Post on 03-Jun-2018
8/12/2019 Enhanced security for online Exam
1/82
Enhanced Security for Online Exam Using GroupCryptography
Complete Proposal:
Development of the Web has contributed to the growth of Internet learning and online
exams, Internet and Online exams have not been extensively adopted. An Internet based
exam is defined in this project as one that ta e place over the unsure of yourself web, and
where no proctor is in the same place as the examinees. !y project propose an improved
safe filled Internet exam organi"ation setting mediated by group cryptography methods
using distant monitoring and control of ports and input. #he objective domain of this
project is that of Internet exams for any subject$s contest in any level of %ducation, as
well as exams in online university courses with students in various different locations.
&roject proposes a trouble'free solution to the issue of security and cheating for online
exams. #his solution uses an enhanced in the On line E xam sa fety organi"ed system
which is based on group cryptography with e'monitoring methods
Existing System
Different dishonest patterns exists in present organi"ation together with photocopying the
answers of others, inter'changing answers, penetrating the web for answers, using the
information and software saved on the student$s computer and discussing the exam by
mailing system, phone, or immediate messaging or using (igbee etc.
Disadvantages
)* +tages of contact between teachers and students decreases.
* #he tendency to copy in the online exams and cheat by students increases.
-* #he system must rely on students$ sincerity, honesty or their having an reputation
code
Proposed System
8/12/2019 Enhanced security for online Exam
2/82
&roject introduces a clarification to the issue of safety and cheating for web based exams.
#his solution uses an enhanced sa fety organi"e system in the On line E xam which is
based on collection based cryptography with an e'monitoring methodologies.
#he cryptography supports superior safety organi"es for the web exam process, as well as
validation and veracity. #he e'monitoring provides a proctor role to distinct location
examinees to prevent copying and cheating over the internet based online examination
systems, and thus removes the prere uisite of having to go to a permanent location. #he
target of this project is web based exams of any type and exams in online university
courses with students at distinct locations.
&roject undergoes administer an internet based examination at a static time with the same
uestions for all examinees, just li e an off'line exam, but without restricting the physical
place of the examinees. #his system enable many inds of tests to be given online, it can provide teachers with well again evaluation principles for students and may put in to
improving the uality of education.
Advantages
)* web based exam management system having some monitoring method to prevent
and to detect cheating and copying
* Without regard to position and time.
-* Avoid intercepting or interfering with communications during an exam conductedthrough web.
Soft are !e"uirements
/ Operating system 0' Windows 1& &rofessional
/ 2ront %nd 0' 3isual +tudio 445, A+&.net, 67
/ 8ac end 0' +9: +erver 44;
#ard are !e"uirements
/ +D DI+? 0 @4 8
8/12/2019 Enhanced security for online Exam
3/82
/ >A! 0 ;) !8
Pro$ect Plans and %ethods &nvolved:
The modules involved are:
Administrator
Key Generation
Student Exam Modules
Results and Reports
Video Conference and Desktop Capturing
Administrator:-
In t is module Administrator is a!ing t e task to manage t e information
a"out t e Examiners# $roctors and students and e can also add# update or
delete t e information a"out t e Examination centers and t e candidates
applying for t e exams t roug internet% Also sc edule t e information a"out
t e exams and generate keys using Asymmetric algorit ms accessing t e
&uestion papers upload "y different type of examiners ' o are uploading&uestion papers to t e data"ase and e can also add t e marks for t e
student after completion of t eir exams% (ere key management plays a !ital
role in pro!iding security and safety to t e online examination processes%
Admin 'ill encrypt t e ans'er upload "y t e examiners ' o are preparing
online exams using AES algorit m%
Key Generation:-
In t is module Admin as t e 'ork to sc edule t e information a"out t e
Exams and e is a"le to send pu"lic and pri!ate keys to t e students "ased
on t e re&uested sc edule in order to generate keys 'e user group key
generator "ased algorit ms in t is application t is module place a role of
identifying t e student attending t e exam using p oto comparisons and a"le
8/12/2019 Enhanced security for online Exam
4/82
to monitor t e systems ' ere students are access t e online examination
application "y desktop capturing mec anism%
Students Exam Modules:-
In t is module student can c eck t e information pro!ided "y t e
administrator pu"lic keys and pri!ates% )y using keys e is a"le login
to t e exam 'indo' can ans'er t e &uestion% Immediately after exam
starts a !ideo conference "et'een examiners and students to identify
t e "e a!iors of t e students and capturing of images for e!ery * to +
seconds in order to identify t e genuinely of t e student at t e time of
results% All t e ,S) $orts of t e C%$%, are disa"ling in order to a!oid
copying of ans'ers from t ird party de!ices% An interface is de!eloping
in suc a 'ays ' ic a!oids access of key"oard and ot er menus of
-perating system%
Results and Reports:-
. is module contains all t e information a"out t e results generated
"y t e Administrator and a lot rank cards to t e students "ased on
t eir "e a!iors and performance during t e online examination% Admin
can generate reports "ased on grades allotted "y online examination
system
Video Conferen e and !es"top Capturin#
. is module contains all t e information a"out Video conference
"et'een student and examiner t ese * modules 'ill "e automatically
initiali/ed immediately after starting up t e application 0-nline
Examination systems1 a li!e !ideo 'ill "e telecasted of student and
8/12/2019 Enhanced security for online Exam
5/82
sa!e to t e student data"ase to t e ser!er% . e e!ents and "e a!iors
of t e student during t e online exam process
Resear h Methods:
2% 3ogging4client registers is5 er personal data 6login# pass'ord7
a% confirmation is taking place after su"mitting data
"% aut entication error is signali/ed "y fault message
c% if aut entication doesn8t return error# user is allo'ed tosystem
*% Managing students 9 called "y examiner
a% inspector adds# remo!es and modifies students data%
"% if examiner did not insert re&uired data 6login# pass'ord#and image 'ill uploaded to t e ser!er data"ase at t e timeof registration7 else system returns error message
c% if data is registered and users enter all !alid information'it !alid data correctly# accepting message is "eings o'n
+% $reparing exams
a% examiner is permitted to decide categories and num"er of&uestions from indi!idual exam
"% examiner adds t e amount of correct ans'ers 6in :7re&uired to pass t e exam and ans'ers entered "yexaminer 'ill "e encrypted using AES5DES algorit m topro!ide security to t e ans'ers from ackers or intruders%
c% examiner sets time and sc edule of exam
;% Acti!ating Exam
a% Examiner acti!ate exam using a pu"lic and pri!ate keygenerated "y t e examiners so t at students can run it%
8/12/2019 Enhanced security for online Exam
6/82
8/12/2019 Enhanced security for online Exam
7/82
lapses of t e existing electronic4examination structure 'it t e aim ofameliorating and emergent a ne' satisfactory e4Exam system t attakes care of t e existing system8s c allenges and safety measureslapses% Students t at participated in t e online exams 'ere c osen forinter!ie' and &uestionnaire% )ased on t e examination of t e
inter!ie's and study of t e existing electronic online test andexamination system# some anomalies 'ere exposed and a ne' e4exams system 'as de!eloped to 'ipe out t ese anomalies% . e ne'system uses data encryption in order to protect t e &uestions sent tot e e4Examination center t roug t e internet or intranet and a !ideoconference "ased de!ices are connected to a!oid c eating in t e onlineexamination process% -nline examination as "een ig ly payingattention and appropriate in "ot learning and educational aspects%. e "est met od to e!aluate t e a"ility and kno'ledge of an indi!idualis t roug examination process% .o t is conclusion# !arious met ods
as "een in 'ork in examining t e capa"ility of an personality# startingfrom manual means of using paper and pencil to electronic# fromspoken to 'rite# practical to t eoretical and many ot ers%. e current information tec nology 'ay of examining students is t euse of electronic systems in position of manual or paper tec ni&ue' ic 'as c aracteri/ed "y uge examination leakages#impersonations# demand for satisfaction "y teac ers# inducement4taking "y super!isors and in!igilators of examinations%
. ere is a rising "ody of in!estigation is focused on mounting
impro!ed 'ays to super!ise e4exams met ods and e4learning systems%Some of t is researc focused on a !ariety of section of t e systemand t ese includes Sc ramm looked at a e4learning 'e" "asedsystem t at could simply offer and grade mat ematical &uestions 'itinFnite lack of complaint% . erefore it needs t e a"ility for in andoutput of numerical formulas# t e dynamic generation of plots and t egeneration of random 'ords and statistics%. is is 'e" "ased onlineexamination sc eme# t e system carry out t e test and auto4gradingfor students exams% . e system facilitates conducting exams#collection of ans'ers# auto marking t e su"missions and manufacture
of reports for t e exam% It supports many kinds of &ueries% It 'as usedt roug online and is t erefore suita"le for "ot limited and distantexamination% . e system could assist lecturers# instructors# teac ersand ot ers ' o are prepared to create ne' exams or edit presentedones as 'ell as students participating in t e exams
8/12/2019 Enhanced security for online Exam
8/82
'iterature Survey:
(raud and Cheating control:
>esearch is on case study that describes the researchers$ attempts to article and stop
frauds and cheating on their web based exams. #hey present facts of their hard wor to
decrease both the probability and force of cheating on'line. +uggestions are offered that
are planned to provide direction for others wishing to pursue web based online exams in
their classes over the past several years, a number of academics have espoused the value
of using on'line exams in classes as opposed to the face'to'face paper exams that are
traditionally given in the college classroom. !ost often, on'line exams are used in
conjunction with a distance'learning course where all the course material is administered
on'line. #heoretically, however, many of the benefits associated with using online exams
in a distance e'learning course should also be present if on'line exams are used in a more
traditional course. #his paper used on'line exams in just that style. Although we teachdivide sections of lessons that get together face'to'face twice a wee , and decided to
explore the possibility of administering web based online exams to our learners on'line.
