Ritik Kumar

🌜
🌞

NpChat

*This is a mirror to the content posted on

NpChat, a Multimedia Sharing Application over NDN

an NDN based multimedia sharing app

In a cyber universe dominated by giants like Google and Facebook, our everyday internet travels often lead to their massive servers. From E-commerce to Social Media and Web Streaming, it’s a giant corporation’s world, and we’re just browsing in it. But here’s the catch - our precious user data gets stored and played by their rules, often buried in the terms of service we hastily agree to.

But what if there’s another way? NpChat steps in as a practical, experimental alternative - a decentralized, end-to-end encrypted social multimedia app. No glorification, just a straightforward exploration into the possibilities of a more secure, user-centric design. Are you ready for a digital shift that puts control back in your hands? Let’s delve into the practicalities. 🚀🌐💻

NpChat (from NDN+ Snapchat) is an Android application that allows users to capture and share multimedia with friends in a secure and fully decentralised way, while still giving users complete control over their data. It is based on Named Data Network, a proposed evolution of the IP architecture that uses data-names(identifiers) as a kind of address and not just IP addresses. NDN aims to change the network fundamentally from end to end communication to content-based, wherein, not only IP address but also the data identifier and only the identifier can also be used to exchange information. More on NDN

NpChat

As NpChat is based on NDN, many of its concepts are blended into the app. As such, it may require further clarification of the idea.

As the Network layer is different in NDN and IP, it requires specially designed libraries and technologies to work with. NDN has a lot of support libraries written in different languages actively developed to support application development. As NpChat is developed for Android, it uses java library jNDN and some C++ libraries via the native interface. To connect to an NDN network, it uses NFD (an android app to use NDN over IP network). This daemon is required for NpChat to work and send/receive messages.

Let’s get into the working of the app

Initialising

The app on it’s initialising does the following stuff:

  • Ensure NFD is installed and running in the background
  • Initialize Psync library using JNI and native code. More on Psync (partial state synchronisation protocol for NDN can be found here.
  • Initialise the Psync partial producer. Register syncPrefix in NFD and sets internal filters for “sync” and “hello” under Prefix. Also, provide the prefixes available to synchronise
  • Initialise consumer manager and add consumer for each friend. Send a hello interest according to the Psync protocol and wait for the hello reply to synchronise further.
  • Make a new NDN Face
  • Make new AndroidSqlite3Pib object to help with SQLite for using PIB NDN to store public keys
  • Make new TpmBackEndFile object to store and access private keys and provide its location to AndroidSqlite3Pib object
  • Make a new KeyChain object to help provide a set of interfaces to the security library
  • Fetch/generate the pub key for the user namespace in the app using the keychain object and store the PIB key and related identity and certificates.
  • Set the signing information for the face using the keychain and the generated certificate for the name
  • Set up the custom memory cache object to help serve data to interests after it’s not in the cache (like after app restart).
  • Register names to NFD for receiving and responding to incoming interests for data. Interests may be of data, file, cert, friends, network-discovery, discover, etc. While others are for the general exchange of data and certificates, network-discovery is used to find out other instances of NpChat and publish our namespace address to them.
  • Start network discovery using NFD multicast discovery, NSD (DNS-SD), and send network-discovery get and establish named routes to other users.
  • Call processEvents on a separate network thread and loop it continuously.

With these things set up, the user can now interact with the app and send and receive media. But before doing that, he has to make friends.

Friends

Akin to the real world, making friends on NpChat also requires trust among the two parties. Trust in this context is the acceptance and verification of the signed data from the other party. This means that we accept the public key to be of that particular user. The acceptance of this public key involves various trust models as proposed and implemented in the app.

During the process of making friends (or building trust), they exchange their public keys. Once two users accept their friendship, they issue certificates to each other by signing the new friend’s key. The certificate is designed to certify the user to own a namespace (in this case, for the app).

So the main problem in a non-centralised app like this is to get suggested potential friends-list so that we can add new friends. Without a central list of available users, this is a rather challenging job. So, to discover and trust new users to be a new friend, the app uses:

  1. Physical certificate exchange through QR exchange
  2. Mutual Friend’s friend list: User can share his list of trusted friends with their friends so a user can have a list of potential friends
  3. Domain: A user can easily trust and find other users from the same organisation, part of their namespace

Media Sharing

Taking another look in the feed based sharing, it is evident that a user subscribes to friends feed. Once a friend publishes a piece of information, it is published to all his friend (who has subscribed to his feed). NpChat uses partial sync mode in PSync to realise this pub-sub functionality. Psync is designed to inform the consumers of a new piece of data produced. The friend can then request the producer (in the form of interest) to get that data back. Also, while logging into the app, a user can sync his state with that of the producer. This will get the latest data from him.

Access Control

A user in NpChat may share a piece of data with a particular user or a group of user he wants to. Unless we encrypt the data, every user on NDN can access it, given he knows its unique name. This possesses a significant challenge to privacy. So to allow only a certain number of people to access a particular data, NpChat uses both Asymmetric and Symmetric key encryption.

As mentioned above, NpChat user stores the public keys of his friend upon adding him as a friend. The data to be sent is encrypted using a symmetric key (content key). To send the data, NpChat sends SyncData (metadata) to all the friend through Psync. This SyncData is itself encrypted by the selected friend’s public key. Upon receiving this information, each recipient in the set of authorised friends fetches both the filename and the encrypted content key, decrypts the content key and then decrypts the data using the content key. Even if an unauthorised friend retrieves the encrypted data, he/she will not be able to decrypt the content key and thus cannot decrypt the data.

For more and detailed description of the app, head over to the reference paper and the code repository.

Reference

Way Ahead

As of now, NFD is available on the play store, and NpChat is almost ready to be released. The source code of the app is available under GNU GPL v3.0 here. The primary work is done, and the app can be used to share data in a local network. Some of the considerable work left, for the app to be done effectively are:

  • Improving the user interface
  • Connecting with the NDN Testbed
  • Managing Groups
  • Enhancing user discovery
  • Handling edge cases

among others. More information on this can be found here.

read more...