Secure smart application on web application
ABSTRACT
The most important security services areconfidentiality, integrity, authentication, and non-repudiation.When designing a communication system, the security services ofthis system must be defined. The Public-Key Infrastructure(PKI) is a technology that can meet these security services withits techniques and standards. A PKI system works by having aCertificate Authority (CA) for issuing public-key certificates. Theaim of this work is to design and implement a CA system that cancreate and assign public key certificates. Hence, the systemenables secure communication and proper authentication.Besides the basic security requirements, the developed systemuses an approach that can contribute in facilitating therevocation of the certificates. It also gives these certificatesadditional security/performance advantage by using the EllipticCurve Cryptography (ECC) instead of the RSA cryptography.
Existing System:
The Internet provides an excellent vehicle for extending thescope of communication and business. As all information sentto the Internet is basically public, the need for securitybecomes critical. The most critical element of security might bethe ability to provide trust and confidence to transactions over
the Internet. To accommodate the scale of transactions acrossthe Internet, some of the few technologies that can accomplishthis include Public Key Infrastructure (PKI). PKI can beviewed as critical not only to the commercial sector but also tothe government sector. As a result, many aspects required for
successful PKI, such as insurance and legal aspects, have beengreatly improved. The Public-key system makes it possible fortwo parties to communicate securely without either having toknow or trust the other party. However, this is only possiblebecause a third party that both the other parties trust identifiesthem, and certifies that their keys are genuine [1].
Proposed System:
Besides the major security requirements that should becovered by the proposed CA system, the followingconsiderations have been also taken into account:
• Multi-level login includes the following levels: new-visitto the website, additional visits to check and update of thepersonnel Information, and entrance by authority staff(authorized employee).• Secure and easy way to update some of applicantinformation.• Secure and flexible way to handle the revocation of thedigital certificate by the applicant.The proposed system is a web application which consists ofthe following components: client tier, server tier, and Database
tier. Fig. 2 shows a general block diagram that illustrates thestructure of the proposed system. The users (applicants orauthority staff) can access the data on
the server through anypopular web browser (like Internet Explorer or Netscape). Tobuild this system a number of sub-programs were built usingseveral programming languages. In general, the presentation ofservices or the user interface logic is located on the clientmachine. The server logic is placed in the middle tier (servertier). The data services tier contains the database server. The
basic concept of the three tier model is partitioning the systemfunctionality into layers, so applications gain scalability andsecurity. The whole system operation can also be divided intothree main phases:
• Phase 1: The management of the digital certificate by theApplicant.
• Phase 2: The management of authenticating the applicantdata by Registration Authority staff.
• Phase 3: The management of the information in databaseby the Certification Authority staff.
The flow steps of the system.
MODULES:
- Server Module
- Encrypt Module
- Authentication Module
- User Module
Server Module:
The applicant can select one of the following fiveprocesses: create new certificate, activation of the certificate,update information, check status of the certificate, and revokethe certificate. Fig. 4 shows the flowchart of creating a newcertificate process. As a first step the applicant requests tocreate new certificate, the client computer sends this request toserver. After that the server will send the web-page "Authentication of the applicant identity" to the client computer.
Encrypt Module:
This module is used to help the server to encrypt the document using RSA Algorithm and to convert the encrypted document to the Zip file with activation code and then activation code send to the user for download.
Authentication Module:
The most important security services areconfidentiality, integrity, authentication, and non-repudiation.When designing a communication system, the security services ofthis system must be defined. The Public-Key
Infrastructure(PKI) is a technology that can meet these security services withits
techniques and standards. A PKI system works by having aCertificate Authority (CA) for issuing public-key certificates. Theaim of this work is to design and implement a CA system that cancreate and assign public key certificates. Hence, the systemenables secure communication and proper authentication.
User Module:
The applicant new submission is initially accepted bythe CA system, the system tells him/her to visit the same siteafter a period of time to check if the request was accepted orrejected. Once the applicant is informed through the"Activation of the Certificate" webpage about the acceptanceof the certificate request, the user can activate his/hercertificate and use the assigned private key. The "UpdateInformation" process is activated when the applicant wants toupdate some of his personnel information in the CA database.
Algorithm:
Digital signaturealgorithm (DSA):
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other Fcases where it is important to detect forgery or tampering.