SECUREIPC

A PROJECT

Submitted to

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERING
For the award of the degree of
BACHELOR OF TECHNOLOGY
IN
ELECTRONICS AND COMMUNICATION ENGINEERING
Under the supervision of
Ms Savita Yadav
By
Udit Kumar Agarwal
188/EC/15
Yogesh Kumar
205/EC/15
Vikrant Sherawat
198/EC/15

DEPARTMENT OF COMPUTER ENGINEERING

NETAJI SUBHAS INSTITUTE OF TECHNOLOGY
 SecureIPC using RSA
Udit Kumar Agarwal(188EC15), Yogesh Kumar(205EC15), Vikrant Sehrawat(198EC15)

Abstract

Inter-process communication (IPC) is a set of programming interfaces or API’s provided by the

OS that allow a programmer to coordinate activities among different program processes that can
run concurrently in an operating system in a distributed/lumped architecture. Distributed sys-
tems are now everywhere,starting from the telecommunication systems, which now offer access
to high speed Internet, to banking systems which are geographically spread and need to assure
that global availability.On each node, there are processes that are running and each process
must be authenticated before getting access to the resources of the system. Authentication is
defined by message content authentication, message origin authentication and general iden-
tity authentication. Message content authentication means checking that the composition of the
message hasn’t been changed. This projects proposes a server client model, for two processes
to exchange their data in an encrypted manner using RSA. Source of origin of the message is
verified by the encryption protocol itself.

Our approach

OpenSSL

OpenSSL is a software library for applications that secure communications over computer net-
works against eavesdropping or need to identify the party at the other end. It is widely used in
internet web servers, serving a majority of all web sites. OpenSSL contains an open-source im-
plementation of the SSL and TLS protocols. The core library, written in the C programming lan-
guage, implements basic cryptographic functions and provides various utility functions. Wrap-
pers allowing the use of the OpenSSL library in a variety of computer languages are available.

RSA

RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used
for secure data transmission. In such a cryptosystem, the encryption key is public and it is differ-
ent from the decryption key which is kept secret (private). In RSA, this asymmetry is based on
the practical difficulty of the factorization of the product of two large prime numbers, the "factor-
ing problem". The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi
Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. A user of RSA
creates and then publishes a public key based on two large prime numbers, along with an aux-
iliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt

EC319- SecureIPC using RSA Page 1

a message, but with currently published methods, and if the public key is large enough, only
someone with knowledge of the prime numbers can decode the message feasibly. Breaking
RSA encryption is known as the RSA problem. Whether it is as difficult as the factoring problem
remains an open question. RSA is a relatively slow algorithm, and because of this, it is less
commonly used to directly encrypt user data. More often, RSA passes encrypted shared keys
for symmetric key cryptography which in turn can perform bulk encryption-decryption operations
at much higher speed.

Inter Process Communication

A process can be of two types:

• Independent process.

• Co-operating process.

An independent process is not affected by the execution of other processes while a co-
operating process can be affected by other executing processes. Though one can think that
those processes, which are running independently, will execute very efficiently but in practical,
there are many situations when co-operative nature can be utilized for increasing computational
speed, convenience and modularity. Inter process communication (IPC) is a mechanism which
allows processes to communicate each other and synchronize their actions. The communication
between these processes can be seen as a method of co-operation between them. Processes
can communicate with each other using these two ways:

EC319- SecureIPC using RSA Page 2

 • Shared Memory

• Message passing

• FIFO

• Pipes

• Signals

BENEFITS OF ENCRYPTION

• It helps you move to the cloud

• When you’re on the keys you can easily decommission and deprivation.

• Helps you achieve secure multi tenancy in cloud.

• Preventing accidentally exposing of data.

• Secure Outsourcing licensing

Shared Memory Approach

Communication between processes using shared memory requires processes to share some
variable and it completely depends on how programmer will implement it. One way of com-
munication using shared memory can be imagined like this: Suppose process1 and process2
are executing simultaneously and they share some resources or use some information from
other process, process1 generate information about certain computations or resources being
used and keeps it as a record in shared memory. When process2 need to use the shared in-
formation, it will check in the record stored in shared memory and take note of the information
generated by process1 and act accordingly. Processes can use shared memory for extracting
information as a record from other process as well as for delivering any specific information to
other process.

