GOVERNMENT ENGINEERING COLLEGE, AURANGABAD

(An Autonomous Institute of Government of Maharashtra)

“IN PERSUIT OF TECHNICAL EXCELLENCE”

PROJECT PROPOSAL
ON
“CYBER SECURITY APP ”

SUBMITED
BY

RITEEK CHOPKAR - BE21F05F018

SHREYA DAMBHARE - BE21F05F019
DARSHANA DAUDA - BE21F05F020
ANIRUDDHA DESAI - BE21F05F021
VISHAL GADEKAR - BE21F05F023

GUIDED
BY

Prof. Z. Ali

ACADEMIC YEAR 2022-2023

DEPARTMENT
OF
COMPUTER ENGINEERING
 GOVERNMENT ENGINEERING COLLEGE, AURANGABAD
(An Autonomous Institute of Government of Maharashtra)

CERTIFICATE

This is to certify that Enrollment no BE21F05F018, BE21F05F019,

BE21F05F020, BE21F05F021, BE21F05F023, has successfully completed
project proposal regarding topic “
” during the academic year 2022-2023, in partial fulfilment of Engineering
in Computer Engineering of Government Engineering College, Aurangabad. To
the best of my knowledge and belief this project work has not been submitted
elsewhere.

Date: 08/05/2023

Prof. Z. Ali Prof. Sudhir Shikalpure

(Lecturer in Mechanical Eng.) H.O.D CO
Guide

Dr. A.S.Bhalchandra
PRINCIPAL
 ACKNOWLEDGEMENT

We take an immense pleasure in thanking Dr. A.S. Bhalchandra,the

principal, Government Engineering College, Aurangabad, our source of inspiration. We wish
to express our deep sense of gratitude to Prof. Sudhir Shikalpure, our respected Head of
Department Computer Engineering, and Prof. Z. Ali, my guide for having permitted us to
carry out this project proposal under his valuable guidance and useful suggestions, which
have helped us in completing the project in time.

I would also like to thank to all our faculty members of our department for their
valuable suggestion in the process of this project work. Finally, yet importantly, I would like
to express our thanks to our beloved parents for their blessings. Last but never the least; let us
thanks our friends and classmates for their help and co-operation for the successful completion
of this project proposal.

RITEEK CHOPKAR - BE21F05F018

SHREYA DAMBHARE - BE21F05F019
DARSHANA DAUDA - BE21F05F020
ANIRUDDHA DESAI - BE21F05F021
VISHAL GADEKAR - BE21F05F023

)
 A growing amount of information is becoming digital and accessible
through wireless and wired digital communication networks in addition to the pervasive
internet. One of the primary reasons is the rapidly changing technological landscape and
the fact that software adoption is steadily rising across numerous industries, including
finance, government, military, retail, hospitals, education, and energy, to name a few.
Since cybercriminals value all extremely sensitive information greatly, it is crucial to
safeguard it using robust applications of cybersecurity.

Cybersecurity is defending sensitive data and important systems from online

threats. Cybersecurity measures, sometimes referred to as information technology (IT)
security, are intended as counterattacks to threats, whether they come from inside or
outside of an organization. Several organizations ensure their employees undergo
training for the same. Although the Cybersecurity course duration may vary, employees
get an opportunity to build expertise in the subject and reduce cyberattack possibilities.

. In this report, we will provide an overview of our cybersecurity app, including its
features, target audience, business model, and technical details. We will begin by
discussing the features of our app, including real-time threat detection, encryption, two-
factor authentication, and vulnerability scanning. We will then describe our target audience,
including small to medium-sized businesses, professional services, high-net-worth
individuals, and tech-savvy individuals, and explain how our subscription-based pricing
model offers an affordable and effective solution for a wide range of users.

Next, we will outline the technical details of our app, including its architecture,
programming languages, and frameworks, as well as its scalability and performance
capabilities. We will also discuss our data privacy and security measures, including our
encryption standards and protocols.

Finally, we will describe our business model, including our revenue model, cost structure,
and marketing strategy. We will explain how we plan to reach our target market and
generate a sustainable revenue stream through our subscription-based pricing model.

