CHAPTER 1

INTRODUCTION
1.1 BASIC CONCEPTS
Message integrity and authenticity, and replay prevention, are essential
in security-related communications. Here, a receiver is expected to be able to verify
that a received message, originally transmitted by a valid source, was not changed.
Also, the receiver has to verify that the message was not transmitted by a cloned
source, and is not a retransmission of an originally genuine message transmitted in
the past by a valid source. Technically, verifying message integrity and authenticity
is based on the receiver’s ability to prove to itself that the transmitter stores a valid
secret key that was used when the message was transmitted. Surely, symmetric and
asymmetric cryptographic schemes can also be used in satisfying the above. In this
paper, we treat the case where the facility at the data source has limited resources.
In such environments, message integrity and authenticity is usually verified using
Message Authentication code (MAC).
Subsequently, the interrogated component transmits:
1) the component’s public key PK, which is an encrypted
version of K issued by the system manager and stored in the component, 2) M , and
3) CR. Upon receiving the above three values, interrogator performs the operations
shown at the bottom of the figure. The interrogator first retrieves K out of the
received PK, using a system decryption key. In Practice, the system decryption key
is not necessarily stored at the interrogator’s facility. Here, the interrogation
operations can be performed in an external secure place. Under another version, the
key K of the interrogated component is retrieved from secured network, rather than
being recovered by decrypting a value PK submitted by the component. The
interrogating receiver then has same three values that generated the MAC at the
interrogated component.
The same MAC is now calculated at the interrogating receiver, and the output is
compared to the received CR. If the two values match, the integrity and authenticity
of the received message is confirmed. The interrogated component’s response CR is
unique, as it depends on the private secret key K which differs for different
components. The procedure prevents replay
attacks, since the response sent by the interrogated component depends on the real-
time random challenge C sent by the interrogator.The same mechanism can also be
used in access control,preventing illegal writings of a message M into the
component, by still executing a MAC operation in the
component. Here, the component challenges the external party, asking it to prove
that it knows the component’s secret key. In this scenario, the direction of flow of C
and M in Fig. 1 is reversed. It is the component which generates C. The comparison
of the MAC values is done in the component. Upon success, M is allowed to be
written.

1.2 PURPOSE
Radio Frequency IDentification (RFID) facilitates, by definition,
identification by wireless communications. In many applications an RFID tag is
required to prove the authenticity of data it transmits. Two main constraints are
considered : 1) Costs: Wide adoption of RFID is crucially dependent on the price of
a tag. This is translated into a limited number of logic gates used in the tag. 2) Power
consumption: An RFID tag is operated by a magnetic field radiated from the reader.
It does not have its own power source.

1.3 OBJECTIVE
The main objective of this project is to verify the received messages
come from the alleged source and have not been altered. Also sequencing and
timeliness may be authenticated.
1. Verify the RFID details with the help of database.
2. Implementation of HMAC algorithm,
i) To convert the given string as a byte.
ii) Convert the converted byte as a string.
3. Implementation of Stream Ciphering.
In this stream ciphering the given string is converted to the corresponding
bit sequence here the input key is generated by the required user.

1.4 EXISTING SYSTEM

1. Wireless N/Ws or computationally constrained environments, where
the compact nature of the components cannot support complex
computations or high communication overhead, so traditional
cryptographic approach fails.
2. Implementations of HMAC require resources that cannot be
supported in constrained components.
3. Possible implementations of hash in constrained environments,
based on block ciphers suffers in cost consumption and power
consumption.

1.5 DRAWBACKS
1. The block cipher encryption method Need more memory and hence it
cannot be used for constrained environments.
 2. The time consumption is higher comparatively.

1.6 PROPOSED SYSTEM

An approach to implement a compact HMAC by the use of stream
ciphering is presented in this project.
A stream cipher exhibits the following features:

➢ It produces a pseudorandom key stream output which is very strongly

dependent on a parameterizing secret key S. (We purposely denote the
parameterzing key differently from the secret key K used in the intended
MAC application.) A minor change in S causes major output changes.
➢ The underlying security of the cipher is measured in terms of the
difficulty in retrieving S, given an
➢ Output key stream of any feasible length.

1.7 ADVANTAGES OF PROPOSED SYSTEM

➢ Requires less memory.
➢ Needs only low resources.
➢ Faster than Block Cipher.

CHAPTER 2
LITERATURE REVIEW

2.1 Literature Review:

A well-structured literature review is characterized by a logical flow of
ideas; current and relevant references with consistent, appropriate referencing style;
proper use of terminology;
In this project the full logic is based on the HMAC and Stream ciphering
algorithm for the purpose of authentication. Both HMAC and stream ciphering
algorithms are used to give the authentication in the case of RFID verification.

