Project
Content
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
1. INTRODUCTION OF THE PROJECT
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) [23] and the Secure Socket Layer (SSL) [21] are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth. For example, the data transmission overhead is 5 cycles/byte over an Intel Pentium II with the Linux IP stack alone, and the overhead increases to 58 cycles/byte when Advanced Encryption Standard (AES) is adopted for encryption/decryption for IPSec. Another alternative for security-enhanced data transmission is to dynamically route packets between each source and its destination so that the chance for system break-in, due to successful interception of consecutive packets for a session, is slim. The intention of securityenhanced routing is different from the adopting of multiple paths between a source and a destination to increase the throughput of data transmission .In particular, Lou et al. proposed a secure routing protocol to improve the security of end-to-end data transmission based on multiple path deliveries. The set of multiple paths between each source and its destination is determined in an online fashion, and extra control message exchanging is needed. Bohacek et al. proposed a secure stochastic routing mechanism to improve routing security. Similar to the work proposed by Lou et ala set of paths is discovered for each source and its destination in an online fashion based on message flooding. Thus, a mass of control messages is needed. Yang and
1 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Papavassiliou explored the trading of the security level and the traffic dispersion. They proposed a traffic dispersion scheme to reduce the probability of eavesdropped information along the used paths provided that the set of data delivery paths is discovered in advance. Although excellent research results have been proposed for security-enhanced dynamic routing, many of them rely on the discovery of multiple paths either in an online or offline fashion. For those online path searching approaches, the discovery of multiple paths involves a significant number of control signals over the Internet. On the other hand, the discovery of paths in an offline fashion might not be suitable to networks with a dynamic changing configuration. Therefore, we will propose a dynamic routing algorithm to provide security enhanced data delivery without introducing any extra control messages.
1.1
PROBLEM STATEMENT
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) and the Secure Socket Layer (SSL) are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth. For example, the data transmission overhead is 5 cycles/byte over an Intel Pentium II with the Linux IP stack alone, and the overhead increases to 58 cycles/byte when Advanced Encryption Standard (AES) is adopted for encryption/decryption for IPSec . The objective of this work is to explore a security-enhanced dynamic routing algorithm based on distributed routing information widely supported in existing networks. In general, routing protocols over networks could be classified roughly into two kinds: distance-vector algorithms and link-state algorithms. Distance-vector algorithms rely on the exchanging of distance information among neighboring nodes for
2
INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS the seeking of routing paths. Examples of distance-vector-based routing algorithms include RIP and DSDV. Link-state algorithms used in the Open Shortest Path First protocol are for global routing in which the network topology is known by all nodes. Our goal is to propose a distance-vector-based algorithm for dynamic routing to improve the security of data transmission.
1.2 EXISTING SYSTEM
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on securityenhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) and the Secure Socket Layer (SSL) are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth.
Disadvantages:
Number of Retransmission is high. Cost is high to implement a cryptographic technique. eavesdropping is easily occur.
1.3 PROPOSED SYSTEM
The objective of this work is to explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to
3 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets. The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. An analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
Advantages:
Cost is low compare to cryptographic technique. It’s applicable for wired and wireless networks. Number of retransmission is less.
1.3.1 MODULES
Topology Construction:
In this module, we construct a topology structure. Here we use mesh topology because the
of its unstructured nature. Topology is constructed by getting the names of the nodes and associated port and ip address is also obtained.
connections among the nodes as input from the user.While getting each of the nodes, their
For successive nodes, the node to which it should be connected is also accepted from the user. While adding nodes, comparison will be done so that there would be no node duplication.
Then we identify the source and the destinations.
4 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Nd oe
Ce k hc Aa b v ila le
Nd I f o eno
Aed lr a y Aa b v ila le
U d teN d pa oe If no
FIG-1 TOPOLOGY CONSTRUCTION
Random Path Selection Algorithm:
Randomization Process Consider the delivery of a packet with the destination t at a node Ni. In order to minimize the probability that packets are eavesdropped over a specific link, a randomization process for packet deliveries shown in Procedure 1 is adopted. In this process, the previous next hop hs (defined in HNi t of Table 1b) for the source node s is identified in the first step of the process (line 1). Then, the process randomly picks up a neighboring node in CNi t excluding hs as the next hop for the current packet transmission. The exclusion of hs for the next hop selection avoids transmitting two consecutive packets in the same link, and the randomized pickup prevents attackers from easily predicting routing paths for the coming transmitted packets. The number of entries in the history record for packet deliveries to destination nodes is jNj in the worst case. In order to efficiently look up the history record for a destination node, we maintain the history record for each node in a hash table. Before the current packet is sent to its destination node, we must randomly pick up a neighboring node excluding the used node for the
5 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS previous packet. Once a neighboring node is selected, by the hash table, we need Oð1Þ to determine whether the selected neighboring node for the current packet is the same as the one used by the previous packet.
N eoi o Lg d n
sl c e t e D tnto ei a n s i
cos hoe nx ps et o h
nx hp et os h
pt s a h
cm r ope a w p vu ih r i s t eo
nteul o qa
eul qa
u a p SELECT RANDOM PATH FIG-2.dte
MESSAGE TRANSMISSION:
In this module we transmit the message to the destination. Based on the random path selection algorithm here we transmit the message. For each packet transmission the path and the packets are updated in the routing table.
6 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
N eg ol i do n
sl c e t e D tn i n ei a s to
r n mt a oph d a
ph as t
ta m rn i s t msg ea s e
FIG-3.MESSAGE TRANSMISSION ROUTING TABLE MAINTENANCE:
In this module we can maintain the routing table; here we add one more column to maintain the packet delivery ratio. In this one we can maintain how many packets are transmitted over each path. It will be useful for to identify any path can handle number packets. We can stop transmission some amount of time period over that path. So the hacker cannot identify in which path the message is transmitted and also we can easily transmit the data securely.
7 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Lg o in
Ms a e es g tr n m s n a s is io
u d te pa p thd s a e tils
D B
FIG-4.RANDOM TABLE MAINTENANCE 1.4 SCOPE AND OBJECTIVE
The objective of this work is to explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets. The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks, over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. An analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
2. SOFTWARE REQUIRMENT SPECIFICATION
8 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
2.1 HARDWARE SPECIFICATION
The hardware used for the development of the project is: • • • • • • • SYSTEM FLOPPY DRIVE MONITOR MOUSE RAM KEYBOARD : Pentium IV 2.4 GHz : 1.44 MB : 15 VGA colour : Logitech. : 256 MB : 110 keys enhanced.
HARD DISK : 40 GB
2.2 SOFTWARE REQUIREMENTS
The software used for the development of the project is: • • • OPERATING SYSTEM FRONT END BACK END : Windows XP Professional
: JAVA : MS-Access
3.SYSTEM ANALYSIS
3.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put forth with a very general plan for the project and some cost estimates. During system analysis the feasibility study of the proposed system is to be carried out. This is to ensure that the proposed system is not a burden to the company. For feasibility analysis, some understanding of the major requirements for the system is essential. Three key considerations involved in the feasibility analysis are
9 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS ♦ ECONOMICAL FEASIBILITY ♦ TECHNICAL FEASIBILITY ♦ SOCIAL FEASIBILITY
3.1.1 ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on the organization. The amount of fund that the company can pour into the research and development of the system is limited. The expenditures must be justified. Thus the developed system as well within the budget and this was achieved because most of the technologies used are freely available. Only the customized products had to be purchased.
3.1.2 TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of the system. Any system developed must not have a high demand on the available technical resources. This will lead to high demands on the available technical resources. This will lead to high demands being placed on the client. The developed system must have a modest requirement, as only minimal or null changes are required for implementing this system.
3.1.3 SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This includes the process of training the user to use the system efficiently. The user must not feel threatened by the system, instead must accept it as a necessity. The level of acceptance by the users solely depends on the methods that are employed to educate the user about the system and to make him familiar with it. His level of confidence must be raised so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the system.
