This is my rough draft of the design of the chat/file application.
Please feel free to post suggestions, questions, etc....
Secure chat message and file sharing software outline. Working title
“Quorum”
What? – Big picture
Quorum is to be a secure chat and file sharing service with a focus on
peer-to-peer communication. This will allow users to exchange messages
and files privately.
Why?
The Arab protests and similar protests around the globe have shown there
are times when people may wish to communicate peacefully and discreetly.
Governments all around the world have established laws (or are in the
process of adopting laws) which would allow them to monitor, track and
use network communications as evidence. In order to assist law abiding
citizens to communicate privately we hope to create a secure method of
communication which will not require any foreknowledge of encryption,
security certificates or networking protocols. The application(s) should
“just work” for the end user.
How? -- Big picture
Quorum will be divided into two pieces, a server and a client. The
server will have the fairly simple jobs of:
1. Maintaining a list of connected clients.
2. Initiating the handshake between two clients.
3. Passing messages between clients when they are unable to communicate
directly due to firewalls or filtering software.
The clients will have the ability to send messages to other clients,
either directly or (if direct contact is not possible) they will talk
through a server. Clients should also be able to send/receive files with
other clients.
How? -- Slightly more detailed picture
As an overview let's look at a typical day in the life of a client. We
start out by connecting to a known server. We provide the server with
our ID. Let's say we want to form a connection with our friend, Susan.
We ask the server to pass a “friend” request to Susan. If Susan accepts
our request, then the server helps us exchange IP addresses and public
security keys. We attempt to connect to Susan, but something is in the
way. We pass a message to Susan (through the server) asking her to
connect to us. Susan connects to us directly and we can exchange
messages back and forth directly.
About the security?
At the moment my idea for dealing with security is to have two levels of
message encoding. Communication between the server and a client can be
encrypted using secure socket layer (SSL). Communication between one
client and another client I think should use a unique RSA key which is
A) only used for that session and B) exists only in memory. This should
prevent keys from being stolen or users being asked to hand over their
keys to someone else. In a third scenario, clients may be forced to
communicate through a server (Client->Server->Client), if this happens
then the connections between the server and clients should be sent over
SSL, and the messages embedded inside the SSL stream will be encoded
using RSA. This prevents the server from listening in on the
communication. ie The server knows who is communicating, but it does not
know what is being said.
Technology?
It is my thought to write the server and client software using the
cross-platform Qt C++ library. Qt provides secure socket code, threads
and graphical user interface classes which should make writing and (most
of all) porting the software fairly straight forward. Copies of Qt
(including the libraries, graphical development suite and documentation)
can be found in the Qt SDK bundle located here:
http://qt.nokia.com/downloads
On the hardware side of things any fairly modern computer with a
graphical interface should be able to run a Quorum client. For testing
and deployment we will eventually need a server. The hardware
requirements for the server will be low (at least at first), but it will
have to be available 24/7. Ideally I think the server should be running
stable version of Linux.
Communication protocol?
The specific protocol between clients and server and clients with
clients is still a work in progress...
|
