Sunteți pe pagina 1din 13

Software Requirements

Specification
For

Mobile Phone Based Security System


Supervised by:
Mr. Shantha Fernando
Mr. Samantha Senaratne

Prepared by:

Awantha S.A.T
Darshana S.A.T.
Kumara M.D.B.J.B.
Sandakalum H.K.L.S.

Department of Computer Science and Engineering


University of Moratuwa

26thOctober2006

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

TableofContents
TableofContents...........................................................................................................................ii
1. Introduction..............................................................................................................................1
1.1
1.2
1.3
1.4

Purpose.......................................................................................................................................1
DocumentConventions..............................................................................................................1
IntendedAudienceandReadingSuggestions.............................................................................1
ProjectScope..............................................................................................................................1

2.1
2.2
2.3
2.4
2.5
2.6
2.7

ProductPerspective....................................................................................................................2
ProductFeatures.........................................................................................................................2
UserClassesandCharacteristics................................................................................................3
OperatingEnvironment..............................................................................................................3
DesignandImplementationConstraints.....................................................................................4
UserDocumentation...................................................................................................................4
AssumptionsandDependencies.................................................................................................4

2. OverallDescription..................................................................................................................2

3. SystemFeatures.......................................................................................................................4
3.1
Authenticationusingusersmobilephone..................................................................................4
3.1.1 DescriptionandPriority.........................................................................................................4
3.1.2 Stimulus/ResponseSequences...............................................................................................5
3.1.3 FunctionalRequirements........................................................................................................5
3.2
Alternativeauthenticationmechanismforspecialconditions.....................................................5
3.2.1 DescriptionandPriority.........................................................................................................5
3.2.2 Stimulus/ResponseSequences...............................................................................................5
3.2.3FunctionalRequirements..........................................................................................................5
3.3
Identifyingthedirectionoftheauthenticateduser......................................................................6
3.3.1 DescriptionandPriority.........................................................................................................6
3.3.2 Stimulus/ResponseSequences...............................................................................................6
3.3.3 FunctionalRequirements........................................................................................................6
3.4
Automaticauthorizationtotheresources...................................................................................6
3.4.1 DescriptionandPriority.........................................................................................................6
3.4.2 Stimulus/ResponseSequences...............................................................................................6
3.4.3 FunctionalRequirements........................................................................................................7
3.5
Identifyingthelocationoftheuser.............................................................................................7
3.5.1 DescriptionandPriority.........................................................................................................7
3.5.2 Stimulus/ResponseSequences...............................................................................................7
3.5.3 FunctionalRequirements........................................................................................................7
3.6
Trackingtheusersspecificactivitiessuchasenteringandleavingtime...................................7
3.6.1 DescriptionandPriority.........................................................................................................7
3.6.2 Stimulus/ResponseSequences...............................................................................................7
3.6.3 FunctionalRequirements........................................................................................................7

4. ExternalInterfaceRequirements...........................................................................................8
4.1
4.2
4.3

UserInterfaces............................................................................................................................8
HardwareInterfaces...................................................................................................................8
SoftwareandcommunicationInterfaces.....................................................................................8

5.1
5.2
5.3
5.4

PerformanceRequirements.........................................................................................................9
SafetyRequirements...................................................................................................................9
SecurityRequirements..............................................................................................................10
SoftwareQualityAttributes......................................................................................................10

5. OtherNonfunctionalRequirements.......................................................................................9

AppendixA:Glossary..................................................................................................................11
Abbreviations........................................................................................................................................11

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

1.

Introduction

1.1

Purpose

This document, the software requirement specification for the project Mobile Based Security
System is intended to specify the whole requirements relevant to the project. This includes all
the functional & non-functional requirements within the scope which is going to be
implemented. Apart from that this specifies major software and hardware features of the
system.
Software Requirements Specification acts as the basis agreement between the relevant
customer and the project development team. This also causes to reduce the effort needed by
the development team while giving best estimation capabilities.

1.2

DocumentConventions
Names of main sections have been inserted in bold letters.
All abbreviations and acronyms are defined in Appendix A.
New phrases are in italic letters.

