Video (RSA Encryption + app)
What is this project about?
It's quite common to miss homework deadlines because you simply forgot about it (personal score: one, so far, hopefully that's my highest) or say, if a class gets cancelled (or if there's an extra class?), it's necessary to have a definite way of conveying such information to the students. Simply sending it over mail or posting an announcement on canvas isn't enough - not for me anyway.
To fix this, we've made Washington Announcements (an android application). Only students with an "@uw.edu" email address can create an account on this app. Once the email is verified by clicking on a link sent to the user's uw email address and logging in, students can register to recieve announcements for the classes they're registered for (or more, but I don't know why anyone would do that). Open the app, log in (or if you enabled "remember me on this device", save some time) and checkout the new announcement that was posted regularly and never miss any important announcements!
That is the student interface. There is also a teacher interface (another android application), which is used to send the announcements, given the class' name, the title and the content of the announcement. Students' version of the app will automatically update ready for the student to see the new announcement.
Using the same app on multiple devices is not a problem, the list of courses the student is registered for is synced with the account. So just download the app and you're ready to go!
On top of the HTTPS protocol and having the data encrypted on the server (since we're using firebase from Google) and also through the transit (duh, HTTPS), we've added another level of encryption to be extra, extra sure that information about the university's courses remains in the university.
Another reason for choosing Firebase was the security it offered: everything is Google certified. For the actual communication between the client and the firebase database, we could've either sticked to Firebase SDK or use Rest API. We chose to use Rest API as much as we could since it works for all the platforms, whereas Firebase SDK is supported only for mobile. Even though our project is indeed mobile based, it's a good practice to keep scaleability in mind.
(What is REST API? A REST API is a way for two computer systems to communicate over HTTPS in a similar way to web browsers and servers. From Firebase website: We can use any Firebase Realtime Database URL as a REST endpoint. All we need to do is append .json to the end of the URL and send a request from our favorite HTTPS client.)
We did have to break the norm when we had to make a list of announcements for the students to see though. We did so because: 1: Each announcement would have a different URL depending on the class' name and the title. So to request all the announcements we would need the URL for each announcement as the REST endpoint. The problem with arrays and json files and serialization has been discussed in the signup script where we had to use a dirty trick to get around it. We probably could've fixed it using an external plugin but the 2nd point was very appealing. 2: Firebase SDK offers listeners that are attached to a particular path within the databse, these are automatically triggered whenever any changes are made, including children (talking about the ValueChanged event here, for all possible events see https://firebase.google.com/docs/database/unity/retrieve-data). Which is exactly what we wanted so instead of trying to stick to REST, we let this one slip.
One of the essential components of the app is making it secure. The students should have free access to all announcements but also prevent unauthorized individuals from viewing the messages. To do this we can use an abstract algebra concept called RSA Encryption.
To consider how this works, suppose that Dave wants to send a message to Owen. The first step is to generate a “key” that will be used to encrypt and decrypt messages. So, Owen generates a “key” in the following way: 1. Find two distinct prime number p and q. To be prime, a number must be an integer greater than 1 and have only two factors that are 1 and the number itself. The values of p and q must remain a secret. 2. Next, compute n=pq. This will be used as the modulus for later calculations. n is public. 3. Then find what ϕ(n). This is calculated using ϕ(n)=(p-1)(q-1) and is also kept secret. 4. Now we choose an integer e such that 1 < e < ϕ(n) and that e and ϕ(n) are coprime. For e and ϕ(n) to be coprime means gcd(e, ϕ(n)) = 1. e will be public. 5. Lastly, we find d by calculating the modular multiplicative inverse of e modulo ϕ(n). In other words, d = e^(-1) mod ϕ(n). d will be private. To review, (n, e) will be the public key and (p, q, ϕ(n), d) will be the private key. So, Owen sends the public key to Dave and then Dave uses that public key to encrypt his message. To encrypt, let P be a plaintext message. 1. Convert P to its integer form using a universally agreed upon table of two-digit numerical equivalents of letters. 2. Once P is in it’s two-digit integer form, split the numbers into groups of 4 while still maintaining the order of the characters. If the message has an odd length, then there will be 2 digits leftover. Add the integer value of another character, such as an empty space ‘ ‘, to the end of the last group so that it becomes a group of 4. Call each of these groups P_r for r groups of 4. 3. Use the public key to find C_r = (P_r)^e mod n for each P_r. If the value produced is less than 4 digits, add zeros to the front until 4 digits are reached. 4. Lastly, concatenate the values of C_r to produce the encrypted ciphertext C. As the ciphertext message C is sent to Owen, if an outside person attempts to intercept this message, they would not be able to decrypt it since they do not have access to the private key. Only Owen has the private key so this is what makes it secure. When Owen receives the message from Dave, he can then proceed to decrypt it by doing the following: 1. Similar to encryption, split the numbers into groups of 4 while still maintaining the general order. Call each of these groups C_r for r groups of 4. 2. Use the private key to find P_r =(C_r)^d mod n for each C_r. If the value produced is less than 4 digits, add zeros to the front until 4 digits are reached. 3. Concatenate the values of P_r to produce the decrypted two-digit numerical equivalent P. 4. Lastly, use the universally agreed upon table of two-digit numerical equivalents of letters to convert P into the decrypted plaintext message.