Published on March 13, 2014
INTRODUCTION #whoami • Yashin Mehaboobe • Independent Security Researcher, Student • Speaker – Nullcon, c0c0n, Toorcon and HITB
CURRENT SITUATION • Systems such as dropbox or box does not allow secure transfer of files • Easy and secure transfer of files need technical knowledge • The layman does not understand concepts such as PGP and asymmetric encryption
WHAT IS ARCANUM? 4 •An asymmetric encryption based file storage service. • Intended to allow the sharing of files between clients securely. •The client handles encryption as well as decryption. •The server merely handles file storage and user management. •This ensures that even if the server is compromised, the user data is not. •The server extends a REST based API to clients.
MODULES 5 Client side Handles encryption,decryption and key generation Server side Handles file storage and user management
CLIENT SIDE - OVERVIEW 6 •Completely handles encryption, decryption as well as user credential storage. •Communicates with the server over HTTP •The private key is stored locally while public key is sent to the server. •Connection is SSL secured •Authentication is HTTP Basic Authentication
CLIENT SIDE - REGISTRATION 7 •During registration a RSA 2048 bit public/private keypair is generated •The public key is sent to the server while the private key is stored locally •The username, password and email is also sent to the server. •APIs used: /create/ for registration
CLIENT SIDE - SENDING 8 •Sending file: Get the public key of the user to send to Generate AES Key Encrypt file with the generated AES Key Encrypt AES Key with RSA Public Key Prepend encrypted AES key with encrypted file Send file to server •APIs used: GET /send/username to get the public key POST /send/username to send the file
CLIENT SIDE - RECEIVING 9 •Receiving file: Fetch file from server Decrypt AES key using RSA private key (locally stored) Decrypt rest of the file using AES key. •APIs used: GET /receive/all to get list of files GET /receive/number to fetch a particular file
SERVER SIDE 10 •Uses a bucket file storage system •Database used is sqlite3 •Passwords are stored as MD5 hashes •Exposes a REST API so the clients can be easily created. •Created using flask, sqlalchemy and restful.
ENCRYPTION 11 • Handled by Keyczar • AES-256 for symmetric encryption • RSA 2048 for asymmetric • HMAC for data integrity • SSL for security in transit
SEND TAB 14
RECEIVE TAB 15
TODO 16 • Web interface (partially done) • Change to digest authentication • Encrypt local keys
REQUIREMENTS 17 •Python 2.7 •Server: flask,flask-httpauth,ofs,pairtree •Client: requests, keyczar, pyqt •Minimum requirements: • 512 MB RAM • Dual core processor • Atleast 1 GB storage.
WRAPPING UP 18 • Code is available at: • https://github.com/sp3ctr3/arcanum-server • https://github.com/sp3ctr3/arcanum-client • Completely functional • Multiplatform • Further clients are being developed
THANK YOU 11-13 марта, 2014 Korea University, Seoul, Korea
arcanum-server - An asymmetric encryption based file storage service. arcanum-server - An asymmetric encryption based file storage service. Skip to content.
A Symmetric Key Generation for File Encryption and Protection using/by USB Storage Device
... / Asia-Pacific and MEA Round 2014. ... Client Side Encryption Based File Storage System/Yashin ... Arcanum is a file storage service that uses a ...
File Encryption Software AxCrypt 1.7.2614.0 1. File Encryption Software AxCrypt 1.7.2614.0If youd like to send an encrypted file to a friend as an email ...
Share Arcanum Manual. ... erring on the side of ... a brief Overview of How Characters are Made he Character creation system employed by Arcanum is based ...
¿Qué podemos decir?. En Peliculotas nos dedicamos a subir peliculas completas en español latino sobre todos los géneros. Disfruta y comparte.
of encryption and permissions ... service in the File and Storage ... selects the Always Available Offline option for a server-based file, folder, or share ...