Chapter 2

Project Requirements

Chapter 2

PROJECT REQUIREMENTS

2.1 Software Requirement Specification

2.1.1 Introduction:

A] Purpose:
To implement Protection Of Sensitive Data in Wireless Devices for
securing the sensitive as well as confidential data of the user. In this process the
data is secured by initially establishing the connection between the mobile
phone (server) and Laptop System (client) via a Bluetooth. Then the encryption
and decryption process Is used for securing the accessibility of the respective
data of the user.

B] Business Context:
Providing, the corporate world a scheme to secure the confidential and
secret data by using the available resources in a very efficient, inexpensive and
effective way. Our system will enrich the user’s confidence in believing that our
system secures data in a fruitful way. This system has indispensable applications
in software companies, institutions, Banks, Hospitals etc., wherever the
information is of vital use.

C] Scope of the Project:

The main area of work for our software product is in securing the
sensitive data of the user. Our Software product will reduce burdensome job of
re-authentication repeatedly for the user and will provide the assurance of data is
safe in absence of the user.

Protection of Sensitive Data in Wireless Devices

9
Chapter 2
Project Requirements
D] In our Transient Authentication System following steps occur:
1) Establish the Connection between the two devices
2) Achieve initial authentication.
3) Verify User’s authentication
4) Check for connection/re-connection and disconnection process.
5) Perform Encryption and decryption operations based on user’s
availability in the proximity.

2.2 System Requirements

2.2.1 Hardware Requirements:

A) Laptop or desktop computer system with Pentium III (600 Mhz or

higher) processor.

B) System with a inbuilt Bluetooth device, 128 MB RAM and Hard drive
with minimum 2 GB capacity.

C) A Mobile Phone Handset supporting Bluetooth technology.

2.2.2 Software Requirements:

A) Operating system: Win 98/2000/ME/XP

B) JAVA Standard Edition tool kit

C) A Mobile Phone handset supporting java enabled application.

Protection of Sensitive Data in Wireless Devices

10
Chapter 2
Project Requirements
2.3 Major constraints

2.3.1 Implementation Languages:

A) JAVA Standard Edition

B) JAVA Micro Edition

2.3.2 Resource Limits:

A) The default range of Bluetooth, which is license free, is used.

B) A mobile phone to be used must support java and Bluetooth

technology.

2.3.3 Security Consideration:

All Security measures are taken into consideration assuming that the
mobile phone will be with the user all the time because it is the way to provide
unique access to the sensitive data of the user. The user should authenticate to
the laptop system after every 24 hours and only Then user will be allowed to
change the E-D key if required.

2.4 Usage scenarios

2.4.1 User Profiles:

A] Owner:
Owner is a person who is the responsible user of both the devices.
He/she is the user for which our product will provide the assurance of securing
the sensitive data. Owner initiates the authentication process.

B] Laptop System:

Protection of Sensitive Data in Wireless Devices

11
Chapter 2
Project Requirements
Laptop is the system which stores and protects the sensitive data of the
user. It performs the encryption and decryption process for providing the
access rights to the authorized user.

C] Mobile phone:
Mobile phone is the master device which stores the key responsible for
the decrypting the data in decryption process. Whenever the user is in the
proximity this respective E-D key is sent to Laptop system. It is the devices
which is always available with the user.

2.5 Special usage considerations:

2.5.1 Special usage consideration incase of user:

The user is the owner of Laptop and Mobile phone. Hence, he/she does
not have to invest on the hardware of the system. The user carries the
authenticator (mobile phone) wherever he goes and user is not performing
burdensome job while using our application.

2.5.2 Special usage consideration for devices:

The Computer System may be a Laptop with an inbuilt Bluetooth or a

desktop computer with external Bluetooth device. The mobile phone can be any
cell phone model with Bluetooth facility.

Protection of Sensitive Data in Wireless Devices

12
Chapter 2
Project Requirements

2.6 Data Model and Description:

2.6.1 Data Description:

The data to be stored in database or in variables is, E-D key which will
be deleted from the variable after the encryption takes place, then is
authentication password ( to be inserted after 24 hours), and finally the path of
the files which user considers is sensitive in nature.

2.6.2 Data Object:

The passwords, E-D key, Authentication code on Mobile phone, path of

the files and status of the sensitive files.