Overall, this report provides a comprehensive overview of our cybersecurity app and the
value it offers to users. We believe that our app provides a powerful set of features and
tools that are essential for anyone looking to protect their sensitive information and
systems against cyber threats.
We are interested in developing concepts about models of cyber security to serve as
an inspiration for researchers to advance the technology of models for counteracting cyber
threats; for practitioners to use as a guide for responding to cyber terror; for university
students to use in preparing for careers in cyber security; and as a contribution to society
as a whole by reducing the threat of cyber terror.

We are motivated to develop model concepts, and the models that flow from the
concepts, because of the severity of the cyber security problem, and the havoc that cyber
attacks are wrecking on the world’s information infrastructure.
In addition, since a major problem in cyber security is the inability to predict risk
associated with a given type of attack, our proposed models include an approximation of
risk prediction as a function of probability of attack, vulnerabilities, and the consequences
of the specified type of attack.
We expect this research to have cross discipline application in the fields of computer
science, systems engineering, electrical engineering, and operations research.
For example, the models we have developed, as applied to the electric grid, involve
knowledge of electrical engineering and operations research for model building. Also, we
anticipate that by doing a detailed analysis of the cyber threat to the electric grid, and by
sharing the research results with other researchers and grid operators, a better
understanding of the cyber threat problem will be achieved.
We propose to tackle this problem by developing fundamental concepts in the realm
of cyber threat predictive modeling. Furthermore we propose to map our cyber security
models to the electric grid environment. We have already done considerable work in
developing the concepts and models, as the detailed examples will attest. In addition, we
plan to identify and collect cyber security data from electric grid operators, such as the
Cyber security is another major modern-age necessity that equips the world with a safe
digital and cyber ecosystem. The majority of company operations are conducted through the
internet, exposing data and resources to a variety of cyber dangers. Since data and system
resources are the foundations of the organization, it goes without saying that a danger to
these entities is a threat to the organization as a whole.
 Objective of app

The CIA triad is made of three components- Confidentiality, Integrity, and Availability.
Let us discuss each of them and their respective tools to achieve the main goal of cyber
security.
1. Confidentiality:
Confidentiality is similar to privacy in that it prevents unauthorized disclosure of information.
It entails data security, granting access to those who are permitted to see it while preventing
others from discovering anything about its contents. It ensures that vital information does
not reach the wrong people while also ensuring that the appropriate ones receive it. Data
encryption is a wonderful example of how to keep information private.

Tools for accomplishing the goal of cyber security through Confidentiality

 Encryption is a means of applying an algorithm to change data such that it is unintelligible

by unauthorized users. The data is transformed using a secret key and the altered data can
only be read with another secret key. It encrypts and transforms sensitive data, such as
credit card information, into unreadable ciphertext. Only by decrypting this encrypted data
can it be read. The two main types of encryption are asymmetric-key and symmetric-key.

 Access Control: refers to the set of rules and procedures that govern who has access to a
system or to physical or virtual resources. It is the process of granting users access to
systems, resources, or information, as well as particular privileges. Users of access control
systems must present credentials such as a person's name or a computer's serial number
before being permitted access. These credentials can take numerous forms in physical
systems, but credentials that cannot be transferred provide the best security.
 Authentication: An authentication procedure is one that ensures and confirms a user's
identity or role. Authentication is a must for all companies because it allows them to
safeguard their networks by allowing only authenticated users to access protected
information. Computer systems, networks, databases, webpages, and other network-based
applications or services are examples of these resources.
 Authorization is another security that entails getting authorized or being allowed to get or do
something. It is used to assess whether a person or system is permitted access to resources,
including computer programs, files, services, data, and application features, based on an
access control policy. It is usually followed by authentication, which verifies the user's
 identity. Permission levels are frequently assigned to system administrators that encompass
all system and user resources. A system verifies an authenticated user's access rules during
authorization and either provides or denies resource access.

 Physical security refers to safeguarding IT assets such as premises, equipment, staff,

resources, and other items against unwanted access. It guards against physical dangers
such as theft, vandalism, fire, and natural calamities.

2. Integrity:
The means for guaranteeing that data is real, correct, and protected against unauthorized
user modification is referred to as integrity. It is a property that information has not been
tampered with in any manner and that the information's source is legitimate.

