Skip to content

freetom/CheaPhone-Server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 

Repository files navigation

CheaPhone-Server

Server for the CheaPhone android application

Cheaphone is also called BestOffer [original name] especially in the code.

Designed to work with GNU/Linux but I think could be easily adapted to Windows

Copyright 2014 Bortoli Tomas

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

The server of cheaphone must provide 2 basics services:
-Update market offers to clients that have old offers
-Translate mobile numbers into operators (exploiting TIM sms service at 456 number) and using an internal cache

This project make use of gammu [in form of CLI tool] to send sms through internet keys aka GSM/UMTS modems

The server implement cryptography and digital signature in network communications.
Property provided to the communication are: Secrecy, Authentication(of server) and Forward-Secrecy. RSA 2048-bit for key exchange, AES 256-bit for symmetric encryption and SHA1+RSA(2048-bit) for digital signature.
Any message from the server is signed and the client verifies it upon arrival; if the message sign isn't valid the connection is closed. Public key used to verify the digital signature made by the server is hardcoded in the client.
Any encrypted message from any [of the two] sources come with some random padding to enforce encryption
A mechanism of symmetric key caching is implemented into the system; to improve performances. It impplies that the same symmetric key is used for n consecutive days; without doing the key-exchange again. At the moment the limit is 4 days. Random padding of random length is added around each encrypted message; to limit KnownPlaintext attacks.

More details in the code

Important to run the server:
-You need to install the private key file with name "private.key.pkcs8" in the cwd of the server [pkcs8 encoding]
-The file of offers is needed with name "fileOfOffers" in server's cwd

openssl used to generate and encode RSA crypto keys

Server software developed by Bortoli Tomas in 2014

About

Server for the CheaPhone android application

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages