SECURITY NETWORK PROGRAMMING (SECURED CLIENT-SERVER CHAT APPLICATION)
Several security network systems are built to communicate with one another as well as made available through service-oriented architectures. In this project, the client server architecture is used to develop a chat application. Firstly a chat application is created for both Client and Server which is based on Transmission Control Protocol (TCP) where TCP is connection oriented protocol and is a reliable connection protocol. As security is the key factor while communicating over a security network, so in this project, MySQL SSL protocol and hash function was used for the Database based on a numbers of benefits. The hash values of the real password and the random generated number (salt) is stored in the database. The original password is not stored on the system, making cracking of password much harder.
Several security network systems are built to communicate with one another and are made available through service-oriented architectures. In this project, we use the client server architecture to develop a secured Client-Server chat application. A chat application is created based on Transmission Control Protocol (TCP) where TCP is connection oriented protocol and in the end, multithreading is used to develop the application.
A client-server chat application consists of a Chat Client and a Chat Server and there exists a two way communication between them. Here, Message Processor is used to interpret message from the user, Message Interpreter is used to extract and pass the received message. Message Maker is used to construct back the message and Client Manager is used to maintain the clients list which the sender and receiver at both sides use to interact with each other.
In general, the server process will start on some computer system; in fact, the server should be executed before the client. Server usually initializes itself, and then goes to wait state or sleep state where it will wait for a client request. After that, a client process can start on either the same machine or on some other machine. Whenever the client wants some service from the server, it will send a request to the server and the server will accept the request and process it. After the server has finished providing its service to the client, the server will again go back to sleep, that is, waiting for the next client request to arrive. This process is repeated as long as the server processes is running. Whenever such request comes, the server can immediately serve the client and again go back to the waiting state for the next request to arrive.
BACKGROUND OF THE STUDY
Client server model is the standard model which has been accepted by many for developing security network applications. In this model, there is a notion of client and notion of server. As the name implies, a server is a process (or a computer in which the process is running) that is offering some services to other entities which are called clients. A client on the other hand is process (which is running) on the same computer or other computer that is requesting the services provided by the server.
A chat application is basically a combination of two applications:
- Server application
- Client application
Server application runs on the server computer and client application runs on the client computer (or the machine with server). In this chat application, a client can send data to anyone who is connected to the server.
Java application programming interface (API) provides the classes for creating sockets to facilitate program communications over the security network. Sockets are the endpoints of logical connections between two hosts and can be used to send and receive data. Java treats socket communications much as it treat input and output operations; thus programs can read from or write to sockets as easily as they can read from or write to files.
To establish a server connection, a server socket needs to be created and attached to a port, which is where the server listens for connections. The port recognizes the Transmission Control Protocol service on the socket. For instance, the email server runs on port 25, and the web server usually runs on port 80.
Server Execution: At server the side, a thread is created which receives numerous clients’ requests. It also contains a list in which Client’s name and IP addresses are stored. After that, it broadcast the list to all the users who are currently in chat room and when a client logs out then server deletes that particular client from the list, update the list and then broadcast the list to all available clients.
Client Execution: A client firstly must have to register itself by sending username to the server and should have to start the thread so that system can get the list of all available clients. Then any of two registered clients can communicate with each other.
STATEMENT OF THE PROBLEM
The client-server communication model is used in a wide variety of software applications. Where normally the server side is sufficiently protected and sealed from public access, but client applications running on devices like notebooks and desktops are considered insecure and exposed to security threats.
The main weakness of client-server chat application is that there is no security provided to data which is transferred between clients. Any unauthorized client can hack the client account and can change the data. This is the main objective of this project (To develop a secured Client-Server Chat Application).
OBJECTIVES OF THE STUDY
The aim of this project is to develop a reliable and secure security network programming (Client-Server chat model) which can perform a multithreaded server client chat application based on Java socket programming using Transport Control Protocol (TCP). As security is the key factor while communicating over a security network, hash function with salt is used for the Database based on a number of benefits. MySQL became the choice for the implementation of this application based on its scalability and flexibility, high performance, high availability, strong data protection, web and data warehouse strengths, management ease, lowest total cost of ownership and open source freedom.
