Beruflich Dokumente
Kultur Dokumente
Supervisors:
Dr. L.C.K. Hui
Dr. H.Y. Chung
Students:
Fong Chun Sing (2010170994)
Leung Sui Lun (2010580058)
January 2013
Abstract
With the increasing usage of online file sharing platforms, the security of those
currently provided services becomes a hot topic among the users. Files are more
easily to be shared however their confidentiality is also dropped. Some file sharing
platforms allow user to download file even without the need to input any password.
AirCrypt has been developing to provide users an online storage and sharing platform
and, at the same time, with sufficient security means. Making use of an NFC
supported mobile device and a NFC tag, user can access their files in the server
securely and conveniently. Sharing of file is also protected by access control.
Security, user-friendly and cross-platforms are the main purpose of AirCrypt.
2
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Contents
1. Background ................................................................................................................ 4
2. Objectives................................................................................................................... 5
3. System Design ............................................................................................................ 6
3.1 Security Features.............................................................................................. 6
3.2 Other Features ................................................................................................. 8
3.3 System Architecture ......................................................................................... 9
3.4 Main Application Flow ................................................................................... 10
4. Current Progress ...................................................................................................... 13
4.1 Android App ................................................................................................... 13
4.2 Server and Client Program ............................................................................. 14
5. Development Tools .................................................................................................. 16
6. Limitations and Difficulties Encountered ................................................................. 17
6.1 Limitations...................................................................................................... 17
6.2 Difficulties Encountered and Our Solutions ................................................... 17
7. Work Division ........................................................................................................... 19
8. Future Plan ............................................................................................................... 20
3
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
1. Background
In this modern year, computer is important device for people to communicate with
each other and store information. Files like photos, music, videos, and documents
are all stored as electronic copies. With the increasing usage of internet, people
would like to share files with the others through the internet. Traditionally, user
would share his/her file by sending the file directly to another, for example, through
e-mail. However, it is quite time-consuming as user has to upload the file to the
server every time. It may take a lot of time if there are many files to be sent or the
file size is too large. And it is also inconvenient when sharing the file to a group of
people.
In recent year, file sharing platforms such as Dropbox are very popular as they allow
users to share files easily. User just needs to upload the file to the platform once.
After that, they can share the file easily by disturbing an URL of the file. People also
make use of these platforms as an online storage so that they can access their file at
any place and any time. These services are so convenient to be used. However, it is
also well-known that they do not provide much security feature. Anyone holding an
URL can access the file concerned even without the need to input any password.
4
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
2. Objectives
Our objective is to develop a system which can provide an online storage and sharing
platform and, at the same time, with high level of security. The security features
include but not limited to:
- Secure Transmission Channel
The transmission of file and commands between client and server are securely
protected using SSH.
- Secure Online Storage
The files stored in the server are encrypted using TrueCrypt, which is free
open-source disk encryption software.
- File Integrity Control
Integrity check is performed whenever the file is uploaded and downloaded.
- Access Control
Only authorized user can have access to the file.
The developed product is targeting on Small-Medium Enterprise, Organizations and
individual users.
5
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
3. System Design
This section discuss the features that we have applied to make AirCrypt secure.
- Multiple Factor Authentication
In AirCrypt, users have to provide their mobile phone’s International Mobile
Station Equipment Identity (IMEI) and a NFC tag ID during registration. These two
tokens will act as the password for authentication. The advantage is users can
make use of a longer password without remembering it. Besides, since the two
tokens are stored in different mediums, it will be more difficult to be stolen at
the same time.
- Minimum Exposure
Another important design for enhancing the security is by minimizing the
exposure time. “Exposure time” means the time that public/private disks are not
encrypted and the time that user can directly interact with the disks. We applied
2 mechanisms to minimize the exposure time.
(1) Separation of file information and file data
In our design, we store the file information in a separate database. For example,
when user opens a folder, the server will send the directory list to the client. The
list contains the information of files in this folder. So server will get the
information from the database. In this process, the public/private disks remain
6
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
- Integrity check
Whenever there is file transmission, we will do file integrity check using the md5
checksum.
7
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
- Firewall-Friendly
Since we are using SSH as the communication channel. The server only needs to
listen to port 22. It avoids complicated setting on the server.
- Cross-Platform
The AirCrypt Client Program is developed by Java, which means platform
independent. The advantage is easy to maintain. Update can be done only once
and the executable can run on platforms with java installed. Another advantage
is the UI looks similar so user can easily pick up when they switch to different
working platform.
