The implementation consists of two devices:
1) A simple, standalone key generator that generates random key data and writes it to two SD cards simultaneously, thus creating two identical one-time use pads for encrypting future messages. This hardware random number generator can generate random data for other purposes and send it via a USB port.
Schematics for this device and a bill of materials are provided in the project links.
2) An Android-based encryption device with a camera, display, software keyboard, SD card reader and USB port. All other methods of communication to the device (WiFi, Bluetooth, IR, etc..) are disabled at the hardware level. This standalone device encrypts and decrypts messages. Incoming encrypted data is read from your PC’s screen via the device’s camera, and with on-device software optical character recognition (OCR) is converted and decrypted using an SD card-stored key. The decrypted message is displayed on the encryption device display. Using a camera to capture the encrypted text from the PC display prevents the PC from retransmitting anything but the encrypted message which is not decryptable by anyone not holding the one-time pad key. The used portions of the keys are erased on both the sending and receiving ends after use to provide forward secrecy (your message cannot be read by someone later even if they obtain your device).
Our prototype encryption device is implemented using an Android tablet or phone. Requires specs for the Android device are listed in the components section. The source code repositories for the Android application are referenced in the links for this project and are hosted on github (see project links). They are licensed using GPL 3+. We use several additional open source libraries to provide the complete solution, including Apache Commons Codec and Commons Core (Apache License 2.0) and Tesseract OCR (Apache License 2.0).
Messages to be encrypted are entered by typing on the encryption device's software keyboard and then encrypted using a one-time pad cipher with keys stored on SD cards. The encrypted data is sent off-device by having the encryption device act as a USB HID keyboard on a regular PC and sending simulated keystrokes. The encrypted data is encoded in a simple text format that is human-verifiable. This interface style prevents the encryption device from transmitting any data off the device outside of the HID compliant driver. The video below introduces the team and describes the usage in more detail:
Before needing to send a private message:
- Use the dedicated hardware key generator to populate two SD cards with identical one-time pad keys
- Keep one copy of the key for your self and give the other copy to the message recipient
To send a message:
- Type a message on the encryption device using the software keyboard
- Choose the appropriate encryption key from an SD card to encrypt the message. You would choose a key that you pre-exchanged with the message recipient.
- The encryption device encrypts the message using that key
- Start composing an email to the message recipient on your PC and have the cursor active in the message compose window
- Plug in the encryption device via USB and click send to have the encrypted message typed into your email. Your encrypted message will be typed into your email message by the encryption device sending keystrokes.
- Send the email on the PC
To receive a message:
- Open the email containing the encrypted message on your PC
- Point the encryption device’s camera at the encrypted message and take a picture of the encrypted message
- The encryption device performs optical character recognition (OCR) and interprets the data
- Choose an appropriate key from an SD card to decrypt the message. You would choose a key that you pre-exchanged with the message sender.
- The encryption device decrypts the message using that key
- You read the message displayed on the encryption...