Skip to content

raulviana/FEUP-SSIN

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
client
client
 
 
database
database
 
 
docs
docs
 
 
server
server
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
report.pdf
report.pdf
 
 

Repository files navigation

FEUP-SSIN

Repository for the Segurança em Sistemas Informáticos course.

Group Elements

Tools

Pyhton, Javascript, openssl, sqlite3

Scenario

An organization intends to design and implement a system with a trusted server supplying services to client applications, used by their collaborators. The services are REST endpoints that can be called by the client applications. These services have an associated security level (an integer value). Also, collaborators can send messages to each other using the client application. The client applications should be mobile, but, for a proof of concept, they can run on a PC with a CLI (command line interface) or GUI (graphic user interface) interface...(Full Text)

Install

$ npm install

Create Database

$ cd database
$ cat create.sql | sqlite3 Database.db
or (testing)
$ cd server
$ python create_table.py

Create two clients

To send messages between two clients run them from different folders
Pre-registration needed on both

$ cp -r client ./client2

Pre-registration & Start Server "face-to-face"

$ cd server
$ python register_app.py
$ node index

First Registration &/or Authentication (New Session)

$ cd client
$ python client.py
  • Main Menu
    1. Request service
      1. Calculation of square root (security level: 1)
      2. Calculation of cubic root (security level: 2)
      3. Paramaterized n-root (security level: 3)
    2. Send message
    3. Check received messages

Encrypt Process

Registration

Client asks for server public key.

Server Response:

  • not encrypted: public_key

Client:

  • not encrypted: username
  • encrypted (rsa): one_time_id, new_iv, symmetric_key, time

Server Response:

  • encrypted(symmetric): token

Authentication

Client Challenge Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, msg, time

Server Response:

  • not encrypted: challenge, new_iv
  • encrypted(symmetric): succ_msg

Client Challenge Solved Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): "challenge", time

Server Response:

  • not encrypted: new_iv
  • encrypted(symmetric): new_token, succ_msg

Services

Client set ip Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, ip_port, time

Server Response:

  • not encrypted: new_iv
  • encrypted(symmetric): succ_msg

Client get ip Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, username_2, time

Server Response:

  • not encrypted: new_iv, ip_port
  • encrypted(symmetric): ip_port, succ_msg

Client service Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, service_data, time

Server Response:

  • not encrypted: new_iv
  • encrypted(symmetric): succ_msg with the value

Client set public_key Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, public_key, time

Server Response:

  • not encrypted: new_iv
  • encrypted(symmetric): succ_msg

Client get public_key Request:

  • not encrypted: username, new_iv
  • encrypted(symmetric): token, username_2, time

Server Response:

  • not encrypted: new_iv, ip_port
  • encrypted(symmetric): public_key, succ_msg

About

IT Systems Security

Topics

javascript python openssl cybersecurity encryption-decryption secure-coding-practices

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages