International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075 (Online), Volume-8 Issue-10, August 2019
1253
Published By:
Blue Eyes Intelligence Engineering
and Sciences Publication (BEIESP)
© Copyright: All rights reserved.
Retrieval Number: H7024068819/19©BEIESP
DOI: 10.35940/ijitee.H7024.0881019
Journal Website: www.ijitee.org
Abstract: Software become an unavoidable in every once life.
Quality of the software is an import aspect in the software
development life cycle. Quality for a software is represented in
terms of functional and non-functional requirement. Software
architecture is used to represent the using set of components and
is connectivity as a relationship between these components. To
assure the development process meet the requirement given by the
user, the Software Evaluation is used. Early detection of error
protect the software development producing the defect software.
ATAM is the one of the method used to detect the risk, non-risk,
scenarios and tradeoff in the earlier stage of development life
cycle. Here in this paper security scenarios for mobile application
has been elicited and compared with the scenarios extracted from
the whatsapp application. Comparison shows few scenarios need
to added with existing scenarios in order to improve / ensure full
security for the metadata.
Keywords: ATAM, Software Evaluation, Whatsapp;
I. INTRODUCTION
Quality software are developed by designing quality
software architecture. Quality has been maintained by
analysing the architecture during the development process of
the software architecture[4]. The given problem statement
and requirement specification are taken as the metrics against
which the software architecture is evaluated. Very high-level
design of large software are described using software
architecture. Overall structure of the software is expressed as
abstract, structured manner in the software architecture.
Identifying the major components and the interaction
between these component is the main goal of software
architecture. Software is developed to meet the set of user
requirements. User expectations are described as functional
requirements in terms of services. The quality of these
services is specified as non-functional requirements. A
formal definition given by Sommerville [1996] states that
“Software engineering is concerned with the theories,
methods and tools for developing, managing and evolving
software products.” Requirements engineering, design,
programming, integration, delivery, and maintenance are the
six processes of software life cycle. It is very important to
perform the requirement engineering properly, otherwise the
developed software not useful for the end user even though
the code run properly. Software Requirements Specification
(SRS) document is a formal document where the
specifications for the new software product written.
Manuscript published on 30 August 2019.
*Correspondence Author(s)
Almas Begum, Assistant Professor, Research Scholar,
Vel Tech Rangarajan
Dr. Sagunthala R & D Institute of Science and Technology
Cyrilraj, Dr. M. G. R. Educational and Research Institute
© The Authors. Published by Blue Eyes Intelligence Engineering and
Sciences Publication (BEIESP). This is an open access article under the
CC-BY-NC-ND license http://creativecommons.org/licenses/by-nc-nd/4.0/
.
Design of the software system is the next step, this is
the beginning stage of the Software Architecture. Software
Architecture to be the high-level design stage and it is
software design at the highest level of abstraction.
Representation of the architecture is an important aspect.
Success of the succeeding steps in the software development
is in representing the architecture clearly. Software
architecture can be represented as various methods of
diagrammatic and descriptive. Set of components and
connectors are defined with relationships between different
components is represented as Software Architecture. In
addition, a software architectural description of a system may
have many different external agents, commonly called
“stakeholders” [Bass, L. et.al 1998, P. Clements et.al 2002,
IEEE 2000, Kruchten P. 1995], and each stakeholder may
have different expectations and requirements from the same
system. Wolf [Perry, D et.al. 1992]defines the “Software
Architecture = {Elements, Form, Rationale}, A Software
Architecture is a set of design elements that have a particular
form.” Architectural design is motivated by three arguments
[Bass.L et al 1998]. First, At very early stage of the design
process stakeholders discuss about an artefact. Second, it
allows for early assessment or analysis of quality attributes.
Finally, the decisions captured in the Software Architecture
can be transferred to other systems. Commonly used
definition for “Software Architecture is “It is a program or
computer system is the structure or structures of the system,
which comprise software components, the externally visible
properties of those components, and the relationships among
them”[Bass.L et al 1998]. [M. Shaw 1990]”. Software
Architecture is an abstraction of the runtime elements of a
software system during some phase of its operation. A system
may be composed of many levels of abstraction and many
phases of operation, each with its own software architecture”.
Is the another well-known definition of Software
Architecture. Following perspectives are covered in the early
design of Software Architecture, they are system
functionalities of the domain are decomposed, system
structures are divided into components and their interactions
are defined, and allocation of functionality to that
architecture[R. Kazman et.al 1994].Software architectural
Evaluation provides assurance to developers that given
architecture will meet the requirements in terms of both
functional quality and non-functional quality, it also assures
that understanding of architecture, detection of defects with
early architecture. Software architectural Evaluation has
some limitation commonly
Almas Begum, Cyrilraj
Architecture Evaluation of Mobile Application:
Whatsapp
Architecture Evaluation of Mobile Application: Whatsapp
1254
Published By:
Blue Eyes Intelligence Engineering
and Sciences Publication (BEIESP)
© Copyright: All rights reserved.
Retrieval Number: H7024068819/19©BEIESP
DOI: 10.35940/ijitee.H7024.0881019
Journal Website: www.ijitee.org
• To take out the important scenarios, there are no
systematic methodologies exists
• Clients requirements specification and stakeholders
are not covered fully
• During evaluation the accessibility is very poor, need
to access more related documents in same or similar
projects
View is used to organize the software architecture
description, they are analogous to different types of
blueprints made in building architecture. Set of system
components and its relationships are represented as views.
The notations, modelling techniques are specified in the
viewpoint and used in view that express the architecture in
the form of questions which collected from the set of
stakeholders. The view point also specifies the presentation,
model kinds used, conventions used and any consistency
rules to keep a view consistent with other views. Software
Architecture is a combination of components, connectors and
connections. From the smaller subparts or components
Architecture- based software are assembled into a system.
Identify the essential subparts of the system under
consideration is the very important task. After identifying the
subparts, then find out how different subparts are
communicate and is there any dependability exist?. The
following external components such as people, other
software systems, other hardware systems are having interest
in the software system, and affect the system, are called
“Stakeholders”. The view, interest on the system and
requirements of different stakeholders may differ. In order to
bring into a maximum requirement satisfaction, architect
need to balance between different stakeholders requirement.
The perspectives from different stakeholders over view of the
software architecture will differ from each, In traditional
these perspectives are called as architectural views. Same
system can be viewed in different Viewpoint from different
stakeholders, the whole description of the architecture
defined by combining these views. The following are the
objectives of the architectural representation a. Based on the
requirement designing different views, b. Represent full
architecture by combining all views. The rest of the paper
arranged as session 2 introduces the architecture of whatsapp,
session 3 explains about representation of whatsapp
architecture in terms of UML diagram and scenarios for
security. Session 4 explains about the evaluation methods and
finally comparison of scenarios
I. WHATSAPP ARCHITECTURE
Message communication over mobile phone was started with
SMS, when the communication medium reaches third
generation the message communication between mobile
phones makes use of applications like Whatsapp, Viber,
Skype, Line, Hangout etc. Among these applications
Whatsapp dominates and catch a permanent place for
messaging service. Every day number of users added as a
customers and total number of users crossed 1.5 billion.
Apart from messaging whatsapp gives voice calling, video
calling, group chatting with maximum of 100 members in a
group. Whatsapp makes use of the contacts to communicate
with others with the permission of user. Also makes use of
camera to take photos, gallery store data such as images and
videos.
Fig 1: XMPP Server
XMPP server (XMPP-Extensible Messaging and Presence
Protocol) server used by the Whatsapp. To transfer message
between the open source Ejabberd has been used, it transfer
messgaes between two or more user at any point of time[3].
Whatsapp make use of both HTTP and XMPP for the
communication. XMPP used during asynchronous federated
limited purpose communication whereas HTTP used
synchronous unfedered general purpose communication.
XMPP vs HTTP
Fig 2: Comparison between XMPP vs HTTP
II. UML REPRESENTATION OF WHATSAPP
ARCHITECTURE
Components of the whatsapp and communications between
them can be represented using following UML diagrams[5].
Use Case representations:
Fig 3: Use Case diagram for Whatsapp Messaging
Fig 4: Use Case diagram for Whatsapp Profile/Status
Whatsapp
Ejabberd
XMP
P
XMPP
Client
XMPP
Server
XMPP
Server
XMPP
Client
HTTP
Client
HTTP
Server
HTTP
Server
HTTP
Client
International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075 (Online), Volume-8 Issue-10, August 2019
1255
Published By:
Blue Eyes Intelligence Engineering
and Sciences Publication (BEIESP)
© Copyright: All rights reserved.
Retrieval Number: H7024068819/19©BEIESP
DOI: 10.35940/ijitee.H7024.0881019
Journal Website: www.ijitee.org
Fig 5: Use Case diagram for Whatsapp Call
Fig 6: Class Diagram for whatsapp
Fig 7: Sequence Diagram for whatsapp
III. ARCHITECTURE OF WHATSAPP
SECURITY
A long term key stored in the device memory, A shared
key generated using this long term key and used to make a
secured communication between another user[1]. A
permanent communication channel was established between
two user and this channel remains until reinstalled or device
changed[2]. Man in the middle attack will be reduced with
signal protocol because it uses Diffie–Hellman (D-H) key
exchange method in each key generation on Off-the-recorded
(OTR) based mechanism and ensures that no MITM attack is
possible on any of the subsequently generated keys. There is
a security concern when storing the data in the user device, it
is not encrypted which will leads a lack in the security.
Whatsapp makes use of the cloud server to backup, also
makes use of google, amazon iCloud. There is no guaranty
that these servers stores the data with encryption which may
leads to data leaks. When the device theft, there no security
for the past communicated data. Meta data is the another
concern in terms of security. WhatsApp creates the
end-to-end encryption to establish the communication
channel between users. When the meta data of the user
encrypted during transmitted through the communication
channel. Company terms allows to exchange the user data
between two user when a communication channel
established. Entire contact list will be share to other app with
the permission of user. The following scenarios for
security has been extracted for whatsapp mobile application
IV. SECURITY SCENARIOS
S1: Authenticate the user with mobile number and otp
S2: Encrypt the data such as transit, phone numbers,
timestamps, connection
duration, connection frequency and user location must be
stored to servers for future
retrievals
S3: Ensures that the message sender or receiver cannot be
irrefutably
S4: Communication channel between users using end-to-end
encryption
S5: Allow to share entire contact list with the app
S6: Swapped the following information between the two
parties: time of delivery, mobile
phone numbers involved in the messages, size of any digital
content
Table 1. Comparison with Elicited Scenarios with Existing
Whatsapp Scenarios: Security[6][7]
Concern
Proposed
Extracted
Whatsapp
Status
Authentication &
Authorization
Must be provided
in order to avoid
leakage of
sensitive data.
S1
Available
Configuration
Once restoration is
done, design
should be able to
reset the
configuration
S2
Available
Validation
Design must
provide validation
to reduce bugs
caused by invalid
data, refuse access
to malicious
attacks- not
filtering invalid
characters
S3
Available
Synchronization
Over-the-air
methods has to be
considered to
synchronize data
Need to
include
Memory Limitations
Binary format can
be used to
configure files
when memory is
limited. Binary
representation can
also be used to
store objects.
Need to
include
Location
Authorized Data
access must be
enabled when
sensitive data is
accessed from a
different location.
S2
Architecture Evaluation of Mobile Application: Whatsapp
1256
Published By:
Blue Eyes Intelligence Engineering
and Sciences Publication (BEIESP)
© Copyright: All rights reserved.
Retrieval Number: H7024068819/19©BEIESP
DOI: 10.35940/ijitee.H7024.0881019
Journal Website: www.ijitee.org
OS
Avoid invalid
access to any
service that can be
vulnerable to
sensitive data
S1
Communication
Declining to
defend sensitive
data, failing to
resolve
untrustworthy
scenarios
S1
Layer
Components must
be grouped
properly in
appropriate layers.
Need to
include
Data access
Proper data access
mechanisms have
to be implemented.
Care must be taken
when accessing
large data sets are
accessed. Avoid
unnecessary
access to open
database with long
time waiting.
S2
Device
Device
considerations
have to be
considered for
aspects such as
memory, storage
space, network
bandwidth, size of
the screen at the
time of design.
Need to
include
From the above table the security concern for the
Synchronization, Memory Limitations and Layer need to
include. Further to improve the efficiency of the usage of app,
the following facilities can be included. An option of
selectively adding contacts to the WhatsApp list. There must
be some condition that can stop its parent company using
information gathered through the whatsapp. Need to add
security for the metadata in case of device theft.
V. CONCLUSION
Software architecture is a representation of components and
connectivity between these components. In this paper ATAM
evaluation to extract the scenarios for mobile application has
been used to compare with the security scenarios for the
whatsapp mobile application. The results shows the scenario
for the Synchronization, Memory Limitations and Layer need
to include in order to make sure the full security for the
application.
REFERENCES
1. Nidhi Rastogi and James Hendler, “WhatsApp security and role of
metadata in preserving privacy”
2. “WhatsApp Encryption Overview” Technical white paper
3. Umesh Gupta, “An Overview on the Architecture of Whatsapp”,
International Journal of Computer Science & Engineering Technology
(IJCSET), Vol. 7 No. 07 Jul 2016, pp 335-337
4. Ronan Fitzpatrick, “Software Quality: Definitions and Strategic
Issues”, Staffordshire University, School of Computing Report, April
1996.
5. Almas Begum and V. Cyrilraj, “Architectural Analysis for Improving
Security using LBS with ATAM” IJAER, ISSN 0973-4562 Volume
10, Number 8 (2015) pp. 19967-19975.
6. Rich Hilliard, “Using the UML for Architectural Description” Lecture
Notes in Computer Science, volume 1723, Springer
7. ios security guide –
“https://www.apple.com/business/docs/iOS_Security_Guide.pdf”
8. https://msdn.microsoft.com/en-in/library/ee658108.aspx
AUTHORS PROFILE
Almas Begum, M.E., CSE, currently working as an
Assistant Professor in Vel Tech Rangarajan Dr.
Sagunthala R&D Institute of Science and Technology.
She is also pursuing her research at Dr MGR
Educational and Research Institute
V Cyrilraj Ph.D currently working as Professor of
Computer Science and Engineering, ,Dr MGR
Educational and Research Institute
