Tuesday, May 27, 2014

Week 2: Investigating OpenSSL

For Week 2, I mainly looked at OpenSSL code. It is quite burdensome. The code isn't very well documented. I've generated my own self-signed certificates with OpenSSL, which wasn't too complicated. Five files in total were generated: a root private key file, a root certificate file, another private key file, a certificate request file, and a (self-signed) certificate file. Each of these files had encodings in base64. Luckily, base64 to hex isn't something vastly complicated, so I was able to figure out what the different hex strings in the base64 encodings all meant. Base64 conveniently shrinks the size of these files and keeps them in a format that can easily be, say, emailed. Oh, and I forgot to mention these files have the extension .pem, which stands for Privacy Enhanced Email. Cool.

I don't want to say too much, though... (It's not like we have much to say yet anyways.)

On another note, Facebook apparently resizes photos when you upload them to their servers, so you can't download a, say, 4MB photo that you uploaded earlier to Facebook; it'll be 1MB or smaller. What this means is that you can't use steganography on photos you upload to Facebook. Sad.
Edit: Actually, there's more. I tried uploading a small photo with some encoding (even with the "high quality" option), but Facebook ultimately still cut down on bytes, ruining the steganographic file.
Posted by at No comments:

Monday, May 19, 2014

Week 1: Introductions

On Day 1 I read papers on SFSRO and tried to learn about Merkel trees. We had a meeting discussing administrative things as well as what the Gnocchi/noSSL project would be about. It can be summarized in one phrase: "Protect content, not connections." Days 2-5 were mostly the same thing: Reading research papers to learn what was going on. I reread Fu's paper on SFSRO to get as strong of an understanding as possible and thought about how it could be implemented in a Chrome extension client. Since I knew no Javascript, I had to learn a bit of the language (as well as how to write Chrome extensions) so that I could understand what its capabilities were and contribute towards the development of the client. That was sorta fun- Javascript seems to be syntactically a bit similar to C++. Looking into GSS, I figured out that at best it's only another crypto API that we could use, but the basic underlying idea is pretty good: Seal, Encrypt, Send; Receive, Decrypt, Verify. I also delved into the Plutus file system which is sort of similar to SFSRO. Finally, I looked into openSSL code for a day. It is NASTY. The unique thing about SFSRO is that it is pretty good for supporting read/append only. I'm still trying to imagine how that would work in real-life examples such as social media, though. Unfortunately, nothing exciting yet has happened. We still have to come up with a specification for the project....
Posted by at No comments:
Subscribe to: Posts (Atom)