Download - SRS-Design and Implementation
-
8/10/2019 SRS-Design and Implementation
1/25
SOFTWARE REQUIREMENTS SPECIFICATION
1.INTRODUCTION
1.1 DESCRIPTION
The number of smartphone users is rapidly increasing worldwide, especially the of
Android OS users devices most often used for IT. Services are changing from PCs
and
laptops to smartphones and tablets. These devices need to be small for increased
portability. The technologies are convenient, but as the devices start to contain
increasing amounts of important personal information, better security is reuired.
Security systems are rapidly being developed. The aim of the pro!ect is to develop
anandroid"basedsmart phone application. Today more people using simple and
cheaper hardware such as mobiles and handheld
devices we can communicate # also we can do business transactions. It provides
much better mobility than PCs. Technology is moving towards mobiles which has
wide spread usage and
acceptability. $ot of protocols and software s has been developed. The recent surge in
popularity of smart handheld devices, includingsmart"phonesand tablets, has given rise
to new
challenges in protection of Personal Identifiable Information %PII&. Indeed modern
mobile devices store PII for applications that span from email to S'S and from social
media to location" based services increasing the concerns of the end user s privacy.
Therefore,there is a clear need and e(pectation for PII data to be protected in the case of
loss, theft, or capture of the portable device.
-
8/10/2019 SRS-Design and Implementation
2/25
Android is a software platform and operating system for
mobile devices based on the Linux operating system and
developed by Google and the Open Handset Alliance. It allows
developers to write managed code in a java lie language that
utili!es Google" developed #ava libraries$ but does not support
programs developed in native code. It includes an operating
system$ middleware and ey applications. %he Android &'(
provides the tools and A)Is necessary to begin developing
applications on the Android platform using the #ava programming
language. It allows developers to write managed code in a#ava"
lielanguage that utili!esGoogle"developed#ava libraries$ but does
not support programs developed in native code.
%he unveiling of the Android platform on * +ovember ,-- was
announced with the founding of the Open Handset Alliance$ a
consortium of /0 hardware$ software and telecom companies devoted
to advancing open standards for mobile devices. 1hen released in
,--2$ most of the Android platform will be made available under the
Apache
3
free"softwareand open source license. 4urrently Android represents
/3., percent of the 5.& &martphonemaret . Android has a large
community of developers writing application programs. %here are
currently over 3*-$--- apps available for Android. Android 6aret
is the online app store run by Google$ though apps can also be
downloaded from third party sites.
1.2 PURPOSE
The aim of the pro!ect is to provide more security to the handheld devices.
)ow a days smart phones contains a large number of official data s that should be
secured. The future electronic payment is through smart phones authentication and
facial recognition Card less 'obile Cash Access %'CA& solution, which not only
eliminates the threat of card s*imming at the AT', but also allowsfinancial
institutions to provide a secure mobile wallet solution without installing additional
http://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htm -
8/10/2019 SRS-Design and Implementation
3/25
hardware on AT's orpoint"of"sale%POS& terminals.Smart phones are becoming
increasingly more deployed and as such new possibilities for utili+ing. The smart
phones many capabilities for public and private use are arising. This pro!ect will
investigate the possibility of using smart phones as a platform for authentication by
using android.
1.3SCOPE
To gain a more practical understanding of the challenges mobile authentication
ncounters, The case study performed in this pro!ect.
Create a secure centralised authentication where all the users cannot access data as
per their respective privileges.
To ensure that user data is not abused, all reuests for access must be approved by
the account holder.
Access control has two components, authentication and authori+ation.
Services allow users to sign in to your application. And any application that
reuires access to a user-s data must be authori+ed by the user.
The authentication made should be sensitive and it should prevent the intruders
acting on it.
Analy+ing the implications of faulty authentication in that area. There are numerous
applications for Android.
,
Traditional approaches to authentication involving strong passwords have several
limitations in the conte(t of mobile phones. 'iniature *eypad %and in latest
deviceson"screentouch*eypad& tend to motivate users to choose simpler, and thus
wea*er, passwords.