2.7 Functional Model and Description:

2.7.1 Software Interface Description:

The Software Interface for our project is based on the Bluetooth API’s
available in JAVA.

2.7.2 Human Interfaces:

The human interface is designed at server as well as client side. At

Server side (Mobile Phone) an interface for Logging in, Status of the
application, Logging out has been provided. While at client side an interface for
authenticating user, Selecting/Removing sensitive files, selecting E-D key,
Connecting to the server has been developed for the user. The Human interface
at both the ends is very user friendly.

Protection of Sensitive Data in Wireless Devices

13
Chapter 2
Project Requirements

2.8 Behavioral model and its description:

2.8.1 Description for Software Behavior:

A] Server side (Mobile Phone):

The Mobile Phone checks the authenticity of the user by validating the
user name and the password inserted by him/her at server side. If positive results
are obtained then it sends the key to the laptop for further process.

B] Client side (Laptop):

The Laptop will also validate the user for authorizing him/her for using
the application by, asking for the authentication codes. After obtaining the
correct passwords the laptop will allow the user to select/remove the sensitive
files for desired necessity. Laptop performs Encryption/decryption process
based on the user’s presence in the proximity.

2.8.2 States for the Software Behavior:

The Following states are observed at both the ends:

A] Server side:
• Login
• Accept the connection
• Connected
• Discard the connection
• Disconnected
• Logout

Protection of Sensitive Data in Wireless Devices

14
Chapter 2
Project Requirements
B] Client side:
• Authenticate
• Establish connection
• Connected
• Perform Decryption
• Disconnected
• Perform Encryption
• Waiting for Re-connection

2.8.3 Events:
The Software uses different events for various conditions that occur.
These events help the software take the required decision for handling the
respective condition. The Events occur for following cases:
A] User enters incorrect Authentication code
B] User departs from the proximity range.
C] User enters the proximity range.

2.9 Performance Requirements:

2.9.1 Stable Connection:

The connection between the two respective ends should be uninterrupted
while exchanging the sensitive keys.

2.9.2 Efficient Response:

The Encryption of sensitive and confidential data should take place as
soon as the disconnection between two ends occurs. The system should give
efficient and effective response to all the user events.

Protection of Sensitive Data in Wireless Devices

15
Chapter 2
Project Requirements
2.9.3 Effective handling of large Data:
The large amount data should not slow down the system operations. The
large chuck of data indicates the size of the files declared as sensitive.

2.9.4 Future Extensibility:

The application should be flexible for future enhancements for example,
encryption of the data located everywhere hard drive.

2.10 Quality Requirements:

A] The interface developed for the user of the software should be user-friendly.
B] The user must be satisfied with the functioning of the software.
C] The E-D keys should well be protected from the unauthorized user.
D] The software should easily handle all the types of run time errors.

2.11 Design Constraints and Assumptions:

2.11.1 Design Constraints of the system:

A] The program can run on WindowsTM platform.

B] Java Based Application.
C] The interface is minimal.
D] The program is application based.

Protection of Sensitive Data in Wireless Devices

16
Chapter 2
Project Requirements
2.11.2 Assumptions:

A] Software will be delivered on time.

B] Software will provide the desired quality and satisfaction to the user.
C] All the drastic bugs will be taken care by the development team.
D] The application will be error free.
E] Required resources will necessarily be available when required.
F] All the service agreement issues will be fulfilled.
G] The documentation will provide the complete guidance regarding the
operations of the software.

2.12 Risk Analysis:

As it is truly observed that for any project being developed it is empirical

for the team to monitor and manage risks. Risks are the unexpected delays and
hindrances that are faced by the software team and need to be actively managed
for rapid development. The effective strategy for handling risks must address
three issues:

A] Risk Avoidance
B] Risk Monitoring
C] Risk Management and Contingency Planning

Protection of Sensitive Data in Wireless Devices

17
Chapter 2
Project Requirements
2.12.1 Risk Identification:

Our Development team identifies twelve potential risks in the different

phases of the project. Those risks were analyzed and classified into various
categories depending upon the threat they posed to the project. Some of the risks
were ‘Generic Risks’ while others were ‘Product Specific Risks’. A
Considerable amount of time was spent in analyzing the product specific risks.
Hence, we analyzed all the risks individually and we came up with the
classification of risks on the basis of their impact on project schedule. The
following are the ratings of the impact of the risk:

A] Catastrophic
B] Critical
C] Marginal
D] Negligible

After analyzing the risks, the risks were prioritized based on the reviews
and consensus among the developers. The table below enumerates the various
risks.

