CONTENTS

TITLE PageNo
Abstract v
ListofFigures vi
CHAPTER1:INTRODUCTION
Objectives 2
ProblemStatement 2
ProblemUndertaken 3
ProblemDefinition 3
ScopeStatement 3
OrganizationofProjectReport 4
CHAPTER2:LITERATURESURVEY
ProjectPlanningandManagement 8
DetailSystemRequirementSpecification(SRS) 8
SystemOverview 8
ProjectProcessModeling 9
IncrementalModel 9
CostEffectiveEstimates 10
BasicCOCOMO 10
CHAPTER3:THEORETICALBACKGROUND
OverviewofMachineLearning 13
DimensionReductionTechniques 14
FeatureSelection 14
FeatureExtraction 15
MachineLearning 16
WhatisMachineLearning? 17
HowdoesMachineLearningwork 18
ClassificationofMachineLearning 19
SupervisedLearning 19
UnsupervisedLearning 21
ReinforcementLearning 22
MachineLearningAlgorithms ThatYouCanUseInYourOwn
Projects as Well, Including: 23

i
 K-NearestNeighbors(K-NN) 23
NaïveBayesClassifierAlgorithm 27
LogisticRegressioninMachineLearning 29
DecisionTreeClassificationAlgorithm 31
RandomForestAlgorithm 33
CHAPTER4:SYSTEMANALYSIS
ExistingSystem: 36
DisadvantagesofExistingSystem: 36
ProposedSystem: 36
AdvantagesofProposedSystem: 36
CHAPTER5:SYSTEMDESIGN
Modules: 38
User: 38
Admin: 38
System: 38
Database: 38
SystemArchitecture: 38
UMLDiagrams: 39
ArchitectureDesign: 40
ActivityDiagram: 40
SequenceDiagram: 41
InterfaceDiagram: 42
StateMachineDiagram: 42
CHAPTER6:SYSTEMREQUIREMENTS
Hardwarerequirements: 44
Softwarerequirements: 44
CHAPTER7:SYSTEMIMPLEMENTATION
Modulesdescription: 46
DataPre-Processing: 46
Classificationwithlogisticregression: 46
SoftwareandLanguagesused: 46
Jupyter 46
Python 46
HTML,CSS,JSCRIPT 47

ii
 Working 47
DataSetSelection 47
DataCleaningandDataTransformation 47
DataProcessingandAlgorithmImplementation 47
OutputandUserSideExperience 48
InputandOutputDesign 48
InputDesign 48
Objectives 48
OutputDesign 48
CHAPTER8:SYSTEMTESTING
TypesofTesting 59
BlackBoxTesting 59
WhiteBoxTesting 60
CHAPTER9:OUTPUTSCREENS
OutputScreens 63
CONCLUSION 72
REFERENCES 74

iii
INTRODUCTION

1
 CHAPTER-1
INTRODUCTION

PASSWORDShavevariousadvantagesofbeingmemorable,avoidingcomprehensive and
computation-consuming public key infrastructure (PKI) for distributing client certificates and
dedicated hardware for storing secret keys. Password hashing scheme (PHS), also known as
password-based key derivation functions (PBKDFs), e.g., PBKDF1, PBKDF2, Bcrypt, Scrypt, and
M3lcrypt etc. are generally used to derive one or more secret keys from a secret value such as a
master key, a password, or a passphrase. As an integral part of the authentication mechanism, PHS
couldhash thepassword and store them at theserver database with the usernameandother
importantinformationtogether,sothattheservercancheckagainsttheclient’sregistered password when
the client tries to log in. But the security of most of existing PBKDFs comes from hashing algorithms
under the random oracle model (ROM), and limitations of ROM have been discussed in.

In addition, passwords are the default authentication approach and are unlikely to be
replaced in the near future. To prevent the unauthorized access and to mitigate the problem of
compromised password database, various approaches are proposed for several authentication
schemes, such as.In essence,theseschemesarevariantsof thepassword-authenticatedkey exchange
(PAKEinshort)protocol, as shown in Figure 1. In anutshell,PAKEcan be achievedif the server and the
client, who hold the same password, prove to each other that they know the password without
disclosing any useful information about it, but they also establish a shared secret session key at the
end, assuring security against (offline) password-guessing attacks. Forthe
convenienceofthereader,thissettingisabbreviatedtosymmetric-PAKEinthiswork.Itisnot
hardtoseethatcryptographicsymmetric-PAKEliteratureonlyfocusonhowtoaddressthe

2
password-onlysetting.However,inreality,asymmetric-PAKE(a.k.a.,augmentedorverifier-
basedPAKE)protocolsfirstproposedbyBellovinandMeritaremorewidelyacceptedandused by most of
existing client-toserver Internet or Internet-of-Things authentication schemes. The main reason is that
asymmetric-PAKE can limit the impact of any password leakage. In particular, asymmetric- PAKE
allows a server to keep the password hash, which guarantees that the adversary has to use offline
dictionary attack to recover it from the hashed passwords if the server is compromised. In other
words, the server only enables to get the knowledge of the randomized
passwordwiththecorrespondingrandomsalt,butnottheactualpassword.
ThereareasymmetricPAKEprotocolswhichhavebeendesignedandinformally analyzed, such
as in the standard model, andin the random oraclemodel.More concretely, Gentry
etal.[16]proposedanidealfunctionalityintheUniversal Composable(UC)framework[16]with a generic
transformation given by the -method. Benhamouda and Pointcheval with the follow-up works
proposed the first asymmetric construction in the standard model with game-based security
analysis.However,nolattice-basedasymmetric-PAKEconstructioninthestandardmodelhas been
proposed so far. To our knowledge, there are some candidate lattice-based symmetric-PAKE
constructionsbasedonsmoothprojectivehashfunction(SPHFinshort),whichhavebeen
proposedfollowingthemethodologyofGennaro-Lindell (i.e.,GL-SPHF)andKatz- Vaikuntanathan (i.e.,
KV-SPHF) [29], respectively. The trouble is that the transformation overlattices from symmetric-
PAKE to asymmetric- PAKE is non-trivial since there is no concretesolutionoflattice-basedpassword-
hashingtoassistthetransformation.AlthoughBenhamouda and Pointcheval introduced the construction
of password hashing based on random oracles, and Kiefer and Manulis built a password hashing
scheme via Pedersen commitment. All those schemes are still vulnerable to quantum computer
attacks. The main goal of our solution is to answer the following question:
Isitpossibletodevelopapracticalround-optimalasymmetricPAKEoverlatticeswithout
randomoracleswhileremainingsecureunderthequantumera?
We answer the above question in the affirmative. We give a detailed description of the
concrete results and contributions in Subsection 1.1, where we present the high-level ideas and
techniques used throughout this work

3
LITERATURE
SURVEY

4
 CHAPTER-2
LITERATURESURVEY

M. Shirvanian, N. Saxena, S. Jarecki, and H. Krawczyk, “Building and studying a password

storethatperfectlyhidespasswordsfrom itself
We introduce a novel approach to password management, called SPHINX, which remains secure
even when the password manager itself has been compromised. In SPHINX, the information stored
onthedeviceistheoreticallyindependentoftheuser'smasterpassword.Moreover,anattacker with full
control of the device, even at the time the user interacts with it, learns nothing about the master
password - the password is not entered into the device in plaintext form or in any other way that may
leak information on it. Unlike existing managers, SPHINX produces strictly high-entropy passwords
and makes it compulsory for the users to register these passwords with the web services, which
defeats online guessing attacks and offline dictionary attack upon service compromise. We present
the design, implementation and performance evaluation of SPHINX, offering prototype
browserplugins,smartphoneappsandtransparentdevice-clientcommunication.Wefurther
provideacomparativeanalyticalevaluationofSPHINXwithotherpasswordmanagersbasedon
aformalframeworkconsistingofsecurity,usability,anddeployabilitymetrics.
W. Li, X. Li, J. Gao, and H. Y. Wang, “Design of secure authenticated key management
protocol for cloud computing environments
With the maturity of cloud computing technology in terms of reliability and efficiency, a large
number of services have migrated to the cloud platform. To convenient access to the services and
protecttheprivacyofcommunicationinthepublicnetwork,three-factorMutualAuthentication
andKeyAgreement(MAKA)protocolsformulti-serverarchitecturesgainwideattention. However, most
of the existing three-factor MAKA protocols don’t provide a formal security proof resulting in
various attacks on the related protocols, or they have high computation and communication costs.
And most of the three-factor MAKA protocols haven’t a dynamic revocation
mechanism,whichleadstomalicioususerscannotbepromptlyrevoked.Toaddressthese

5
drawbacks,we propose aprovable dynamic revocable three-factorMAKA protocol that
achievestheuserdynamicmanagementusingSchnorrsignaturesandprovidesaformalsecurityproofin
therandomoracle.Securityanalysisshowsthatourprotocol canmeetvariousdemandsinthe multi-server
environments. Performance analysis demonstrates that the proposed scheme is well suited for
computing resource constrained smart devices. The full version of the simulation
implementationprovesthefeasibilityof theprotocol.
P. Liu, S. Li, and Q. Ding, “An energy-efficient accelerator based on hybrid CPU-FPGA
devices for password recovery
Passwordrecoverytoolsareneededtorecoverlost andforgottenpasswordsso astoregain access to
valuable information. As the process of password recovery can be extremely compute-intensive,
hardware accelerators areoftenneeded toexpedite the recoveryprocess. Thispaper thuspresents
ahighperformance,energy-efficientacceleratorbuiltuponmodernhybridCPU-FPGASoC devices. The
proposed password recovery accelerator relies on the development of aset of intellectual property (IP)
cores for implementing variety of encryption algorithms with vastly different
characteristicsandcomplexities.Tokeepthe resource requirementsof eachIPcore running on a resource-
strapped FPGA to the minimum, while achieving the highest throughput
possible,themostperformancecriticalcomputationalhashfunctionsaremappedtotheFPGA with two
specific optimization techniques, namely the fixed message padding for hashing and loop
transformation for deep pipelining.
Q. Yang, K. Xue, J. Xu, J.Wang, F. Li, and N. Yu, “Anfra: Anonymous and fast roaming
authentication for space information network
Nowadays, the Space Information Network (SIN) has been widely used in real life because of its
advantages of communicating anywhere at any time. This feature is leading to a new trend that
traditionalwirelessusersarewillingtoroamtoSINtoobtainabetterservice.However,the featuresof
exposedlinks andhighersignal latencyin SINmake itdifficult to design a secure and
fastroamingauthentication schemeforthisnewtrend.Although someexistingresearcheshave been
focused on designing secure authentication protocols for SIN or providing roaming authentication
protocols for traditional wireless networks, these schemes cannot provide adequate requirements for
the roaming communication in SIN and bring in critical issues, such as the privacy
leakageorintolerableauthenticationdelay.Observingtheseproblemshavenotbeenwell
addressed,wedesignananonymousandfastroamingauthenticationschemeforSIN.Inour

6
scheme,weutilizethegroupsignaturetoprovidetheanonymityforroamingusers,andassume that the
satellites have limited computing capacity and make them have the defined authentication
functiontoavoidthereal-timeinvolvementofthehomenetworkcontrolcenterwhen authenticating the
roaming users. The results of security and performance analysis show that the proposed scheme can
provide the required security features, while providing a small authentication delay.
Z.Ba,Z.Qin,X.Fu,andK.Ren,“CIM:camerainmotionforsmartphoneauthentication
StructurefromMotion(SfM)isapipelinethatallowsthree-dimensionalreconstructionstarting
fromacollectionofimages.Atypical SfMpipelinecomprisesdifferentprocessingstepseachof
whichtacklesadifferentprobleminthereconstructionpipeline.Eachstepcanexploitdifferent
algorithmstosolvetheproblemathandandthusmany differentSfMpipelinescanbebuilt.How to choose the
SfMpipelinebestsuitedforagiven taskisan importantquestion.Inthispaperwe
reportacomparisonofdifferentstate-of-the-artSfMpipelinesintermsoftheirabilityto
reconstructdifferentscenes.WealsoproposeanevaluationprocedurethatstressestheSfM
pipelinesusingrealdatasetacquiredwithhigh-enddevicesaswellasrealisticsyntheticdataset.
Tothisend,wecreatedaplug-inmodulefortheBlendersoftwaretosupportthecreationof
syntheticdatasetsandtheevaluationoftheSfMpipeline.Theuseofsyntheticdataallowsusto
easilyhavearbitrarilylargeanddiversedatasetswith,intheory,infinitelyprecisegroundtruth.
Ourevaluationprocedureconsidersboththereconstructionerrorsaswellas theestimationerrors of the
camera poses used in the reconstruction.

7
SYSTEM
ANALYSIS

8
 CHAPTER 3
SYSTEMANALYSIS

EXISTINGSYSTEM

TheInternetofThings(IoT)introducesanactiveconnectionbetweensmartdevices for
revolutionizing our modern lives in this world. But, IoT devices often exhibit several security issues,
so transmission between the nodes should be protected using cryptographic approaches.
However,thecomplexityof conventionalcryptographicapproachesisveryhigh andisvulnerable
toquantumattacks.Thispaperpresentsarobustandlightweightpost-quantumlattice-
basedauthenticationandcode-basedhybridencryptionschemeforresource-constrainedIoTdevices.

AnexistingRing-LearningwithErrors(Ring-LWE)basedauthenticationscheme introduces
Bernstein reconstruction in polynomial multiplication to achieve minimal computation
cost;hence,resource-limitedIoTdevicesareviabletousethereliableauthenticationmutually. Thisapproach
offersindefiniteidentity privacy and location privacy.Hence, the signature generation and verification
process are highly efficient compared to the existing ring signature systems.Also,thepost-
quantumhybridcode-basedencryptionschemefollowsDiagonalStructureBasedQC-
LDPCCodeswithcolumnloopoptimizationandSimplifiedLogDomain Sum-ProductAlgorithm
(SLDSPA)to provide thefunction of light weight encryption with minimum hardware requirements.

The total authentication delay of the proposed authentication scheme is 23% less than the
authentication scheme that is considered conventional polynomial multiplication.Also, theoptimized
design of the proposed code based HE uses only 64 slices and 640slices on Xilinx Virtex-
6FPGAforencoding anddecodingprocesses, respectively. Thesesimulation resultsprove

9
the effectiveness of theproposedcryptographicscheme against othercompetitivesystems interms of its
functionality and hardware complexities.

Disadvantages
 ThesystemisnotimplementedPasswordhashingTechniquewhichisusedtosecure the password.
 The system is not implemented QUANTUM-SAFE PASSWORD AUTHENTICATION
WITHPASSWORD-PROTECTEDSESSIONKEYESTABLISHMENTVIAPHSIN THE
STANDARD MODEL.

