Chris Pollett > Students >
Yun
    ( Print View )

    [Bio]

    [Project Blog]

    [CS297Proposal]

    [Del1-PDF]

    [Del2-PDF]

    [SecuritySlides-PDF]

    [Del4]

    [CS297Report-PDF]

    [CS298Proposal]

    [CS298Final Source-ZIP]

    [CS297Presentation-PDF]

    [CS298Report-PDF] 

                          

























CS298 Proposal

USB Key Profile Manager for Mozilla

Yun Zhou (yun.adelzhou@gmail.com)

Advisor: Dr. Chris Pollett

Committee Members: Dr. Melody Moh, Dr. Mark Stamp

Abstract:

USB (Universal Serial Bus) storage keys have been gaining popularity in the recent years due to their advantages in terms of storage space, physical size, portability, system support, I/O (input/ouput) speed, ease of use and market price. Their increasing usage has drawn much attention from both the hardware and the software engineering fields. The Mozilla project is one of the software applications that are trying to make the best use of USB keys. The Mozilla project is probably the largest open source project in the software engineering world. Its popularity is one of the reasons for the first decline of market share of Internet Explorer in three years. The developers are now researching on a method to run an entire Gecko Runtime Environment (GRE, Mozilla's browser engine) from a USB drive. In this project, I will complete the implementation of the two major features of the USB key profile manager of the Mozilla project. The first feature is to register and unregister user! profiles from USB (Universal Serial Bus) keys as transparently as possible. This feature requires automatic profile detection on USB tokens and registration with the existing Mozilla Profile Manager. The second feature is to security, which includes user authentication and disk encryption. This part will be implemented by calling Mozilla's Personal Security Manager (PSM) and Network Security Services (NSS).

CS297 Results:

  • Experimented with the read and write speed of a particular USB key.
  • Studied Mozilla's implementation of file operations.
  • Studied the PSM and NSS components.
  • Created a simple XPCOM component that automatically detects user profiles on on mounted USB keys and register them with the existing Mozilla Profile Manager.

Proposed Schedule

Week 1: 8/23 - 8/28Implement Deliverable 1
Week 2 & 3: 8/29 - 9/11Implement the user authorization and authentication feature.
Week 4 & 5: 9/12 - 9/25Implement the disk encryption and decryption feature.
Week 6 & 7: 9/26 - 10/9Performance test for encryption and decryption; clean up the profile registration information.
Week 8 & 9: 10/10 - 10/23Test and clean up the code.
Week 10 & 11: 10/24 - 11/6Write report.
Week 12: 11/7 - 11/13Submit the draft to the committee.
Week 13 & 14: 11/14 - 11/27Prepare the presentation.
Week 15: 11/28 - 12/4Finalize the report and the code.
Week 16: 12/5 - 12/11Oral defense.

Key Deliverables:

  • Software
    • Prompt for creating a profile if no profile exists, using Mozilla's prompt service; catch profile change events and detect whether the target profile is on a USB key.
    • User authorization and authentication for using USB profiles by storing the MD5 hash of the password.
    • Disk encryption and decyption for USB profiles using Mozilla's NSS component.
    • Performance test result of encrypting and decrypting an entire profile or a portion of a profile.
    • Clean up the registration information to remove unwanted "footprints" from the local disk.
  • Report
    • Code documentation.
    • Final report.
    • Presentation report.

Innovations and Challenges

  • Mozilla is the biggest open source project with substantial complexity. To understand the big picture of it and how the components communicate with each is the biggest challenge.
  • To write an XPCOM component that fits into Mozilla's model is another challenge.
  • The USB profile manager works by reacting to events generated by Mozilla. I will implement it without changing any existing Mozilla code. The benefit is that people who want to get this feature only need to install the component instead of recompiling Mozilla. Figuring out what types events are generated and how my component responds to those events is a difficult task, because I didn't find any document that describes the events in detail.
  • It took me some effort to be able to automatically detect mounted USB drives on Linux systems.

References:

[BC03] Understanding the Linux Kernel. D. P. Bovet, M. Cesati. O'Reilly. 2003.

[CR04] "Network Security Services (NSS)". W. Chang, B. Relyea. Retrieved on 4/2/04, from http://www.mozilla.org/projects/security/pki/nss/.

[KPS02] Network Security: Private Communication in a Public World. C. Kaufman, R. Perlman, M. Speciner. Prentice Hall. 2002.

[LDH04] "Personal Security Manager (NSS)". B. Lord, J. Delgadillo, T. Hayes. Retrieved on 4/2/04, from http://www.mozilla.org/projects/security/pki/psm/.

[M03] Rapid Application Development with Mozilla. Nigel Mcfarlane. Prentice Hall. 2003.

[P01] "XPCOM". Rick Parrish. Retrieved on 4/2/04, from http://www-106.ibm.com/developerworks/webservices/library/co-xpcom.html#h0.

[P99] "State-of-the-art ciphers for commercial applications". Computers & Security. B. Preneel. 1999.

[S95] Applied Cryptography: Protocols, Algorithms and Source Code in C. B. Schneier. Wiley. 1995.

[S99] Mozilla Source Code Guide. W. R. Stanek. Netscape Press. 1999.

[TO03] "Creating XPCOM Components". D. Turner, I. Oeschger. Retrieved on 1/12/04, from http://www.mozilla.org/projects/xpcom/book/cxc/.

[01] "NSPR Reference". Retrieved on 4/2/04, from http://www.mozilla.org/projects/nspr/reference/html/index.php.