#he possible remuneration of doing this are many and comprise ever'increasing grading
correctness, minimi"ing the grading time, and provided that students with instant
feedbac . &ossibly even more importantly, web based internet exams can free of charge
up time in class to pursue other nowledge behaviors. In most lessons, the time available
always seems to run out earlier than the amount of main material that re uirements to be
covered. If exams are ta en out of the classroom and administer over the web, then many
instructors would find four or more extra class session in which they could cover added
material. Or, they may wish to cover the same amount of information to be shared to the
students attending online exams, but cover it in better depth. As this paper will essay, we
establish all of these profit and more when administering our exams web based exams.
8/12/2019 Enhanced security for online Exam
9/82
While I am very pleased with our first nowledge, a irritating uestion persisted. Bamely,
i concerned that student may have been cheating or doing fraud on the exams, and that
the cheating and fraud may have been widespread. As such, i too a number of steps to
aim to notice any cheating on the web baesd exams. In adding, I too a amount of steps
to try to minimi"e the impact of whatever cheating did occur that did not get detected. In
the sections that follow, we will first describe our course and learning environment in
detail. Additionally, we will see to document many of the ways that students could
potentially cheat on on'line exams. 2urthermore, we will outline the specific steps we
too to detect it and minimi"e its impact. #o conclude, we will share some of our positive
experiences with on'line testing in general, and will outline additional steps we plan to
ta e in the future to improve their effectiveness in the classroom. 8efore describing the
various means of cheating on the exam, it is important for us to discuss our testing protocol so that it is clear what students are and are not allowed to do. At the beginning
of every exam, we include a paragraph that reads in part, C#his is not an open boo or
open notes exam. #his exam is to be ta en during the allotted time period without the aid
of boo s, notes, or other students.
8/12/2019 Enhanced security for online Exam
10/82
the opportunity that students have to utili"e inappropriate material. If our exams had no
time limit, the temptation to avoid studying and rely instead on loo ing up answers
during the exam would be greater. 8y providing only forty'five seconds per uestion, we
limit the students$ ability to engage in this. We also tend to as lengthy, application'based
uestions. #hese uestions ta e more time to process and are more difficult to loo up in
the textboo because the answers re uire a synthesis of information as opposed to a
simple recitation of a fact. While we could ta e this one step further and re uire essay
uestions, we have not pursued that yet, but may do so in the future. #iming the tests also
ma es it more difficult for students to collaborate during the exam. We add a further
level of difficulty to any attempt at collaboration by scrambling the order of the test
uestions on each exam. #his prevents students from simply as ing each other the answer
to uestion six, for example, because the uestion order will be different on each exam.In a similar vein, we also ta e steps to minimi"e the li elihood that someone other than
the student is ta ing the exam. One of the primary ways we do this is to have multiple
assignments due during the course of the semester. In a typical semester, each student
will need to submit over twenty separate assignments on'line. Although it may be
relatively easy for them to get help on one of them or even a few of them, it will be
considerably tougher and G or more costly to find someone willing to complete every
on'line activity for them.
8/12/2019 Enhanced security for online Exam
11/82
O,E!A'' ASSESS%E*) O( O*-'&*E E.A%S
Overall, we are uite pleased with the impact that using on'line exams has had in our
classes. 8y using this method, we have freed up three entire class periods worth of time.
We have used this time to have class discussions that were more in'depth and focused
than time normally allowed. We have also been able to add more group activities and
experiences that re uire students to ta e some of the theoretical concepts we discuss in
class and apply them to their personal lives. +tudent satisfaction with this approach has
been high. Bot only do the students enjoy the flexibility of ta ing the exams at a time that
is convenient for them, they also report learning more in the classroom. 8ecause we are
able to use experiential exercises in class that we did not have time to use before, they
also report greater satisfaction with the material. It is more meaningful to them because
they have internali"ed more of it. #his would be more difficult to accomplish if we werenot able to free up class time by using on'line exams. On'line exams would not be
possible if we did not have cheating under control. 8y ta ing the steps we have to detect
cheating and minimi"e its impact, we have been able to ta e class exams offline
and have had a more rewarding classroom experience for our students. We are very
encouraged by the initial results.
(U)U!E S)EPS
While this study does help provide some insight as to how to detect cheating and
minimi"e its impact, the wor in this area is just beginning. As more and more academics
decide to explore the possibility of using this form of testing, additional steps need to be
ta en to ensure that cheating is minimi"ed. As such, it is important that further research
be devoted to this crucial topic. One area ripe for further exploration is to underta e
additional steps to enhance the testing protocol that is used. As an example, some schools
have reported success in having students formally sign honor codes before ta ing exams.
It may be beneficial to see what impact this might have in an online testing environment.
Another potentially promising area that we plan to explore is to loo at whether or not
student personality characteristics might influence their propensity to cheat. We are
currently collecting data on such variables as student self'efficacy and self'esteem to see
whether or not there might be a significant relationship between them and subse uent
8/12/2019 Enhanced security for online Exam
12/82
cheating on exams. #o conclude, we encourage other instructors to engage in this field of
research. #he benefits of using online exams are numerous, but until teachers and
administrators can be reasonably assured that cheating is not rampant, they will not be
fully utili"ed in the classroom and many of these benefits will go unreali"ed. 8y
continuing to explore the topic of cheating on online exams, the problem can be further
minimi"ed and the general classroom experience can be enhanced.
Group Cryptograp y
Exam Groups
8/12/2019 Enhanced security for online Exam
13/82
Algorithms:
#he D%+ FData %ncryption +tandard* algorithm is the most widely used encryptionalgorithm in the world. 2or many years, and among many people, Hsecret code ma ingHand D%+ have been synonymous. And despite the recent coup by the %lectronic 2rontier2oundation in creating a 4,444 machine to crac D%+'encrypted messages, D%+ willlive on in government and ban ing for years to come through a life' extending versioncalled Htriple'D%+.H
=ow does D%+ wor J #his article explains the various steps involved in D%+'encryption,illustrating each step by means of a simple example. +ince the creation of D%+, manyother algorithms Frecipes for changing data* have emerged which are based on design
principles similar to D%+. Once you understand the basic transformations that ta e placein D%+, you will find it easy to follow the steps involved in these more recent algorithms.
8ut first a bit of history of how D%+ came about is appropriate, as well as a loo towardthe future.
)he DES Algorithm &llustrated
D%+ is a block cipher ''meaning it operates on plaintext bloc s of a given si"e FK@'bits*and returns ciphertext bloc s of the same si"e. #hus D%+ results in a permutation among
8/12/2019 Enhanced security for online Exam
14/82
the LK@ Fread this as0 H to the K@th powerH* possible arrangements of K@ bits, each ofwhich may be either 4 or ). %ach bloc of K@ bits is divided into two bloc s of - bitseach, a left half bloc ' and a right half ! . F#his division is only used in certainoperations.*
Example: :et % be the plain text message % M 4) -@;KN5 A86D%2, where % is inhexadecimal Fbase )K* format. >ewriting % in binary format, we get the K@'bit bloc oftext0
% M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4))))' M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4)))! M )444 )44) )4)4 )4)) ))44 ))4) )))4 ))))
#he first bit of % is H4H. #he last bit is H)H. We read from left to right.
