Computer Engineering

Network Programming: Secure Client-Server Chat Application

Network Programming (Secure Client-Server Chat Application)

ABSTRACT

Several network systems are built to communicate with one another as well as made available through service-oriented architectures. In this project, the client-server architecture is used to develop a chat application. Firstly a chat application is created for both Client and Server which is based on Transmission Control Protocol (TCP) where TCP is a connection-oriented protocol and is a reliable connection protocol. As security is the key factor while communicating over a network, in this project, MySQL SSL protocol and hash function was used for the Database based on several benefits. The hash values of the real password and the randomly generated number (salt) are stored in the database. The original password is not stored on the system, making the cracking of passwords much harder.

TABLE OF CONTENT

Title Page
Certification
Approval Page
Dedication
Acknowledgment
Abstract
Table of Contents
List of Tables
List of Figures

CHAPTER 1

1.1 INTRODUCTION
1.2 Background of the study
1.3 Statement of the problem
1.4 Objectives of the study
1.5 Significance of the study
1.6 Scope of the study
1.7 Limitations
1.8 Organization of the work
1.9 Definition of terms

CHAPTER 2:

2.0 LITERATURE REVIEW
2.1 Client-Server and other models
2.2 Client-Server communication
2.3 Host identification and service port
2.4 Sockets and socket-based communication
2.5 TCP/IP Socket programming
2.6 Socket programming in Java
2.7 Secure internet programming
2.8 Overview of secure socket layer (SSL)
2.9 Security
2.10 Hash functions

CHAPTER 3:

3.0 SYSTEM ANALYSIS AND DESIGN
3.1 Methodology
3.2 Primary Data collection
3.2.1Secondary Data collection
3.3 Analysis of the existing system
3.4 Limitations of the existing system
3.5 System Design
3.6 Database Design
3.7 System Flowchart
3.8 Top-Down Diagram
3.9 Justification of the new system

CHAPTER 4:

4.0 IMPLEMENTATION TESTING AND INTEGRATION
4.1 Choice of development tools
4.2 System Requirements
4.2.1 Software Requirements
4.2.2 Hardware Requirements
4.3 Implementation
4.4 Testing
4.4.1 Unit Test
4.4.2 System Test
4.5 Integration

CHAPTER 5:

5.0 SUMMARY, RECOMMENDATIONS, AND CONCLUSION
5.1 Summary
5.2 Limitations
5.3 Recommendations
5.4 Bill Of Engineering Measurement And Evaluation
5.3 Conclusion
Bibliography
Appendix A: Program Codes
BAChatClient.java
BAChatServer.java
DatabaseManager.java
Encryptor.java
Appendix B: Sample Output
Appendix C: User Guide

CHAPTER ONE

1.1 INTRODUCTION

Several network systems are built to communicate with one another and are made available through service-oriented architectures. In this project, we use the client-server architecture to develop a secured Client-Server chat application. A chat application is created based on Transmission Control Protocol (TCP) where TCP is a connection-oriented protocol and in the end, multithreading is used to develop the application.

A client-server chat application consists of a Chat Client and a Chat Server and there exists two-way communication between them. Here, Message Processor is used to interpret messages from the user, Message Interpreter is used to extract and parse the received message. Message Maker is used to construct back the message and Client Manager is used to maintain the client’s list which the sender and receiver on both sides use to interact with each other.

In general, the server process will start on some computer system; in fact, the server should be executed before the client. The server usually initializes itself, and then goes to wait for the state or sleep state where it will wait for a client request. After that, a client process can start on either the same machine or on some other machine. Whenever the client wants some service from the server, it will send a request to the server and the server will accept the request and process it. After the server has finished providing its service to the client, the server will again go back to sleep, that is, waiting for the next client request to arrive. This process is repeated as long as the server process is running. Whenever such a request comes, the server can immediately serve the client and again go back to the waiting state for the next request to arrive.

1.2 BACKGROUND OF THE STUDY

The client-server model is the standard model which has been accepted by many for developing network applications. In this model, there is a notion of the client and a notion of the server. As the name implies, a server is a process (or a computer in which the process is running) that is offering some services to other entities which are called clients. A client on the other hand is a process (which is running) on the same computer or another computer that is requesting the services provided by the server.

A chat application is a combination of two applications:

  • Server application
  • Client application

The server application runs on the server computer and the client application runs on the client computer (or the machine with the server). In this chat application, a client can send data to anyone who is connected to the server.

Java application programming interface (API) provides the classes for creating sockets to facilitate program communications over the network. Sockets are the endpoints of logical connections between two hosts and can be used to send and receive data. Java treats socket communications much as it treats input and output operations; thus programs can read from or write to sockets as easily as they can read from or write to files.

To establish a server connection, a server socket needs to be created and attached to a port, which is where the server listens for connections. The port recognizes the Transmission Control Protocol service on the socket. For instance, the email server runs on port 25, and the webserver usually runs on port 80.

Server Execution: On the server-side, a thread is created which receives numerous clients’ requests. It also contains a list in which the Client’s name and IP addresses are stored. After that, it broadcast the list to all the users who are currently in the chatroom, and when a client logs out the server deletes that particular client from the list, updates the list, and then broadcast the list to all available clients.

Client Execution: A client firstly must have to register by sending a username to the server and should have to start the thread so that system can get the list of all available clients. Then any two registered clients can communicate with each other.

1.3 STATEMENT OF THE PROBLEM

The client-server communication model is used in a wide variety of software applications. Where normally the server-side is sufficiently protected and sealed from public access, but client applications running on devices like notebooks and desktops are considered insecure and exposed to security threats.

