Inspiration
Privacy on the web has become a leading issue amongst politicians, tech companies, and even average consumers recently. The rise in concerns with who is monitoring communications or selling potentially sensitive information to whom forces many compromises in security. Our initial plan was to build an anonymizing network layer that could encrypt a user's traffic without the need of a specific browser or introducing highly limiting connection speeds. After considerable development, however, we decided to narrow our focus to a highly protected chat client, using the same cryptography engine but without an interface to the network protocols that gave us issues.
What it does
It allows two users to engage in a conversation over a peer to peer network that is virtually uncrackable (RSA encrypted salts for AES keys that expire within 5 minutes), allowing for an anonymized interaction.
How we built it
All built in Java, utilizing kryonet and crypto libraries
Challenges we ran into
As neither of us came into this hackathon with much network experience, setting out to build a viable alternative to Tor and i2p was a tad overambitious. We were using a custom built SOCKS proxy that could intercept and manipulate raw packets, but we ran into unforeseen issues in the systematic deletion of Clients before they could be used to return network data. We suspect that some operating system kernel trickery was to blame for this, but due to having not much time to debug, this was not confirmed.
Accomplishments that we're proud of
We have built a solid foundation for the project we originally set out to make, so with continued development (and a lot of traffic to StackOverflow) we can reach our initial goal. All of the logic still holds and the fact that at 4 am (after having dealt with SOCKS issues for the last few hours) we were able to narrow our scope and create a working product is an achievement in and of itself. By showing practical use of our product already in place, we can continue to build upon what we created here without getting heavily invested only to find it is not feasible.
What we learned
We learned quite a lot about how Java handles sockets and the balance between a usable (ie. not mind numbingly slow, constantly timing out) system and a completely secure one.
What's next for Scylla
A movement towards universal compatbility at either a SOCKS proxy level or HTTP/SSL proxy level would be explored again for sure -- that would make the system far more accessible to average users, and allow for organic growth in the size of the network.
Log in or sign up for Devpost to join the conversation.