PROPOSEDSYSTEM
Passwordhashingoverlatticesinthestandardmodel.
The security of most of the existing PHSs (e.g., PBKDFs) is demonstrated from several
mathematicallycomplex hashing algorithms underthe ROM,which represents aproblem on howto
design post-quantum PHSsin the standardmodel because, in the quantumworld, we have to prove
security against the quantumROM.Inherited from the advantagesof the PBKDFs, the discrete
logarithm based PHSs and Pedersen commitment-based PHSs are proposed sequentially. Further, to
achieve quantum resistance, Nguyen et al. provided a PHS and a zero-knowledge passwordpolicy
check solutionviathecommitmentoverlatticesto replacethefunctionalityof PHS, which also assists the
server in checking the policy of the hashed password. But the construction of relies on the complexity
of a random permutation. Thus, the original definition of PHS in is adopted in our solution, we
instantiate a new commitment-based PHS by following the Pedersen-style PHS methodology of but
using the CDGLW commitment of Cabarcas et al. as a building block in the lattice setting. The
primary benefit of the instantiated PHS via CDGLW commitment is to equip
theauthenticationphaseandtheasymmetric-PAKEphase.

Password authentication via PHS over lattices. Essentially, to bypass the random oracle and
maintain the security in the coming quantum era, the quantum-safe registration-authentication
protocolviaPHSoverlatticesisproposedinordertotransformthesymmetric-PAKEintothe

10
asymmetric-PAKE. Here, a client registers with his corresponding username uid and hashed
passwordrpw=PreHash(_s;uidkpw)alongwithapre-salt_s,andtheserverstoreshisreceived uid and a
hashed value _y PHash((_s; s); rpw) with a random salt s. When the client attempts to authenticate
himself with the server, and the corresponding uid and rpw are transferred to the server
whothenvalidateswhetherrpw=rpw0andy =y0forthesameuid.Oncethevalidationpasses, the server will
send a token tkmskAuthmsk(data) to the client using his master secret key msk,
whereAuthiseitheramessageauthenticationcode(MAC)oraone-timesignature.

Round-optimal asymmetric PAKE over lattices. The SPHF scheme ensures that both parties
(actingastheproverandtheverifier,respectively)endupgeneratingthesamestrongsessionkey if both
parties know the same authenticated factors (e.g., password or biometric template), and independent
session keys otherwise. The main advantage of the SPHF for the PAKE is that the verifier does not
require to do further verification because SPHF is in essence a designated-verifier zero-knowledge.
Hence, this permits for obtaining the round-optimal (i.e., synchronous two flows) PAKE. Therefore,
walking along the research line of the challenge to obtain the round-optimal asymmetric-PAKE
protocol can be addressed by integrating the password authenticationvia PHS into the one round
SPHF-based symmetric-PAKE protocol in the lattice setting, which can be accomplished without
introducing an extra round. Finally, following the Bellare-Pointcheval- Rogaway (BPR)game-
basedmodel enhancedby BenhamoudaandPointcheval thebalanced security of
asymmetric-PAKEundertheBPRmodelisachieved.

Advantages
 The proposed system refines the QUANTUM-SAFE PASSWORD AUTHENTICATION
WITHPASSWORD-PROTECTEDSESSIONKEYESTABLISHMENTVIAPHSIN THE
STANDARD MODEL.
 The proposed system implemented PasswordAuthentication viaPassword Hashingwhichis
more safe and secure for password.

11
SYSTEM
DESIGN

12
 CHAPTER 4
SYSTEMDESIGN

ArchitectureDiagram

13
DATAFLOWDIAGRAM

Figno:4.2

14
4.3CLASSDIAGRAM

15
4.4SEQUENCEDIAGRAM

16
USECASEDIAGRAM

17
FlowChart:EndUser

18
FlowChart:Client

19
INPUTDESIGN
Input Design plays a vital role in the life cycle of software development, it requires very
careful attention of developers. The input design is to feed data to the application as accurate as
possible.Soinputsaresupposedtobedesignedeffectivelysothattheerrorsoccurringwhile
feedingareminimized.AccordingtoSoftwareEngineeringConcepts,theinputformsorscreens are
designed to provide to have a validation control over the input limit, range and other related
validations.
This system has input screens in almost all the modules. Error messagesare developed to alert
the user whenever he commits some mistakes and guides him in the right way so that invalid
entriesarenotmade.Letusseedeeply aboutthisundermoduledesign.
Input design isthe processof converting the user created inputintoa computer-based
format.Thegoaloftheinputdesignistomakethedataentrylogicalandfreefromerrors.The error is in the
input are controlled by the input design. The application has been developed in user- friendly manner.
The forms have been designed in such a way during the processing the cursor is placedin
thepositionwheremustbeentered.The useris alsoprovidedwithin anoptiontoselect an
appropriateinputfromvariousalternativesrelatedtothefieldincertaincases.
Validations are required for each data entered. Whenever a user enters an erroneous data,
errormessageisdisplayed andtheusercanmoveon to thesubsequentpagesaftercompletingall the entries
in the current page.
OUTPUTDESIGN
The Output from the computer is required to mainly create an efficient method of
communication within the company primarily among the project leader and his team members, in
other words, the administrator and the clients. The output of VPN is the system which allows the
project leader to manage his clients in terms of creating new clients and assigning new projects to
them,maintainingarecordoftheprojectvalidityandprovidingfolderlevelaccesstoeachclient on the user
side depending on the projects allotted to him. Aftercompletion of a project, a new project may be
assigned to the client. User authentication procedures are maintained at the initial stages itself. A new
user may becreated by the administrator himself or auser can himself registerasanewuserbutthetask of
assigningprojectsandvalidatinganewuserrestswith the administrator only.

20
 The application starts running when it is executed for the first time. The server has to be
started and then the internet explorer in used as the browser. The project will run on the local area
networksotheservermachinewillserveastheadministratorwhiletheotherconnectedsystems
canactastheclients.Thedevelopedsystemishighlyuserfriendlyandcanbeeasilyunderstood by anyone
using iteven for the first time.

SYSTEMREQUIREMENTS
➢ H/WSystemConfiguration:-
➢ Processor - Pentium–IV
➢ RAM -4GB(min)

➢ HardDisk -20GB

➢ KeyBoard - StandardWindowsKeyboard

➢ Mouse - TwoorThreeButtonMouse

➢ Monitor - SVGA

SoftwareRequirements:

 OperatingSystem - WindowsXP
 CodingLanguage - Java/J2EE(JSP,Servlet)
 FrontEnd - J2EE
 BackEnd - MySQL

21
 IMPLEMENTATION

22
 CHAPTER-5
IMPLEMENTATION

Modules

Client
In thismodule,theServiceProviderhasto loginby usingvalidusernameandpassword.After login
successful he can do some operations such as Login, View Authorize Users, Add Documents,
ViewAllDocuments,ViewSearchTransaction,ViewRelevanceDocumentsRatio,View Quantum
Relevance Documents, View Positive RF/Negative RF Documents, View All Attackers, View Chart
Results.

ViewandAuthorizeUsers
In this module, the admin can view the list of users who all registered. In this,the admin can
viewtheuser’sdetailssuchas,username,email,addressandadminauthorizestheusers.

EndUser
In this module, there are n numbers of users are present. User should register before doing any
operations. Once user registers, their details will be stored to the database. After registration
successful, he has to login by using authorized user name and password. Once Login is successful
user will do some operations like Register and Login, My Profile, Search Documents, Top K
Documents, TopKKeywords,My Search History.

23
SYSTEM STUDY AND
TESTING

24
 CHAPTER-6
SYSTEMSTUDY&TESTING

FEASIBILITYSTUDY

The feasibility of the project isanalyzedin thisphase andbusiness proposal isput forth with a
very general plan for the project and some cost estimates. During system analysis the feasibility
study of the proposed system is to be carried out. This is to ensure that the proposed system is not a
burden to the company. For feasibility analysis, some understanding of the major requirements for
the system is essential.

