CS298 Proposal
USB Key Profile Manager for Mozilla
Yun Zhou (yun.adelzhou@gmail.com)
Advisor: Dr. Chris Pollett
Committee Members: Dr. Melody Moh, Dr. Mark Stamp
Abstract:
USB (Universal Serial Bus) storage keys have been gaining popularity in
the recent years due to their advantages in terms of storage space,
physical size, portability, system support, I/O (input/ouput) speed, ease
of use and market price. Their increasing usage has drawn much attention
from both the hardware and the software engineering fields. The Mozilla
project is one of the software applications that are trying to make the
best use of USB keys. The Mozilla project is probably the largest open
source project in the software engineering world. Its popularity is one of
the reasons for the first decline of market share of Internet Explorer in
three years. The developers are now researching on a method to run an
entire Gecko Runtime Environment (GRE, Mozilla's browser engine) from a
USB drive. In this project, I will complete the implementation of the two
major features of the USB key profile manager of the Mozilla project. The
first feature is to register and unregister user!
profiles from USB (Universal Serial Bus) keys as transparently as
possible. This feature requires automatic profile detection on USB tokens
and registration with the existing Mozilla Profile Manager. The second
feature is to security, which includes user authentication and disk
encryption. This part will be implemented by calling Mozilla's Personal
Security Manager (PSM) and Network Security Services (NSS).
CS297 Results:
- Experimented with the read and write speed of a particular USB
key.
- Studied Mozilla's implementation of file operations.
- Studied the PSM and NSS components.
- Created a simple XPCOM component that automatically detects user
profiles on on mounted USB keys and register them with the existing
Mozilla Profile Manager.
Proposed Schedule
Week 1:
8/23 - 8/28 | Implement Deliverable 1 |
Week 2 & 3:
8/29 - 9/11 | Implement the user authorization and
authentication feature. |
Week 4 & 5:
9/12 - 9/25 | Implement the disk encryption and
decryption feature. |
Week 6 & 7:
9/26 - 10/9 | Performance test for encryption and
decryption; clean up the profile registration information. |
Week 8 & 9:
10/10 - 10/23 | Test and clean up the code. |
Week 10 & 11:
10/24 - 11/6 | Write report. |
Week 12:
11/7 - 11/13 | Submit the draft to the
committee. |
Week 13 & 14:
11/14 - 11/27 | Prepare the presentation. |
Week 15:
11/28 - 12/4 | Finalize the report and the
code. |
Week 16:
12/5 - 12/11 | Oral defense. |
Key Deliverables:
- Software
- Prompt for creating a profile if no profile exists, using Mozilla's
prompt service; catch profile change events and detect whether the target
profile is on a USB key.
- User authorization and authentication for using USB profiles by
storing the MD5 hash of the password.
- Disk encryption and decyption for USB profiles using Mozilla's NSS
component.
- Performance test result of encrypting and decrypting an entire profile
or a portion of a profile.
- Clean up the registration information to remove unwanted "footprints"
from the local disk.
- Report
- Code documentation.
- Final report.
- Presentation report.
Innovations and Challenges
- Mozilla is the biggest open source project with substantial
complexity. To understand the big picture of it and how the
components communicate with each is the biggest challenge.
- To write an XPCOM component that fits into Mozilla's model is another
challenge.
- The USB profile manager works by reacting to events generated by
Mozilla. I will implement it without changing any existing Mozilla code.
The benefit is that people who want to get this feature only need to
install the component instead of recompiling Mozilla. Figuring out what
types events are generated and how my component responds to those events
is a difficult task, because I didn't find any document that describes the
events in detail.
- It took me some effort to be able to automatically detect mounted USB
drives on Linux systems.
References:
[BC03] Understanding the Linux Kernel. D. P. Bovet, M. Cesati.
O'Reilly. 2003.
[CR04] "Network Security Services (NSS)". W. Chang, B. Relyea.
Retrieved on 4/2/04, from
http://www.mozilla.org/projects/security/pki/nss/.
[KPS02] Network Security: Private Communication in a Public World. C.
Kaufman, R. Perlman, M. Speciner. Prentice Hall. 2002.
[LDH04] "Personal Security Manager (NSS)". B. Lord, J. Delgadillo, T.
Hayes. Retrieved on 4/2/04, from
http://www.mozilla.org/projects/security/pki/psm/.
[M03] Rapid Application Development with Mozilla. Nigel Mcfarlane.
Prentice Hall. 2003.
[P01] "XPCOM". Rick Parrish. Retrieved on 4/2/04, from
http://www-106.ibm.com/developerworks/webservices/library/co-xpcom.html#h0.
[P99] "State-of-the-art ciphers for commercial applications".
Computers & Security. B. Preneel. 1999.
[S95] Applied Cryptography: Protocols, Algorithms and Source Code in
C. B. Schneier. Wiley. 1995.
[S99] Mozilla Source Code Guide. W. R. Stanek. Netscape Press. 1999.
[TO03] "Creating XPCOM Components". D. Turner, I. Oeschger. Retrieved
on 1/12/04, from http://www.mozilla.org/projects/xpcom/book/cxc/.
[01] "NSPR Reference". Retrieved on 4/2/04, from
http://www.mozilla.org/projects/nspr/reference/html/index.php.
|