2.2 HMAC Algorithm:

 In cryptography, a keyed-Hash Message Authentication Code, or HMAC, is
a type of message authentication code (MAC) calculated using a specific algorithm
involving a cryptographic hash function in combination with a secret key. As with
any MAC, it may be used to simultaneously verify both the data integrity and the
authenticity of a message. Any iterative cryptographic hash function, such as MD5
or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm
is termed HMAC-MD5 or HMAC-SHA-1 accordingly. The cryptographic strength
of the HMAC depends upon the cryptographic strength of the underlying hash
function, on the size and quality of the key and the size of the hash output length in
bits.

2.3 HMAC DESIGN PRICIPLE

The design of the HMAC specification was motivated by the existence
of attacks on more trivial mechanisms for combining a key with a hash function. For
example, one might assume the same security that HMAC provides could be
achieved with MAC = H(key message). However this method suffers from a serious
flaw: with most hash functions, it is easy to append data to the message without
knowing the key and obtain another valid MAC. The alternative, appending the key
using MAC = H(message key), suffers from the problem that an attacker who can
find a collision in the (unkeyed) hash function has a collision in the MAC. Using
MAC = H(key message key) is better, however various security papers have
suggested vulnerabilities with this approach, even when two different keys are used.
No known extensions attacks have been found against the current
HMAC specification which is defined as H(key1 H(key2 message)) because the
outer application of the hash function masks the intermediate result of the internal
hash. The values of ipad and opad are not critical to the security of the algorithm,
but were defined in such a way to have a large Hamming distance from each other
and so the inner and outer keys will have fewer bits in common.

2.4 SECURITY
The cryptographic strength of the HMAC depends upon the size of the
secret key that is used. The most common attack against HMACs is brute force to
uncover the secret key. HMACs are substantially less affected by collisions than
their underlying hashing algorithms alone.

2.5 Stream Cipher Algorithm:

In cryptography, a stream cipher is a symmetric key cipher where
plaintext bits are combined with a pseudorandom cipher bit stream typically by an
exclusive or operation. In a stream cipher the plain text digits are encrypted one at
a time, and the transformation of successive digits varies during the encryption. An
alternative name is a state cipher, as the encryption of each digit is dependent on
the current state. In practice, the digits are typically single bits or byte.
HMAC uses a secret key for the calculation and verification of the
MACs. The main goals behind the HMAC construction are:
➢ To use available hash functions without modifications; in particular,
hash functions that perform well in software, and for which code is freely
and widely available,
➢ To preserve the original performance of the hash function without
incurring a significant degradation,
➢ To use and handle keys in a simple way,
➢ To have a well-understood cryptographic analysis of the strength of the
authentication mechanism based on reasonable assumptions on the
underlying hash function, and
➢ To allow for easy replace ability of the underlying hash function in the
event that faster or more secure hash functions are later available.

CHAPTER 3
SYSTEM ANALYSIS
3.1 HARDWARE REQUIREMENTS
Processor : 400 MHz Processor
RAM : 512 MB RAM
Hard Disk : 40 GB HDD

3.2 SOFTWARE REQUIREMENTS

OPERATING SYSTEM :Windows 2000 Professional
ENVIRONMENT :Visual Studio .NET 2003
.NET FRAMEWORK :Version 1.1
LANGUAGE :C#.NET
WEB TECHNOLOGY :Active Server Pages.NET
WEB SERVER :Internet Information
Server 5.0
REPORTS :Web Form Data Grid
control
BACK END :My-SQL-Server 2000

3.3 FEATURES OF VISUAL BASIC .NET

Visual Studio .NET is the single IDE that all the .NET languages can use. It makes
everything available to all languages.
Visual Studio .NET is a great Multilanguage development environment and offers a
complete set of tools to build Windows Forms , ASP.NET Web applications , and
XML Web services.
Start Page
The Start page offers three tabs at the top of the window that enables to modify
Visual Studio.NET as well as find important information. The tabs are,

HTML Server Controls v

ersus Web Server Controls
Control Type When to use this Control Type

HTML Server Controls When converting traditional ASP 3.0 Web

pages to ASP.NET Web pages and speed of
completion is a concern. It is a lot easier to
change your HTML elements to HTML
server controls than it is to change them to
Web server controls.

When you prefer a more HTML-type

programming model.

When you wish to explicitly control the code

that is generated for the browser.

WebServer Controls When you require a rich set of functionality

to perform complicated page requirements.
 When you are developing web pages that will
be viewed by a multitude of browser types
and that require different code based on these
types.

When you prefer a more Visual Basic-type

programming model that is based on the use
of controls and control properties.
Table 3.1 HTML Server Control
Projects tab:
This tab is the one to start new projects and launch projects that already exists. This
tab lets you to create a new project or open an existing project.
Online Resources tab:
This tab provides a number of online resources when connected to the
Internet.
My Profile tab:
This tab enables to customize the Visual Studio.NET environment to
resemble the structured environment that is familiar with.

Server Explorer
This window enables to perform a number of functions such as database
connectivity, performance monitoring, and interacting with event logs.
By using Server Explorer you can log on to a remote server and view database and
system data about that server. Many of the functions that are performed with the
Enterprise Manager in SQL Server can now be executed in the Server Explorer.
Solution Explorer
This provides an organized view of the projects in the application. The toolbar within
the Solution Explorer enables to
➢ View code page of the selected item.

➢ View design page of the selected item.

➢ Refresh the state of the selected item.

➢ Copy the Web project between Web servers.

➢ Show all the files in the project, including the hidden

files.

Class View
The Class View window can be viewed from the Start Page by clicking the Class
View tab. The Class View shows all the classes that are contained within your
solution.
The Class View shows the hierarchical relationship among the classes in your
solution as well as the number of other items including methods, enumerations,
namespaces, unions, and events. It is possible to organize the view of these items
within the window by right-clicking anywhere in the Class View area and choosing
how the items are sorted.

Toolbox
The Toolbox window enables to specify elements that will be part of the Windows
Forms or Web Forms. It provides a drag and drop means of adding elements and
controls to the pages or forms. The code snippets can also be stored within the
Toolbox.

Properties window
This window provides the properties of an item that is part of the application. This
enables to control the style and behavior of the item selected to modify.

Document window
The Document window is the main window within Visual Studio.NET where the
applications are built.
The Document window shows open files in either Design or HTML mode. Each
open file is represented by a tab at the top of the Document window. Any number of
files can be kept open at the same time, and you can switch between the open files
by clicking the appropriate tab.

Design mode versus HTML mode

Visual Studio.NET offers two modes for viewing and building files: Design and
HTML. By clicking the Design tab at the bottom of the Document window, you can
see how the page will view to the user. The page is built in the Design mode by
dragging and dropping elements directly onto the design page or form. Visual Studio
.NET automatically generates the appropriate code.

Working with SQL Server through the Server Explorer

Using Visual Studio.NET, there is no need to open the Enterprise Manager from
SQL Server. Visual Studio.NET has the SQL Servers tab within the Server Explorer
that gives a list of all the servers that are connected to those having SQL Server on
them. Opening up a particular server tab gives five options:
➢ Database Diagrams

➢ Tables
 ➢ Views

➢ Stored Procedures
➢ Functions

Database Diagrams
To create a new diagram right click Database diagrams and select New Diagram.
The Add Tables dialog enables to select one to all the tables that you want in the
visual diagram you are going to create. Visual Studio .NET looks at all the
relationships between the tables and then creates a diagram that opens in the
Document window. Each table is represented in the diagram and a list of all the
columns that are available in that particular table. Each relationship between tables
is represented by a connection line between those tables. The properties of the
relationship can be viewed by right clicking the relationship line.

Tables
The Server Explorer allows to work directly with the tables in SQL Server. It gives
a list of tables contained in the particular database selected.
By double clicking one of the tables, the table is seen in the Document window. This
grid of data shows all the columns and rows of data contained in the particular table.
The data can be added or deleted from the table grid directly in the Document
window. To add a new row of data , move to the bottom of the table and type in a
new row of data after selecting the first column of the first blank row. You can also
delete a row of data from the table by right clicking the gray box at the left end of
the row and selecting Delete.
To run queries against the tables in Visual Studio .NET, open the view of the query
toolbar by choosing View->Toolbars->Query.
To query a specific table, open that table in the Document window. Then click the
SQL button which divides the Document window into two panes-one for query and
other to show results gathered from the query.
Views
To create a new view , right-click the View node and select New View. The Add
Table dialog box enables to select the tables from which the view is produced. The
next pane enables to customize the appearance of the data in the view.

3.4 FEATURES OF SQL SERVER 2000

The OLAP Services feature available in SQL Server version 7.0 is now
called SQL Server 2000 Analysis Services. The term OLAP Services has been
replaced with the term Analysis Services. Analysis Services also includes a new data
mining component. The Repository component available in SQL Server version 7.0
is now called Microsoft SQL Server 2000 Meta Data Services. References to the
component now use the term Meta Data Services. The term repository is used only
in reference to the repository engine within Meta Data Services
MYSQL-SERVER database consist of six type of objects,
They are,
1. TABLE
2. QUERY
3. FORM
4. REPORT
5. MACRO
TABLE:
A database is a collection of data about a specific topic.
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
1. Design View
To build or modify the structure of a table we work in the table design view. We
can specify what kind of data will be hold.
2.Datasheet View
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access gathers data that
answers the question from one or more table. The data that make up the answer is
either dynaset (if you edit it) or a snapshot(it cannot be edited).Each time we run
query, we get latest information in the dynaset. Access either displays the dynaset or
snapshot for us to view or perform an action on it ,such as deleting or updating.

FORMS:
A form is used to view and edit information in the database
record by record .A form displays only the information we want to see in the way
we want to see it. Forms use the familiar controls such as textboxes and checkboxes.
This makes viewing and entering data easy.
Views of Form:
We can work with forms in several primarily there are two
views,
They are,
1. Design View
2. Form View
1.Design View
To build or modify the structure of a form, we work in forms
design view. We can add control to the form that are bound to fields in a table or
query, includes textboxes, option buttons, graphs and pictures.
2.Form View
The form view which display the whole design of the form.
REPORT:
A report is used to vies and print information from the database. The
report can ground records into many levels and compute totals and average by
checking values from many records at once. Also the report is attractive and
distinctive because we have control over the size and appearance of it.