The main weakness of the client-server chat application is that there is no security provided to data that is transferred between clients. Any unauthorized client can hack the client account and can change the data. This is the main objective of this project (To develop a secured Client-Server Chat Application).

1.4 OBJECTIVES OF THE STUDY

This project aims to develop a reliable and secure network programming (Client-Server chat model) that can perform a multithreaded server-client chat application based on Java socket programming using Transport Control Protocol (TCP). As security is the key factor while communicating over a network, the hash function with salt is used for the Database based on several benefits. MySQL became the choice for the implementation of this application based on its scalability and flexibility, high performance, high availability, strong data protection, web and data warehouse strengths, management ease, the lowest total cost of ownership, and open-source freedom.

1.5 SIGNIFICANCE OF THE STUDY

Apart from just performing the regular client-server chat, this client-server chat is robust and significant in the following ways:

This project uses MySQL for its database to make information in the database secure. The personal details and messages including the private messages in the Database are encrypted using encryption (one of the security facilities available in MySQL).

This project implements a hash function with the password before the encryption and then stored in the Database. It also uses randomly generated numbers (salt) that are calculated together with the passworded hash values and stored in the Database. As a result, even if the database is compromised, the salt added to hash values makes it harder to compute the original password. This random salt is used with the hash function to significantly increase the strength of encrypting passwords and thus makes cracking greatly impossible. This makes the chat application server reliable and more secure.

Another significance of this application is private chatting. This is where two users can chat in private. The messages between the users are not displayed/seen in the general chat display text field. The messages are displayed only within the private message display text field.

1.6 SCOPE OF THE STUDY

The project shall consider among other things the following issues:

  1. To provide a better understanding of how network programming in java works.
  2. Develop reliable network communication for a Client-Server chat application.
  3. Analyses of network programming in java (Multithreaded Client-Server Chat applications) for a better understanding of the solutions.
  4. Conduct an experimental result to establish the parameter of the problem. In conclusion, suggest ways the problems can be eliminated and recommends how the problems can be prevented.

1.7 LIMITATIONS

The previous Client-Server Chat system implements only the hash function with the password before the encryption which is then stored in the Database. Thus, the database can be compromised easily to compute the original password.

Some drawbacks of the Client-Server Chat are as follows:

  • As the server receives as many requests from clients so there is a chance that the server can become congested and overloaded.
  • In case of the server fails then the users also suffer.
  • A lost password is irrecoverable.
  • Any unauthorized client can hack the client account and can change the data.

1.8 ORGANISATION OF THE WORK

In this project, a secure java chat application is considered which relies on the client-server paradigm to exchange the information. It is divided into five chapters. Chapter one is the introduction which consists of the background of the study, the significance of the study, the scope of the study, the limitations of the study, the organization of the work, and the definition of terms.

The second chapter focuses on the literature review of relevant scholars’ opinions relevant to this study such as socket programming in java, an overview of the secure socket layer, hash function e.t.c.

The third chapter gives details of the main methodology and system design to implement the client-server chat application in java. First of all the application is developed by using TCP then and in the end, multithreading is used to develop the application. At the end of the chapter weaknesses (deadlocks) of multithreading are discussed which can be removed by using synchronizing threads.

Chapter four is the implementation of the secured Java Client-Server Chat Application: it test and analysis the implementation of the application.

Chapter five ends the project report. Firstly, a summary highlights the main points of the whole project. Next, several conclusions and recommendations are given, and lastly Appendix.

1.9 DEFINITION OF TERMS

Socket: Socket is a standard connection protocol that supports data communication over the network between connected terminals. The standard connection supports the data transmission both by the TCP and UDP protocols between the terminals.

TCP: TCP is a transport layer protocol used by applications that require guaranteed delivery of data. It is a connection-oriented protocol. To communicate over TCP one must first have to establish a connection between pair of sockets, where one socket is the client and the other belongs to the server. After the connection is established between them then they can communicate with each other

Client: A client is a system that accesses or desires a service made accessible by a server.

Server: A server is a system (hardware or software) program running to provide the service requests of other system programs.

Port: Port is a software mechanism that allows the centralized connected Servers to listen for requests made by clients. Port is purposed as a gateway to listen for the requested parameters by the server terminals or other machines. It is a software address on a system that is on the network. The entire request-response proceeding among this Application is carried through machine ports.

Network: This refers to a system where computers are linked to share software, data, hardware, and resources for the benefit of users.

Interface: This may be software or hardware that upon an agreed method spells out the manner a system component can exchange information with another system component.

Secure socket layer (SSL): This refers to the Secure Sockets Layer protocol that is used for encryption of data for secure data transmission.

IP: This refers to Internet Protocol; it is the reasonable network address of the device on a network. It is notational called dotted-decimal (for instance: 128.1.0.1).

Thread: A thread is a section of code that is executing independently of others threads in the same program. Java has a class Thread which is defined in java.lang package. Thread is the most powerful feature that JAVA supports from other programming languages.

References

Bhatt, D.V.; Schulze, S.; Hancke, G.P.; “Secure Internet access to gateway using secure socket layer,” vol.55, no.3, pp.793-800, June 2006

Ming Xue; Changjun Zhu; “The Socket Programming and Software Design for Communication Based on Client/Server,” PACCS ’09. Pacific-Asia Conference on, vol., no., pp.775-777, 16-17 May 2009

Shukla, A.; Brecht, Tim.; “TCP Connection Management Mechanisms for Improving Internet Server Performance, “1st IEEE Workshop on, vol., no., pp.1-12, 13-14 Nov. 2006

Zhenxing Liu; Lallie, H.S.; Lu Liu; Yongzhao Zhan; Kaigui Wu; “A hash-based secure interface on plain connection.vol., no., pp.12-39, 17-19 Aug.2011