sec-file-server's People
sec-file-server's Issues
pKeyAlreadyStored always returns false
In fs-server.sec.filesystem.ImplementationBlockServer
line ~140
DemoWriteToAnotherClientsFile: Add smartcard support
Currently, this DemoApp doesn't work for smartcards.
It would be nice to add support for these, but it might require some reading into how to safely swap smartcards (so far, every attempt at a solution results in a CKR_DEVICE_REMOVED exception)
I am leaving this as an enhancement, since time is off the essence, and there are more things to solve.
Implement the 2 new RPCs
The second functionality will require you to add two new RPCs between the client
and the block/key server. The first RPC (called storePubKey) passes a digital
certificate as an argument and stores it in the key server, returning only an
acknowledgement. The second RPC (called readPubKeys) has no arguments and
returns a list of public keys present in the server.
DemoRevokedCertificate
Test for remote certificate.
eIDlib_PKCS11.isCertificateValid(X509Certificate) in fs-utils must throw ANY exception inside.
Not finding the certificate from the certification authority is acceptable.
Step 1: Server replication
Replicate the server, without implementing the algorithm from the book.
This will involve starting N server replicas instead of a single one, and replacing the client
to server communication with a loop that repeats each communication step N times.
Step 3: Protocol optimizations
Implement the protocol optimizations that reduce the number of replicas
required for content-hash blocks.
FS_read(public_key pk, int pos, int nbytes)
Same as in stage 1 of the project, except that the file is identified by a public key
Step 2: Appropriate replication protocol
Implement the appropriate replication protocol (from the book).
DemoWriteToAnotherClientsFile: Fix to match the usage of PKeys
See TODO in file for more details
FS_init( )
Alter FS_init( ) to register the public key certificate of the client (present in its smartcard), as stated in the project guide.
Replay Attacks
Create a protection against replay attacks.
Ideas: Use a challenge.
Report #3
overleaf project
Write the final report, of up to 4,000 characters, addressing:
- brief outline of the stage 3 design
- explanation of any modifications to the protocols presented in the book, and the rationale behind those modifications
- careful explanation of the dependability guarantees provided, namely in which way and under which conditions can the final implementation of the file system not work as desired.
Clean code
AS is, some of the code is a bit messy and knee-jerked.
Before the final delivery, it would be nice to try and improve the quality and cleanliness.
Report
Use the following overleaf project as a base if possible, and add/remove content as needed.
https://www.overleaf.com/4748652kgkdrt
note: You don't need an account to edit the file, but one is always useful to save your projects for future use
storePubKey: Swap to storing certificates
The first RPC (called storePubKey) passes a digital certificate as an argument and stores it in the key server
As it stands, we are passing and storing Public Keys.
This should be changed before the second milestone
DemoApp for the Timestamp functionality
Needs to be created
Certificate validation
Transcript from the FAQ:
Make sure the key was generated by a trusted authority. The information about these authorities can be stored in the blockserver.
https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao/
You can use the Java Certification Path (JCP) library, which is included in the JSE (but there are many alternative libraries; another popular one is the Certification Path library).
Here you find the documentation of the whole JCP library:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html
The most relevant classes are:
-
The CertPath Class
-
Certification Path Building Classes
-
Certification Path Validation Classes
Note that, to perform the validation, you should store the certificates of the "Entidade de Certificação do Cartão de Cidadão", which you can find here:
https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao/
There are three certificates, which correspond to different versions of the Cartão de Cidadão.
Here you can find also the Certificate Revocation Lists:
https://pki.cartaodecidadao.pt/publico/lrc/
Some publicly available JAVA code examples:
- http://www.java2s.com/Tutorial/Java/0490__Security/Validatecertificate.htm (using the Java Certification Path library)
- http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/ (using the Bouncy Castle library)
Step 4: Dependability tests
Implement the new set of dependability tests.
*This issue should be split up into multiple issues at a later date. *
(once we have a better idea of what tests are needed)
Improve handling of Exceptions
Improve the exception handling by:
- making sure to escalate all exception so that they are caught at the same level
- implement split catch rules for the diff. exceptions
- improve the error messages given to the user
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.