Kalinga University Naya Raipur

Department of Computer Science

Course: B. Tech. (CS) Sem.-7th

Subject: Network Programming

Subject Code: BTCS703
Unit 4

Overview of Javascript
Javascript is a dynamic computer programming language. It is lightweight and most
commonly used as a part of web pages, whose implementations allow client-side script to
interact with the user and make dynamic pages. It is an interpreted programming language
with object-oriented capabilities.
JavaScript was first known as LiveScript, but Netscape changed its name to JavaScript,
possibly because of the excitement being generated by Java. JavaScript made its first
appearance in Netscape 2.0 in 1995 with the name LiveScript. The general-purpose core of
the language has been embedded in Netscape, Internet Explorer, and other web browsers.
The ECMA-262 Specification defined a standard version of the core JavaScript language.
 JavaScript is a lightweight, interpreted programming language.
 Designed for creating network-centric applications.
 Complementary to and integrated with Java.
 Complementary to and integrated with HTML.
 Open and cross-platform
Client-side JavaScript
Client-side JavaScript is the most common form of the language. The script should be
included in or referenced by an HTML document for the code to be interpreted by the
browser.
It means that a web page need not be a static HTML, but can include programs that interact
with the user, control the browser, and dynamically create HTML content.
The JavaScript client-side mechanism provides many advantages over traditional CGI server-
side scripts. For example, you might use JavaScript to check if the user has entered a valid e-
mail address in a form field.
The JavaScript code is executed when the user submits the form, and only if all the entries are
valid, they would be submitted to the Web Server.
JavaScript can be used to trap user-initiated events such as button clicks, link navigation, and
other actions that the user initiates explicitly or implicitly.
Advantages of JavaScript
The merits of using JavaScript are −
 Less server interaction − You can validate user input before sending the page off to
the server. This saves server traffic, which means less load on your server.
 Immediate feedback to the visitors − They don't have to wait for a page reload to
see if they have forgotten to enter something.
 Increased interactivity − You can create interfaces that react when the user hovers
over them with a mouse or activates them via the keyboard.
 Richer interfaces − You can use JavaScript to include such items as drag-and-drop
components and sliders to give a Rich Interface to your site visitors.
Limitations of JavaScript
We cannot treat JavaScript as a full-fledged programming language. It lacks the following
important features −
 Client-side JavaScript does not allow the reading or writing of files. This has been
kept for security reason.
 JavaScript cannot be used for networking applications because there is no such
support available.
 JavaScript doesn't have any multithreading or multiprocessor capabilities.
Once again, JavaScript is a lightweight, interpreted programming language that allows you to
build interactivity into otherwise static HTML pages.
JavaScript Development Tools
One of major strengths of JavaScript is that it does not require expensive development tools.
You can start with a simple text editor such as Notepad. Since it is an interpreted language
inside the context of a web browser, you don't even need to buy a compiler.
To make our life simpler, various vendors have come up with very nice JavaScript editing
tools. Some of them are listed here −
 Microsoft FrontPage − Microsoft has developed a popular HTML editor called
FrontPage. FrontPage also provides web developers with a number of JavaScript tools to
assist in the creation of interactive websites.
 Macromedia Dreamweaver MX − Macromedia Dreamweaver MX is a very popular
HTML and JavaScript editor in the professional web development crowd. It provides several
handy prebuilt JavaScript components, integrates well with databases, and conforms to new
standards such as XHTML and XML.
 Macromedia HomeSite 5 − HomeSite 5 is a well-liked HTML and JavaScript editor
from Macromedia that can be used to manage personal websites effectively.

Java network programming

The term network programming refers to writing programs that execute across multiple
devices (computers), in which the devices are all connected to each other using a network.

The java.net package of the J2SE APIs contains a collection of classes and interfaces that
provide the low-level communication details, allowing you to write programs that focus on
solving the problem at hand.

The java.net package provides support for the two common network protocols −
 TCP − TCP stands for Transmission Control Protocol, which allows for reliable
communication between two applications. TCP is typically used over the Internet Protocol,
which is referred to as TCP/IP.
 UDP − UDP stands for User Datagram Protocol, a connection-less protocol that
allows for packets of data to be transmitted between applications.
This chapter gives a good understanding on the following two subjects −
 Socket Programming − This is the most widely used concept in Networking and it has
been explained in very detail.
 URL Processing − This would be covered separately. Click here to learn about URL
Processing in Java language.

Java Networking Basics

Typically a client opens a TCP/IP connection to a server. The client then starts to
communicate with the server. When the client is finished it closes the connection again. Here
is an illustration of that:

ClientServerOpenConnectionSendRequestReceiveResponseClose Connection
A client may send more than one request through an open connection. In fact, a client can
send as much data as the server is ready to receive. The server can also close the connection
if it wants to.

Java Networking Terminology

The widely used java networking terminologies are given below:
1. IP Address
2. Protocol
3. Port Number
4. MAC Address
5. Connection-oriented and connection-less protocol
6. Socket

1) IP Address
IP address is a unique number assigned to a node of a network e.g. 192.168.0.1 . It is
composed of octets that range from 0 to 255.
It is a logical address that can be changed.

2) Protocol
A protocol is a set of rules basically that is followed for communication. For example:

 TCP
 FTP
 Telnet
 SMTP
 POP etc.
3) Port Number
The port number is used to uniquely identify different applications. It acts as a
communication endpoint between applications.The port number is associated with the
IP address for communication between two applications.
4) MAC Address
MAC (Media Access Control) Address is a unique identifier of NIC (Network
Interface Controller). A network node can have multiple NIC but each with unique
MAC.
5) Connection-oriented and connection-less protocol
In connection-oriented protocol, acknowledgement is sent by the receiver. So it is
reliable but slow. The example of connection-oriented protocol is TCP.But, in
 connection-less protocol, acknowledgement is not sent by the receiver. So it is not
reliable but fast. The example of connection-less protocol is UDP.

6) Socket
A socket is an endpoint between two way communication.
Visit next page for java socket programming.

Packages
Java is a premier language for network programming. java.net package encapsulate large
number of classes and interface that provides an easy-to use means to access network
resources. Here are some important classes and interfaces of java.net package.

Some Important Classes

CLASSES

CacheRequest CookieHandler

CookieManager Datagrampacket

Inet Address ServerSocket

Socket DatagramSocket

Proxy URL

URLConnection

Some Important Interfaces

INTERFACES

CookiePolicy CookieStore

FileNameMap SocketOption

InetAddress ServerSocket
SocketImplFactory ProtocolFamily

InetAddress
Inet Address encapsulates both numerical IP address and the domain name for that address.
Inet address can handle both IPv4 and Ipv6 addresses. Inet Address class has no visible
constructor. To create an inet Address object, you have to use Factory methods.
Three commonly used Inet Address factory methods are.
1. static InetAddress getLocalHost() throws UnknownHostException
2. static InetAddress getByName (String hostname) throws UnknownHostException
3. static InetAddress[ ] getAllByName (String hostname)
throws UnknownHostException

Example using InetAddress class

import java.net.*;
class Test
{
public static void main(String[] args)
{
InetAddress address = InetAddress.getLocalHost();
System.out.println(address);
address = InetAddress.getByName("www.studytonight.com");
System.out.println(address);
InetAddresssw[] = InetAddress.getAllByName("www.google.com");
for(int i=0; i<sw.length; i++)
{
System.out.println(sw[i]);
}
}
}
Output:
Welcome-PC/59.161.87.227
www.studytonight.com/208.91.198.55
www.google.com/74.125.236.115
www.google.com/74.125.236.116
www.google.com/74.125.236.112
www.google.com/74.125.236.113
www.google.com/74.125.236.114
www.google.com/2404:6800:4009:802:0:0:0:1014

Socket and ServerSocket Class

Socket is foundation of modern networking, a socket allows single computer to serve many
different clients at once. Socket establishes connection through the use of port, which is a
numbered socket on a particular machine. Socket communication takes place via a protocol.
Socket provides communication mechanism between two computers using TCP. There are
two kind of TCP sockets in Java. One is for server and other is for client.
 ServerSocket is for servers.
 Socket class is for client.

URL class
Java URL Class present in java.net package, deals with URL (Uniform Resource Locator)
which uniquely identify or locate resources on internet.
Important Methods of URL class
 getProtocol() : Returns protocol of URL
 getHost() : Returns hostname(domain name) of URL
 getPort() : Returns port number of URL
 getFile() : Returns filename of URL

Program using URL class

import java.net.*;
class Test
{
public static void main(String[] arg) throws MalFormedURLException
{
URL hp = New URL("http://www.studytonight.com/index");
system.out.println(hp.getProtocol[]);
System.out.println(hp.getFile[]);
}
}
Ouput:
http
-1
www.studytonight.com
/index
RMI
Remote method invocation(RMI) allow a java object to invoke method on an object running
on another machine. RMI provide remote communication between java program. RMI is used
for building distributed application.

Concept of RMI application

A RMI application can be divided into two part,Client program and Server program.
A Server program creates some remote object, make their references available for the client
to invoke method on it. A Client program make request for remote objects on server and
invoke method on them. Stub and Skeleton are two important object used for communication
with remote object.
Stub and Skeleton
Stub act as a gateway for Client program. It resides on Client side and communicate
with Skeleton object. It establish the connection between remote object and transmit request
to it.

Skeleton object resides on server program. It is responsible for passing request from Stub to
remote object.

Creating a Simple RMI application involves following steps

 Define a remote interface.
 Implementing remote interface.
 create and start remote application
 create and start client application

Define a remote interface

A remote interface specifies the methods that can be invoked remotely by a client. Clients
program communicate to remote interfaces, not to classes implementing it. To be a remote
interface, a interface must extend the Remote interface of java.rmi package.
import java.rmi.*;
public interface AddServerInterface extends Remote
{
public int sum(int a,int b);
}
Implementation of remote interface
For implementation of remote interface, a class must either extend UnicastRemoteObject or
use exportObject() method of UnicastRemoteObject class.
import java.rmi.*;
import java.rmi.server.*;
public class Adder extends UnicastRemoteObject implements AddServerInterface
{
Adder()throws RemoteException{
super();
}
public int sum(int a,int b)
{
return a+b;
}
}

Create AddServer and host rmi service

You need to create a server application and host rmi service Adder in it. This is done
using rebind()method of java.rmi.Naming class. rebind() method take two arguments, first
represent the name of the object reference and second argument is reference to instance
of Adder
import java.rmi.*;
import java.rmi.registry.*;
public class AddServer{
public static void main(String args[]){
try{
AddServerInterfaceaddService=new Adder();
Naming.rebind("AddService",addService);
//addService object is hosted with name AddService.

}catch(Exception e){System.out.println(e);}
}
}
Create client application
Client application contains a java program that invokes the lookup() method of
the Naming class. This method accepts one argument, the rmi URL and returns a reference to
an object of type AddServerInterface. All remote method invocation is done on this object.
import java.rmi.*;
public class Client{
public static void main(String args[]){
try{
AddServerInterface
st=(AddServerInterface)Naming.lookup("rmi://"+args[0]+"/AddService");
System.out.println(st.sum(25,8));
}catch(Exception e){System.out.println(e);}
}
}

Steps to run this RMI application

Save all the above java file into a directory and name it as "rmi"
 compile all the java files
javac *.java

 Start RMI registry

start rmiregistry

 Run Server file

java AddServer
  Run Client file in another command prompt abd pass local host port number at run
time
java Client 127.0.0.1

Network Programming

CORBA CONCEPT

Common Object Request Broker Architecture (CORBA) is an architecture and specification

for creating, distributing, and managing distributed program objects in a network. It allows
programs at different locations and developed by different vendors to communicate in a
network through an "interface broker." CORBA was developed by a consortium of vendors
through the Object Management Group (OMG), which currently includes over 500 member
companies. Both International Organization for Standardization (ISO) and X/Open have
sanctioned CORBA as the standard architecture for distributed objects (which are also known
as components). CORBA 3 is the latest level.
The essential concept in CORBA is the Object Request Broker (ORB). ORB support in a
network of clients and servers on different computers means that a client program (which
may itself be an object) can request services from a server program or object without having
to understand where the server is in a distributed network or what the interface to the server
program looks like. To make requests or return replies between the ORBs, programs use the
General Inter-ORB Protocol (GIOP) and, for the Internet, its Internet Inter-ORB Protocol
(IIOP). IIOP maps GIOP requests and replies to the Internet's Transmission Control Protocol
(TCP) layer in each computer.

A notable hold-out from CORBA is Microsoft, which has its own distributed object
architecture, the Distributed Component Object Model (DCOM). However, CORBA and
Microsoft have agreed on a gateway approach so that a client object developed with the
Component Object Model will be able to communicate with a CORBA server (and vice
versa).

Distributed Computing Environment (DCE), a distributed programming architecture that

preceded the trend toward object-oriented programming and CORBA, is currently used by a
number of large companies. DCE will perhaps continue to exist along with CORBA and there
will be "bridges" between the two.

CORBA Architechture
The CORBA specification defines an architecture of interfaces and services that must be
provided by the ORB, no implementation details. These are modular components so different
implementations could be used, satisfying the needs of different platforms.
The ORB manages the interactions between clients and object implementations. Clients
issue requests and invoke methods of object implementations.
The client side architecture provides clients with interfaces to the ORB and object
implementations. In consists of the following interfaces : Dynamic Invocation - This interface
allows for the specification of requests at runtime. This is necessary when object interface is
not known at run-time. Dynamic Invocation works in conjunction with the interface
repository. IDL Stub - This component consists of functions generated by the IDL interface
definitions and linked into the program. The functions are a mapping between the client and
the ORB implementation. Therefore ORB capabilities can be made available for any client
implementation for which there is a language mapping. Functions are called just as if it was a
local object. ORB Interface - The ORB interface may be called by either the client or the
object implementation. The interface provides functions of the ORB which may be directly
accessed by the client (such as retrieving a reference to an object.) or by the object
implementations. This interface is mapped to the host programming language. The ORB
interface must be supported by any ORB.
ORB core - Underlying mechanism used as the transport level. It provides basic
communication of requests to other subcomponents.
The implementation side interface consists of the ORB Interface, ORB core and: IDL
Skeleton Interface - The ORB calls method skeletons to invoke the methods that were
requested from clients. Object Adapters (OA) - Provide the means by which object
implementations access most ORB services. This includes the generation and interpretation
of object references, method invocation, security and activation. The object adapter actually
exports three different interfaces: a private interface to skeletons, a private interface to the
ORB core and a public interface used by implementations. The OA isolates the object
implementation from the ORB core. The CORBA specification envisions a variety of
adapters, each providing specific services. The Basic Object Adapter (BOA) is the most
generic of the Object adapters.

Request
The client request a service from the object implementation. The ORB transports the request
which invokes the method using object adapters and the IDL skeleton.
The client has an object reference,an operation name and a set of parameters for the object
and activates operations on this object. The Object Management Group / Object
Model defines each operation to be associated with a controlling parameter, implemented in
CORBA as an object reference. The client does not know the location of the object or any of
the implementation details.The request is handled by the ORB, which must locate the target
object and route the request to that object. It is also responsible for getting results back to the
client.
The request makes use of either the dynamic invocation (dynamic link) or the IDL Stubs
(static link) interface. Static links use the IDL stubs IDL stubs (as local function calls) and
dynamic request use the DII . The object implementation is not aware of the difference. If the
interface was defined in the IDL and the client has an interface for the target object the IDL
stub is used. This stub is specific to the target object. The DII is used when the interface is
not known at runtime. The DII uses information stored in the interface repository to establish
the request. Request are passed from the ORB to the object implementation through the IDL
skeleton. The object implementation is made available by using information stored in
the implementation repository. The object implementations encapsulate state and behavior of
the object. CORBA only defines the mechanisms to invoke operation, it does not define how
activated or stopped, made to persist, etc.
Object Adapters
Object Adapters (OA) are the primary ORB service providers to object implementations. OA
have a public interface which is used by the object implementation and a private interface
that is used by the IDL skeleton.
 Example services provided by OA's are:
 Method invocation ( in conjunction with skeleton),
 Object implementation activation and deactivation,
 Mapping of object reference to object implementations,
 Generation of object references, and
 Registering object implementations, used in locating object implementations when a
request comes in.
OA's may be specialized. They are a major player in delivery of requests and are the primary
service provider for object implementations. CORBA only defines the Basic Object Adapter
(BOA) and any CORBA implementation must provide a BOA. CORBA assumes the
definition of additional object adapters. There should not be a large number of adapters since
one adapter can service more than one implementation.

Object references
Request are issued upon object references. Object references are opaque references only
uniform within an ORB implementation. Since both clients and servers using objects
references as opaque references, different representation will not affect them. CORBA does
have an object reference that is used to denote no object. It is guaranteed to be different from
any other object reference, and usually maps to the null or nil object.

Object Services
Object services refer to fundamental services provided by their own objects that support
common interactions between other objects. The services follow the OMG Common Object
Services Specification (COSS) guidelines. Current object services include:
 Event Management services which refer to the asynchronous communication of
different CORBA objects with one another.
 Naming Object services that maps a human-readable name ( string) to an object
relative to its context.
 Persistent services assure that an object (CORBA developed) outlives its creator. It
allows an objects state to be retained at a given point in time. This feature is used
when a host crashes or is rebooted.
 Life-cycle services determine the methods for an objects creation and termination.
 Concurrency services provide for distributed locks on a given object.
 Externalization services collect objects and transport them as serial objects.
 Relationship Objects are used for CORBA object modeling and graphing.
 Transaction object services allow the sharing of a transaction amongst multiple
objects.

CGI programming

What Is CGI?
As you traverse the vast frontier of the World Wide Web, you will come across documents
that make you wonder, "How did they do this?"These documents could consist of, among
other things, forms that ask for feedback or registration information, imagemaps that allow
you to click on various parts of the image, counters that display the number of users that
accessed the document, and utilities that allow you to search databases for particular
information. In most cases, you'll find that these effects were achieved using the Common
Gateway Interface, commonly known as CGI.
One of the Internet's worst-kept secrets is that CGI is astoundingly simple. That is, it's trivial
in design, and anyone with an iota of programming experience can write rudimentary scripts
that work. It's only when your needs are more demanding that you have to master the more
complex workings of the Web. In a way, CGI is easy the same way cooking is easy: anyone
can toast a muffin or poach an egg. It's only when you want a Hollandaise sauce that things
start to get complicated.

CGI is the part of the Web server that can communicate with other programs running on the
server. With CGI, the Web server can call up a program, while passing user-specific data to
the program (such as what host the user is connecting from, or input the user has supplied
using HTML form syntax). The program then processes that data and the server passes the
program's response back to the Web browser.

CGI isn't magic; it's just programming with some special types of input and a few strict rules
on program output. Everything in between is just programming. Of course, there are special
techniques that are particular to CGI, and that's what this book is mostly about. But
underlying it all is the simple model shown in Figure 1

Figure 1 : Simple diagram of CGI

CGI Programs
CGI programs are the most common way for Web servers to interact dynamically with users.
Many HTML pages that contain forms, for example, use a CGI program to process the form's
data once it's submitted. Another increasingly common way to provide dynamic feedback for
Web users is to include scripts or programs that run on the user's machine rather than the
Web server. These programs can be Java applets, Java scripts, or ActiveX controls. These
technologies are known collectively as client-side solutions, while the use of CGI is a server-
side solution because the processing occurs on the Web server.
One problem with CGI is that each time a CGI script is executed, a new process is started.
For busy websites, this can slow down the server noticeably. A more efficient solution, but
one that it is also more difficult to implement, is to use the server's API, such
as ISAPI or NSAPI. Another increasingly popular solution is to use Java servlets.

Firewall & security technique

A firewall is a network security system designed to prevent unauthorized access to or

from a private network. Firewalls can be implemented in both hardware and software, or a
combination of both. Network firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to the Internet,
especially intranets. All messages entering or leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the
specified security criteria.

Firewall Description
A firewall is considered to shelter your computer from assault by malevolent users or by
spiteful software such as bugs that use spontaneous received network traffic to hit your
computer. Before you stop your firewall, you must detach your computer from every part of
networks, as well as the Internet. You can put into practice firewalls in software, hardware, or
some time both. Firewalls are commonly used to avoid unconstitutional Internet users from
accessing personal networks that are attached to the Internet.

Firewall Techniques
There are several firewall techniques and each firewall may use two or more than two
techniques in concert.
 Packet filters: – This firewall technique is observed the entering and discharging
the network of each packet. Packets filters admit or discard it depend on user-
defined rules. Packet filtering is quite efficient and transparent to users, but it is hard
to build up. Packets filter used to liable to IP spoofing.
 Application gateway: – Application gateway used to apply safety method to
definite applications, such as Telnet and FTP servers. Application gateways are very
effective, but can inflict presentation poverty.
 Circuit-level gateway: – Circuit-level gateway is concerned to security device
especially when UDP or TCP connection is going to establish. When connection
comes visible then packets can run among the hosts without additional checking.
 Proxy server:-Proxy server interrupts all messages incoming and outgoing the
network. The proxy server successfully hides the true network addresses.

Cryptography

Cryptography is a technique to provide message confidentiality.

• The term cryptography is a Greek word which means "secret writing".
• It is an art and science of transforming messages so as to make them secure and immune to
attacks.
• Cryptography involves the process of encryption and decryption. This process is depicted.

Types Of Cryptography:
In general there are three types Of cryptography:
 1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a single
common key to encrypt and decrypt messages. Symmetric Key Systems are faster and
simpler but the problem is that sender and receiver have to somehow exchange key in a
secure manner. The most popular symmetric key cryptography system is Data
Encryption System(DES).

2. HashFunctions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to be
recovered. Many operating systems use hash functions to encrypt passwords.

3. Asymmetric Key Cryptography:

Under this system a pair of keys is used to encrypt and decrypt information. A public
key is used for encryption and a private key is used for decryption. Public key and
Private Key are different. Even if the public key is known by everyone the intended
receiver can only decode it because he alone knows the private key.

The terminology used in cryptography is given below:

1. Plaintext. The original message or data that is fed into the algorithm as input is called
plaintext.
2. Encryption algorithm. The encryption algorithm is the algorithm that performs various
substitutions and transformations on the plaintext. Encryption is the process of changing
plaintext into cipher text.
3. Ciphertext. Ciphertext is the encrypted form the message. It is the scrambled message
produced as output. It depends upon the plaintext and the key.
4. Decryption algorithm. The process of changing Ciphertext into plain text is known as
decryption. Decryption algorithm is essentially the encryption algorithm run in reverse. It
takes the Ciphertext and the key and produces the original plaintext.
5. Key. It also acts as input to the encryption algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key. Thus a key is a number or a
set of number that the algorithm uses to perform encryption and decryption.
There are two different approaches to attack an encryption scheme:
1. Cryptanalysis
2. Brute-force attack

Cryptanalysis
• The process of attempting to discover the plaintext or key IS known as cryptanalysis.
• The strategy used by cryptanalyst depends on the nature of the encryption scheme and
the information available to the cryptanalyst.
• Cryptanalyst can do any or all of six different things:
1. Attempt to break a single message.
2. Attempt to recognize patterns in encrypted messages, to be able to break subsequent ones
by applying a straight forward decryption algorithm.
3. Attempt to infer some meaning without even breaking the encryption, such as noticing an
unusual-frequency of communication or determining something by whether the
communication was short or long.
4. Attempt to deduce the key, in order to break subsequent messages easily.
5. Attempt to find weaknesses in the implementation or environment of use encryption.
6. Attempt to find general weaknesses in an encryption algorithm without necessarily having
intercepted any messages.

Brute-force attack
• This method tries every possible key on a piece of Ciphertext until an intelligible translation
into plaintext is obtained.
• On an average, half of all possible keys must be tried to achieve the success.

