Docstoc

SNARE - A Strong Security System

Document Sample
SNARE - A Strong Security System Powered By Docstoc
					SNARE – A Strong Security
System For Network Attached
Storage


Prepared by : Sasanka




                        1
                                    1. INTRODUCTION



1.1 Objective

The objective of the project is to implement a strong security scheme for network-attached
storage system. When we transfer a document to the shared folders of a server, the data has to be
automatically stored in the shared folders. The data which is stored in the shared folders should
not be accessed by any other system connected2 in the network to the server, even upon copying.
In this system cryptography is plays a vital role to protect the data from spoofing, tampering,
eavesdropping and other attacks. ―SNARE – A strong security system for network attached
storage‖ aims at protecting the user data which is present on a networked storage system.



1.2 Problems with Network Attached Storage
To protect the data stored in the shared folders of the server, a separate mechanism is needed. To
protect the data from spoofing, tampering, eavesdropping and replay attacks, the anti-spoofing,
anti-tampering, anti-eavesdropping system is essentially required and has to be developed. This
system should work on any operating system environment. This system should accept the storage
of documents from any operating system. The main problem with the NAS is the exposure of
accessibility to all kinds of users and limited capability to provide enough security and privacy.



                                                 2
1.3 The Existing System
The existing system for network Attached Storage is provided by Microsoft through Network
File System as well as Server Message Block System. This system doesn’t implement any
encryption policies to keep the user data protected. The users who store the data in the shared
folder can see the others’ data. This kind of Storage-system may allow people to tamper or spoof
others’ data within the NAS. The existing system can’t provide enough security for the data
stored in the shared folders of the server. The existing system remains open for all the clients
and even does not provide any protection against unauthorized file manipulations or deletions.




1.4 The Proposed System

The proposed system is a stand-alone application which will be deployed in clients as well as
servers. The application allows the user to store the documents in the server securely. This
system has a feature to lock the folder where the user stores his data by providing a security key.
Only by entering the security key, can the user retrieve his data back. This system provides also
provides high security through a strong security algorithm - Triple DES.




                                                3
                            2. LITERATURE SURVEY

Environment

Java was conceived by James Gosling, Patrick Naughton and Mike Sheridan at Sun
Microsystems, Inc in 1991. It took 18 months to develop the first working version. This language
was initially called ―OAK‖, but was renamed as ―JAVA‖ in 1995 - Before the initial
implementation of OAK, in 1992.

2.1 Java

An Object-Oriented Programming Language (OOPL), developed at Sun Microsystems, Inc. A
Virtual Machine Runtime Environment that can be embedded in a Web Browser, Java is a
powerful Object-Oriented Programming Language. Java adds up as an effective and useful
component of the Internet through the Applets which can be embedded into Web pages. An
Applet can be an animation with sound, an interactive game, or any other major component of
the web. Applets can be powerful applications like Word Processor, or a Spread sheet. Java has
best features of C++ and C programming languages. The extra features that Java incorporates are
multi-threading, Garbage Collection and extended security policies.




Java is actually a platform consisting of three components:

    Java Programming Language.
    Java Library of Classes and Interfaces.


                                                4
     Java Virtual Machine.



It also has a Standardized set of packages ( Classes , Interfaces ).


     Creating Graphical User Interfaces.
     Controlling Multimedia Data.
     Communicating Over Networks.
Features Of Java

Java is Simple, portable , Object Oriented. Java also features Auto Code Correction, Garbage
Collection. Java is robust, Scalable, Multi-threaded and Secure.



2.1.1 Java Is Portable

One of the biggest advantages Java offers is it’s portability. An application written in Java runs
on all major platforms. Any computer with a Java based browser can run the applications or
applets written in Java. A programmer no longer has to write one program to run on Macintosh
and another program to run on Windows and still another program for a UNIX machine and so
on. The Virtual Machine is what that gives Java cross platform capabilities.

Rather than being compiled into a Machine Language, which is different for each Operating
System, Java code is compiled into Byte Code. These Byte Codes go to a Java Virtual Machine,
which executes them directly and translates them into a language understood by the machine that
runs it.

