization. This implies that
IBE systems cannot be used for non-repudiation. This may not be an issue for
organizations that host their own PKG and are willing to trust their system
administrators and do not require non-repudiation.
 The issue of implicit key escrow does not exist with the current PKI system,
wherein private keys are usually generated on the user's computer. Depending
on the context key escrow can be seen as a positive feature (e.g., within
Enterprises). A number of variant systems have been proposed which remove
the escrow including certificate-based encryption, secret sharing, secure key
issuing cryptography and certificateless cryptography
 A secure channel between a user and the Private Key Generator (PKG) is
required for transmitting the private key on joining the system. Here, a SSL-like
connection is a common solution for a large-scale system. It is important to
observe that users that hold accounts with the PKG must be able to authenticate
themselves. In principle, this may be achieved through username, password or
through public key pairs managed on smart cards.

11
  IBE solutions may rely on cryptographic techniques that are insecure against
code breaking quantum computer attacks (see Shor's algorithm)

Feasibility Study:
An initial investigation culminates in a proposal that determines whether an
alternative system is feasible than the present candidate system. To do feasible study
we have to do the Economic, Technical, Behavioral feasible studies.

i. Economic Feasibility: -

It isthe most frequently used method for evaluating the effectiveness of a system. It is
also called as cost/benefit analysis.In this project “Computer Resource Management
System”, for the development of the candidate system the cost that has to spend is the
computer resources like the required software and hardware that supports the software
in an effective and efficient manner and the money to be paid to the developers. As
the company itself is a development center all the resources are in the company itself
and no extra cost is spent for Computer Resource Management System.Hence our
candidate system production is economically feasible.

ii. Technical Feasibility: -

Technical feasibility centers around the existing computer system (software/hardware)

configuration and good software facilities in such a way that any new candidate system can
be implemented without a large alteration of the lab nut with slight modification of the
existing system. Hence our candidate system production is technically feasible.

iii. Behavioral Feasibility: -

12
People are inherently resistant to change. Our candidate system is developed in such a way
that it is very user friendly, easy to learn how to work with and there is also not much
resistant to this package from the staff side also. As the company is basically a development
center it will be very easy for the employees of the company to learn about the developed
candidate system.Hence our candidate system production is behaviorally feasible.

13
 CHAPTER 3
REQUIREMENT ANALYSIS

Since we have investigated through many aspects of current cryptographic

requirement analysis,and also into the merits –demerits which emerges out from it.
Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to loosen" or "to
untie") is the study of analyzing information systems in order to study the hidden
aspects of the systems.[1] Cryptanalysis is used to breach cryptographic security
systems and gain access to the contentsof encrypted messages, even if
the cryptographic key is unknown.

In addition to mathematical analysis of cryptographic algorithms, cryptanalysis

includes the study of side-channel attacks that do not target weaknesses in the
cryptographic algorithms themselves, but instead exploit weaknesses in their
implementation.

Even though the goal has been the same, the methods and techniques of cryptanalysis
have changed drastically through the history of cryptography, adapting to increasing
cryptographic complexity, ranging from the pen-and-paper methods of the past,
through machines like the British Bombes and Colossus computers at Bletchley
Park in World War II, to the mathematically advanced computerized schemes of the
present

The use of the internet and wireless communications has been rapidly growing
andoccupying a wide area in everyday life.

14
Millions of users generate and interchange large amount of electronic data on a daily
basis in diverse domains. However, the issue of privacy and security is on the top of
the crucial concerns which determine the diffusion of such applications into the daily
life. Hence, cryptography turns to become the key for the reliability and effectiveness
of the embedded Technologies .Nowadays cryptography has a main role in Embedded
systems designs. In many applications, the data requires a secured connection which is
usually achieved bycryptography. Cryptography is divided in two types first is
symmetric key cryptography (sender and receiver shares the same ) and the second
one is asymmetric key cryptography (sender and receiver shares different key) .

Purpose: Online Secure Information Sending System is a total management and

informative system, which provides the up-to date information of all the User
resources in the admin.

 Document Convention:

C Conditional Required
R Required
O Optional
SM System Maintained
EF External Feature

 Integrated Audience & Reading Suggestion:

 Master Administrator: Has all the privileges of deleting all type users, Status,
shelves, for moving the components from one location to another and also for

15
 changing the designation of a particular user. The administrator can also
search on shelves, component models, users and computers.
 Hardware Administrator: Will be having the privilege of moving the
components between various modules (shelves, Bin, Recycle-Bin, locations
and computers). He can create and delete computers.