1.3

IntendedAudienceandReadingSuggestions

The indented audience of this document is spread in various areas. This project is mainly
focusing on commercial organizations that need security system with some sort of enhanced
features. For example banks, IT industries, educational organizations like universities and etc.
And also project supervisor and the department staff who are doing the project coordination,
project manager, project team leader, developers, documentation writers and quality assurance
people are the other intended audience of this project.
Sequence of reading this document is suggested as top to bottom beginning from the
introduction.

1.4

ProjectScope

Mobile phones based security system is a security system with some sort of user friendly
authentication capabilities with the use of a mobile phone basically. The main purposes behind
this project are to reduce some of the vulnerabilities in existing security systems, providing
user friendly authentication mechanisms (for organizations resources such as domains,
networks and so on) and location identification. This will be useful to business organizations
for keeping confidential information as confidentially. For example the strategies, stability,
configurations and etc are can be considered as some of the confidential information. And it
can also provide some management capabilities as well.
The project is carried out within two phases.
Phase 1: Main entrance authentication and resource management.
DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

Phase 2: Location identification and Sub section authentication.

2.

OverallDescription

2.1

ProductPerspective

Even though the product which is going to be implemented is a new product it can be used as
a enhancing solution for a existing system. Most common security systems at present are
swipe cards, finger print identifications, face recognitions, RFID and etc. Since MPBSS is
consist of automatic authentication and location identification, it is possible to replace or
improve the above mentioned security systems using the mechanisms which are using in this
system implementation.
The following diagram illustrates high level prototype of the system.

BlueTooth Adaptors

AD
AD

User with Bluetooth supported


Mobile Phone

Main Entrance

Sub Entrance

Main Server
BlueTooth Adaptors

Department x

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

2.2

ProductFeatures

The key features of this system can be abstracted as follows.


Authentication through users mobile phone
Alternative authentication mechanism for special conditions
Identifying the direction of the authenticated user(entering or leaving the premise)
Automatic authorization to the resources
Identifying the location of the user
Tracking the users specific activities such as entering and leaving time.

2.3

UserClassesandCharacteristics

Under the features specifying in the system it is possible to divide the users into several classes
as follows.
Note: Assume that all the users have mobile phone except if not especially mentioned
Administrator
The system administrator which administrates the resources of the organization
has all the privileges mentioned under 2.2 product features.
Normal users
The people who uses the organization resources such as computers, networks
and other peripherals. This class of users has all the privileges except the
administrative privileges.
Normal users without a mobile phone
Even though this kind of users has the same privileges as the normal users he
or she will be authenticated through another step. Location based identification
is not possible under this class of users.
Minor staff
This class of users includes people like peons, cleaning staff, maintaining staff,
security and so on. This class of users has the privileges to authentication but
not automatic authorization privileges.
Visitors
These are the people external to the particular organization. They have
privileges only to authenticate to the organization.

2.4

OperatingEnvironment

The system consists of two operating environments, client side and server side. Client side is
run on a mobile phone environment while the server side is running on a LDAP server. The
communication between the mobile client and the server is handling via bluetooth technology.
DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

2.5

DesignandImplementationConstraints

Most of the nowadays phones contains the java platform and some of have windows platform.
Therefore the system may have a constraint of platform dependency. Since the client side is
operating on a mobile phone there are constraints on memory and the processing power of the
mobile phone. Apart from those things communication time is also a main constraint for the
system. Since the development is carried out under the Bluetooth and LDAP protocols
this system has those communication protocols constraints.

2.6

UserDocumentation

Project website will be published with all the details regarding the project. It allows users to
login to their profiles, get online help and some extra features as well. An organization which
is going to use this system will be provided a user manual apart from the online help provided
through the project web site.

2.7

AssumptionsandDependencies

The assumptions and dependencies relevant to the system are as follows.


All the users who are supposed to use this system should have bluetooth enabled
mobile phone within or near the premise.
User has installed the mobile application to his/her personal mobile phone which is
provided by the system.
The particular user who will access the system is inside the effective signal area to get
outcomes from this MPBSS.
The organization consist a proper and reliable network.
The users are not entering to the premise as a crowed at a particular moment.
Proper communication can be depends upon the environmental conditions.
User is keeping his/her phone with him/her at all the time.

3.

