2. information exchange. The change to JSON format decreases
the data size by 40%, shortened transmission time and reduces
system resource consumption. The authors conclude that
JSON is more efficient to use than XML because JSON is a
lightweight architecture.
Paper entitled ‘Comparison of JSON and XML Data
Interchange Formats: A Case Study’ [5], study the
comparison between the XML and JSON. Based from the
experiment conducted in the paper, they concluded that JSON
is faster and uses a few resources compare to XML.
III. CASE STUDY
A. Background
MIMOS had developed an authentication platform;
Unified Authentication Platform (Mi-UAP) [1]. Mi-UAP is
designed to manage front-end application authentication using
an established protocol; Secure Assertion Markup Language
(SAML). It is also capable of Single-Sign-On where the user
only needs to login once and access multiple application that
integrated with Mi-UAP.
Mi-UAP consists of 4 major components; UAP Gateway,
UAP Server, Web Application Server and Trust Engine [12].
Fig. 1 below illustrates Mi-UAP system architecture.
Fig. 1. Mi-UAP System architecture
In Mi-UAP, when user wants to login, it allows the user to
choose any authentication method that the user preferred. The
example of the authentication method that user can choose is
password, Mi-TCK, Mi-2DBC and MyDigital ID. Mi-UAP
then checks the user credential before sending the information
to the Trust Engine component. The Trust Engine component
then checks is the credential that the user provides is enough
for the required trust level for the application or not. Once it is
enough, the user will be directed to the application.
Trust Engine act as a backend component to support
adaptive authentication in Mi-UAP. In this component, it
analyzes the user login information, for example, time,
location, fingerprint and browser that user use when they login
to Mi-UAP. It then performs the calculation base from the user
login information. In the end, it decides whether the user is
allowed to access the application or require to provide another
authentication method before the user can access the
application.
We deployed Mi-UAP, including Trust Engine, to the
internal organization during the Proof of Concept (POC). The
purpose of having the POC deployment is to have a full load
of performance evaluation from the entire MIMOS
organization. In our current practice, once the POC
deployment success, we deploy the system to the production
environment. We are expecting the number of uses for the
system increase; therefore, POC deployment success is crucial
for us. We are focussing on the performance evaluation of the
system during the POC period.
B. Finding from POC system deployment
During the POC period, we monitored the smoothness of
the system, efficiency and system performance. Based on our
investigation, we find out that there is an issue on the system
architecture and design, including the database design and
system performance.
In Mi-UAP, each time when the user wants to login to the
system, it called Trust Engine component to evaluate the user
login information. Trust Engine checks the time, browser
operating system, location, browser fingerprint and
application that user is accessing during the login.
In the current system design, Trust Engine analysed last 30
records for the particular user login information and compared
with user current login information. All the information also
needs to be compared against the current configuration that is
stored in five difference tables.
After performs calculation based on the information given,
the component decides to allow the user to login to the system
or provides another authentication. The system then inserts the
new login information to the database. The system also needs
to updates the last 30 records of user login information.
Based on our finding, the POC system design requires the
component to have multiple connections to the database. It
requires the component to access to six tables to get the
configuration and three tables to get the user data. With the
number of tables uses in the component, during the POC
period, the component made 60% of the connection to the
database compare the other components in Mi-UAP.
The database design also requires the system to connect
and get data from three different tables for one particular user
at each time when the system needs to perform the calculation
process. Once it complete, the component also requires the
user to update to one of the user tables to include the update
current user login information in three different tables. With
the connection to many tables for the system, it took time for
the component process to be complete.
The figure below shows the Trust Engine process and the
connection to the database for Trust Engine component.
Receive user current login
information
Get last 30 records and
configuration use
Analysis user data
Decision on user login
Update user login information
End
User and
configuration record
Configuration record
User record
User record
Start
Fig. 2. Trust Engine process flow
3. We conducted a performance evaluation of the current
database during POC period. Currently, there are 1674349
records for the entire user. In this activity, we select a random
user to evaluate Trust Engine process. There are two processes
involved in Trust Engine.
Process A is to select the latest 30 logins information from
the database. It then inserts the current user login information
to the database. Besides that, process A also selects the
configuration and IP address information in the analysis
process.
Process B is to update the latest user login behaviour. This
process involves SQL operation such as insert, update or
delete operation to the database for the last 30 records of user
login information.
When we conduct the performance evaluation, we select
ten users for the sample data. Each of the users has a different
total number of records in the database. We execute the
process ten times for each of the users and calculate the
average time taken for each of the processes. Table I illustrates
the performance evaluation information.
TABLE I. TRUST ENGINE PROCESS TIME
User
No. of
records
Process A
(second)
Process B
(second)
Total
(second)
User A 3 47.886 47.666 95.552
User B 17 35.482 35.336 70.818
User C 28 44.459 44.215 88.674
User D 63 29.602 29.466 59.068
User E 154 29.460 29.403 58.863
User F 436 28.908 28.775 57.683
User G 533 36.961 33.344 70.305
User H 732 32.284 32.226 64.510
User I 1058 30.430 33.507 63.937
User J 2642 34.611 40.322 74.933
Average 70.4343
Table I show the result for the Trust Engine process time
during the POC period. The average time for all the users is
70.4343 seconds. Based on the result obtained, the
performance of the Trust Engine are not encouraging.
We have decided to change the system architecture and
design for the Trust Engine process flow, including the
database design to address the problem.
IV. IMPROVEMENT
We had made changes to the Trust Engine component to
improve the performance. The list of changes are:
A. Remove all configuration tables to the configuration file.
In the new system architecture and design, we put all the
configuration data into the configuration file and implement a
Singleton concept. Singleton[2] is a method where it only has
one instance, and it provides a global point accessing into it.
It means that when the first time the program is executed, it
gets all the configuration and put it in the public class. When
the user calls the program again, it uses the same object
without having to initialize it again.
B. Combine user information into one user table and limit
the number of records.
In the new Trust Engine system architecture and design,
we combine all the information in one table. Besides that, we
also limit the number of login information to be stored in the
database to 30 records. Since the system only analyses the last
30 logins information, we decide to keep the last 30 records
for the user login information.
C. Change the process flow and system architecture and
design for Trust Engine component
In the new process, the system select user record from the
database and the variable use for the program from the
configuration file. It then constructs all the login information
that the system received in JSON format and evaluates the
data. The system then decides either user is allowed to login
or needs to provide another authentication method. Once the
process complete, system reconstruct back the JSON data to
include the latest user login information and insert the new
record to the database.
The analysis and evaluation process does not involve any
connection to the database. All the process is being executed
in the memory of Trust Engine server. The new process is
highlighted in the new step in Fig. 3.
Start
Receive user current login
information
Get configuration use
Get user data
Analyze, evaluate and
construct user record
Delete and insert user data
End
User record
Configuration file
Fig. 3. New process flow for Trust Engine
D. Change the data type for the information stored in the
database.
We also change the data type to JSON. JSON [3] or also
known as JavaScript Object Notation is a text-based,
language-independent data interchange format for the
serialization of data. In this approach, each of the users only
has one record in the database. In one record, we have the
latest last 30 login information. The example in Fig. 3 shows
how we store the information for the particular user in JSON
format.