-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Adrian Gunnar Lauterer
committed
May 21, 2023
1 parent
8a85fca
commit 7cf8000
Showing
1 changed file
with
49 additions
and
73 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,112 +1,88 @@ | ||
| # RootConnect | ||
| A simple chat messaging application written in cpp for a semester asigment in the course IDATT2004 neverksprogrammering at NTNU (Norwegian University for science and technology) | ||
|
|
||
| A simple baselayer for a chat messaging application/protocol written in C++ for a semester assignment in the course IDATT2004 Network Programming at NTNU (Norwegian University for Science and Technology). | ||
| Description | ||
|
|
||
| A simple chat messaging application using onion technology and the ip networking protocoll written in C++ | ||
| In this project, I, Adrian Gunnar Lauterer, have created the foundation of a simple chat messaging application using onion technology written in C++. | ||
| Motivations | ||
|
|
||
| ## Motivation and Problem Statement | ||
|
|
||
|
|
||
| ## ideas | ||
|
|
||
| In relation to mobile wireless mesh networks i wanted to create a way to securely and privately communicate with others in the network without revealing what you are communicating and with whom. I wanted to use the idea of onion technology to encrypt the messages and route them through the network so that the current only knows where it came from and should go to next, not neccecarily the source and the destination with asymetric encryption to keep the content private. | ||
| Because i wanted to explore the problems with securoty and protection against triangulation choose this problem statement as my project. | ||
|
|
||
| - name rootconnect | ||
| - create a server that can communicate to multiple servers | ||
| - For the moment store the entire reachable mesh and the structure of the possible paths. | ||
| - get multiple random possible routes from a to b | ||
| - from now onwards the message goes from a to 1 to 2 , 3 , 4 and then b | ||
| - a sends a message to 1 with the information of sending it to 2 | ||
| - 2 sends to 3 and so on until the message reaches b. | ||
| "Create a secure messaging application using onion technology that enables users to send encrypted messages through a network of interconnected nodes." | ||
|
|
||
| ## Implementation | ||
|
|
||
| Protocol Name: OnionMeshChatProtocol | ||
| The RootConnect application is a chat messaging application/protocol implemented in C++. It aims to provide secure and anonymous communication through a network of interconnected nodes. The application is designed to run on Unix systems and is written in a modular manner, allowing for easy replacement of modules. | ||
| Encryption and Security | ||
|
|
||
| Protocol Overview: | ||
| The protocol facilitates the transmission of messages through a specific part of the onion mesh chat network. | ||
| It ensures that the message is securely routed through intermediate nodes before reaching the intended destination. | ||
| Each intermediate node peels off a layer of encryption, revealing the next hop until the message reaches its destination. | ||
| The application uses OpenSSL for encryption, but it currently has an issue where private and public keys are the same. This issue needs to be addressed to ensure proper encryption and security. Future improvements should focus on enhancing the encryption process and fixing the key generation. | ||
| Networking | ||
|
|
||
| Protocol Steps: | ||
| a. Message Creation and Encryption: | ||
| The sender encrypts the message using multiple layers of encryption, corresponding to the number of hops it will traverse. | ||
| Each encryption layer includes information about the next hop in the route. | ||
| The networking implementation of the RootConnect application needs improvement. Currently, it does not forward and decrypt messages properly. This issue must be resolved to ensure messages are correctly routed and decrypted at the intended destination. | ||
| Future Work | ||
|
|
||
| b. Route Determination: | ||
| The sender's client or server (e.g., rootconnect) determines the route for the message based on the stored reachable mesh and path structures. | ||
| It randomly selects multiple possible routes from the sender to the destination. | ||
| There are several areas for future work and improvement in the RootConnect application: | ||
|
|
||
| c. Onion Encapsulation and Routing: | ||
| The sender's client/server encapsulates the encrypted message in an onion-like structure, with multiple layers of encryption. | ||
| Each layer contains the encrypted message and the information about the next hop in the route. | ||
| - Implement an independent wireless mesh network to enable the secure communication protocol to work on top of it. This would involve multiple layers of implementation in the networking stack. | ||
