[Work done from 29th December 2008 to 11th January 2009]
Within the last two week duration, I was mainly involved with final project report and research paper writing. I already had some preparation and just keep writing both paper most of time. Rather than writing the reports I had to involve with the system integration with eID web service plug-in too. Most of the core functionalities of web service is working perfectly and depend on some new requirements of the eID web browser plug-in, I had to do some changes to the web service. Most of the requirement are solved and but there still there is some remaining requirements to finish.
Also we had a meeting with project supervisor Dr. Chandana Gamage on 15th January 2009 and discussed mainly about reports and potential opportunities to publish papers. Also in that meeting we discussed about having a public IP for deploy the eID authentication and Identification web services.
I’m happy to inform you that we are now ready to release the Beta version of the eID Browser extension and the eID Desktop application.
Our team has now overcomed from many problems and now successes with the objective of the eID Browser extension and the eID Desktop application. I’m so happy on this success of the Beta version objective as a coordinating member of the eID software team, And I would like to thanks Malalesena on this mater in behalf of the team.
And again I would like to update all the team members about the Beta version of the eID Browser extension and the eID Desktop application.
Objective of the Beta version :
eID Browser extension -
1 : Make a connection with Browser and the Rilain party.
2 : Display the Re lain Party Policy to the eID card holder in a customised way.
3 : Get the acceptance from the eID hard holder to accept the policy.
4 : Get the Pass-Phrase from the eID hard holder : Pass it to the eID Desktop application.
5 : Get the Output from the eID Desktop application.
6 : Send back the details to the Re lain party.
eID Desktop application-
1 : Get the Re lain party Policy from the eID Browser Extension : Tokenise the Re lain party Police : Send back the details of the Re lain party Policy to the eID Browser Extension.
2 : Get the Pass-Phrase from the from the eID Browser Extension.
3 : [ Signing and Encryption of the wanted data ] Dummy work. – [ Plan to cover in the next working model ]
4 : Make the connection with the eID Web Services.
5 : Waiting for the reply from the eID Web Services : Get the reply from the eID Web Services.
6 : Send back all the encrypted details to the eID Browser Extension.
Now we have covered all this objective in the Beta version with many successive battles with the client side and web services side. And now we can forward on the line towards the next version. I have some objectives to be finished with the next version working model. That is we need to finished the eID Desktop application with the completion of the proper signing and prober encryption in the client side (Object 3 in the Beta version full fill with the original working model) in the next version.
For that we need to do some work on the eID Java card. I hope if we finished that we can replace the dummy model with the original codes.
From the Software development team coordinate,
[Work done from 15th December to 28th December 2008]
During this two week period we were in the final stage development and also we had to participate in a competition out of the university and present our project. We had the national level selection presentation for the World Summit Award 2009 under the e-Business/e-Governance category at ICTA Sri Lanka on Tuesday, December 23, 2008. It was a successful presentation on our part where we were able to get external feedback from the panel which judged.
There after we had a formal meeting with our project supervisor on the 24th December where we discussed about the presentation for WSA 2009. And also we discussed about the research papers.
Meanwhile we had started to integrate the project components together which were developed by individuals. I had to work in the Malalasena’s web services to integrate with the client side application. We had many integration problem and we both tried to manage to integration successful.
Problems We had during the integration :
- String sensitive, XML tags has automatically converted to lower case, we first we had bad signing problem.
- Problems to load the external libraries in the eID client application. Then I used the class loader to load all external libraries.
- Signing of the XML string, it was a problem due to the Java security class in the client side.
I succeeded on solving these problems with several testing.
[Work done from 15th December to 28th December 2008]
During last two weeks we started to integrate the project components together. So in the case of eID web service is secured in a manner that it can be only invoked by the eID Browser Plug-in created by Shayanthan. Hence, in last week we start to work together and integrate the web service and the web browser plug-in. That was little bit difficult task due to web browser plug-in was very sensitive to the string and case lost of matters. However finally we figure out the problem and solve that and successfully integrate the web service with the browser plug-in.
After some time we had another problem regard the web service and web browser integration, due to smart card can’t handle long string and we had a problem with signing and encrypting the XML policy string in the client side. So we decides sing the XML policy string’s hash value. So in the web service side also I have to change the bossiness logic that accepts the signature of hash value of policy string rather than signature of the policy string.
