Modular Shell Cryptography

Overview

Modular Shell Cryptography adds basic cryptographic functionality to the Windows Vista shell. Most notably, perhaps, it extends the Windows Contacts making secure communication and file transfers very simple and intuitive. Another design goal was to make it highly modular. The cryptographic functionality is contained in an independent library; the shell components and user interface elements access the cryptographic functionality strictly through abstract interfaces (system independent), and hence adding new cryptosystems, etc. to the shell is as simple as implementing the appropriate interface.

Student Research: Modular Shell Cryptography is intended to be a platform for various student research projects. As one can see from the description and demonstration below, even a simple implementation project can teach a student much about algorithms, cryptography and computational number theory, as well as the many subtleties that are required to bring the theory to life. Additionly, students will gain a wealth of practical skills in the areas of C++ programming, writing algorithms for parallel computing architectures, optimizing assembly on a modern micro-architecture, and network protocols to name a few. And of course the most pragmatic of students can also learn much about the API for a widely used operating system. Finally, in contrast to many implementation projects which result in a cumbersome text-based interface, students will have the satisfaction of producing something very usable, and of real practical value. Along the way, they'll likely gain appreciation for modular design and its benefits.

Demonstration

Generating Keys

Just go to the "New" menu in explorer and you'll now find an entry for creating a cryptographic key. After that, just follow the steps of the wizard... Watch the video.

Secure Messaging

Modular Shell Cryptography provides the option to embed cryptographic keys into Windows .contact files. (Note: only public keys can be embedded- if a private key is associated to a contact, this will only be done by reference.) Since public keys are embedded into the contact files, you can simply email your "This is Me" contact file to your friends they'll be able to securely send you messages. Sending secure messages can be done through the Windows Contacts, just by right clicking a contact file and hitting "Send Encrypted Message". The message will be sent to their default (or "Preferred" email address). SMTP is used to send mail, so you will need an account with a mail server somewhere. If you use Outlook, you can probably copy the SMTP settings from there. Watch the video.

Secure File Transfer

Alternatively, if you'd just like to send a few files along, this can be done directly through Windows Explorer. Just select the files you want to send, right click, and select "Encrypt and Send To". A list of recently used contacts will be displayed, as well as the option to browse. Watch the video.

Decrypting Messages

There's nothing to it. Just open the ciphertext file with explorer (e.g., double click). Modular Shell Cryptography will find the right decryption key for you and use it to decrypt your file. Then (as long as the decrypted file isn't an executable, batch file, etc.) it will furthermore open it with the default program. As simple as it is, here's a video anyway: Watch the video.

Hashing / Fingerprints

Modular Shell Cryptography also gives users convenient access to some commonly used hash functions. Well, at the moment, it provides access to the SHA family. (Note: this is the one spot which is not yet modular.) To display the hashes of a file, just right click it in Explorer and select "SHA Fingerprints-->View SHA Fingerprints". Also provided is a convenient way to compare fingerprints. If you copy a fingerprint to the clipboard, a second menu item will be enabled which will compare the fingerprint on the clipboard with that of the file. Watch the video.

Currently Available Cryptosystems

At the moment, there is only one, and it is based on the Paillier scheme (but considerably more efficient). In terms of implementation, it was written using a number theory library developed from scratch in C and assembly. Most of the x64 assembly routines for arithmetic are close (within a clock cycle) to the theoretical lower bounds for the Intel Core 2 microarchitecture, but should also perform quite well on an AMD. Furthermore, it is designed for parallel machines: encryption, decryption, and even key generation will use all available processors on the system.