(A Case Study Of Secured Client-Server Chat Application)
CHAPTER 1
11 INTRODUCTION
12 Background of the study
13 Statement of the problem
14 Objectives of the study
15 Significance of the study
16 Scope of the study
17 Limitations
18 Organization of the work
19 Definition of terms
CHAPTER 2:
20 LITERATURE REVIEW
21 Client-Server and other models
22 Client-Server communication
23 Host identification and service port
24 Sockets and socket based communication
25 TCP/IP Socket programming
26 Socket programming in Java
27 Secure internet programming
28 Overview of secure socket layer (SSL)
29 Security
210 Hash functions
CHAPTER 3:
30 SYSTEM ANALYSIS AND DESIGN
31 Methodology
32 Primary Data collection
321Secondary Data collection
33 Analysis of the existing system
34 Limitations of the existing system
35 System Design
36 Database Design
37 System Flowchart
38 Top Down Diagram
39 Justification of the new system
CHAPTER 4:
40 IMPLEMENTATION TESTING AND INTEGRATION
41 Choice of development tools
42 System Requirements
421 Software Requirements
422 Hardware Requirements
43 Implementation
44 Testing
441 Unit Test
442 System Test
45 Integration
CHAPTER 5:
50 SUMMARY, RECOMMENDATIONS AND CONCLUSION
5
1 Summary
52 Limitations
53 Recommendations
54 Bill Of Engineering Measurement And Evaluation
53 Conclusion
Bibliography
Appendix A: Program Codes
BAChatClientjava
BAChatServerjava
DatabaseManagerjava
Encryptorjava
Appendix B: Sample Output
Appendix C: User Guid
11 INTRODUCTION
Several network systems are built to communicate with one another and are made available through service-oriented architectures In this project, we use the client server architecture to develop a secured Client-Server chat application A chat application is created based on Transmission Control Protocol (TCP) where TCP is connection oriented protocol and in the end, multithreading is used to develop the application
A client-server chat application consists of a Chat Client and a Chat Server and there exists a two way communication between them Here, Message Processor is used to interpret message from the user, Message Interpreter is used to extract and pass the received message Message Maker is used to construct back the message and Client Manager is used to maintain the clients list which the sender and receiver at both sides use to interact with each other
In general, the server process will start on some computer system; in fact, the server should be executed before the client Server usually initializes itself, and then goes to wait state or sleep state where it will wait for a client request After that, a client process can start on either the same machine or on some other machine Whenever the client wants some service from the server, it will send a request to the server and the server will accept the request and process it After the server has finished providing its service to the client, the server will again go back to sleep, that is, waiting for the next client request to arrive This process is repeated as long as the server processes is running Whenever such request comes, the server can immediately serve the client and again go back to the waiting state for the next request to arrive
12 BACKGROUND OF THE STUDY
Client server model is the standard model which has been accepted by many for developing network applications In this model, there is a notion of client and notion of server As the name implies, a server is a process (or a computer in which the process is running) that is offering some services to other entities which are called clients A client on the other hand is process (which is running) on the same computer or other computer that is requesting the services provided by the server
A chat application is basically a combination of two applications:
Server application
Client application
Server application runs on the server computer and client application runs on the client computer (or the machine with server) In this chat application, a client can send data to anyone who is connected to the server
Java application programming interface (API) provides the classes for creating sockets to facilitate program communications over the network Sockets are the endpoints of logical connections between two hosts and can be used to send and receive data Java treats socket communications much as it treat input and output operations; thus programs can read from or write to sockets as easily as they can read from or write to files
To establish a server connection, a server socket needs to be created and attached to a port, which is where the server listens for connections The port recognizes the Transmission Control Protocol service on the socket For instance, the email server runs on port 25, and the web server usually runs on port 80
Server Execution: At server the side, a thread is created which receives numerous clients’ requests It also contains a list in which Client’s name and IP addresses are stored After that, it broadcast the list to all the users who are currently in chat
room and when a client logs out then server deletes that particular client from the list, update the list and then broadcast the list to all available clients
Client Execution: A client firstly must have to register itself by sending username to the server and should have to start the thread so that system can get the list of all available clients Then any of two registered clients can communicate with each other
13 STATEMENT OF THE PROBLEM
The client-server communication model is used in a wide variety of software applications Where normally the server side is sufficiently protected and sealed from public access, but client applications running on devices like notebooks and desktops are considered insecure and exposed to security threats
The main weakness of client-server chat application is that there is no security provided to data which is transferred between clients Any unauthorized client can hack the client account and can change the data This is the main objective of this project (To develop a secured Client-Server Chat Application)
14 OBJECTIVES OF THE STUDY
The aim of this project is to develop a reliable and secure network programming (Client-Server chat model) which can perform a multithreaded server client chat