After that I concerned about improving web service quality by making that more dynamic. Still I’m working on that and expecting to move development of other web service after finish the eID authenticating web service. Then I start to writing of the final report and the research report of the eID system. So we had a group meeting regards the final report and the research paper. Finally we came up with a appropriate outline for those reports.
We also applied for the world summit award 2009 under e-Business/ e-government category. We had the national level pre-selections at ICTA Sri Lanka on Tuesday, December 23, 2008. We did the presentation in very satisfactory way and we are waiting for the results.
[Work done from 1st December to 14th December 2008]
For last two weeks I was working with eID Web Service and Rampart module, which is the WS- Security module of the Apache AXIS2. At last I successfully integrated and configured the Rampart module with the eID web service. So now eID web service is secured with message level encryption and signing. But still I have to do some changes for the web service.
Also we had a meeting with our project supervisor Dr. Chandana Gamage, and we discussed about the progress of the project. Also we were getting ready for the”World Summit Award (WSA) ” competition and our project has already been proposed.
Also within this week Shayanthan and myself will be starting to integrate eID Web service and browser plug-in. That was a really problematic thing and still we are doing the changes to our module for make it compatible to each other. Also we are planing to finish this integration with in the next week.
We had a meeting at WSO2 today from 4.00pm to 4.30pm. This meeting was scheduled with Mr. Prabath Siriwardena, but later it was changed to be with Mr. Nandana Mihindukulasuriya (who happens to be a senior to us at [email protected]).
The purpose of this meeting was to evaluvate the security aspects of the eID web service and to get some expert advice on what we have been doing. This turned out to be more benificial to us as Nandana ayya is an Apache Rampart committer, and that is the same module that we have been using with our web service to provide WS-Security.
We also used this as an opportunity to discuss about some other security aspects of the project and also about some of the issues we had related to web services and WS-Security. We are very thankful to Nandana ayya and Prabath ayya for allocating their valuable time for us.
[Work done from 3rd November to 16th November 2008]
After moving to the new architecture of the eID system, I continue my works with the Web Service again. First of all, I start to design the class which will be useful for the Develop the web service.
The service which should provide to the cardholder by the eID web service is first verifying Reliant Parties and cardholder. Then replying with an authenticating or an identification token, according to the Reliant Parties Policy request, send to the web service and the access level of the Reliant Party.
In here first eID web browser plug-in will take the policy of the Reliant Party and the Signature for that Policy from the Reliant Party. Then that Plug-In will clarify that policy with the cardholder and using the eID card it will sign the policy and invoke the eID web service using Authentication operation in web service.
Inside the web service that will take the policy and first of all it will verify that is policy is not tampered one using the signature send by the Reliant Party and the cardholder. If the policy is verified then web service will create a token and encrypt it with RP’s public key reply back with tat encrypted token.
Here policy request of the Reliant Party is consist of Reliant Parties eIDcode and the Claims that are need for the authentication process. And Also Token send by the Web Service will be consisting of the information according to the policy sent.
I used AXIS2 and WSO2 WSAS IDE for deploy the web service. Also, I used RSA Encryption and Decryption mechanism for the secured communication. For the signing purposes I used SHA1withRSA Signature and verification mechanism.
Using those technologies I deployed web service which has Core functionalities. Then I did a demonstration to group member about the web service. Still need some secure mechanisms for web service and I’m expecting to add those functionalities with in next week.
Due to problem we had with web service developments, we meet Dr. Chandana Gamage within the week started after the vacation. Then we discussed about the current situation of the project and the problems we had regarding the eID system architecture and web service development. Finally in that meeting we figure out several problems with the architecture.
- High probability of malicious attacks to eID system
- Most of the processing are happening in the server side (high work load on server)
- Difficulty of developing a web service with that architecture
Because of that, I proposed new idea about the system architecture. Which is more user controllable and more secured. After the meeting with Dr. Chandana Gamage, we had another group meeting and discussed about problems we had and solutions provided by the new architecture. Also, abilities we have to be continued with the existing architecture.
Then again we had meeting with Dr. Chandana Gamage, regarding the latest condition of the project architecture. Finally we decided, that is better to move in to new architecture which is having more capabilities of implementing eID system.
Also in that meeting Dr. Chandana Gamage advice us to come across a mechanism, which is using read-only USB memory stick for eID card rather than USB smart card.
After that, I start to develop the eID web service according to the new architecture. Also I had read lots of articles about the AXIS2 and AXIOM data modal. Also after some discussions we decided to use “RSA” for encryption, decryption and signing.