MACRO :
A macro is a set of actions. Each action in macros does something. Such as
opening a form or printing a report .We write macros to automate the common tasks
the work easy and save the time.

3.5 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal
is put forth with a very general plan for the project and some cost estimates. During
system analysis the feasibility study of the proposed system is to be carried out. This
is to ensure that the proposed system is not a burden to the company. For feasibility
analysis, some understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are,
➢ ECONOMICAL FEASIBILITY
➢ TECHNICAL FEASIBILITY
➢ SOCIAL FEASIBILITY

3.5.1 ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the
system will have on the organization. The amount of fund that the company can pour
into the research and development of the system is limited. The expenditures must
be justified. Thus the developed system as well within the budget and this was
achieved because most of the technologies used are freely available. Only the
customized products had to be purchased.

3.5.2 TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that
is, the technical requirements of the system. Any system developed must not have a
high demand on the available technical resources. This will lead to high demands on
the available technical resources. This will lead to high demands being placed on the
client.

3.5.3 SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the
system by the user. This includes the process of training the user to use the system
efficiently. The user must not feel threatened by the system, instead must accept it
as a necessity. The level of acceptance by the users solely depends on the methods
that are employed to educate the user about the system and to make him familiar
with it. His level of confidence must be raised so that he is also able to make some
constructive criticism, which is welcomed, as he is the final user of the system.

CHAPTER 4
SYSTEM DESIGN & IMPLEMENTATION
4.1 System design:
System Design is the process of making the newly designed
system fully operational and consistent in performance. The following steps has been
followed in the implementation of the system.
1 Implementation in planning
2 User Training
As the part of implementation, the system is taken the site and
Loaded on to client’s computer. Some of the user’s level, exposure to computer etc.
These users are trained first and they run the system for a month. These users are
trained first and they can run the system for a week. After installation of software,
the hardware specifications are checked. If hardware specifications are satisfactory,
then the software is loaded for pilot run. User training starts at this time itself. Users
will be given a user manual, which documents how to use the system and all the
exception handling procedures.

4.2 Fundamental Design Concepts

Although the degree of interest in each concept has varied over the years,
each has stood the test of time. Each provides the software designer with a
foundation from which more sophisticated design methods can be applied.
Fundamental design concepts provide the necessary framework for “getting it right”.
4.3 Design Notations
Sets of fundamental design concepts are evolved over the past
here decades. Although the degree of interest in each concept has varied over the
years, each has stood the test of time. Each provides the software designer with a
foundation from which more sophisticated design methods can be applied.
The method is used to convert the model of the proposed system into
computer specification. Design proposes the new system that meets these
requirements. This new system may be built by a fresh or by changing the existing
system. The detailed design starts with the following activities, Interface design, and
designs for the objectives and program design.
4.4 SYSTEM ARCHITECTURE

ENTER THE MESSAGE

HMAC
ENCRYPTED MESSAGE WITH HMAC
ENCRYPT THE GIVEN MESSAGE
ENTER THE SECRET KEY
DECRYPT THE MESSAGE
ORIGINAL MESSAGE
VERIFY THE KEY
HMAC
TRANSMISSION MEDIUM
 Fig 4.1 System Architecture of Message Authentication
4.5 DATA FLOW DIAGRAM

The data flow diagram (DFD) is one of the most important tools used by system
analysis. Data flow diagrams are made up of number of symbols, which represents
system components. Most data flow modeling methods use four kinds of symbols:
Processes, Data stores, Data flows and external entities. These symbols are used to
represent four kinds of system components. Circles in DFD represent processes.
Data Flow represented by a thin line in the DFD and each data store has a unique
name and square or rectangle represents external entities.
To construct a Data Flow Diagram, we use
➢ 1.Arrow
➢ 2.Circles
➢ 3.Open End Box
➢ 4.Squares
An arrow identifies the data flow in motion. It is a pipeline through which
information is flown like the rectangle in the flowchart. A circle stands for process
that converts data into information. An open – ended box represents a data store,
data at rest or a temporary repository of data. A square defines a source or destination
of system data.
The rules for constructing a Data Flow Diagram are:
1.Arrows should not cross each other
2.Squares, circles and files must bear names
3.Decomposed data flow squares and circles
 Fig 4.2 Data flow diagram for message Authentication

The filename of the file to be searched is used as input for searching. The file is
searched in the peers routing table database. If the file is found in the routing table
database, its visit count field is checked. If the visit count exceeds the given limit
viz.3,then it is often requested file so its location is found in the UIM(cache memory)
of the requesting peer pi for a certain period of time.
If the file is not found in its routing table then the file is searched in all the connected
peers. The peer pj containing the file sends the response to the requesting peer p i.
Simultaneously the sharing files of the peer p j are updated in the peer pi’s routing
table for future reference.