D%+ operates on the K@'bit bloc s using key si"es of ;K' bits. #he eys are actually storedas being K@ bits long, but every 5th bit in the ey is not used Fi.e. bits numbered 5, )K, @,- , @4, @5, ;K, and K@*. =owever, we will nevertheless number the bits from ) to K@,going left to right, in the following calculations. 8ut, as you will see, the eight bits justmentioned get eliminated when we create sub eys.
Example: :et / be the hexadecimal ey / M )--@;NN 886D22). #his gives us as the binary ey Fsetting ) M 444), - M 44)), etc., and grouping together every eight bits, ofwhich the last one in each group will be unused*0
/ M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444)
#he D%+ algorithm uses the following steps0
Step 0: Create 01 su23eys4 each of hich is 56-2its long7#he K@'bit ey is permuted according to the following table, PC-0 . +ince the first entry inthe table is H;NH, this means that the ;Nth bit of the original ey / becomes the first bit ofthe permuted ey / P. #he @ th bit of the original ey becomes the second bit of the
permuted ey. #he @th bit of the original ey is the last bit of the permuted ey. Boteonly ;K bits of the original ey appear in the permuted ey.
8/12/2019 Enhanced security for online Exam
15/82
PC-1
57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4
Example: 2rom the original K@'bit ey
/ M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444)
we get the ;K'bit permutation
/ P M ))))444 4))44)) 44)4)4) 4)4)))) 4)4)4)4 )4))44) )44)))) 444))))
Bext, split this ey into left and right halves, C 0 and D 0, where each half has 5 bits.
Example: 2rom the permuted ey / P, we get
C 0 M ))))444 4))44)) 44)4)4) 4)4)))) D 0 M 4)4)4)4 )4))44) )44)))) 444))))
With C 0 and D 0 defined, we now create sixteen bloc s C n and D n, )QMnQM)K. %ach pairof bloc s C n and D n is formed from the previous pair C n-1 and D n-1 , respectively, for n M ),
, ..., )K, using the following schedule of Hleft shiftsH of the previous bloc . #o do a left
shift, move each bit one place to the left, except for the first bit, which is cycled to theend of the bloc .
Iteration Number of Number Left Shifts
1 1 2 1 3 2 4 2 5 2 6 2 7 2
8 2 9 1 10 2 11 2 12 2 13 2 14 2 15 2 16 1
8/12/2019 Enhanced security for online Exam
16/82
#his means, for example, C 3 and D 3 are obtained from C 2 and D 2, respectively, by two leftshifts, and C 16 and D 16 are obtained from C 15 and D 15, respectively, by one left shift. In allcases, by a single left shift is meant a rotation of the bits one place to the left, so that afterone left shift the bits in the 5 positions are the bits that were previously in positions ,-,..., 5, ).
Example: 2rom original pair C 0 and D 0 we obtain0
C 0 M ))))4444))44))44)4)4)4)4)))) D 0 M 4)4)4)4)4))44))44))))444))))
C 1 M )))4444))44))44)4)4)4)4))))) D 1 M )4)4)4)4))44))44))))444))))4
C 2 M ))4444))44))44)4)4)4)4)))))) D 2 M 4)4)4)4))44))44))))444))))4)
C 3 M 4444))44))44)4)4)4)4)))))))) D 3 M 4)4)4))44))44))))444))))4)4)
C 4 M 44))44))44)4)4)4)4))))))))44 D 4 M 4)4))44))44))))444))))4)4)4)
C 5 M ))44))44)4)4)4)4))))))))4444 D 5 M 4))44))44))))444))))4)4)4)4)
C 6 M 44))44)4)4)4)4))))))))4444))
D 6 M )44))44))))444))))4)4)4)4)4)
C 7 M ))44)4)4)4)4))))))))4444))44 D 7 M 4))44))))444))))4)4)4)4)4))4
C 8 M 44)4)4)4)4))))))))4444))44)) D 8 M )44))))444))))4)4)4)4)4))44)
C 9 M 4)4)4)4)4))))))))4444))44))4 D 9 M 44))))444))))4)4)4)4)4))44))
C 10 M 4)4)4)4))))))))4444))44))44) D 10 M ))))444))))4)4)4)4)4))44))44
C 11 M 4)4)4))))))))4444))44))44)4) D 11 M ))444))))4)4)4)4)4))44))44))
C 12 M 4)4))))))))4444))44))44)4)4) D 12 M 444))))4)4)4)4)4))44))44))))
8/12/2019 Enhanced security for online Exam
17/82
C 13 M 4))))))))4444))44))44)4)4)4) D 13 M 4))))4)4)4)4)4))44))44))))44
C 14 M )))))))4444))44))44)4)4)4)4) D 14 M )))4)4)4)4)4))44))44))))444)
C 15 M )))))4444))44))44)4)4)4)4))) D 15 M )4)4)4)4)4))44))44))))444)))
C 16 M ))))4444))44))44)4)4)4)4)))) D 16 M 4)4)4)4)4))44))44))))444))))
We now form the eys K n, for )QMnQM)K, by applying the following permutation table toeach of the concatenated pairs C n D n. %ach pair has ;K bits, but PC-8 only uses @5 ofthese.
PC-2
14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32
#herefore, the first bit of K n is the )@th bit of C n D n, the second bit the )Nth, and so on,ending with the @5th bit of K n being the - th bit of C n D n.
Example: 2or the first ey we have C 1 D 1 M )))4444 ))44))4 4)4)4)4 )4))))))4)4)4) 4))44)) 44))))4 44))))4
which, after we apply the permutation PC-8 , becomes
K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4
2or the other eys we have
K 2 M 4))))4 4))4)4 )))4)) 4))44) ))4))4 ))))44 )44))) )44)4)
K 3 M 4)4)4) 4))))) ))44)4 44)4)4 4)4444 )4))44 )))))4 4))44) K 4 M 4)))44 )4)4)4 ))4))) 4)4))4 ))4))4 ))44)) 4)4)44 4)))4) K 5 M 4))))) 44)))4 ))4444 444))) )))4)4 ))4)4) 44)))4 )4)444 K 6 M 4))444 )))4)4 4)4)44 )))))4 4)4)44 444))) )4))44 )4)))) K 7 M )))4)) 44)444 4)44)4 ))4))) ))))4) )4444) )444)4 ))))44 K 8 M ))))4) )))444 )4)444 )))4)4 ))4444 4)44)) )4)))) )))4)) K 9 M )))444 44))4) )4)))) )4)4)) )))4)) 4))))4 4))))4 44444) K 10 M )4))44 4))))) 44))4) 444))) )4)))4 )44)44 4))44) 44))))
8/12/2019 Enhanced security for online Exam
18/82
K 11 M 44)444 4)4)4) )))))) 4)44)) ))4))) )4))4) 44)))4 444))4 K 12 M 4)))4) 4)4))) 444))) ))4)4) )44)4) 444))4 4))))) )4)44) K 13 M )44)4) ))))44 4)4))) 4)444) )))))4 )4)4)) )4)44) 44444) K 14 M 4)4))) ))4)44 44)))4 ))4))) ))))44 )4)))4 4)))44 )))4)4 K 15 M )4)))) )))44) 444))4 44))4) 44)))) 4)44)) ))))44 44)4)4
K 16 M ))44)4 ))44)) ))4))4 44)4)) 4444)) )4444) 4))))) ))4)4)
+o much for the sub eys. Bow we loo at the message itself.
Step 8: Encode each 15-2it 2loc3 of data7
#here is an initial permutation &P of the K@ bits of the message data % . #his rearrangesthe bits according to the following table, where the entries in the table show the newarrangement of the bits from their initial order. #he ;5th bit of % becomes the first bit of&P. #he ;4th bit of % becomes the second bit of &P. #he Nth bit of % is the last bit of &P.
IP
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
Example: Applying the initial permutation to the bloc of text % , given previously, weget
% M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4))))&P M ))44 ))44 4444 4444 ))44 ))44 )))) )))) )))) 4444 )4)4 )4)4 )))) 4444 )4)4)4)4
=ere the ;5th bit of % is H)H, which becomes the first bit of &P. #he ;4th bit of % is H)H,which becomes the second bit of &P. #he Nth bit of % is H4H, which becomes the last bitof &P.
Bext divide the permuted bloc &P into a left half L 0 of - bits, and a right half 0 of - bits.
