srs-design and implementation

8/10/2019 SRS-Design and Implementation

1/25

SOFTWARE REQUIREMENTS SPECIFICATION

1.INTRODUCTION

1.1 DESCRIPTION

The number of smartphone users is rapidly increasing worldwide, especially the of

Android OS users devices most often used for IT. Services are changing from PCs

and

laptops to smartphones and tablets. These devices need to be small for increased

portability. The technologies are convenient, but as the devices start to contain

increasing amounts of important personal information, better security is reuired.

Security systems are rapidly being developed. The aim of the pro!ect is to develop

anandroid"basedsmart phone application. Today more people using simple and

cheaper hardware such as mobiles and handheld

devices we can communicate # also we can do business transactions. It provides

much better mobility than PCs. Technology is moving towards mobiles which has

wide spread usage and

acceptability. $ot of protocols and software s has been developed. The recent surge in

popularity of smart handheld devices, includingsmart"phonesand tablets, has given rise

to new

challenges in protection of Personal Identifiable Information %PII&. Indeed modern

mobile devices store PII for applications that span from email to S'S and from social

media to location" based services increasing the concerns of the end user s privacy.

Therefore,there is a clear need and e(pectation for PII data to be protected in the case of

loss, theft, or capture of the portable device.


2/25

Android is a software platform and operating system for

mobile devices based on the Linux operating system and

developed by Google and the Open Handset Alliance. It allows

developers to write managed code in a java lie language that

utili!es Google" developed #ava libraries$ but does not support

programs developed in native code. It includes an operating

system$ middleware and ey applications. %he Android &'(

provides the tools and A)Is necessary to begin developing

applications on the Android platform using the #ava programming

language. It allows developers to write managed code in a#ava"

lielanguage that utili!esGoogle"developed#ava libraries$ but does

not support programs developed in native code.

%he unveiling of the Android platform on * +ovember ,-- was

announced with the founding of the Open Handset Alliance$ a

consortium of /0 hardware$ software and telecom companies devoted

to advancing open standards for mobile devices. 1hen released in

,--2$ most of the Android platform will be made available under the

Apache

3

free"softwareand open source license. 4urrently Android represents

/3., percent of the 5.& &martphonemaret . Android has a large

community of developers writing application programs. %here are

currently over 3*-$--- apps available for Android. Android 6aret

is the online app store run by Google$ though apps can also be

downloaded from third party sites.

1.2 PURPOSE

The aim of the pro!ect is to provide more security to the handheld devices.

)ow a days smart phones contains a large number of official data s that should be

secured. The future electronic payment is through smart phones authentication and

facial recognition Card less 'obile Cash Access %'CA& solution, which not only

eliminates the threat of card s*imming at the AT', but also allowsfinancial

institutions to provide a secure mobile wallet solution without installing additional
http://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htmhttp://share.pdfonline.com/cefa7761220342cd872c3e83644b6c80/SOFTWARE%20%20%20REQUIREMENTS%20SPECIFICATION.htm


3/25

hardware on AT's orpoint"of"sale%POS& terminals.Smart phones are becoming

increasingly more deployed and as such new possibilities for utili+ing. The smart

phones many capabilities for public and private use are arising. This pro!ect will

investigate the possibility of using smart phones as a platform for authentication by

using android.

1.3SCOPE

To gain a more practical understanding of the challenges mobile authentication

ncounters, The case study performed in this pro!ect.

Create a secure centralised authentication where all the users cannot access data as

per their respective privileges.

To ensure that user data is not abused, all reuests for access must be approved by

the account holder.

Access control has two components, authentication and authori+ation.

Services allow users to sign in to your application. And any application that

reuires access to a user-s data must be authori+ed by the user.

The authentication made should be sensitive and it should prevent the intruders

acting on it.

Analy+ing the implications of faulty authentication in that area. There are numerous

applications for Android.

,

Traditional approaches to authentication involving strong passwords have several

limitations in the conte(t of mobile phones. 'iniature *eypad %and in latest

deviceson"screentouch*eypad& tend to motivate users to choose simpler, and thus

wea*er, passwords.

1.4DEFINITION

Android is the name of the $inu( based operating system that is bac*ed by

/oogle and the other members of the open handset alliance .because of the androids

opens source nature. Android based smart phones should be cheaper to produce than

those to use operating system such as 'icrosoft windows mobile that reuire a


4/25

loyalty fee to be paid for such use. T mobile /0 was the first android Os smart phone

to be officially introduced to themar*et .Android phones typically come with

severalbuilt"inapplication and also supportthird"partyprograms. 1evelopers can create

programs for Android using the free Android S12 %Software 1eveloper 2it&. Android

programs are written in 3ava and run through /oogle-s 41avli*4 virtual machine, which

is optimi+ed for mobile devices. 5sers can download Android 4apps4 from the online

Android'ar*et .Since several manufacturers ma*eAndroid"basedphones, it is not

always easy to tell if a phone is running the Android operating system. If you are unsure

what operating system a phone uses, you can often find the system information by

selecting 4About4 in the Settings menu.

1.5 ABBREVATIONSP2I Public *ey infrastructurePI) Personal identification number

SI' Subscriber identity module

6oS 6uality of Service

OTP One time password

'IT''an in themiddle

I1 Identity

CIAConfidentiality, Integrity and

availability

/

1.6TECHNOLOGIES TO BE USED

Android

3ava

Sl database

1.7ANDRIOD SYSTEM ARCHITECTURE

In android operating system, there are four layers. Android has its own

libraries7 it is helpful for developing and designing any application of android

platform.These libraries are written in C8C99. $inu( *ernel is the 0stlayer which is

written in C. $inu( also helps to wrap the application.