4.6 USE CASE DIAGRAM FOR BLOCK CIPHER

Enter the Message

Enter the secret Key
Encrypt the message
Split message into blocks
Perform HMAC authentication
 Fig 4.3 Use Case Diagram for block cipher

4.7 USE CASE DIAGRAM FOR STREAM CIPHER

Split message into Stream

Perform HMAC authentication with stream cipher.

Decrypt the message.

Verify the key

Fig 4.4 Use Case Diagram for stream cipher

4.8 SEQUENCE DIAGRAM:

 Fig 4.5 Sequence Diagram of message Authentication

4.9 PROJECT dESCRIPTION

4.9.1 Message Authentication
Message authentication is concerned with protecting the integrity of a
message. It can validating identity of originator and it is non-repudiation of origin
(dispute resolution).
The three alternative functions used:
➢ message encryption
➢ message authentication code (MAC)
➢ hash function
4.9.2 Message Encryption
Message encryption by itself also provides a measure of authentication.
If symmetric encryption is used then it receiver know sender must have created it. It
provides both: sender authentication and message authenticity.
If public-key encryption is used to encryption provides no confidence
of sender. Since anyone potentially knows public-key. However if sender signs
message using his private-key, then encrypts with recipients public key.It have both
secrecy and authentication but at cost of two public-key uses on message.

4.9.2 Message Authentication Code (MAC)

It uses a shared secret key to generate a fixed-size block of data (known
as a cryptographic checksum or MAC) that is appended to the message. General
formula for mac is MAC = CK(M). It assurances that message has not been altered,
Message is from alleged sender, Message sequence is unaltered (requires internal
sequencing). Similar to encryption but MAC algorithm needs not be reversible.

4.9.4 HMAC
HMAC is a MAC derived from a cryptographically safe hash-function.
The hash fuctions (MD5, SHA-1) execute faster in software than symmetric block
ciphers. The library code for cryptographic hash functions is widely available. there
are export restrictions from the USA for some block ciphers, bot none for hash-
functions, HMAC is the ”mandatory-to-implement” MAC for IP Security.HMAC
is used widely, e.g. in SSL. Basically HMAC is a way to incorporate a secret key
into an existing hash function.

4.10. MODULES
1. Symmetric Encryption and Decryptions
2. Hmac Implementation
3.Stream Cipher Implementation

4.10.1. Symmetric Encryption and Decryption:

In cryptography encryption is the process of transforming information
referred to as plaintext using an algorithm (called cipher to make it unreadable to
anyone except those possessing special knowledge, usually referred to as a key The
result of the process is encrypted information (in cryptography, referred to as
ciphertext. In many contexts, the word encryption also implicitly refers to the reverse
process.
In cryptography, a stream cipher is a symmetric key cipher where
plaintext bits are combined with a pseudorandom cipher bit stream (keystream),
typically by an exclusive-or (xor) operation. In a stream cipher the plaintext digits
are encrypted one at a time, and the transformation of successive digits varies during
the encryption. An alternative name is a state cipher, as the encryption of each digit
is dependent on the current state. In practice, the digits are typically single bits or
bytes.
Stream ciphers represent a different approach to symmetric encryption
from block ciphers. Block ciphers operate on large blocks of digits with a fixed,
unvarying transformation. This distinction is not always clear-cut: in some modes of
operation, a block cipher primitive is used in such a way that it acts effectively as a
stream cipher. Stream ciphers typically execute at a higher speed than block ciphers
and have lower hardware complexity.
Message encryption by itself also provides a measure of authentication
➢ In the case of symmetric encryption receiver know sender must have
created it since only sender and receiver now key used. The other features of
the message encryption is that know content cannot of been altered and it
Provides both sender authentication and message authenticity.
➢ In case if the public-key encryption is used the encryption provides no
confidence of sender since anyone potentially knows public-key however if
sender signs message using his private-key then encrypts with recipients
public key have both secrecy and authentication but at cost of two public-key
uses on message

Decryption is the process of converting ciphertext into plaintext.

This is mainly used to convert the unreadable format into original format.

4.10.2 Message Authentication Code (MAC)

Uses a shared secret key to generate a fixed-size block of data (known
as a cryptographic checksum or MAC) that is appended to the message MAC =
CK(M). It Assurances that the Message has not been alteredand Message is from
alleged sender also Message sequence is unaltered (requires internal
sequencing).Similar to encryption but MAC algorithm needs not be reversible.