Example: 2rom &P, we get L 0 and 0
L 0 M ))44 ))44 4444 4444 ))44 ))44 )))) )))) 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4
8/12/2019 Enhanced security for online Exam
19/82
We now proceed through )K iterations, for )QM nQM)K, using a function ! which operateson two bloc s''a data bloc of - bits and a ey K n of @5 bits''to produce a bloc of -
bits. 'et 9 denote .O! addition4 2it-2y-2it addition modulo 8; . #hen for n goingfrom ) to )K we calculate
L n M n-1 n M L n-1 P ! F n-1 , K n*
#his results in a final bloc , for n M )K, of L 16 16 . #hat is, in each iteration, we ta e theright - bits of the previous result and ma e them the left - bits of the current step. 2orthe right - bits in the current step, we 1O> the left - bits of the previous step with thecalculation ! .
Example: 2or n M ), we have
K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4
L 1 M 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4 1 M L0 P ! F 0, K 1*
It remains to explain how the function ! wor s. #o calculate ! , we first expand each bloc n-1 from - bits to @5 bits. #his is done by using a selection table that repeats some ofthe bits in n-1 . WeRll call the use of this selection table the function E . #hus EF n-1 * has a- bit input bloc , and a @5 bit output bloc .
:et E be such that the @5 bits of its output, written as 5 bloc s of K bits each, are obtained by selecting the bits in its inputs in order according to the following table0
E BIT-SELECTION TABLE
32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1
#hus the first three bits of EF n-1 * are the bits in positions - , ) and of n-1 while thelast bits of EF n-1 * are the bits in positions - and ).
Example: We calculate EF 0* from 0 as follows0
0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4)
FBote that each bloc of @ original bits has been expanded to a bloc of K output bits.*
8/12/2019 Enhanced security for online Exam
20/82
Bext in the ! calculation, we 1O> the output EF n-1 * with the ey K n0
K n P EF n-1 *.
Example: 2or K 1 , EF 0*, we have
K 1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4)
K 1PEF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))).
We have not yet finished calculating the function ! . #o this point we have expanded n-1 from - bits to @5 bits, using the selection table, and 1O>ed the result with the ey K n .We now have @5 bits, or eight groups of six bits. We now do something strange with eachgroup of six bits0 we use them as addresses in tables called H S 2oxes H. %ach group of six
bits will give us an address in a different S box. :ocated at that address will be a @ bitnumber. #his @ bit number will replace the original K bits. #he net result is that the eight
groups of K bits are transformed into eight groups of @ bits Fthe @'bit outputs from the S boxes* for - bits total.
Write the previous result, which is @5 bits, in the form0
K n P EF n-1 * M " 1 " 2 " 3 " 4 " 5 " 6 " 7 " 8,
where each " i is a group of six bits. We now calculate
# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 %
where # i $" i % referres to the output of the i 'th S box.
#o repeat, each of the functions #1& #2&'''& #8, ta es a K'bit bloc as input and yields a @' bit bloc as output. #he table to determine # 1 is shown and explained below0
S1
Column Number
Row
No. 0 1 2 3 4 5 6 ! " 10 11 12 13 14 15
0 14 4 13 1 2 15 11 ! 3 10 6 12 5 " 0
1 0 15 4 14 2 13 1 10 6 12 11 " 5 3 ! 2 4 1 14 ! 13 6 2 11 15 12 " 3 10 5 0
3 15 12 ! 2 4 " 1 5 11 3 14 10 0 6 13
If # 1 is the function defined in this table and " is a bloc of K bits, then # 1$"% isdetermined as follows0 #he first and last bits of " represent in base a number in thedecimal range 4 to - For binary 44 to ))*. :et that number be i . #he middle @ bits of " represent in base a number in the decimal range 4 to ); Fbinary 4444 to ))))*. :et that
8/12/2019 Enhanced security for online Exam
21/82
number be ( . :oo up in the table the number in the i 'th row and ( 'th column. It is anumber in the range 4 to ); and is uni uely represented by a @ bit bloc . #hat bloc is theoutput # 1$"% of # 1 for the input " . 2or example, for input bloc " M 4))4)) the first bit isH4H and the last bit H)H giving 4) as the row. #his is row ). #he middle four bits areH))4)H. #his is the binary e uivalent of decimal )-, so the column is column number )-.
In row ), column )- appears ;. #his determines the outputS ; is binary 4)4), so that theoutput is 4)4). =ence # 1F4))4))* M 4)4).
#he tables defining the functions # 1 &''' 8 are the following0
S1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
S2
15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
S3
10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
S4
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
S5
2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
S6
12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
S
8/12/2019 Enhanced security for online Exam
22/82
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
S!
13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
Example: 2or the first round, we obtain as the output of the eight S boxes0
K 1 P EF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))).
# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 % M 4)4) ))44 )444 44)4 )4)) 4)4))44) 4)))
#he final stage in the calculation of ! is to do a permutation P of the S 'box output toobtain the final value of ! 0
! MPF # 1$" 1 %# 2$" 2 %'''# 8$" 8 %*
#he permutation P is defined in the following table. P yields a - 'bit output from a - 'bitinput by permuting the bits of the input bloc .
P
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
Example: 2rom the output of the eight S boxes0
# 1$" 1 %# 2$" 2 %# 3$" 3 %# 4$" 4 %# 5$" 5 %# 6 $" 6 %# 7 $" 7 %# 8$" 8 % M 4)4) ))44 )444 44)4 )4)) 4)4))44) 4)))
we get
! M 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4))
1 M L0 P ! F 0 , K 1 *
8/12/2019 Enhanced security for online Exam
23/82
M ))44 ))44 4444 4444 ))44 ))44 )))) ))))P 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4))M )))4 )))) 4)44 )4)4 4))4 4)4) 4)44 4)44
In the next round, we will have L 2 M 1, which is the bloc we just calculated, and then
we must calculate 2 M L 1 ) !$ 1 & K 2 %, and so on for )K rounds. At the end of the sixteenthround we have the bloc s L 16 and 16 . We then re*er+e the order of the two bloc s intothe K@'bit bloc
16 L 16
and apply a final permutation &P-0 as defined by the following table0
IP -1
40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
#hat is, the output of the algorithm has bit @4 of the preoutput bloc as its first bit, bit 5as its second bit, and so on, until bit ; of the preoutput bloc is the last bit of the output.
Example: If we process all )K bloc s using the method defined previously, we get, onthe )Kth round,
L 16 M 4)44 44)) 4)44 44)4 44)) 44)4 44)) 4)44 16 M 4444 )4)4 4)44 ))44 ))4) )44) )44) 4)4)
We reverse the order of these two bloc s and apply the final permutation to
16 L 16 M 4444)4)4 4)44))44 ))4))44) )44)4)4) 4)4444)) 4)4444)4 44))44)444))4)44
, -1 M )4444)4) )))4)444 444)44)) 4)4)4)44 4444)))) 4444)4)4 )4))4)4444444)4)
which in hexadecimal format is
5;%5)-;@424A8@4;.
#his is the encrypted form of % M 4) -@;KN5 A86D%20 namely, C M5;%5)-;@424A8@4;.
8/12/2019 Enhanced security for online Exam
24/82
Decryption is simply the inverse of encryption, follwing the same steps as above, butreversing the order in which the sub eys are applied.
DES %odes of Operation
#he D%+ algorithm turns a K@'bit message bloc % into a K@'bit cipher bloc C . If eachK@'bit bloc is encrypted individually, then the mode of encryption is called .lectronicCo/e "ook F%68* mode. #here are two other modes of D%+ encryption, namely Chain
"lock Co/in F686* and Cipher ee/back F628*, which ma e each cipher blocdependent on all the previous messages bloc s through an initial 1O> operation.
Crac3ing DES
8efore D%+ was adopted as a national standard, during the period B8+ was solicitingcomments on the proposed algorithm, the creators of public ey cryptography, !artin=ellman and Whitfield Diffie, registered some objections to the use of D%+ as an
encryption algorithm. =ellman wrote0 HWhit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault,may be extremely vulnerable to attac by an intelligence organi"ationH Fletter to B8+,October , ) N;*.
Diffie and =ellman then outlined a Hbrute forceH attac on D%+. F8y Hbrute forceH ismeant that you try as many of the L;K possible eys as you have to before decryptingthe ciphertext into a sensible plaintext message.* #hey proposed a special purposeHparallel computer using one million chips to try one million eys eachH per second, andestimated the cost of such a machine at 4 million.
2ast forward to ) 5. Ender the direction of Tohn ilmore of the %22, a team spent4,444 and built a machine that can go through the entire ;K'bit D%+ ey space in anaverage of @.; days. On Tuly )N, ) 5, they announced they had crac ed a ;K'bit ey in;K hours. #he computer, called Deep 6rac , uses N boards each containing K@ chips, andis capable of testing 4 billion eys a second.