The unveiling of the Android platform on : )ovember ;


5/25

announced with the founding of the Open >andset Alliance, a consortium of ?@

hardware, software and telecom companies devoted to advancing open standards for

mobile devices. hen released in ;


6/25

Application Components

Application components are the essential building blocs of

an Android application. +ot all components are actual entry points

for the user and some depend on each other$ but each one existsas its own entity and plays a speci7crole"eachone is a uni8ue

building bloc that helps de7ne your application9s overall behavior.

%here are four di:erent types of application components. ;ach type

serves a distinct purpose and has a distinct lifecycle that de7nes

how the component is created and destroyed.

1.1/ OVERVIEW

The SFS includes two sections namelyH

O0!%" D!&-%+#+')

This section will describe ma!or components of the system, interconnections and

e(ternal interfaces.

S!-+(+- R!$+%!!)#

*

2. OVERALL DESCRIPTION

This describes the contents that the available authentications present in the

smarphones and

the type of the authentication given.

2.1 A$#!)#+-"#+')

Authentication is usually divided into two services, peer entity authentication

and

data origin authentication.

The prover, and the verifier. The prover needs to present proofJ of the association


7/25

between the principal and identity and the verifier is responsible for verifying the

correctness of the proof.

hen dealing with authentication systems, there are four essential issues that must

be consideredH

ffectiveness, usability, cost and impersonation attac*s. As we have discussed

previously in this section it is very difficult to achieve perfect and absolute

security and the same applies to authentication, due to technical and non technical

factors.

Impersonation attac*s in which a prover attempts to demonstrate a false identity

claim, must be considered.

In general masuerades can be achieved by replaying or relaying valid seuences,

during authentication .

The prover has to provide information to the verifier which usually ta*es the form

of credentials or items of value to really prove the claim of who the prover is.

The items of value or credential are based on several uniue factors that show

something you *now, something have, or something you areJ.

The first authentication factor consists of using a secret which a human sub!ect

mentally possesses, or in the case of a device such as a smartcard a *ey stored in

secure. This memory could be a password or a *ey, which is only *nown by the

prover and the verifier.

The secrets have to be hard to guess to avoid guessing attac*s such as dictionary

attac*s and this is why people are encouraged to use difficult to guess passwords.

Characteristics of the sub!ect such as voice, fingerprints or iris patterns. sub!ects

and relates to the biometric.

+! *!0+-!&

1ue to its small si+e, S6$ite is well suited to embedded systems, and is also

included inH

Apple-siOS%where it is used for the S'S8''S, Calendar, Call history and

Contacts storage&

Symbian OS

)o*ia-s'aemo

/oogle-sAndroid

FI'-sGlac*Gerry

$inu( oundation-s'ee/o

Palm-swebOS

Android s 3ava interface to its relational database, S6$ite. It supports an

S6$ implementation rich enough for anything you re li*ely to need in a mobile

application including a cursor facility.

3elps prevent phishing, fraud, security breaches related to stolen login credentials,identity theft and spam.

Can be used as a uniue messaging or advertising platform by including your own

images within theimage"basedauthentication and verification challenges.

4.,D!'


21/25

As acloud"basedtechnology, it can be easily integrated with ris* engines, fraud"

detection platforms and other adaptive security systems to provide those systems

actionable data about the attac* as it s happening and determine a course of

action. It is available forwhite"labelintegrations by security vendors, application

developers and businesses wanting to incorporateimage"basedauthentication in

their own mobile applications, web services or security offerings.

32

[email protected]

igH@.;


22/25

3=igH@.?

LOGIN

5se Case )ame $ogin

Priority ssential

TriggerThe user account is e(isting in the database

and

the user is not yet logged in.

Gasic Path

0. The user enters the username and password

and clic*s submit.

;. This information is validated and then sent

tothe database for authentication.

?. If authenticated, the user is granted

permission and is logged in.

Alternate PathIf the user enters incorrect

username8password,

an error message is displayed and the user is

reuested tore"entercredentials.

If the user forgot password, the user clic*s the

orgot Password button and the password will

be send to the user s email address.

,-Postconditio

n

The user is logged in and has access to all

the

privileges that have been assigned.

LOGOUT5se Case )ame$ogout

Priority ssential

Trigger'enu

Selection


23/25

,3

5.CONCLUSION AND FUTURE WOR

Android is being installed in tablets and many other IT devices that reuire good

security systems.Gy dividing the mode of entry, user s convenience and security have

been improved. The use of this improved authentication system ensures protection of

personal information. Gut this is not the ultimate solution. This can be improved further.

The devices used for IT services are changing from PCs and laptops to smartphones

and tablets. Smartphones are characteri+ed by low efficiency and low power . They need

to be small for increased portability. They do not support the security software which

reuire continuous monitoring to detect threats. As these devices start to contain

increasing amounts of important personal information, better security is reuired.

Security systems are rapidly being developed, however, even with these, ma!or problems

could result after a device is lost. Thus, strong authentication mechanisms are reuired to

protect important personal information, even after the device is lost.


24/25

,,

6.REFERENCES

Books

3.)rofessional Android Application 'evelopment$Reto Meier$Wiley

Publishing$ ,--=

,.'atabase 'esign$GioWiederhold,McGraw-Hill$3=2=

/.Android Application 'evelopment$Rick Rogers, John Lombardo,

ZigurdMednieks$ andlake Meike, !"Reilly Media$ ,--=

0.Android 4ooboo$#an $% &arwin, !"Reilly Media$ ,-3-

*.%he >usy 4oder?s Guide to Advanced Android 'evelopment$Mark L%

Mur'hy$ 4ommons 1are$ ,--=


25/25

srs-design and implementation

Documents