Академический Документы
Профессиональный Документы
Культура Документы
Technical Document
DSS-14-S1-12
Project Members (SS14/1C) Ian Chua Zhi Ying Ng Yuet Yong Ong Wei Liang Eugene Sim Aik Chun Weng Xian 4442416 4235320 4235289 4234716 4443822 zyichua001@mymail.sim.edu.sg yyng011@mymail.sim.edu.sg wleong004@mymail.sim.edu.sg acsim001@mymail.sim.edu.sg xweng004@mymail.sim.edu.sg
Contents
The Hash Kit .................................................................................................................................... 1 Introduction .................................................................................................................................... 4 Purpose........................................................................................................................................ 4 Scope ........................................................................................................................................... 4 Software development methodology ......................................................................................... 5 Rational unified Process (RUP) ................................................................................................ 5 Four phases of RUP .................................................................................................................. 5 Why Rational Unified Process (RUP)? ..................................................................................... 6 Project Summary............................................................................................................................. 7 Overview ..................................................................................................................................... 7 User Characteristics..................................................................................................................... 7 Risk Analysis ................................................................................................................................ 8 Risk Management and Countermeasure .................................................................................... 8 Constraints .................................................................................................................................. 9 Implementation constraints .................................................................................................... 9 Physical constraints ................................................................................................................. 9 Security features ....................................................................................................................... 10 Use Case Diagrams ........................................................................................................................ 11 Administrator ............................................................................................................................ 11 User ........................................................................................................................................... 11 Sequence Diagram (Admin) .......................................................................................................... 12 Create ........................................................................................................................................ 12 Delete ........................................................................................................................................ 13 Read ........................................................................................................................................... 13 Update ....................................................................................................................................... 14 Sequence Diagram (Users) ............................................................................................................ 15 Login .......................................................................................................................................... 15 View ........................................................................................................................................... 16 Save ........................................................................................................................................... 16 2
Start test with email option ...................................................................................................... 17 Start test without email option ................................................................................................. 18 Activity Diagram (Admin) .............................................................................................................. 19 Create ........................................................................................................................................ 19 Delete ........................................................................................................................................ 20 Update ....................................................................................................................................... 21 Read ........................................................................................................................................... 22 Activity Diagram (Users) ............................................................................................................... 23 Login .......................................................................................................................................... 23 Basic Hashing ............................................................................................................................. 23 Compute and Compare ............................................................................................................. 24 Update Information................................................................................................................... 25 View Result ................................................................................................................................ 25 Database Diagram ......................................................................................................................... 26 Class diagram ................................................................................................................................ 27 Functional Requirements Summary ............................................................................................. 28 User Functional Requirements.................................................................................................. 28 Administrator Functional Requirements................................................................................... 28 System Functional Requirements ............................................................................................. 29 User Functional Requirements Description .............................................................................. 30 Administrator Functional Requirements Description ............................................................... 32 System Functional Requirements Description .......................................................................... 33 Non-Functional Requirements Summary ..................................................................................... 35 Non-Functional Requirements Description............................................................................... 36 Test Plan ........................................................................................................................................ 37 Description of test for each feature .......................................................................................... 38 Glossary ......................................................................................................................................... 41
Introduction
Purpose
This document provides a detailed description of all the functions and specifications listed in the Hash Kit. This System Requirements Specification also describes all the nonfunctional requirements and other necessary factors for the Hash Kit.
Scope
Our scope of this project is to provide users with an online hash kit application to do analysis of hash functions. This application is to generate informative properties such as collision rates, pre-image and second preimage attack resistance. Not only does the application analyse hash functions, the user will receive an email once the computation results have been processed and the server will immediately send it to their email addresses. Hence, the user does not need to wait for the computation results and the job will be queued. The whole idea was to make it useable everywhere, no installers required, easy to use. As for the rest of the portion, it is separated into five major sections (introduction, project overview, functional requirements, non-functional requirements and glossary). The project overview will give readers a general outline of the entire project; the functional requirements/non-functional requirements provide informative processes.
Construction - to build the software system -Coding and unit testing -integration and system test
Introduction 5
Transition - to transit the system from development to production -Finalize products -Beta testing to validate system Why Rational Unified Process (RUP)? After much consideration, Rational Unified Process stands out the most, and is the most suitable for this project. It encourages concurrent workflows across the entire cycle and it mainly focuses on the scope thus the group will not side-track instead of using a project backlog after every iteration. It is also due to time constraint that the concurrent workflow property of RUP could help us in completing the project punctually. Rational Unified Process is also recommended for long-term projects with medium-to-high complexity instead of scrum, quick organizations that are not dependent on deadline.
Project Summary
Overview
In the summary, it gives a general outline of the project, the functional requirements and non-functional requirements, graphs which provide more inside in each process in each application and all is based on the thorough analysis and the research done on the current existing hash kit software and also to fulfil our objectives in our proposal. Program structure
User Characteristics
Web Administrator: the person responsible for the operations of the website which includes the web servers, hardware and software, the design of the website and generation/revisioning and examining the traffic. Registered User: the non-registered users must register and sign in the website before able to use the hash kit tools. Users are also required to have internet access throughout the computation of the result or opted for email to be send to their email addresses.
Project Summary 7
Risk Analysis
At this stage, the risk analysis is required to prevent the hindrance or unforeseen problems at a later stage of software development. Here are some potential risks which we might face: Malicious attacks such as DDOS (distributed denial of services), cross script attacks, SQL injection and etc. Security measures such as a proper user authentication and/or end-to-end point protection which can be a problem to implement in the website. Server overload can occur due to heavy traffic from malicious attacks or users use the applications at the same time Database corruption can affect the usage of the website due to the power failure or hardware failure of the server may lead to corruption.