Despite this, as recently as Tune 5, ) 5, >obert :itt, principal associate deputy attorneygeneral at the Department of Tustice, denied it was possible for the 28I to crac D%+0H:et me put the technical problem in context0 It too )@,444 &entium computers wor ingfor four months to decrypt a single message . . . . We are not just tal ing 28I and B+AUneeding massive computing powerV, we are tal ing about every police department.H
>esponded cryptograpy expert 8ruce +chneier0 H . . . the 28I is either incompetent orlying, or both.H +chneier went on to say0 H#he only solution here is to pic an algorithmwith a longer eyS there isnRt enough silicon in the galaxy or enough time before the sun
burns out to brute' force triple'D%+H F Crypto-Gram , 6ounterpane +ystems, August );,) 5*.
)riple-DES
8/12/2019 Enhanced security for online Exam
25/82
#riple'D%+ is just D%+ with two ;K'bit eys applied. iven a plaintext message, the firstey is used to D%+' encrypt the message. #he second ey is used to D%+'decrypt the
encrypted message. F+ince the second ey is not the right ey, this decryption justscrambles the data further.* #he twice'scrambled message is then encrypted again withthe first ey to yield the final ciphertext. #his three'step procedure is called triple'D%+.
#riple'D%+ is just D%+ done three times with two eys used in a particular order. F#riple'D%+ can also be done with three separate eys instead of only two. In either case theresultant ey space is about L)) .*
!SA Overvie :
Generating Pu2lic and Private /eys2irst, as we mentioned above, before any transmission happens, the +erver had
calculated its public and secret eys. =ere is how.
).)* pic two prime numbers, weRll pic p M - and M ))). * calculate n M p M - )) M --).-* calculate " M F p ' ) * F ' ) * M F - ' ) * F )) ' ) * M 4).@* choose a prime number , such that is co'prime to ", i.e, " is not divisible
by . We have several choices for 0 N, )), )-, )N, ) Fwe cannot use ;, because4 is divisible by ;*. :etRs pic MN Fsmaller , Hless mathH*.
).;* +o, the numbers n M -- and M N become the +erverRs public ey.).K* Bow, still done in advance of any transmission, the +erver has to calculate
itRs secret ey. =ere is how.).N* j M ) F mod " *).5* N j M ) F mod 4 *). * F N j * G 4 M J with the remainder of ) Fthe HJH here means0 Hsomething,
but donRt wory about itHS we are only interested in the remainder*. +ince weselected Fon purpose* to wor with small numbers, we can easily conclude that
) G 4 gives HsomethingH with the remainder of ). +o, N j M ), and j M -.#his is our secret ey. We !E+# BO# give this ey away.
Bow, after the +erver has done the above preparatory calculations in advance,we can begin our message transmission from our 8rowser to the +erver. 2irst,the 8rowser re uests from the +erver, the +erverRs public ey, which the +erverobliges, i.e., it sends nM-- and MN bac to the 8rowser. Bow, we said that the8rowser has a &lain message &M)@, and it wants to encrypt it, before sending itto the +erver. =ere is how the encryption happens on the 8rowser.
8/12/2019 Enhanced security for online Exam
26/82
Section 87 Encrypting the message=ere is the encryption math that 8rowser executes.
.)* & L M % F mod n *HLH means Hto the power ofH& is the &lain message we want to encryptn and are +erverRs public ey Fsee +ection )*% is our %ncrypted message we want to generate
After plugging in the values, this e uation is solved as follows0. * )@ L N M % F mod -- *
#his e uation in %nglish says0 raise )@ to the power of N, divide this by --,giving the remainder of %.
.-* )4;@)-;4@ G -- M -) @-@5.K4K Fwell, I lied when I said that this is H&enciland &aperH method only.
8/12/2019 Enhanced security for online Exam
27/82
8rowser started withX
Well thatRs about it. While we did not discuss the theory behind the formulaeinvolved I hope that you got at least a basic idea of how the public eycryptography using the >+A algorithm wor s.
57 DES&G*
570 An Overvie of Uml #he E!: is a language for
3isuali"ing
+pecifying
6onstructing
Documenting
#hese are the artifacts of a software'intensive system. #he three major elements of E!:
are0
#he E!:$s basic building bloc s
#he rules that dictate how those building bloc s may be put together.
+ome common mechanisms that apply throughout the E!:.
578 =asic =uilding =loc3s of Uml
#he vocabulary of E!: encompasses three inds of building bloc s0
#hings.
>elationships.
Diagrams.
57870 )hings in Uml
8/12/2019 Enhanced security for online Exam
28/82
#hey are the abstractions that are first'class citi"ens in a model. #here are four
inds of things in the E!:
+tructural things.
8ehavioral things.
rouping things.
Annotational things.
#hese things are the basic object oriented building bloc s of the E!:. #hey are
used to write well'formed models.
5787070 Structural things+tructural things are the nouns of the E!: models. #hese are mostly static parts
of the model, representing elements that are either conceptual or physical. In all, there are
seven inds of +tructural things.
Class
A class is a description of a set of objects that share the same attributes,
operations, relationships, and semantics. A class implements one or more interfaces.
raphically a class is rendered as a rectangle, usually including its name, attributes and
operations, as shown below.
Colla2oration
6ollaboration defines an interaction and is a society of roles and other elements
that wor together to provide some cooperative behavior that$s bigger than the sum of all
the elements. raphically, collaboration is rendered as an ellipse with dashed lines,
usually including only its name as shown below.
Main Dis tance Table
Link : StringDistance:Interger Cost:Interger Predecessor:StringSucessor:String
UpDate()
Chain ofResponsi$ility
8/12/2019 Enhanced security for online Exam
29/82
Use Case
Ese case is a description of a set of se uence of actions that a system performs
that yields an observable result of value to a particular thing in a model. raphically, Ese
6ase is rendered as an ellipse with dashed lines, usually including only its name as shown
below.
Active Class
An active class is a class whose objects own one or more processes or threads and
therefore can initiate control activity. raphically, an active class is rendered just li e a
class, but with heavy lines usually including its name, attributes and operations as shown
below.
5787078 =ehavioral things 8ehavioral #hings are the dynamic parts of E!: models. #hese are the verbs of a
model, representing behaviour over time and space.
&nteraction
An interaction is a behavior that comprises a set of messages exchanged among a
set of objects within a particular context to accomplish a specific purpose. raphically, a
message is rendered as a direct line, almost always including the name if its operation, as
shown below. Display
57878 !elationships in Uml
#here are four inds of relationships in the Eml
). Dependency
. Association
-. enerali"ation
@. >eali"ation
07 Dependency: #his is relationship between two classes whenever one class is
completely dependent on the other class. raphically the dashed line represents it with
arrow pointing to the class that it is being depended on.
8/12/2019 Enhanced security for online Exam
30/82
87 Association: It is a relationship between instances of the two classes. #here is an
association between two classes if an instance of one class must now about the other in
order to perform its wor . In a diagram, an association is a lin connecting two classes.
raphically it is represented by line as shown.
ation: An inheritance is a lin indicating one class is a super class of the
other. A generali"ation has a triangle pointing to the super class. raphically it is
represented by line with a triangle at end as shown.
57 !eali>ation:
5787< Diagrams in Uml
Diagrams play a very important role in the E!:. #he some of the modeling diagrams
as follows0
Ese 6ase Diagram.
6lass Diagram.
Object Diagram.
+e uence Diagram.
6ollaboration Diagram.
+tate 6hart Diagram.
Activity Diagram.
6omponent Diagram.
Deployment Diagram
,se case diagram
A use case diagram identifies the functionality provided by the system FEse cases*,identifies users who interact with system FActor* and provides association between users
and Ese cases. #hese models behavior of system with respect to users. It shows dynamic
aspects of the system when user interacts with the system. A Ese case can have all
8/12/2019 Enhanced security for online Exam
31/82
possible interaction of users with use cases graphically. #hus Ese case diagram models
use cases view of a system.
Definition
A Ese case diagram is a set of use cases, actors and relationships between them.
A use case diagram contains0
Ese cases.
Actors.
Association between them.
enerali"ation between Actors.
Include, extend, generali"ation, relationships.
8/12/2019 Enhanced security for online Exam
32/82
Use Case:
8/12/2019 Enhanced security for online Exam
33/82
8/12/2019 Enhanced security for online Exam
34/82
Deployment:
8/12/2019 Enhanced security for online Exam
35/82
State:7?