The goal of integrity in cyber security is carried out by employing the following tools:
 Backups: are the archiving of data on a regular basis. It is the process of duplicating data or
data files to be used in the event that the originals are lost or destroyed. Additionally, it is
used to make copies for historical purposes, such as longitudinal research, statistics, or
historical records, or to comply with a data retention policy's obligations.
 Checksums: A checksum is a numerical value that is used to check the integrity of a file or
data transfer. In other words, it's the calculation of a function that converts a file's contents
into a numerical value. They're commonly used to compare two sets of data to ensure that
they're identical. A checksum function is based on a file's whole contents. It is built in such
a way that even a minor change to the input file will most likely result in a different output
value.
 Codes for Data Correction: It's a technique for retaining data in a manner that slight
modifications may be recognized and repaired automatically.
3. Availability
Availability is the property of being able to access and modify information in a timely manner
by those who are allowed to do so. It ensures that only authorized personnel have access
to the sensitive data on a consistent and dependable basis. The availability principle is
operated by employing the following tools:

 Physical Protection- refer to the ability to keep information accessible even when faced with
physical difficulties. It ensures that sensitive data and important information technologies are
kept in safe places.
 Computational Redundancy- used as a fault-tolerant system against unintentional failures.
It safeguards computers and storage devices that act as backups in the event of a system
failure.
Individuals within or outside the company are most likely to pose a threat. It's critical to have
the right safeguards in place and to keep your staff alert with a cyber security course and
awareness training, whether it's cybercriminals attacking you maliciously with phishing
emails, malware, ransomware, or social engineering attacks – or your employees
"accidentally" deleting crucial data.
Anything you can use to fight hazards and reduce risk is referred to as a safeguard. They
can be software or hardware, but they are most crucially management policies and
processes that must be followed by everyone in the organization, including clients.

Target Audience

Our cybersecurity app is targeted towards both individuals and businesses who are
concerned about the security of their data and systems. Our primary target audience
includes:

1. Small to Medium-sized Businesses (SMBs): SMBs often lack the resources to implement
comprehensive cybersecurity measures, leaving them vulnerable to cyber threats. Our app
provides an affordable and effective solution for SMBs to protect their systems and data
against cyber attacks.
2. Professional Services: Industries such as finance, healthcare, and legal services deal with
sensitive and confidential data on a daily basis, making them a prime target for cyber
attacks. Our app provides a secure and reliable way for professionals to protect their data
and systems.
3. High-Net-Worth Individuals (HNWIs): HNWIs often have a significant amount of personal
and financial information stored online, making them vulnerable to cyber attacks. Our app
provides a high level of security and protection to safeguard their sensitive data.
4. Tech-savvy Individuals: Individuals who are interested in cybersecurity and want to take an
active role in protecting their systems and data will find our app useful. Our app provides
easy-to-use tools and features to help them monitor and secure their systems.
 By targeting these audiences, we aim to provide a solution that meets the needs of a wide
range of users, from individuals to small businesses and professionals.

Features

1. Real-time Threat Detection: Our app will use advanced machine learning algorithms to
detect and respond to cyber threats in real-time, including malware, phishing, and
ransomware attacks.
2. Firewall Protection: Our app will include a firewall to block unauthorized access to user
systems and data, as well as to monitor network traffic and detect and respond to any
suspicious activity.
3. Encryption: Our app will use encryption to secure user data both at rest and in transit,
including AES-256 encryption for sensitive data such as passwords and financial
information.
4. Two-Factor Authentication: Our app will include two-factor authentication to prevent
unauthorized access to user accounts, requiring users to provide a second form of
identification such as a code sent to their phone or email.
5. Anti-Virus and Anti-Malware: Our app will include advanced anti-virus and anti-malware
features to prevent and remove malicious software from user systems.
6. Web Protection: Our app will include web protection to prevent users from accessing
malicious websites and to block potentially dangerous downloads.
7. Data Backup and Recovery: Our app will include data backup and recovery features to
ensure that user data is protected in the event of a system failure or cyber attack.
8. Vulnerability Scanning: Our app will include vulnerability scanning to identify and remediate
potential security weaknesses in user systems and networks.
9. Reporting and Analytics: Our app will provide users with detailed reporting and analytics on
their security posture, including information on threats detected and remediated, and
recommendations for improving their security.
 Technical details