Project Summary 8
In order to reduce the chances of database corruption on the server side, a regular backup of database should be done so that the database can reverted back to previous state.
Constraints
Implementation constraints Implementation of an online hashkit requires us to handle web languages (PHP, JavaScript). Limited knowledge of web languages (e.g. PHP, JavaScript) propels us to make full use of web development framework (Cakephp). Physical constraints Limited monetary resources to purchase quality servers or web hosting services for the final implementation of our product The performance of the hash kit is limited to the capabilities of the hardware (e.g. server): Host server - The host servers CPU / resources to process the end results for all computations Storage - Server might have limited storage space for the users computation files or results. Download/upload speed (network) - Network protection is also required in case of any form of malicious attack e.g. DDOS and etc. The server might have capped speed for the administrator.
Project Summary 9
Security features
After much deliberate consideration and discussion, the team decided to use Cakephp framework for development. The framework comes with some security features which will be listed below: Form tapering and Cross-site request forgery protection The framework will check the fields in the form and if any input is deemed as an improper, it will be rejected immediately and the form submission will not accepted after a certain period of inactivity. Requiring the SSL is to be used and restricting which HTTP methods your application accepts There will be a check if the SSL is used between the user and server and if the SSL is not present, the website can limit the http requests and its capabilities. Additional Features not included in the Framework Captcha might be present to prevent bots to sign up accounts or maximize the traffic on the server end. User password checks to ensure the user using a strong password to protect against brute force or dictionary attacks
Project Summary 10
User
Delete
Read
Update
View
Save
Delete
Update
Read
Basic Hashing
Update Information
View Result
Database Diagram
Database Diagram 26
Class diagram
Class diagram 27
Algorithm computation Computation for preimage resistance Computation for 2nd pre-image resistance Computation for collision resistance Computation for Message Digest
Output Results Output pre-image resistance results Output 2nd pre-image resistance results Output collision resistance results Output Message Digest Hash function recommendations
SF4
Medium
SF5
User registration
Medium
UF3: Save results to text file User is able to save the analysis results to a text file Medium UF4: Login and Logout User is able to identify himself with the system. Analyses done by user would be saved under his/her profile. High
ID Description: Priority
UF5: Update profile User is able to updates his account profile details Low
ID Description: Priority
SF3.1: Output pre-image resistance results Application is able to output the pre-image resistance results to the user High
SF3.2: Output 2nd pre-image resistance results Application is able to output the 2nd pre-image resistance results to the user High SF3.3: Output collision resistance results Application is able to output the collision resistance results to the user High SF3.4: Output Message Digest Application is able to output the hash function results to the user High SF3.5: Hash function recommendations Application is able to compare between different analysis results and recommend the suitable hash function High SF4: Send notification to user email
Functional Requirements Summary 34
Application will send a notification to user email once analysis of message digest is complete Medium SF5: User registration User needs to register with the application before using it Medium
Priority
36
Test Plan
Tools needed: PHPUnit.
Features are to be tested for their compatibility among browsers. Below listed the features is to be tested and description of the features: - Login/Logout - Register - Start Test - Compute and Recommend - View results - Save results to text file - Email notification - Add user - Update user - Delete user - View user - Speed test - Stress test
Test Plan 37
Test Plan 38
- Compute and Recommend Pass o User must be able to run the compute and recommend test o Server must be able to return test results based on the testing criteria (speed/security) Fail o Users uploaded file cannot be identified/ wrong file format accepted o Incorrect Message Digest returned to the user - View results Pass o User must be able to view their test history and retrieve the results Fail o User cannot find/retrieve their test history - Save results to text file Pass o User must be able to save the results to a text file and download it from the server Fail o User cannot save the result as text file o Downloaded text file corrupted - Email notification Pass o User must be notified when their test are completed via Email if they selected the Email notification option Fail o User does not receive the email notification
Test Plan 39
- Add user Pass o Administrator must be able to add a new user Fail o Server allows invalid user to be created o Administrator unable the create a user even when the information create - Update user Pass o Administrator must be able to update a user Fail o Administrator unable to update a user (lock/unlock) - Delete user Pass o Administrator must be able to delete a user Fail o Administrator unable to delete a user - View user Pass o Administrator must be able to view a users profile Fail o Administrator unable to view a user - Speed test o Determine computational efficiency on different size of input. - Stress test o Push servers load handling capabilities by accepting more tasks from many users. o This would let us understand the limits of the server.
Test Plan 40
Glossary
Pre-image resistance - Describes the difficulty to compute X given the value for H(X) 2nd pre-image resistance - Describes the difficulty to find Y given value for X such that H(X) = H(Y) Collision resistance - A hash algorithm property that describe the unlikelihood to find inputs X and Y such that H(X) = H(Y) GUI (graphical user interface) - a type of user interface that allows user to interact with the electronic devices through graphical buttons Multi thread processing - a way that the system can does their processes more efficiently by creating thread to do it at simultaneously. Graphical User Interface - a type of user interface to allow interaction with the electronic devices or software Message digest - a form of representation of the encrypted message produced from cryptographic functions DDOS - Distributed denial of services, a form of malicious attack which renders the services unusable for every user and this is done on a massive scale from botnets or etc.
Glossary 41