2.1.2 Java object oriented

The Java Programming Language is Object Oriented, which makes program design focus on
what you are dealing with rather than on how you are going to do something. This makes it more
useful for programming in sophisticated projects because one can break the things down into
understandable components. A big benefit is that these components can then be reused.




                                                  5
Object Oriented Languages use the paradigm of classes. In simplest term, a class includes both
the data and methods to operate on the data. You can create an instance of a class, also called an
Object, which will have all the data members and functionality of its class. Because of this, you
can think of a class as being like template, with each object being specific instance of a particular
type of class.

The class paradigm allows one to encapsulate data so that specific data values are those using the
data cannot see function implementation. Encapsulation makes it possible to make the changes in
code without breaking other programs that use the code. If for example the implementation of a
function is changed, this change is invisible to the programmer who invokes that function, and it
does not affect his/her program, except hopefully to improve it. Java includes inheritance, or the
ability to derive new classes from existing classes. The derived class, also called a subclass,
inherits all the data and functions of existing class, referred to as the parent class. A subclass can
add new data members to those inherited from the parent class. As far as methods are concerned,
the subclass can reuse the inherited methods as it is, change them, and/or add its own new
methods.

2.1.3 Java makes it easy to correct code

In addition to being portable and object oriented, Java facilitates writing correct code.
Programmers spend less time writing Java code and a lot less time debugging it. In fact,
developers have reported slashing development time by as much as two thirds.




The following is a list of some of java’s features that make it easier to write correct code:

2.1.3.1 Garbage Collection

Automatically takes care of allocating memory, a huge potential source of errors. If an object is
no longer being used (has no references to it), then it is automatically removed from memory.
Dynamic binding is possible and often very useful, but static binding with strict type checking is
used when possible.

2.1.3.2 Simplicity


                                                  6
Makes Java easier to learn and use correctly . java keep it simple by having just one way to do
something instead of having several alternatives, as in some languages. Java also stays lean by
not including multiple inheritance, which eliminates the errors and ambiguity that arise when you
create a subclass that inherits from two or more classes. Java lets you add functionality to a class
of interfaces.




2.1.3.3 Java includes a Library of Classes and Interfaces

The Java platform includes an extensive class library so that programmers can use already
existing classes, as it is, create subclasses to modify existing classes, or implement interfaces to
augment the capabilities of classes.

Both classes and interfaces contain data members (fields) and functions (methods). But there are
major differences. In a class, fields may be either variable or constant, and methods are fully
implemented. In an interface, fields must be constants, and methods are just prototypes with no
implementations. The prototypes give the method signature (the return type, the function name,
and the number of parameters with the type for each parameter), but the programmer must
supply implementations.

To use an interface, a programmer defines a class, declares that it implements the interface, and
then implements all the methods in that interface as part of the class. These methods are
implemented in a way that is appropriate for the class in which the methods are being used.
Interfaces let one add functionality to a class and give a great deal of flexibility in doing it. In
other words interfaces provide most of the advantages of multiple inheritance without its
disadvantages.




A package is collection a collection of related Java classes and interfaces. The following list,
through not complete, gives example of some Java packages and what they cover.



                                                 7
    Java.lang: This package is so basic that it automatically included in any java program. It
       includes classes dealing with numeric, strings, objects, runtime, security and threads.
    Java.io: Classes that manages reading data from input streams and writing data to the
       output streams.
    Java.util: Miscellaneous utility classes, including generic data structures, bit sets, time,
       date, the string manipulation, random number generation, system properties, notification
       and enumeration of data structures.
    Java.net: Classes for network support.
    Java.awt: Classes that manage user interface components such as windows, dialog boxes,
       buttons, checkboxes, lists, menus, scrollbars and text fields. The ―AWT‖ stands for
       Abstract Window Toolkit.
    Java.awt.image: Classes for managing image data, including color models, dropping
       color flittering, setting pixel vales and grabbing snapshots.
    Java.applet: The Applet class, which provides the ability to write applets, this package
       also includes several interfaces that connect an applet to its documents and to resources
       for playing audio.
    Java.sql: The JDBC API, classes and interfaces that access databases and send sql
       statements.

