Bluetooth Security


Bluetooth is one of the most widely used technologies used by various devices such as mobile phones, gaming consoles, laptop and computer peripherals. This article discusses about Bluetooth security, technology standards, security features, vulnerabilities and risks associated with using Bluetooth enabled devices.


Wireless technology enables device communication without physical connections such as cables. Communication in this technology is performed via radio waves so reliability depends on physical surrounding objects such as walls. Since wireless network broadcast their data which concerns the data security. WLAN, WPAN and Ad hoc networks are using wireless technology to communicate and they are implemented by set of standards. WLAN is using IEEE 802.11 standard and WPAN and Ad hoc networks using Bluetooth standard [IEEE01].

The Bluetooth standard allows a number of devices to communicate in dynamically changing network topologies. It uses the frequency hopping spread spectrum which makes it a short-range technology. Main usage area for Bluetooth technology is devices which are battery powered and have limited power consumption such as Mobile devices, PDA, etc….

There are s number of information security risks when using Bluetooth technology to transfer data within private and public networks; these risks can be increased by a number of factors such misconfiguration and not using security capabilities by end-users and accessing unsafe networks.

According to K. Scarfone and J. Padgette (2008), Bluetooth devices have different operating ranges and are categorized into 3 classes, Class 1 which ranges up to 100 meters and uses higher power, Class 2 which ranges up to 10 meters and uses medium power and Class 3 which ranges up to 1 meter and uses lowest power. Class 2 is mostly used by mobile devices. these numbers are designed operated ranges so the attacker might be able to communicate at significantly larger distances by using high gain antennas.

Wireless technology enables device communication without physical connections such as cables. Communication in this technology is performed via radio waves so reliability depends on physical surrounding objects such as walls. Since wireless network broadcast their data which concerns the data security. WLAN, WPAN and Ad hoc networks are using wireless technology to communicate and they are implemented by set of standards. WLAN is using IEEE 802.11 standard and WPAN and Ad hoc networks using Bluetooth standard [IEEE01].

The Bluetooth standard allows a number of devices to communicate in dynamically changing network topologies. It uses the frequency hopping spread spectrum which makes it a short-range technology. Main usage area for Bluetooth technology is devices which are battery powered and have limited power consumption such as Mobile devices, PDA, etc….

There are s number of information security risks when using Bluetooth technology to transfer data within private and public networks; these risks can be increased by a number of factors such misconfiguration and not using security capabilities by end-users and accessing unsafe networks.

According to K. Scarfone and J. Padgette (2008), Bluetooth devices have different operating ranges and are categorized into 3 classes, Class 1 which ranges up to 100 meters and uses higher power, Class 2 which ranges up to 10 meters and uses medium power and Class 3 which ranges up to 1 meter and uses lowest power. Class 2 is mostly used by mobile devices. these numbers are designed operated ranges so the attacker might be able to communicate at significantly larger distances by using high gain antennas.

Bluetooth security features

There are four main information security services to protect the Bluetooth devices which applies to all of the Bluetooth layers including:

  1. >Identification which includes identifying each entity such as user or device to recognize it and distinguish it from others. Identification will be performed by first two layers of the devices which are physical and Bluetooth layers.
  2. Authentication: Verifying the identity of communication device to allow access to the available services. Authentication mechanisms for each layer is performed independently and each layer is responsible for its own authentication.
  3. Confidentiality: Preventing information compromise. Confidentiality is a property which guarantees that information which is stored on the device host will not provided for unauthorized persons, or processes.
  4. Authorization: Checking if the device is permitted to use a service on the Bluetooth enabled host device.

Additionally, there are four security modes defined by Bluetooth which Bluetooth devices must operate in one of these security modes. These security modes includes:

  1. None secure which authentication and encryption is bypassed
  2. Service level-enforced security mode, which security procedures are initiated after link establishment.
  3. Link level-enforced security mode, which supports authentication and encryption features based on a separate secret link key.
  4. Service level-enforced security mode initiating authentication and encryption after link setup

Keijo (2008) has defined a secure simple pairing in six phases including:

  1. Capability exchange, which if its first time for the devices to connect, they exchange their Input and Output capabilities.
  2. Public key exchange, each device generates a private and public key and exchange the public key with each other.
  3. Authentication stage 1: depending the association model, ensuring that no MITM (Man-In-The-Middle) in the communication.
  4. Authentication stage 2: Once the devices finish exchanging and validating integrity of public keys and nonces.
  5. Link key calculation: Both devices calculate link key by their Bluetooth addresses.
  6. LMP authentication and encryption which generates encryption keys


Vulnerability is a weakness in the system that  can be exploited and provide opportunity for attackers to perform an attack. Alfred Loo (2009) concludes that: Most of the existing threats come from the ignorance of users, improper security implementation by some manufacturers, and the inactive attitude of many corporations.

Here are some of the information security vulnerabilities and the possible risks associated with them:

  • Identification: If a mobile device is stolen and previously is paired to the other devices can be used to access data on the other devices.
  • Authentication: If authentication parameters are transmitted in clear text which allows attackers to gather these information using eavesdropping. Or another example would be using short PIN or default ones which lets attackers to find it easily using brute-force. Shaked and Wool (2005) have shown that it is very easy to crack the PIN used by a Bluetooth device when pairing with another device.
  • Authorization: If one authorization is used for all the available services in the device, it increase the risk of accessing the data once the device is authorized by attacker.
  • Confidentiality: If the radio traffic is not encrypted, attackers can sniff the radio data and using protocol sniffers. Another example would be if all devices use shared master key which if discovered by attackers can be used to decrypt all of the transmitted data.
  • Integrity: If per packet integrity checks is not implemented, it helps attackers to manipulate the data without being identified.
  • Non-repudiation: If event auditing is disabled, it will not be possible to trace using events to find the attackers.
  • Availability: It is possible that other applications functions in the same frequency and alter transmitted data.
  • Physical security: if secure hardware design is not applied it allows accessing the memory by opening the hardware of the device.
  • Anonymity: It is possible to find manufacturer of the Bluetooth device by first 3 character of the BD_ADDR and map the device to a user using that value and getting future details of the device to help future attacks. Also attackers still can find devices set to none-discovery mode to get details of the device.
  • User awareness: choosing simple PIN numbers can help attackers to guess the PIN numbers and pair with their devices.
  • Proximity security: Despite the fact that in the Bluetooth specification maximum range is defined 100 meters, F. Tvrz and M. Coetzee  (2010: p75) stated that: The hardware providing Bluetooth functionality has been successfully modified which increased transmission up to 1.77 Kilometres.

