Masters Project Proposal

mewlingtincupSoftware and s/w Development

Nov 9, 2013 (3 years and 5 months ago)

157 views

iSDD


rravikum

1



Master

s
P
roject
P
roposal


iSDD:
A
n iPhone App
lication

for
Secure
Discovery

Delivery



Roshnee Ravikumar

May 2013










Approved by:



___________________________________________
_____________________

Advisor: Dr. Edward Chow







Date






___________________________________________
_____________________

Committee Member: Dr.

Chua Yue




Date



___________________________________________
_____________________

Committee Member: Dr.
J
ia Rao







Date


iSDD


rravikum

2

1.
Introduction

The
iSDD
Project deals with
the development
of an

iOS App for the Secure Delivery
D
iscovery

(SDD)
project. Th
e project emphasize
s

on how
a
web based interface can be
ported
to an

IOS
App
.
iSDD
A
pp allows

the attorneys
to request discovery

(course case
)
information

from

the
4
th

District Attorney O
ffice Colorado Springs.
iSDD
A
pp provides

the
functionality for registering for a new
user

on the iPhone and set up a framework in place
for extending the existing capabilities for adding more screens.

The application uses a simple client server model where the client is
an i
Phone. The
Server is
developed using a RESTful
API’s that

has resulted in ease of development and
helps with maintainability.

One of the main challenges in developing
this

application is to authenticate a user and to
maintain the state of the clients accessing the system. In
this project, I have
implemented a mechanism to authenticate users using a stateless authentication
technique. Th
e

technique forms the foundation of any extensibility that could be
added
on top of
this project.


2
.

Previous work

The
SDD

project
was funded

by a Colorado SIPA grant sponsored by 4
th

District
Attorney Office

(4DAO)
. It created

a set of

web application
s

for attorneys to securely
download
discovery information and for the staff of 4DAO to manage the requests for
discovery info
.

A secure web pa
ge
was

created where invited customers can apply for an account with
a
SDD server. They

fill in their entire name, business name, and complete contact
i
nformation
.
The staff with 4DAO

will receive an email
about the application
. An internal
web page will a
llow the
staff

to manage applications by either approving or
denying
requests
.

If approved
,

all information will be saved into a membership database table.
Applicants are to receive an acknowledgment via email. An FTP public file directory
is
created

to t
he
staff
. They will have

full ownership rights over the directory
.
The staff will

encrypt discovery information before publishing. On a case
-
by
-
case ba
sis, they will
create a folder with case number

and place all discovery information
into that folder.

Cu
stomer
s

cannot access information until
they pay

for

the requests
. Additionally,
iSDD


rravikum

3

customer
s

cannot pick up any discovery before proceeding into any case folder for
discovery pick up.
The 4DAO staff
will set permission to only allow th
at customer

to read
tha
t folder for a case they were notified is ready. The
SDD
server will

send an email to
the customer that the information is

r
eady for
pickup.
The customer will have 72 hours to
go to the secure web site and login for pickup. Once validated, it will take the customer to
a web page listing

e
very case of discovery ready
pickup.
T
hey can simply drag and drop
their discovery from the secure FTP serve
r to their local PC. A traveller
True Crypt

copy
will be placed with the encrypted discovery for the customer to decrypt it. An email will be
generated that
a customer has
logged into the site
and will be sent
to our
designated
4DAO staff
. In addition an a
uto delete flag
will be set
on the database server
,

and
schedule the

delete
of
the case folder one hour after
the
customer
’s

access. All
information that is 72 hours old will be automatically deleted if not picked up. Daily and
weekly
system usage reports
will
automatic
ally
email to

the leadership

reporting what
cases where placed for pick up, what customers logged in to pick up, and what cases
were auto deleted due to no pickup.

3. Related Work

In the research project,
Mobile access
to scientific event
information [3], the authors
mentioned that in order to enable ease of integration and propagation of data, it is crucial
to expose the core of the system via easy to use Application Programming Interface
(API). There are two main kinds of API’s investigat
ed in this project. API’s have been
part of the computing world for many years, but REST

[2] has been in the forefront.
Based on related work, it seems like native applications work well with simple API over
HTTP and REST provides this capability.

4
.

Prop
osed

Research
:

The

goal of this
p
roject

is to
investigate how

to convert

a web application into a mobile
application.
The

SDD
project was

chosen
as a test base since it was recently developed
and also has some basic components that are usually part of any web site like
authentication and database access. We chose
i
Phone mobile device as the device of
choice.