1.4DEFINITION
Android is the name of the $inu( based operating system that is bac*ed by
/oogle and the other members of the open handset alliance .because of the androids
opens source nature. Android based smart phones should be cheaper to produce than
those to use operating system such as 'icrosoft windows mobile that reuire a
-
8/10/2019 SRS-Design and Implementation
4/25
loyalty fee to be paid for such use. T mobile /0 was the first android Os smart phone
to be officially introduced to themar*et .Android phones typically come with
severalbuilt"inapplication and also supportthird"partyprograms. 1evelopers can create
programs for Android using the free Android S12 %Software 1eveloper 2it&. Android
programs are written in 3ava and run through /oogle-s 41avli*4 virtual machine, which
is optimi+ed for mobile devices. 5sers can download Android 4apps4 from the online
Android'ar*et .Since several manufacturers ma*eAndroid"basedphones, it is not
always easy to tell if a phone is running the Android operating system. If you are unsure
what operating system a phone uses, you can often find the system information by
selecting 4About4 in the Settings menu.
1.5 ABBREVATIONSP2I Public *ey infrastructurePI) Personal identification number
SI' Subscriber identity module
6oS 6uality of Service
OTP One time password
'IT''an in themiddle
I1 Identity
CIAConfidentiality, Integrity and
availability
/
1.6TECHNOLOGIES TO BE USED
Android
3ava
Sl database
1.7ANDRIOD SYSTEM ARCHITECTURE
In android operating system, there are four layers. Android has its own
libraries7 it is helpful for developing and designing any application of android
platform.These libraries are written in C8C99. $inu( *ernel is the 0stlayer which is
written in C. $inu( also helps to wrap the application.
The unveiling of the Android platform on : )ovember ;
-
8/10/2019 SRS-Design and Implementation
5/25
announced with the founding of the Open >andset Alliance, a consortium of ?@
hardware, software and telecom companies devoted to advancing open standards for
mobile devices. hen released in ;
-
8/10/2019 SRS-Design and Implementation
6/25
Application Components
Application components are the essential building blocs of
an Android application. +ot all components are actual entry points
for the user and some depend on each other$ but each one existsas its own entity and plays a speci7crole"eachone is a uni8ue
building bloc that helps de7ne your application9s overall behavior.
%here are four di:erent types of application components. ;ach type
serves a distinct purpose and has a distinct lifecycle that de7nes
how the component is created and destroyed.
1.1/ OVERVIEW
The SFS includes two sections namelyH
O0!%" D!&-%+#+')
This section will describe ma!or components of the system, interconnections and
e(ternal interfaces.
S!-+(+- R!$+%!!)#
*
2. OVERALL DESCRIPTION
This describes the contents that the available authentications present in the
smarphones and
the type of the authentication given.
2.1 A$#!)#+-"#+')
Authentication is usually divided into two services, peer entity authentication
and
data origin authentication.
The prover, and the verifier. The prover needs to present proofJ of the association
-
8/10/2019 SRS-Design and Implementation
7/25
between the principal and identity and the verifier is responsible for verifying the
correctness of the proof.
hen dealing with authentication systems, there are four essential issues that must
be consideredH
ffectiveness, usability, cost and impersonation attac*s. As we have discussed
previously in this section it is very difficult to achieve perfect and absolute
security and the same applies to authentication, due to technical and non technical
factors.
Impersonation attac*s in which a prover attempts to demonstrate a false identity
claim, must be considered.
In general masuerades can be achieved by replaying or relaying valid seuences,
during authentication .
The prover has to provide information to the verifier which usually ta*es the form
of credentials or items of value to really prove the claim of who the prover is.
The items of value or credential are based on several uniue factors that show
something you *now, something have, or something you areJ.
The first authentication factor consists of using a secret which a human sub!ect
mentally possesses, or in the case of a device such as a smartcard a *ey stored in
secure. This memory could be a password or a *ey, which is only *nown by the
prover and the verifier.
The secrets have to be hard to guess to avoid guessing attac*s such as dictionary
attac*s and this is why people are encouraged to use difficult to guess passwords.
Characteristics of the sub!ect such as voice, fingerprints or iris patterns. sub!ects
and relates to the biometric.
+! *!0+-!&
1ue to its small si+e, S6$ite is well suited to embedded systems, and is also
included inH
Apple-siOS%where it is used for the S'S8''S, Calendar, Call history and
Contacts storage&
Symbian OS
)o*ia-s'aemo
/oogle-sAndroid
FI'-sGlac*Gerry
$inu( oundation-s'ee/o
Palm-swebOS
Android s 3ava interface to its relational database, S6$ite. It supports an
S6$ implementation rich enough for anything you re li*ely to need in a mobile
application including a cursor facility.
3elps prevent phishing, fraud, security breaches related to stolen login credentials,identity theft and spam.
Can be used as a uniue messaging or advertising platform by including your own
images within theimage"basedauthentication and verification challenges.
4.,D!'
-
8/10/2019 SRS-Design and Implementation
21/25
As acloud"basedtechnology, it can be easily integrated with ris* engines, fraud"
detection platforms and other adaptive security systems to provide those systems
actionable data about the attac* as it s happening and determine a course of
action. It is available forwhite"labelintegrations by security vendors, application
developers and businesses wanting to incorporateimage"basedauthentication in
their own mobile applications, web services or security offerings.
32
igH@.;
-
8/10/2019 SRS-Design and Implementation
22/25
3=igH@.?
LOGIN
5se Case )ame $ogin
Priority ssential
TriggerThe user account is e(isting in the database
and
the user is not yet logged in.
Gasic Path
0. The user enters the username and password
and clic*s submit.
;. This information is validated and then sent
tothe database for authentication.
?. If authenticated, the user is granted
permission and is logged in.
Alternate PathIf the user enters incorrect
username8password,
an error message is displayed and the user is
reuested tore"entercredentials.
If the user forgot password, the user clic*s the
orgot Password button and the password will
be send to the user s email address.
,-Postconditio
n
The user is logged in and has access to all
the
privileges that have been assigned.
LOGOUT5se Case )ame$ogout
Priority ssential
Trigger'enu
Selection
-
8/10/2019 SRS-Design and Implementation
23/25
,3
5.CONCLUSION AND FUTURE WOR
Android is being installed in tablets and many other IT devices that reuire good
security systems.Gy dividing the mode of entry, user s convenience and security have
been improved. The use of this improved authentication system ensures protection of
personal information. Gut this is not the ultimate solution. This can be improved further.
The devices used for IT services are changing from PCs and laptops to smartphones
and tablets. Smartphones are characteri+ed by low efficiency and low power . They need
to be small for increased portability. They do not support the security software which
reuire continuous monitoring to detect threats. As these devices start to contain
increasing amounts of important personal information, better security is reuired.
Security systems are rapidly being developed, however, even with these, ma!or problems
could result after a device is lost. Thus, strong authentication mechanisms are reuired to
protect important personal information, even after the device is lost.
-
8/10/2019 SRS-Design and Implementation
24/25
,,
6.REFERENCES
Books
3.)rofessional Android Application 'evelopment$Reto Meier$Wiley
Publishing$ ,--=
,.'atabase 'esign$GioWiederhold,McGraw-Hill$3=2=
/.Android Application 'evelopment$Rick Rogers, John Lombardo,
ZigurdMednieks$ andlake Meike, !"Reilly Media$ ,--=
0.Android 4ooboo$#an $% &arwin, !"Reilly Media$ ,-3-
*.%he >usy 4oder?s Guide to Advanced Android 'evelopment$Mark L%
Mur'hy$ 4ommons 1are$ ,--=
-
8/10/2019 SRS-Design and Implementation
25/25