4.10.3 HMAC Implementation:

HMAC (Hash-based Message Authentication Code), is a specific
construction for calculating a Message authentication MAC) involving a
cryptographic hash function in combination with a secret key. As with any MAC, it
may be used to simultaneously verify both the data integrity and the authenticity of
a message. Any iterative cryptographic hash function, such as MD5or SHA1, may
be used in the calculation of an HMAC.
The resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1
accordingly. The cryptographic strength of the HMAC depends upon the
cryptographic strength of the underlying hash function, the size of its hash output
length in bits and on the size and quality of the cryptographic key.
Hash code is a numerical value that is tied to a fixed input. Hash code values
are the fact that they provide a form of one-way encryption, given that the generated
numeric value contains no trace of the original message data.
The Hashcode Implementation process involves
➢ Hash code Generation
➢ Hash Code Verification

4.10.3.1 Hash code Generation:

Hash code is generated for every web pages created. The hash codes
are stored in the Hash table for the further reference. Hash code is unique for
particular web pages in order to maintain the session. The given encrypted message
is considered as Key and Hash code is generated for that particular session. Later in
the client application this process is repeated vice verse.
HMAC is a MAC derived from a cryptographically safe hash-function.
Hash fuctions (MD5, SHA-1) execute faster in software than symmetric block
ciphers library code for cryptographic hash functions is widely available there are
export restriction from the USA for some block ciphers, bot none for hash-functions
HMAC is the ”mandatory-to-implement” MAC for IP Security. HMAC is used
widely, e.g. in SSL Basically HMAC is a way to incorporate a secret key into an
existing hash function.

4.10.3.2 Hash code Verification:

In the client application the encrypted message is decrypted with
corresponding hash code which is already stored in the Hash table , if the
verification is pass then the message is decrypted else denial message is returned to
the user.

4.10.4 Stream ciphering Implementation:

A stream cipher is a method of encrypting text (to produce ciphertext)
in which a cryptographic key and algorithm are applied to each binary digit in a data
stream, one bit at a time. This method is not much used in modern cryptography.

4.11 HMAC ALGORITHM EXPLANATION

4.11.1 HMAC Parameters and Symbols:
HMAC uses the following parameters:
➢ B- Block size (in bytes) of the input to the Approved hash function.
➢ H- An Approved hash function.
➢ Ipad- Inner pad; the byte x’36’ repeated B times.
➢ K- Secret key shared between the originator and the intended
receiver(s).
➢ 3
➢ K0- The key K after any necessary pre-processing to form a B byte
key.
➢ L- Block size (in bytes) of the output of the Approved hash function.
➢ Opad- Outer pad; the byte x’5c’ repeated B times.
➢ t- The number of bytes of MAC.
➢ Text- The data on which the HMAC is calculated; text does not
include the padded key. The length of text is n bits, where 0 £ n < 2B -
8B.
➢ x’N’- Hexadecimal notation, where each symbol in the string ‘N’
represents 4 binary bits.
➢ ||- Concatenation
➢ Å- Exclusive-Or operation.

4.11.2 STEP -BY-STEP DESCRIPTION

Step 1 If the length of K = B: set K0 = K. Go to step 4.

Step 2 If the length of K > B: hash K to obtain an L byte string, then append (B-
L)
zeros to create a B-byte string K0 (i.e., K0 = H(K) || 00...00). Go to step 4.
Step 3 If the length of K < B: append zeros to the end of K to create a B-byte
string K0
(e.g., if K is 20 bytes in length and B = 64, then K will be appended with 44
zero bytes 0x00).
Step 4 Exclusive-Or K0 with ipad to produce a B-byte string: K0 Å ipad.
Step 5 Append the stream of data 'text' to the string resulting from step 4:
(K0 Å ipad) || text.
Step 6 Apply H to the stream generated in step 5: H((K0 Å ipad) || text).
Step 7 Exclusive-Or K0 with opad: K0 Å opad.
 Step 8 Append the result from step 6 to step 7:
(K0 Å opad) || H((K0 Å ipad) || text).
Step 9 Apply H to the result from step 8:
H((K0 Å opad )|| H((K0 Å ipad) || text)).
Step 10 Select the leftmost t bytes of the result of step 9 as the MAC.

4.11.3 Flow Diagram for HMAC Algorithm

Fig 4.6 Flow diagram for HMAC Algorithm

4.12 . Development Approach

The Project was designed and developed based on the Waterfall Model. This
model particularly expresses the interaction between subsequent phases.
Testing software is not an activity, which strictly follows the implementation
phase. In each phase of the software development process, we have to compare the
results obtained against that which is required. In all phases quality has to be assessed
and controlled.
Review