Since the
SDD
project
was already implem
e
nted
as
a

web application, a lot of the effort
required to provide interfaces
for
the
web application would depend on the overall design
iSDD


rravikum

4

of the existing system. This would be challenging considering the fact that the previous
work did not reflect the need

to be flexibl
e enough
as a

mobile application.

In

the initial
research phases
of the project
I went through

design and code

from previous
work and

to see whether the code can be
reused for the mobile application. One
constraint about this project is that we had access to only few set of functionality
especially the login scripts and the overall database tables. After
going through the login
script, I

realized from
the
design
and o
rganization of the code,
that the individual
components that make up big application were not reusable in its existing state
. The
code was not modularized into reusable components. Since the mobile application could
have a different workflow it becomes nec
essary for the existing code to be able to
support more granular operations. My first task would be to reduce coupling while still
maintaining high cohesion by refactoring the code
.

One of the reasons for the refactor is to ensure that the underlying busin
ess logic is
extensible and usable by multiple kinds of devices. Thus it becomes very important how
the server exposes its functionality.

In this project,
the users will be authenticated from screen to screen
by the
server
-
issuing

authentication token.
The

reason is to i
dentify the continuously

identify valid user
request that come to the server.


The server side code functionality would be exposed via a RESTful

[3]

API
. REST
piggybacks

on HTTP which is already a very standardized
protocol

used by everyone.
Mobile applications also can work with HTTP.
Hence the choice was made to expose the
web servi
ce using RESTful API’s
.
REST service being simple also has some
performance implication when compared to traditional SOAP web services

[1].





A concrete implementation of a REST Web service follows four basic design principles:



Use HTTP methods explicitly.



Be stateless.



Expose directory structure
-
like URIs.



Transfer XML, JavaScript Object Notation (JSON), or both.
[4]


This basic REST design
principal

establis
hes a one
-
to
-
one mapping between create,
read, update, and delete (CRUD) operations and HTTP methods. According to this
mapping:

iSDD


rravikum

5



To create a resource on the server, use POST.



To retrieve a resource, use GET.



To chan
ge the state of a resource or to update it, use PUT.



To remove or delete a resource, use DELETE.


Mobile development poses its own challenges. Some of the challenges just
lie

in learning
a new paradigm or a programming language. Others are more fundamental when it
comes to designs of the existing system. This project gives me an opportunity to
research these differences and experiment on a very practical application.



5
.
Project plan



The ultimate goal of this project is to, imple
ment SDD in mobile application
. The end
result will be a working
framework of the
SDD
client side
code in

IOS
.
The most
invaluable aspect of this project would be the lessons learned while investigating the
difference in
the
web application develop
ment

and
the
mobile application development
.


This project is to be compl
et
ed by the end of term, Spring 2013



Here
are the

tasks involved




Completed f
inal project proposal



Begin project work



Approved project proposal



Completed
project work and draft of report



Completed final project report



Completed project defense


6
. Deliverables


The deliverables of this project includes the project
report that

documents the design
and implementation of iSDD app,
and a

working
prototype.




iSDD


rravikum

6

R
eferences
:



Hamad, H., Saad, M., Abed, R. (2010). Performance Evaluation of RESTful Web
Services for Mobile
Devices. International Arab Journal of e
-
Technology, 72(1)



Battle, R., Benson, E. (2008). Bridging the Semantic Web and Web 2.0 with
Representational State Transfer (REST).
Journal of Web Semantics, 6, pp. 61

69



Reinhardt
, W., Suntrup, C
Mobile access to
scientific event information:

An Android
tablet application for ginkgo
.



Nurseitov, N., Paulson, M., Reynolds, R., & Izurieta, C. (2009). Comparison of JSON
and XML Data Interchange Formats: A Case Study.




Guide to Cryptography: https://www.owasp.org/index.
php/Guide_to_Cryptography



HMACSHA:
http:/
/msdn.microsoft.com/en
-

us/library/
system. Security
.

Cryptography



Martin Fowler, 2003,

Patterns of Enterprise Application Architecture,

Pearson’s
publishing



ASP. Net Web API: www.asp.com/web
-
api



XCode and Cocoa: https://developer.apple.com



Concepts in Objective C
Programming:

developer.apple.com