Network Security CS - 473 Document Security System (Project Proposal) Submitted To Atif Karamat Submitted By Muhammad Saeed (2002-03-0018) Table of Contents Page # Introduction. ……………………………………………………………………… 1 Project Description ……………………………………………………………… 1 System working………….………………………………………………..……… 1 Implementation of the system………………………………………………….... 2 Software requirements. ……………………………………………..… 2 Hardware Requirements….…………………………………………… 2 Project Plan………………………………………………………………………. 3 Major Activates / milestones………………………………………….. 3 Expected Schedule …………………………………………………… 3 Document Security System Introduction This is the electronic age and we need to make our communication and information transfer system fast and secure. With the advent of Internet we have got increased speed available to transfer documents. But all the legal documents are kept in manual form and we are not able to utilize the speed due to lack of security. The main problems are non-repudiation (a person can turndown the agreement done previously in electronic form), integrity (modification of the document contents after signing it), and the security (privacy or encryption/decryption). Project Description The system being developed will provide the required security and authentication for the transfer of legal documents. Document (text and image files) signing: to control repudiation. Signature verification: to provide authentication and integrity check. Document encryption and decryption: to provide privacy System working The system will work as follows. 1. Compute the digital signature by using sender’s private key (A) on the “one-way hash” of the original document. 2. Encrypt the original document and do digital signature by using destination’s public key (B) and combine them into a file. 3. The signed and encrypted file will be transferred to the destination. 4. The system will decrypt the received file by using receiver’s private key (B), and separate the original document and the digital signature. 5. Compute one-way hash (say H1) of the original document. 6. Decrypt the one-way hash (say H2) by applying sender’s private key (A) on the received digital signature. 7. Compare H1 and H2, if both are same it means data is unchanged after signed. Implementation of the system To achieve this task I want to use Microsoft “CryptoAPIs” Cryptographic Application Programming Interface that is provided as part of Microsoft Windows. CryptoAPI provides a set of functions that allow application to encrypt or digitally sign data in a flexible manner while providing protection for the user’s sensitive private key data. Actual cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). A CSP is responsible for creating keys, destroying them and using them to perform a variety of cryptographic operations. Each CSP provides different implementation of CryptoAPI. Some provide strong cryptographic algorithms that I will use in my project. This project will requires an Enterprise CA (Certificate Authority) setup on Microsoft Windows2000 Advance Server for issuing digital certificates. Another alternative “.keystore” can be used to generate certificates. For the development purposes the system will require. Software requirements: Operating System: Microsoft Windows2000 Advance Server Programming Language: Visual C++6 or Java Other software: CSP Setup, Certificate Authority Hardware Requirements: Processor: Intel PIII – 500 MHz Hard Disk Space required 4 GB Memory: 256 MB. Project Plan Major Activates / milestones 1. CA Setup 2. Certificate parsing & Public/Private Keys Extraction 3. Encryption/ Decryption of file 4. Computation of One-way Hash & Digital Signatures. 5. Integrating Application. Expected Schedule: Activity Duration Dead line 1 1 week Jan -11 (Saturday) 2 1 week Jan -18 (Saturday) 3 1 week Feb -02 (Saturday) 4 1 week Feb -07 (Saturday) 5 1 week Feb -15 (Saturday)