Digital signatures
Digital signatures are the public-key primitives of message authentication. In the physical
world, it is common to use handwritten signatures on handwritten or typed messages. They
are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This
binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to the sender
and he should not be able to repudiate the origination of that message. This requirement is
very crucial in business applications, since likelihood of a dispute over exchanged data is
very high.
Model of Digital Signature
As mentioned earlier, the digital signature scheme is based on public key cryptography. The
model of digital signature scheme is depicted in the following illustration –

The following points explain the entire process in detail −

 Each person adopting this scheme has a public-private key pair.
 Generally, the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature key and the public
key as the verification key.
 Signer feeds data to the hash function and generates hash of data.
 Hash value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then both are sent
to the verifier.
 Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
 Verifier also runs same hash function on received data to generate hash value.
 For verification, this hash value and output of verification algorithm are compared.
Based on the comparison result, verifier decides whether the digital signature is valid.
 Since digital signature is created by ‘private’ key of signer and no one else can have
this key; the signer cannot repudiate signing the data in future.
It should be noticed that instead of signing data directly by signing algorithm, usually a hash
of data is created. Since the hash of data is a unique representation of data, it is sufficient to
sign the hash in place of data. The most important reason of using hash instead of data
directly for signing is efficiency of the scheme.
Let us assume RSA is used as the signing algorithm. As discussed in public key encryption
chapter, the encryption/signing process using RSA involves modular exponentiation.
Signing large data through modular exponentiation is computationally expensive and time
consuming. The hash of the data is a relatively small digest of the data, hence signing a hash
is more efficient than signing the entire data.
Importance of Digital Signature
Out of all cryptographic primitives, the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also provides
message authentication and data integrity. Let us briefly see how this is achieved by the
digital signature −
 Message authentication − When the verifier validates the digital signature using
public key of a sender, he is assured that signature has been created only by sender who
possess the corresponding secret private key and no one else.
 Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output provided
by the verification algorithm will not match. Hence, receiver can safely deny the message
assuming that data integrity has been breached.
 Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in the
future.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem
that can provide the four essential elements of security namely − Privacy, Authentication,
Integrity, and Non-repudiation.
Encryption with Digital Signature
In many digital communications, it is desirable to exchange an encrypted messages than
plaintext to achieve confidentiality. In public key encryption scheme, a public (encryption)
key of sender is available in open domain, and hence anyone can spoof his identity and send
any encrypted message to the receiver.
This makes it essential for users employing PKC for encryption to seek digital signatures
along with encrypted data to be assured of message authentication and non-repudiation.
This can archived by combining digital signatures with encryption scheme. Let us briefly
discuss how to achieve this requirement. There are two possibilities, sign-then-
encrypt and encrypt-then-sign.
However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof
identity of sender and sent that data to third party. Hence, this method is not preferred. The
process of encrypt-then-sign is more reliable and widely adopted. This is depicted in the
following illustration –

The receiver after receiving the encrypted data and signature on it, first verifies the signature
using sender’s public key. After ensuring the validity of the signature, he then retrieves the
data through decryption using his private key.

WAP architecture & WAP services

Wireless Application Protocol -

The Wireless Application Protocol (WAP) is a worldwide standard for the delivery and
presentation of wireless information to mobile phones and other wireless devices. The idea
behind WAP is simple: simplify the delivery of Internet content to wireless devices by
delivering a comprehensive, Internet-based, wireless specification. The WAP Forum released
the first version of WAP in 1998. Since then, it has been widely adopted by wireless phone
manufacturers, wireless carriers, and application developers worldwide. Many industry
analysts estimate that 90 percent of mobile phones sold over the next few years will be WAP
WAP-
enabled.
1. WAP architecture
2. WAP services

Fig3. WAP Architecture

1. WAP Architecture
 i. It provides a scalable and extensible environment for application development of
mobile
 ii. This is achieved using layered design of protocol stack. The layers resemble the
layers of OSI model.
 iii. Each layer is accessible by layers above as well as by other services and
applications through a set of well de
defined interface.
 iv. External applications may access session, transaction, security and transport layers
directly.

2. Wireless Application Environment

 i. WAE is the uppermost layer in the WAP stack. It is general purpose environment
based on combination of WWW and mobile telephony technologies.
 ii. Its primary objective is to achieve interoperable environment that allows operators
and service providers to build applications that can reach wide variety of wireless platforms.
 iii. It uses URL and URI for addressing. Language used is WML and WML script.
WML script can be used for validation of user input.

3. Wireless Telephony Application

 i. WTA provides a means to create telephony services using WAP. It uses WTA
Interface (WTAI) which can be evoked from WML and for WML script.
 ii. The Repository makes it possible to store WTA services in device which can be
accessed without accessing the network. The access can be based on any event like call
disconnect, call answer etc.
 iii. Sometimes, there can be notification to user based on which WTA services are
accessed by users. The notification is called WTA service indication.

4. Wireless Session Protocol.

 i. WSP provides reliable, organized exchange of content between client and server.
 ii. The core of WSP design is binary form of HTTP. All methods defined by HTTP
1.1 are supported.
 iii. Capability negotiation is used to agree on common level of protocol functionality
as well as to agree on a set of extended request methods so that full compatibility to HTTP
applications can be retained.
 iv. An idle session can be suspended to free network resources and can be resumed
without overload of full-blown session establishment.
 v. WSP also supports asynchronous requests. Hence, multiple requests will improve
utilization of air time.

5. Wireless Transaction Protocol

 i. WTP is defined as light-weight transaction-oriented protocol suitable for
implementation in thin clients.
 ii. Each transaction has unique identifiers, acknowledgements, duplicates removal and
retransmission.
 iii. Class 1 and Class 2 enable user to confirm every received message, however, in
class 0, there is no acknowledgement.
 iv. WTP has no security mechanisms and no explicit connection set-up or tear-down
phases.

6. Wireless Transport Layer Security

 i. WTLS is security protocol based on industry standard transport layer security
(TLS). It provides transport layer security between a WAP client and the WAP Gateway/
Proxy.
 ii. The goals of WTLS are data integrity, privacy, authentication, Denial-of-service
protection.
 iii. It has features like datagram support, optimized handshake and dynamic key
refreshing.

7. Wireless Datagram Protocol

 i. WDP provides application addressing by port numbers, optional segmentation and
reassembly, optional error detection.
 ii. It supports simultaneous communication instances from higher layer over a single
underlying WDP bearer service. The port number identifies higher level entity above WDP.
 iii. The adaptation layer of WDP maps WDP functions directly on to a bearer based
on its specific characteristics.
 iv. On the GSM SMS, datagram functionality is provided by WDP.

8. Optimal WAP Bearers

 i. The WAP is designed to operate over a variety of different service like SMS,’
Circuit Switched Data (CSD)’, GPRS,’ Unstructured Supplementary Services Data(USSD)’.


2. WAP services

In addition to a new protocol stack, WAP 2.x introduced many other new features and
services. These new features expand the capabilities of wireless devices and allow developers
to create more useful applications and services. The following is a summary of the features of
interest:
 WAP Push. WAP Push enables enterprises to initiate the sending of information on
the server using a push proxy. This capability was introduced in WAP 1.2, but has been
enhanced in WAP 2.x. Applications that require updates based on external information are
particularly suited for using WAP Push. Examples include various forms of messaging
applications, stock updates, airline departure and arrival updates, and traffic information.
Before WAP Push was introduced, the wireless user was required to poll the server for
updated information, wasting both time and bandwidth.
 User Agent Profile (UAProf). The UAProf enables a server to obtain information
about the client making the request. In WAP 2.x, it is based on the Composite
Capabilities/Preference Profiles (CC/PP) specification as defined by the W3C. It works by
sending information in the request object, allowing wireless servers to adapt the information
being sent according to the client device making the request.
 External Functionality Interface (EFI). This allows the WAP applications within
the WAE to communicate with external applications, enabling other applications to extend
the capabilities of WAP applications, similar to plug-ins for desktop browsers.
 Wireless Telephony Application (WTA). The WTA allows WAP applications to
control various telephony applications, such as making calls, answering calls, putting calls on
hold, or forwarding them. It allows WAP WTA-enabled cell phones to have integrated voice
and data services.
 Persistent storage interface. WAP 2.x introduces a new storage service with a well-
defined interface to store data locally on the device. The interface defines ways to organize,
access, store, and retrieve data.
 Data synchronization. For data synchronization, WAP 2.x has adopted the SyncML
solution. As outlined in Chapter 10, "Enterprise Integration through Synchronization,"
SyncML provides an XML-based protocol for synchronizing data over both WSP and HTTP.
 Multimedia Messaging Service (MMS). MMS is the framework for rich-content
messaging. Going beyond what is possible for SMS, MMS can be used to transmit
multimedia content such as pictures and videos. In addition, it can work with WAP Push and
UAProf to send messages adapted specifically for the target client device.

Web databases

What is a Web Database?

A web database is an organized listing of web pages. It's like the card catalog that you might
find in the library. The database holds a "surrogate" (or selected pieces like the title, the
headings, etc.) for each web page. The creation of these surrogates is called "indexing", and
each web database does it in a different way. Web databases hold surrogates for anywhere
from 1 to 30 million web pages. The program also has a search interface, which is the box
you type words into (like in Alta Vista or Lycos) or the lists of directories you pick from (like
in Yahoo). Thus, each web database has a different indexing method and a different search
interface.