Class Diagram:Registration
name : Stringpass ord : StringP!otograp! : "#te
Connect D"() $dd Users()
Loginusername : StringPass ord : StringImage : "#te
$ut!enticate()%enerate&e#s()
'ome Pagepri ate&e# : StringSc!edule : Date
access*+am()ideoCon,erence()
desktopRestrict()
Marker studentDetails : Integer access-$
updateMarks()contact*+aminer()
ResultstudentIde+amDetails
getResult()get%rade()
Data (lo :
8/12/2019 Enhanced security for online Exam
36/82
An Introduction to .NET FrameworkAn Introduction to .NET FrameworkT!e .NET Framework is a Microso,t.s de elopment plat,orm
It o,,ers to de elop so,t are applications
It as released b# Microso,t Corporation in /00/ Later on se eral impro ements takeplace in 1*T 2rame ork3 !ic! makes it as muc! strong3 ad anced and more e,,icient
plat,orm ,or building di,,erent kinds o, so,t are applications
4!# it is called as 5plat,orm6 is3 it acts as plat,orm ,or multiple languages3 tools and
libraries
It o,,ers isuall# stunning user e+periences3 !ic! is mostl# re7uired toda#8s competiti e
programming orld
It o,,ers muc! ad anced securit# ,eatures ne er be,ore
Supports do9ens o, languages like C 3 ;" 1*T3 ;C
8/12/2019 Enhanced security for online Exam
37/82
1*T o,,ers a 2rame ork ,or building applications and !ig!>,idelit#
e+periences in 4indo s t!at blend toget!er application UI3 documents3 and media
content3 !ile e+ploiting t!e ,ull po er o, t!e computer 4P2 (4indo s Presentation
2oundation) o,,ers de elopers support ,or /D and ?D grap!ics3 !ard are accelerated
e,,ects3 scalabilit# to di,,erent ,orm ,actors3 interacti e data isuali9ation3 and superior
content readabilit#
Seam%ess and Secured En&ironment:
$pplication securit# is a big deal t!ese da#s@ per!aps t!e most closel#
e+amined ,eature o, an# ne application 1*T o,,ers its best secured en ironment at
run time So t!at it is !ig!l# impossible to access t!e 1*T application and its related
data b# t!e un>aut!ori9ed users A !ackers
T!e assem#%' (t!e compiled code o, 1*T ,rame ork) contains t!e
securit# in,ormation like !ic! categories o, users or !o can access t!e class or
met!od So t!at e can sa# t!at 1*T 2rame ork applications are muc! secured
T!e securit# can be impro ed in t!e $SP 1*T 4eb Sites b# Securit#
models like Integrated 4indo s $ut!entication3 Microso,t Passport $ut!entication3
2orms $ut!entication3 and Client Certi,icate aut!entication
(u%ti Language Support:1*T pro ides a multi>language de elopment plat,orm3 so #ou can ork
in t!e programming language #ou pre,er T!e 6ommon :anguage >untime FA
part of .B%# 2ramewor ) pro ides support ,or ? Microso,t de eloped languagesand se eral ot!er languages ,rom ot!er endors
Languages Supported #' .NET Framework
Languages )rom (icroso)t;isual C 1*T;isual "asic 1*T;isual C
8/12/2019 Enhanced security for online Exam
38/82
2ortran3'askell3B 3Mercur#3Mondrian3=beron3
P#t!on3IronP#t!on3RP%3Sc!eme3Small Talk3Standard ML
F%exi#%e "ata Access:
1*T 2rame ork supports ,le+ible accessibilit# o, database data it!
$D= 1*T ($cti e Data =b ects 1*T) $D= 1*T is a set o, classes t!at e+pose
data access ser ices to t!e 1*T programmer $D= 1*T pro ides a ric! set o,
components ,or creating distributed3 data>s!aring applications It is an integral part o,
t!e 1*T 2rame ork3 pro iding access to relational3 ML3 and application data
Modules of .NET
+. !,.NET -! S*arp.NET /-Language
It is !ig!l# used 1*T programminglanguage3 used b# most o, t!e 1*Tprogrammers
It borro s some programming,eatures ,rom 5C6 and some ot!er programming ,eatures ,rom 5C
8/12/2019 Enhanced security for online Exam
39/82
8/12/2019 Enhanced security for online Exam
40/82
5. 1indows App%ications
T!ese applications are designed similar to t!e 54indo s6 operating s#stem
&no n as % U I (%rap!ical User Inter,ace) applications
=,,ers grap!ical ,eatures like mouse pointer3 colors3 ,onts3 buttons3 te+t bo+es etc
6. 1indows Ser&ices
$ 4indo s ser ice is a long>running e+ecutable application
8/12/2019 Enhanced security for online Exam
41/82
T!ese can run onl# on indo s plat,orms
T!ese per,orm speci,ic ,unctions as background process
Doesn8t contain user inter,ace or doesn8t re7uire an# user interaction
4indo s ser ices can be con,igured to start !en t!e operating s#stemis booted and run in t!e background as long as 4indo s is running3 or t!e# can bestarted manuall# !en re7uired
*+amples:
i 4indo s Time
ii 4indo s $udio
iii $nti>;irus Securit#
i Database ser ices like S7l Ser er3 M# S7l3 =racle etc
IIS State Ser icesi "atter# Po er Suppl# Status on Laptops
etcTo see t!e all t!e installed indo s ser ices on t!e s#stem3 click on 5Start6 E5Control Panel6 E 5$dministrati e Tools6 E 5Ser ices6
http://en.wikipedia.org/wiki/Bootinghttp://en.wikipedia.org/wiki/Bootinghttp://en.wikipedia.org/wiki/Booting8/12/2019 Enhanced security for online Exam
42/82
7. 1e# Sites 8 1e# App%ications
T!ese are most ,re7uentl# used applications b# e er# internet literature
In modern li,e e er# business (commercial) A educational A ser ice orientedorgani9ations are !a ing t!eir o n eb sites
Some ot!er eb sites are o,,ering general purpose ser ices t!at can be used b#an#bod# like *>Mail3 Searc! *ngines3 and "logs etc
So3 t!ere is muc! demand ,or t!ese applications in modern so,t are de elopmentindustr#
In 1*T 2rame ork3 t!e eb sites can be de eloped using t!e tec!nolog# called $SP 1*T
*+:
i. http0GGwww.yahoo.comG
ii. http0GGwww.google.co.inGiii. http0GGwww.or ut.comG
iv. http0GGwww.hotmail.comG
9. 1e# Ser&ices
http://www.yahoo.com/http://www.google.co.in/http://www.orkut.com/http://www.hotmail.com/http://www.yahoo.com/http://www.google.co.in/http://www.orkut.com/http://www.hotmail.com/8/12/2019 Enhanced security for online Exam
43/82
4eb Ser ices are simple and eas# to understand
T!ese can be de eloped using again $SP 1*T
T!ese are also kno n as 5 eb applications6 similar to 5 eb sites6 "ut 4eb sitese+pose certain user inter,ace (in t!e ,orm o, eb pages) to t!e end>user@ 4ebser ices e+pose a certain programming logic !ic! can be accessed t!roug!anot!er eb site
*+amples:
i =nline s!opping re7uires credit card aut!entication
ii. a#/sms com accesses t!e mail ser ices o, Fa!oo and %mail
1*at we need to %earn .NET1*at we need to %earn .NETTo get started it! 1*T Programming3 t!e programmer must !a e pre ious
kno ledge in t!e ,ollo ing languages
!
(2or Procedural Programming *+perience)
! -or 220 ;now%edge
(2or =b ect =riented Programming *+perience)
S
8/12/2019 Enhanced security for online Exam
44/82
T!e remaining programmers ere using C or C
8/12/2019 Enhanced security for online Exam
45/82
8/12/2019 Enhanced security for online Exam
46/82
Remote use of a dedicated administrator connection -3E Automation system procedures System procedures for Data"ase Mail and SH3 Mail Ad oc remote &ueries 6t e -$ELR- SE. and -$ELDA.AS-,RCE functions7 SH3 Ser!er e" Assistant xp% mdshell a!aila"ility
. e features ena"led for !ie'ing are (..$ endpoints Ser!ice )roker endpoint
. e SH3 Ser!er Surface Area Configuration command4line interface# sac%exe# permitsyou to import and export settings% . is ena"les you to standardi/e t e configurationof a group of SH3 Ser!er *JJ< instances% Nou can import and export settings on aper4instance "asis and also on a per4ser!ice "asis "y using command4lineparameters% ?or a list of command4line parameters# use t e -& command4line option%Nou must a!e sysadmin pri!ilege to use t is utility% . e follo'ing code is an
example of exporting all settings from t e default instance of SH3 Ser!er on ser!er2and importing t em into ser!er*
sac out server1.out S server1 ! a"min I #SS$LS%&'%&
sac in server1.out S server2
en you upgrade an instance of SH3 Ser!er to SH3 Ser!er *JJ< "y performing anin4place upgrade# t e configuration options of t e instance are unc anged% ,seSH3 Ser!er Surface Area Configuration to re!ie' feature usage and turn off featurest at are not needed% Nou can turn off t e features in SH3 Ser!er Surface AreaConfiguration or "y using t e system stored procedure# sp% onfi#ure % (ere is anexample of using sp% onfi#ure to disallo' t e execution of xp% mdshell on a
SH3 Ser!er instance
(( )**o+ a"vance" o,tions to be chan-e".