Protection of Sensitive Data in Wireless Devices

18
Chapter 2
Project Requirements

Sr.
No. Risk Category Probability Impact
1. Project completion deadline Business 10%
Critical
2. False estimation of task allocation Project 40% Critical

3 System incompatibility Project 25% Marginal

4 Lack of trained and experienced Project 20% Marginal

developers
5 System not scalable Technical 5% Critical

6 Resources unavailability Project 35% Catastrophic

7 Lack of training on tools Technical 5% Marginal

8 Technology to be used is unable to Technical 5% Catastrophic

meet the requirements
9 Insufficient response of the system Technical 35% Critical

10 Developers work than expected Personal 35% Critical

11 Lack of Coordination Personal 25% Negligible

among team members
12 Requirements keep on changing Project 45% Catastrophic

Table 1: List of Risk and its Impact

Protection of Sensitive Data in Wireless Devices

19
Chapter 2
Project Requirements

12.2 Risk Monitoring and Mitigation:

After the risks had been categorized, prioritized and their probability of
occurrence determined, action was taken to control these risks, which involved
mitigation and monitoring these risks. The key steps taken for risk control are as
follows:

A) Project does not complete on time

Risk Mitigation:
Schedule the project in such a fashion that major modules are
completed first so that they get enough time for testing and debugging.

Risk Monitoring and Management:

Keep track of schedule slips.

B) False Estimation of Task Allocation

Risk Mitigation:
Quantify the size and schedule using ranges, so that the schedule
estimate is not treated as very precise and gives sufficient padding for
schedule estimates.

Risk Monitoring and Management:

Keep a track of the project by lines of code and complexity.

C) Lack of Trained and Experienced Developers:

Risk Mitigation:
This is not a critical risk, since the software knowledge can be
gained.

Risk Monitoring and Management:

Protection of Sensitive Data in Wireless Devices

20
Chapter 2
Project Requirements
Hard work can overcome this problem.

D) Resources Unavailability:

Risk Mitigation:
Risk is due to mismanagement.

Risk Monitoring and Management:

This can be eliminated by properly examining the requirements
and their configuration in advance so that it can be available on time.

E) Lack of Training of tools

Risk Mitigation:
This risk is due to the inexperience of the developers who will be
developing the software.

Risk Monitoring and Management:

Guidance from proper programmers with an in depth knowledge
of managing and manipulating the required tools can be taken.

F) Technology to be used is unable to meet the Requirements

Risk Mitigation:
In the event that the technology of connection does not allow all
the features expected of it, or the facilities expected of the programming
language are not properly supported, this risk involves more time to find
an alternative solution to the problem.

Risk Monitoring and Management:

This has been prevented by careful analysis of the system
requirement and feasibility before coding starts.

Protection of Sensitive Data in Wireless Devices

21
Chapter 2
Project Requirements

G) Insufficient Response of the System:

Risk Mitigation:
The response time of the system is poor because of network
delays, low memory and low processing powers.

Risk Monitoring and Management:

This risk is to be mitigated by building high quality software by
optimizing resources usage in order to improve the performance.

H) Developers work than Expected

Risk Mitigation:
Relate existing task creation code to the proposed design and
identify code segments that can be reused.

Risk Monitoring and Management:

Consult guide for suggestion on code reuse.

I) Lack of Coordination among team members

Risk Mitigation:
Involve all team members in a joint assignment to nature the
understanding among team members.

Risk Monitoring and Management:

Check for frequent quarrels and misunderstanding. Perform
regular reviews to check if the productivity is being affected.

Protection of Sensitive Data in Wireless Devices

22
Chapter 2
Project Requirements

J) Requirements keep on changing

Risk Mitigation:
Study needs of the company in detail and come up with a
comprehensive and detailed list of requirements.

Risk Monitoring and Management:

Keep a track of the progress and check if something had been
forgotten when the requirements were laid down.

Protection of Sensitive Data in Wireless Devices

23