You are on page 1of 34

Final Year Project Final Report

Author:
Name: Xie Fan
UID: 3035021546
Date: 19th April 2015

Project Number:
FYP-14014
Project Title:
Anonymous, Public-accumulated Crime Investigation System
Project Members:
Xie Fan, Yang Dong
Project Supervisor:
Dr. T.W. Chim

Contents
Introduction ............................................................................................................................................. 4
Project Objectives & Requirements .................................................................................................... 4
Project Background and Literature Review ............................................................................................ 5
Basic Concepts .................................................................................................................................... 5
Crime............................................................................................................................................... 5
Crime Investigation and Material ................................................................................................... 5
Crime Reporting.............................................................................................................................. 6
Available Crime Reporting System in HK ......................................................................................... 7
Attributes ............................................................................................................................................ 9
Public-accumulation ....................................................................................................................... 9
Accountability ................................................................................................................................. 9
Anonymity .................................................................................................................................... 11
Review Available HK Crime reporting system ............................................................................ 12
Project Methodology ............................................................................................................................. 14
Use Cases .......................................................................................................................................... 14
Activation use case 1 ..................................................................................................................... 16
Activation Process ........................................................................................................................ 16
Phase 1 - Unique Identifier Review .............................................................................................. 17
Phase 2 - Blind signature .............................................................................................................. 19
Phase 3 Get Post Credential ....................................................................................................... 21
Anonymity in Activation................................................................................................................ 22
Post Crime Report ............................................................................................................................. 23
Post Crime Report Flow................................................................................................................ 23
Credential Sharing and Backup ........................................................................................................ 26
Credential Deactivation .................................................................................................................... 27
Discussion ......................................................................................................................................... 28
Anonymity vs. Accountability ...................................................................................................... 28
2

Public-accumulation ..................................................................................................................... 28
Other Security Method .................................................................................................................. 28
Conclusion ............................................................................................................................................ 29
Future Works ........................................................................................................................................ 30
Appendix 1 Database structure ............................................................................................................. 31
Website as Designed Form ............................................................................................................... 31
Database structure: ............................................................................................................................ 32
Tables: ........................................................................................................................................... 32
Appendix 2 References ......................................................................................................................... 34

FYP Anonymous Public Accumulated


Crime Investigation System
Introduction

Project Objectives & Requirements


The defective crime reporting systems available in HK inspired this project. The
Goal of our project is to implement such a system, which is expected to be:
-

Open to a group as large as all HK citizens

Achieving anonymity

Protected by blacklisting function from misuse of the system

So as to fully gather material to facilitate crime investigation

That is, to implement a public-accumulated anonymous crime reporting system


facilitated with security method to fully gather material of crime investigation.

Project Background and Literature Review


Detail description of the project background.

Basic Concepts
Some basic concepts about the project background

Crime
Crime denotes an unlawful act punishable in a state. Crimes in Hong Kong are
defined in Hong Kong Crime Ordinance, which are categorized as different types: Violent
Crimes, Theft, Fraud, e-crimes etc [1].

Crime Investigation and Material

Crime Investigation denotes a rigorous search for material to bring an offender to


justice. Briefly speaking, apart from other investigation processes including legal processes,
which is irrelevant to this project, crime investigation is all about gathering material.

Material is defined as any information and object which is obtained in the course of a
criminal investigation and which may be relevant to the investigation [2]. The source of
Material includes crime scenes, victims, passive data generator (e.g. phone record, bank
account record), suspects and witnesses.

The police take actions to gather material: interviewing the victims and witnesses;
interrogating the suspect; investigating the crime scene and generating passive data. On the
other side, a potential witness who is not identified as a witness by the police yet, can make
contribution to crime investigation by contacting the police and provide material.

Crime Reporting

In this project, Crime Reporting denotes that an information provider volunteer to


provide material to the police, distinguished from crime reporting in the area of journalism
and crime statistics like Uniform Crime Reports (UCR). The information provider refers to a
third party or an individual, who may hold a piece of information about a crime as a victim,
witness or a person in the know. Crime reporting can be made by visiting the police station,
contacting the police by telephone, letter, E-mail or any other communications. The police
will then review the report and decide whether to file it, then the case is set, more police
resource is paid.
This project aims to gather intangible material for crime investigation (e.g. images,
pieces of descriptions etc.) by means of submitting forms through the internet.