Project Scope:

 Provides the Interface for users, and administrators to login.

 For master administrator, provision of creating and deleting the users,
shelves, locations, moving the shelves from one location to another, editing
the components and changing the designation of users are provided.
 For hardware administrator provision for viewing and editing the
components, moving the components between various modules, creation and
deletion of computers is provided.
 For the normal users, provision for searching on usernames, location and
components.

Project Function:

User Setup: An Interface will be provided for user to login. The user can login into
the system by entering a valid user name and password with the Login Type.

 Provision will be made for changing the password.

 A provision will be made by which the user can search for the other users,
computers and components.

Administrator Setup:
16
The administrator will be provided with the following interfaces.

 An interface for deletion of User Detail, Messaging criteria.

 An interface to contact all user and their query Information.
 Interface for view user message Event information.
 Client Browsers:Internet Explorer, Google Interface for view user message
Event information.

Reports:
An interface is created for viewing the reports on
 Based on All user Detail
 Based on All Contact Users
 Based on All messages send by User

Securing the Web Data:

Appropriate security Features will be provided for protecting the web data.
1. Database is password protected.
2. Administrative functions will be kept separate from user
functions.
User functions are not permitted through the non-administrative network ports. All
administrative functions will be performed only on the administrative network port.

Requirement
 Functional Requirement:In Online Secure information Sending System the
main functional requirement are as follows:

17
User List: Here the user has to provide information to the system about the
requirements of the be a member so that it will generate him a list of User who are
eligible as a member.

Query analysis: Here the user is able to get the Query which are released and store
them for later usage. The output of this project is beneficial for the All User, to Send
information in Secure way.

Mailing: Here the user is provided to mail students or others (for example,
company officials) depending on his need.
Database: The Online Secure Information Sending System application has the Sql
Server Database connectivity, which is provided to interface with Sql Server 2008
database. The Sql Server 2008 is chosen for Computer Resource Management
System because of higher security level and web compatibility features offered by it.

Hardware Interface

It is recommended that the minimum configuration for clients is as appended

below:-

Suggested Configuration of Windows clients:-

 Processor: Intel Dual Core or Above

 Processor Speed: 1.0GHZ or Above
 RAM: 1GB RAM or Above
 Hard Disk: 80GB Hard Disk or Above

18
Software Interface
 Operating System: Windows Server 2000/2003/2005,Windows XP,
Vista,7.0,8.0.
The system will be built on windows compatible environment. The
application will be web based using ASP.NET technology

 Server side Application Software: ASP.NET with C#, CSS

 Client Side Application Software: Java Script, HTML,XML
 Data Base:SQL Server 2008
 Chrome, or etc.
The system requires Internet Explorer or Netscape Navigator browser for
client side.

 Web Server: IIS 7.0

 Integrated Development Environment: Microsoft Visual Studio.NET.

Water Fall Model Technique

The life-cycle paradigm demands a systematic, sequential approach to
software development that begins at the system level and progresses through
analysis, design, coding, testing and maintenance. The life-cycle paradigm
encompasses the following activities:

System Engineering and Analysis:

Establishing requirements for all system elements and then allocating some
subset of these requirements to software

19
Software Requirement Analysis:
To understand the nature of the program to be built, the software engineer
(analyst) must understand the information domain for the software, as well as
the required function, performance, and interfacing. Requirements for both
the system and the software are documented and reviewed with the customer.

Design:
Software design is actually a multi-step process that focuses on four distinct
attributes of the program: data structure, software architecture, procedural
detail and interface characterization. The design process translates
requirements into a representation of the software.

Coding:
The design must be translated into a machine readable form. The coding step
performs this task.

Testing:
Once code has been generated, program testing begins.

Maintenance:
Software will undoubtedly undergo change after it is delivered to the
customer. Software maintenance reapplies each of the preceding life-cycle
steps to an existing program rather than a new one.

The Water Fall Model

20
In our case we have to first freeze the requirements and then start
development. Hence the best suited paradigm for our project is Water Fall
Model Technique.