Implementation security: If one of the layers from source to the destination is not secure it may use by attackers to gain access to the whole data.

Attacks on Bluetooth

Attacks use misconfiguration and vulnerabilities to compromise the Bluetooth enabled device information security services. F. Tvrz and M. Coetzee  (2010: p92) has categorised these attacks into two main categories (passing and active) four main categories including:

  1. Interruption which causes devices to become unavailable by sending malicious data to the device. These kind of attacks become under active category since the attack involves in the modification of the data streams. An example would be Denial of service attacks.
  2. Interception which involves attempts to gain unauthorized access to the mobile phone. These attacks are Passive attacks since it will not result any changes in the device. Eavesdropping and traffic analysis are examples of these kind of attacks. In these attacks Bluetooth transmissions are monitored to find communication patterns.
  3. Modification which including altering the content and data in the Bluetooth enabled device. These attacks also take place under active category and Message modification is an example of these kind of attacks which the legitimate message is changed by editing or deleting it.
  4. Fabrication which by performing counterfeit attackers can bypass authentication and gain access to the device. Fabrication is an active attack an examples would be Relay and Masquerade. In the relay attacks, transmissions are monitored and attacker retransmit the data to the Bluetooth device as legitimate user. Masquerading involves impersonating an authorized user to gain access to the Bluetooth devices.

Attackers can increase communication range by connecting to an external antenna on the Bluetooth dongle which help them to attempt access a devices in a larger range. By using a sniffing device they can accumulate all the communication information taking place within all 79 frequencies or reply to the victim device. Pairing would be best opportunity for attackers to compromise the information security if the device number and random number is transmitted in clear text.

Using Bluetooth worms, viruses and Trojans are another way to gain access to the Bluetooth devices. The way that a Bluetooth device infects the device is different comparing the worms which spread in the Internet. A Bluetooth infection occurs only when source and victim devices are located in their range.

Attacks could be performed across all layers in different stages and it is critical to detect and configure the device to secure it against the attacks, one method which organizations can use to detect possible attacks are using honeyclients. OConnor and Sangster (2010) introduced a framework for implementing virtual honeyclients for mobile devices (honeyM) which can be used to get more information about attacks.  They also demonstrated that honeyM could simulate several different vulnerable mobile devices and also to deceive multiple scanning and detection tools.


Bluetooth provides possibility to create short range Ad hoc connections within both private and public networks. Bluetooth enabled devices presents new risks within public or private environments since wireless networks are beyond traditional wired networks. These risks are identified on all layers of the Bluetooth device.

Identification, authentication, confidentiality and authorization are four information security systems which needs to be performed to protect the data and Bluetooth enabled devices. It is also dependent on the security mode which the device is configured to operate. These information security systems are catered on the wireless links and operating system, application and user layers are responsible for their own information securities.  There are a number of vulnerabilities which can be used by attackers to gain access to the device. End user must be aware of the risks of using Bluetooth devices and also the organization should understand the security concepts and configurations to reduce these risks.


  • K. Scarfone and J. Padgette, Guide to Bluetooth Security, NIST Special Publication 800-121, 2008.
  • F. Tvrz and M. Coetzee (2010). Information security of a bluetooth-enabled handheld device. Germany: Lambert academic publishing AG & Co. KG. 20-26, 72-86.
  • John D. Padgette. 2009. Bluetooth security in the DOD. In Proceedings of the 28th IEEE conference on Military communications (MILCOM’09). IEEE Press, Piscataway, NJ, USA, 2425-2430.
  • Alfred Loo. 2009. Technical opinion: Security threats of smart phones and Bluetooth. Commun. ACM 52, 3 (March 2009), 150-152. DOI=10.1145/1467247.1467282
  • Y. Shaked and A.Wool Cracking the Bluetooth PIN. In Proceedings of 3rd USENIX/ACM Conference of Mobile Systems, Applications and Services (MOBISYS), June 2005.
  • Keijo M. J. Haataja. 2008. New efficient intrusion detection and prevention system for Bluetooth networks. In Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications (MOBILWARE ’08). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, Belgium, Belgium, , Article 16 , 6 pages.
  • T. J. O’Connor and Ben Sangster. 2010. honeyM: a framework for implementing virtual honeyclients for mobile devices. In Proceedings of the third ACM conference on Wireless network security (WiSec ’10). ACM, New York, NY, USA, 129-138. DOI=10.1145/1741866.1741888
Posted in Computer Security | Comments Off on Bluetooth Security

Authorship Rich Snippet Microdata

You may have seen authors picture next to their website URL and description in the Google search results. It appears that Google is pushing more traffic to its social networking portal “Google Plus” and now letting bloggers and authors to link their posts to their Google Plus account. This tutorial provides you with explanation on how to add your profile picture in there by linking on your website to your Google Plus account.


