We started our Gnocchi/NoSSL project this week!
For the first week, it was mainly about research and plan for future implementations. The Gnocchi/NoSSL system we are going to implement is for online file distribution with the purpose of keeping private keys offline as much as possible. By avoiding to store the private keys online, Gnocchi/NoSSL protects the material better even when the server is untrusted or compromised.
Our Gnocchi/NoSSL system consists of three parts: the client, the server, and the database generator.
Since the private keys are kept offline, most of the cryptographic work is on the client side. The client first requests for the needed data from the server, trusted or untrusted, and then interprets the data into a proper file system. Because the server may be untrusted, the client is responsible for verifying the integrity and the authenticity of the files received. As for the specific implementation, we are going to implement it as a plugin of the browsers. As the first attempt, it will be a Chrome extension.
The server is basically a common one without much modification. Since we do not rely on the server for integrity and authenticity, the server simply serves as a place for file storage and responds with the correct data upon the client's request.
The database generator is used to produce a signed and authenticated database with the private key by the publisher. To transform an existing file system into a valid database in Gnocchi/NoSSL, the file data blocks and the inodes are associated with their cryptographic hashes, and the resulting database will have a structure similar to the Merkel hash tree, which aims at protecting the integrity of the files.
I also did some research on how to create an extension for Chrome this week.
Building a Chrome extension is pretty straightforward. A Chrome extension usually consists of the following:
1. A manifest file named manifest.json, recording the metadata of the extension
2. Html files for the contents to display by the extension.
3. JS files for the codes to be executed.
No comments:
Post a Comment