PIPES and FIFOs

A pipe is a mechanism for inter-process communication; data written to the pipe by one process
can be read by another process. The data is handled in a first-in, first-out (FIFO) order. The
pipe has no name; it is created for one use and both ends must be inherited from the single
process which created the pipe.
A FIFO special file is similar to a pipe, but instead of being an anonymous, temporary con-
nection, a FIFO has a name or names like any other file. Processes open the FIFO by name in
order to communicate through it.
A pipe or FIFO has to be open at both ends simultaneously. If you read from a pipe or FIFO
file that doesn’t have any processes writing to it (perhaps because they have all closed the file,
or exited), the read returns end-of-file. Writing to a pipe or FIFO that doesn’t have a reading

EC319- SecureIPC using RSA Page 3

 process is treated as an error condition; it generates a SIGPIPE signal, and fails with error code
EPIPE if the signal is handled or blocked.
Neither pipes nor FIFO special files allow file positioning. Both reading and writing operations
happen sequentially; reading from the beginning of the file and writing at the end.

MUTEX

In computer programming a mutually exclusive object is a program object that allows multiple
program threats to share the same resource such as a file access but not simultaneously.

• When a program is started a mutex is created with a unique name.

• After this stage any thread that needs the resource must lock the mutex from the other
threads while it is using the resource.

• The MUTEX is set to unlock when the data is no longer needed.

Server side code

Listing 1: Server side code

1 #include <stdio.h>
2 #include <string.h>
3 #include <sys/shm.h>
4 #include <sys/stat.h>
5 #include <openssl/pem.h>
6 #include <openssl/ssl.h>

EC319- SecureIPC using RSA Page 4

7 #include <openssl/rsa.h>
8 #include <openssl/evp.h>
9 #include <openssl/bio.h>
10 #include <openssl/err.h>
11
12 int padding = RSA_PKCS1_PADDING;
13
14 RSA * createRSA(unsigned char * key,int public)
15 {
16 RSA *rsa= NULL;
17 BIO *keybio ;
18 keybio = BIO_new_mem_buf(key, -1);
19 if (keybio==NULL)
20 {
21 printf( "Failed to create key BIO");
22 return 0;
23 }
24 if(public)
25 {
26 rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
27 }
28 else
29 {
30 rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
31 }
32 if(rsa == NULL)
33 {
34 printf( "Failed to create RSA");
35 }
36 return rsa;
37 }
38
39 int public_encrypt(unsigned char * data,int data_len,unsigned char * key, ←-
unsigned char *encrypted)
40 {
41 RSA * rsa = createRSA(key,1);
42 int result = RSA_public_encrypt(data_len,data,encrypted,rsa,padding);
43 return result;
44 }
45
46 void printLastError(char *msg)
47 {
48 char * err = malloc(130);;
49 ERR_load_crypto_strings();
50 ERR_error_string(ERR_get_error(), err);
51 printf("%s ERROR: %s\n",msg, err);
52 free(err);

EC319- SecureIPC using RSA Page 5

53 }
54
55 void tostring(char str[], int num)
56 {
57 int i, rem, len = 0, n;
58 n = num;
59 while (n != 0)
60 {
61 len++;
62 n /= 10;
63 }
64 for (i = 0; i < len; i++)
65 {
66 rem = num % 10;
67 num = num / 10;
68 str[len - (i + 1)] = rem + ’0’;
69 }
70 str[len] = ’\0’;
71 }
72
73 int main ()
74 {
75
76 char plainText[2048/8] = "Hi this is me"; //key length : 2048
77
78 char publicKey[]="-----BEGIN PUBLIC KEY-----\n"\
79 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8Dbv8prpJ/0kKhlGeJY\n"\
80 "ozo2t60EG8L0561g13R29LvMR5hyvGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+\n"\
81 "vw1HocOAZtWK0z3r26uA8kQYOKX9Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQAp\n"\
82 "fc9jB9nTzphOgM4JiEYvlV8FLhg9yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68\n"\
83 "i6T4nNq7NWC+UNVjQHxNQMQMzU6lWCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoV\n"\
84 "PpY72+eVthKzpMeyHkBn7ciumk5qgLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUy\n"\
85 "wQIDAQAB\n"\
86 "-----END PUBLIC KEY-----\n";
87
88 char privateKey[] ="-----BEGIN RSA PRIVATE KEY-----\n"\
89 "MIIEowIBAAKCAQEAy8Dbv8prpJ/0kKhlGeJYozo2t60EG8L0561g13R29LvMR5hy\n"\
90 "vGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+vw1HocOAZtWK0z3r26uA8kQYOKX9\n"\
91 "Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQApfc9jB9nTzphOgM4JiEYvlV8FLhg9\n"\
92 "yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68i6T4nNq7NWC+UNVjQHxNQMQMzU6l\n"\
93 "WCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoVPpY72+eVthKzpMeyHkBn7ciumk5q\n"\
94 "gLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUywQIDAQABAoIBADhg1u1Mv1hAAlX8\n"\
95 "omz1Gn2f4AAW2aos2cM5UDCNw1SYmj+9SRIkaxjRsE/C4o9sw1oxrg1/z6kajV0e\n"\
96 "N/t008FdlVKHXAIYWF93JMoVvIpMmT8jft6AN/y3NMpivgt2inmmEJZYNioFJKZG\n"\
97 "X+/vKYvsVISZm2fw8NfnKvAQK55yu+GRWBZGOeS9K+LbYvOwcrjKhHz66m4bedKd\n"\
98 "gVAix6NE5iwmjNXktSQlJMCjbtdNXg/xo1/G4kG2p/MO1HLcKfe1N5FgBiXj3Qjl\n"\
99 "vgvjJZkh1as2KTgaPOBqZaP03738VnYg23ISyvfT/teArVGtxrmFP7939EvJFKpF\n"\