Available Crime Reporting System in HK


This section only describes the facts; the analysis is to be made in the next section

The HK Police Force is now using 2 sorts of approaches to collect material for crime
investigation purpose (i.e. 2 crime reporting approaches):

(1) Report by Telephone / SMS / Fax / Police Stations

As the most common approaches of crime reporting, these approaches are open to all
Hong Kong citizens. The identity of information provider is often traceable: when he (i.e. the
7

information provider) reports by telephone, his telephone number and voice are recorded;
when reporting by SMS, his mobile phone number is recorded; when reporting by Fax, his
Fax number is recorded; when reporting by police station, his identity is definitely revealed to
the police. These approaches perform well and efficient in most cases, especially the
emergency crimes. [3]

(2) Report on e-Report Room

Every Hong Kong citizen with an HKID can report a crime and provide information
by filling in Online Report Forms on the HK police force website. There are different forms
for different types of crimes (e.g. Report Cyber Crime Form, Report Theft Form etc.).
However, all these Online Report Forms require the information provider to fill in his contact
number and personal information including name, ID, address etc). Only when a HK citizen
fills a valid contact number and personal information in a report form, the form will become a
valid submission. The police will contact the citizen by calling the contact number afterwards.
Then the police should decide whether to file the report and submit it for investigation. [3]

Crime reporting can also be carried on through a third party, Crimestoppers is a


representative example:
(3) Anonymous Crime Reporting of Crimestoppers

Crimestoppers is a company limited registered in England, which acts as a third party


through the process of crime reporting. One of its functionalities is to allow people to report a
crime anonymously by filling an online form. The functionality is available to anyone who
browses this page; no login is required throughout the process; and no personal information is
required filling the form. [4]

Attributes
Background of the attributes related to a crime reporting system

Public-accumulation

In this project, a system is public-accumulated means the door of crime reporting


should be open to the public (i.e. all Hong Kong citizens). In other words means the system is
accessible to the public. Public-accumulation is a necessary requirement for a crime reporting
system to fully generate crime investigation material.

In Hong Kong, about 80 thousand crimes are committed and recorded each year,
among which over 10 thousand are violent crimes. Only about 40 per cent of the crimes can
be uncovered. A main reason is the inadequacy of material. The material gathered from the
witnesses plays an important role, sometimes vital role in crime investigation. However,
witnesses may not be traceable, which leads to the inadequacy of material. [3]
To fully gather material for crime investigation, the police need to gather material
from a larger group. That is, to identify a potential witness from a large group. Traditionally,
to identify a potential witness the police may use house-to-house inquiries to find the witness,
which is quite inefficient and source-consuming. What is worse, house-to-house enquiry can
hardly cover a group large enough to cover all potential witnesses. Optimally, the police
desire generating information from a group as large as all Hong Kong citizens, which is the
largest set considered in this project and should be large enough to cover all potential
witnesses.
Considering the current crime reporting system in HK, both sorts of approaches (i.e.
report by telephone/SMS/Fax and report by e-Report Room) are accessible to all HK citizens.
Hence, both sorts of approaches are public-accumulated. Crimestoppers is accessible to
people around the world, including all HK citizens. Hence, it is also public-accumulated.

Accountability

Traditionally, accountability means the obligation of an individual or organization to


account for its activities, accept responsibility for them, and to disclose the results in a
transparent manner [4]. In many systems, accountability is often achieved by warning or
punishing the individual. For example, a driver will be charged or accused for drunk driving;
a government official will be investigated, reported to public or even fired for corruption.
In this project, we define accountability as the obligation of a user of a crime
reporting system to follow some rules and be responsible for his activities. Users should
account for their bad behaviors or misuse with the requirement of accountability.
Making a false report is one of the most common bad behaviors when using a crime
reporting system. A crime reporting system, without components of accountability, can be
easily flooded by false reports, especially if the system is public-accumulated. As HK police
force states clearly on its website making a false report and wasting police time both incur
criminal penalties. If an HK citizen misuses the system by making a false report, HK police
reserve rights to take civil action against him.
Say a citizen C report a crime using the current HK Crime Reporting System. Using
the first type of approaches (i.e. telephone/SMS/Fax); the real identity of C can be checked
by the police through the reporting step. C is always traceable. Hence C is held the
accountability by the system. Using the second type of approaches (i.e. e-Report room); he is
traceable if he provides his real contact. If he uses fake personal information and contact, his
false crime report will not pass the report review and signed by the police and will not waste
any investigation resourceonly the crime report filed by the police will be investigated and
consume police resource. Hence, the current HK crime reporting system achieves
accountability.
The anonymous crime reporting form requires no personal information, that is, the
identity of an information provider will not be revealed in the report. Assume the information
provider hide his IP when using the formIP address will be discussed in Anonymous part.
Then he is not traceable. There is no way the Crimestoppers can punish him for misusing the
system and stop him from misusing the system again. Therefore the anonymous crime
reporting system of Crimestoppers cannot achieve accountability. Many bad results occur
when accountability cannot be achieved: if a person with dishonest purpose, report a false
crime, which is then forwarded to the police through the system, who should be account for
the waste of police resource-- probably the third party running the system. If that person
10

