anda~elia) - eprints.utem.edu.myeprints.utem.edu.my/10501/1/implementation_of...kegunaan seperti...

BORANG PENGESAHAN STATUS TESIS*

JUDUL: fMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER AND STORAGE

SESIPENGAJIAN:~2~01~2~------------------------------------

Saya DANIE DANIAL BIN MOHAMED SALIM (HURUF BESAR)

mengaku membenarkan tesis (PSM/Sarjana!Dok.1:or FaJsafah) ini disimpan di Perpustakaan FakuJti Teknologi Maklumat dan Komunikasi dengan syarat-syarat kegunaan seperti berikut:

l. Tesis adaJah hakmilik Universiti TeknikaJ Malaysia Melaka 2. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan

membuat saJinan untuk tujuan pengajian sahaja 3. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan

membuat saJinan tesis ini sebagai bahan pertukaran antara institusi pengajian tinggi.

4. ** Sila tandakan (/)

SULIT

TERHAD

I TIDAK TERHAD

Alamat tetap: No 2 JaJan MP 11,

(Mengandungi maklumat yang berdarjah keselamatan atau kepentingan Malaysia seperti yang termaktub di daJam AKT A RAHSIA RASMI 1972)

(Mengandungi maklumat TERHAD yang telah ditentukan oleh organisasi/ badan di mana penyelidikan dijaJankan)

(T ANDA~ELIA) Melaka Perdana Resort Homes, 75450 A er Kerob,

DR SHEKH F AISAL BIN ABDUL LA TIP

Mel aka Nama Penyelia

Tarikh : ::L 'l /s / 1-0 1 )---~~~---

Tarikh : ..9. q / ~ I ;Lo I 1--

© Universiti Teknikal Malaysia Melaka

IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER AND STORAGE

DANIE DANLAL BIN MOHAMED SALIM

This report is submitted in partial fulfilment of the requirements for the Bachelor of Computer Science (Software Development)

FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY UNIVERSrTI TEKNIKAL MALAYSIA MELAKA

2012


II

DECLARATION

I hereby declare this project report entitled

IMPLEMENTATION OF SECURE CONFIDENTIAL-DOCUMENT TRANSFER

AND STORAGE

is written by me and is my own effort and that no part has been plagiarized without

citations.

STUDENT '214' Date1 1/'i /;fll L

(DANf{I;ANIAL BIN MOHAMED SALIM)

SUPERVISOR _ ______,&~..._______· _ _ Date: [;)_.'\ I g--} Q..o\ ~ (D~ SHEKH F AISAL BIN ABDUL LA TIP)


Ill

DEDICATION

To my beloved parents, Mohamed Salim Abbas and Faziah Omar

To my supervisor, Dr.Shekh Faisal Bin Abdul Latip

To my sisters and brothers

To my cooperative friends


IV

ACKNOWLEDGEMENTS

Alhamdulillah, Thanks to Allah SWT, whom with His v,rilling g•ve me the

opportunity to complete this Final Year Project which is titled Implementation of Secure

Confidential-Document Transfer and Storage. This final year project report was prepared

for Faculty of Information and Communication Technology (FTMK), Universiti

Teknikal Malaysia Melaka (UTeM), basically for student in final year to complete the

undergraduate program that leads to the degree of Bachelor of Computer Science. This

report is baseq on the methods given by the university.

Firstly, I would like to express my deepest thanks to my supervisor, Dr Shekh

FaisaJ Bin Abdul Latip for the inspirational instruction and guidance to me during this

project. His guidance helped me in all the time in my project. I could not have imagined

having a better supervisor for my project.

Deepest thanks and appreciation to my parents, siblings, and friends for their

cooperation, encouragement, constructive suggestion and full of support for the report

completion, from the beginning till the end.


v

ABSTRACT

This project describes the development of a system which main objectives are

to enhance the security and efficiency of the current system of file sharing and

message sharing process. This idea of implementing a system that employs a client

server architecture which involves a certificate authority (CA), which acts as a server

to issue a digital certificate and monitor all the client activities, and a client that uses

encryption technology in order to secure the content of the message and the files,

came up after studying the outdated and unsecure method of UTEMs process of

vetting exam question paper.

For this project, the development focused on the client side. The client side

will use a face recognition, which will be authenticated by the server. The client will

use AES algorithm and RSA algorithm in encryption the messages or files before

sharing or distributing the messages/files to other client. Each user will have their

own digital certificate, issued by the certification authority. User can use the client to

search for other online or offline user, validate their digital certificate and even send

an ofiline message. The client also features a separate decrypting tools to decrypt

received files at any time.

The interfaces and buttons will attempt to replicate the design and styles of

commercial system. The design also will be developed and focused primarily to

promote user friendly. This project will be developed in such a way that I can be run

even using low hardware and software specification, so that I can be run by most

computer. The system will be developed using VB.net languages, luxandFace SDK,

and developed for Windows environment.


VI

ABSTRAK

Projek ini menerangkan prose pembangunan sistem dimana objektif

utamanya adalah untuk meningkatkan keselamatan dan kecekapan sistem semasa

proses perkongsian fail dan perkongsian mesej. Idea untuk melaksanakan satu

sistem yang menggunakan seni bina client-server yang melibatkan certification

authority (CA), yang bertindak sebagai pelayan untuk mengeluarkan digital

certificate dan memantau semua ak.'tiviti client, dan client yang menggunakan

teknologi encryption untuk menjamin kandungan mesej dan fail-fail tersebut, timbul

selepas mengkaji kaedah yang ketinggalan zaman dan tidak selamat, yg digunakan

oleh UTEMs dalam proses vetting kertas soalan peperiksaan.

Untuk projek ini, focus tertumpu lebih kepada client. Sahagian client akan

menggunakan pengenalan muka, yang akan disahkan oleh pelayan. Pelanggan akan

menggunakan algoritma AES dan algoritma RSA dalam penyulitan mesej atau fail

sebelum berkongsi atau mengedar mesej I fail kepada pelanggan lain. Setiap

pengguna akan mempunyai digital certificate mereka sendiri, yang dikeluarkan oleh

certification authority. Pengguna boleh menggunakan klien untuk mencari pengguna

lain secara online atau offline, mengesahkan digital certifica te masing-masing dan

juga menghantar mesej offline. Client juga mempunyai fungsi yang berasingan, iaitu

alat decrypting untuk menyahsulitkannya yang fail diterima pada bila-bila masa.

Interface dan butang akan cuba direka dengan meniru reka bentuk dan gaya

sistem komersial . Reka bentukjuga akan dibangunkan dengan memberi tumpuan

untuk mempromosikan mesra pengguna. Projek ini akan dibangunkan supaya boleh

berfungsi walaupun menggunakan perkakasan yang rendah dan spesifikasi perisian,

supaya ianya boleh dikendalikan oleh kebanyakkan komputer. Sistem ini akan

dibangunkan dengan menggunakan VB.NET, luxandFace SDK, dan dibangunkan

untuk persekitaran Windows.


