Title: Universal Switch Set with Data Encryption and Decryption for Legacy Applications without Cyber Safety Measures
Background:
In metro systems, OEMs install switches and bind them to their MAC addresses, making it difficult to install or upgrade switches in the network without compromising cybersecurity. Retrofitting these systems with modern security protocols can be challenging and costly, especially for organizations with limited resources or technical expertise.
Description:
The problem aims to develop a universal switch set equipped with data encryption and decryption capabilities. This set should seamlessly integrate into various legacy applications lacking cyber safety measures. It will provide a standardized interface for encrypting sensitive data before transmission and decrypting it upon receipt, enhancing the security of legacy systems. The switch set will support industry-standard encryption algorithms and protocols to ensure compatibility with a wide range of applications. It will include robust key management features for securely generating, storing, and distributing encryption keys to authorized users, ensuring the integrity and confidentiality of sensitive information.
Ministry of Housing and Urban Affairs
Department:
Smart Cities Mission
Category:
Software
Theme:
Blockchain & Cybersecurity
8. Debugging
10. Contributing
We propose to install a virtual client on the user side and add an IoT device before the legacy application that decrypts data before sending it to the legacy application (e.g., old DB server or Excel server). This ensures seamless transition and end-to-end encryption.
- All data/queries are encrypted at the application layer on the user side, leaving network and data link headers unchanged.
- The encrypted data is intercepted by the IoT bug before reaching the legacy application. The bug decrypts the data and sends it as plain text to the legacy application.
- The legacy application processes the plain-text data.
- The legacy application sends a plain-text response to the IoT bug.
- The bug encrypts the plain-text response and forwards it to the user.
- The user’s virtual client decrypts the data and renders it as plain text.
RSA is an asymmetric encryption algorithm used for secure data transmission, relying on the difficulty of factoring large prime numbers.
- Asymmetric encryption: RSA uses a public key for encryption and a private key for decryption.
- Security: The security of RSA is based on the computational difficulty of factoring large prime numbers.
- Long-Term Security: For sensitive data, RSA-3072 or higher can be considered for future-proofing.
Upon establishing a connection, both the client and the server dynamically generate new RSA key pairs. The server transmits its public key to the client, which is stored in a designated variable. Subsequently, the client responds by sending its own public key back to the server, where it is securely stored for further communication.
- Connects to the bug server and sends encrypted commands.
- The bug server decrypts these commands and forwards them to the legacy application.
- Upon receiving the response, the bug server encrypts it and sends it back to the client.
- The client decrypts the response.
- Listens for incoming connections on a specific port.
- Decrypts data and forwards it as plain text to the legacy application.
- Encrypts the plain-text response and sends it back to the client.
- Listens for plain-text messages from the bug server.
- Processes requests and responds with plain-text data.
[Client] --> (Encrypted Command) --> [Bug Server] --> (Plain Text Command) --> [Legacy Application]
[Client] <-- (Encrypted Response) <-- [Bug Server] <-- (Plain Text Response) <-- [Legacy Application]
data: Requests specific data from the legacy application.sih: Requests another specific dataset.rst: Closes the connection between the client and bug server.
- The IP addresses and ports are no longer entered manually during runtime. They are now read from the
config.inifile for both theclient.pyandbug.pyscripts. This simplifies the setup and configuration process, ensuring consistency across different environments.
-
The
bug.pyandclient.pyscripts now support a "termination" command (rst), allowing for a clean shutdown of the bug server and the client application. -
The
legacy_application.pynow handlesrstcommands as well, allowing for the entire system to shut down gracefully when needed.
- The user can enable or disable debugging at the start of each script by responding to the
Debugging (Y/N):prompt. When enabled, detailed information about encryption and decryption processes, as well as communication between components, is logged to the console.
- Python 3.x
- Install the
cryptographylibrary:pip install cryptography
- Step 1: Configure the IP addresses and ports in the
config.inifile:
[Client]
network_interface_1 = 127.0.0.69
port = 5551 # Port on the bug that client will connect on.
[Bug]
network_interface_1 = 127.0.0.50
[Legacy_Application]
network_interface_1 = 127.0.0.200
port = 5550 # Port on the Legacy Application that bug will connect on.-
Step 2: Start the legacy application:
python legacy_application.py
-
Step 3: Start the bug server:
python bug.py
-
Step 4: Run the client application:
python client.py
Enable debugging mode for detailed logs of encrypted and decrypted messages. At the start of each script, type Y when prompted for debugging mode:
Debugging (Y/N): Y
- Dynamic Encryption Protocol Selection: Bug.py will randomly select out of a suite of asynchronous encryption algorithms every time it connects with a new client, to mitigating the chances of Cryptanalysis on the traffic even further and increasing security.
- Additional Encryption Support: Add support for synchronous key encryption algorithms like AES.
- Session Management: Implement session-based encryption for dynamic key management.
- Authentication: Introduce client-server authentication to ensure authorized access.
- Use the
git checkout -b <YOUR_BRANCH_NAME>to make a new branch - Alternatively, use the
git checkout <YOUR_BRANCH_NAME>to switch to an existing branch.
NOTE: USE YOUR OWN BRANCH UNLESS YOU ARE COLLABORATING
-
Fetch the latest changes from the remote:
git fetch origin
-
Reset your local branch to match the remote:
git reset --hard origin/master
-
Clean untracked files and directories:
git clean -fd
-
Pull the latest changes:
git pull origin master
- Once you are done with your changes, push them to your branch using the following commands
- Use
git add .to add all files or usegit add <file_1> <file_1> <file_n>to manually add files - Use
git commit -m "<Commit message>"to commit the changes - Use
git push origin <YOUR_BRANCH_NAME>to push changes to your branch - Once you are ready, make a pull request to merge your branch with the
masterbranch and wait for 4E23 admins to review the PR.