Threekeyconsiderationsinvolvedinthefeasibilityanalysisare

 ECONOMICALFEASIBILITY
 TECHNICALFEASIBILITY
 SOCIALFEASIBILITY
ECONOMICALFEASIBILITY
Thisstudy iscarriedoutto check theeconomicimpactthatthesystemwill haveon the
organization. The amountof fund that the company can pour into the research and development of the
system is limited. The expenditures must be justified. Thus the developed system as well within the
budget and this was achieved because most of the technologies used are freely available. Only
thecustomizedproductshadto bepurchased.

TECHNICALFEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the available
technical resources. This will lead to high demands on the available technical resources. This will
lead to high demands being placed on the client. The developed system must have a modest
requirement,asonlyminimalornullchangesarerequiredforimplementingthissystem.

25
SOCIALFEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the users
solely depends on the methods that are employed to educate the user about the system and to make
him familiar with it. His level of confidence must be raised so that he is also able to make some
constructivecriticism,whichiswelcomed,asheis thefinaluserofthesystem.
TESTINGMETHODOLOGIES

ThefollowingaretheTestingMethodologies:

 UnitTesting.
 IntegrationTesting.
 UserAcceptanceTesting.
 OutputTesting.
 ValidationTesting.
UnitTesting
UnittestingfocusesverificationeffortonthesmallestunitofSoftwaredesignthatisthe
module.Unittestingexercisesspecificpathsinamodule’scontrolstructureto

ensurecompletecoverageandmaximumerrordetection.Thistestfocusesoneachmodule
individually,ensuringthatitfunctionsproperlyasaunit.Hence,thenamingisUnitTesting.

Duringthistesting,eachmoduleistestedindividually andthemoduleinterfacesare verifiedfor the

consistency with design specification.All importantprocessingpath are tested for
theexpectedresults.All errorhandlingpaths are also tested.

IntegrationTesting
Integrationtestingaddressestheissuesassociatedwiththedualproblemsofverification and
program construction. After the software has been integrated a set of high order tests are conducted.
The main objective in this testing process is to take unit tested modules and builds a
programstructure thathas been dictatedby design.

26
ThefollowingarethetypesofIntegrationTesting:

1. Top-DownIntegration
This method is an incremental approach to the construction of program structure.Modules
areintegratedby movingdownwardthroughthecontrol hierarchy,beginningwiththemain program
module. The module subordinates to the main program module are incorporated into the structure in
either adepth firstorbreadthfirstmanner.
In this method, the software is tested from main module and individual stubs are replaced
when the test proceeds downwards.

2. Bottom-upIntegration
This method begins the construction and testing with the modules at the lowest level in the
program structure. Since the modules are integrated from the bottom up, processing required for
modules subordinate to a given level is always available and the need for stubs is eliminated. The
bottom-upintegrationstrategymaybeimplementedwiththefollowingsteps:

 Thelow-level modules are combined into clusters into clusters that

perform a specific Software sub-function.
 A driver (i.e.) the control program for testing is written to coordinate test case
input and output.
 Theclusteristested.
 Driversareremovedandclustersarecombinedmovingupwardinthe program
structure
Thebottom-upapproachestesteachmoduleindividuallyandtheneachmoduleismoduleis integratedwith
amainmoduleand testedforfunctionality.

UserAcceptanceTesting
User Acceptance of a system is the key factor for the success of any system. The system
underconsiderationistestedforuseracceptancebyconstantlykeepingintouchwiththe prospective system
users at the time of developing and making changes wherever required. The system developed
provides a friendly user interface that can easily be understood even by a person who is new to the
system.

27
OutputTesting

After performing the validation testing, the next step is output testingof the proposedsystem,
since no system could be useful if it does not produce the required output in the specified format.
Asking the users about the format required by them tests the outputs generated or displayed by the
system under consideration. Hence the output format is consideredin 2 ways – one is on screen and
another in printed format.

ValidationChecking
Validationchecksareperformedonthefollowingfields.

TextField:
The text field can contain only the number of characters lesser than or equal to its size. The
text fields are alphanumeric in some tables and alphabetic in other tables. Incorrect entry always
flashes and error message.
NumericField:
The numeric field can contain only numbers from 0 to 9.An entry of any character flashes an
errormessage. Theindividual modules are checkedfor accuracy andwhat it has to perform.
Eachmoduleissubjectedtotestrunalongwithsampledata.Theindividuallytestedmodules are integrated
into a single system.Testing involves executing the real data information is used
intheprogramtheexistenceofanyprogramdefectisinferredfromtheoutput.Thetestingshould
beplannedsothatall the requirementsareindividually tested.
A successful test isone thatgivesout the defectsforthe inappropriate dataandproduces and
output revealing the errors in thesystem.
PreparationofTestData
Takingvariouskindsoftestdatadoestheabovetesting.Preparationoftestdataplaysa vital role in
the system testing.After preparingthe test data the system under study is tested using that
testdata.Whiletesting thesystemby usingtest dataerrors are again uncovered andcorrected by
usingabove testingstepsandcorrectionsare alsonotedforfutureuse.

28
UsingLiveTestData:
Livetestdataarethosethatareactuallyextractedfromorganizationfiles.Afterasystem is partially
constructed, programmers or analysts often ask users to key in a set of data from their normal
activities. Then, the systems person uses this data as a way to partiallytest the system. In other
instances, programmers or analysts extract a set of live data from the files and have them entered
themselves.

It is difficult to obtain live data in sufficient amounts to conduct extensive testing. And,
although it is realistic data that will show how the system will perform for the typical processing
requirement,assumingthatthelivedataenteredareinfacttypical,suchdatagenerallywillnot
testallcombinationsorformatsthatcanenterthesystem.Thisbiastowardtypicalvaluesthen does not
provide a true system test and in fact ignores the cases most likely to cause systemfailure.

UsingArtificialTestData:
Artificialtestdataarecreatedsolelyfortestpurposes,sincetheycanbegeneratedtotest all
combinations of formats and values. In other words, the artificial data, which can quickly be
preparedbyadatageneratingutilityprogramintheinformationsystemsdepartment,make
possiblethetestingofalllogin andcontrolpathsthroughtheprogram.
The most effective test programs use artificial test data generated by persons other
thanthosewhowrotetheprograms.Often,anindependentteamoftestersformulatesatesting plan, using the
systems specifications.
The package “Virtual Private Network” has satisfied all the requirements specified as per
software requirementspecificationandwasaccepted.

USERTRAINING
Whenever a new system is developed, user training is required to educate them about the
working of the system so that it can be put to efficient use by those for whom the system has been
primarily designed. For this purpose the normal working of the project was demonstrated to the
prospectiveusers.Itsworkingiseasilyunderstandableandsincetheexpectedusersarepeople
whohavegoodknowledgeof computers,the useof thissystemisveryeasy.

29
MAINTAINENCE
Thiscoversawiderangeofactivitiesincludingcorrectingcodeanddesignerrors.To reduce the need
for maintenance in the long run, we have more accurately defined the user’s
requirementsduringtheprocessof systemdevelopment.Dependingon therequirements,this system has
been developed to satisfy the needs to the largest possible extent. With development in technology, it
may be possible to add many more features based on the requirements in future. The
codinganddesigningissimpleandeasyto understandwhichwillmakemaintenanceeasier.

TESTINGSTRATEGY:
A strategy for system testing integrates system test cases and design techniques into a well
planned series of steps that results in the successfulconstruction of software. The testing strategy
mustco-operatetestplanning,testcasedesign,testexecution,andtheresultantdatacollection andevaluation.
Astrategyforsoftwaretestingmustaccommodatelow-levelteststhatare
necessarytoverifythatasmallsourcecodesegmenthasbeencorrectlyimplementedaswell
ashighlevelteststhatvalidatemajorsystemfunctionsagainstuserrequirements.