commits false crime reporting over and over, more police time is wasted and the trust of the
police corrupts. The system is then destroyed. A possible solution to the reply attack is to
Blacklisting misbehaved users and restricting their access to the system.

Anonymity

Anonymity means an acting person cannot be identified. There are different levels of
anonymity under different circumstances. For example full anonymity, partial anonymity and
conditional anonymity.
In a crime reporting system, the identity of the information provider can sometimes
be vital. That is to say, he may even risk his life if he is identified. In that case, he will not
choose to report unless the system will not reveal his identity on any circumstances. We
define that anonymity is achieved in our crime reporting system if whenever a citizen C
submit a Crime Report R, no one cannot find out that C is the one who submit the crime
report R, where no one includes either be the police or a third party target place of submission.
Reason for Anonymity

There is no legal obligation for a witness or a victim to contact the police. He would
rather keep quite instead of reporting to the police. A research in 2000 shows the
victimization reporting rate of Hong Kong [5]. Only about 30 percent of crimes are reported
to the police, among which 8 percent failed to report for fear of reprisal. A witness may
choose to keep quiet and do nothing for similar reasons -- he is afraid to be identified and
retaliated by the criminal; he does not want to reveal their personal information and risk
privacy invasion; he is worried about staying sage from the government; he is scared to come
forward as a witness; he knows some trivial things about the crime which may not be useful
and afraid to account for wasting police time... In these cases, the information provider does
not want any information that could reveal his own identities to be known by others,
including the police. Instead, he would like to provide information anonymously.
Anonymity online

To ensure anonymity, a user must be careful not to include any information revealing
his identity when generating a crime report.

11

When using the internet, every time a user visits a website, it will log his IP address,
which can reveal his identity. IP address can be hidden by forwarding and routing. There are
thousands of proxies available now and they are changing every day. On the client side, a net
user can hide his IP by using a proxy. We suggest our user to make use of available proxy to
hide their IP when using our system. Therefore, we assume that for all users making use of a
crime reporting system through the internet their IP addresses are already hidden.

Anonymity of Crime Report System

We have defined that anonymity is achieved in a crime reporting system if whenever


a citizen submit a Crime Report R, no one cannot find out that is the one who submit the
crime report R. That is, the anonymity can also be achieved if the system does not know
anything about the citizen; or the system does not know anything about the report R; or the
system cannot find a mapping from a particular report to a particular person.

Review HK available system

The two types of approaches of HK Police Force crime reporting system available
system are in common that all reports will not be filed, which means the report is not helping
investigation, unless the identity of the information provider is identified and acknowledged
by the police. Either type of these approaches is able to achieve anonymity.
The Crimestoppers, however, cannot trace any information provider unless the
information provider volunteers to provide. Therefore, Crime stoppers ensure anonymity by
knowing nothing about the information provider.

Review Available HK Crime reporting system

The crime reporting system of HK Police Force, including Reporting a crime by


Telephone / SMS / Fax / Police Stations and reporting on e-Report Room of achieves public-

12

accumulation, accountability but not anonymity. Therefore, the system is not an optional for
information providers who only report anonymously.
Anonymous crime reporting of Crimestoppers achieves public-accumulation and
anonymity, but not accountability. Therefore, the system may suffer from false crime
reporting.
The defective crime reporting systems available in HK inspired this project. Such a
system is desired:
-

Open to a group as large as all HK citizens

Being an optional for anonymous information providers

Protected by accountability or blacklisting from persons with dishonest


intent

So as to fully gather material to facilitate crime investigation

Therefore, a public-accumulated anonymous crime reporting system, facilitated with


security is desired to fully gather material of crime investigation.