Data Organization
Web databases enable collected data to be organized and cataloged thoroughly within
hundreds of parameters. The Web database does not require advanced computer skills, and
many database software programs provide an easy "click-and-create" style with no
complicated coding. Fill in the fields and save each record. Organize the data however you
choose, such as chronologically, alphabetically or by a specific set of parameters.
Web Database Software
Web database software programs are found within desktop publishing programs, such as
Microsoft Office Access and OpenOffice Base. Other programs include the
WebexWebOffice database and FormLogix Web database. The most advanced software
applications can set up data collection forms, polls, feedback forms and present data analysis
in real time.
Applicable Uses
Businesses both large and small can use Web databases to create website polls, feedback
forms, client or customer and inventory lists. Personal Web database use can range from
storing personal email accounts to a home inventory to personal website analytics. The Web
database is entirely customizable to an individual's or business's needs.

Methods of Indexing
There are three methods of indexing used in web database creation - full-text, keyword, and
human.
Full-Text Indexing
As its name implies, full-text indexing is where every word on the page is put into a database
for searching. Alta Vista and Open Text are examples of full-text databases. Full-text
indexing will help you find every examples of a reference to a specific name or terminology.
However, a general topic search will not be very useful in these database, and you will have
to dig through a lot of "false drops" (or returned pages that have nothing to do with your
search).
Keyword Indexing
In keyword indexing, only the "important" words and phrases are put into the database. Lycos
and Excite are keyword indexed. This allows a searcher to search on more general subjects
and have more accurate results. However, if a name is only mentioned once or twice on a
page, it won't be included in the database.
Human Indexing
Yahoo and some of Magellan are two of the few examples of human indexing. In the above
two indexing, all of the work was done by a computer program called a "spider" or a "robot".
In human indexing, a person examines the page and determines a very few key phrases that
describe it. This allows for the user to find a good start of works on a topic - assuming that
the topic was picked by the human as something that describes the page. This is how the
directory-based web databases are developed.

Spiders, Robots, or People

How do the web databases select which pages are indexed? As there is no centralized Internet
computer, there's no one place where these services can learn about new pages. Thus, many
services use automated programs called "spiders" or "robots" that travel from site to site,
looking for new WWW pages. Some spiders only go to the "What's New" or the "What's
Hot" pages and use those for indexing the "popular" sites. Others methodically examine every
link leading from a page, and every link leading from that page, and so on... In some cases,
people examine the pages brought back from these programs, and don't index the pages that
don't meet certain criteria. So, these tools create three classes of web databases - those that
look at all WWW pages, those that examine popular WWW pages, and those that examine
quality web pages.

Component technology
The days of large, monolithic software systems are fast moving into oblivion. The pace of
software development becomes aggressive with development cycles reduced drastically. The
current trend favors a short-term development process where large and complex applications
are being built using a series of smaller parts, referred to as components. Component
technology is the next step in the evolution of software design and development. It is strongly
associated with Object technology, though this association is not necessarily an accurate one.
Here is an explanation of what is all about components and their usefulness. The area of
component technology has spawned a slew of new buzz-words, some of them are confusing.
What is a component?
Future systems shall be developed by assembling co-operative software units. These units
need not necessarily originate from the same vendor, but will conform to a standard interface
for units offering their respective functionality. Assembly of such units will be aided by use
of tools which will extract self descriptive information from these units. Delivery of such an
assembled system will involve the deployment of these units configured appropriately. These
units may be delivered on any platform. Such software units are known as components.

Components are typically business objects that have predefined and reusable behaviors.
Implementation detail is hidden in the interfaces, which isolate and encapsulate a set of
functionality. Interfaces are the means by which components connect. An interface is a set of
named operations that can be invoked by clients. More importantly, well-defined interfaces
define the component's entry points, and a component's accessibility is done only via its
interface. In a component-based approach, providers and clients communicate via the
specification of the interface, which becomes the mediating middle that lets the two parties
collaborate and work together.In summarizing, we have the following:

1. A component is an independent, application-level software unit that is developed for a

specific purpose and not for a specific application. Components are self-contained,
pluggable abstract data types. They are of large grained entities. Component assembly
(application development) is concerned with high level domain experts rather than
programmers. Programmers will be responsible for component construction and the
fabrication of components for use would be accomplished by component assemblers.

2. Components are accessed through well-defined interfaces. A component's interface

serve as the access points to its functionality. These interfaces may be implemented
by objects internal to the component, if the component developer so desires. But
interfaces may be implemented by a non-OO language.

3. Only a single instance of a component exist per system. If there are more than one
client accessing the functionality being provided by the component, different object
 references may be distributed to those clients. An object reference is a handle to an
object in a component which implements an interface.

4. Component comprised systems will typically feature components from different

vendors. Components will be interoperable by conformance to industry standard
interfaces

5. Components are platform-independent.

6. Components will be encapsulated and modular. Their internals may utilize inheritance
for implementation reasons. This fact will remain as an implementation detail, not
visible to the component clients. Components can not be extended by inheritance.