Password Security System For Websites by Mike Taylor

Case Study Password Security System

www.brainvire.com | ÂŠ 2013 Brainvire Infotech Pvt Ltd

Page 1 of 9

Client Requirement This is a Mobile application created to run on both iOS (iphone / iPad) and Android (SmartPhones / Tablets)-based operating systems. This application can be used for multiple purposes including corporate meetings and e-learning. Client wanted to launch an innovative concept of automatic video creation out of text written on the board. The application is also capable of capturing audio. PasswordBoss is a free password manager that allows users to securely store, retrieve and share usernames, passwords and other personal data anytime, anywhere, on any device.

Client required the following:   



 



1-Tap login to mobile apps and websites. Automatically saves your logins while you browse Passwords encryption with AES-256, the strongest grade of encryption Secure SSL protection for data during sync between devices Create new strong passwords and save them while you browse Locked with a Master Password that only YOU know Optional Pin Code Lock for additional security Secure password sharing and management, for sharing passwords with coworkers or family Instant Login to your accounts using our secure in-app browser Encrypted Safe Notes for sensitive personal information Customizable StartPage for accessing your mostvisited sites with 1-Tap Auto-Lock function to safeguard against theft

ProjectChallenges Team faced the following challenges:  Recording of audio and text in the background to create MPEG Video.  Timely Audio-video synchronization  Sync between web application and phone device.  Smooth writing on the board while video recording is occurring.

Page 2 of 9

Technologies Used IOS SDK: Xcode 5.1

Core Data Framework

Database: SQLite

Encryption: SQLCipher

Android ADT Eclipse Plugin Programing Languages

Xcode is a tool, also called as IDE, used to develop iOS and Mac applications. It is a main component of Xcode toolset. It groups most of the tool needed to develop software in a streamlined and interactive manner. The Core Data framework provides generalized and automated solutions to common tasks associated with object life-cycle and object graph management, including persistence. The SQLite database is a small, compact, and self-contained database available on multiple platforms and available to the public. It has a small footprint and is easy to install and administer. In addition, many devices have the SQLite database already installed, including Android and Blackberry devices. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files. Android Development Tools (ADT) is a plugin for the Eclipse IDE that is designed to give you a powerful, integrated environment in which to build Android applications. IOS: Objective C Android : Java The model–view–controller framework separates the representation of information in a computer program from the user's interaction with it.The model consists of application data and business rules, and the controller mediates input, converting it to commands for the model or view.

MVC

Manpower Project Leader

Developers

Designers

Quality Assurance Testers

Page 3 of 9

Planning The following development approach was adopted to equip the site with numerous features and functionality mentioned before: 

Development – High Level Coding Standards were followed for managing backup data volume. Simultaneously, synchronization with server for recent data modulations was also performed.



Syncing existing and newly available data for backup with our database required specific attention. This helped in result generation.



Designing the application interaction and flow for user-friendliness and interactivity.



Introduced high level of server and data fetching technology.



Syncing existing and newly available data for backup with our database required specific attention. This helped in result generation.



Maintained consistency in Graphical appearance with the help of given wireframe.



Milestones were defined to complete each inter-linked assignment. Continuous data synchronization between the mobile device and server was required at every interval.



Research and analysis were scheduled at every project level to effectively manage the quality and workflow processes for better and improved performance.

Architecture  IOS  Application Life Cycle The application life cycle constitutes the sequence of events that occurs between the launch and termination of your application. In iPhone/iPad OS, the user launches the application by tapping its icon on the Home screen. Shortly after the tap occurs, the system displays some transitional graphics and proceeds to launch your application by calling its main function. From this point on, the bulk of the initialization work is handed over to UIKit, which loads the application’s user interface and readies its event loop. During the event loop, UIKit coordinates the delivery of events to your custom objects and responds to commands issued by your application. When the user performs an action that would cause your application to quit, UIKit notifies your application and begins the termination process. The following figure depicts the simplified life cycle of an iPhone application. This diagram shows the sequence of events that occur from the time the application starts up to the time it quits. At initialization and termination, UIKit sends specific messages to the application’s delegate object to let it know what is happening. During the event loop, UIKit dispatches events to your application’s custom event handlers.

Page 4 of 9

Figure: Application life cycle



Event Handling Cycle

After the UIApplication main function initializes the application, it starts the infrastructure needed to manage the application’s event and drawing cycle, which is depicted in the following figure. As the user interacts with a device, iPhone/iPad OS detects touch events and places them in the application’s event queue. The event-handling infrastructure of the UIApplication object takes each event off the top of this queue and delivers it to the object that best suited to handle it. For example, a touch event occurring in a button would be delivered to the corresponding button object. Events can also be delivered to controller objects and other objects indirectly responsible for handling touch events in the application.

Figure: The event and drawing cycle

In the iPhone OS Multi-Touch event model, touch data is encapsulated in a single event object (UIEvent). To track individual touches, the event object contains touch objects (UITouch), one for each finger that is touching the screen. As the user places fingers on the screen, moves them www.brainvire.com | © 2013 Brainvire Infotech Pvt Ltd

Page 5 of 9

around, and finally removes them from the screen, the system reports the changes for each finger in the corresponding touch object. When it launches an application, the system creates both a process and a single thread for that application. This initial thread becomes the application’s main thread and is where the UIApplication object sets up the main run loop and configures the application’s event-handling code. Figure shows the relationship of the event-handling code to the main run loop. Touch events sent by the system are queued until they can be processed by the application’s main run loop.