10 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
3.2 SYSTEM ARCHITECTURE:
The process of the design implemented with the system architecture view comprises of the parts of the project work that encapsulates all modules ranging from module to module communication, setting initializations and system.
FIG-5.SYSTEM ARCHITECTURE
3.3 ABOUT PLATFORM
Java Technology
Java technology is both a programming language and a platform.
The Java Programming Language
The Java programming language is a high-level language that can be characterized by all of the following buzzwords: Simple Architecture neutral
11 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Object oriented Portable Distributed High performance Interpreted Multithreaded Robust Dynamic Secure
With most programming languages, you either compile or interpret a program so that you can run it on your computer. The Java programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes —the platform-independent codes interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens just once; interpretation occurs each time the program is executed. The following figure illustrates how this works.
FIG-6-.WORKING OF JAVA
You can think of Java bytecodes as the machine code instructions for the Java Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser that can run applets, is an implementation of the Java VM. Java bytecodes help make “write once, run anywhere” possible. You can compile your program into bytecodes on any platform that has a Java compiler. The bytecodes can then be run on any implementation of the Java VM.
12 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS That means that as long as a computer has a Java VM, the same program written in the Java programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
The Java Platform
A platform is the hardware or software environment in which a program runs. We’ve already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS. Most platforms can be described as a combination of the operating system and hardware. The Java platform differs from most other platforms in that it’s a software-only platform that runs on top of other hardware-based platforms. The Java platform has two components:
• •
The Java Virtual Machine (Java VM) The Java Application Programming Interface (Java API) You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms. The Java API is a large collection of ready-made software components that provide many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these libraries are known as packages. The next section, What Can Java Technology Do?, highlights what functionality some of the packages in the Java API provide. The following figure depicts a program that’s running on the Java platform. As the figure shows, the Java API and the virtual machine insulate the program from the hardware.
FIGURE 3- THE JAVA PLATFORM
13 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Native code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform-independent environment, the Java platform can be a bit slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time bytecode compilers can bring performance close to that of native code without threatening portability. Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational databases. The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. The following figure depicts what is included in the Java 2 SDK.
SWING The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications. Swing includes all the components you would expect from a modern toolkit: table controls, list controls, tree controls, buttons, and labels. Swing is far from a simple component toolkit, however. It includes rich undo support, a highly customizable text package, integrated internationalization and accessibility support. To truly leverage the crossplatform capabilities of the Java platform, Swing supports numerous look and feels, including the ability to create your own look and feel. The ability to create a custom look and feel is made easier with Synth, a look and feel specifically designed to be customized. Swing wouldn't be a
14 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS component toolkit without the basic user interface primitives such as drag and drop, event handling, customizable painting, and window management. Swing is part of the Java Foundation Classes (JFC). The JFC also include other features important to a GUI program, such as the ability to add rich graphics functionality and the ability to create a program that can work in different languages and by users with different input devices.
The Swing toolkit includes a rich array of components: from basic components, such as buttons and check boxes, to rich and complex components, such as tables and text. Even deceptively simple components, such as text fields, offer sophisticated functionality, such as formatted text input or password field behavior. There are file browsers and dialogs to suit most needs, and if not, customization is possible. If none of Swing's provided components are exactly what you need, you can leverage the basic Swing component functionality to create your own. Swing components contain a pluggable look and feel (PL & F). This allows all applications to run with the native look and feel on different platforms. PL & F allows applications to have the same behaviour on various platforms. JFC contains operating system neutral look and feel. Swing components do not contain peers. Swing components allow mixing AWT heavyweight and Swing lightweight components in an application. The major difference between lightweight and heavyweight components is that lightweight components can have transparent pixels while heavyweight components are always opaque. Lightweight components can be non-rectangular while heavyweight components are always rectangular. Swing components are JavaBean compliant. This allows components to be used easily in a Bean aware application building program. The root of the majority of the Swing hierarchy is the JComponent class. This class is an extension of the AWT Container class.
15 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Swing components comprise of a large percentage of the JFC release. The Swing component toolkit consists of over 250 pure Java classes and 75 Interfaces contained in about 10 Packages. They are used to build lightweight user interfaces. Swing consists of User Interface (UI) classes and non- User Interface classes. The non-User Interface classes provide services and other operations for the UI classes. Swing offers a number of advantages, which include • • • • • • • • • • • • • • Wide variety of Components Pluggable Look and Feel MVC Architecture Keystroke Handling Action Objects Nested Containers Virtual Desktops Compound Borders Customized Dialogues Standard Dialog Classes Structured Table and Tree Components Powerful Text Manipulation Generic Undo Capabilities Accessibility Support
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for application developers and database systems providers. Before ODBC became a de facto standard for Windows programs to interface with database systems, programmers had to use proprietary languages for each database they wanted to connect to. Now, ODBC has made the choice of the database system almost irrelevant from a coding perspective, which is as it should be. Application developers have much more important things to worry about than the syntax that is needed to port their program from one database to another when business needs suddenly change.
16 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Through the ODBC Administrator in Control Panel, you can specify the particular database that is associated with a data source that an ODBC application program is written to use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a particular database. For example, the data source named Sales Figures might be a SQL Server database, whereas the Accounts Payable data source could refer to an Access database. The physical database referred to by a data source can reside anywhere on the LAN. The ODBC system files are not installed on your system by Windows 95. Rather, they are installed when you setup a separate database application, such as SQL Server Client or Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called ODBCINST.DLL. It is also possible to administer your ODBC data sources through a standalone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program, and each maintains a separate list of ODBCdatasources. From a programming perspective, the beauty of ODBC is that the application can be written to use the same set of function calls to interface with any data source, regardless of the database vendor. The source code of the application doesn’t change whether it talks to Oracle or SQL Server. We only mention these two as an example. There are ODBC drivers available for several dozen popular database systems. Even Excel spreadsheets and plain text files can be turned into data sources. The operating system uses the Registry information written by ODBC Administrator to determine which low-level ODBC drivers are needed to talk to the data source (such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent to the ODBC application program. In a client/server environment, the ODBC API even handles many of the network issues for the application programmer. The advantages of this scheme are so numerous that you are probably thinking there must be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to the native database interface. ODBC has had many detractors make the charge that it is too slow. Microsoft has always claimed that the critical factor in performance is the quality of the driver software that is used. In our humble opinion, this is true. The availability of good ODBC drivers has improved a great deal recently. And anyway, the criticism about performance is somewhat analogous to those who said that compilers would never match the speed of pure assembly
17 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner programs, which means you finish sooner. Meanwhile, computers get faster every year.
JDBC
In an effort to set an independent database standard API for Java, Sun Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface is achieved through the use of “plug-in” database connectivity modules, or drivers. If a database vendor wishes to have JDBC support, he or she must provide the driver for each platform that the database and Java run on. To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you discovered earlier in this chapter, ODBC has widespread support on a variety of platforms. Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than developing a completely new connectivity solution. JDBC was announced in March of 1996. It was released for a 90 day public review that ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon after. The remainder of this section will cover enough information about JDBC for you to know what it is about and how to use it effectively. This is by no means a complete overview of JDBC. That would fill an entire book.
Networking TCP/IP stack The TCP/IP stack is shorter than the OSI one:
18 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
FIGURE – TCP/IP STACK
TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a connectionless protocol.
IP datagram’s
The IP layer provides a connectionless and unreliable delivery system. It considers each datagram independently of the others. Any association between datagram must be supplied by the higher layers. The IP layer supplies a checksum that includes its own header. The header includes the source and destination addresses. The IP layer handles routing through an Internet. It is also responsible for breaking up large datagram into smaller ones for transmission and reassembling them at the other end.
TCP
TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a virtual circuit that two processes can use to communicate.
19 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Internet addresses
In order to use a service, you must be able to find it. The Internet uses an address scheme for machines so that they can be located. The address is a 32 bit integer which gives the IP address. This encodes a network ID and more addressing. The network ID falls into various classes according to the size of the network address.
Network address
Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class D uses all 32.
Subnet address
Internally, the UNIX network is divided into sub networks. Building 11 is currently on one sub network and uses 10-bit addressing, allowing 1024 different hosts.
Host address
8 bits are finally used for host addresses within our subnet. This places a limit of 256 machines that can be on the subnet.
Total address
FIGURE 6 - IP ADDRESSING
The 32 bit address is usually written as 4 integers separated by dots.
20 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Port addresses
A service exists on a host, and is identified by its port. This is a 16 bit number. To send a message to a server, you send it to the port for that service of the host that it is running on. This is not location transparency! Certain of these ports are "well known".
Sockets
A socket is a data structure maintained by the system to handle network connections. A socket is created using the call socket. It returns an integer that is like a file descriptor. In fact, under Windows, this handle can be used with Read File and Write File functions. #include <sys/types.h> #include <sys/socket.h> int socket(int family, int type, int protocol); Here "family" will be AF_INET for IP communications, protocol will be zero, and type will depend on whether TCP or UDP is used. Two processes wishing to communicate over a network create a socket each. These are similar to two ends of a pipe - but the actual pipe does not yet exist. Create a server socket that listens for a client to connect socket(int af, int type, int protocol) This method creates the socket bind(SOCKET s, const struct sockaddr FAR * name, int namelen) Associates a local address with a socket. This routine is used on an unconnected datagram or stream socket, before subsequent connects or listens. When a socket is created with socket, it exists in a name space (address family), but it has no name assigned. bind establishes the local association (host address/port number) of the socket by assigning a local name to an unnamed socket. In the Internet address family, a name consists of several components. For SOCK_DGRAM and SOCK_STREAM, the name consists of three parts: a host address, the protocol number (set implicitly to UDP or TCP, respectively), and a port number which
21 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS identifies the application. If an application does not care what address is assigned to it, it may specify an Internet address equal to INADDR_ANY, a port equal to 0, or both. If the Internet address is equal to INADDR_ANY, any appropriate network interface will be used; this simplifies application programming in the presence of multi- homed hosts. If the port is specified as 0, the Windows Sockets implementation will assign a unique port to the application with a value between 1024 and 5000. The application may use getsockname after bind to learn the address that has been assigned to it, but note that getsockname will not necessarily fill in the Internet address until the socket is connected, since several Internet addresses may be valid if the host is multi-homed. If no error occurs, bind returns 0. Otherwise, it returns SOCKET_ERROR, and a specific error code may be retrieved by calling WSAGetLastError. listen(SOCKET s, int backlog ) Establishes a socket to listen to a incoming connection To accept connections, a socket is first created with socket, a backlog for incoming connections is specified with listen, and then the connections are accepted with accept. listen applies only to sockets that support connections, i.e. those of type SOCK_STREAM. The socket s is put into "passive'' mode where incoming connections are acknowledged and queued pending acceptance by the process. This function is typically used by servers that could have more than one connection request at a time: if a connection request arrives with the queue full, the client will receive an error with an indication of WSAECONNREFUSED. listen attempts to continue to function rationally when there are no available descriptors. It will accept connections until the queue is emptied. If descriptors become available, a later call to listen or accept will re-fill the queue to the current or most recent "backlog'', if possible, and resume listening for incoming connections. accept (SOCKET s, struct sockaddr FAR * addr, int FAR * addrlen) This routine extracts the first connection on the queue of pending connections on s, creates a new socket with the same properties as s and returns a handle to the new socket. If no pending connections are present on the queue, and the socket is not marked as non- blocking, accept blocks the caller until a connection is present. If the socket is marked non-blocking and no pending connections are present on the queue, accept returns an error as described below. The accepted socket may not be used to accept more connections. The original socket remains open.
22 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS The argument addr is a result parameter that is filled in with the address of the connecting entity, as known to the communications layer. The exact format of the addr parameter is determined by the address family in which the communication is occurring. The addrlen is a value-result parameter; it should initially contain the amount of space pointed to by addr; on return it will contain the actual length (in bytes) of the address returned. This call is used with connection-based socket types such as SOCK_STREAM. If addr and/or addrlen are equal to NULL, then no information about the remote address of the accepted socket is returned. closesocket(SOCKET s) closes a socket Making client connection with server In order to create a socket that connects to an other socket uses most of the functions from the previous code with the exception of a struct called HOSTENT. HOSTENT: This struct is used to tell the This struct is used to tell the socket to which computer and port to connect to. These struct can appear as LPHOSTENT, but it actually means that they are pointer to HOSTENT. Client key function Most of the functions that have been used for the client to connect to the server are the same as the server with the exception of a few. I will just go through the different functions that have been used for the client. gethostbyname(const char* FAR name) gethostbyname returns a pointer to a hostent structure as described under gethostbyaddr. The contents of this structure correspond to the hostname name. The pointer which is returned points to a structure which is allocated by the Windows Sockets implementation. The application must never attempt to modify this structure or to free any of its components. Furthermore, only one
23 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS copy of this structure is allocated per thread, and so the application should copy any information which it needs before issuing any other Windows Sockets API calls. A gethostbyname implementation must not resolve IP address strings passed to it. Such a request should be treated exactly as if an unknown host name were passed. An application with an IP address string to resolve should use inet_addr to convert the string to an IP address, then gethostbyaddr to obtain the hostent structure. Part 2 - Send / recieve Up to this point we have managed to connect with our client to the server. Clearly this is not going to be enough in a real-life application. In this section we are going to look into more details how to use the send/recv functions in order to get some communication going between the two applications. Factually this is not going to be difficult because most of the hard work has been done setting up the server and the client app. before going into the code we are going to look into more details the two functions send(SOCKET s, const char FAR * buf, int len, int flags) send is used on connected datagram or stream sockets and is used to write outgoing data on a socket. For datagram sockets, care must be taken not to exceed the maximum IP packet size of the underlying subnets, which is given by the iMaxUdpDg element in the WSAData structure returned by WSAStartup. If the data is too long to pass atomically through the underlying protocol the error WSAEMSGSIZE is returned, and no data is transmitted. recv(SOCKET s, const char FAR * buf, int len, int flags) For sockets of type SOCK_STREAM, as much information as is currently available up to the size of the buffer supplied is returned. If the socket has been configured for in- line reception of out-of-band data (socket option SO_OOBINLINE) and out-of-band data is unread, only out-ofband data will be returned. The application may use the ioctlsocket SIOCATMARK to determine whether any more out-of-band data remains to be read.
24 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
part 3 - Read unknown size of data from client Us mentioned earlier in part 2, we are going to expand on the way that we receive data. The problem we had before is that if we did not know the size of data that we where expecting, then the would end up with problems. In order to fix this here we create a new function that receive a pointer to the client socket, and then read a char at the time, placing each char into a vector until we find the '\n' character that signifies the end of the message. This is early not a robust or industrial way the read data from one socket to an other, because but it’s a way to start reading unknown length strings. The function will be called after the accept method.
4. DESIGN
The Data Flow diagram is a graphic tool used for expressing system requirements in a graphical form. The DFD also known as the “bubble chart” has the purpose of clarifying system requirements and identifying major transformations that to become program in system design. Thus DFD can be stated as the starting point of the design phase that functionally decomposes the requirements specifications down to the lowest level of detail. The DFD consists of series of bubbles joined by lines. The bubbles represent data transformations and the lines represent data flows in the system. A DFD describes what data flow is rather than how they are processed, so it does not depend on hardware, software, data structure or file organization.
25 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
S re oc u
Co hs oe D tn i n ei a s to
R d Ph ao a n mt
C c Da s h k ab e e t a
4.1 Use Case Diagram:-
Tne r sr af Msg ea s e
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of the functionality provided by a system in terms of actors, their goals (represented as use cases), and any dependencies between those use cases. The main purpose of a use case diagram is to show what system functions are performed for which actor. Roles of the actors in the system can be depicted.
26 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
TployCn t u t n oo g osr cio
Rno Pt Slet n ad ma e cio h
M s g T nm s n e ae r s is io s a Dnm Sc r y y a ic eu it
Ru g a l Min ne ot Tb a t c in e a
4.2 Class Diagram:Class diagrams are the mainstay of object-oriented analysis and design. Class diagrams show the classes of the system, their interrelationships (including inheritance, aggregation, and association), and the operations and attributes of the classes. Class diagrams are used for a wide variety of purposes, including both conceptual/domain modeling and detailed design modeling.