Fig. - waterfall model

CHAPTER 4

REVIEW OF PREVIOUS WORK

21
“InfoSecure” providing a Common platform for encryption and decryption
(Cryptography) through AES Algorithm in ASP.Net using C# SQL Server for Data
Base. This website makes use of Symmetric (Same) key AES Algorithm for
Encryption and Decryption.

The many schemes used for Encryption constitute the area of Study is known as
Cryptography, Such a schemes is known as a Cryptographic System or a Cipher.
Technic used for Decryption a message without any knowledge of the Encryption
details fill in the area of cryptanalysis is what a the layperson calls breaking the code.
The area of Cryptography and cryptanalysis together are called cryptology.
Cryptographic System are characterized along three independent dimensions.
Type of Operations- Used for transforming Plaintext to Cipher text. All Encryption
Algorithms are based on two general principal.Substitution (One bit, letter, group of
bit or letter mapped in to other).Transposition (Elements in the plain Text are
rearranged). The Number of Keys used- Sender and receiver used the same key called
symmetric. If used different key called asymmetric, Two-key or Public-key.The way
in which the plaintext is processed.

Stream Cipher Process:

Block Cipher process:

In this website I am providing a basic platformfor encryption and decryption

(Cryptography) in ASP.Net using C#. This website makes use of Symmetric (Same)
key AES Algorithm for Encryption and Decryption.

22
HTML Markup

The HTML Markup consists of TextBox and Labels to accept inputs for encryption
and decryption.

<u>Encrypt</u><br />
<br />
Original Text:
<asp:TextBox ID="txtOriginalText" runat="server" Text="" />
<br />
<br />
Encrypted Text:
<asp:Label ID="lblEncryptedText" runat="server" Text="" />
<br />
<br />
<asp:Button ID="btnEncrypt" OnClick="Encrypt" Text="Encrypt" runat="server" />
<hr />
<u>Decrypt</u>
<br />
<br />
Encrypted Text:
<asp:TextBox ID="txtEncryptedText" runat="server" Text="" />
<br />
<br />
Decrypted Text:
m<asp:Label ID="lblDecryptedText" runat="server" Text="" />
<br />
<br />

23
<asp:Button ID="btnDecrypt" OnClick="Decrypt" Text="Decrypt" runat="server" />
 
 
 

Namespaces

You will need to import the following namespaces.

C#

using System.IO;
using System.Text;
using System.Security.Cryptography;
 
 
 
 

Encryption

For this article I am making use of AES encryption algorithm wherein I am using a
Symmetric (Same) key for encryption and decryption process.

24
Firstly the original text i.e. clear text is converted into bytes and then for the AES
algorithm to perform encryption, we need to generate Key and IV using the derived
bytes and the symmetric key.

 Using MemoryStream and CryptoStream the clear text is encrypted and written

to byte array and finally the byte array is converted to Base64String and
returned which is the final outcome i.e. the corresponding encrypted C#

protected void Encrypt(object sender, EventArgs e)
{
    lblEncryptedText.Text = this.Encrypt(txtOriginalText.Text.Trim());
}
 
private string Encrypt(string clearText)
{
    string EncryptionKey = "MAKV2SPBNI99212";
    byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
    using (Aes encryptor = Aes.Create())
    {
        Rfc2898DeriveBytes pdb
= new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e,
0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encryptor.Key = pdb.GetBytes(32);
        encryptor.IV = pdb.GetBytes(16);
        using (MemoryStream ms = new MemoryStream())
        {
            using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateEncryptor(), CryptoStreamMode.Write))

25
            {
                cs.Write(clearBytes, 0, clearBytes.Length);
                cs.Close();
            }
            clearText = Convert.ToBase64String(ms.ToArray());
        }
    }
    return clearText;
}

Decryption

Firstly the encrypted text i.e. cipher text is converted into bytes and then similar to the
encryption process here too we will generate Key and IV using the derived bytes and
the symmetric key.

Using MemoryStream and CryptoStream the cipher text is decrypted and written to

byte array and finally the byte array is converted to Base64String and returned, which
is the decrypted original text.