SIGNIFICANCE OF THE STUDY
Apart from just performing the regular client server chat, this client-server chat is robust and significant in the following ways:
This project use MySQL for its database to make information in the database secure. The personal details and messages including the private messages in the Database are encrypted using encryptor (one of the security facilities available in the MySQL).
This project implements hash function with the password before the encryption and then stored in the Database. It also uses random generated numbers (salt) that is calculated together with the passworded hash values and stored in the Database. As a result, even if the database is compromised, the salt added to hash values makes it harder to compute the original password. This random salt is used with the hash function to significantly increase the strength of encrypting passwords and thus makes cracking greatly impossible. This makes the chat application server reliable and more secured.
Another significance of this application is private chatting. This is where two users can chat in private. The messages between the users are not displayed/seen in the general chat display text field. The messages are displayed only within the private message display text field.
SCOPE OF THE STUDY
The project shall consider among other things the following issues:
- To provide a better understanding of how security network programming in java works.
- Develop a reliable security network communication for a Client-Server chat application.
- Analyses of security network programming in java (Multithreaded Client-Server Chat applications) for better understanding of the solutions.
- Conduct an experimental result in order to establish the parameter of the problem. In conclusion, suggest ways the problems can be eliminated and recommends how the problems can be prevented.
The previous Client-Server Chat system implements only hash function with the password before the encryption which is then stored in the Database. Thus, the database can be compromised easily to compute the original password.
Some drawbacks of the Client-Server Chat are as follows:
- As the server receives as many requests from clients so there is a chance that server can become congested and overloaded.
- In case of server fails then the users also suffers.
- A lost password is irrecoverable.
- Any unauthorized client can hack the client account and can change the data.
ORGANISATION OF THE WORK
In this project, a secure java chat application is considered which relies on the client-server paradigm to exchange the information. It is divided into five chapters. Chapter one is the introduction which consists of the background of study, significance of the study, scope of the study, limitations of the study, organization of the work and the definition of terms.
The second chapter focuses on the literature review of relevant scholar’s opinions relevant to this study such as socket programming in java, overview of secure socket layer, hash function e.t.c.
The third chapter gives details of the main methodology and system design to implement the client-server chat application in java. First of all the application is developed by using TCP then and in the end multithreading is used to develop the application. At the end of chapter weaknesses (deadlocks) of multithreading is discussed which can be removed by using synchronizing threads.
Chapter four is the implementation of the secured Java Client-Server Chat Application: it test and analysis the implementation of the application.
Chapter five ends the project report. Firstly, a short summary highlights the main points of the whole project. Next, a number of conclusions and recommendations are given and lastly Appendix.
DEFINITION OF TERMS
Socket: Socket is a standard connection protocol that supports data communication over the security network between connected terminals. The standard connection supports the data transmission both by the TCP and UDP protocols between the terminals.
TCP: TCP is a transport layer protocol used by applications that require guaranteed delivery of data. Basically, it is a connection-oriented protocol. To communicate over TCP one must first have to establish a connection between pair of sockets, where one socket is client and the other belongs to server. After the connection is established between them then they can communicate with each other.
Client: A client is a system that accesses or desires for a service made accessible by a server.
Server: A server is a system (hardware or software) program running to provide the service requests of other system programs.
Port: Port is a software mechanism that allows the centralized connected Servers to listen for requests made by clients. Port is actually purposed as a gateway to listen for the requested parameters by the server terminals or other machines. It is a software address on a system that is on the security network. Entire request response proceeding among this Application is carries through machine ports.
Security network: This refers to a system were computers are linked to share software, data, hardware and resources for the benefit of users.
Interface: This may be software or hardware that upon an agreed method spells out the manner a system component can exchange information with another system component.
Secure socket layer (SSL): This refers to Secure Sockets Layer protocol that is used for encryption of data for secure data transmission.
IP: This refers to Internet Protocol; it is the reasonable security network address of device on a security network. It is notational called dotted-decimal (for instance: 22.214.171.124).
Thread: A thread is a section of code which is executing independently of others threads in a same program. Java has a class Thread which is defined in java.lang package. Thread is the most powerful feature that JAVA supports from other programming languages.