13

Project Methodology
Elaboration implemented & discussion on the theory

The project is implemented using


Programming language PHP and JavaScript,
Database: MYSQL
Developing environment: XAMPP
Use Cases
The system is designed to provide services to two kinds of users: Users and Super Users.
For a user making use of this system, he must use a Device, including a computer or a smart
phone, and visit the website to access the system.
Users:
Every information provider is called a user.
(1) Activation:
All users must pass an Activation process before making use of this system and
gain a post credential which stores in his device
(2) Post crime report:
All users who will then be able to post new crime report with a device activated
by a valid post credential
(3) Deactivation:
Users can use Deactivation to deactivate his device
(4) Key sharing
All activated user can share a post credential with another device or backup his
credential in the database
Super Users:
Super users are users with additional privilege in this system; normally super users
should be trusted identities, for example, identified police officers.
Additional privilege:
(5) View crime report posted

14

A super user can view the containing information of a crime reported, but not making
any modification to the crime report. This use case enables some police officers, who
are activated as a super user, can read the crime report to gather material.
(6) Ban a Post Credential
A super user can ban a post credential in relation to a posted crime report, if the user
of the post credential misbehaved in this report, for example, he posted meaningless
information like advertisement or made a false report.
Use Case Diagram:

15

Activation use case 1


A necessary step to use the system for the first time

When a user uses his device D to browse the website of this page for the first time, he
is required to activate that device D so as to use other functionalities of the system, in
particular, posting a crime report. There are 3 phases in this use case.
Activation Process
There are 3 phases in this use case: unique identifier review; blind signature; get post
credential

Process description:
(1) Phase 1 unique identifier review (SMS verification ):
A user first sends a unique identifier to the server. The server then does unique
identifier review. On success, the server then stores the unique identifier in the
database of our server, and immediately invoke phase 2.
(2) Phase 2 blind signature
The user then manually input a piece of message M. Using blind signature, the sever
will sign M with its private key d, and return the signed message to the user, without
knowing the value of M, phase2 and phase 1 are continuous and sequential
processes;
(3) Phase 3 get post credential
After getting the signed message in phase 2, a user can later send the message M and
signed message to the server, if the message pair is acknowledged, the server will
issue a new post credential to the users device. Then the server will validate the post
credential and store M in the database. Phase 3 is not continuous with phase 2.

16

Phase 1 - Unique Identifier Review


Input: a unique identifier; on success: invoke phase 2

Unique identifier should be a piece of information related to the identity of the user.
Each identifier should be unique. And a real person should hold 1 or no more than several
identifiers. Optimally, real identities -> unique identifiers should be a permutation.
A user is required to send his unique identifiers t passes the review of the identifier.
The review is done by checking whether the identifier is used before, whether the identifier
belongs to a person and whether the person is the one using the identifier now. The identifier
will then be stored in the database, in case of being reused.
Purpose of using unique identifier

The purpose of inducing the unique identifier to Activation is


(1) To ensure a real person, instead of a machine or a program is activating a device;
It can usually been achieved because program can hardly generate a valid
identifier, which is unique and can pass an identifier review. Whats more, a
program cannot pass this step if human actions are required.
(2) To ensure each person who already completed Activation once and activate a
device, cannot commit Activation with his identifier again. This is always true as
his identifier is recorded by our system.

Choice for unique identifier

There are plenty of choices for what kind of identifier should be used in this system
and how our system does identifier review.
For example, taking email address as a unique identifier and sending confirmation
email as identifier review is one of the most common approaches adopted in many systems.
However, a person can have multiple email address and the cost of email address is not high,
making email address a relatively weak identifier. In addition, programs can automatically
send confirmation emails. If not protect from this attack by some means requiring human
actions, e-mail address cannot be a good identifier.
A better choice is to use cell phone number as the identifier and SMS verification as
identifier review. A person usually has number of cell phones, and SMS verification can only

17

be finished with human action. Therefore, phone number and SMS verification can be a
strong unique identifier and unique review pair.
Unique identifier review with SMS verification:

18

Phase 2 - Blind signature


Input: mutual input message M
Output: Message S signed by the server

After successfully pass phase 1, a user will be led to the functionality of blind
signature. Briefly speaking, blind signature step signs a message for the user without
knowing the content of the message. The user can later activate his device by getting a post
credential with the signature of the system.
Post credential is clearly defined and elaborated in the Post Crime Report use case.
Basic theory of blind signature
Blind signature is a form of cryptographic techniques to sign such that a message is
blinded before being sent for signature. Anonymity can be achieved by blind signature. RSA
is a widely used reversible public key system.
Blind signature in the System
Our system uses blind signature scheme along with RSA cryptosystem.

The user first generates a message M; and then take M as input, calculate M, which is
blinded by random variable R and encrypted with public key (e, p), the calculation process is
expected to calculate locally; on arrival of the blinded message M, the server signs the
19

message with its private key (d, p); and send the signed message S back to the user; the user
then solves Md by calculating the multiplicative inverse, and the user finally get S which is
signed by the server.
Security of Blind Signature with RSA
Anonymity can be achieved by blind signature, given that the blind signature and
RSA are safe. The security of RSA lies on factorization. Using 1024-bit or higher RSA can
avoid the danger of being broken by factorization. A potential threat of RSA is timing attack,
which by pass the cryptography and find key by running time of decryption. However, the
blind signature scheme can protect RSA from time attack, with the exact decryption time
unknown the users or attackers. Blind signature with RSA is a trustworthy anonymous
cryptosystem for the Activation.
This project is currently using simplified version of RSA up to 32 bits, which is not
secure. A piece of future work is to induce extended libraries to support large bit RSA.

20

Phase 3 Get Post Credential


Input: Message M and S
On success: issue random generated valid post credential (its value is not related to the value of M)

The user can send request to the server to finish activation along with the (M, S) pair
later. Later can be a period of time long enough to make the two steps separated. If S= Md
mod p, the server knows that the user has passed unique identifier review and blind signature,
his request is acknowledged. The server will randomly generate a unique post credential and
issue the credential to the device and validate the Credential in the database of the server. M
is also stored into the database in case that a user uses a same message pair to get multiple
post credentials.

Get post credential flowchart

21

Anonymity in Activation
Related variables: unique identifier; manual input M; random number R as blinding factor; blinded
message M; signed blinded message S; signed message S; post credential

The purpose of inducing blind signature in the system is to sign a user in an


anonymous manner. Recall the flowchart of the blind signature, the user knows the values of
every variables expect the private key Prv (d, q), which the user hopes to be signed with.
Given that all calculations of M, S are performed on the user side, the server has no
knowledge on the values of the variables unless being sent to, apart from private and public
key.
Through the whole activation process, the server knows the personal identifier, a pair
of blinded message M and signed message S, the (M, S) pair and the post credential. The
steps of personal identifier and blind signature are continuous and sequential, which means
there is mapping from (M, S) to a personal identifier. Distributing post credential with (M, S)
acknowledged and knowing (M, S) through blind signature are separate process.
Therefore, the server cannot find out the mapping from (M, S) pair to (M, S) pair without
knowing the random variable R. Hence, through the process of activation, there is no
mapping from a post credential to a unique identifier.

22

Post Crime Report


Apart from trivial functions like formatting a crime report, inserting report into
database, the key task of post crime report is to check and manage the Validness of a device,
which is represented by post credential.
Post Crime Report Flow

The first task of post crime report use case is to check the validness of a device by its
post credential. The detail of checking a post credential will be described in the post
credential section.

23

If the device is not valid, the user cannot post a crime report through the device; he
can activate his device by activation or key sharing.
If the device is valid, the user can fill the report form. Passing format check and
captcha authentication, the report form is accepted and posted on the website, which can only
be viewed by the user himself or super users.
Post Credential
Attributes of Post Credential
A post credential is a license stored and reviewed in the local disk of a device,
carrying a unique random key. In the database of our server, a table using_keys is created
to hold the key value and the status of a post credential. Each credential has a key value of
type varchar (32) and an attribute of status.

Recall the table post_key_archieve in the database. Each PID the primary id of a
crime post mapped to two key values, used_key and next_key. On creation of every crime
report, the current key value of the post credential stored as used_key, and a new key value
will be issued to a post credential and save in the table as next_key. The system will update
the next_key value of all the crime report posted with the same post credential. That is, every
time a user successfully posts a crime report, the next_key value of all the reports he posted
will be updated as the newest key value. It is designed for searching convenience.