To do so, we need to use microdata formats in our website. In the first step, a profile page must be created in your own website, lets say below URL is your profile URL in your website:

In this page, other than information about yourself, you need to add a link to your Google Plus profile and include rel=”me” attribute in the link tag, for example:

<a href="" rel="me">My Profile</a>

In the next step, you need to login in your Google Plus account, click on the Profile link and then click on the Edit Profile button. Under the links section, add a new link to your website’s profile page, so in this example add a link to:

In the last step, you need to add a link to your website’s profile page from your posts using the rel=”author” attribute, so you may need to add the following code in all of your posts:

Edited by <a href="" rel="author">My Name</a>

Once its done, you can verify it using the Google rich snippets testing tools at:

If everything is fine, you should see a preview of your website, otherwise you may get the following error message if you have any issues with one of the above steps:

This page does not contain authorship or rich snippet markup.


Posted in Tutorials | Comments Off on Authorship Rich Snippet Microdata

Representational State Transfer

Roy Thomas Fielding (2002) has defined Representational State Transfer (REST) as an coordinated sets of architectural constraints to increase scalability and decrease latency and network communication traffic in his PhD dissertation. There are three main elements in the REST architecture including: data elements, connecting elements and processing elements.

Roy has implemented this by defining REST characteristics such as stateless attributes which means that all the requests should contains all necessary information so there will be no need to store any contexts on the server. This attribute give us a limit on the Android client so we will be unable to store contexts on the server, so each requests must contain all the details. On the other hand in the server, since there will be no saved contexts, performance will be improved so it will be a perfect choice for high load server applications.

Another way to run a web service is to use SOAP (Simple Object Access Protocol). Paul Prescod (2005) has compared SOAP and REST in his research paper which provides information between these two architectures.

The reason that REST architecture is used to run web services on this project is to get benefit of the REST implementation advantages such as using standard HTTP protocol, defining URIs for each resources with REST in the web services. Also as discussed above, it will be a perfect choice for high scale enterprise applications.

By using REST we can reduce the bandwidth usage by caching resources in the REST web services. Roy T. Fielding (2000) describes caching requirements as “Cache constraints require that the data within a response to a request be implicitly or explicitly labeled as cacheable or none-cacheable. If a response is cacheable, then a client cache is given the right to reuse that response data for later, equivalent requests” .

Since we use mobile devices as client and bandwidth usage and connection on most of the networks are limited either by slow connections or a monthly usage, taking advantage of caching resources becomes critical for this project. Another advantage would be reducing the load on the server and makes this project more scalable.

Parastatidis et al (2010: 22) concludes that “By using REST architectural style we can get benefits such as loose coupling, self-description, scalability and maintainability”.

Android JBridge project focus on the REST architecture on the server and as explained above, EJBs might exists on different machines, so each session entity can perform operations on its own and it doesn’t require whole the system to link together at once Which will be another advantage of the system. If a machine crashes, other servers can continue operation and the system will be up and running.


Roy T. Fielding and Richard N. Taylor. Principled design of the modern web architecture. ACM Trans. Inter. Tech., 2(2):115–150, 2002.

Posted in Information Technology | Comments Off on Representational State Transfer

Distributed Systems

Distributed systems consists of multiple computers which communicate and coordinate the actions by passing messages to each other.

Using distributed systems results in some advantages and its own challenges. One of the main advantages of the distributed systems is to share the resources such as printer and file in the networks for all users or sharing a database for all the applications running on distributed systems.

Distributed systems  have good performance when dealing with high scale data. The idea behind it is to keep the good performance by adding more resources to the system if necessary. The software should be compatible with distributed systems to allow scalability by adding more computers to the sever.

Distributed Systems

Mobiles in distributed systems by Coulouris A, Dollimore J, Kindberg T 

In distributed systems, since transactions will be sent in a network, it brings security risks to protect these data from network sniffers and attackers. So its a challenge for developers to protect sensitive data by implementing the encryption methods and also using authentication to allow authorized users to access the data on the server.

Another challenge for developers is to design the system in such way that if one of the servers in the network crashes, the other servers can continue their operations  to keep the system up and running.

One of the main concerns of distributed systems is concurrency, so its possible that server get many requests at the same time to use resources, so developers should make sure that they are placing locks on the transactions which requires updates to avoid concurrency related issues.


Coulouris A, Dollimore J, Kindberg T (2001). Distributed Systems concept and design. 3rd ed. England: Pearson Education Ltd. 2-25.

Posted in Information Technology | Comments Off on Distributed Systems

Mobile Computing

Mobile computing is growing everyday and getting popular. Many people are using mobiles which connect to Internet to browse and perform online tasks using their mobile devices. Users will have access to their data regardless of their physical location.

William, Ongtang and McDaniel (2009: 10) state that: “The next generation of open operating systems will be on small mobile devices which people carry everyday rather than desktops or mainframes.”

The concept of using mobile devices to perform tasks is an interesting topic which may lead to take the place of using traditional desktops to perform communications with the server. The objective is to develop software for battery powered devices with wireless network connectivity. Smart mobile devices are defined as those which are connected to a TCP capable network continuously.

According to BBC Measuring the Information Society 2010, currently there are over 5 billion mobile phone connections in the world. This statistics shows the potential of the mobile computing which should be considered by software developers to enhance their software for mobile devices. In some cases which we need to communicate with the server using multiple clients, it is a good idea to be able to replace mobile devices with traditional client desktops, because mobile devices are easier to carry and almost always cheaper.

By comparing hardware resources of mobile devices to the personal computers, it is obvious that personal computers have faster processors and more resources than mobile devices, so using mobile cloud computing becomes important to overcome this issue. Most of the mobile devices contain small storage capacity which they can use clouds to store the data for applications. Amazon EC2, Google AppEngine,  Microsoft Azure and are all cloud providers for developers.

Posted in Information Technology | Comments Off on Mobile Computing

Data types and data collection

What is Data?

Data is raw facts, which by manipulating and processing them we will get information.
Data can be categorized in four main categories.

