Problem Statement
Build an Android application for sharing images with a group of users. The users should be able to upload images and specify the group of users with whom the images are to be shared. Upon confirmation from the group, the image should be encrypted and made available in their online repository and the key for decryption should be shared among them. To decrypt a picture, a threshold number of users should log in to the application within a time frame and input their secret keys. The threshold number should be configured during image upload by the owner of the image.
Solution
The server is assumed to be a trusted third party. The procedure is as follows:
- New users register with
register_user
. - Send images to the server to be shared with a group of receivers. The server encrypts the image using AES with key K and deletes the original This key K is the split into as many subkeys as there are receivers (using Shamir's Secret Sharing Scheme).
- Each receiver is sent their subkey and given an option to contribute the same for decryption of the shared image.
- After the threshold number of subkeys are received, the original AES key K can be restored and used to decrypt the image.
- Finally the decrypted image is sent to all receivers.
Software Used
- Falcon Framework - for the REST API.
- peewee - for Object Relational Mapping.
- uwsgi - Python WSGI server.
- cryptography - for AES encryption.
- secretsharing - Shamir's secret sharing
(Installed with
pip install git+git://github.com/EaterOA/secret-sharing.git
for Python3 compatibility)
Server side API
get_user_list
GET request. Output: List of users in JSON
Example:
[
{
"id": 1,
"name": "abcd"
},
{
"id": 2,
"name": "dcba"
}
]
register_user
POST request. Input: Name. Output: UserId and Name.
Example Input:
{
"name": "abcd"
}
Output:
{
"id": 123,
"name": "abcd"
}
send_message
Input: A POST request with JSON Object having following fields:
- receiver_ids: List of User IDs of the receivers.
- sender_id: User IDs of the sender.
- threshold_value: The minimum number of subkeys required to decrypt the encrypted image.
- filename: image filename.
- image: base64 encoded image.
Example:
{
"receiver_ids": [2, 3, 4, 5, 6, 7, 8, 9, 10],
"sender_id": 1,
"threshold_value": 5,
"filename": "bankkey.jpg",
"image": "23y83y489yjkjfhhuhhfFDJKFKH"
}
Database Setup
-
Install MariaDB.
-
Run the following command.
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
-
Enable the MySQL service.
sudo systemctl enable mysqld.service
-
Secure the installation.
sudo mysql_secure_installation
-
Login as
root
and add a new database and user with the same namethreshold_share
.mysql -u root -p CREATE DATABASE threshold_share; CREATE USER 'threshold_share'@'localhost' IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON threshold_share.* TO 'threshold_share'@'localhost'; FLUSH PRIVILEGES; quit;
-
Disable remote-access by uncommenting the following line from
/etc/mysql/my.cnf
:skip-networking
-
Find the unix socket location using the following.
mysqladmin -u root -p variables | grep socket