% %/ s, confi-ure sho+ a"vance" o,tions 1
(( !,"ate the current* confi-ure" va*ue for a"vance" o,tions.
&%/ N I !&%
(( isab*e the feature.
% %/ s, confi-ure , cm"she** 0
(( !,"ate the current* confi-ure" va*ue for this feature.
&%/ N I !&%
G-
8/12/2019 Enhanced security for online Exam
47/82
In SH3 Ser!er *JJ
8/12/2019 Enhanced security for online Exam
48/82
en c oosing ser!ice accounts# consider t e principle of least pri!ilege% . e ser!iceaccount s ould a!e exactly t e pri!ileges t at it needs to do its o" and no morepri!ileges% Nou also need to consider account isolationB t e ser!ice accounts s ouldnot only "e different from one anot er# t ey s ould not "e used "y any ot er ser!iceon t e same ser!er% -nly t e first t'o account types in t e list a"o!e a!e "ot oft ese properties% Making t e SH3 Ser!er ser!ice account an administrator# at eit era ser!er le!el or a domain le!el# "esto's too many unneeded pri!ileges and s ouldne!er "e done% . e 3ocal System account is not only an account 'it too manypri!ileges# "ut it is a s ared account and mig t "e used "y ot er ser!ices on t esame ser!er% Any ot er ser!ice t at uses t is account as t e same set up pri!ilegesas t e SH3 Ser!er ser!ice t at uses t e account% Alt oug Let'ork Ser!ice asnet'ork access and is not a indo's superuser account# it is a s area"le account%. is account is usea"le as a SH3 Ser!er ser!ice account only if you can ensure t atno ot er ser!ices t at use t is account are installed on t e ser!er%
,sing a local user or domain user t at is not a indo's administrator is t e "estc oice% If t e ser!er t at is running SH3 Ser!er is part of a domain and must accessdomain resources suc as file s ares or uses linked ser!er connections to ot er
computers running SH3 Ser!er# a domain account is t e "est c oice% If t e ser!er isnot part of a domain 6for example# a ser!er running in t e perimeter net'ork 6alsokno'n as t e DMO7 in a e" application7 or does not need to access domainresources# a local user t at is not a indo's administrator is preferred%
Creating t e user account t at 'ill "e used as a SH3 Ser!er ser!ice account is easierin SH3 Ser!er *JJ< t an in pre!ious !ersions% en SH3 Ser!er *JJ< is installed# a
indo's group is created for eac SH3 Ser!er ser!ice# and t e ser!ice account isplaced in t e appropriate group% .o create a user t at 'ill ser!e as a SH3 Ser!erser!ice account# simply create an ordinary account t at is eit er a mem"er of t e,sers group 6non4domain user7 or Domain ,sers group 6domain user7% Duringinstallation# t e user is automatically placed in t e SH3 Ser!er ser!ice group and t egroup is granted exactly t e pri!ileges t at are needed%
If t e ser!ice account needs additional pri!ileges# t e pri!ilege s ould "e granted tot e appropriate indo's group# rat er t an granted directly to t e ser!ice useraccount% . is is consistent 'it t e 'ay access control lists are "est managed in
indo's in general% ?or example# t e a"ility to use t e SH3 Ser!er Instant ?ileInitiali/ation feature re&uires t at t e $erform Volume Maintenance .asks user rig ts"e set in t e Group $olicy Administration tool% . is pri!ilege s ould "e granted toSH3Ser!er*JJ
8/12/2019 Enhanced security for online Exam
49/82
SH3 Ser!er *JJ< re&uires t at t e ser!ice account a!e less pri!ilege t an inpre!ious !ersions% Specifically# t e pri!ilege Act As $art of t e -perating System6SEQ.C)QLAME7 is not re&uired for t e ser!ice account unless SH3 Ser!er *JJ< isrunning on t e Microsoft indo's Ser!er *JJJ S$; operating system% After doingan upgrade in place# use t e Group $olicy Administration tool to remo!e t ispri!ilege%
. e SH3 Ser!er Agent ser!ice account re&uires sysadmin pri!ilege in t eSH3 Ser!er instance t at it is associated 'it % In SH3 Ser!er *JJ
8/12/2019 Enhanced security for online Exam
50/82
"ot indo's accounts and SH3 Ser!er4specific accounts 6kno'n as SH3 logins7 arepermitted% en SH3 logins are used# SH3 login pass'ords are passed across t enet'ork for aut entication% . is makes SH3 logins less secure t an indo's logins%
It is a "est practice to use only indo's logins ' ene!er possi"le% ,sing indo'slogins 'it SH3 Ser!er ac ie!es single sign4on and simplifies login administration%$ass'ord management uses t e ordinary indo's pass'ord policies and pass'ordc ange A$Is% ,sers# groups# and pass'ords are managed "y system administratorsBSH3 Ser!er data"ase administrators are only concerned 'it ' ic users and groupsare allo'ed access to SH3 Ser!er and 'it aut ori/ation management%
SH3 logins s ould "e confined to legacy applications# mostly in cases ' ere t eapplication is purc ased from a t ird4party !endor and t e aut entication cannot "ec anged% Anot er use for SH3 logins is 'it cross4platform client4ser!er applicationsin ' ic t e non4 indo's clients do not possess indo's logins% Alt oug usingSH3 logins is discouraged# t ere are security impro!ements for SH3 logins inSH3 Ser!er *JJ
8/12/2019 Enhanced security for online Exam
51/82
*et or3 ConnectivityA standard net'ork protocol is re&uired to connect to t e SH3 Ser!er data"ase%. ere are no internal connections t at "ypass t e net'ork% SH3 Ser!er *JJ t t!name. e tF
&es,onse.&e"irect= +e*come.as, ?F
K K K K
KK
usin- S stemFusin- S stem./o**ectionsFusin- S stem./onfi-urationFusin- S stem. ataFusin- S stem.LinGFusin- S stem.BebFusin- S stem.Beb.Securit Fusin- S stem.Beb.!IFusin- S stem.Beb.!I.Atm*/ontro*sFusin- S stem.Beb.!I.Beb/ontro*sFusin- S stem.Beb.!I.Beb/ontro*s.Beb:artsFusin- S stem. m*.LinGFusin- S stem. ata.SG*/*ientFusin- S stem.Bin"o+s. ormsF
usin- S stem.Securit ./r ,to-ra,h Fusin- S stem.I Fusin- S stem. e tFusin- S stem. ia-nosticsF
,ub*ic ,artia* c*ass # % am E S stem.Beb.!I. :a-eH SG*/onnection cnF SG*/omman" cm"F SG* ata&ea"er "rF SG* ata)"a,ter a",F ata ab*e "tF static int &o+In"e F strin- cnstr >
Server>.F ruste" /onnection>trueF atabase>as,F F static b te M b tes >)S/II%nco"in- .)S/II. et; tes= Qero/oo* ?F ,rotecte" voi" :a-e Loa"= obJect sen"er %vent)r-s e? H
8/12/2019 Enhanced security for online Exam
65/82
username. e t > /onvert . oStrin-=SessionM username ?F strin- str > se*ect e amt ,e from *o-in +hereusername> R username. e t R F cn > ne+ SG*/onnection =cnstr?F cn. ,en=?F cm" > ne+ SG*/omman" =str cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H et ,e. e t > /onvert . oStrin-="r. et'a*ue=0??F
K "r./*ose=?F cn./*ose=?F
strin- sG*str > se*ect O from ne+Guestions +heresubJect> Ret ,e. e tR F cn > ne+ SG*/onnection =cnstr?F
a", > ne+ SG* ata)"a,ter =sG*str cn?F ataSet "s > ne+ ataSet =?F cn. ,en=?F a",. i**="s?F "t > "s. ab*esM0 F &o+In"e > 0F "is,*a =?F cn./*ose=?F K ,ub*ic static strin- ecr ,t= strin- cr ,te"Strin-? H if = Strin- .IsNu** r%m,t =cr ,te"Strin-?? H thro+ ne+ )r-umentNu**% ce,tion = he strin- +hich nee"s to be "ecr ,te" can notbe nu**. ?F K %S/r ,toService:rovi"er cr ,to:rovi"er > ne+
%S/r ,toService:rovi"er =?F #emor Stream memor Stream > ne+ #emor Stream = /onvert . rom;ase64Strin-=cr ,te"Strin-??F /r ,toStream cr ,toStream > ne+ /r ,toStream =memor Stream cr ,to:rovi"er./reate ecr ,tor=b tes b tes?/r ,toStream#o"e .&ea"?F Stream&ea"er rea"er > ne+ Stream&ea"er =cr ,toStream?F return rea"er.&ea" o%n"=?F K ,rivate voi" "is,*a =? H ata&o+ "ro+F "ro+ > "t.&o+sM&o+In"e F t tGno. e t > /onvert . oStrin-="ro+M1 ?F t t$ues. e t > /onvert . oStrin-="ro+M2 ?F
8/12/2019 Enhanced security for online Exam
66/82
t t/hoice1. e t > ecr ,t= /onvert . oStrin-="ro+M3 ??F t t/hoice2. e t > ecr ,t= /onvert . oStrin-="ro+M4 ??F t t/hoice3. e t > ecr ,t= /onvert . oStrin-="ro+M5 ??F t t/hoice4. e t > ecr ,t= /onvert . oStrin-="ro+M6 ??F
K ,rotecte" voi" btn,re /*ic 0F #essa-e;o .Sho+= )*rea" at irst $uestion ?F K "is,*a =?F
K ,rotecte" voi" btnNe /*ic se*ect ans+er from ne+Guestions +hereGno> Rva*R an" subJect> Ret ,e. e tR F cn > ne+ SG*/onnection =cnstr?F cn. ,en=?F cm" > ne+ SG*/omman" =sG*Guer cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H if =&a"io;uttonList1.Se*ecte"Item. e t >> /hoice1 ? H strin- str > t t/hoice1. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice1 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>
/hoice2 ? H strin- str > t t/hoice2. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice2 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>
/hoice3 ? H strin- str > t t/hoice3. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H
8/12/2019 Enhanced security for online Exam
67/82
#essa-e;o .Sho+= /orrect )ns+er /hoice3 ?F K K e*se if =&a"io;uttonList1.Se*ecte"Item. e t >>
/hoice4 ? H strin- str > t t/hoice4. e tF if =str.%Gua*s= ecr ,t="r. etStrin-=0???? H #essa-e;o .Sho+= /orrect )ns+er /hoice4 ?F K K K
&o+In"e RRF
if =&o+In"e >> "t.&o+s./ount? H &o+In"e > "t.&o+s./ount ( 1F btnSubmit.'isib*e > true F K "is,*a =?F
K ,rotecte" voi" btnSubmit /*ic
8/12/2019 Enhanced security for online Exam
68/82
names,ace Screen/a,tureH ,ub*ic ,artia* c*ass orm1 E orm H )vi#ana-er avi#ana-er > ne+ )vi#ana-er = out,ut.avifa*se ?F int ScreenBi"th > Screen .:rimar Screen.;oun"s.Bi"thF int ScreenAei-ht > Screen .:rimar Screen.;oun"s.Aei-htF 'i"eoStream aviStream > nu** F ,ub*ic orm1=? H Initia*iVe/om,onent=?F K ,ub*ic voi" startrecor"in-=? H
ra,hics -F ;itma, b > ne+ ;itma, =ScreenBi"th ScreenAei-ht?F
- > ra,hics . romIma-e=b?F -./o, romScreen= :oint .%m,t :oint .%m,tScreen .:rimar Screen.;oun"s.SiVe?F aviStream.)"" rame=b?F b. is,ose=?F K ,rivate voi" button1 /*ic ra,hics . romIma-e=bi?F -./o, romScreen= :oint .%m,t :oint .%m,tScreen .:rimar Screen.;oun"s.SiVe?F aviStream > avi#ana-er.)""'i"eoStream= true 4 bi?F bi. is,ose=?F F F timer1.%nab*e" > true F K ,rivate voi" button2 /*ic fa*se F avi#ana-er./*ose=?F K
,rivate voi" timer1 ic
8/12/2019 Enhanced security for online Exam
69/82
KK
usin- S stemFusin- S stem./o**ectionsFusin- S stem./onfi-urationFusin- S stem. ataFusin- S stem.LinGFusin- S stem.BebFusin- S stem.Beb.Securit Fusin- S stem.Beb.!IFusin- S stem.Beb.!I.Atm*/ontro*sFusin- S stem.Beb.!I.Beb/ontro*sFusin- S stem.Beb.!I.Beb/ontro*s.Beb:artsFusin- S stem. m*.LinGFusin- S stem. ata.SG*/*ientFusin- S stem.Bin"o+s. ormsFusin- S stem.Securit ./r ,to-ra,h Fusin- S stem.I Fusin- S stem. e tF
,ub*ic ,artia* c*ass )"min E S stem.Beb.!I. :a-e
H strin- cnstr >Server>.F ruste" /onnection>trueF atabase>as,F F
SG*/onnection cnF SG* ata&ea"er "rF strin- c1 c2 c3 c4 ansF static b te M b tes >)S/II%nco"in- .)S/II. et; tes= Qero/oo* ?F SG*/omman" cm"F int GnoF ,rotecte" voi" :a-e Loa"= obJect sen"er %vent)r-s e? H sessionName. e t > /onvert . oStrin-=SessionM username ?F
K ,rotecte" voi" btnSubmit /*ic
8/12/2019 Enhanced security for online Exam
70/82
cm" > ne+ SG*/omman" =sG*Guer cn?F "r > cm".% ecute&ea"er=?F if ="r.&ea"=?? H tr H Gno > /onvert . oInt16="r. et'a*ue=0??F Gno > Gno R 1F K catch = Inva*i"/ast% ce,tion e ? H #essa-e;o .Sho+=e .#essa-e?F K
K
c1 > %ncr ,t=t t/hoice1. e t?F
c2 > %ncr ,t=t t/hoice2. e t?F c3 > %ncr ,t=t t/hoice3. e t?F c4 > %ncr ,t=t t/hoice4. e t?F ans > %ncr ,t=t t)ns. e t?F "r./*ose=?F strin- Guer > insert into ne+Guestionsva*ues= R ro, o+nList1. e tR R/onvert . oStrin-=Gno?R Rt t$ues. e t R R c1 R R c2 R R c3 R R c4R R ans R ? F cm" > ne+ SG*/omman" =Guer cn?F cm".% ecuteNon$uer =?F #essa-e;o .Sho+= $uestion !,"ate" Succesfu** ?F
cn./*ose=?F
&es,onse.&e"irect= )"min.as, ?F
K ,ub*ic static strin- %ncr ,t= strin- ori-ina*Strin-? H if = Strin- .IsNu** r%m,t =ori-ina*Strin-?? H thro+ ne+ )r-umentNu**% ce,tion = he strin- +hich nee"s to be encr ,te" cannot be nu**. ?F K %S/r ,toService:rovi"er cr ,to:rovi"er > ne+
%S/r ,toService:rovi"er =?F #emor Stream memor Stream > ne+ #emor Stream =?F /r ,toStream cr ,toStream > ne+ /r ,toStream =memor Stream
8/12/2019 Enhanced security for online Exam
71/82
cr ,to:rovi"er./reate%ncr ,tor=b tes b tes?/r ,toStream#o"e .Brite?F StreamBriter +riter > ne+ StreamBriter =cr ,toStream?F +riter.Brite=ori-ina*Strin-?F +riter. *ush=?F cr ,toStream. *ush ina*;*oc
8/12/2019 Enhanced security for online Exam
72/82
8/12/2019 Enhanced security for online Exam
73/82
8/12/2019 Enhanced security for online Exam
74/82
8/12/2019 Enhanced security for online Exam
75/82
8/12/2019 Enhanced security for online Exam
76/82
8/12/2019 Enhanced security for online Exam
77/82
8/12/2019 Enhanced security for online Exam
78/82
8/12/2019 Enhanced security for online Exam
79/82
8/12/2019 Enhanced security for online Exam
80/82
8/12/2019 Enhanced security for online Exam
81/82
8/12/2019 Enhanced security for online Exam
82/82