Software testing is a critical element of software quality assurance and represents the ultimate
review of specification design and coding. Testing represents an interesting anomaly for
thesoftware.Thus,aseriesoftestingareperformedfortheproposedsystembeforethesystemis ready for user
acceptance testing.

SYSTEM TESTING:
Software once validated must be combined with other system elements (e.g. Hardware,
people, database). System testing verifies that all the elements are proper and that overall system
function performance is achieved. It also tests to find discrepancies between the system and its
originalobjective,currentspecificationsandsystemdocumentation.

UNITTESTING:
Inunittestingdifferentaremodulesare testedagainstthespecificationsproducedduring
thedesignforthemodules.Unittestingisessentialforverificationofthecodeproducedduring the coding
phase, andhence the goals to testthe internal logicof the modules.Using thedetailed

30
design description as a guide, important Conrail paths are tested to uncover errors within the
boundary of themodules. Thistestingiscarriedout duringtheprogrammingstageitself. In this type of
testing step, each module was found to be working satisfactorily as regards to the expected output
from the module.
In DueCourse,latest technology advancementswillbetaken intoconsideration.Aspart of
technical build-up many components of the networking system will be generic in nature so that future
projects can either use or interact with this. The future holds a lot to offer to the development and
refinement of this project

31
OUTPUTSCREENS

32
 CHAPTER 7

OUTPUTSCREENS

33
34
35
36
37
38
39
40
41
’

42
43
 SYSTEM
ENVIRONMENT

44
 CHAPTER8
SYSTEMENVIRONMENT

JavaTechnology
Javatechnologyisbothaprogramminglanguageandaplatform.
TheJavaProgrammingLanguage

The Java programminglanguage is ahigh-level languagethat can be characterized by alof the

following buzzwords:

 Simple
 Architectureneutral
 Objectoriented
 Portable
 Distributed
 Highperformance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With mostprogramming languages, youeithercompile or interpret aprogram so thatyou can

run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
languagecalledJavabytecodes—theplatform-independentcodesinterpretedbytheinterpreter on the Java
platform. The interpreter parses and runs each Java byte code instruction on thecomputer.
Compilation happens just once; interpretation occurs each time the program is executed. The
following figure illustrateshow this works.

45
 You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine(JavaVM).EveryJavainterpreter,whetherit’sadevelopmenttooloraWebbrowser that can run
applets, is an implementation of the Java VM. Java byte codes help make “write once,
runanywhere”possible.Youcancompileyourprogramintobytecodesonanyplatformthathas a
Javacompiler.ThebytecodescanthenberunonanyimplementationoftheJavaVM.That
meansthataslongasacomputerhasaJavaVM,thesameprogramwrittenin theJava
programminglanguagecan runonWindows2000,aSolarisworkstation,oronaniMac.

TheJavaPlatform
A platform is the hardware or software environment in which a program runs. We’ve already
mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS.Most
platforms can be described as a combination of the operating system and hardware. The Java
platform differs from most other platforms in that it’s a software-only platform that runs on top of
other hardware-based platforms.
TheJavaplatformhastwocomponents:
 TheJavaVirtualMachine(JavaVM)

46
  TheJavaApplicationProgrammingInterface(JavaAPI)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is portedonto
various hardware-based platforms.
The Java API is a large collection of ready-made software components that provide many useful
capabilities,such as graphical user interface (GUI)widgets. The Java API is grouped into
librariesofrelatedclassesandinterfaces;theselibrariesareknownaspackages.Thenextsection,What Can
Java Technology Do? Highlights what functionality some of the packages in the Java API provide.
Thefollowingfigure depicts aprogram that’s runningonthe Javaplatform.As thefigureshows, the
JavaAPIandthevirtualmachineinsulatetheprogramfrom thehardware.

Native code is code that after you compile it, the compiled code runs on a specific hardwareplatform.
As a platform-independent environment, the Java platform can be a bit slower than native code.
However, smart compilers, well-tuned interpreters, and just-in-time byte code compilers can
bringperformanceclosetothatofnativecodewithoutthreateningportability.
WhatCanJavaTechnology Do?
The most common types of programs written in the Java programming language are applets and
applications.Ifyou’vesurfedtheWeb,you’reprobablyalreadyfamiliarwithapplets.Anapplet is a program
that adheres to certain conventions that allow it to run within a Java-enabled browser. However, the
Java programming language is not just for writing cute, entertaining applets for the Web. The
general-purpose, high-level Java programming language is also a powerful software
platform.UsingthegenerousAPI,youcanwritemanytypesofprograms.
An application is a standalone program that runs directly on the Java platform. A special kind of
application known as a server serves and supportsclientson a network. Examplesof servers are
Webservers,proxyservers,mail servers,andprintservers.Anotherspecializedprogramisa
servlet.Aservletcanalmostbethoughtof asan appletthatrunson theserverside.JavaServlets are a popular
choice for building interactive web applications, replacing the use of CGI scripts.
Servletsaresimilartoappletsinthattheyareruntimeextensionsofapplications.Insteadof

47
working in browsers, though, servlets run within Java Web servers, configuring or tailoring the
server.
How does the API support all these kinds of programs? It does so with packages of software
components that provides a wide range of functionality. Every full implementation of the Java
platform gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data structures,
system properties, date and time, and so on.
 Applets:Thesetofconventionsusedbyapplets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol)sockets, andIP(InternetProtocol)addresses.
 Internationalization: Help for writing programs that can be localized for users
worldwide.Programscanautomaticallyadapttospecificlocalesandbedisplayed in the
appropriate language.
 Security: Both low level and high level, including electronic signatures, public and
private keymanagement,accesscontrol,andcertificates.
 Software components: Known as JavaBeansTM, can plug into existing component
architectures.
 Object serialization: Allows lightweight persistence and communication viaRemote
Method Invocation (RMI).
 Java DatabaseConnectivity (JDBCTM): Provides uniform access to awide rangeof
relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration,
telephony, speech, animation, andmore. Thefollowingfiguredepictswhat is included in the Java 2
SDK.

48
HowWillJavaTechnologyChangeMyLife?
We can’t promiseyou fame, fortune, or even a job if you learn the Java programming language.Still,
it is likely to make your programs better and requires less effort than other languages. We believethat
Javatechnologywillhelpyoudothefollowing:
 Get started quickly: Althoughthe Javaprogramminglanguageisapowerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with
C or C++.
 Write lesscode:Comparisonsofprogrammetrics(classcounts,methodcounts,
andsoon)suggestthataprogramwrittenintheJavaprogramminglanguagecan befour
timessmallerthan thesameprogramin C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendibleAPI letyoureuseotherpeople’s testedcode andintroducefewerbugs.
 Develop programsmorequickly:Yourdevelopmenttimemaybeasmuchas twice as fast
versuswriting the same program in C++.Why? Youwritefewer lines of code anditis
asimplerprogramminglanguage thanC++.
 Avoidplatformdependencieswith100%PureJava:Youcankeepyour program
portable by avoiding the use of libraries written in other languages. The 100% Pure
JavaTM Product Certification Program has a repository of historical
processmanuals,whitepapers,brochures,andsimilarmaterialsonline.

