Professional Documents
Culture Documents
Proposal (20 CS 101)
Proposal (20 CS 101)
PROPOSAL
UNIVERSITY OF ENGINEERING & TECHNOLOGY TAXILA
he Lazy Eye App is a valuable tool because it uses the latest tech to help people
with lazy eyes. Out of 10 people almost 2 are victim of this disease, and they can't
properly see/focus. This app stands out because it will help them to cure this
disease without costly therapies and it also have a vast scope in ophthalmology. It
combines two emerging technologies: data science and deep learning. Data
science helps the app understand each person's needs and progress, so it can
create exercises that work best for them. Deep learning is like a super-smart
computer that makes the exercises better as people use them more. The app can
even guess how much someone's eyes might improve in the future. And guess
what? It's also like a fun game! The app uses this data to make the exercises feel
like a game personalized just for you. It keeps you interested and wanting to do
the exercises. Plus, it keeps making new exercises that match what you like. So,
this app is a special blend of new technology and fun, all to help people with lazy
eyes see better.
In the rapidly evolving landscape of web API security, the "Web API HMAC
Authentication" stands as a pivotal endeavor, employing the robust Hash-based
Message Authentication Code (HMAC) mechanism. At its core, HMAC ensures
data integrity and authentication by generating a unique Message Authentication
Code, contingent upon a shared Private Secret API Key and a Public Shared APP
ID. The server, responsible for key generation, securely transmits these credentials
to the client, fostering a foundation of trust.
This proposal delves into the intricacies of HMAC authentication, shedding light
on its core components: the generation of HMAC signatures on the client side and
the subsequent verification process on the server side. Through careful
consideration of parameters such as HTTP method, APP ID, nonce, request URI,
and timestamp, HMAC authentication not only fortifies against data tampering but
also safeguards against unauthorized requests and replay attacks. With a nuanced
understanding of HMAC's inner workings, this project positions itself as a reliable
solution for developers seeking to enhance the security posture of their web APIs.
Objectives:
Problem Description:
The existing landscape of web API security is riddled with vulnerabilities, marked
by the persistent threats of unauthorized access and data tampering. Current
authentication methods often prove inadequate, leaving APIs susceptible to
breaches that compromise data integrity. The absence of a standardized and robust
solution exacerbates the challenge, particularly in C# applications using the .NET
framework. Developers grapple with the complexity of integrating effective
security measures seamlessly into their systems. Traditional approaches fall short
in providing foolproof protection, leaving APIs exposed to potential replay attacks.
This project emerges in response to these critical shortcomings, aiming to
implement HMAC authentication to establish a secure and reliable foundation for
web API communication, alleviate developer concerns, and mitigate the risks
associated with contemporary security vulnerabilities.
Methodology:
We are following the Software Engineering Process and according to these
following phases will be covered:
Requirements Gathering:
In this phase we will note the main and basic functional and non-functional
requirements. For example, HMAC Generation, Key Generation, Authentication
process and Secure key handling.
In non-functional requirements we make a user-friendly interface, easy to use,
smooth working, compatible, reliable on all OS, maintain its structure etc. It should
be usable and reliable.
Refine:
Again, do requirements analysis and added all the required functionalities.
Design documentation:
First, we create the UI of all screens on sigma, designing UML diagrams and flow
charts based on the functional requirements.
We will follow the Agile development model for this project as it will allow
flexibility in incorporating changes.
Data Flow Diagram:
Implementation:
The implementation of design and functional requirements using the backend and
front-end technologies. In this phase, we will mainly go over the technical aspects
of coding.
Testing:
We will create test cases and run application through them to assess each module,
combine them, and subsequently conduct a comprehensive test of the entire
application.
Project Scope:
The solution finds application in diverse sectors, ranging from finance and
healthcare to e-commerce and government services. Its adaptability to
various web service and API scenarios positions it as a versatile security
measure, addressing the specific needs of industries where secure data
communication is paramount.
In conclusion, this implementation not only elevates the level of trust in data
exchanges but also showcases its applicability across different domains. As a
result, developers and organizations can confidently adopt this authentication
mechanism, ensuring a secure and reliable communication channel in the dynamic
landscape of web services and API interactions.
Tools/Technology:
C#
ASP.NET Web API.
Visual Studio.
.Net Framework
Milestones:
References:
https://dotnettutorials.net/lesson/hmac-authentication-web-api/
https://developer.infornexus.com/api/api-overview/hmac-
authentication#:~:text=In%20HMAC%20authentication%2C%20every
%20request,it%20in%20the%20Authorization%20header.&text=Your
%20first%20step%20is%20to,a%20Data%20API%20Agent%20User.
MSDN. "System.Security.Cryptography Namespace."
https://security.stackexchange.com/questions/98349/securing-rest-api-with-
hmac-and-basic-auth