Review

Review

Review

Review

Review

Completed

Completed

Completed

Completed

Completed

Completed

System Requirements
Software Requirements Analysis

Preliminary Design

Detail Design

Coding and Unit Testing

Maintain Software

Output Testing

Fig 4.7 Development Approach Diagram for Message Authentication

4.13 System Implementation

Implementation is the stage of the project where the theoretical design is
turned into a working system. At this stage the main work load, the greatest upheaval
and the major impact on the existing system shifts to the user department. If the
implementation is not carefully planned a controlled it can cause and confusion.
Implementation includes all those activities that take place to convert
from the old system to the new one. The new system may be totally new, replacing
an existing manual or automated system or it may be a major modification to an
existing system. Proper implementation is essential to provide a reliable system to
meet the organization requirements. Successful implementation may not guarantee
improvement in the organization using the new system, but improper installation
will prevent it.
The process of putting the developed system in actual use is called system
implementation. This includes all those activities that take place to convert from the
old system to the new system. The system can be implemented only after thorough
testing is done and if it is found to be working according to the specifications. The
system personnel check the feasibility of the system.
The most crucial stage is achieving a new successful system and giving
confidence on the new system for the user that it will work efficiently and
effectively. It involves careful planning, investigation of the current system and its
constraints on implementation, design of methods to achieve the changeover.
The more complex system being implemented, the more involvement
in system analysis and the design effort required just for implementation.
The system implementation has three main aspects. They are education
and training, system testing and changeover.
The implementation stage involves following tasks
➢ Careful planning.
➢ Investigation of system and constraints.
➢ Design of methods to achieve the changeover.
➢ Training of the staff in the changeover phase.
➢ Evaluation of the changeover method.
The method of implementation and the time scale to be adopted are found
out initially. Next the system is tested properly and the same time users are trained
the new procedures.

4.13.1 Implementation Procedures

The implementation phase is less creative than system design. A system design
may be dropped at any time prior to implementation, although it becomes more
difficult when it goes to the design phase. The final report of the implementation
phase includes procedural flowcharts, record layouts, and a workable plan for
implementing the candidate system design into a operational design.
Changeover is the process where the existing system is converted
into the new system. The changeover from old to new system takes place when:
➢ System is proved to the satisfaction of systems analyst and other
implementation activities are completed.
➢ User managers are satisfied with the results of system tests, staff training
and referenced manuals;
➢ Operations manager is satisfied with performance of equipment,
 operations staff and time table;
➢ Target date for changeover is due.
The most common methods to achieve changeover are:
➢ Direct changeover
➢ Parallel running
➢ Pilot running
➢ Staged changeover
Parallel running means processing current data by both old and new
system to crosscheck results. The old systems kept alive and operational until new
system is proved for at least one system cycle, using full live data in the real
operational environment of place, people, equipment and time.
Before installation of the software the hardware specification are
checked. If the hardware specifications are satisfactions are satisfactory than the
software is loaded. The existing system supposes to be manual, the following
procedures will be continued. Existing ledgers are converting in to master file
entries. Initially the instructions will be given to the users, how to convert the source
data in to master file record.

4.13.2 User training

To achieve the objectives and benefits expected from computer based
system, it is essential for the people who will be involved to be confident of their
role in the new system. Education is complementary to training. It brings life to
formal training by explaining the background to the resources for them. Education
involves creating the right atmosphere a motivating user staff. Education sections
should encourage participation from all staff with protection for individuals for
group criticism. Education should start will before any development work to enable
users to maintain or to regain the ability to participate in the development of their
system.
As the system will be use only by the administrator there is no need of much
training as it is graphical oriented it will be easily understandable by all.
4.13.3 Operational Documentation
Once the implementation plan is decided, it is essential that the user of the
system is made familiar and comfortable with the environment. Education involves
right atmosphere and motivating the user. A documentation providing the whole
operations of the system is being developed. The system is developed in such a way
that the user can work with it in a well consistent wayUseful tips and guidance is
given inside the software itself to help the user.
It is designed to prepare the users for testing & converting the system. There is
several ways to trail the users they are:
1) User manual
2) HTML Web pages
3) Man pages.
1) User manual:
The summary of important functions about the system & software can be
provided as a document to the user. User training is designed to prepare the user for
testing and convening a system. The summary of important functions about the
system and the software can be provided as a document to the user.

2) HTML Web pages:

This features now available in every software package, especially when it is
used with a menu. The user selects the “Help” option from the menu. The System
success the necessary description or information from the website for user reference.
3) Man pages:
Another user training element is a Man pages. In Linux each and every
command should have the “man” or “help info” pages. It is very usefull as it provide
information about the command with example.

CHAPTER 5
TESTING
5.1 TESTING
 The purpose of testing is to discover errors. Testing is the
process of trying to discover every conceivable fault or weakness in a work product.
It provides a way to check the functionality of components, sub assemblies,
assemblies and/or a finished product It is the process of exercising software with the
intent of ensuring that the Software system meets its requirements and user
expectations and does not fail in an unacceptable manner. There are various types of
test. Each test type addresses a specific testing requirement.

5.2 TYPES OF TESTING

5.2.1 UNIT TESTING
Unit testing involves the design of test cases that validate that the
internal program logic is functioning properly, and that program input produces valid
outputs. All decision branches and internal code flow should be validated. It is the
testing of individual software units of the application .it is done after the completion
of an individual unit before integration. This is a structural testing, that relies on
knowledge of its construction and is invasive. Unit tests perform basic tests at
component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs
accurately to the documented specifications and contains clearly defined inputs and
expected results.

5.2.2 INTEGRATION TESTING

Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate
that although the components were individually satisfaction, as shown by
successfully unit testing, the combination of components is correct and consistent.
Integration testing is specifically aimed at exposing the problems that arise from the
combination of components.

5.2.3 FUNCTIONAL TESTING

Functional tests provide a systematic demonstration that
functions tested are available as specified by the business and technical
requirements, system documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be
accepted.
Invalid Input : identified classes of invalid input must
be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application
outputs
must be exercised.
Systems/Procedures : interfacing systems or procedures must
be invoked.