T p lo y o s u tio o o g C n tr c n n d Nm oe a e ndI o ep nd Pr o e ot g tNd I f ( e o eno) u d te o eno) p a Nd I f ( Rn o P th e c n a d m a S le tio ds a e e tNm peP th rva g tAa a s) e v ilP th ( s le tRn o P th ( e c a d m a s) r u g a le p a n) o tin T b U d tio (
Ta s itMs a e r nm es g ds a e e tN m ds p e tI d s ot e tP r peP th rva r mv Peio s a ( e oe r v u P th) ms a e r n m s n) e s g Ta s is io ( g tA k) e c(
27 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
4.3 Sequence Diagram:A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how processes operate with one another and in what order. It is a construct of a Message Sequence Chart.Sequence diagrams are sometimes called Eventtrace diagrams, event scenarios, and timing diagrams. A sequence diagram shows, as parallel vertical lines (lifelines), different processes or objects that live simultaneously, and, as horizontal arrows, the messages exchanged between them, in the order in which they occur. This allows the specification of simple runtime scenarios in a graphical manner.
S o u rc e s e le c t
S e le c t D e s tin a tio n
R o u tin g Ta b le
R a n d o m P a th
M es s age Tra n s m is s o n
p a th s ele c tion R a n d o m P a th c o m p a re w ith p re vio us p a th
Tra n s m it m e s s a g e
28 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
4.4 Collaboration Diagram:-
1: select Source Select Destination
2: path selection Routing Table
5: Transmit 4: compare 3: Random Path
Random Path
Message Transmisson
4.6 Activity Diagram:
Activity diagrams are typically used for business process modeling, for modeling the logic captured by a single use case or usage scenario, or for modeling the detailed logic of a business rule. Although UML activity diagrams could potentially model the internal logic of a complex operation it would be far better to simply rewrite the operation so that it is simple enough that you don’t require an activity diagram. In many ways UML activity diagrams are the objectoriented equivalent of flow charts and data flow diagrams (DFDs) from structured development.
29 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Lg oi n
sl c e t e dsintio et a n
sl c e t e r no pt ad m a h
nx et nigb u e h or
gt o o s leti n e co
ys e
c mae o pr N o T nm r s it a
5. IMPLEMENTION
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
30 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Implementation is the process of converting a new system design into operation. It is the phase that focuses on user training, site preparation and file conversion for installing a candidate system. The important factor that should be considered here is that the conversion should not disrupt the functioning of the organization. The implementation can be preceded through Socket in java but it will be considered as one to all communication .For proactive broadcasting we need dynamic linking. So java will be more suitable for platform independence and networking concepts. For maintaining route information we go for Oracle as database back end
5.1 SCREEN SHOTS
Get Node Number Get Node Detail
31 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
32 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
33 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Topology Structure
34 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
35 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
36 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
37 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Message Transmission Screen:
38 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Dynamic Routes:
Message Java:
Packet:
39 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Paths:
Packet Transmission:
40 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
5.2 TESTING 5.2.1 TESTING PROCESS
The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.
TYPES OF TESTS
5.2.1 UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program input produces valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system
41 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.
5.2.2 INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components is correct and consistent. Integration testing is specifically aimed at exposing the problems that arise from the combination of components.
5.2.3 FUNCTIONAL TESTING
Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements, system documentation and user manuals. Functional testing is centered on the following items: Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected. Functions Output : identified functions must be exercised. : identified classes of application outputs must be exercised : interfacing systems or procedures must be invoked.
Systems/Procedures
Organization and preparation of functional tests is focused on requirements, key functions, or special test cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined processes, and successive processes must be considered for testing.
42 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Before functional testing is complete, additional tests are identified and the effective value of current tests is determined.
5.2.4 SYSTEM TESTING
System testing ensures that the entire integrated software system meets requirements. It tests a configuration to ensure known and predictable results. An example of system testing is the configuration oriented system integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process links and integration points.
5.2.5 BOX TESTING
White Box Testing is a testing in which the software tester has knowledge of the inner workings, structure and language of the software, or at least its purpose. It is used to test areas that cannot be reached from a black box level.
5.2.5.1 BLACK BOX TESTING
Black Box Testing is testing the software without any knowledge of the inner workings, structure or language of the module being tested. Black box tests, as most other kinds of tests, must be written from a definitive source document, such as specification or requirements document, such as specification or requirements document. It is a testing in which the software under test is treated, as a black box .you cannot “see” into it. The test provides inputs and responds to outputs without considering how the software works.
TEST STRATEGY AND APPROACH
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
• All field entries must work properly.
43 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS • • • • • • Pages must be activated from the identified link. The entry screen, messages and responses must not be delayed. Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page.
5.1.6 INTEGRATION TESTING
Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. The task of the integration test is to check that components or software applications, e.g. components in a software system or – one step up – software applications at the company level – interact without error.
5.2.7 ACCEPTANCE TESTING
User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements.
TEST RESULTS
All the test cases mentioned above passed successfully. No defects encountered.
6. CONCLUSION AND FUTURE SCOPE
This paper has proposed a security-enhanced dynamic routing algorithm based on distributed routing information widely supported in existing networks. The proposed algorithm is easy to implement and compatible with popular routing protocols, such as RIP and DSDV, over existing infrastructures. An analytic study was developed for the proposed algorithm and was verified
44 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS against the experimental results. A series of simulation experiments were conducted to show the capability of the proposed algorithm, for which we have very encouraging results. We must point out that the proposed algorithm is completely orthogonal to the work based on the designs of cryptography algorithms and system infrastructures. Our security enhanced dynamic routing could be used with cryptography-based system designs to further improve the security of data transmission over networks.
6.2 Future Enhancements:
To enhance the security features instead of using random path selection, we using a method called odd & even path selection method, also making use of cryptographic algorithm, in order to get efficient packets.
7. BIBLIOGRAPHY
[1] G. Apostolopoulos, V. Peris, P. Pradhan, and D. Saha, “Securing Electronic Commerce: Reducing the SSL Overhead,” IEEE Network, 2000. [2] S. Bohacek, J.P. Hespanha, K. Obraczka, J. Lee, and C. Lim, “Enhancing Security via Stochastic Routing,” Proc. 11th Int’l Conf. Computer Comm. and Networks (ICCCN), 2002. [3] D. Collins, Carrier Grade Voice over IP. McGraw-Hill, 2003. [4] T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms. MIT Press, 1990. [5] P. Erdo¨s and A. Re´nyi, “On Random Graphs,” Publicationes Math. Debrecen, vol. 6, 1959. [6] M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On Power-Law
45 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Relationships of the Internet Topology,” Proc. ACM SIGCOMM’99, pp. 251-262, 1999. [7] FreeS/WAN, http://www.freeswan.org, 2008. [8] I. Gojmerac, T. Ziegler, F. Ricciato, and P. Reichl, “Adaptive Multipath Routing for Dynamic Traffic Engineering,” Proc. IEEE Global Telecommunications Conf. (GLOBECOM), 2003. [9] C. Hopps, Analysis of an Equal-Cost Multi-Path Algorithm, Request for comments (RFC 2992), Nov. 2000. [10] C. Kaufman, R. Perlman, and M. Speciner, Network Security— PRIVATE Communication in a PUBLIC World, second ed. Prentice Hall PTR, 2002.
By Narsing
46 INFORMATION TECHNOLOGY
1. INTRODUCTION OF THE PROJECT
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) [23] and the Secure Socket Layer (SSL) [21] are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth. For example, the data transmission overhead is 5 cycles/byte over an Intel Pentium II with the Linux IP stack alone, and the overhead increases to 58 cycles/byte when Advanced Encryption Standard (AES) is adopted for encryption/decryption for IPSec. Another alternative for security-enhanced data transmission is to dynamically route packets between each source and its destination so that the chance for system break-in, due to successful interception of consecutive packets for a session, is slim. The intention of securityenhanced routing is different from the adopting of multiple paths between a source and a destination to increase the throughput of data transmission .In particular, Lou et al. proposed a secure routing protocol to improve the security of end-to-end data transmission based on multiple path deliveries. The set of multiple paths between each source and its destination is determined in an online fashion, and extra control message exchanging is needed. Bohacek et al. proposed a secure stochastic routing mechanism to improve routing security. Similar to the work proposed by Lou et ala set of paths is discovered for each source and its destination in an online fashion based on message flooding. Thus, a mass of control messages is needed. Yang and
1 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Papavassiliou explored the trading of the security level and the traffic dispersion. They proposed a traffic dispersion scheme to reduce the probability of eavesdropped information along the used paths provided that the set of data delivery paths is discovered in advance. Although excellent research results have been proposed for security-enhanced dynamic routing, many of them rely on the discovery of multiple paths either in an online or offline fashion. For those online path searching approaches, the discovery of multiple paths involves a significant number of control signals over the Internet. On the other hand, the discovery of paths in an offline fashion might not be suitable to networks with a dynamic changing configuration. Therefore, we will propose a dynamic routing algorithm to provide security enhanced data delivery without introducing any extra control messages.
1.1
PROBLEM STATEMENT
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) and the Secure Socket Layer (SSL) are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth. For example, the data transmission overhead is 5 cycles/byte over an Intel Pentium II with the Linux IP stack alone, and the overhead increases to 58 cycles/byte when Advanced Encryption Standard (AES) is adopted for encryption/decryption for IPSec . The objective of this work is to explore a security-enhanced dynamic routing algorithm based on distributed routing information widely supported in existing networks. In general, routing protocols over networks could be classified roughly into two kinds: distance-vector algorithms and link-state algorithms. Distance-vector algorithms rely on the exchanging of distance information among neighboring nodes for
2
INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS the seeking of routing paths. Examples of distance-vector-based routing algorithms include RIP and DSDV. Link-state algorithms used in the Open Shortest Path First protocol are for global routing in which the network topology is known by all nodes. Our goal is to propose a distance-vector-based algorithm for dynamic routing to improve the security of data transmission.
1.2 EXISTING SYSTEM
IN the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on securityenhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) and the Secure Socket Layer (SSL) are popularly supported and implemented in many systems and platforms. Although IPSec and SSL do greatly improve the security level for data transmission, they unavoidably introduce substantial overheads especially on gateway/host performance and effective network bandwidth.
Disadvantages:
Number of Retransmission is high. Cost is high to implement a cryptographic technique. eavesdropping is easily occur.
1.3 PROPOSED SYSTEM
The objective of this work is to explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to
3 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets. The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. An analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
Advantages:
Cost is low compare to cryptographic technique. It’s applicable for wired and wireless networks. Number of retransmission is less.
1.3.1 MODULES
Topology Construction:
In this module, we construct a topology structure. Here we use mesh topology because the
of its unstructured nature. Topology is constructed by getting the names of the nodes and associated port and ip address is also obtained.
connections among the nodes as input from the user.While getting each of the nodes, their
For successive nodes, the node to which it should be connected is also accepted from the user. While adding nodes, comparison will be done so that there would be no node duplication.
Then we identify the source and the destinations.
4 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Nd oe
Ce k hc Aa b v ila le
Nd I f o eno
Aed lr a y Aa b v ila le
U d teN d pa oe If no
FIG-1 TOPOLOGY CONSTRUCTION
Random Path Selection Algorithm:
Randomization Process Consider the delivery of a packet with the destination t at a node Ni. In order to minimize the probability that packets are eavesdropped over a specific link, a randomization process for packet deliveries shown in Procedure 1 is adopted. In this process, the previous next hop hs (defined in HNi t of Table 1b) for the source node s is identified in the first step of the process (line 1). Then, the process randomly picks up a neighboring node in CNi t excluding hs as the next hop for the current packet transmission. The exclusion of hs for the next hop selection avoids transmitting two consecutive packets in the same link, and the randomized pickup prevents attackers from easily predicting routing paths for the coming transmitted packets. The number of entries in the history record for packet deliveries to destination nodes is jNj in the worst case. In order to efficiently look up the history record for a destination node, we maintain the history record for each node in a hash table. Before the current packet is sent to its destination node, we must randomly pick up a neighboring node excluding the used node for the
5 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS previous packet. Once a neighboring node is selected, by the hash table, we need Oð1Þ to determine whether the selected neighboring node for the current packet is the same as the one used by the previous packet.
N eoi o Lg d n
sl c e t e D tnto ei a n s i
cos hoe nx ps et o h
nx hp et os h
pt s a h
cm r ope a w p vu ih r i s t eo
nteul o qa
eul qa
u a p SELECT RANDOM PATH FIG-2.dte
MESSAGE TRANSMISSION:
In this module we transmit the message to the destination. Based on the random path selection algorithm here we transmit the message. For each packet transmission the path and the packets are updated in the routing table.
6 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
N eg ol i do n
sl c e t e D tn i n ei a s to
r n mt a oph d a
ph as t
ta m rn i s t msg ea s e
FIG-3.MESSAGE TRANSMISSION ROUTING TABLE MAINTENANCE:
In this module we can maintain the routing table; here we add one more column to maintain the packet delivery ratio. In this one we can maintain how many packets are transmitted over each path. It will be useful for to identify any path can handle number packets. We can stop transmission some amount of time period over that path. So the hacker cannot identify in which path the message is transmitted and also we can easily transmit the data securely.
7 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Lg o in
Ms a e es g tr n m s n a s is io
u d te pa p thd s a e tils
D B
FIG-4.RANDOM TABLE MAINTENANCE 1.4 SCOPE AND OBJECTIVE
The objective of this work is to explore a security enhanced dynamic routing algorithm based on distributed routing information widely supported in existing wired and wireless networks. We aim at the randomization of delivery paths for data transmission to provide considerably small path similarity (i.e., the number of common links between two delivery paths) of two consecutive transmitted packets. The proposed algorithm should be easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP) for wired networks and Destination-Sequenced Distance Vector (DSDV) protocol for wireless networks, over existing infrastructures. These protocols shall not increase the number of control messages if the proposed algorithm is adopted. An analytic study will be presented for the proposed routing algorithm, and a series of simulation study will be conducted to verify the analytic results and to show the capability of the proposed algorithm.
2. SOFTWARE REQUIRMENT SPECIFICATION
8 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
2.1 HARDWARE SPECIFICATION
The hardware used for the development of the project is: • • • • • • • SYSTEM FLOPPY DRIVE MONITOR MOUSE RAM KEYBOARD : Pentium IV 2.4 GHz : 1.44 MB : 15 VGA colour : Logitech. : 256 MB : 110 keys enhanced.
HARD DISK : 40 GB
2.2 SOFTWARE REQUIREMENTS
The software used for the development of the project is: • • • OPERATING SYSTEM FRONT END BACK END : Windows XP Professional
: JAVA : MS-Access
3.SYSTEM ANALYSIS
3.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put forth with a very general plan for the project and some cost estimates. During system analysis the feasibility study of the proposed system is to be carried out. This is to ensure that the proposed system is not a burden to the company. For feasibility analysis, some understanding of the major requirements for the system is essential. Three key considerations involved in the feasibility analysis are
9 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS ♦ ECONOMICAL FEASIBILITY ♦ TECHNICAL FEASIBILITY ♦ SOCIAL FEASIBILITY
3.1.1 ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on the organization. The amount of fund that the company can pour into the research and development of the system is limited. The expenditures must be justified. Thus the developed system as well within the budget and this was achieved because most of the technologies used are freely available. Only the customized products had to be purchased.
3.1.2 TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of the system. Any system developed must not have a high demand on the available technical resources. This will lead to high demands on the available technical resources. This will lead to high demands being placed on the client. The developed system must have a modest requirement, as only minimal or null changes are required for implementing this system.
3.1.3 SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This includes the process of training the user to use the system efficiently. The user must not feel threatened by the system, instead must accept it as a necessity. The level of acceptance by the users solely depends on the methods that are employed to educate the user about the system and to make him familiar with it. His level of confidence must be raised so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the system.
10 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
3.2 SYSTEM ARCHITECTURE:
The process of the design implemented with the system architecture view comprises of the parts of the project work that encapsulates all modules ranging from module to module communication, setting initializations and system.
FIG-5.SYSTEM ARCHITECTURE
3.3 ABOUT PLATFORM
Java Technology
Java technology is both a programming language and a platform.
The Java Programming Language
The Java programming language is a high-level language that can be characterized by all of the following buzzwords: Simple Architecture neutral
11 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Object oriented Portable Distributed High performance Interpreted Multithreaded Robust Dynamic Secure
With most programming languages, you either compile or interpret a program so that you can run it on your computer. The Java programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes —the platform-independent codes interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens just once; interpretation occurs each time the program is executed. The following figure illustrates how this works.
FIG-6-.WORKING OF JAVA
You can think of Java bytecodes as the machine code instructions for the Java Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser that can run applets, is an implementation of the Java VM. Java bytecodes help make “write once, run anywhere” possible. You can compile your program into bytecodes on any platform that has a Java compiler. The bytecodes can then be run on any implementation of the Java VM.
12 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS That means that as long as a computer has a Java VM, the same program written in the Java programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
The Java Platform
A platform is the hardware or software environment in which a program runs. We’ve already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS. Most platforms can be described as a combination of the operating system and hardware. The Java platform differs from most other platforms in that it’s a software-only platform that runs on top of other hardware-based platforms. The Java platform has two components:
• •
The Java Virtual Machine (Java VM) The Java Application Programming Interface (Java API) You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms. The Java API is a large collection of ready-made software components that provide many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these libraries are known as packages. The next section, What Can Java Technology Do?, highlights what functionality some of the packages in the Java API provide. The following figure depicts a program that’s running on the Java platform. As the figure shows, the Java API and the virtual machine insulate the program from the hardware.
FIGURE 3- THE JAVA PLATFORM
13 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Native code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform-independent environment, the Java platform can be a bit slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time bytecode compilers can bring performance close to that of native code without threatening portability. Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational databases. The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. The following figure depicts what is included in the Java 2 SDK.
SWING The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications. Swing includes all the components you would expect from a modern toolkit: table controls, list controls, tree controls, buttons, and labels. Swing is far from a simple component toolkit, however. It includes rich undo support, a highly customizable text package, integrated internationalization and accessibility support. To truly leverage the crossplatform capabilities of the Java platform, Swing supports numerous look and feels, including the ability to create your own look and feel. The ability to create a custom look and feel is made easier with Synth, a look and feel specifically designed to be customized. Swing wouldn't be a
14 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS component toolkit without the basic user interface primitives such as drag and drop, event handling, customizable painting, and window management. Swing is part of the Java Foundation Classes (JFC). The JFC also include other features important to a GUI program, such as the ability to add rich graphics functionality and the ability to create a program that can work in different languages and by users with different input devices.
The Swing toolkit includes a rich array of components: from basic components, such as buttons and check boxes, to rich and complex components, such as tables and text. Even deceptively simple components, such as text fields, offer sophisticated functionality, such as formatted text input or password field behavior. There are file browsers and dialogs to suit most needs, and if not, customization is possible. If none of Swing's provided components are exactly what you need, you can leverage the basic Swing component functionality to create your own. Swing components contain a pluggable look and feel (PL & F). This allows all applications to run with the native look and feel on different platforms. PL & F allows applications to have the same behaviour on various platforms. JFC contains operating system neutral look and feel. Swing components do not contain peers. Swing components allow mixing AWT heavyweight and Swing lightweight components in an application. The major difference between lightweight and heavyweight components is that lightweight components can have transparent pixels while heavyweight components are always opaque. Lightweight components can be non-rectangular while heavyweight components are always rectangular. Swing components are JavaBean compliant. This allows components to be used easily in a Bean aware application building program. The root of the majority of the Swing hierarchy is the JComponent class. This class is an extension of the AWT Container class.
15 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Swing components comprise of a large percentage of the JFC release. The Swing component toolkit consists of over 250 pure Java classes and 75 Interfaces contained in about 10 Packages. They are used to build lightweight user interfaces. Swing consists of User Interface (UI) classes and non- User Interface classes. The non-User Interface classes provide services and other operations for the UI classes. Swing offers a number of advantages, which include • • • • • • • • • • • • • • Wide variety of Components Pluggable Look and Feel MVC Architecture Keystroke Handling Action Objects Nested Containers Virtual Desktops Compound Borders Customized Dialogues Standard Dialog Classes Structured Table and Tree Components Powerful Text Manipulation Generic Undo Capabilities Accessibility Support
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for application developers and database systems providers. Before ODBC became a de facto standard for Windows programs to interface with database systems, programmers had to use proprietary languages for each database they wanted to connect to. Now, ODBC has made the choice of the database system almost irrelevant from a coding perspective, which is as it should be. Application developers have much more important things to worry about than the syntax that is needed to port their program from one database to another when business needs suddenly change.
16 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Through the ODBC Administrator in Control Panel, you can specify the particular database that is associated with a data source that an ODBC application program is written to use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a particular database. For example, the data source named Sales Figures might be a SQL Server database, whereas the Accounts Payable data source could refer to an Access database. The physical database referred to by a data source can reside anywhere on the LAN. The ODBC system files are not installed on your system by Windows 95. Rather, they are installed when you setup a separate database application, such as SQL Server Client or Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called ODBCINST.DLL. It is also possible to administer your ODBC data sources through a standalone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program, and each maintains a separate list of ODBCdatasources. From a programming perspective, the beauty of ODBC is that the application can be written to use the same set of function calls to interface with any data source, regardless of the database vendor. The source code of the application doesn’t change whether it talks to Oracle or SQL Server. We only mention these two as an example. There are ODBC drivers available for several dozen popular database systems. Even Excel spreadsheets and plain text files can be turned into data sources. The operating system uses the Registry information written by ODBC Administrator to determine which low-level ODBC drivers are needed to talk to the data source (such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent to the ODBC application program. In a client/server environment, the ODBC API even handles many of the network issues for the application programmer. The advantages of this scheme are so numerous that you are probably thinking there must be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to the native database interface. ODBC has had many detractors make the charge that it is too slow. Microsoft has always claimed that the critical factor in performance is the quality of the driver software that is used. In our humble opinion, this is true. The availability of good ODBC drivers has improved a great deal recently. And anyway, the criticism about performance is somewhat analogous to those who said that compilers would never match the speed of pure assembly
17 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner programs, which means you finish sooner. Meanwhile, computers get faster every year.
JDBC
In an effort to set an independent database standard API for Java, Sun Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface is achieved through the use of “plug-in” database connectivity modules, or drivers. If a database vendor wishes to have JDBC support, he or she must provide the driver for each platform that the database and Java run on. To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you discovered earlier in this chapter, ODBC has widespread support on a variety of platforms. Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than developing a completely new connectivity solution. JDBC was announced in March of 1996. It was released for a 90 day public review that ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon after. The remainder of this section will cover enough information about JDBC for you to know what it is about and how to use it effectively. This is by no means a complete overview of JDBC. That would fill an entire book.
Networking TCP/IP stack The TCP/IP stack is shorter than the OSI one:
18 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
FIGURE – TCP/IP STACK
TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a connectionless protocol.
IP datagram’s
The IP layer provides a connectionless and unreliable delivery system. It considers each datagram independently of the others. Any association between datagram must be supplied by the higher layers. The IP layer supplies a checksum that includes its own header. The header includes the source and destination addresses. The IP layer handles routing through an Internet. It is also responsible for breaking up large datagram into smaller ones for transmission and reassembling them at the other end.
TCP
TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a virtual circuit that two processes can use to communicate.
