I.

MobileAidedEncryptedWebFile yp System

EncryptedfilesarestoredonWeb dfl d b

ECOM6031 ProjectPart1

Labdemonstration
I.MobileAidedEncryptedWebFileSystem II.TheusageofTruecrypt II The usage of Truecrypt

Keysstoredinserver,sentviaSMS
WhenPCisconnectedtoaMobile PC is able to decrypt and display files PCisabletodecryptanddisplayfiles fromWebaftergettingakeyfrom Mobile IfPCisdisconnectedfromtheMobile FilescannotbedecryptedonClientSide Demoisavailable
2

Junbin Fang (CYC321, 28578440, jbfang@cs.hku.hk)

1

Architecture

Architecture

Serverside(1) S id (1)
Keydistributionserver y
Checkkeyrequestinan incomingSMS incoming SMS Verifythephonenumber intheSMS Sendanencryptedkey backthroughSMS

Serverside(2) S id (2)
Fileserver
Authenticateanylogin user. user Retrievethekeysentto userfromkeydistribution server. Encryptfileswiththekey usingAES,etc. i AES t

Architecture

Architecture

Clientside(1) Cli id (1)

Usersmobilephone
Runanapptosendakey requestSMS request SMS ParsetheresponseSMS fromkeydistribution server Decryptthekeyencrypted bykeyserverwithits b k ith it privatekeysuchasIMEI
5

Clientside(2) Cli id (2)

UsersPC
Communicatewithhis mobilephonetogetthe mobile phone to get the secretkeyfordecryption Decryptthefiles encryptedbyfileserver. Displaythecontentina javaappletframe j l f

Keydistribution K di t ib ti

Userexperience U i
Step1: S 1

Keymanagementandpreparation

Filename:F F File name: F1,F2, Fileencryptionkeys:KAES1,KAES2, (relatedtoF1,F2,) Encryptedfiles:C Enc(F ,K ),C Enc(F ,K ), Encrypted files: C1=Enc(F1, KAES1), C2=Enc(F2, KAES2), Onetimekey(sessionkey):KOT (itisgeneratedand usedforeachsession) Encryptedkeys:CK1=Enc(KOT,KAES1),CK2=Enc(KOT,KAES2), IMEIdependentnumber:KOT XOR IMEI=NIMEI (which willbetransmittedviaanSMS).Forsimplicity,XOR ill b t itt d i SMS) F i li it XOR computationisusedhere.
7

UserPaulloginstotheFileServer byusingusernameand passwordandwillgetafilelistincludingsomefiles,eg. password and will get a file list including some files eg Cisc.txtandhku.txt. Sincethefilesareencrypted,afterlogin,aJavaApplet will yp g pp beruntocheckthepresenceofKOT (UIaswindowW1). IfKOT isgiven,theappletcangoontodothedecryption.If not,awarningmessagewillbeshown. i ill b h
F1 Cisc.txt F2 Hku txt Hku.txt Errorduringkeyretrieving GetsecretkeyKOT ?
8

W1

Userexperience U i

Userexperience U i

Step2: S 2 IfKOT isnotgiven,theappletcannotdecryptthefile whichtheuserwanttoopen. which the user want to open ThentheuserneedtorunanApp intheclientside mobilephonetosendarequestSMStoserverand mobile phone to send a request SMS to server and receiveNIMEI fromKeyDistributionServerviaanSMS. Actually, user need to request NIMEI before he want to Actually,userneedtorequestN beforehewantto readsomefiles.

Step3: S 3

IfNIMEI isreceivedsuccessfully,theAppwillparseit withsomeuniqueinformation,eg.IMEI,IMSI,etc.,to with some unique information eg IMEI IMSI etc to extractthesessionkeyKOT. IftheappletcangetacorrectKOT frommobile pp g OT phone,theusercanclickonanyfilelistedtoseethe content.(eg.,KOT isusedtocomputeKAES2,KAES2 is usedtodecryptfile2). used to decrypt file2)
W1 F2 Hku.txt The U i Th University of H it f Hong Kong is the territory's oldest university W2
10

F1 Cisc.txt F2 Hku txt Hku.txt Keyretrievedsuccessfully: **************** GetsecretkeyKOT ?

Screenshot (Unsuccessful Decryption)

Screenshot (Successful Decryption)

11

12

UsageofTruecrypt U fT t

UsageofTruecrypt(contd) U fT t ( td)

AboutTruecrypt
Freeopen sourcediskencryptionsoftware Free opensource disk encryption software Createsavirtualencrypteddiskwithinafileand mountsitasarealdisk. mounts it as a real disk Encryptsanentirepartitionorstoragedevice

Ourdemosoperations
Createasecurevirtual volume Setpasswordandkeyfile Mount/dismounta / securefileasadisks p partition

*storekeyfileinan USBthumb USB thumb

Preparation
Downloadwww.truecrypt.org/downloads Download www.truecrypt.org/downloads Tutorialwww.truecrypt.org/docs/?s=tutorial

13

*storeencrypted volumein Harddisk

14

Createasecurevirtualvolume C t it l l

Setpasswordandkeyfile S t d d k fil
Previouskeyfile 02.jpg Now tc110208 kf Now tc110208_kf

First,createatruecryptfileinan externalHDD(H:\tc110208) t l HDD (H \t 110208)

15

16

Mountasecurevolume M t l
Passwordis required Keyfileisalso required

Successfullymounting S f ll ti
An1Gbvolume hasbeen successfully mounted

17

18

Openfileintheencrypted p yp volume

Beforemounting

Aftermounting After mounting

19

20

Keyfiles K fil

Randomkeyfilegenerator R d k fil t

Keyfileisafilewhosecontentiscombinedwithapassword (forinformationonthemethodusedtocombineakeyfile (for information on the method used to combine a keyfile withpassword. Untilthecorrectkeyfileisprovided,novolumethatuses y p , thekeyfilecanbemounted. Anykindoffile(forexample,.txt,.exe,mp3**,.avi)canbe usedasaTrueCryptkeyfile(however,werecommendthat youprefercompressedfiles,suchas.mp3,.jpg,.zip,etc).

21

22

Q&A &
Thankyou! Thank you!

23