SystemFeatures

3.1

Authentication using users mobile phone

3.1.1 Description and Priority


Whenapersontriestoentertoapremiseofanorganizationthroughanentrance,
he/she will be checked whether he/she is an authorized person by analyzing his
mobilephonedetailsthroughBluetoothtechnology.Ifhe/sheisanauthorizedperson
he/shecanaccesstotherelevantpremisebyenteringthecorrectpasswordinthepop
DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

upapplicationinhis/hermobilephone.Thisfeaturehasthehighestpriorityinthe
system.
3.1.2 Stimulus/Response Sequences

Two bluetooth adapters which are attached on either sides of the entrance are
searching for bluetooth enabled phones which are inside the effective signal area.
User comes near to the entrance.

Bluetooth adapters detect the phone and send a signal requesting the username
which is a unique id of the phone (IMEI number, SIM number or phone number).

Then mobile phone starts the MPBSS application on the mobile phone and
responds to the request automatically.

System checks the username with the system database by mapping. If it mapped
request a password from the user. Otherwise send a invalid user notification.

User enters the password.

If the password is correct, authenticate the user with success notification message
while updating the system database and open the door. If not request the password
again no more than thrice. If the user fails every time system sends an invalid user
notification message.

3.1.3 Functional Requirements


REQ-1: Providing a more secure authentication mechanism
REQ-2: Alienation of the authentication mechanism has very low possibility.
REQ-3: Ease of identifying error conditions.

3.2

Alternativeauthenticationmechanismforspecialconditions

3.2.1

DescriptionandPriority
When some user forgot to bring his mobile phone on a particular day, the system
offers an alternative solution on that kind of occasions. The system provides special
user interface to input username and password to the system. He/she also has to
face some extra steps to authenticate. This feature has lower priority than the
earlier feature (3.1).

3.2.2 Stimulus/ResponseSequences
User enters username and password to special interface.

If username and the password are accepted by the system, the user has to go
through some extra steps (such as answering a security question) to enter to the
premise.

Send notifications to the system administrator and to other relevant people.

3.2.3 Functional Requirements


DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

REQ-1: Provide an alternative mechanism to authenticate in special occasions.


REQ-2: Limit the usage of alternative mechanism to compel users to use original
authentication mechanism.

3.3

Identifying the direction of the authenticated user

3.3.1 Description and Priority


System needs to identify whether a particular user is within the premise or not. So
by using two Bluetooth adapters located in either sides of the main entrance it is
possible to identify the users moving direction, into the premise or out of the
premise by controlling the signal strength of the Bluetooth signals. This also having
a higher priority.
3.3.2 Stimulus/Response Sequences
At the entrance both adapters detects the mobile phone.
Through the sequence of detecting the device by Bluetooth adapters determine the
moving direction of the user.
Update the system database.

3.3.3 Functional Requirements


REQ-1:

3.4

Identify whether a particular user is within the premise or not at a


particular time.

Automatic authorization to the resources

3.4.1 Description and Priority


Authenticated user can automatically authorize to some special resources (such as
network domain, printers, servers and etc) within the premise by getting the
required details from the system database.
3.4.2 Stimulus/Response Sequences
Usertriestoentertotheorganizationdomainbyenteringusernameandpassword.
Systemcheckwhetheraparticularuserislegallyinsidethepremiseornot.If
he/she is a legally authenticated user, system allows him/her to access to the
resources. If not system automatically prevent him/her from accessing the
resources.
DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

3.4.3 Functional Requirements


REQ-1: Prevent illegal user authorizations.
REQ-2: provide automatic authorizations for legal users.

3.5

Identifying the location of the user

3.5.1 Description and Priority


Within a premise there can be several sections. In each section there are Bluetooth
adapters. So when a user enters to a particular section those adapters detect that
user and update the system database. Thus the system has the capability of
determining the location of a particular user.
3.5.2 Stimulus/ResponseSequences
User comes into a particular section
Correspondentadapterautomaticallydetectstheuserandupdatethesystem
database.
3.5.3

FunctionalRequirements
REQ-1: Identify the location of a particular user.
REQ-2: Providing some user controlling, base on the location.

3.6 Trackingtheusersspecificactivitiessuchasenteringandleaving
time
3.6.1

DescriptionandPriority
In an organization, keeping staffs behavioral information such as arriving and
leaving time is very useful to the management and higher level people. For example
when some organization policy violation has occurred it can be tracked through
this kind of information.

3.6.2 Stimulus/ResponseSequences
Keep daily logs of the database.
Refer the logs and current database when this kind of information is needed.