Data types

  • Discrete data: Numeric variables which values can be recorded.
  • Continuous data: Numeric variables where the values which must be recorded are intrinsically approximate.
  • Ordinal data: Ordinal data are data which are capable of being put into an order.
  • Category (or nominal) data: Category data are information about the type or category of an item.

Data collection methods

Accessing already available documentation

It might happen which different offices in the company face similar issues which might be solved before and it’s available in their existing data. So company can use their already existing documents and data, to make it easier to resolve their current issues, or the similar issues they have and resolve the issues regarding where the data is.

Company can create a database of information and store all of their existing data in different offices they have in one database.

This makes it easy and possible for each office to access the data whenever they need by searching in the database from anywhere they are located.

If in the past a data is collected which might solve similar issues the company has by accessing those data. This data can be found in the same office, or different offices, or even using external sources and statistical data. The external data can be gathered using Internet or books and articles, etc…

  • Advantages: the data is cheap and relative.
  • Disadvantages: It might be out of date; context of the data gathered before by the company might be different than what they need which causes the different result and it might be different than what is required.

Using questionnaires

Company can create Surveys and provide them to their customers in all of their offices or in their website and gather all of the answers and after analysing they will have the data they need. Different ways of using questionnaires are:

1.  Building a website based questionnaire

By building a website all offices can work together world wide and store all of the information in a database which is accessible for all of them.

  • Advantages: Information can be collected quickly, visitors stay anonymous and their answers on their considered issues will be relevant, easy to analyse the answers, visitors can answer questions without pressure.
  • Disadvantages: it’s a time consuming task to create a questionnaire, website visitors might misunderstand the questions so their answers might be incorrect, and its difficult to make the people to answer honestly, also answers might be incomplete and incorrect. Also its hard to make sure only the range of the people they looking for answer the questions to provide relevant data.

2. Emailing the questions to the customers

Company can get emails from customers to provide their suggestions and advises.

  • Advantages: it is cheap, fast and easy to use.
  • Disadvantages: need access to the email addresses of the customers as well as their permission to send email to them (avoid spamming).

3. Asking the customers to answer the questions on the phone

By asking questions on the phone from customers and asking their suggestions.

  • Advantages: relevant data.
  • Disadvantages: expensive, time consuming.


By creating a survey and customers complete the surveys.

  • Advantages: it’s possible to ask many people to complete the survey quickly as well as they stay anonymous, data will be relevant if the questions are in their interest. It’s cheap.
  • Disadvantages: time consuming, not everyone like to complete a survey and their answers might be incomplete or incorrect in some cases.


Company can get data by interviewing with customers or employees in person.

Interview with customers

Company can train interviewers to interview customers in person by asking questions and their suggestions about their services to find out the ways to improve their services, also they can ask about services they are looking for which the company is not currently offering to provide it in the future.

Interview with employees

Also they can interview from their current employees from their different offices and ask them questions and suggestions for resolving issues or ideas to improve their services. Another way of interviewing is for interviewing with people doing similar business.

  • Advantages:
    • Customers can provide their suggestions as well as answering their questions so they can explain the details of why they suggest that answer.
    • Answers will be honest as they are being interviewed in person.
    • Visitors will answer to the most of the questions.
    • Customers can provide subjective data, example what services they can provide.
  • Disadvantages:
    • It will be an expensive task to interview.
    • It will take very long time to interview each person individually
    • For interviewing, company needs to train interviewers.
    • Interviewers might bias the answers


Company can ask visitors to comment about a service which they going to offer and listen to the visitor’s opinions about output of the service. Then they can record the behaviour of the visitors as they interested or not about that service.

Another way of collecting the data in the case study is that the company can find out about similar services which another company offering and then recording the output of that service as a data for themselves. Also they can ask opinions of their employers about the services they going to offer. By gathering all of this data then company can create a knowledge management system. Random visit to each office is an example of observation data collection.

  • Advantages: this way provides direct information about how people think and react about a solution before it accrues and allows more flexibility.
  • Disadvantages: It is very time consuming and expensive, it might not be objective.

Data processing


Company can categories the data they are collecting, for example one category might be categorizing source of data which is from customers or employers or competitors. Another way of classifying the data is based on the subject or issues they send questionnaires.


Another way they can process the gathered data is to sort the data according to the date of the data retrieval. This will provide additional information for example out of date data or new data.


Selecting is another processing data method, for example a company can select the data which they approve after collection or reject them. For example they can reject the surveys with less than 5% answers and approve the ones with more than 5% answers.


Company can calculate the number of answers given per survey to find out the required information. For example they can count number of answers per question.


Another example of processing data is transforming the data into another nature, for example they can process data and mark them with passed or rejected. Or they can analyse the answers and change the data to percentage of correct answers.

Finding links or relationships.

They can analyse the answers to find and find what people are answering the same to particular questions.


  •   Online accessed on: (16 Mar 2009)
  •  Online accessed on: (16 Mar 2009)
  • Ackoff, R.L., (1989) ‘From Data to Wisdom’, Journal of Applied Systems Analysis, Vol. 16.
  • Bocij, P. et al, edited by Chaffey, D. (2003) Business Information Systems. 2nd ed. Prentice Hall. ISBN 027365540X
  • Checkland, P.B. and Scholes, J. (1990), Soft Systems Methodology in Action. New York: John Wiley & Sons.
  • Cohen, J.M. and M.J. (1967) The Penguin Dictionary of Quotations. Penguin.
  • Business Basics (2000) Quantitative Methods: Study Text. BPP Business Education Ltd.
  • Conducting an interview for data collection – 16 Mar 2009
    Dr Martin Davies –
  • Collecting Evaluation Data: Direct Observation – 16 Mar 2009
  • Ellen Taylor-Powell and Sara Steele-
Posted in Information Technology | Comments Off on Data types and data collection

How to configure server

This tutorial provides you with a step by step configuration for a simple Linux server on how to configure server. Linux Fedora core server is chosen for this tutorial, however configuration for other distributions may vary. Fedora is free Linux distribution which is developed by Fedora Project and sponsored by Red Hat.