EC319- SecureIPC using RSA Page 6

100 "1wTxuDkCgYEA7t0DR37zt+dEJy+5vm7zSmN97VenwQJFWMiulkHGa0yU3lLasxxu\n"\
101 "m0oUtndIjenIvSx6t3Y+agK2F3EPbb0AZ5wZ1p1IXs4vktgeQwSSBdqcM8LZFDvZ\n"\
102 "uPboQnJoRdIkd62XnP5ekIEIBAfOp8v2wFpSfE7nNH2u4CpAXNSF9HsCgYEA2l8D\n"\
103 "JrDE5m9Kkn+J4l+AdGfeBL1igPF3DnuPoV67BpgiaAgI4h25UJzXiDKKoa706S0D\n"\
104 "4XB74zOLX11MaGPMIdhlG+SgeQfNoC5lE4ZWXNyESJH1SVgRGT9nBC2vtL6bxCVV\n"\
105 "WBkTeC5D6c/QXcai6yw6OYyNNdp0uznKURe1xvMCgYBVYYcEjWqMuAvyferFGV+5\n"\
106 "nWqr5gM+yJMFM2bEqupD/HHSLoeiMm2O8KIKvwSeRYzNohKTdZ7FwgZYxr8fGMoG\n"\
107 "PxQ1VK9DxCvZL4tRpVaU5Rmknud9hg9DQG6xIbgIDR+f79sb8QjYWmcFGc1SyWOA\n"\
108 "SkjlykZ2yt4xnqi3BfiD9QKBgGqLgRYXmXp1QoVIBRaWUi55nzHg1XbkWZqPXvz1\n"\
109 "I3uMLv1jLjJlHk3euKqTPmC05HoApKwSHeA0/gOBmg404xyAYJTDcCidTg6hlF96\n"\
110 "ZBja3xApZuxqM62F6dV4FQqzFX0WWhWp5n301N33r0qR6FumMKJzmVJ1TA8tmzEF\n"\
111 "yINRAoGBAJqioYs8rK6eXzA8ywYLjqTLu/yQSLBn/4ta36K8DyCoLNlNxSuox+A5\n"\
112 "w6z2vEfRVQDq4Hm4vBzjdi3QfYLNkTiTqLcvgWZ+eX44ogXtdTDO7c+GeMKWz4XX\n"\
113 "uJSUVL5+CVjKLjZEJ6Qc2WZLl94xSwL71E41H4YciVnSCQxVc4Jw\n"\
114 "-----END RSA PRIVATE KEY-----\n";
115
116 unsigned char encrypted[4098]={};
117 unsigned char decrypted[4098]={};
118 unsigned char key_size[100];
119
120 int encrypted_length= public_encrypt(plainText,strlen(plainText),←-
publicKey,encrypted);
121 if(encrypted_length == -1)
122 {
123 printLastError("Public Encrypt failed ");
124 exit(0);
125 }
126
127 tostring(key_size,encrypted_length);
128
129 key_t shm_key = 6166529;
130 const int shm_size = 1024;
131
132 int shm_id;
133 char* shmaddr, *ptr;
134 int next[2];
135
136 printf ("writer started.\n");
137
138 /* Allocate a shared memory segment. */
139 shm_id = shmget (shm_key, shm_size, IPC_CREAT | S_IRUSR | S_IWUSR);
140
141 /* Attach the shared memory segment. */
142 shmaddr = (char*) shmat (shm_id, 0, 0);
143
144 printf ("shared memory attached at address %p\n", shmaddr);
145