Windows ubuntu
8
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
The following diagram shows the system architecture. AirCrypt applied the 3-Tier
Client/Server Architecture. The Android App obtains the mobile phone’s IMEI and
NFC tag ID and sends to PC client through Bluetooth. The client and server
communicate with each other through the SSH channel. Inside the server, there are
program to handle requests from client, several databases which store user’s
information, file information, etc... and also the public/private disks which are
encrypted by TrueCrypt.
DBs Mysql
9
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Registration:
Step 1: PC client program requests IMEI and NFC tag ID from the android app
Step 2: Android app returns the IMEI and a scanned tag ID
Step 3: PC client sends the username, IMEI and tag ID to the server for
registration.
Step 4: Server register the new user, create the public/private disk for the user.
Step 5: If success, return a confirm message.
If fail, return an error message.
Login:
Step 1: PC client program requests IMEI and NFC tag ID from the android app
Step 2: Android app returns the IMEI and a scanned tag ID
Step 3: PC client sends the username, IMEI and tag ID to the server to
authenticate
Step 4: Server authenticate the user
Step 5: If success, server returns a Login Credit to user. The Login Credit
consists of the Unix login name and password.
If fails, server returns an error message.
Step 6: PC client login to the server again using the Login Credit.
10
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Download (private):
Step 1: PC client program sends the request of the file and the private key
Step 2: Server uses the key to decrypt the private disk, copy the file to a
temporary location. After that, server will immediately encrypt the disk
and destroy the key.
Step 3: If success, server will transfer the file from temporary location to user.
If fail, server returns error message.
11
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Download (public):
Access Control:
12
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
4. Current Progress
Then it will send the tag ID with the phone’s IMEI to the PC Client Program
through Bluetooth.
13
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Most of the functions like upload, download and access control are already
implemented. However, at this stage, we have only tested the login function and
combined the GUI with it.
The following screenshots show the testing of login function.
Register User: demo
Correct IMEI: 353xxxxxxxx
Correct tag ID: 0x3b4644b6
Screenshot 1: Unregistered user login
Screenshot 2: Registered user login with correct IMEI and NFC tag ID
14
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
Screenshot 3: Registered user login with wrong IMEI but correct NFC tag ID
Screenshot 4: Registered user login with correct IMEI but wrong NFC tag ID
15
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
5. Development Tools
16
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
6.1 Limitations
- Authentication Tokens
Since we use IMEI and NFC tag ID as the authentication token, user must have a
mobile phone with NFC function supported. At this moment, only a few android
devices support the NFC function.
- Bluetooth
The Android App communicates with the PC client program through Bluetooth.
Therefore, user’s PC has to be equipped with Bluetooth.
- Permission problem
We need to care about the folder/file permission to let authorized user to access
the file to achieve the minimum privilege principle.
For example: we make the private mount point as (drwx------,i.e. 700), set
the owner and the group as the account holder (USER1:Account) to prevent
unauthorized user to get into the mountpoint.
Another example: we make the sharing mount point as (drwxr-x---,i.e. 750),
set the owner and the group as the account holder (USER1:Account) to
enable user to access to the mountpoint and get the file.
- Account setup
It is not feasible to create an UNIX account when a registration is done because of
the security issue.
So we are going to make the accounts REGULARLY using crontab utility (also
called cron-job), schedule account creation each day.
- SSH setting
We need to decline the access of root accounts so that the hacker cannot take
control using root accounts via SSH.
(In Ubuntu 12.04 LTS, after installing ssh package , edit it by
sudo nano /etc/ssh/sshd_config
And change the option
PermitRootLogin Yes PermitRootLogin No)
17
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
- Truecrypt
As well known, mounting need root permission. To prevent exposing password of
root account when mounting, we need to add Truecrypt application as one
application that execute as root permission without password.
We use visudo utility to achieve this.
- NFC detection
The mobile device may already install Apps which can automatically detect the
NFC tag. According to the Android SDK, a NFC signal can only be handled by one
application. Therefore, in order to avoid the interruption by other Apps, we use
enableForegroundDispatch to dominate the NFC detection when our
App is opened.
Another problem of NFC detection is the data obtained from the tag. The data
retrieved from the tag is an array of byte. Therefore, we have to write our own
function to convert the bytes into meaningful string.
18
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
7. Work Division
Client Side
- Program
- Android App
Server Side
- Program
- Set-up
- configuration
System Design
Presentation
Report
19
FYP12016 – AirCrypt: the Secure File Sharing Platform for Everyone
8. Future Plan
- Sharing Function
In our initial design, the user shares the file by assigning the access right and
sends a link to another user for download. However, we think it may not be
convenient for user. So we are considering implementing an exchanging system.
When user A assigns the access right to user B, the server will automatically send
a message to notify user B about the permission.
20