FIAIF Firewall

FIAIF is an open source firewall; Firewall let us close or open access to or from specific ports or IP addresses to make our server secure. If we leave all the ports open on the server hackers might use the open ports to attack to the server, so we only keep the ports open which we use, for example we keep port 80 open for apache web server. Details about ports we need to open are in the explanation of FIAIF in this document.

Apache 2.2 web server

Apache is open source software which accepts HTTP (Hypertext Transfer Protocol) requests from clients and response back using web pages such as HTML documents. So if we are going to run a web site, we need to install web server. Browser sends address to the web server; web server sends back the response to the browser and then browser display the content.

MySQL database server

MySQL is a free database server which provides database access in our server for us which we can use it in our PHP and or other software’s. So if we require in our website to have a database to store information and retrieve, or having dynamic contents such as search pages, members signup and login pages, etc… we will need to install database server.


PHP (Hypertext Preprocessor) is a scripting language which is used in the web pages. Using PHP we can have dynamic content in our web pages and also connect to our MySQL database server and load dynamic data from database in our web page.


VSFTPD is a free and open source FTP (File Transfer Protocol) server which allows us to upload files to our web server. By configuring FTP server, we can enter username and password and then will be able to download and upload website content in our website. An easy way is to use windows explorer to connect to our FTP server.

Sendmail Mail server

SendMail let us to send and receive emails in our server. We can use PHP or other scripts to send emails using our mail server as well. Sendmail has SMTP (Send mail transfer protocol) to send emails and POP3 (Post Office Protocol 3) to receive emails.

PHPMyAdmin script

PHPMyAdmin make it easy to connect our MySQL database server and maintain it in a web page interface. We can easily create tables, fields, run reports and queries using phpMyAdmin.

How to configure server

Setting up FIAIF firewall

Installation from source

You can download tar.gz package from page and extract it in your server, after that by using configure & make commands we will compile and install the FIAIF firewall in our server.

 # Download firewall tar.gz package into the server
 $ wget

 # Extract fiaif package
 $ tar –zxf fiaif_1.21.1.tar.gz

 # Change the directory into the fiaif_1.21.1 folder
 $ cd fiaif_1.21.1

 # Configure our compile
 $ ./configure

 # Compile the package
 $ make

 # Install FIAIF firewall
 $ make install

Configuring IFAIF

In our firewall we need to open following ports:

Port 80 for web server

Port 21 for FTP Server

Port 22 for SSH (Remote connection to the server)

Port 25 for mail server (Send email)

Port 110 for mail server (Receive email)

We can use following syntax in the IFAIF config file (/etc/fiaif/zone.ext) to open these ports:

INPUT[0]="ACCEPT tcp www,ftp,ssh,smtp,pop3>"

Starting FIAIF Firewall

FIAIF startup script is located in the /etc/init.d folder in Fedora, so by running following command you can start FIAIF firewall service:

$ /etc/init.d/fiaif start

Setting up Apache web server

Installing Apache by building from source

Using wget command we can download the file from internet to our server, and tar –zxf extracts tar.gz files.

# Downloading apache web server source using wget command
$ wget

# Extract httpd-2.2.11.tar.gz file using tar with –zxf switch
$ tar xvf httpd-2.2.11.tar.gz

# Change the directory to the httpd-2.2.11 folder 
$ cd httpd-2.2.11

# Configure the building apache before making it, prefix is the installation directory
$ ./configure --prefix= PREFIX

# Compile apache
$ make

# Install apache
$ make install

Apache Configuration

Finding httpd.conf

# Change the current directory to root to start the search from root
$ cd /

# Find the httpd.conf file using find command with –name switch 
$ find –name httpd.conf

# Result: ./etc/httpd/conf/httpd.conf
$ nano /etc/httpd/conf/httpd.conf
# Global Environment
# Configures the Server HTTP response header
ServerTokens OS 

# Base directory for the server installation
ServerRoot “/etc/httpd” 

# IP addresses and ports that the server listens to
Listen 80

Website configuration

 # Web master email address
 ServerAdmin [email protected]

 # Hostname of the server

 # The default directory from which httpd will serve files
 DocumentRoot "/var/www/html"

 # this indicates which page it should display by default  
 DirectoryIndex index.html index.htm

Virtual hosts

Here we going to setup a website and we assume our website domain name will be First we need to create a folder for our website, we will create yourdomain folder in the /home folder and also provide access to the apache user to the folder:

$ mkdir /home/yourdomain
$ mkdir /home/yourdomain/www

Setting access to the www folder for our web server:

# Setting directives for /home/yourdomain/www folder
<Directory "/home/yourdomain/www ">

# Allow use of the directives to show directory listing
# And also option to enable symbolic links
Options Indexes FollowSymLinks

# When the server finds an .htaccess file
# it needs to know which directives declared in that file can
# override earlier access information.
AllowOverride All

# First, all Allow directives are evaluated; #at least one must match, or the request is rejected. # Next, all Deny directives are evaluated. 
Order allow,deny

# Apache will serve any file mapped from an URL
Allow from all

Setting up virtual host in the apache:

# Designates an IP address for name-virtual hosting
NameVirtualHost *:80

# Contains directives that apply only to a specific hostname
<VirtualHost *:80>

# Webmaster email address.
ServerAdmin [email protected]

# set the website home folder
DocumentRoot /home/yourdomain/www

#  Set the server name to the domain name

# Setting the error log name
ErrorLog logs/

# Identifies the log file and the log file format.
CustomLog logs/ common

Setting up MySQL database server

Installing MySQL from source

We can download MySQL source from mysql website, compile and install it if we don’t have Yum package installer in the server. In this example we are going to install MySQL Server 5.1 in our server. Bellow you can find all commands to install. To install you can get a tar.gz package from and upload it to your server, extract it using tar –zxf command, configure, compile and install it:

Download MySQL source code from

# Extract mysql source tar.gz file
$ tar –zxf mysql-5.1.30-linux-i686-glibc23.tar.gz

# Change the directory to the mysql source 
$ cd mysql-5.1.30-linux-i686-glibc23
 # PREFIX is mysql installation directory 
$ ./configure --prefix=PREFIX

# Compile mysql server 
$ make

# Install mysql server $ make install 

# Create all necessary databases to controlling user access
$ ./scripts/mysql_install_db

MySQL Configuration

After installation, we need to configure MySQL server. MySQL configuration file is a file called my.cnf which can be found in the /etc folder. Again we can run find command to locate my.cnf if we are not sure where it is located:

$ cd /
$ find –name my.cnf
#Result: ./etc/my.cnf:

After opening the configuration file we can set mysql configurations:


# This is where mysql database files are located 

# This is maximum number of connections can connect to the mysql server  

Starting MySQL Server

After installing MySQL, we need to start mysqld which is MySQL server and does most of the works in the MySQL. To start MySQL we can run the following command:

$ /etc/init.d/mysqld start

Setting up the root password

For setting the root password, we can use mysqladmin, as we do not have any password for the root password yet, we can use the following code to set root password for the first time where NewPassword is the password we going to set for MySQL:

$ mysqladmin -u root password NewPassword

In case of we going to change the root password, we can use:

$ mysqladmin -u root –p OldPassword password NewPassword

In the above examples, OldPassword is our current MySQL root password.

Connecting to the MySQL

$ mysql -u root -p
Enter password:

Creating a database

To create a database, after connecting to the mysql you can use create database command, to get a list of all available commands you can use help command. After we create a database, we may need to create a username and password and give access to that database using grant function; here you can find an example, “yourdomain” is the database name, “myuser” is username and “1234” is the password for the “myuser” username:

# Create yourdomain database using create database command
$ create database yourdomain

 # Create myuser username and set its password to 1234 
$ grant all privileges on yourdomain.* to myuser identified by ‘1234’;

Setting up PHP

In this example we are going to install PHP 5.2.8, so we can download and extract it using the following commands:

# Download php 5.2.8 source to the server
$ wget

# Extract php tar.gz file
$ tar –zxf php-5.2.8.tar.gz

# Change the directory to the extracted PHP source directory 
$ cd php-5.2.8

# Install PHP on apache2 with mysql extension as well 
$ ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql

# Compile PHP source 
$ make

# Install PHP 
$ make install

Configure Apache to load PHP

To load PHP files we need to add the following line in the httpd.conf file:

# This line will load php5 module in the Apache
LoadModule php5_module modules/

# This tells apache to run .php files as with PHP
<FilesMatch \.php$>
  SetHandler application/x-httpd-php

Configure PHP

We need to open /usr/local/lib/php.ini file to configure PHP:

# Load PHP MySQL extension # To connect to the MySQL Server

# This tells PHP to send emails through our sendmail mail server 
sendmail_path = /usr/sbin/sendmail

Restart Apache

Once we configured httpd.conf file, we need to restart our web server.

# This command will restart apache web server
$ service httpd restart

Setting up VSFTPD

VSFTPD is a secure and free FTP server for Linux and Unix.

Installing VSFTPD from source

You can download VSFTPD from website, in this example, we going to install VSFTPD 2.0.7. Here you can find the commands we need to run to install it, if you going to install it through Yum package manager, it doesn’t need to download it as Yum will download and install it at a glance.

# Download vsftpd 2.0.7 to the current working directory
$ wget

# Extract vsftpd from tar.gz file
$ tar –zxf vsftpd-2.0.7.tar.gz

# Change the directory in the extracted vsftpd folder
$ cd vsftpd-2.0.7

# Configure vsftpd source before compile
$ ./configure

# Compile vsftpd source
$ make

# Install vsftpd
$ make install

VSFTPD configuration

Before we can configure our FTP server, we need to locate the configuration file, vsftpd.conf is the configuration file for VSFTPD server. We can use find command to locate the vsftpd.conf file, default location for this file is in /etc folder:

Locating the vsftpd.conf file

# change the current working directory to the root before performing find command 
$ cd /

# Find vsftpd.conf
$ find –name vsftpd.conf

# Find command result

# Open vsftpd.conf in the nano editor
$ nano /etc/vsftpd.conf

After Opening the configuration file we can set configurations and save, here is a proper setting for an internet website FTP configuration:

# We don’t want anonymous users can login in our website ftp for security reasons, # so we set this option to no

# This option controls whether local logins are permitted or not, # so  we set this option to Yes to allow both remote and local users 

# We set this option to Yes to allow file uploads and modifications via FTP 

# We don’t want anonymous users be able to upload, so we set this option to no 

# We don’t want anonymous users be able to create folders 

# Setting this option to NO, avoids anonymous users to do write operations on the FTP 

# Security Options 
# We don’t want anonymous users be able to access our files

# This controls whether PORT style data connections use port 20 

Starting VSFTPD

After configuring the ftp web server, we need to start it, we can start it as a service by typing /etc/init.d/vsftpd start command:

$ /etc/init.d/vsftpd start

Now users can login in the ftp using their username and password in the Linux, they will get access to /home/user folder after they login. For adding users we can use the following command:

 $ useradd -g ftp-users -d /home/ftp-docs user1

Setting up sendmail (Mail Server)

Installing sendmail from source

To install sendmail from source, first you need to download it. To download it to your website, you can use wget command.