1. App Architecture: Our cybersecurity app will be developed using a microservices

architecture, with separate services for authentication, encryption, access control, and
threat detection. We will use Java and Node.js for backend development, and React.js for
frontend development. The app will communicate with other systems and software via
REST APIs.
2. Security Features: Our app will include a range of security features, including AES-256
encryption for data at rest and in transit, two-factor authentication for user login, role-based
access control, and real-time threat detection using machine learning algorithms. We will
also implement a secure coding approach, following industry best practices such as
OWASP Top 10.
3. User Interface: The app's user interface will be designed for ease of use and simplicity,
with a modern, intuitive layout that provides users with quick access to key features.
Screenshots of the app's UI are included in the proposal document.
4. Data Storage: The app will use a secure, encrypted database for storing user data, with
backup and disaster recovery measures in place to ensure data integrity and availability.
We will also implement a data retention policy to ensure that user data is not retained
longer than necessary.
5. Testing and Validation: Our app will undergo rigorous testing and validation to ensure that
it is fully functional and secure. We will use a combination of manual and automated
testing techniques, including penetration testing and vulnerability scanning, to identify and
remediate any security issues.
6. Integration with Other Systems: Our app will integrate with a range of other systems and
software, including cloud services such as AWS and Azure, network infrastructure such as
firewalls and intrusion detection systems, and other security tools such as SIEMs and
endpoint protection software. We will use industry-standard APIs and protocols such as
OAuth 2.0 and SAML for integration.
7. Deployment and Maintenance: The app will be deployed using a containerized approach,
with Docker containers and Kubernetes orchestration. We will provide ongoing
maintenance and support to ensure that the app remains up-to-date and secure, with
regular updates and patches as needed. Users will have access to a support portal and
help desk for assistance with any technical issues or questions.
Business model

Our cybersecurity app will be offered as a subscription-based service, with several tiers of
pricing based on the number of users and level of features. Our revenue model will be
based on a monthly or annual subscription fee, depending on the user's preference.

Our pricing tiers will range from a basic plan for individual users, to more advanced plans
for small to medium-sized businesses and enterprise-level customers. Each pricing tier will
offer additional features and support options, such as 24/7 customer support and
dedicated account management.

We will also offer a free trial period to allow users to test the app's functionality and
security features before committing to a paid subscription.

Our target market includes both businesses and individuals who are concerned about the
security of their data and systems. We will focus our marketing efforts on industries with
high cybersecurity risk, such as finance, healthcare, and government.

To reach our target market, we will use a combination of targeted advertising, content
marketing, and partnerships with other companies in the cybersecurity industry, including
software vendors, security consulting firms, and managed security service providers.

Our cost structure will primarily consist of software development, marketing and
advertising, customer support, and ongoing maintenance and updates. We will manage
these costs by balancing our pricing with our expenses and focusing on operational
efficiency.

Overall, our business model is designed to provide a comprehensive cybersecurity solution

for individuals and businesses while generating a sustainable revenue stream through
subscription-based pricing.
Conclusion

In conclusion, our cybersecurity app is designed to provide a comprehensive solution for

protecting user systems and data against cyber threats. With features such as real-time
threat detection, encryption, two-factor authentication, and vulnerability scanning, we aim
to provide users with a high level of security and protection.

Our target market includes small to medium-sized businesses, professional services, high-
net-worth individuals, and tech-savvy individuals who are concerned about the security of
their data and systems. By offering a subscription-based service with pricing tiers based on
the number of users and level of features, we aim to provide an affordable and effective
solution for a wide range of users.

We will focus our marketing efforts on industries with high cybersecurity risk, including
finance, healthcare, and government, and will use a combination of targeted advertising,
content marketing, and partnerships with other companies in the cybersecurity industry to
reach our target market.

Overall, our goal is to provide users with peace of mind knowing that their systems and
data are protected against cyber threats, while generating a sustainable revenue stream
through our subscription-based pricing model. We believe that our cybersecurity app is a
valuable solution for anyone looking to improve their cybersecurity posture and protect
their sensitive information.