The first three packages listed, java.lang, java.io, java.util form the foundationand they are basic
classes and interfaces for general purpose programming.

Java development kit version 1.1added some new packages, with JDBC being one of them.
Other new packages include such things as RMI, Security and Java Beans, the new API for
creating reusable components.



2.2 Swings

The swing toolkit includes a rich set of components for building GUI’s and adding interactivity
to Java Applications. Swing includes all the components like table controls, list controls, tree
controls, buttons, labels, Menus, Events, Action listeners etc.




                                                 8
It includes rich Undo Support, a highly-customizable text package, integrated internationalized
and accessibility support. Swing supports your own look and feel interfaces such as drag and
drop, event handling, customizable painting and window management. Swing is a part of Java
Foundation Classes (JFC). JFC also include other important features to the GUI programmes
such as ability to add rich graphic functionality.

2.2.1The Swing Architecture

Swing is a platform-independent, Model-View-Controller GUI framework for Java. It follows a
single-threaded programming model, and possesses the following traits:

Foundations:

2.2.1.1 Platform independence

Swing is platform independent both in terms of its expression (Java) and its implementation
(non-native universal rendering of widgets).

2.2.1.2 Extensible

Swing is a highly partitioned architecture, which allows for the "plugging" of various custom
implementations of specified framework interfaces: Users can provide their own custom
implementation(s) of these components to override the default implementations. In general,
Swing users can extend the framework by extending existing (framework) classes and/or
providing alternative implementations of core components.

Swing is a component-based framework. The distinction between objects and components is a
fairly subtle point: concisely, a component is a well-behaved object with a known/specified
characteristic pattern of behaviour. Swing objects asynchronously fire events, have "bound"
properties, and respond to a well-known set of commands (specific to the component.)
Specifically, Swing components are Java Beans components, compliant with the Java Beans
Component Architecture specifications.

2.2.1.3 Customizable




                                                     9
Given the programmatic rendering model of the Swing framework, fine control over the details
of rendering of a component is possible in Swing. As a general pattern, the visual representation
of a Swing component is a composition of a standard set of elements, such as a "border", "inset",
decorations, etc. Typically, users will programmatically customize a standard Swing component
(such as a JTable) by assigning specific Borders, Colors, Backgrounds, opacities, etc., as the
properties of that component. The core component will then use these property (settings) to
determine the appropriate renderers to use in painting its various aspects. However, it is also
completely possible to create unique GUI controls with highly customized visual representation.




2.2.1.4 Configurable

Swing's heavy reliance on runtime mechanisms and indirect composition patterns allows it to
respond at runtime to fundamental changes in its settings. For example, a Swing-based
application can change its look and feel at runtime. Further, users can provide their own look and
feel implementation, which allows for uniform changes in the look and feel of existing Swing
applications without any programmatic change to the application code.

2.2.1.5 Lightweight UI

Swing's configurability is a result of a choice not to use the native host OS's GUI controls for
displaying itself. Swing "paints" its controls programmatically through the use of Java 2D APIs,
rather than calling into a native user interface toolkit. Thus, a Swing component does not have a
corresponding native OS GUI component, and is free to render itself in any way that is possible
with the underlying graphics APIs.

However, at its core every Swing component relies on an AWT container, since (Swing's)
JComponent extends (AWT's) Container. This allows Swing to plug into the host OS's GUI
management framework, including the crucial device/screen mappings and user interactions,
such as key presses or mouse movements. Swing simply "transposes" its own (OS agnostic)
semantics over the underlying (OS specific) components. So, for example, every Swing
component paints its rendition on the graphic device in response to a call to component.paint(),

                                               10
which is defined in (AWT) Container. But unlike AWT components, which delegated the
painting to their OS-native "heavyweight" widget, Swing components are responsible for their
own rendering.