# Download sendmail tar.gz file to the server
$ wget

# Extract tar.gz file
$ tar –zxf sendmail.8.14.2.tar.gz

# Change the directory into the extracted folder
$ cd sendmail.8.14.2

# Compile the package using Build command
$ ./Build

# Install sendmail
$ ./Build install


In aliases configuration file, we can setup virtual mailboxes; here is a possible setting for this purpose:

 majid: localuser


In this file we can set hostnames which sendmail accept as local host name. so we can write domains which sendmail will receive emails in them. So if our domain name is this configuration will be:


This file maps email addreses to the virtual domains and mail boxes. For example we map [email protected] email address to the majid mailbox where we defined earlier in the aliases file.

[email protected]                majid

Starting mail server

Now as we setup mail server as well as hostnames we can start our mail server. To do so we can run:

$ /etc/init.d/sendmail start

Setting up phpMyAdmin script

phpMyAdmin is a free software written in PHP which make it possible to manage and handle MySQL related tasks from a website.

Download phpMyAdmin

To download phpMyAdmin, you can visit: website and click on the download phpMyAdmin link and get th zip package, extract the package and upload it to your server. In this sample we will upload using ftp in our website phpmyadmin folder, so we will have:

/home/yourdomain/www/ (Our website root folder)
PHPMyAdmin(This is our phpmyadmin folder in our website root folder)

Installing phpMyAdmin

After we upload the files, when we try to view our website ( in this example) we will see phpMyAdmin login which we can login with mysql username and password, as we set it already in the MySQL setting, so we will login using root as username and NewPassword as password:


Posted in Computer Security, Tutorials | Comments Off on How to configure server

MUD Game

How to build a MUD Game with Scheme

MUD stands for Multi-User Dungeon. In this game I have created a 4×5 maze with items such as keys, health potion, dagger and enemies in rooms. This MUD game is created with Scheme programming language, feel free to download, modify and use it in your projects.

License: MIT License

Game Play

MUD Game

MUD Game walkthrough map

Left and bottom is the starting point and top and right point is the end section, user must get the key to open locked doors, take the dagger to be able to fight and get the health potion to heal from fights.

It is possible to change the map easily by using provided association lists and hash tables. As you can see in the following image, by running game, a description of the game appears and also player’s item will be shown. A brief description about current room and available directions gives a hint to the player.

As you can see in the following image, by running game, a description of the game appears and also player’s item will be shown. A brief description about current room and available directions gives a hint to the player.

MUD Game Screenshot

Enemy can attack you and deduct 20 of your life, if players life get to 0, he will die as shown in the following picture and game ends:

MUD Game Screenshot 2

When player reaches to the destination, following message appears and game ends:

MUD Game Winning

Data Structure

In this game, there are 4 association lists and 2 hash tables. 
Since room’s data and player data are changing, I have created hash table for roomsdb and player.

Room descriptions association list:

(define descriptions '( (1 "You are in the West Jungle, Available directions are 'North' and 'East'") (2 "Jungle, Available directions are 'West' and 'East'") ….. (24 "Jail, You can found the Queen and rescued here!!!")))

In the directions list, you can set which direction is allowed from each room

(define directions '( (1 (north 5) (south 0) (west 0) (east 2))                       (2 (north 0) (south 0) (west 1) (east 3))                         …
                    (24 (north 0) (south 0) (west 23) (east 0))))

You can identify room properties to allocate keys, health potions or make it locked:

(define rooms-list '( (1 (locked #f) (key #f) (dagger #f) (enemy #f) (potion #f) (end #f))

(2 (locked #f) (key #f) (dagger #f) (enemy #f) (potion #f) (end #f))
(24 (locked #f) (key #f) (dagger #f) (enemy #f) (potion #f) (end #t))))

This project consists of two files , which you can set description for each room and which is the program itself. You need to have DrScheme to run this script which is available at:

Download Link: Download

Posted in Scripts | Comments Off on MUD Game

XML vs JSON parsing in Android

Android JBridge

Android-JBridge project uses Android SDK to develop the Android client application. This application consists of several classes for each form known as Activity and a RestEasy class which contains methods to communicate with the RESTEasy web services which is running on the JBoss application server. Android client is running on the Android emulator and since it has its own loop back IP address (, we use a  IP address which resolves to the computer which we are running the emulator from, this can be done by using IP address. On the production environment, this IP address will be replaced with the servers IP address which runs the application and web services.
Android JBridge application

The server application consists of EJBs, Session beans and a REST web services which accept connections from RESTEasy class in the Android client. It also contains all possible methods such as Get for selecting data, Put for updating data, Post for inserting data and Delete for removing the data from the database.

This article also provides a comparison for XML vs JSON parsing time in the Android operating system. JSON datatype is being used for transferring data between the Android client and the REST web service which results smaller data size which reduces traffic between the Android client and web service as well. Android client converts request into the JSON format, connects to the REST web services using httpClient class and sends the request. REST web service connects to the session beans and sends the data and gets the result and convert it to the JSON data format and returns it to the Android client.

The data store in this project is the JBoss built-in hypersonic database and it is possible to replace it with another database such as MySQL if necessary. Deployment of the project has been explained and shown with screen images which demonstrate the application successful testing and running.

XML and JSON data parsing comparison

In this project I have demonstrated on how to use Android mobile devices to connect it to the RESTEasy web services. An implementation for different methods such as SELECT, UPDATE, INSERT and DELETE operations provided. The project has been deployed under the JBoss Application Server and JSON data type is being used. The Android-JBridge project successfully developed and deployed under JBoss application server with testing evidence which provided in the previous section.

For JSON and XML datatypes performance and size comparison in the Android, RestEasyTest class has been created which contains a test method and performs data size and parsing time comparison between these data types. For more accuracy, different number of test products added to the JBoss hypersonic database.