C#

protected void Decrypt(object sender, EventArgs e)

    lblDecryptedText.Text = this.Decrypt(txtEncryptedText.Text.Trim());

26
}

private string Decrypt(string cipherText)

    string EncryptionKey = "MAKV2SPBNI99212";

    byte[] cipherBytes = Convert.FromBase64String(cipherText);

    using (Aes encryptor = Aes.Create())

    {

        Rfc2898DeriveBytes pdb
= new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e,
0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });

        encryptor.Key = pdb.GetBytes(32);

        encryptor.IV = pdb.GetBytes(16);

        using (MemoryStream ms = new MemoryStream())

        {

            using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateDecryptor(), CryptoStreamMode.Write))

            {

                cs.Write(cipherBytes, 0, cipherBytes.Length);

                cs.Close();

            }

27
            cipherText = Encoding.Unicode.GetString(ms.ToArray());

        }

    }

    return cipherText;

28
Fig.3-Encrypt and Decrypt

29
About ASP.NET:-

ASP.NET is part of Microsoft's overall .NET framework, which contains a

vast set of programming classes designed to satisfy any conceivable
programming need. Web Forms Pages are pieced together out of two
building blocks.

First, you assemble the dynamic portion of the user interface by using
ASP.NET controls. ASP.NET controls enable you to display "smart" HTML
forms, for example, and present interactive grids of database data.

The second building block of a Web Forms Page is the application logic,
which includes the code that executes when you click a form button, or the
code that retrieves the database data displayed within a control

About .NET Framework:

The .NET Framework is a new computing platform that simplifies

application development in the highly distributed environment of the
Internet. The .NET Framework Class Library contains classes for building
ASP.NET pages. You need to understand, however, that you can access any
of the .NET framework classes when you are building your ASP.NET pages.
The .NET Framework is designed to fulfill the following objectives:
To provide a consistent object-oriented programming environment whether
object code is stored and executed locally, executed locally but Internet-
distributed, or executed remotely.

30
  To provide a code-execution environment that minimizes software
deployment and versioning conflicts.
 To provide a code-execution environment that guarantees safe
execution of code, including code created by an unknown or semi-
trusted third party.
 To provide a code-execution environment that eliminates the
performance problems of scripted or interpreted environments.
 To make the developer experience consistent across widely varying
types of applications, such as Windows-based applications and Web-
based applications.
To build all communication on industry standards to ensure that code based
on the .NET Framework can integrate with any other code .

31
 CHAPTER 5
PROJECT DESCRIPTION
User Module
 User Registration Module
 User Login Module
 Mail Sending Module
 Mail Receiving Module

Admin Module
 Admin Login
 Send Message
 Read Message
 View All Contacts
 View All Users
 View All Message

We know that it is quite difficult to do anything of its whole part at a

time.So it is the task of the programmer to break/split the whole set of task
into various small module so that one can handle them effectively. But it
depends upon the software system that in which Extent it will be broken so
that there is no inter-dependency among them .This project developed for

32
“Online Secure Information Sending System”   is broken into following
module.

USERMODULE
User page module is for front page of this system. It is the main page
of the system in which all the links of this system are kept. Now the
main thing is how to make the home page interactive and user friendly
so that there should not be any problem for the user. This is the task of
the system administrator to make the home page Interactive.

User Registration:
It allows Non user to register for sending and Receiving Information
in secure manner.
About us:
• In this information related website is provided.
User Login :
• It allows User to Login in User Panel and authenticate to the non-users from
Login.
• User Mail Sending :
It is used to Send the Encrypted Information from User to Registered User .
• Mail Reading:
Receiver get a Encrypted Unique Key on his/her mail and after login to
InfoSecure get the Encrypted Information using that Unique Key.
• Contact us:
In this page users can contact via mail if they have any query or need help

ADMIN MODULE
33
 Admin module is mainly for the owner of these System. This module performs
the work of regular checking process. Everyone needs current information
about anything. So, this module is responsible for updating the information
continuously if any, in the system so that one can find timely information. But
the main function of this module is to handle security ofthis system. Different
types of authentication and authorization process is performed for this purpose.
This module is also responsible for advertisement bid. Any organizations that
are eager for advertisement can contact us for their ad. This module handles the
entire task related to advertisement like specifying and allocating the space and
related cost.

ADMIN MODULE
Admin Login:
It allows the admin to login with their registered id.
Send Message:
In this admin can send encrypted messages to the users .
Read Message:
In this admin can read the encrytped message by decrypting it by using the
single key and the public key.
View All User:
In this the admin can view all registered user’s information .
View All Contacts:
In this admin can get all the information of the users query or message from the
users who wants to contact.
View All Message:
In this page admin can view the details of the message send and read by the
users.