5.2.4 WHITE BOX TESTING

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least
its purpose. It is purpose. It is used to test areas that cannot be reached from a black
box level.

5.2.5 BLACK BOX TESTING

Black Box Testing is testing the software without any knowledge of
the inner workings, structure or language of the module being tested. Black box tests,
as most other kinds of tests, must be written from a definitive source document, such
as specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box
.you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.

5.2.6 ACCEPTANCE TESTING

User Acceptance Testing is a critical phase of any project and
requires significant participation by the end user. It also ensures that the system
meets the functional requirements.

5.3 TEST RESULTS

All the test cases mentioned above passed successfully. No
defects encountered.

5.4 Quality Assurance

Quality assurance consists of the auditing and reporting functions of
management. The goal of quality assurance is to provide management with the data
entries necessary to be informed about the product quality thereby gaining the goal
of insight and confidence that the product quality is meeting
Greater emphasis on quality in organization requires quality assurance. To
be an integral part of the information system development .The development process
must include checks throughout the process to ensure that the final product meets
the original user requirements.
Quality assurance thus becomes an important component of the development
process . It’s included in the industry standard (IEEE 1993) On the development
process quality assurance process is integrated into a linear development cycle
through validation and verification performed at crucial system development steps
.The goals of the management is to institute and monitor a quality assurance program
with in the development process
Quality assurance induces,
1. Validation of the system against requirements
2. Checks for errors in design documents and in the system itself
3. Quality assurance for usability

5.4.1 Quality assurance Goals:

Correctness : The extent to which the program meets the system
specifications and user
objectives
Reliablility : The degree to which the system performs its intended
functions overtime
Efficiency : The amount of computer resources required
by a program to perform a
function
Usability : The effort required learning and operating a system
Maintainability: To use with which program errors are located and corrected
Testability : The effort required a testing a program to ensure its
correct performance
Portability : To ease of transporting a program from hardware
configuration to another.

5.4.2 Generic Risks:

A risk is an unwanted event that has negative consequences. Risk
identification is the systematic attempt to specify threats to the project plan
(estimates the schedule resource overloading etc.
The use of this system is better in LAN than in WAN because of network
trafic, load balancing. It also depends upon the cable we using the network
The generic risks such as the product size risk, business impact risks,
customer-related risks, process risks, Technology risks, and Development
environment risks, Security risks etc for this project are analyzed and documented
by the senior staffs in the organization. This project is developed by considering
these issues and with the constant support from senior staffs in the organization.

CHAPTER 6
SYSTEM MAINTENANCE

6.1 System maintenance

The maintenance phase of the software cycle is the time in which a software
product performs useful work. After a system is successfully implemented, it should
be maintained in a proper manner. System maintenance is an important aspect in the
software development life cycle. The need for system maintenance is for it
to make adaptable to the changes in the system environment. There may be social,
technical and other environmental changes, which affect a system, which is being
implemented. Software product enhancements may involve providing new
functional capabilities, improving user displays and mode of interaction, upgrading
the performance characteristics of the system.
Maintenance is actually implementation of the review plan as important as it
is programmers and analyst is to perform or identify with him or herself with the
maintenance. There are psychologically personality and professional reasons for
this. Analyst and programmers spend fair more time maintaining programmer then
they do writing them Maintenances account for 50-80% of total system
development. Maintenance is expensive .One way to reduce the maintenance costs
are through maintenance mgt and software modification audits Types of
maintenance are
1. Perfective maintenance
2. Preventive maintenance

6.1.1 Perfective maintenance:

Changes made to the system to add features or to improve the
performance.
6.1.2 Preventive maintenance:
Changes made to the system to avoid future problems. Any changes can be
made in the future and our project can adopt the changes.

CHAPTER 7
CONCLUSION
7.1 CONCLUSION
A complete highly compact MAC implementation, based on stream
ciphering, was implemented successfully in this project. The principle was to
implement a hash transformation based on the stream cipher, where the strength of
the hash is associated with the underlying security of the cipher. This implementation
was the purpose of satisfying the specification for a transition from the one-way
transformation to the iteration procedure. The hash is then utilized to implement
HMAC, based on standard procedures. The principle was implemented a hash
transformation based on the stream cipher, where the strength of the hash is
associated with the underlying security of the cipher. The proposed system removes
the inefficiencies of the existing system. This will help make effective changes in
the resources quickly and reduce network bottle-necks. The use of this system is
with GUI we authenticate the user. Messages encrypted will be decrypted to retrieve
the original message. Hash verification done at incoming data.
 CHAPTER 8
FUTURE ENHANCEMENT
8.1 Future Enhancement:
Security and privacy are the inherent problems in RFID
communications. A new ultra lightweight RFID authentication protocol
that provides strong authentication and strong integrity protection of its
transmission and of updated data. The protocol requires only simple bit-wise
operations on the tag and can resist all the possible attacks. These features make it
very attractive to low-cost RFIDs and very low-cost RFIDs.