| - Improve encryption by fixing the issue of using the same private and public keys. This is essential for ensuring secure communication between nodes. | ||
| - Develop a mechanism for key and address distribution in the wireless mesh network. This mechanism would be crucial for adding new nodes to the network and ensuring secure communication. | ||
| - Enhance the networking implementation to ensure proper forwarding and decryption of messages. This is vital for the effective functioning of the application. | ||
| - Implement a mechanism for adding new wireless connections to nodes. This would enable expanding the network and increasing connectivity. | ||
| - Develop a way to distribute keys and explore the mesh automatically. One possible approach is to have multiple known nodes in the network that people can connect to in order to obtain information and connect with others. | ||
|
|
||
| d. Onion Routing: | ||
| The sender's client/server sends the onion-encapsulated message to the first node in the selected route. | ||
| Each intermediate node in the route peels off one layer of encryption, revealing the information about the next hop. | ||
| The node then forwards the partially decrypted message to the next node in the route. | ||
|
|
||
| e. Final Destination: | ||
| The last node in the route receives the fully decrypted message and delivers it to the intended recipient. | ||
| ### Message Format | ||
|
|
||
| Security Considerations: | ||
| The protocol ensures the privacy and confidentiality of messages by encrypting them with multiple layers. | ||
| Each node in the route only has access to the information about the next hop, maintaining the anonymity of the sender and receiver. | ||
| Additional security measures, such as authentication and integrity checks, can be incorporated to enhance the protocol's security. | ||
| The message format used in RootConnect is a plain string with line shift separation. The header, which continues until the first double empty line shift, contains information about the message and the path it should take. | ||
|
|
||
| #### Example: | ||
|
|
||
| ## message format | ||
|
|
||
| plain string with lineshift seperation. | ||
| first header that continues until the first dubble empty lineshift is the header. | ||
| the header contains the information about the message and the path it should take. | ||
|
|
||
| example: | ||
| ``` | ||
| Next-Destination: [Next Destination] | ||
| Content: [Encrypted Content] | ||
| ``` | ||
| with the encrypted content containing the next destination, and a further encrypted content containing the next destination and so on until the last destination is reached where the encrypted content contains the message. | ||
|
|
||
| If the Content decrypts to a message that does not contain the Next-Destination header, the message is the final message and should be displayed to the user. | ||
| The encrypted content contains the next destination, and subsequent encrypted content contains the next destination until the last destination is reached, where the encrypted content contains the message. | ||
|
|
||
| If the message is not encrypted the message will be sent as plain text, and the Next-Destination header will be the next destination. | ||
| If the content decrypts to a message that does not contain the Next-Destination header, it indicates the final message and should be displayed to the user. | ||
|
|
||
| example: | ||
| If the message is not encrypted, it will be sent as plain text, and the Next-Destination header will specify the next destination. | ||
|
|
||
| #### Example: | ||
| ``` | ||
| Next-Destination: [Next Destination] | ||
| Content: "Next-Destination: [Next Destination] \n Content: Hello World" | ||
| Next-Destination: [Next Destination] | ||
| Content: "Next-Destination: [Next Destination] \n Content: [Plain Text Content]" | ||
| ``` | ||
| Encryption should be done with asymetric encryption, and the public key of the next destination should be used to encrypt the message. The message should be encrypted with the public key of the next destination, and the next destination should be encrypted with the public key of the next destination after that and so on until the last destination is reached. The last destination should be encrypted with the public key of the destination. | ||
|
|
||
| Maybe for future implementation: | ||
| Public keys should be distributed through the network, and the public key of the destination should be known by the sender, this might be out of scope for this project, but it is a good idea to think about it. Should be able to send the public key unencrypted back if one recives a certain message from a node. This could be a message with a specific header, and could in theory still have been sent through the network. | ||
