Table of Contents
Terminus is a simple chatting service based on OTP encryption. The goal of the project is to create a chatting service that is theoretically "unbreakable" via the use of designated client devices (Raspberry Pi-s) called nodes. The core design principles are based on the assumption (correct or not) that all centralized servers are vulnerable when faced with a sufficiently motivated third party.
Terminus works by generating and sharing OTP keys between nodes in an exclusively airgapped fashion. All messages stored on the central server are encrypted with keys which only exist on the nodes themselves. As such, the server can be inherently unsecure as long as the physical security of the nodes is guaranteed.
No particular reason. This project was created mostly for personal entertainment and a learning experience. I don't intend to claim that this system is practical, necessary, or frankly, even all that secure. It's just a fun and different way to approach data security. I'll tell you a secret - I pirated my university textbooks (don't tell the police). Consider the following:
The design of the Terminus system is based on 3 core principles. They are as follows:
- The central server is inherently unsecure and should be treated as such in all aspects of system architecture.
- Any measures taken to protect the server against third parties are considered "extra", and should not be relied upon to protect sensitive data.
- The physical security of nodes is paramount to the system. The system architecture is built on the assumption that the physical security of nodes is infallible.
Essentially, the point is to shift the burden of data security from digital methods to physical ones. It's arguably a lot more difficult to steal a device from a locked vault than data from a server.
In Terminus, authentication exists to make sure that a device attempting to request or send data to the server is in fact an authorized node. This is handled via a hash challenge provided by the server to the client. Due to the fact that nodes are (besides requests to the server) airgapped and dedicated devices, using a hash challenge is appropriate and more secure than using a password.
Hashing is done using the SHA256 algorithm and each node has a device-specific hash salt which is randomly generated when a node is initialized. This hash is also stored on the server, which checks the hashed challenge data sent by a node to a hash which the server itself has calculated. This hash is exclusively used for authorization of nodes and nothing else.
The primary goal of authorization is not the safeguarding of sensitive data (this is handled by encryption) but rather maintaining data integrity. By only fulfilling requests from authorized devices, the sending of bogus data is prevented.
- README.MD style stolen from: https://github.com/ma-shamshiri/Pacman-Game (I'm bad at making pretty README-s)
- Terminus logo is generated via DALL-E 3.