There are 4 corresponding values of status Valid, Banned, Used and


SuperUser. A Valid post credential means the user can post 1 crime report with the
credential; Banned means the credential is forbidden to post crime reports with the
credential; Used means the key is already used to post another report and need to be
updated; SuperUser means the credential is a superuser key.

24

By the design above, there is a mapping between post credentials and crime reports. A
post credential can be translated as a ticket to post 1 crime report.
Functions of Post Credential
This section describes the function of post credentials.
(1) Issuing a post credential
Issuing a post credential is the last step of activation. Issuing a post credential means
that the server sends client the credential, and then stores the credential in the local
disk of the client.
(2) Checking validity
Recall the flow chart of post crime report; the first several steps are checking the
validity of a credential. Validity is done by a user browsing create new report page,
and sends his credential to the server for validation. Validity checking is to be
implemented by checking the status of the current status of the post credential. Only
users with Valid or Superuser post credential can pass the validation, and then the
client is allowed to post a new crime report. Then the report is sent to the server
together with the key and the server stores them in the database.
(3) Banning a user
Banning a user always starts from the misbehavior of a user using his credential to
make meaningless or false report. By reviewing the content of the crime report, a
Superuser decides whether to ban this user. By searching the post_key_archieve
table and using_keys table, a superuser can find out the post credential which
generates the meaningless or false report. Banning is conducted by setting the status
of a post credential to be Banned.
The purpose of using Post Credential
The purpose of using post credential is to protect the system from users with dishonest
intent. Dishonest users are distinguished from attackers or hackers, who make use of
telecommunications to do harm to a system. In this project, dishonest users refers to the users
who are acknowledged by the system, make use of the defects of a system to commit bad
behavior with dishonest intent.

25

A system deals with dishonest users either by adjusting accountability or adjusting


blacklisting. The use of post credential builds a mapping between post credentials and crime
reports. Post credential is protecting the system by the function of banning a misbehaved user.
By banning a credential, the system blacklists a user.

Safety of Post Credential:


Complexity:
The key of post credential is now defined as 32 bits varchar type. Each character is
randomly generated from digits and characters, which is case sensitive, making a large
amount of possible combinations. It already makes that exhaustive key attack is already very
expensive. What is more, linearly allocating more bits to the key expands its number of
combinations exponentially. The post credential itself can be considered to be safe.
Safety as a local storage:
Post credential is kept in the side of user by storing in the local disk as a local file.
Local files may be removed, stolen or modified by some means. When such incidents happen,
our system will not suffer a lot normally. Because a modified credential will not be
acknowledge by the system. A credential will be banned by the system if it commits
misbehavior. After being banned by the system, the credential, along with all copies of it, will
not be valid. However, a user may suffer losing a credential. He may never be able to use the
system again, since he cannot activate again.we provide a backup system of credential for
the users, which can be helpful for such situation.

Credential Sharing and Backup


This use case allows a user to either share his credential with another machine or store a copy
of the credential in the server and supported with a unique random retrieve code defined as string. The
user can, then, either retrieve or save the post credential with the unique code.
Two actions can be taken in this use case: Remote saving and remote retrieving. The

remote saving process is done by sending the post credential to the server and gets the
retrieve code. The remote retrieving is the reversed process of remote saving. Backup can be
done by remote saving a credential in the server and retrieving with the device if necessary.
Sharing can be done by retrieving a copy using another device.
26

Security of the system is based on the safety of the unique retrieve code. The code is
defined as a random string with length of 24, with enough level of complexity. Therefore it
can be consider secure when attacked by exhaustive search. The unique code should be
strictly protected by the user, which he will be clearly warned so.

Credential Deactivation
Users are allowed to deactivate his device by through the use case.
The action is done by removing the local post credential and set the corresponding key status as used.
Specially, when a user has saved a backup of credential in the server, he can choose to delete them all
or delete only the one the user is holding in the device.
This use case is implemented on purpose of the completion of a system.

27

Discussion
Anonymity vs. Accountability
There are always conflicts between anonymity and accountability. They can hardly
been achieved at a high level at the same time. Recall the target of our project. The project
aims to fully gather information from the public and be an option for information provider
who only report fully anonymously. Therefore under no circumstances, the identity of an
information provider will be reveal to others. We have to sacrifice the level of accountability
to be achieving a higher level of anonymity.
In our crime reporting system, anonymity is achieved in the use case activation.
Recall the use case activation. We can find that by means of blind signature, the system
separate the unique identifier review and the issuing of post credential.

Public-accumulation
In our project, public-accumulation is achieved by designed as website accessible to all HK
citizens. And activation is also accessible for all HK citizens as long as they pass identifier

review.

Other Security Method


Our system is also guarded by some security method:
Unique identifier review (described in Activation section) and post credentials
(described in post credential section) are adopted to enhance security.
CAPTCHA is adopted as a safety method in this system so as to protect the system
from machine attack;
Parameterized statements are used to protect MYSQL from sql injection attack;
Data are encrypted in the database to enhance the security of database.

28

Conclusion
Based on the imperfectness of Hong Kong Crime Reporting system, the project
implements a web-based crime reporting system which is
-

Public accumulated

Achieving anonymity

Protected by blacklisting from persons with dishonest intent

So as to fully gather material to facilitate crime investigation

Achieves anonymity through the process of activation by means of blind signature;


Achieves public-accumulation by been open to the public and reviewed unique identifiers;

Our system is also guarded by some security method:


Unique identifier review (described in Activation section) and post credentials
(described in post credential section) are adopted to enhance security.

29

Future Works

Large bit RSA should be adopted in the project to enhance the safety of blind
signature.

SMS verification can be used as a good choice of unique identifier review method.

UI can be improved to be friendlier to users. For example, a better sorting method can
be helpful for administrator to manage reports.

30

Appendix 1 Database structure


Website as Designed Form
The system is designed in the form of web sites, the functionalities of different pages. I list
some of the pages with main functions

(1) Main page/ index page


The first page to be presented to all users, containing links to activating the current
device, generating a post new report, credential sharing and deactivation
(2) Activation page
This page is available if a computer is not activated. Through the use case of
Activation, the user can be activated through this page. Blind signature and unique
identifier review are processed on this page
(3) Post New Report page
This page contains the key functionality of the system, posting a report is processed
on this page. Captcha, formatting and post credential are induced in this page
(4) Credential Sharing& Backup page
This page points to the sharing and backup system.
(5) Credential Deactivation page
Enable a user to deactivate his device

31

Database structure:
The database of the sever is implement on MYSQL, the most popular open source database

Tables:
The structure and functionalities of the tables are listed below
Unique_identifier:

This table stores the unique identifier of users


Name

Type

ID

int

unique_identifier

Used_signature:
This table stores the signature used, i.e. a post credential is already distributed to a users with
this id pair
Name

Type

ID

int

Used_signature text

Post_key_archieve
This table stores the used post credential and the next post credential for each post, the
next_key is actually the newest key the owner of the key holding now
Name

Type

PID

int

used_ key Varchar(32)


next_key

Varchar(32)

using_key
This table stores the current status of a post credential, a
32

Name

Type

Keyvalue Varchar(32)
status

Enum(Valid,Banned,Used,SuperUser)

deactive_timing
This table stores the datetime before which a user cannot deactivate his post credential
Name

Type

Limit_deactivation_key Varchar(32)
time_flag

datetime

key_sharing
This table facilitates the implementation of key sharing
Name

Type

key

Varchar(32)

One_time_code Varchar(32)

report
This table formats and stores the attributes of a crime, should also contain a link for upload
images
Name

Type

PID

int

Crime_time

datetime

Type

text

Other attributes of a crime

33

Appendix 2 References

[1] Crime Ordinance. < http://www.hklii.hk/eng/hk/legis/ord/200/>. 15/04/2015


[2] UK, College of Policing. <http://www.app.college.police.uk/appcontent/investigations/managing-investigations/#investigative-strategies>.15/04/2015
[3] Hong Kong Police Force, <http://www.police.gov.hk/ppp_en/02_er_room/>, 05/04/2015
[4] Crimestoppers, <https://crimestoppers-uk.org>. 05/04/2015
[5] Crime Trends in Hong Kong, Dr. Roderic Broadhurst, Associate Professor, Centre for
Criminology, Department of Sociology, The University of Hong Kong. Working paper
prepared in part for the Hong Kong Social Services Council - Social Indicators Project 2000.
<http://www.crime.hku.hk/rb-crimetrends.htm>.15/04/2015
[6] Anonymous:
<http://www.businessdictionary.com/definition/accountability.html#ixzz3XcmqDpxy>.
05/04/2015

34