34
 CHAPTER 6
DESIGN
DESIGNphase follows system analysis phase. Design is maintaining a record

proof design divisions and providing a blueprint for the implementation

phase.Design is the bridge between system analysis and system
implementation.

The design is a solution, a “how to” approach to the creation a new system.
This is composed of several steps. It provides the understanding and
procedural details necessary for implementing the system recommended in
the feasibility study. Design goes through logical and physical stages of
development, logical design reviews the present physical system, prepare
input and output specifications, detail the implementation plan, and prepares
a logical design walkthrough.

The database tables are designed by analyzing various functions involved in

the system and the format of the fields is also designed. The fields in the
database table should define their role in the system. Care is to be taken to
encode the lengthy names. Then in the input and the output screen design,
the design should be made user friendly. The menu should be precise and
compact.

OBJECTIVES OF DESIGN

System design is like a blue print for a building, it specifies all the features
that are to be in the finished product. Design states how to accomplish
objectives determined in the analysis phase.

Software Process Model:-

35
The spiral model, originally proposed by Boehm, is an evolutionary
softwareprocess model that couples the iterative nature of prototyping with
the controlled and systematic aspects of the linear sequential model. It
provides the potential for rapiddevelopment of incremental versions of the
software. Using the spiral model, softwareis developed in a series of
incremental releases.

36
During early iterations, the incremental release might be a paper model or
prototype. During later iterations, increasingly more complete versions of the
engineered system are produced.
A spiral model is divided into a number of framework activities, also called
task
regions.Typically, there are between three and six task regions. A spiral model
 that contains six task regions:
• Customer communication—tasks required to establish effective
communication
between developer and customer.

• Planning—tasks required to define resources, timelines, and other project

related
information.

• Risk analysis—tasks required to assess both technical and management risks.

• Engineering—tasks required to build one or more representations of the

application.

• Construction and release—tasks required to construct, test, install, and

provide user support (e.g., documentation and training).

• Customer evaluation—tasks required to obtain customer feedback based on

evaluation of the software representations created during the engineering
stage and implemented during the installation stage.

37
Each of the regions is populated by a set of work tasks, called a task set, that
areadapted to the characteristics of the project to be undertaken. For small
projects, thenumber of work tasks and their formality is low. For larger, more
critical projects,each task region contains more work tasks that are defined to
achieve a higher levelof formality.

System Design Approach:-

Top-Down Design is a methodology that starts at the highest level of a design

concept and proceeds towards the lowest level. You start with the broad
project specification in mind and put that information in a centralized
location. Then you progress from this information to the individual parts. This
makes it easy to design and manage large product assemblies. You can make
changes from a central location that will propagate to all levels of the design

Pro/ENGINEER provides us very powerful Top-Down Design tools. If

implemented properly, multiple design teams and designers can work on a
project concurrently and communicate design data easily and quickly, with
full confidence that all components will fit seamlessly into the final product.

The bottom-up approachlends itself to direct estimation of effort; once the

project is partitioned into smaller tasks, it is possible to directly estimate the
effort required for them, especially if tasks are relatively small. One difficulty
in this approach is that to get the overall estimate, all the tasks have to be
enumerated. A risk of bottom-up methods is that one may omit some

38
activities. Also, directly estimating the effort for some overhead tasks, such as
project management, that span the project can be difficult.

If architecture of the system to be built has been developed and if past

information about how effort is distributed over different phases is known,
then the bottom-up approach need not completely list all the tasks, and a less
tedious approach is possible. Here we describe one such approach used in a
commercialorganization.
 
In this approach, the major programs (or units or modules) in the software
being built are first determined. Each program unit is then classified as
simple, medium, or complex based on certain criteria. For each classification
unit, an average effort for coding (and unit testing) is decided. This average
coding effort can be based on past data from a similar project, from some
guidelines, or on experience of people.

Approach we are following: - In this Project we are following Mixed

Approach i.e. A combination of top-down and bottom-up .We are developing
some of the components using top-down approach (e.g. the Web Page) and
some components in bottom-up approach(i.e. the middle tier classes).