19 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Internet addresses
In order to use a service, you must be able to find it. The Internet uses an address scheme for machines so that they can be located. The address is a 32 bit integer which gives the IP address. This encodes a network ID and more addressing. The network ID falls into various classes according to the size of the network address.
Network address
Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class D uses all 32.
Subnet address
Internally, the UNIX network is divided into sub networks. Building 11 is currently on one sub network and uses 10-bit addressing, allowing 1024 different hosts.
Host address
8 bits are finally used for host addresses within our subnet. This places a limit of 256 machines that can be on the subnet.
Total address
FIGURE 6 - IP ADDRESSING
The 32 bit address is usually written as 4 integers separated by dots.
20 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Port addresses
A service exists on a host, and is identified by its port. This is a 16 bit number. To send a message to a server, you send it to the port for that service of the host that it is running on. This is not location transparency! Certain of these ports are "well known".
Sockets
A socket is a data structure maintained by the system to handle network connections. A socket is created using the call socket. It returns an integer that is like a file descriptor. In fact, under Windows, this handle can be used with Read File and Write File functions. #include <sys/types.h> #include <sys/socket.h> int socket(int family, int type, int protocol); Here "family" will be AF_INET for IP communications, protocol will be zero, and type will depend on whether TCP or UDP is used. Two processes wishing to communicate over a network create a socket each. These are similar to two ends of a pipe - but the actual pipe does not yet exist. Create a server socket that listens for a client to connect socket(int af, int type, int protocol) This method creates the socket bind(SOCKET s, const struct sockaddr FAR * name, int namelen) Associates a local address with a socket. This routine is used on an unconnected datagram or stream socket, before subsequent connects or listens. When a socket is created with socket, it exists in a name space (address family), but it has no name assigned. bind establishes the local association (host address/port number) of the socket by assigning a local name to an unnamed socket. In the Internet address family, a name consists of several components. For SOCK_DGRAM and SOCK_STREAM, the name consists of three parts: a host address, the protocol number (set implicitly to UDP or TCP, respectively), and a port number which
21 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS identifies the application. If an application does not care what address is assigned to it, it may specify an Internet address equal to INADDR_ANY, a port equal to 0, or both. If the Internet address is equal to INADDR_ANY, any appropriate network interface will be used; this simplifies application programming in the presence of multi- homed hosts. If the port is specified as 0, the Windows Sockets implementation will assign a unique port to the application with a value between 1024 and 5000. The application may use getsockname after bind to learn the address that has been assigned to it, but note that getsockname will not necessarily fill in the Internet address until the socket is connected, since several Internet addresses may be valid if the host is multi-homed. If no error occurs, bind returns 0. Otherwise, it returns SOCKET_ERROR, and a specific error code may be retrieved by calling WSAGetLastError. listen(SOCKET s, int backlog ) Establishes a socket to listen to a incoming connection To accept connections, a socket is first created with socket, a backlog for incoming connections is specified with listen, and then the connections are accepted with accept. listen applies only to sockets that support connections, i.e. those of type SOCK_STREAM. The socket s is put into "passive'' mode where incoming connections are acknowledged and queued pending acceptance by the process. This function is typically used by servers that could have more than one connection request at a time: if a connection request arrives with the queue full, the client will receive an error with an indication of WSAECONNREFUSED. listen attempts to continue to function rationally when there are no available descriptors. It will accept connections until the queue is emptied. If descriptors become available, a later call to listen or accept will re-fill the queue to the current or most recent "backlog'', if possible, and resume listening for incoming connections. accept (SOCKET s, struct sockaddr FAR * addr, int FAR * addrlen) This routine extracts the first connection on the queue of pending connections on s, creates a new socket with the same properties as s and returns a handle to the new socket. If no pending connections are present on the queue, and the socket is not marked as non- blocking, accept blocks the caller until a connection is present. If the socket is marked non-blocking and no pending connections are present on the queue, accept returns an error as described below. The accepted socket may not be used to accept more connections. The original socket remains open.
22 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS The argument addr is a result parameter that is filled in with the address of the connecting entity, as known to the communications layer. The exact format of the addr parameter is determined by the address family in which the communication is occurring. The addrlen is a value-result parameter; it should initially contain the amount of space pointed to by addr; on return it will contain the actual length (in bytes) of the address returned. This call is used with connection-based socket types such as SOCK_STREAM. If addr and/or addrlen are equal to NULL, then no information about the remote address of the accepted socket is returned. closesocket(SOCKET s) closes a socket Making client connection with server In order to create a socket that connects to an other socket uses most of the functions from the previous code with the exception of a struct called HOSTENT. HOSTENT: This struct is used to tell the This struct is used to tell the socket to which computer and port to connect to. These struct can appear as LPHOSTENT, but it actually means that they are pointer to HOSTENT. Client key function Most of the functions that have been used for the client to connect to the server are the same as the server with the exception of a few. I will just go through the different functions that have been used for the client. gethostbyname(const char* FAR name) gethostbyname returns a pointer to a hostent structure as described under gethostbyaddr. The contents of this structure correspond to the hostname name. The pointer which is returned points to a structure which is allocated by the Windows Sockets implementation. The application must never attempt to modify this structure or to free any of its components. Furthermore, only one
23 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS copy of this structure is allocated per thread, and so the application should copy any information which it needs before issuing any other Windows Sockets API calls. A gethostbyname implementation must not resolve IP address strings passed to it. Such a request should be treated exactly as if an unknown host name were passed. An application with an IP address string to resolve should use inet_addr to convert the string to an IP address, then gethostbyaddr to obtain the hostent structure. Part 2 - Send / recieve Up to this point we have managed to connect with our client to the server. Clearly this is not going to be enough in a real-life application. In this section we are going to look into more details how to use the send/recv functions in order to get some communication going between the two applications. Factually this is not going to be difficult because most of the hard work has been done setting up the server and the client app. before going into the code we are going to look into more details the two functions send(SOCKET s, const char FAR * buf, int len, int flags) send is used on connected datagram or stream sockets and is used to write outgoing data on a socket. For datagram sockets, care must be taken not to exceed the maximum IP packet size of the underlying subnets, which is given by the iMaxUdpDg element in the WSAData structure returned by WSAStartup. If the data is too long to pass atomically through the underlying protocol the error WSAEMSGSIZE is returned, and no data is transmitted. recv(SOCKET s, const char FAR * buf, int len, int flags) For sockets of type SOCK_STREAM, as much information as is currently available up to the size of the buffer supplied is returned. If the socket has been configured for in- line reception of out-of-band data (socket option SO_OOBINLINE) and out-of-band data is unread, only out-ofband data will be returned. The application may use the ioctlsocket SIOCATMARK to determine whether any more out-of-band data remains to be read.
24 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
part 3 - Read unknown size of data from client Us mentioned earlier in part 2, we are going to expand on the way that we receive data. The problem we had before is that if we did not know the size of data that we where expecting, then the would end up with problems. In order to fix this here we create a new function that receive a pointer to the client socket, and then read a char at the time, placing each char into a vector until we find the '\n' character that signifies the end of the message. This is early not a robust or industrial way the read data from one socket to an other, because but it’s a way to start reading unknown length strings. The function will be called after the accept method.
4. DESIGN
The Data Flow diagram is a graphic tool used for expressing system requirements in a graphical form. The DFD also known as the “bubble chart” has the purpose of clarifying system requirements and identifying major transformations that to become program in system design. Thus DFD can be stated as the starting point of the design phase that functionally decomposes the requirements specifications down to the lowest level of detail. The DFD consists of series of bubbles joined by lines. The bubbles represent data transformations and the lines represent data flows in the system. A DFD describes what data flow is rather than how they are processed, so it does not depend on hardware, software, data structure or file organization.
25 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
S re oc u
Co hs oe D tn i n ei a s to
R d Ph ao a n mt
C c Da s h k ab e e t a
4.1 Use Case Diagram:-
Tne r sr af Msg ea s e
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of the functionality provided by a system in terms of actors, their goals (represented as use cases), and any dependencies between those use cases. The main purpose of a use case diagram is to show what system functions are performed for which actor. Roles of the actors in the system can be depicted.