Figure: Processing events in the main run loop

 The MVC Architecture is a combination of Model-View-Controller. 1. Model: The model object knows about all the data that need to be displayed. It is model who is aware about all the operations that can be applied to transform that object. It only represents the data of an application. The model represents enterprise data and the business rules that govern access to and updates of this data. Model is not aware about the presentation data and how that data will be displayed to the browser. 2. View: The view represents the presentation of the application. The view object refers to the model. It uses the query methods of the model to obtain the contents and renders it. The view is not dependent on the application logic. It remains same if there is any modification in the business logic. In other words, we can say that it is the responsibility of the view's to maintain the consistency in its presentation when the model changes.

3. Controller: Whenever the user sends a request for something then it always go through the controller. The controller is responsible for intercepting the requests from view and passes it to the model for the appropriate action. After the action has been taken on the data, the controller is responsible for directing the appropriate view to the user. In GUIs, the views and the controllers often work very closely together.

Page 6 of 9

Android  Android Architecture Diagram:

   

The above figure shows the diagram of Android Architecture. The Android OS can be referred to as a software stack of different layers, where each layer is a group of several program components. Together it includes operating system, middleware and important applications. Each layer in the architecture provides different services to the layer just above it. We will examine the features of each layer in detail. www.brainvire.com | © 2013 Brainvire Infotech Pvt Ltd

Page 7 of 9



Linux Kernel  The basic layer is the Linux kernel.  The whole Android OS is built on top of the Linux 2.6 or higher Kernel with some further architectural changes made by Google.  It is this Linux that interacts with the hardware and contains all the essential hardware drivers.  Drivers are programs that control and communicate with the hardware. For example, consider the Bluetooth function.  All devices has a Bluetooth hardware in it. Therefore the kernel must include a Bluetooth driver to communicate with the Bluetooth hardware.  The Linux kernel also acts as an abstraction layer between the hardware and other software layers.  Android uses the Linux for all its core functionality such as Memory management, process management, networking, security settings etc.  As the Android is built on a most popular and proven foundation, it made the porting of Android to variety of hardware, a relatively painless task.



Libraries  The next layer is the Android’s native libraries. It is this layer that enables the device to handle different types of data.  These libraries are written in java language and are specific for a particular hardware.  Some of the important native libraries include the following: o

o o o o

Surface Manager: It is used for compositing window manager with off-screen buffering. Off-screen buffering means you can’t directly draw into the screen, but your drawings go to the off-screen buffer. There it is combined with other drawings and form the final screen the user will see. This off screen buffer is the reason behind the transparency of windows. Media framework: Media framework provides different media codecs allowing the recording and playback of different media formats SQLite: SQLite is the database engine used in android for data storage purposes WebKit: It is the browser engine used to display HTML content OpenGL: Used to render 2D or 3D graphics content to the screen



Android Runtime  Android Runtime consists of Dalvik Virtual machine and Core Java libraries.



Dalvik Virtual Machine  It is a type of JVM used in android devices to run apps and is optimized for low processing power and low memory environments.  Unlike the JVM, the Dalvik Virtual Machine doesn’t run .class files, instead it runs .dex files. .dex files are built from .class file at the time of compilation and provideshifger efficiency in low resource environments.  The Dalvik VM allows multiple instance of Virtual machine to be created simultaneously providing security, isolation, memory management and threading support. It is developed by Dan Bornstein of Google.



Core Java Libraries  These are different from Java SE and Java ME libraries. However these libraries provides most of the functionalities defined in the Java SE libraries.



Application Framework  These are the blocks that our applications directly interacts with. These programs manage the basic functions of phone like resource management, voice call management etc. As a developer, you just consider these are some basic tools with which we are building our applications.  Important blocks of Application framework are: o Activity Manager: Manages the activity life cycle of applications www.brainvire.com | © 2013 Brainvire Infotech Pvt Ltd

Page 8 of 9

o o o

Content Providers: Manage the data sharing between applications Telephony Manager: Manages all voice calls. We use telephony manager if we want to access voice calls in our application. Location Manager: Location management, using GPS or cell tower Resource Manager: Manage the various types of resources we use in our Application

DevelopmentHighlights 

This application for iPad is built around objective C and core data framework. This application was also made compatible to iOSsdk 5.1 at a later stage. Almost all the modules are developed using foundation, core graphics, UIKIT and AVAssetWriter framework. All the user interface items are placed in view controllers and are linked with the controller files project along with the outlets, actions of the UI element. Integration of various 3rd party tools was required. The App was developed and fully functional within a span of 5 months.



Special focus on interactivity and user friendliness of the app while designing the Android and IOS application.



Mobile and Tablet Compatibility with a single application build



Database Encryption at Local and Server Side



Agile development strategies implemented using various proven tools thus ensuring quick and effective solutions.



Optimal usage of open source technologies to reduce the total cost of android application development.



Unit testing applied to ensure the quality of the application.

Page 9 of 9