39
Context Diagram

A Context Diagram (sometimes also referred to as a Level-0 Data Flow

Diagram) is a common tool that Business Analysts use to understand the
context of an entity being examined. Most descriptions of a Context Diagram
limit this entity to a system that is being created or modified as part of a
project, but the Context Diagram can also be applied to other entities.
The Process
The Process (or system, or business entity, etc) being investigated. There
should only be one process per Context diagram and it is generally
displayed in the center of the diagram. The Process contains the name of the
process or entity being investigated.
Data Stores
Data Stores are databases that are either created by the Process under review
and used by outside parties, or created by outside parties and used by the
Process
Note that data stores/databases may not show up on many context diagrams.
If the database is part of an external system, you would show the overall
system, not the database. Normally you only want to show a database when
it is shared by your core process and another system. However, I like to use
the database symbol for some external actors where most of what they
provide is data (a 3rd-party data feed for example, or an external data
processing system). I do this because I find stakeholders better understand
the nature of that entity.

40
Actors
Actors (or Entities, or Terminators) are the parties that communicate either
directly with the Process, or indirectly with the Process through an
intermediary Data Store. According to Yourdon, in a Context Diagram the
Actors should not be shown as communicating directly with each other.

Flows
Flows (or Relationships) represent data or events flowing between the three
other components above. Flows are labelled and can be displayed as
unidirectional or bi-directional.

41
Fig.4-Context Diagram

42
DATA FLOW DIAGRAMS

A data flow diagram (DFD) is a graphical representation of the "flow" of

data through an information system, modelling its process aspects. A DFD is
often used as a preliminary step to create an overview of the system without
going into great detail, which can later be elaborated. [2] DFDs can also be
used for the visualization of data processing (structured design).

A DFD shows what kind of information will be input to and output from the
system, how the data will advance through the system, and where the data
will be stored. It does not show information about the timing of process or
information about whether processes will operate in sequence or in parallel
unlike a flowchart which also shows this information.

Data flow diagrams became popular in the 1970s in software development.

They were first described in a classic text about  Structured Design written
by Larry Constantine and Ed Yourdon. Yourdon & Coad's Object Oriented
Analysis and Design (OOA/OOD) was a way of visualizing software
systems before UML diagrams.

There are some symbols that are used in the drawing of business process
diagrams (data flow diagrams). These are now explained, together with the
rules that apply to them.

Flow diagrams in general are usually designed using simple symbols such as
a rectangle, an oval or a circle depicting a processes, data stored or an
external entity, and arrows are generally used to depict the data flow from
one step to another.

43
A DFD usually comprises of four components. These four components can
be represented by four simple symbols. These symbols can be explained in
detail as follows: External entities (source/destination of data) are
represented by squares; Processes (input-processing-output) are represented
by rectangles with rounded corners; Data Flows (physical or electronic data)
are referred to by arrows; and finally, Data Stores (physical or electronic
like XML files) are presented by open-ended rectangles.

Data flow diagrams present the logical flow of information through a system

in graphical or pictorial form. Data flow diagrams have only four symbols,
which makes it useful for communication between analysts and users. Data
flow diagrams (DFDs) show the data used and provided by processes within
a system. DFDs make use of four basic symbols.

Create structured analysis, information flow, process-oriented, data-

oriented, and data process diagrams as well as data flowcharts.

External Entity

An external entity is a source or destination of a data flow which is outside

the area of study. Only those entities which originate or receive data are
represented on a business process diagram. The symbol used is an oval
containing a meaningful and unique identifier.

Process

A process shows a transformation or manipulation of data flows within the

system. The symbol used is a rectangular box which contains 3 descriptive
elements:

Firstly an identification number appears in the upper left hand corner. This
is allocated arbitrarily at the top level and serves as a unique reference.

44
Secondly, a location appears to the right of the identifier and describes
where in the system the process takes place. This may, for example, be a
department or a piece of hardware. Finally, a descriptive title is placed in
the centre of the box. This should be a simple imperative sentence with a
specific verb, for example 'maintain customer records' or 'find driver'.

Data Flow

A data flow shows the flow of information from its source to its destination.
A data flow is represented by a line, with arrowheads showing the direction
of flow. Information always flows to or from a process and may be written,
verbal or electronic. Each data flow may be referenced by the processes or
data stores at its head and tail, or by a description of its contents.