Comparison between JSON and XML in the Android-JBridge

# ofObjects Data Size (bytes) Loading time (milliseconds) Parsing time(milliseconds) Total delay(milliseconds)
JSON 5 2600 24 54 78
XML 5 3059 28 62 90
JSON 13 8059 27 75 102
XML 13 9046 33 70 103
JSON 500 306415 2526 3252 5778
XML 500 341627 3703 2099 5802
JSON 1300 806808 4121 14965 19086
XML 1300 899370 5349 11609 16958
JSON 2500 1550076 6138 31024 37162
XML 2500 1727738 6871 24504 31375

The comparison table displays faster parsing time by JSON for smaller data, however by increasing the data size XML performs a faster parsing. Loading time is faster for JSON and also data size for JSON is smaller.

According to the performed tests in this project, the time which it takes for the data to load and process is the delay time until the device can display results.

XML vs JSON comparison in Android

In production environments we do not load that much data at once and the REST web services will load partial of the data by taking page number and page size arguments and comparing the parsing time between JSON and XML, they are almost similar for smaller data sizes and since loading time for JSON is shorter, total delay time for the JSON on small data is less than XML data. For parsing large-scale data, XML is a lot faster than JSON in the Android emulator.

Android  JBridge is open source and its available to download at:

Posted in Mobile Programming, Scripts | Comments Off on XML vs JSON parsing in Android

CASE Tools

What is CASE tool?

CASE (Computer Aided Software Engineering) tools are used to automate some activity associated with software development in different tasks such as specification, structured analysis, design, coding and testing. CASE tools increase productivity and help producing better quality software at lower costs. This is mainly due to the facts that it significantly reduces human errors in different phases of the development, because it replaces human tasks in a software lifecycle with automated processes.

There are different CASE tools including: configuration management tools, data modeling tools, model transformation tools, program transformation tools, refactoring tools, source code generation tools and unified modeling language.  These tools provide different system analysis and design techniques such as: data flow diagram, entity relationship diagram, logical schema, Program specification, SSADM and User documentation. [2]

CASE tools Environments can be divided into different dimensions including: Life-Cycle Support, Integration Dimension, Construction Dimension and Knowledge Based CASE dimension. [3]

The current research examines the impact of both back-end and integrated CASE tools on the quality of the resultant application using the ISO/IEC 9126 quality definition. The results suggest that the quality of software developed using CASE tools is better than conventionally developed systems with respect to reliability, maintainability and portability. [4]

UML and CASE tools

The Unified Modeling Language (UML) is a general modeling language, which provides best techniques including: data modeling, business modeling, object modeling, and component modeling. UML provides various graphical notation techniques to create visual models for different software systems.

UML provides various elements to visualize a system’s architecture including: actors, business processes, (logical) components, activities, programming language statements, database schemas and reusable software components.

There are various UML tools including: Rational Rose, StarUML, Acceleo, Jink UML… [5]

Advantages of using CASE tools

Increase the speed during system development

CASE tools increase productivity and speed up development process by generating codes, creating records, structures and class definitions in the different programming language. Also CASE tools generate database tables for relational database management systems as well. CASE tools provide code generation for user interfaces and reduce coding in development phase. So these tools are useful for all steps in a software development and speed up whole progress. Also as the codes are being generated by the tools, it reduces bugs in the basic levels such as class ADTs and database structure. It is easier to find problems in the clear diagrams rather than the codes, so software engineers can work on the diagrams to design the software and then create classes using CASE tools. Some case tools will modify the effect the design model when class codes are modified as well.

Reduced coding and testing time

When it become to testing phase, CASE tools provide features for testing both design and debug tools. Different testing process includes checking connection between classes, finding broken links, data type conflicts… It generates test reports which then imported into the test plan documents. [1]  

Creating abstract classes is time consuming and it is necessary that it should be well structured and all of the properties and events declared correctly as well. Using CASE tools, developers do not need to manually write these codes anymore. After designing the system and defining the properties and methods in the class diagrams, CASE tool can easily generate well structured codes for developers and save a lot of time.

Efficient transfer of information between tools

CASE tools provide standard diagrams which is possible to access objects between these diagrams. By changing one object, it reflects all of its instances in different diagrams in the project. Also CASE tools provide options to export generate codes for various programming languages and / or different CASE tools.

Enrich graphical techniques and data flow

It is very easy to design a software using a graphical interface rather than by coding the software. CASE tools offer graphical interface for various diagrams which makes it easier for designers to create data flows and structure classes using this tools. Using CASE tools we can have an overall look to the structure of the software, so it is easier to find bugs, structure problems at this step which is useful and saves time as well.

Create and manipulate documentation

Using CASE tools we can easily produce system documentation in PDF, HTML and MS Word format. Developer can easily design system documentation with template designer tools provided by CASE tools. System analyst can estimate the consequence of change with impact analysis diagrams, matrix and analysis diagram. CASE tools can analyze the system and generate documentation about that system. Some CASE tools can generate a variety of flow diagrams, comment headers, cross references, code surveys and other useful reports from the source code as input. [6]


CASE tools provide different features to help development process of a system. These features can increase development speed by generating class codes for developers and generate database structure according to the designed diagrams. CASE tools provide features to test the design and code to make it easier for the developers to debug the system.

System designers can simply view the system in a graphical format, so it is easy to find structure problem and data flow issues without needing to look at the codes.

Most of the CASE tools have ability to generate system documentation in different formats which helps to reduce development time of the project.


1. Mall R. (2004) Fundamentals of software engineering second edition Prentice-Hall of India Publication, New Delhi pp. 322-328

2. Wikipedia (2010) Computer-aided software engineering Available at: [Accessed 2 Jan 2010].

3. Software Engineering: Tools, Principles and Techniques by Sangeeta Sabharwal, Umesh Publications

4. G Low, V Leenanuraksa – Software Software Technology and Engineering Practice, 1999 –

5. Wikipedia (2010) Unified modeling language, Available at:  [Accessed 6 Jan 2010]

6. Importance of CASE Tools, Available at: [Accessed 6 Jan 2010]

Posted in Information Technology | Comments Off on CASE Tools