This transposition and decoupling is not merely visual, and extends to Swing's management and
application of its own OS-independent semantics for events fired within its component
containment hierarchies. Generally speaking, the Swing Architecture delegates the task of
mapping the various flavors of OS GUI semantics onto a simple, but generalized, pattern to the
AWT container. Building on that generalized platform, it establishes its own rich and complex
GUI semantics in the form of the JComponent model. A review of the source of Container java
and JComponent java classes is recommended for further insights into the nature of the interface
between Swing's lightweight components and AWT's heavyweight widgets.

2.2.2 Swing GUI Components:

The Swing toolkit includes a rich array of components - from basic components such as Buttons
and Checkboxes to rich and complex components like Tables and Text Fields such as Formatted
text input or password field behavior.




2.3 Applets

An applets is a special kind of Java program that a browser enabled with Java technology can
download from the internet and run. An applet is typically embedded inside a webpage and runs
in the context of the browser. An applet must be a subclass of the java.applet.Applet class,
which provides the standard interface between the applet and browser environment.

Swing provides a special subclass of Applet, called javax.swing.JApplet, which should be used
for all applets the use Swing components to constructs their GUI’s. By calling certain methods, a
browser manages an applet life cycle, if an applet is loaded in a web page.

2.3.1 Life Cycle of an Applet

Basically, there are four methods in the Applet class on which any applet is built.



                                                11
Init: This method is intended for whatever initialization is needed for your applet.

Start: This method is automatically called after init method. It is also called whenever user
returns to the page containing the applet after visiting other pages.

Stop: This method is automatically called whenever the user moves away from the page
containing applets. You can use this method to stop an animation.

Destroy: This method is only called when browser shuts down normally. Thus, the applet can be
initialized once, started and stopped one or more times in its life and destroyed once.




2.4 Initial Study

2.4.1 Cryptography

Cryptography is the science of writing in secret code and is an ancient art; the first documented
use of cryptography in writing dates back to 1900 B.C. when an Egyptian scribe used non-
standard hieroglyphs in an inscription. New forms of cryptography came soon after the
widespread development of computer communications. In data and telecommunications,
cryptography is necessary when communicating over any untrusted medium, which includes just
about any network, particularly the Internet.

Within the context of any application-to-application communication, there are some specific
security requirements, including:

Authentication: The process of proving one’s identity. (The primary forms of host-to-host
authentication on the internet today are name-based or address-based, both of which are
notoriously weak).

Privacy/confidentiality: Ensuring that no one can read the message except the intended
receiver.




                                                 12
Integrity: Assuring the receiver that received message has not been altered in any way from the
original.

Non-repudiation: A mechanism to Prove that the sender rally sent this message.




2.4.2 Types of Cryptographic Algorithms

There are several ways of classifying cryptographic algorithms. For purposes of this project, we
will be categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The two types of algorithms that
will discussed are:




     Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption.
     Public Key Cryptography (PKC): Uses one key for encryption and another for
        decryption.




2.4.2 Steganography

Steganography is the art and science of writing hidden messages in such a way that no one, apart
from the sender and intended recipient, suspects the existence of the message, a form of security
through obscurity. The advantage of steganography, over cryptography alone, is that messages
do not attract attention to themselves. Plainly visible encrypted messages—no matter how
unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where
encryption is illegal. Therefore, whereas cryptography protects the contents of a message,
steganography can be said to protect both messages and communicating parties.




                                               13
    3. SOFTWARE REQUIREMENTS AND SPECIFICATIONS

3.1 Feasibility Study

Many feasibility studies are disillusioning for both users and analysts. First, the study often
presupposes that when the feasibility document is being prepared, the analyst is in a position to
evaluate solutions. Second, most studies tend to overlook the confusion inherent in system
development-the constraints and the assumed attitudes. If the feasibility study is to server as a
decision document, it must answer three key questions

    Is there a new and better way to do the job that benefit the use?
    What are the costs and savings of the alternatives?
    What is recommended?

