IL-1: Rewriting the GMU KRYPTOS program as a Java web based application 1Abstract—This paper highlights the techniques used andarchitectures used in jKryptos, a 100% pure Java Web basedimplementation of the GMU cryptology learning tool. It dealswith issues such as consistent timing of not only a java class butalso about consistent timing when the class is in multithreadedweb application. It also briefly talks about the use of AJAX in aweb application.Index Terms—java cryptology performance Kryptos Ajaxtiming.I. INTRODUCTIONhe jKryptos project is an implementation of the GMUKryptos educational software program written in 100%pure Java and written for use with any of the currentgeneration of web browsers, including Microsoft InternetExplorer, Netscape and FireFox. It follows standard J2EEdesign patterns, adheres to J2ee and JCE APIs and follows theJ2EE best practices currently promulgated; It is a perfectpackage of software for enhancement by future generations ofECE646 and ECE746 students. We have provided theframework or as we like to look at it, the supportingscaffolding for the next generation of the Kryptos teachingtools. This paper is not meant as detailed analysis of theframework used. The purpose of this paper is three fold: 1. toserve as a light introduction to a Web-based application withmultiple action modules. 2. to familiarize the would-beenhancers of jKryptos with the jKryptos architecture and 3.toserve as an introduction to some of the more esoterictechniques used within jKryptos.. This paper is supposed to actas a guide to aid in enhancing jKryptos.II. WHY DO WE NEED JKRYPTOS AFTER ALL WE HAVEKRYPTOSWindows Desktop vs. Web application: A problem with aWindows desktop application is that you have to haveWindows desktop to use it. With a web application there is noneed to download the program and install it on your PC. Thereisn’t even a need to have Windows installed on your PC. Web based applications are accessible from Windows Intel PCs,Apple PCs, PDAs and UNIX and Linux boxes. In fact there isno reason to even have a PC; web applications are accessiblefrom your local library’s PC.Visual C vs. Java: Kryptos is written in Visual C. Visual C, inthis day of web accessible programs, is no longer a viablelanguage to use. Visual C is great for desktop applications.Java, on the other hand, is a relatively new language with itsroots in web accessibility programming; for instance, it hashad from its inception socket level programming and RPCremote procedure call, both at the core of computers talking toone another over a network such as the World Wide Web.Blue Screen of Death vs. Report of Exception: It is impossibleto cause a blue screen of death or the XP modal windowasking for your permission to send an error report, via amisbehaving J2EE web application. See Figure 1.Figure 1 A not unseen dialog box when using KryptosIt can’t happen because of the separation of client and serverThe entire client portion of a J2EE application is HTML. Theworst that can happen is a Runtime exception, in which case,the j2ee application gracefully reports the error, via HTML,before bowing out. The user does not have to start anotherJVM in order to continue his work.Centralized control of patches: The biggest problem withprograms such as Kryptos is that as more and more graduatestudents use it as a vehicle to use on their projects the morepatches are generated for this one application. One of theheadaches faced by a someone responsible for a computerprogram that changes over time and is separately distributed is“Who has what version of the code? “Configurationmanagement is a very real problem. Microsoft has tried tosolve this problem by its automatic update program which triesto download security patches to the code it sells. One of thebest reasons for an application to move to the web is that thereis one single sole source for the current applicationprogram...Sure, we can make it part of the protocol such thateach time you use Kryptos that you download it and reinstall itbut how much easier is it to just have to modify one copy ofthe program and know that patch instantly translates intocorrect results for everyone who uses that program?Now that we have finished the justification for jKryptos letslook at the application from a mile high view.III. SERVER TIER GENERAL ARCHITECTURE:jKryptos uses the Model View Controller, MVC, architecture .The view is the Ajax –enabled HTML page. The model in thiscase is set of objects used to crypt the data and the controller isa pair of servlets. See Figure 2.jKryptos, a Java web version of KryptosJim StollTIL-1: Rewriting the GMU KRYPTOS program as a Java web based application 2cd Input / Output Logical M odelFileUpLoadServ letUpload clearText fileSessionCrypt the datajKryptosServ letjoe userFileitemOutput FileURL on WebPagejKryptosCipherCryption ModuleCryptMapResource BundleLoaded DynamicallyqueryFigure 2 jKryptos general I / O and processInput: jKryptos uses the open source software, Commonsdownload package, from the Apache Software Foundation [8]to download the required files from the client’s PC. The way we interface with this software component is to modify theprovided Commons download servlet so that instead ofprocessing the file in this servlet we simply put the FileItem,the main token of the download process into a wrapper classand put the wrapped object into the Session collection. Thissaves us the problem of trying to modify “foreign code” and makes for a loose coupling of the two software components.The reason we put the FileItem into a wrapper class will beexplained shortly. The use of a single object for file input persession leads to more robust application. The user can be toldthat the last file he has downloaded will be the one used forsubsequent ciphers it does not matter if the next cipher he isdoing is DES or a SHA-1 hash. If he is not sure which file heused all he must do is re download the file, that file will thenbe used for all subsequent ciphers. This persistence of inputfiles proves quite handy where the only variable in the cipherstudy cycle is the enciphered text, then all the user must do isre upload the cipher text. Both the IV and the Key will still beon the server unlike the current Kryptos where the user mustspecify both the IV and the Key for each repetition of studycipher cycle.Process: After parsing the input parameters from theHTTPRequest object, the jKryptos Servlet, looks up via acustomized
View Full Document
Unlocking...