Data Store

A data store is a holding place for information within the system. It is

represented by an open ended narrow rectangle. Data stores may be long-

term files such as sales ledgers, or may be short-term accumulations: for
example batches of documents that are waiting to be processed. Each data
store should be given a reference followed by an arbitrary number.

Resource Flow

A resource flow shows the flow of any physical material from its source to
its destination. For this reason they are sometimes referred to as physical
flows.The physical material in question should be given a meaningful name.
Resource flows are usually restricted to early, high-level diagrams and are
used when a description of the physical flow of materials is considered to be
important to help the analysis.

External Entities

45
It is normal for all the information represented within a system to have been
obtained from, and/or to be passed onto, an external source or recipient.
These external entities may be duplicated on a diagram, to avoid crossing
data flow lines. Where they are duplicated a stripe is drawn across the left
hand corner, like this.

The addition of a lowercase letter to each entity on the diagram is a good

way to uniquely identify them.

46
Fig.5-( 0-Level)

47
Fig.6- (1-Level)

48
 ENTITY-RELATIONSHIP DIAGRAM

UserName Password UserName

AdminName Password
     

PhoneNO
Administrator User Visitor

EmailID
Password
Registration

Authentication process Address

All User Info View All Message

About/Detail Contact-US
User
=Ad
min

New User/User
Admin Process Process

Sender name

Read message

View All Query

Send message
MSG-Key
Send message Sender name
 
UrEmail-ID
R-EmailID

MSG-Box
Sender name MSG-Box
Subject 49
Subject
R-EmailID
FLOWCHART

50
SNAPSHOTS OF THE PROJECT

51
52
53
54
55
56
57
58
59
60
61
DATABASE AND TABLES
Database is collection of data that can be treated as single unit. This Single
or individual unit is called table. In relational database system Table is
combination of rows and columns which show records andfieldsrespectively.
After great efforts we determine the main entities, there attribute and
relationship among them. After determining all these entities, we design the
table structure as follows:

Fig.7 Table.1

62
Fig.8-Table 2

63
Fig.9-Table 2

64
Fig.9-Table 2

65
Fig.10-Table 2

66
Fig.11-Table 2

67
Fig.12-Table 2

CHAPTER 7

68
CONCLUSION&FUTURE SCOPE

By doing the Online Secure Information Sending System. I have gained

knowledge about the various functions of the system organization, such as
how the Messaging works and what are the main strategies that they follow
to information . I also gained a considerable knowledge about the
development environment and the SDLC (Software Development Life
Cycle) and also the Finance department functionalities. One more great
advantage is that of moving with people i.e. the communication during the
project development, both the informal communication and the formal
communication regarding the project work.

As part of Online Secure information Sending System, We learnt a lot about

the reports that are useful to the various departments and also the frequency
of generation of them. One more important aspect that we want to mention
is Database designing, the normalization of the database and the other
relational database features. And also by doing Computer Resource
Management System, We gained a lot of knowledge in the ASP.NET,
ADO.NET, Jquery, CSS, Ajax the development, deployment and the
implementation of the ASP.NET, ADO.NET, CSS, Jquery, Ajax.

The future scope of the project should be determined so that the quality of
website project in terms of flexibility and enhancement can be measured and
specified. If theproject has no future scope, we would be unable to make any
further changes and further enhancement. The future scope of my website
can be specified as follows: -

69
 This project is very flexible because if any changes occur in future
then it can be easily accomplished in it. Thus the future extensibility
is easily possible.

 This project can be converted to the multi user system in future if

required.

 If the organization grows upper level then this website can easily
handle small modification.

CHAPTER 8

70
REFERENCES AND APPENDICES
1. “Software Engineering”- PankajJalote.
2. “Database Management System”- Elmasri and Navathe.
3. http//www.wikipedia.com
4. Black book of SQL server 2008
5. http://www.asp.net
6. http://www.google.com
7. “Real-time Efficient FPGA Implementation of AES
8. Algorithm”, IEEE International SOC Conference
9.(SOCC), page 203-208, Sept 2013.
10.M.Sambasiva Reddy and Mr.Y.AmarBabu, “Evaluation
11.Microblaze and Implementation Of AES Algorithm
12. Spartan-3E”, International Journal of Advanced
13.Research in Electrical, Electronics and Instrumentation
14.Engineering, Vol. 2, Issue 7, page 3341-3347, July 2013.
15. Implementation of The Advanced Encryption Standard
algorithm”, IEEE International Conference on
16. Ho Chi Minh city, 2012.
17. Kamali S.H, Shakerian R, Hedayati M and Rahmani M,
18. “A new modied version of Advanced Encryption
19. Standard based algorithm for image encryption”, (ICEIE)
20. International Conference On Electronics and Information
21. Engineering, volume 1, page 1250-1255, Aug 2010.
22. Ahmad N, Hasan R and Jubadi W.M.

71
CHAPTER 9

72
BIO DATA OF EACH GROUP
MEMBER

SHAAHEEN KHAN
EMAIL-kshaheen806@gmail.com

CAREER OBJECTIVE-
TO WORK IN A FIRM WITH A PROFESSIONAL WORK DRIVEN ENVIRONMENT WHERE I CAN UTILIZE
AND APPLY MY KNOWLEDGE AND SKILLS WHICH WOULD ENABLE ME AS A FRESH GRADUATE TO
GROW WHILE FULFILLING ORGANIZATIONAL GOALS.

ACADEMIC CREDENTIALS-

Qualification Board/University Year Percentage

MCA Integral University pursuing 58.00(till Sem 5)
BCA Integral University 2013 63.15
Intermediate UP 2009 59.2
High School UP 2007 61.0

TECHNICAL KNOWLEDGE
 C,C++
 DBMS
 VB,HTML

INTERPERSONAL SKILLS-
 ABILITY TO RAPIDLY BUILD RELATIONSHIP AND SET UP TRUST.
 CONFIDENT AND DETERMINED
 ABILITY TO COPE UP WITH DIFFERENT SITUATIONS.

FIELDS OF INTEREST-

73
  SOFTWARE BASED CODING
 WEB DESIGNING

ACADEMIC PROJECTS-
 E-CLASSROOM

PERSONAL DETAILS

Father’s name A R Khan

Date ofBirth 13/02/1991

Gender Female

Languagesknown English, Hindi& Urdu

Hobbies Travelling, Watching Movies,

Reading books ,Shopping

Address E-26-D, Sector-D, Jankipuram, Lucknow, U.P.-226021

E-mail kshaheen806@gmail.com
Mobile 9451912546

DECLARATION:
I HEREBY DECLARE THAT ALL THE INFORMATION GIVEN ABOVE ABOUT ME IS TRUE TO THE BEST OF
MY KNOWLEDGE.
Date:-26th June, 2016 Place:-Lucknow, U.P.

AASTHA RAIZADA

74
EMAIL-aastharaizada91@gmail.com

CAREER OBJECTIVE-
TO WORK IN A FIRM WITH A PROFESSIONAL WORK DRIVEN ENVIRONMENT WHERE I CAN UTILIZE
AND APPLY MY KNOWLEDGE AND SKILLS WHICH WOULD ENABLE ME AS A FRESH GRADUATE TO
GROW WHILE FULFILLING ORGANIZATIONAL GOALS.

ACADEMIC CREDENTIALS-

Qualification Board/University Year Percentage

MCA Integral University pursuing 70
BCA Punjab TechnicalUniversity 2014 74
Intermediate CBSC 2010 59.2
High School CBSC 2008 60

TECHNICAL KNOWLEDGE
 C,C++
 DBMS
 VB,HTML

INTERPERSONAL SKILLS-
 ABILITY TO RAPIDLY BUILD RELATIONSHIP AND SET UP TRUST.
 CONFIDENT AND DETERMINED
 ABILITY TO COPE UP WITH DIFFERENT SITUATIONS.

FIELDS OF INTEREST-
 SOFTWARE BASED CODING
 WEB DESIGNING

ACADEMIC PROJECTS-
 ONLINE RESTAURANT

PERSONAL DETAILS

Father’s name S.K.Raizada

Date ofBirth 28/12/1991

75
 Gender Female

Languagesknown English, Hindi

Hobbies Travelling, Reading books,

Shopping etc.

Address Vikas Nagar, Lucknow, U.P.-226021

E-mail aastharaizada91@gmail.com
Mobile 9984843649

DECLARATION:
I HEREBY DECLARE THAT ALL THE INFORMATION GIVEN ABOVE ABOUT ME IS TRUE TO THE BEST OF
MY KNOWLEDGE.
Date:-31/05/2017Place:-Lucknow, U.P.

76