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

3.6.3

FunctionalRequirements
REQ-1: Provide support for management activities.

4.

ExternalInterfaceRequirements

4.1

UserInterfaces

The system contains several interfaces which the user can interact with. These interfaces are
depending on the role of the user. These interfaces can be classified as follows.
User interface in a mobile phone.
This facilitates the user to interact with the system through a mobile phone. For
that the user must have installed the mobile application which is a part of the
system. If not the user unable to identify even there is such kind of security
system in the organization. The communication between the mobile phone and
the bluetooth devices are through this application via bluetooth technology.
Every detail such as username, passwords, error messages and other
notifications are received or initialized through this interface.
System admin interface.
This is the core of the system which is handled by the system administrator.
This facilitates adding and removing users to the system, updating the user
profiles, communication with users mobile phone, mapping the users, updating
and retrieving data from the databases,
Web interface.
Web interface provides general description about the system with the user login
facility to the system to do things like profile updating. This also provides help
and guidance to the users.

4.2

HardwareInterfaces

The system consists of several hardware interfaces such as Mobile phone, bluetooth adapters,
server, network peripherals and door with a automated lock. Mobile phone and bluetooth
adapters communicate via bluetooth technology to transfer useful information among them.
Not only bluetooth adapters communicate with the users mobile phone, it also communicates
with the system server. This communication is the one who handles most of the security issues.
All the users have to go through the system server to access the organization resources such as
networks.

4.3

SoftwareandcommunicationInterfaces

When looking at the software interfaces, it can be mentioned that there are so many.
Linux and Windows operating systems
DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

Windows operating system is using in the system server while Linux OS is used
with LDAP.
Mobile application developing tools.
LDAP
This is used to domain authentication purposes.
Communication through bluetooth protocol.
Communication between the phone and the adapter is done via bluetooth
technology.
Wired communication
Wired communication is used all over the places except between the phone and
the adapters.
Web interface
Web interface is based on Microsoft Internet Explorer.

5.

OtherNonfunctionalRequirements

5.1

PerformanceRequirements
Mobile phone application occupies less memory with high performance.
Since mobile phones are having limited memory capacity and not much higher
processing power, the application should have above features.
Less battery power consumption for bluetooth communication.
The user has to enable bluetooth within the premise all the time. But it
consumes battery power of the phone. So this can be a problem for the users.
To avoid this problem, the communication should use optimal power
consumption.
Servers have high performance with low latency.
It is needed to give responses to the requests without a delay.
Real time and reliable communication.

5.2

SafetyRequirements
Bluetooth communication and devices should be proper and not vastly depends on
environmental factors.
If the communication is vastly depends on factors like environment condition,
noise, the communication may be not proper and reliable.
High availability.
System should correctly handle in high load circumstances.
Adhere to the organizational policies.
The system should follow the common organizational policies.

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

5.3

Page

SecurityRequirements
Secure communication.
All the communication information should be encrypted to achieve
confidentiality.
Prevent illegal access to databases.
Since all the information is stored in databases, only administrator can see those
data.
Prevent alienate of highly secured information.
Reduce the ability of alienation of highly secured data such as login details to
remove vulnerabilities.
System access through web is secure.
The system is accessible through web for limited purposes of users. But this
communication should be secure as well.

5.4

SoftwareQualityAttributes
Adaptability and flexibility
System should be easily changed according to the organization and its
environments.
Availability
High availability should be satisfied by the system to prevent illegal access to
the premise.
Correctness
Correctness should be there to provide facilities for legal persons only.
Interoperability
Separate operations should be identified as separate. And there can be parallel
operations like more than one users accessing from the entrance.
Maintainability
The system should develop in a way that it can be easily changed to satisfy
change of requirements.
reliability
Since this is a security product the reliability is a major requirement to achieve
security goals.

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

SoftwareRequirementsSpecificationforMobilePhoneBasedSecuritySystem

AppendixA:Glossary
Abbreviations
IT Information Technology
IMEI - International Mobile Equipment Identity
LDAP Lightweight Directory Access Protocol
SIM - Subscriber Identity Module
REQ Requirement
OS Operating System
RFID Radio Frequency Identification
MPBSS Mobile Phone Based Security System

DepartmentofComputerScience&Engineering
UniversityofMoratuwa.

Page