VJI

TABLE OF CONTENT

CHAPTER SUBJECT PAGE

DECLARATION II

DEDICATION Ill

ACKNOWLEGEMENT iv

ABSTRACT v

ABSTRAK VI

TABLE OF CONTENTS VII

LIST OF TABLE xii

LIST OF FIGURES xiv

LIST OF ABBREVIATION XVI

LIST OF ATtACHMENT XVII

CHAPTERl INTRODUCTION

1.1 Project Background

1.2 Problem Statement 2

1.3 Objectives ..., _,

1.4 Scopes 3

1. 5 Project Significant 4

1.6 Conclusion 5


CHAPTER II LITERITURE RIVIEW AND PROJECT

METHODOLOGY

CHAPTKRIO

2.1

2.2

2.3

2.4

2.4

3. 1

3.2

Introduction

Facts and Finding

2.2.1 Facts On Cryptography

2.2.1.1 Symmetric Key Cryptography

2.2.1 .2 Asymmetric Key Cryptography

2.2.1.3 Public Key InfTastructure (PKJ)

2.2.1.4 Secure Messaging

2.2. 1.5 Message Digest

2.2.1.6 Digital Signature

2.2.2 Facts On Biometric

2.2.2.1 Facial Recognition

2.2.3 Case Study

2.2.3.1 UTeM Vetting Process

2.2.3.2 Secure Electronic Registration

and Voting Experiment Case

Study

Project Methodology

Project Requirement

2.4.1 Software Requirement

2.4.2 Hardware Requirement

Project Schedule and Milestone

ANALYSTS

Introduction

Problem Analysis

3.2.1 Analysis of the Current System


6

6

7

7

8-9

9-10

10-11

II

11-1 2

12

13

14

14-15

15-17

17-19

19

20

21 -22

23

24

24

24-26

VIII

IX

3.2.1 Identified Problems 26

3.3 Requirement Analysis 27

3.3 .1 Data Requirement 27

3.3.2 Functional Requirement 28

3.3.3 Use Case Diagram 29-30

3.3.4 Software Requirement 30-31

3.3.4 Hardware Requirement 32

3.4 Conclusion 32

CHAPTER IV DESIGN

4.1 Introduction 33

4.2 High Level Design ..,.., .).)

4.2.1 System Architecture 33

4.2.2 User Interface Design 34-41

4.2.2.1 Navigation Design 41 -42

4.2.2.3 Input Design 42-43

4.2.3 Database Design 43

4.2.3.1 Conceptual and Logical 43

Database Design

4.3 Detailed Design 43

4.3.1 Software Design 44

4.3.1.1 Pseudo Code 44

4.3.2 Physical database design 45

4.3.2. 1 Data Definition Language 45

(DDL)

4.4 Conclusion 46

CHAPTER V IMPLEMENTATION

5.1 Introduction 47


X

5.2 Software Development Environment Setup 48

5.3 Software Configuration Management 49

5.3.1 Configuration Environment Setup 49

5.3.2 Version Control Procedure 52

5.4 Implementation Status 53

5.5 Conclusion 54

CHAPTER Vl TESTING

6.1 Introduction 55

6.2 Test Plan 55

6.2.1 Test Organization 56

6.2.1.1 System tester 56

6.2.1.2 Hardware tester 57

6.2.2 Test Environment 58

6.2.2.1 Location/environment 58

6.2.2.2 Hardware 59

6.2.2.3 Software 59

6.2.2.4 Firmware configurations and

Preparations 60

6.2.3 Test Schedule 61

6.3 Test Strategy 63

6.3.1 Classes ofTests 63

6.4 Test Design 64

6.4.1 Test Description 64

6.5 Test Result and Analysis 68

6.6 Conclusion 76


CHAPTER VIJ PROJECT CONCLUSION

7. 1 Observation on Weaknesses and Strengths

7.1.1 System Strengths

7.1.1.1 Security

78

78

78

7. 1.1.2 Practicality and User Friendly 79

7.1.1.3 Compatibility 79

7.1.2 System Weaknesses 79

7.1.2.1 Not Operations System

Universal 80

7.2

7.3

7.1.2.2 Hardware Reliant

Contribution

Conclusion

References

Bibliography

Appendices A (Gantt chart)

Appendices B (User Manual)


80

80

80

81

82

83

85

XI

Xll

LIST OF TABLES

TABLE TITLE PAGE

2.1 Facial Recognition Application 13

2.2 Software Requirement 20

2.3 Hardware Requirement 21

2.4 Milestone 23

3.1 Data Requirement for the -Digital Certificate Generator for

Corporate Public Key Infrastructure 27

3.2 Software Requirement 30


4.1 Features of Facial Recognition Module 35

4.2 Login Input Design 42

4.3 Enroll Input Design 42

5.1 Version Control Procedure for the system 53

5.2 Implementation Status 53

6.1 List of System Tester 56

6.2 List ofTester 57


6.4 Test module of SCDTSS 61

6.5 Classes of Tests 63

6.6 Login Test Case 65

6.7 Connection to Server Test Case 65


X It!

6.8 Search digital certificate 66

6.9 Generate secret key 67

6.10 Encrypting message 67

6.11 Encrypting file 68

6.13 Test Result and Analysis for Login Module 68

6.14 Test Result and Analysis of downloading digital certificate 70

6.15 Test Result and Analysis of searching others staff digital

certificate 70

6.16 Test Result and Analysis of generating secret key 71

6.17 Test Result and Analysis of encrypting and sending message 72

6.18 Test Result and Analysis of Company Profile 74

6.19 Test Result and Analysis of showing expanded information 75


XIV

LrST OF FIGURES

FIGURE TITLE PAGE

2.1 Symmetric Cryptography 7

2.2 Symmetric Cryptography 8

2.3 RSA algorithm 9

2.4 Public Key Infrastructure (PKI) 10

2.5 Private/Public Key Usage 10

2.6 Message Digest Implementation 11

2.7 Digital Signature 12

2.8 Facial Recognition Process 13

2.9 Vetting Procedure In UTeM 14

2.10 Architecture of SERVE 16

2.1 1 Implementation of digital signature in SERVE 16

2.12 How SERVE defends against attack 17

2.13 Rapid Application Development (RAD) Cycle 18

3.1 Vetting procedure in UTeM 25

3.2 Flow chart for certificate registration 28

3.3 Data flow diagram 29

3.4 Use case diagram 30

4.1 The system architecture 34

4.2 Facial SDK 66 recognized point 36

4.3 Log-in Interface 36


XV

4.4 Log in successful interface 37

4.5 Distribution of digital certificate by CA 38

4.6 Searching for digital certificate Interface 38

4.7 Process ofvalidating the certificate 39

4.8 Mouse position on the status strip 39

4.9 Main Interface 40

4.10 Message Transmission process 40

4.11 Expanded View of the main menu 41

4.12 Navigation design 42

4.13 Entity Relationship Diagram 43

4.14 SQL Statement to save digital certificate into database 46

4.15 SQL statement to select digital certificate from the database 46

5. l Environment Architecture of SCDTSS 48

5.2 Configuration Management Principles 50

5.3 Configuration Management for managing version 51

5.4 Numbering version scheme 52

6.1 Login Interface 69

6.2 Error message when login failed 70

6.3 Download digital certificate message box 70

6.4 Inserting Secret key 71

6.5 Insert staff ID 72

6.6 Certificate found 72

6.7 Key successfully generated 73

6.8 Message sent and received 74

6.9 Encrypting files 75

6.10 Additional information displayed on the bottom ofthe main

menu. 76


ABBREVIATION

DFD

DDL

ERD

UTeM

LIST OF ABBREVlA TIONS

WORD/DESCRIPTION

Data Flow Diagram

Data Definition Language

Entity Relationship Diagram

Universiti Teknikal Malaysia Melaka


XVI

ATTACHMENTS

A

B

LIST OF ATTACHMENTS

TITLE

Gantt chart

User Manual


PAGE

84

86

XVII

1

CHAPTER I

INTRODUCTION

l.l Project Backgnmnd

Everybody needs a sense of security and privacy in their life. This is the basic

needs of human. This basic need also apply in the IT and cyber world. As an

individual, we need to secure anything that is private and personal to us. As an

organization, it is essential that sensitive data being protected. A breach of such

security and privacy could result in safety concern, and loss in terms of profit for

organization. That is why we need to secure anything that is important and private to

us.

Encryption is one of the most effective methods to secure a files or

application. This process of encryption hides the contents of a message in a way that

the original information is recovered only through a decryption process. The purpose

of Encryption is to prevent unauthorized parties from viewing or modifying the data.

Encryption occurs when the data is passed through some substitute technique,

shifting technique, table references or mathematical operations. All those processes

generate a different form of that data. The unencrypted data is referred to as the

plaintext and the encrypted data as the cipher text, which is representation of the

original data in a difference form.

Key-based algorithms use an Encryption key to encrypt the message. There

are two general categories for key-based Encryption: Symmetric Encryption which

uses a single key to encrypt and decrypt the message and Asymmetric Encryption

which uses two different keys - a public key to encrypt the message, and a private

key to decrypt it. Currently, there are several types o f key based Encryption


2

algorithms such as: HASH, RSA, AES, BLOWFISH, RC6, and others but all of

these algorithms depend on high mathematical manipulations.

In this project, a secure classified-document transfer and storage application

·will be developed, to address the problem of security attack and security flaw, and

provide a secure method of sharing and storing classified documents.

1.2 Problem Statements

Security and privacy has been considered a basic need for human. It is crucial to

protect individual or organization privacy and sensitive as failure to do so might

cause trouble, problem and even crimes involving theft, fraudulence, and industrial

spying. However, the current culture and society still take security issue for granted.

Most individual and organization only employed and implemented minimum security

measure at most, and the rest are still ignorance on issue related to security and

privacy. The majority of business and educational institution are still using paper

based submission, which is very unsecure way of circulating or transmitting sensitive

and private information. To address this problem, most has already adopted a system

that can send the soft-copy of the private files or messages, over the network, such as

LAN or WAN. But still this method are not considered as a safer alternative as the

files and messages can still be intercepted or sniffed. Message wrote in a plain-text

format can easily be sniffed and read using Wireshark, a network monitoring tools

that are available on the internet, free for download. File that was intercepted can

readily be run or opened. Without applying an encryption on these messages or files,

there is no use in migrating from paper-based system to computerized network based

system.

Furthermore, with the current method or system, there is no way to be sure that

there is no impersonation occur, which means that the person we are communication

with are no an impersonator. There is also no effective way to ensure the integrity of

the message, and proof of origin (non-repudiation). If there is a dispute, a

complication will arise because the sender can deny the content of the message or

even deny having sent it.


3

In short, the current method of sharing and sending classified information or files

have no:

• Confidentiality to prevent unauthorized disclosure or information.

• Integrity to prevent unauthorized modification or substitution of information.

• Availability which prevent unauthorized withholding of information or

resources (denial of service)

• Non repudiation, to avoid sender from deny the content of the message or

even deny having sent it

1.3 Objectives

There are four main objective of the project. They are:

• To develop an application that is capable of sending and storing files/message

securely by means of encryption technology.

• To provide the application with better security by implementing biometrics

face recognition login

• To ensure the developed software is user-friendly, practical and lightweight.

1.4 Scope

• Encryption Algorithm

For this project, only block cipher encryption will be implemented. The

encryption algorithm are Advanced Encryption Standard (AES) or rijndael

algorithm and RSA algorithm.

Stream cipher will not be use, as it is deemed unsuitable for this project

This project will not explore or analyze these algorithm and its mathematical

formulae in details.


4

• Environment

This application IS intended to be used on windows operating system

environment, and this project will on limits its scope on window environment.

• Workstation

This application is intended to be use on computer, laptops and netbook.

Therefore this project will not cover on its usability, or guarantee its stability

in other device such as mobile phone or tablet pc.

• Digital Certificate and Certification Authority

Although this application rely on digital certificate to accomplish its

objectives, this project do not cover on the subjects of generation of the

asymmetric key (private/public key), creation of digital certificate, and its

distribution.

1.5 Project Significance

The implementation of encryption method in securing messages and files,

will surely increased the level of privacy and security of individual or organization.

Files and messages can be send and distributed freely without worrying about the

content being exposed or sniffed, as the content is encrypted and the cipher text is

useless to those who did not know the private key. This will surely increase the

productivity and stability of individual or organization.

1.6 Conclusion

Security and privacy remains as one of the basic needs of human being. It is

also important for large organization and business. To an individual, protecting this

means protecting their safety, and to a business organization protecting and security


means protecting their money. Therefore to ensure privacy and security,

cryptography is one of the best and practical methods.

That is why protecting and securing files and messages by means of

encryption is the main focus of th.is project, where the software is expected to be

simple, user friendly and yet practical and full with features .

5

In the next chapter, the report will explain about literature review and project

methodology used throughout the project. The literature review discusses the domain

related to the project.


6

CHAPTER II

LITERATURE REVIEW AND PROJECT METHODOLOGY

2.1 Introduction

This chapter will discuss in details on literature review related to the project

and also the methodology used in researching and completing the project. The

purpose of this chapter is to conduct the research about the other systems or

applications that are similar to the system that will be developed. All aspect is

studied in order to develop a system that is more effective. Furthermore, the

discussion is also including the methodologies, techniques, hardware and software

that being used in other research. The comparison between them is analyzed to

highlight the differences thus determine the better solutions for this project.

2.2 Facts and finding

Approach, passed research, reference and case study will be discussed under

this topic. The approach will be supported from a publish materials or passed

research.


anda~elia) - eprints.utem.edu.myeprints.utem.edu.my/10501/1/implementation_of...kegunaan seperti...

Documents