TransferMe!

A great deal was accomplished this week, we have finally chosen a name, TransferMe! We are hoping to get the URL Transfer.me but it’s unclear whether it is available. The team agreed that this name is equally descriptive of the product, short enough to remember, and rolls well off the tongue. We used our Trello board to brainstorm names and this is the one we collectively decided on. We have started using our communication platform Teams and Trello collectively. Turns out, the Trello board has an extension for Teams that allows us to do everything within the Teams app. I’m loving the setup so far!

The First Conflict

This past week we developed some of the project requirements. We had a team assignment that required us to write a 2000-4000 word document that described goals needed to complete the project in more detail. This also required that research be done on different frameworks and technologies we will use, as well as brainstorming some UI concepts and overall flows of the program. We encountered our first minor ‘conflict’ as a group, at least it was a conflict in my eyes; but I am proud of the way we handled it. I sent out a message to the Team 5 days prior to the due date about collaborating on the document and long story short, I received no response until 2 days prior to the due date. I stated that we need to communicate better going forward, and coordinated a meeting time to go over some of the group decisions, in the end I think we all contributed to the assignment equally and we will be a better team going forward because of this!

Moving Forward

After completing the project documents, we are onto the next iteration of planning. We scheduled a meeting and discussed some of the technologies we will need to use for the project. To me, the most daunting part of the project isn’t writing the code, but knowing where to begin and what pieces of the project to work on first. During the meeting, we discussed the cryptography method we plan to use, as well as the database, the framework, the source control, and the IDE we will be using for the project.

For cryptography, we plan on using Diffie-Hellman Key Exchange and ElGamal. We are hopeful that we can use Diffie-Hellman once to establish a secure connection between two people, then on future transfers, we can use ElGamal to achieve adequate security and efficiency. I’m sure there will be challenges as we implement this, but we plan to use a Framework called BouncyCastle which has a highly regarded cryptography library for C#, the language we will be using for the project.

For the database to store files, one of our team members is familiar with an open source database platform called MariaDB. MariaDB acts as a MySql databse so the language will not be difficult for newcomers to work with assuming they have had a small bit of Sql experience (which I have)! The framework, as discussed in the previous blog will be Blazor, a C# web framework that will allow us to build our site using WebAssembly. WebAssembly will be beneficial to us because all C# code is run as assembly language locally on the system. This makes for a fast, responsive web page as well as generating code that is not viewable in the devtools in the browser.

For source control, we will be using Git and GitHub to manage our project. I’m really excited to work with multiple developers on a large scale project. As of now, I’ve only used source control for projects that I have been the sole developer. I can imagine on a large scale project with multiple developers, things could get complicated if not everyone is in agreement with how to use the product. Once we get the development environment setup we will have to have another meeting to discuss how we will utilize source control in the most efficient manner. The IDE we will be using is Visual Studio. This seemed like the simplest choice since the program, the framework, and the language are all written by Microsoft. I believe this is the best choice.

What’s To Come

Our next assignment for the course is an individual assignment, but will aid in a better understanding of the different technologies we will use. This is the first time we will begin setting up the development environment together. I will plan to try coordinating a meeting with the team to discuss who wants to work on what. What I think the team needs most is to develop some type of diagram that will give an overview of the different components and their functions. Something like this diagram, but with specs relevant to our project.

I’m hoping that soon we will all get the development environment setup, a diagram drawn, source control established, and have a final meeting so that we can really start planning the development of this project. I get the feeling it may take longer than we expect…

Name TBD

This week, we had their first two meetings with both of our project sponsors. A bit unexpected, but our project sponsor was a former student who completed the entire project last year. The project was intended to be taken down but was not. Long story short, my team will be recreating the same project from scratch! We will be modifying the project requirements slightly, but the main concept will still be the same. Since the project sponsor was a former student who was not expecting to be a sponsor, we will be working partly with the student and partly with our instructor throughout the year. The good news is we have more flexibility in what we create. The bad news is, we have to start completely from scratch. Now, we must also come up with a new name for our project. Hence the title of this blog post, Name TBD.

First Impressions

Our first meeting was with the former student who initially proposed the project. Thankfully, they were kind enough to assist us in developing project requirements and even offered to help us if we got seriously stuck. They gave us beneficial advice about using trusted cryptography libraries, so we do not have to reinvent the wheel. Our sponsor also gave us advice on a specific framework for .NET and WebAssembly which they used in the project. The framework is Blazor. This framework is intriguing because it enables us to use mostly C# for web development. With traditional web design, the languages used are mostly HTML, CSS, and Javascript . While there will still be a need to use some of the traditional web design tools, using a framework like Blazor will give us increased flexibility which will allow us to spend more time learning the C# language and the .NET framework.

Second Impressions

Out next meeting was with our professor, Bill Pfeil. We went over the project requirements and stretch goals. Which as of now, are:

Project Requirements & Goals

Bill gave us solid feedback on the project scope and encouraged us to accomplish the stretch goal peer-to-peer transfers. Overall, he though this was a great project choice for a senior project. My teammates and I have some background in security which makes us ideal candidates for this project. As it stands, it appears I have taken the most security classes, being the only one who’s taken Cryptography, Defense against the Dark Arts and Intro to Security at Oregon State. I am excited to apply some of the theoretical knowledge I learned in the Cryptography course into this project. Specifically the stretch goal of implementing Diffie-Hellman key exchange.

Next Steps

The next steps I’m hoping to accomplish with my team is to start developing a UML-like diagram to outline the different components of our project. Since most of us have not worked on a project with this big of scale, I believe understanding how different components of our software will interact with each other will be critical in maintaining good development speed. We also need to further define our project requirements down to the small details and start thinking about other questions we have. I’m hoping we can start development sometime around the end of winter term. If we can get an adequate development plan in place, we may even be able to begin work during winter break!

The Beginning

The time is finally here! I have been assigned my senior project! I’ve been excited and anxious for this time since I started at OSU 2 years ago. At this point, being nearly done with all my classes, I’m mostly excited. My team and I will be working on rewriting a website called Crypter. Crypter is a free encryption platform that allows users to encrypt messages and files, then send them to whoever they wish. The caveat is, the user has to send the decryption information to the recipient manually.

I’ve actually wanted to use something like this in the past but did not know of any viable free solutions. Maybe Crypter can be that solution. I can’t count how many times in the past I’ve looked at job offers or contracts and they require a Social Security Number sent back in a PDF via email. Since email typically uses SMTP, none of this data is encrypted and could be susceptible to packet sniffing. Crypter could be an answer to that problem.

Another benefit of Crypter is that it doesn’t require an account and it is very simple to use. If anyone reading wants to try this out, feel free. Just head over to https://crypter.dev and test it out. The process is very straightforward and doesn’t require any sign up. To encrypt files:
1. Choose a message or file to encrypt
2. Select Encrypt
3. Copy the link and the decryption key
4. Send to the recipient or decrypt it in a different tab.

Here are some snippets of the process

After selecting “Decrypt your message” Crypter shows the original message, as long as the decryption key was correct.

Why Crypter?

I selected Crypter as one of my top options because I am excited to learn more about the .NET Framework, and I’ve also taken several classes in the security realm. .NET development excites me because I believe it will become increasingly in demand for software developers in the future since it is so simple to install and run applications on any system, as long as they have the appropriate .NET framework version. I know several colleagues, friends and acquaintances who work for organizations using almost strictly C# and the .NET framework. In my career, I’ve had the opportunity to develop a few small projects in C# and have gotten to see the benefits of .NET but I’m hoping to become more proficient going forward.

During my time in IT, I’ve gotten to explore various aspects of computer security which has always been fascinating. More recently, I’ve taken cryptography, along with other security classes at OSU that I feel will be helpful when working on the implementation details for this website. In my career, I’ve seen sophisticated malware, seen how YARA signatures are created to protect against malware, and most importantly for this project, how files are encrypted and decrypted using certain cryptographic functions.

Questions & Ideas

Currently, I have a few questions that I hope can be answered during our first few meetings with our project sponsor. The first one would be knowing what encryption scheme is used to encrypt the message and is it collision resistant? The other, which isn’t necessarily a question about Crypter itself, the user has to share the key with it’s recipient, how can they do that in a safe way? Maybe a solution could be: once a user creates an account, there could be an encrypted messaging platform, so the user could have a seamless experience sending the message to it’s recipient. As of now, I could see someone encrypting a message, then emailing or sending it using another chat form that is unencrypted, which completely defeats the purpose. This isn’t an issue with Crypter in itself, but I’m curious what the ideal flow would be for a user.

I’m excited to keep this blog updated as I work with my team to develop solutions and get some of these questions answered! See you next week!