The most successful system projects are not necessarily the biggest or most visible in a business
but rather those that truly meet user expectations. More projects fail because of        inflated
expectations than for any other reason. Three key considerations are involved in the feasibility
economic, technical and behavioral. Let’s briefly review each consideration and how it relates to
the systems effort.


                                               14
3.1.1 Economic Feasibility

Economic analysis is the most frequently used method for evaluating the effective of the
candidate system. More commonly known as cost/benefit analysis, the procedure is to determine
the benefits and savings that are expected from a candidate system and compare them with costs.
If benefits outweigh cost, then the decision is made to design and implement the system.
Otherwise, further justification or alterations in the proposed system will have to be made if it is
to have chance of being approved. This is an ongoing effort that improves in accuracy at each
phase of the system life cycle.




3.1.2 Technical Feasibility

Technical feasibility centers on the existing computer system(hardware, software, etc.)and to
what extend it can support the proposed addition. For example, if the current computer is
operating at 80 percent capacity-an arbitrary ceiling-then running another application could
overload the system or require additional hardware. This involves financial considerations to
accommodate technical enhancements. If the budget is a serious constraint, then the project is
judged not feasible.

3.1.3 Operational Feasibility

Purpose projects are beneficial only if they can be turned into information systems that will meet
the organization’s operating systems.

Some of the conditions are

    Is there sufficient support for the project from management and users
    Are correct business methods acceptable to the users?
    Have the users been involved in the planning and development of the project?
    Will the proposed system cause harm?


                                                15
3.2 Software and Hardware Specifications

Hardware Specifications
Processor                             :               Pentium IV
HDD                                   :               80 GB HDD
RAM                                   :               512 MB
Software Specifications
Operating System                      :               Windows XP
Coding Technology                     :               J2SE
Server                                :               IBM Web Sphere
Application Server                    :               Web Logic Server


                                   4.SYSTEM DESIGN
4.1 Introduction
Software design sits at the technical kernel of the software engineering process and is applied
regardless of the development paradigm and area of application. Design is first step regardless of
the development phase for any engineered product or system. The designer’s goal is to produce a
model or representation of an entity that will later be built. Beginning, once system requirement
have been specified and analyzed, system design is the first of the three technical activities –
design, code and test that is required to build and verify software.
The importance can be stated with a single word ―Quality‖. Design is the place where quality is
fostered in software development. Design provides us with representations of software that can
assess for quality. Design is the only way that we can accurately translate a customer’s view into
a finished software product or system. Without a strong design we risk building an unstable
system – one that will be difficult to test, one whose quality cannot be assessed until the last
stage.


4.2 Analysis of Modules
The functionality of this project underlies on the


                                                 16
 following 6 modules, each serving a definite purpose.

   The modules are listed as:

      Automatic spooling for Encryption

      Automatic Key transmission

      Automatic Decryption

      Copy terminator

      Tampering preventer

      Spoofing preventer



4.2.1 Automatic Spooling for encryption: This module will spool the document and place it in
the shared folder and encrypt the file into unreadable format. SNARE will do this operation
automatically once the user places the document in the shared folder.

4.2.2 Automatic Key Transmission: This module is responsible for transmission of key
generated at the time of encrypting the text into unreadable format. The key of the encrypted file
is the name of that file itself, before it was sent to the server. The same user defined key has to
be provided to get his data back.

4.2.3 Automatic Decryption: This module is responsible for decrypting the unreadable format
stored in the shared folders. This process will be initiated as soon as the key is provided by the
user. This action will be done by the system automatically and converts the document into it’s
original format.

4.2.4 Copy Terminator: This module is responsible for making the data unreadable, even if
copied. This operation is implicitly performed.




                                                  17
4.2.5 Tampering Preventer: This module is responsible for preventing the documents stored in
the server from getting tampered by any system. This action is performed on the document and
then saves the document in an isolated folder. If anyone wishes to access the document, a dialog
will appear, requesting him/her to enter the key

4.2.6 Spoofing Preventer: This module is responsible for preventing the documents stored in
the shared folder from being spoofed by any other client systems.