application based on Java socket programming using Transport Control Protocol (TCP) As security is the key factor while communicating over a network, hash function with salt is used for the Database based on a number of benefits MySQL became the choice for the implementation of this application based on its scalability and flexibility, high performance, high availability, strong data protection, web and data warehouse strengths, management ease, lowest total cost of ownership and open source freedom
15 SIGNIFICANCE OF THE STUDY
Apart from just performing the regular client server chat, this client-server chat is robust and significant in the following ways: This project use MySQL for its database to make information in the database secure The personal details and messages including the private messages in the Database are encrypted using encryptor (one of the security facilities available in the MySQL) This project implements hash function with the password before the encryption and then stored in the Database It also uses random generated numbers (salt) that is calculated together with the passworded hash values and stored in the Database As a result, even if the database is compromised, the salt added to hash values makes it harder to compute the original password This random salt is used with the hash function to significantly increase the strength of encrypting passwords and thus makes cracking greatly impossible This makes the chat application server reliable and more secured Another significance of this application is private chatting This is where two users can chat in private The messages between the users are not displayed / seen in the general chat display text field The messages are displayed only within the private message display text field
16 SCOPE OF THE STUDY
The project shall consider among other things the following issues:
1 To provide a better understanding of how network programming in java works
2 Develop a reliable network communication for a Client-Server chat application
3 Analyses of network programming in java (Multithreaded Client-Server Chat applications) for better understanding of the solutions
4 Conduct an experimental result in order to establish the parameter of the problem In conclusion, suggest ways the problems can be eliminated and recommends how the problems can be prevented
17 LIMITATIONS
The previous Client-Server Chat system implements only hash function with the password before the encryption which is then stored in the Database Thus, the database can be compromised easily to compute the original password
Some drawbacks of the Client-Server Chat are as follows:
As the server receives as many requests from clients so there is a chance that server can become congested and overloaded
In case of server fails then the users also suffers
A lost password is irrecoverable
Any unauthorized client can hack the client account and can change the data
18 ORGANISATION OF THE WORK
In this project, a secure java chat application is considered which relies on the client-server paradigm to exchange the information It is divided into five chapters
Chapter one is the introduction which consists of the background of study, significance of the study, scope of the study, limitations of the study, organization of the work and the definition of terms
The second chapter focuses on the literature review of relevant scholar’s opinions relevant to this study such as socket programming in java, overview of secure socket layer, hash function etc
The third chapter gives details of the main methodology and system design to implement the client-server chat application in java First of all the application is developed by using TCP then and in the end multithreading is used to develop the application At the end of chapter weaknesses (deadlocks) of multithreading is discussed which can be removed by using synchronizing threads
Chapter four is the implementation of the secured Java Client-Server Chat Application: it test and analysis the implementation of the application
Chapter five ends the project report Firstly, a short summary highlights the main points of the whole project Next, a number of conclusions and recommendations
are given and lastly Appendix
19 DEFINITION OF TERMS
Socket: Socket is a standard connection protocol that supports data communication over the network between connected terminals The standard connection supports the data transmission both by the TCP and UDP protocols between the terminals
TCP: TCP is a transport layer protocol used by applications that require guaranteed delivery of data Basically, it is a connection-oriented protocol To communicate over TCP one must first have to establish a connection between pair of sockets, where one socket is client and the other belongs to server After the
connection is established between them then they can communicate with each other
Client: A client is a system that accesses or desires for a service made accessible by a server
Server: A server is a system (hardware or software) program running to provide the service requests of other system programs
Port: Port is a software mechanism that allows the centralized connected Servers to listen for requests made by clients Port is actually purposed as a gateway to listen for the requested parameters by the server terminals or other machines It is a software address on a system that is on the network Entire request response proceeding among this Application is carries through machine ports
Network: This refers to a system were computers are linked to share software, data, hardware and resources for the benefit of users
Interface: This may be software or hardware that upon an agreed method spells out the manner a system component can exchange information with another system component
Secure socket layer (SSL): This refers to Secure Sockets Layer protocol that is used for encryption of data for secure data transmission
IP: This refers to Internet Protocol; it is the reasonable network address of device on a network It is notational called dotted-decimal (for instance: 128101)
Thread: A thread is a section of code which is executing independently of others threads in a same program Java has a class Thread which is defined in javalang package Thread is the most powerful feature that JAVA supports from other programming languages