The greatest inspiration behind the Chamber of Secrets is none other than the One-Who-Must-Not-Be-Named, Lord Voldermort himself. Remember how Voldermort split his soul into 7 Horcruxes in a bid to make himself immortal, invincible?
"What if we do the same with our files? What if we encrypt our files then split them into parts (or "Horcruxes") and spread them over the internet?"
We can't make the digital storage companies use our data ethically. So how about we just enforce it? This was the inspiration behind the Chamber of Secrets. A way to make user's data, their files, next to impossible to break into, giving them absolute control over how their data is stored (and used by the storage services like Google Drive).
What it does
CoS does not store user's files. Nor do we use storage services like IPFS or any other premium service that our users will have to shell out some money for. Rather, we leverage the reliability and freemium features of storage services like Google Drive and Dropbox, sans the fear that nothing comes for free, and if it is, then you pay the price with your data. WE MAKE SURE THAT YOU, AND ONLY YOU OWN YOUR DATA.
Once the user uploads a file on our platform, firstly, we encrypt it using a hybrid encryption technique. Then, we split the encrypted file into 3 parts, called Horcruxes. Two of these Horcruxes get uploaded onto the user's Google Drive, and one on their Dropbox. But an interesting thing is that we wipe the metadata and name of the file, ridding the Horcruxes of any identity-association with the original file.
So how does that add to the security?
Well, the only way you can access the original file is by recombining the Horcruxes in the exact order first, then in addition to that, you need access to the user's public and private key to decrypt the file.
To put things simply, a person will have to hack into your Google and Dropbox accounts, somehow force you to reveal your private key, and then hack into the database of CoS, ALL AT THE SAME TIME. Practically and probabilistically speaking, it is next to, if not completely impossible.
How we built it
The client-side application was developed intelligently using React.js + Axios in a way so that the muggles don't get overwhelmed by the magic that goes on behind the scenes. To them, it just appears like any other file storage service where you can simply upload, download or delete the files as you wish. The encryption and splitting (and the reverse process) are completely abstracted from the user by a very intelligently designed UX. And oh we love Harry Potter! Every component of the UI is heavily inspired by the theme.
Challenges we ran into
Ethical Data, Data security, cryptography, and secured file storage is something none of us had ANY idea about. The first few days were spent rummaging through articles and documentation trying to understand things.
We chose Python for the backend for the sake of simplicity, however, Django REST Framework was something that we had no prior experience of. Pretty much everything was built after spending several hours going through the documentation.
None of the teammates had worked with OAuth before. Again, documentations and a little help from other Fellows came to the rescue.
One of the Potterhead came down with COVID at the beginning of week 2, which was a huge blocker since the other two had to make up for the work.
Accomplishments that we're proud of
We were able to make a fully-fledged file-encryption and digital locker system in less than 3 weeks.
Despite not having experience with a major part of the technologies and tools we used, we were able to get everything done just by referring to the documentations, which speaks volumes about how far we have come from the tutorial hell where we had to learn everything from tutorials and YouTube videos.
Despite the circumstances, we were able to stick to the timeline made by us at the beginning of the project. We managed time and coordination really well.
What we learned
- Django REST framework
- Principles of cryptography and data security
- Server-flow OAuth Authentication
- Proper use of non-technical developer tools like Notion and Canva for planning and designing
What's next for Chamber Of Secrets
Introducing more storage options to the user. Right now it's just Dropbox and Google Drive but we aim at adding support for OneDrive as well.
Making the file splitting and Horcrux uploads randomized to add an additional layer of unpredictability, and hence security.
Adding support for uploads of larger files as well.
Consulting people from the cybersecurity domain to help improve the security and robustness of the system.