4.3 Unified Modeling Language

Unified Modeling Language (UML) is a standardized general-purpose modeling language in the
field of software engineering. The standard is managed, and was created by, the Object
Management Group.UML includes a set of graphical notation techniques to create visual models
of software-intensive systems.

The Unified Modeling Language (UML) is used to specify, visualize, modify, construct and
document the artifacts of an object-oriented software intensive system under development. UML
offers a standard way to visualize a system's architectural blueprints, including elements such as:

    Actors
    Business processes
    (Logical) Components
    Activities
    Programming language statements
    Database schemas, and


                                                18
    Reusable software components.

4.3.1 Goals of UML

The primary goals in the design of UML were are as follows:

    Provide users ready-to-use, expensive visual modeling languages so they can develop and
       exchange meaningful models.
    Provide extendibility and specialization mechanisms to extend the core concepts.
    Be independent of particular programming language and development process.
    Provide a formal basis for understanding the modeling language.
    Encourage the growth of OO tools market.
    Support higher level development concepts.
    Integrate best practices and methodologies.




4.3.2 Classification

A UML system is represented using four different views that describe the system from distinctly
different perspective. Each is defined by set of diagram, which is as follows:

User Model View: This view represents the system from the users perspective. The analysis
representation describes a usage scenario from the end-users perspective.

Structural Model View: In this model the data and functionality are arrived from inside the
system. This model view models the static structures.

Behavioral Model View: It represents the dynamic of behavioral as parts of the system
depicting the interactions of collection between various structural elements described in the user
and structural model view.




                                                19
Implementation Model View: In this view, the structural and behavioral as parts of the system
are represented as they are to be built.




4.3.3 Types of Diagrams

The structural model view encompasses the static, or structural, aspects of a problem and
solution. This view is also known as the static or logical view. This view is composed of the
following diagrams:

    Class Diagram
    Object Diagram
    Use-case Diagram
    Behavior Diagram
    Interaction Diagram
    Sequence Diagram
    Collaboration Diagram
   o Class diagram: the class diagrams describes the structure of a system by showing the
       system's classes, their attributes, and the relationships among the classes.
   o Component diagram: depicts how a software system is split up into components and
       shows the dependencies among these components.
   o Composite structure diagram: describes the internal structure of a class and the
       collaborations that this structure makes possible.
   o Deployment diagram: serves to model the hardware used in system implementations,
       and the execution environments and artifacts deployed on the hardware.
   o Object diagram: shows a complete or partial view of the structure of a modeled system
       at a specific time.
   o Package diagram: depicts how a system is split up into logical groupings by showing
       the dependencies among these groupings.
   o Profile diagram: operates at the metamodel level to show stereotypes as classes with the
       <<stereotype>> stereotype, and profiles as packages with the <<profile>> stereotype.


                                                20
       The extension relation (solid line with closed, filled arrowhead) indicates what
       metamodel element a given stereotype is extending.




4.3.4 UML Diagrams:

4.3.3.1 Use case Diagram




                                             21
4.3.3.2 Sequence Diagram [ Sending File To Server ]




                                             22
4.3.3.3 Sequence Diagram [ Retrieving File From Server]

                                             23
4.3.3.4 Sequence Diagram [ Viewing Decrypted Files (Admin)]


                                            24
4.3.3.5 State Chart Diagram

                              25
5. IMPLEMENTATION

       26
5.1 Functionality of the project

The project is a stand alone application which will be configured in the server as an attachment.
This application will be working with the help of predominant module functionality.

5.1.1 Encryption

The user who wants to store files in the shared folders of the server transfers a document in to it.
As soon as the user places the document in the shared folders, SNARE will activate and spool
the data into the application. This will spool the document which is placed in the shared folder
and encrypt the data into unreadable format.

5.1.2 Key Generation

The spooled data will be encrypted and stored in the shared folder. A key is generated through
which the encryption occurs. The name of the file which the user transfers itself becomes the key
of that file. The key will be supplied by the user at the time of decryption. The same key is used
to open the document in further transactions.