26 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
TployCn t u t n oo g osr cio
Rno Pt Slet n ad ma e cio h
M s g T nm s n e ae r s is io s a Dnm Sc r y y a ic eu it
Ru g a l Min ne ot Tb a t c in e a
4.2 Class Diagram:Class diagrams are the mainstay of object-oriented analysis and design. Class diagrams show the classes of the system, their interrelationships (including inheritance, aggregation, and association), and the operations and attributes of the classes. Class diagrams are used for a wide variety of purposes, including both conceptual/domain modeling and detailed design modeling.
T p lo y o s u tio o o g C n tr c n n d Nm oe a e ndI o ep nd Pr o e ot g tNd I f ( e o eno) u d te o eno) p a Nd I f ( Rn o P th e c n a d m a S le tio ds a e e tNm peP th rva g tAa a s) e v ilP th ( s le tRn o P th ( e c a d m a s) r u g a le p a n) o tin T b U d tio (
Ta s itMs a e r nm es g ds a e e tN m ds p e tI d s ot e tP r peP th rva r mv Peio s a ( e oe r v u P th) ms a e r n m s n) e s g Ta s is io ( g tA k) e c(
27 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
4.3 Sequence Diagram:A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how processes operate with one another and in what order. It is a construct of a Message Sequence Chart.Sequence diagrams are sometimes called Eventtrace diagrams, event scenarios, and timing diagrams. A sequence diagram shows, as parallel vertical lines (lifelines), different processes or objects that live simultaneously, and, as horizontal arrows, the messages exchanged between them, in the order in which they occur. This allows the specification of simple runtime scenarios in a graphical manner.
S o u rc e s e le c t
S e le c t D e s tin a tio n
R o u tin g Ta b le
R a n d o m P a th
M es s age Tra n s m is s o n
p a th s ele c tion R a n d o m P a th c o m p a re w ith p re vio us p a th
Tra n s m it m e s s a g e
28 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
4.4 Collaboration Diagram:-
1: select Source Select Destination
2: path selection Routing Table
5: Transmit 4: compare 3: Random Path
Random Path
Message Transmisson
4.6 Activity Diagram:
Activity diagrams are typically used for business process modeling, for modeling the logic captured by a single use case or usage scenario, or for modeling the detailed logic of a business rule. Although UML activity diagrams could potentially model the internal logic of a complex operation it would be far better to simply rewrite the operation so that it is simple enough that you don’t require an activity diagram. In many ways UML activity diagrams are the objectoriented equivalent of flow charts and data flow diagrams (DFDs) from structured development.
29 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Lg oi n
sl c e t e dsintio et a n
sl c e t e r no pt ad m a h
nx et nigb u e h or
gt o o s leti n e co
ys e
c mae o pr N o T nm r s it a
5. IMPLEMENTION
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
30 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Implementation is the process of converting a new system design into operation. It is the phase that focuses on user training, site preparation and file conversion for installing a candidate system. The important factor that should be considered here is that the conversion should not disrupt the functioning of the organization. The implementation can be preceded through Socket in java but it will be considered as one to all communication .For proactive broadcasting we need dynamic linking. So java will be more suitable for platform independence and networking concepts. For maintaining route information we go for Oracle as database back end
5.1 SCREEN SHOTS
Get Node Number Get Node Detail
31 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
32 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
33 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Topology Structure
34 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
35 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
36 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
37 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Message Transmission Screen:
38 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Dynamic Routes:
Message Java:
Packet:
39 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
Paths:
Packet Transmission:
40 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS
5.2 TESTING 5.2.1 TESTING PROCESS
The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.
TYPES OF TESTS
5.2.1 UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program input produces valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system
41 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.
5.2.2 INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components is correct and consistent. Integration testing is specifically aimed at exposing the problems that arise from the combination of components.
5.2.3 FUNCTIONAL TESTING
Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements, system documentation and user manuals. Functional testing is centered on the following items: Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected. Functions Output : identified functions must be exercised. : identified classes of application outputs must be exercised : interfacing systems or procedures must be invoked.
Systems/Procedures
Organization and preparation of functional tests is focused on requirements, key functions, or special test cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined processes, and successive processes must be considered for testing.
42 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Before functional testing is complete, additional tests are identified and the effective value of current tests is determined.
5.2.4 SYSTEM TESTING
System testing ensures that the entire integrated software system meets requirements. It tests a configuration to ensure known and predictable results. An example of system testing is the configuration oriented system integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process links and integration points.
5.2.5 BOX TESTING
White Box Testing is a testing in which the software tester has knowledge of the inner workings, structure and language of the software, or at least its purpose. It is used to test areas that cannot be reached from a black box level.
5.2.5.1 BLACK BOX TESTING
Black Box Testing is testing the software without any knowledge of the inner workings, structure or language of the module being tested. Black box tests, as most other kinds of tests, must be written from a definitive source document, such as specification or requirements document, such as specification or requirements document. It is a testing in which the software under test is treated, as a black box .you cannot “see” into it. The test provides inputs and responds to outputs without considering how the software works.
TEST STRATEGY AND APPROACH
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
• All field entries must work properly.
43 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS • • • • • • Pages must be activated from the identified link. The entry screen, messages and responses must not be delayed. Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page.
5.1.6 INTEGRATION TESTING
Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. The task of the integration test is to check that components or software applications, e.g. components in a software system or – one step up – software applications at the company level – interact without error.
5.2.7 ACCEPTANCE TESTING
User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements.
TEST RESULTS
All the test cases mentioned above passed successfully. No defects encountered.
6. CONCLUSION AND FUTURE SCOPE
This paper has proposed a security-enhanced dynamic routing algorithm based on distributed routing information widely supported in existing networks. The proposed algorithm is easy to implement and compatible with popular routing protocols, such as RIP and DSDV, over existing infrastructures. An analytic study was developed for the proposed algorithm and was verified
44 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS against the experimental results. A series of simulation experiments were conducted to show the capability of the proposed algorithm, for which we have very encouraging results. We must point out that the proposed algorithm is completely orthogonal to the work based on the designs of cryptography algorithms and system infrastructures. Our security enhanced dynamic routing could be used with cryptography-based system designs to further improve the security of data transmission over networks.
6.2 Future Enhancements:
To enhance the security features instead of using random path selection, we using a method called odd & even path selection method, also making use of cryptographic algorithm, in order to get efficient packets.
7. BIBLIOGRAPHY
[1] G. Apostolopoulos, V. Peris, P. Pradhan, and D. Saha, “Securing Electronic Commerce: Reducing the SSL Overhead,” IEEE Network, 2000. [2] S. Bohacek, J.P. Hespanha, K. Obraczka, J. Lee, and C. Lim, “Enhancing Security via Stochastic Routing,” Proc. 11th Int’l Conf. Computer Comm. and Networks (ICCCN), 2002. [3] D. Collins, Carrier Grade Voice over IP. McGraw-Hill, 2003. [4] T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms. MIT Press, 1990. [5] P. Erdo¨s and A. Re´nyi, “On Random Graphs,” Publicationes Math. Debrecen, vol. 6, 1959. [6] M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On Power-Law
45 INFORMATION TECHNOLOGY
DYNAMIC ROUTING WITH SECURITY CONSIDERATIONS Relationships of the Internet Topology,” Proc. ACM SIGCOMM’99, pp. 251-262, 1999. [7] FreeS/WAN, http://www.freeswan.org, 2008. [8] I. Gojmerac, T. Ziegler, F. Ricciato, and P. Reichl, “Adaptive Multipath Routing for Dynamic Traffic Engineering,” Proc. IEEE Global Telecommunications Conf. (GLOBECOM), 2003. [9] C. Hopps, Analysis of an Equal-Cost Multi-Path Algorithm, Request for comments (RFC 2992), Nov. 2000. [10] C. Kaufman, R. Perlman, and M. Speciner, Network Security— PRIVATE Communication in a PUBLIC World, second ed. Prentice Hall PTR, 2002.
By Narsing
46 INFORMATION TECHNOLOGY