|
|
||
|
|
||
| ## implementation | ||
| a problem with this is parsing the message if the fontent or the next destination contains a line shift. This can be solved by using a different format for the message, for example JSON, but this would require a parser for the message format and would make the message format more complex. | ||
|
|
||
| this is a simple chat messaging application using onion technology and the ip networking protocoll written in C++. | ||
| The application is written in C++ and should work with C++ 17 or 23. It uses the standard library for the most part, but it remains untested on non linux platforms (development and testing on Arch linux 6.3.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 01 May 2023 17:42:39 +0000 x86_64 GNU/Linux). The application is written in a modular way, where the different parts of the application are separated into different files. | ||
| ### Encryption | ||
|
|
||
| ### dependencies | ||
| RootConnect employs OpenSSL library for encryption and ensures network communication security. The current use of the same private-public keys is insecure, requiring future improvements. | ||
|
|
||
| - iostream | ||
| - string | ||
| - thread | ||
| - cstring | ||
| - sys/socket.h | ||
| - arpa/inet.h unix library for internet operations | ||
| - unistd.h | ||
| To increase security, RootConnect needs stronger algorithms and personalized key pairs per node. Appropriate measures must be established to share public keys among nodes securely. | ||
|
|
||
| ### Implementation details | ||
| Asymmetrical encryption enables encrypting messages by the recipient's public key, ensuring only they can read it. Encrypting the message in multiple layers provides information about the next hop route. | ||
|
|
||
| as specific unix systems are used this is primarily written for unix systems. The application is written in a modular way so that if any part needs to be changed you can easily swap out and replace modules to reimplement this sample application. | ||
| Future updates should offer proper decryption and forwarding of messages, protecting integrity and confidentiality. | ||
|
|
||
| I choose to implement this using the default networking stack and not truly create my own networking protocoll. This is because i wanted to be able to utilize ip as a layer to implement this on top of. The applicationshould be portable enough if one wants to implement it on a truly standalone peer to peer beacon to beacon level network, but this is out of scope of this implementation. My primary goal was to be able to send messages from one node to another through a network of nodes, with multiple jumps to protect the identity of the sender and receiver. This will be a sor tof mesh network even if the nodes are fully connected to each other through the world wide web, as the nodes will still create their mesh and find a path for the packages. | ||
| Improving encryption algorithms, addressing networking issues, and optimizing key distribution are crucial steps towards a more secure and reliable RootConnect application. | ||
|
|
||
| ### how to run | ||
| 1. clone the repository | ||
| 2. run the makefile in the root directory with the command "make" in the terminal | ||
| 3. run the application with the command "make run" in the terminal | ||
| 4. follow the instructions in the terminal | ||
|
|
||
| ## Related Works and Projects | ||
|
|
||
| RootConnect is an independent project developed as part of the assignment for the course IDATT2004 - Network Programming at NTNU. However, there are other projects and technologies related to secure messaging and chat applications. | ||
|
|
||
| One notable project is Matrix, an open standard and decentralized communication protocol. Matrix provides end-to-end encryption for secure messaging and supports chat applications with features like group chat, file sharing, and more. The Matrix protocol allows for interoperability between different chat applications, enabling users to communicate securely across different platforms. | ||
|
|
||
| Another related project is Signal, a popular messaging application known for its strong encryption and privacy features. Signal uses the Signal Protocol to provide end-to-end encryption, ensuring that only the intended recipients can read the messages. | ||
| Contribution | ||
|
|
||
| This project was developed solely by Adrian Gunnar Lauterer as part of the assignment for the course IDATT2004 - Network Programming at NTNU. | ||
| Video Presentation | ||
|
|
||
| Please find the video presentation included in the submitted compressed file. The presentation provides an overview of the chosen problem statement, implemented functionality, programming languages used, and a demonstration of the solution. |