49
  Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independentbytecodes,they runconsistentlyonanyJavaplatform.
 Distribute software more easily: You can upgrade applets easily from a central
server.Applets take advantage of the feature of allowing new classes to be loaded “on
thefly,”without recompilingthe entireprogram.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became ade factostandard for
Windows programs to interface with database systems, programmers had to use proprietary
languages for each database they wanted to connect to. Now, ODBC has made the choice of the
database system almost irrelevant from a coding perspective, which is as it should be. Application
developers have much more important things to worry about than the syntax that is needed to port
theirprogramfromonedatabasetoanotherwhenbusinessneedssuddenlychange.
Through the ODBC Administrator in Control Panel, you can specify the particular database
thatis associatedwithadatasource thatan ODBCapplicationprogram iswrittento use. Thinkof an ODBC
data source as a door with a name on it. Each door will lead you to a particular database. For
example, the data source named Sales Figures might be a SQL Server database, whereas the
Accounts Payable datasourcecould refer to an Access database. The physical database referred to by
adatasourcecan reside anywhereon the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they are
installedwhenyousetupaseparatedatabaseapplication,suchasSQLServerClientorVisual
Basic4.0.WhentheODBCiconisinstalledinControlPanel,itusesafilecalled ODBCINST.DLL. It is also
possible to administer your ODBC data sources through a stand-alone program called
ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program and each maintains a
separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be written
to use the same set of function calls to interface with any data source, regardless of the database
vendor.Thesourcecodeoftheapplicationdoesn’tchangewhetherittalkstoOracleorSQL Server. We only
mention these two as an example. There are ODBC drivers available for several
dozenpopulardatabasesystems.EvenExcelspreadsheetsandplaintextfilescanbeturnedinto

50
data sources. The operating system uses the Registry informationwrittenbyODBC Administratorto
determine which low-level ODBC drivers are needed to talk to the data source (such as the interface
to Oracle or SQL Server). The loading of the ODBC drivers is transparent to the ODBC application
program. In a client/server environment, the ODBC API even handles many of the network
issuesforthe application programmer.
The advantagesof thisschemearesonumerousthatyouareprobablythinkingtheremust be some
catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to the native
database interface. ODBC has had many detractors make the charge that it is too slow. Microsoft has
always claimed that the critical factor in performance is the quality of the driver
softwarethatisused.Inourhumbleopinion,thisistrue.TheavailabilityofgoodODBCdrivers has improved
a great deal recently. And anyway, the criticism about performance is somewhat
analogoustothosewhosaidthatcompilerswouldnevermatchthespeedofpureassembly language. Maybe
not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs,whichmeansyoufinishsooner.Meanwhile,computersgetfastereveryyear.

JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides aconsistent interface to avarietyof RDBMSs.This consistentinterface is
achieved through the use of “plug-in” database connectivity modules, or drivers. If a database vendor
wishes to have JDBC support, he or she must provide the driver for each platform that the database
and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms. Basing
JDBConODBCwill allowvendorstobringJDBCdriverstomarketmuchfasterthandeveloping a
completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Becauseof user input, the final JDBC v1.0 specification was released soonafter.

51
The remainderof thissectionwillcoverenoughinformationaboutJDBCforyoutoknowwhatit is about and
how to use it effectively. This is by nomeans a complete overview of JDBC. That would fill an entire
book.

JDBCGoals
Fewsoftwarepackagesaredesignedwithoutgoalsinmind.JDBCisonethat,becauseof its many
goals, drove the development of the API. These goals, in conjunction with early reviewer feedback,
have finalized the JDBC class library into a solid framework for building database applications in
Java.
The goals that were set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC are as
follows:

1. SQLLevelAPI
ThedesignersfeltthattheirmaingoalwastodefineaSQLinterfaceforJava.Although not the lowest
database interface level possible, it is at a low enough level for higher-level tools
andAPIstobecreated.Conversely,itisatahighenoughlevelforapplicationprogrammers
touseitconfidently.Attainingthisgoalallowsforfuturetoolvendorsto“generate”JDBC code
andtohidemanyof JDBC’scomplexitiesfromtheend user.
2. SQLConformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to
supportawidevarietyofvendors,JDBCwillallow anyquerystatementtobepassedthrough
ittotheunderlyingdatabasedriver.Thisallowstheconnectivitymoduletohandlenon-
standardfunctionality in amannerthatissuitableforits users.
3. JDBC must be implemental on top of common database interfaces
TheJDBCSQLAPImust“sit”ontopofothercommonSQLlevelAPIs.Thisgoal
allowsJDBCtouseexistingODBCleveldriversbytheuseofasoftwareinterface.This
interfacewouldtranslateJDBCcallstoODBCandviceversa.
4. ProvideaJavainterfacethatisconsistentwiththerestoftheJavasystem
Because of Java’s acceptance in the user community thus far, the designers feel that they
shouldnotstray fromthecurrentdesignof thecore Javasystem.

52
 5. Keepitsimple
This goal probably appears in all software design goal listings. JDBCis no exception.Sun felt
that the designofJDBCshould be very simple, allowingforonly one methodof completing a task
per mechanism. Allowing duplicate functionality only serves to confuse the users of the API.
6. Usestrong,statictypingwhereverpossible
Strong typing allows for more error checking to be done at compile time; also, less error
appear at runtime.
7. Keepthecommoncasessimple
Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to perform
withJDBC.However,morecomplexSQLstatementsshouldalsobepossible.

Compilationhappensjust once; interpretationoccurseach timetheprogramisexecuted.The figure

illustrates how this works.

JavaProgram Interpreter

Compilers My Program

You can thinkof Java byte codes as the machine codeinstructions for the Java Virtual Machine
(JavaVM).EveryJavainterpreter,whetherit’saJavadevelopmenttooloraWebbrowserthat can run Java
applets, is an implementation of the JavaVM. The JavaVM can also be implemented in hardware.

53
Java byte codes help make “writeonce, run anywhere” possible. You can compileyour Java program
into byte codes on my platform thathas a Javacompiler. The bytecodes can then be run any
implementation of the Java VM. For example, the same Java program can run Windows NT, Solaris,
and Macintosh.

Networking

TCP/IPstack

TheTCP/IPstackisshorterthantheOSIone:

TCPisaconnection-orientedprotocol;UDP(UserDatagramProtocol)isaconnectionless protocol.

IPdatagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers each datagram
independently of the others. Any association between datagram must be supplied by thehigher layers.
The IP layer supplies a checksum that includes itsown header. The header includes
thesourceanddestinationaddresses.TheIPlayerhandlesroutingthroughanInternet.Itisalso

54
responsible for breaking up large datagraminto smaller ones for transmission and reassemblingthem
at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the contents of the
datagramandportnumbers.Theseareusedto giveaclient/servermodel-seelater.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a virtual
circuitthattwo processescan use tocommunicate.

Internetaddresses

In order to use a service, you must be able to find it. The Internet uses an address scheme for
machinesso that they can belocated.The addressisa 32bit integerwhich givestheIPaddress.
Thisencodesa network IDandmore addressing. The network IDfallsinto variousclasses according to
the size of thenetwork address.

Networkaddress

Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B uses
16bitnetworkaddressing.ClassCuses24bitnetworkaddressingandclassDuses all32.

Subnetaddress

Internally, the UNIX network is divided into sub networks. Building 11 is currently on one sub
networkand uses10-bitaddressing,allowing1024differenthosts.

Hostaddress

8bitsarefinallyusedforhostaddresseswithinoursubnet.Thisplacesalimitof256machines that can be on

the subnet.

55
 Totaladdress

The32bitaddressisusuallywrittenas4integersseparatedbydots.

Portaddresses

A serviceexistson ahost, andis identifiedby itsport. Thisis a16bitnumber.To send amessage to a

server,you sendit to the port for that service of thehost that itisrunningon. Thisisnot
locationtransparency!Certainof theseportsare"well known".

Sockets

A socket is a data structure maintained by the system to handle network connections. A socket is
created using the call socket. It returnsan integer that islike a filedescriptor. In fact,underWindows,
this handle can be used with Read Fileand Write Filefunctions.

#include
<sys/types.h>#include<sys/soc
ket.h>
intsocket(intfamily,inttype,intprotocol);

Here "family" will be AF_INET for IP communications, protocol will be zero, and type will depend on
whetherTCPor UDPisused. Two processeswishing tocommunicate overanetworkcreate asocket each.
These are similar to two ends ofapipe- but the actual pipe does notyetexist.

56
 JFreeChart

JFreeChart is a free 100% Java chart library that makes it easy for developers to display
professionalqualitychartsintheirapplications.JFreeChart'sextensivefeaturesetincludes:
Aconsistentandwell-documentedAPI,supportingawiderangeofcharttypes;
A flexible design that is easy to extend, and targets both server-side and client-side applications;
Support for many output types, including Swing components, image files (including PNG and
JPEG),andvectorgraphicsfileformats(includingPDF, EPSandSVG);
JFreeChartis"opensource"or,morespecifically,freesoftware.Itisdistributedundertheterms of the GNU
Lesser General PublicLicence(LGPL),which permits use in proprietary applications.

1. MapVisualizations
Charts showing values that relate to geographical areas. Some examples include: (a) population
density in each state of the United States, (b) income per capita for each country in Europe, (c) life
expectancyineachcountryof theworld.Thetasksin thisprojectinclude:
Sourcing freely redistributable vector outlines for the countries of the world, states/provinces in
particularcountries(USAinparticular,butalsootherareas);
Creating an appropriate dataset interface (plus default implementation), a rendered, and integrating
this with the existingXYPlot class in JFreeChart;
Testing,documenting,testingsomemore,documentingsomemore.

2. TimeSeriesChartInteractivity
Implement a new (to JFreeChart) feature for interactive time series charts --- to display a separate
control that shows a small version of ALL the time series data, with a sliding "view" rectangle that
allowsyoutoselectthesubsetofthe timeseriesdatatodisplayinthemainchart.

3. Dashboards
Thereiscurrently alotof interest in dashboarddisplays.Createaflexibledashboardmechanism that
supports a subset of JFreeChart chart types (dials, pies, thermometers, bars, and
lines/timeseries)thatcanbedeliveredeasilyviaboth JavaWebStart andan applet.

57
4. PropertyEditors
ThepropertyeditormechanisminJFreeChartonlyhandlesasmallsubsetofthepropertiesthat can be set for
charts. Extend (or reimplement) this mechanism to provide greater end-user control over the
appearance of the charts.

J2ME(Java2Microedition):-

SunMicrosystemsdefinesJ2MEas"ahighlyoptimizedJavarun-timeenvironmenttargetinga wide range of

consumer products, including pagers, cellular phones, screen-phones, digital set-top
boxesandcarnavigationsystems."AnnouncedinJune1999attheJavaOneDeveloper Conference, J2ME
brings the cross-platform functionality of the Java language to smaller devices, allowing mobile
wireless devices to share applications. With J2ME, Sun has adapted the Java
platformforconsumerproductsthatincorporateorarebasedonsmallcomputingdevices.
1. GeneralJ2MEarchitecture

58
J2ME uses configurations and profiles to customize the Java Runtime Environment (JRE). As a
completeJRE,J2MEiscomprisedof a configuration,which determinesthe JVMused, anda profile,
which defines the application by adding domain-specific classes. The configuration defines
thebasicrun-timeenvironmentasasetofcoreclassesandaspecificJVMthatrunonspecific types of devices.
We'll discuss configurations in detail in the The profile defines the application; specifically, it adds
domain-specific classes to the J2ME configuration to define certain uses for
devices.We'llcoverprofilesindepthintheThefollowinggraphicdepictstherelationship
betweenthedifferentvirtualmachines,configurations,andprofiles.Italsodrawsaparallelwith the
J2SEAPIanditsJavavirtualmachine.While the J2SEvirtual machineisgenerally referred to as a JVM,
the J2ME virtual machines, KVM and CVM, are subsets of JVM. Both KVM and CVM
canbethoughtofasakindofJavavirtualmachine--it'sjustthattheyareshrunkenversionsof the J2SE JVM
and are specific to J2ME.

2. DevelopingJ2MEapplications

Introduction In this section, we will go over some considerations you need to keep in mind when
developing applications for smaller devices. We'll take a look at the way the compiler is invoked
when using J2SE to compile J2ME applications. Finally, we'llexplore packaging and deployment
andthe role preverification playsin this process.

3. Designconsiderationsforsmalldevices

Developingapplicationsforsmalldevicesrequiresyoutokeepcertainstrategiesinmindduring the design

phase. It is best to strategically design an application for a small device before you begin coding.
Correctingthecode becauseyoufailed to considerallof the"gotchas" beforedeveloping
theapplicationcanbeapainfulprocess.Herearesomedesignstrategiestoconsider:
* Keep it simple. Remove unnecessary features, possibly making those features a separate,
secondary application.
* Smaller is better. This consideration should be a "no brainer" for all developers. Smaller
applications use less memory on the device and require shorter installation times.
ConsiderpackagingyourJavaapplicationsascompressedJavaArchive(jar)files.

59
* Minimize run-time memory use. To minimize the amount of memory used at run time, use scalar
typesinplaceofobjecttypes.Also,donotdependonthegarbagecollector.Youshouldmanage thememory
efficientlyyourself by settingobjectreferencestonullwhenyouarefinishedwith them.Anotherway to
reduce run-timememory is to uselazy instantiation,only allocatingobjects onan as-
neededbasis.Otherwaysof reducingoverall andpeakmemory useonsmalldevicesare to release
resourcesquickly,reuseobjects,andavoidexceptions.

4. Configurationsoverview
Theconfiguration definesthebasicrun-timeenvironmentasasetof coreclassesandaspecific JVM that run
on specific types of devices. Currently, two configurations exist for J2ME, though others may be
defined in the future:
* Connected Limited Device Configuration (CLDC)is used specifically with theKVMfor16- bit or
32-bit devices with limited amounts of memory. This is the configuration (and the virtual machine)
used for developing small J2ME applications. Its size limitations make CLDC more interesting and
challenging (from a development point of view) than CDC. CLDC is also the configuration that we
will use for developing our drawing tool application. An example of a small
wirelessdevicerunningsmallapplicationsisaPalmhand-heldcomputer.

* Connected Device Configuration (CDC) is used with the C virtual machine (CVM) and is used
for32-bitarchitecturesrequiringmorethan2MBofmemory.Anexampleofsuchadeviceisa Net TV box.

5. J2MEprofiles
WhatisaJ2MEprofile?
As we mentioned earlier in this tutorial, a profile defines the type of device supported. The Mobile
Information Device Profile (MIDP), for example, definesclassesfor cellular phones. It addsdomain-
specific classes to the J2ME configuration to define uses for similar devices. Two profiles have
beendefinedforJ2ME and are built uponCLDC: KJava andMIDP.Both KJava andMIDP are
associated with CLDC and smaller devices. Profiles are built on top of configurations. Because
profiles are specific to the size of the device (amount of memory) on which an application runs,
certainprofilesare associatedwithcertainconfigurations.

60
A skeleton profile upon which you can create your own profile, the Foundation Profile, is available
for CDC.
Profile1:KJava
KJavais Sun's proprietary profile and contains theKJava API. The KJava profile is built on top of the
CLDC configuration. The KJava virtual machine, KVM, accepts the same byte codes and class file
format as the classic J2SE virtual machine. KJava contains a Sun-specific API that runs on the Palm
OS. The KJava API has a great deal in common with the J2SE Abstract Windowing Toolkit (AWT).
However, because it is not a standard J2ME package, its main package is com.sun.kjava. We'll learn
more about the KJava API later in this tutorial when we develop some sample applications.
Profile2:MIDP
MIDP is geared towardmobile devices such as cellularphones and pagers. The MIDP,like
KJava,isbuiltuponCLDCandprovidesastandardrun-timeenvironmentthatallowsnewapplications
andservicesto be deployeddynamicallyon enduserdevices.MIDPisa common,industry- standard
profile for mobile devices that is not dependent on a specific vendor. It is a complete and
supportedfoundation formobile application
development. MIDP contains the following packages, the first three of which are core CLDC
packages, plus three MIDP-specific packages.
* java.lang
* java.io
* java.util
* javax.microedition.io
* javax.microedition.lcdui
* javax.microedition.midlet
* javax.microedition.rms

61
 CONCLUSION
The major goal of this paper is to adapt the lattice-based PHS in order to integrate it into the
symmetric-PAKEconstruction,obtainingtheround-optimalasymmetric-PAKEbasedonSPHF. To
achieve this goal, we show how to instantiate Pedersen-like PHS using the commitment of Cabarcas
et al. [38]. In addition, once obtained the lattice-based PHS, then we show how to find a
solutiontointegratethePHSintothesymmetric-PAKEprotocolwhilemaintainingsecurity against
quantum computer attacks. Importantly, the existing lattice-based SPHF-based symmetric- PAKE
could be transformed into in the asymmetric-PAKE using our PHS, such as [25], [19], [27], [28],
[48]. As a next step in this line of research we leave the question of how to check the password policy
when the password was hashed by password-hashing approaches in the asymmetric-PAKE setting,
and we will continue to explore how to design more applications lattice based PAKE for emerging
applications.

62
 REFERENCES
[1] G.Hatzivasilis,“Password-hashingstatus,”Cryptography,vol.1,no.2,p.10.
[2] J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano, “The ques to replace passwords: A
framework for comparative evaluation of web authentication schemes,” in Proc. IEEE SP 2012.IEEE
Computerociety, 2012, pp. 553–567.
[3] I.Haitner,E.Omri,andH.Zarosim,“Limitsontheusefulnessofrandomoracles,”J.
Cryptology,vol.29,no.2,pp.283–335,2016.keyforjohndoe:modelinganddesigning
anonymouspasswordauthenticatedkeyexchangeprotocols,”IEEETrans.DependableSec.
Comput.,2019, DOI:10.1109/TDSC.2019.2919013.
[5] M. Shirvanian, N. Saxena, S. Jarecki, and H. Krawczyk, “Building and studying a
passwordstorethatperfectly hidespasswordsfromitself,”IEEE Trans. DependableSec.Comput.,vol.16,
no. 5, pp. 770–782, 2019.
[6] W. Li, X. Li, J. Gao, and H. Y. Wang, “Design of secure authenticated key managementprotocol
for cloud computing environments,” IEEE Trans. Dependable Sec. Comput., 2019,
DOI:10.1109/TDSC.2019.2909890.
[7] P. Liu,S.Li,andQ.Ding,“An energy-efficientacceleratorbasedonhybridCPU-FPGA
devicesforpasswordrecovery,”IEEETrans.Computers,vol.68,no.2,pp.170–181,2019.
[8] Q. Yang, K. Xue, J. Xu, J.Wang, F. Li, and N. Yu, “Anfra: Anonymous and fast roaming
authentication forspaceinformationnetwork,”IEEE Trans.Inf. Forensics Security,vol. 14,no. 2,
pp.486–497,2019.
[9] Z.Ba,Z. Qin,X. Fu, andK.Ren,“CIM: camera inmotion forsmartphone authentication,”
IEEETrans.Inf.ForensicsSecurity,vol.14,no.11,pp.2987–3002,2019.
[10] L. Wu, J. Wang, K. R. Choo, and D. He, “Secure key agreement and key protection for mobile
device user authentication,”IEEE Trans.Inf.Forensics Security,vol. 14, no.2, pp. 319–330, 2019.
[11] Q. Xie, D. S.Wong, G.Wang, X. Tan, K. Chen, and L. Fang,“Provably secure dynamic id- based
anonymous two-factor authenticated key exchange protocol with extended security model,”
IEEETrans.Inf.ForensicsSecurity,vol.12,no.6,pp. 1382–1392,2017.
[12] J. Katz, R. Ostrovsky, and M. Yung, “Efficient password authenticated key exchange using
human-memorablepasswords,”inProc.EUROCRYPT2001,pp.475–494.
[13] R.Gennaro andY.Lindell,“Aframeworkforpassword-basedauthenticatedkeyexchange,” in Proc.
EUROCRYPT 2003, pp. 524–543.

63
[14] S. M. Bellovin and M. Merritt, “Encrypted key exchange: password based protocols secure
againstdictionaryattacks,”inProc.IEEES&P1992, pp.72–84.
[15] S. M. Bellovin and M. Merritt, “Augmented encrypted key exchange: A password -based
protocol secureagainstdictionaryattacksandpasswordfilecompromise,”inProc.ACMCCS 1993, pp.
244–250.
[16] C. Gentry, P. D. MacKenzie, and Z. Ramzan, “A method for making password -based key
exchangeresilienttoservercompromise,”inProc.CRYPTO2006,pp.142–159.
[17] F. Benhamouda and D.Pointcheval, “Verifier-based passwordauthenticatedkey
exchange:Newmodelsandconstructions,”CryptologyePrintArchive,Report2013/833,
https://eprint.iacr.org/2013/833.
[18] F. Kiefer and M. Manulis, “Zero-knowledge password policy checks and verifier-
basedPAKE,”inProc.ESORICS2014,pp.295–312,https://eprint.iacr.org/2014/242.pdf.
[19] Z. Zhang, K. Yang, X. Hu, and Y. Wang, “Practical anonymous password authentication and
TLSwithanonymousclientauthentication,”inProc.ACMSIGSACCCS2016,pp.1179–1191.
[20] C. S. Jutla and A. Roy, “Smooth NIZK arguments,” in Proc. TCC 2018, Part I, 2018, pp. 235–
262, https://eprint.iacr.org/2016/233.
[21] D. Pointcheval and G. Wang, “VTBPEKE: verifier-based twobasis password exponential key
exchange,” in Proc. (ACM) AsiaCCS 2017, pp. 301–312, https://www.di.ens.fr/david.pointcheval/
Documents/Papers/2017 asiaccsB.pdf.
[22] S. Jarecki, H. Krawczyk, and J. Xu, “OPAQUE: an asymmetric PAKE protocol secure against
pre-computationattacks,”in Proc.EUROCRYPT2018,pp.456–486.
[23] P. Dupont, J. Hesse, D. Pointcheval, L. Reyzin, and S. Yakoubov, “Fuzzy password-
authenticatedkeyexchange,”inProc.EUROCRYPT2018,pp.393–424.
[24] B. Haase and B. Labrique, “Aucpace: Efficient verifier-based PAKE protocol tailored for the
iiot,” IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2019, no. 2, pp. 1–48, 2019,
https://eprint.iacr.org/2018/286.pdf.
[25] J.KatzandV.Vaikuntanathan,“Smoothprojectivehashingandpassword-based authenticated key
exchange from lattices,” in Proc. ASIACRYPT 2009, pp. 636–652,
https://www.cs.umd.edu/_jkatz/papers/lattice-PAK.pdf.

64