5.1.3 Conversion To Unreadable Format

The data which is stored in the shared folders of the server will be converted into unreadable
format by the system. Copy Terminator module is responsible for preserving the unreadable
format even upon copying. This module will do actions implicitly in side the system. This action
is not visible in the user interface.

SNARE will also protect the data from being tampered by any other user through client systems.
Tampering Preventer module is responsible for preventing the documents stored in the server
from getting tampered illegally. This module performs the operation automatically. When ever
access is requested to the document, then the system prompts for the key, without which it
cannot be opened/edited.

SNARE also keeps the document from Spoofing. Spoofing Preventer module is responsible for
preventing the documents stored in the shared folder from being spoofed by any other client


                                                27
systems. This module is performs this action automatically once the non readable format of text
is converted into non copied format.

The data stored in the system cannot be tampered, spoofed, manipulated by any other user with
out providing the key.




5.1.4 Decryption

If the key is inserted then the data will be spooled by the application and decryption process will
be done and the user can copy, spoofed or tamper the data.

Automatic Decryption module is responsible for decrypting the unreadable format stored in the
shared folder. This process will be initiated as soon as the key is provided by the user. This
action will be done by the system automatically and convert the document into original format.
The automatic decryption process will be processed by the system implicitly. After the
decryption, the document can be retrieved by the user and used for future purposes.




5.2 Implementation of Triple DES Algorithm

5.2.1 Introduction

1. SNARE uses TRIPLE DES cipher algorithm to encrypt the user data.

2. Triple DES uses a ―key bundle‖ of three DES keys k1,k2,k3 , each of 64 bits size.

3. Triple DES Algorithm simply implements the DES cipher algorithm 3 times.




The algorithm can be illustrated as :




                                                28
Encryption:

Ciphertext = EK3(DK2(EK1(plaintext)))

I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.

Decryption:

Plaintext = DK1(EK2(DK3(ciphertext)))

I.e., decrypt with K3, encrypt with K2, then decrypt with K1.




5.2.2 Description:

It is a symmetric encryption system that uses 64-bit blocks, 8 bits (one octet) of which are used
for parity checks (to verify the key's integrity). Each of the key's parity bits (1 every 8 bits) is
used to check one of the key's octets by odd parity, that is, each of the parity bits is adjusted to
have an odd number of '1's in the octet it belongs to. The key therefore has a "useful" length of
56 bits, which means that only 56 bits are actually used in the algorithm.

The algorithm involves carrying out combinations, substitutions and permutations between the
text to be encrypted and the key, while making sure the operations can be performed in both
directions (for decryption). The combination of substitutions and permutations is called a product
cipher. The key is ciphered on 64 bits and made of 16 blocks of 4 bits, generally denoted k1 to
k16.




5.2.3 Phases Of DES:

The main phases of the algorithm are as follows:

    Fractioning of the text into 64-bit (8 octet) blocks.

    Initial permutation of blocks.

    Breakdown of the blocks into two parts: left and right, named L and R.

                                                29
     Permutation and substitution steps repeated 16 times (called rounds) and,

     Re-joining of the left and right parts then inverse initial permutation.




5.2.4 Initial Permutation:

Firstly, each bit of a block is subject to initial permutation, which can be represented by the
following initial permutation (IP) table:

This permutation table shows, when reading the table from left to right then from top to bottom,
that the 58th bit of the 64-bit block is in first position, the 50th in second position and so forth.




                                                  30
5.2.5 Division into 32-bit blocks:

Once the initial permutation is completed, the 64-bit block     is divided into two 32-bit blocks,
respectively denoted L and R (for left and right). The initial status of these two blocks is denoted
L0 and R0.




                                                31
5.2.6 Expansion Function:

The 32 bits of the R0 block are expanded to 48 bits with the help of a table called the expansion
table (denoted E), in which the 48 bits are mixed together and 16 of them are duplicated.




5.2.7 Exclusive OR And Substitution:

    The resulting 48-bit table is called R'0 or E[R0]. The DES algorithm then exclusive ORs
       the first key K1 with E[R0]. The result of this exclusive OR is a 48-bit table that m\ay be
       called as R0.

    R0 is then divided into 8 6-bit blocks, denoted R0i. Each of these blocks is processed by
       selection             functions              ,generally            denoted              Si.


                                               32
       The first and last bits of each R0i determine (in binary value) the line of the selection
       function; the other bits (respectively 2, 3, 4 and 5) determine the column.

    As the selection of the line is based on two bits, there are 4 possibilities (0,1,2,3). As the
       selection of the column is based on 4 bits, there are 16 possibilities (0 to 15).




Let R01 equal 101110. The first and last bits give 10, that is, 2 in binary value. The bits 2,3,4 and
5 give 0111, or 7 in binary value. The result of the selection function is therefore the value
located on line no. 2, in column no. 7. It is the value 11, or 1011 binary




                                                 33
5.2.8 Permutation:

The obtained 32-bit block is then subject to a permutation P. Here is the table:




All of these results output from P are subject to an Exclusive OR with the starting
L0 to give R1, whereas the initial R0 gives L1.

All of the previous steps (rounds) are repeated 16 times.




                                                  34
5.2.9 Inverse Initial Permutation:

At the end of the iterations, the two blocks L16 and R16 are re-joined, then subject to inverse
initial permutation:




                                              35
5.3 Output Screenshots
5.3.1 A text file is uploaded to the server using the client GUI .




                                                 36
5.3.2 The GUI of SNARE [Server]




                                  37
5.3.3 Client GUI of SNARE




                            38
5.3.4




        39
5.3.5




        40
5.3.6 Sending the file ―Hello.txt‖




                                     41
5.3.7




        42
5.3.8 Locating the ―Demo‖ folder




                                   43
5.3.9 Locating the encrypted file within ―Demo‖ folder




                                              44
5.3.10 Viewing the encrypted file :




                                      45
5.3.11




         46
5.3.12 Viewing the key generated




                                   47
5.3.13 Attempting decryption of the file from the Client side.




                                                48
5.3.14




         49
5.3.15 File decrypted successfully.




                                      50
5.3.16




         51
5.3.17 Viewing decrypted file




                                52
5.3.18 Initiating server side decryption:




                                            53
5.3.19




         54
5.3.20 Locating the encrypted file .




                                       55
5.3.21




         56
5.3.22 Viewing the original content within SNARE GUI [Server]




                                            57
5.3.23 Original image file to be sent to the server




                                                 58
5.3.24 Sending the image file to Server




                                          59
5.3.25




         60
5.3.26 Locating the ―Demo‖ Folder :




                                      61
5.3.27 Viewing the encrypted Image file:




                                           62
5.3.28 Initiating image decryption through Client GUI:




                                              63
5.3.29




         64
5.3.30




         65
5.3.31 Image decrypted successfully:




                                       66
5.3.32 Locating the decrypted image file:




                                            67
5.3.33 Viewing the decrypted image file:




                                           68
5.3.34 Initiating server side decryption of the image file:




                                                 69
5.3.35




         70
5.3.36 Locating the encrypted image:




                                       71
5.3.37




         72
5.3.38 File decrypted and deployed to Drive E:




                                                 73
5.3.39




         74
5.3.40




         75
5.3.41 Viewing the decrypted image:




                                      76
                              7. CONCLUSION

SNARE prevents the documents stored in the shared folder from being spoofed by other
client systems. SNARE protects the data from spoofing, tampering, eavesdropping and replay
attacks and it also guarantees that the data stored on the Network Storage cannot be
accessible, even if copied. SNARE is a network attached storage (NAS) that is based on
encrypting the user data by generating a random-key which is essential at the time of
decrypting the data back.




                                          77

				
DOCUMENT INFO
Stats:
views:32
posted:8/18/2011
language:English
pages:77
Description: SNARE - A Strong Security System For Network Attached Storage, is a project that implements File Security and Encryption in a Networked Environment. The Encryption is performed with Triple DES Algorithm. The Application SNARE is developed on Java Platform.