EC319- SecureIPC using RSA Page 7

146 /* Start to write data. */
147 ptr = shmaddr + sizeof (next);
148 next[0] = sprintf (ptr, "%s",privateKey) + 1;
149 ptr += next[0];
150 next[1] = sprintf (ptr, "%s",key_size) + 1;
151 ptr += next[1];
152 sprintf (ptr, "%s",encrypted);
153 memcpy(shmaddr, &next, sizeof (next));
154 printf ("writer ended.\n");
155
156 /*calling the other process*/
157 system("./client");
158
159 /* Detach the shared memory segment. */
160 shmdt (shmaddr);
161 /* Deallocate the shared memory segment.*/
162 shmctl (shm_id, IPC_RMID, 0);
163
164 return 0;
165 }

For encryption we can use padding, RSA_PKCS1_PADDING is one such padding mode.
createRSA function is used to prepare the RSA structure. The PEM functions read or write
structures in PEM format. In this sense PEM format is simply base64 encoded data surrounded
by header lines.The RSAPrivateKey functions process an RSA private key using an RSA struc-
ture. The write routines uses traditional format. The read routines handles the same formats as
the PrivateKey functions but an error occurs if the private key is not RSA. The RSAPublicKey
functions process an RSA public key using an RSA structure.

Client side code

Listing 2: Client side code.

1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <sys/shm.h>
4 #include <sys/stat.h>
5 #include <openssl/pem.h>
6 #include <openssl/ssl.h>
7 #include <openssl/rsa.h>
8 #include <openssl/evp.h>
9 #include <openssl/bio.h>
10 #include <openssl/err.h>
11 #include <math.h>

EC319- SecureIPC using RSA Page 8

12
13 int padding = RSA_PKCS1_PADDING;
14
15 RSA * createRSA(unsigned char * key,int public)
16 {
17 RSA *rsa= NULL;
18 BIO *keybio ;
19 keybio = BIO_new_mem_buf(key, -1);
20 if (keybio==NULL)
21 {
22 printf( "Failed to create key BIO");
23 return 0;
24 }
25 if(public)
26 {
27 rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
28 }
29 else
30 {
31 rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
32 }
33 if(rsa == NULL)
34 {
35 printf( "Failed to create RSA");
36 }
37 return rsa;
38 }
39
40 int private_decrypt(unsigned char * enc_data,int data_len,unsigned char * ←-
key, unsigned char *decrypted)
41 {
42 RSA * rsa = createRSA(key,0);
43 int result = RSA_private_decrypt(data_len,enc_data,decrypted,rsa,←-
padding);
44 return result;
45 }
46
47 void printLastError(char *msg)
48 {
49 char * err = malloc(130);;
50 ERR_load_crypto_strings();
51 ERR_error_string(ERR_get_error(), err);
52 printf("%s ERROR: %s\n",msg, err);
53 free(err);
54 }
55
56 int toint(char str[])

EC319- SecureIPC using RSA Page 9

57 {
58 int len = strlen(str);
59 int i, num = 0;
60 for (i = 0; i < len; i++)
61 {
62 num = num + ((str[len - (i + 1)] - ’0’) * pow(10, i));
63 }
64 return num;
65 }
66
67 int main ()
68 {
69
70 unsigned char encrypted[4098]={};
71 unsigned char decrypted[4098]={};
72 key_t shm_key = 6166529;
73 const int shm_size = 1024;
74
75 int shm_id;
76 char* shmaddr, *ptr;
77 char* shared_memory[3];
78 int *p;
79
80 /* Allocate a shared memory segment. */
81 shm_id = shmget (shm_key, shm_size, IPC_CREAT | S_IRUSR | S_IWUSR);
82
83 /* Attach the shared memory segment. */
84 shmaddr = (char*) shmat (shm_id, 0, 0);
85
86 printf ("shared memory attached at address %p\n", shmaddr);
87
88 /* Start to read data. */
89 p = (int *)shmaddr;
90 ptr = shmaddr + sizeof (int) * 2;
91 shared_memory[0] = ptr;
92 ptr += *p++;
93 shared_memory[1] = ptr;
94 ptr += *p;
95 shared_memory[2] = ptr;
96 printf ("Private key recieved= %s\n", shared_memory[0]);
97 printf ("Encrypted key length= %d\n", atoi(shared_memory[1]));
98 printf ("Encrypted msg=%s\n", shared_memory[2]);
99
100 int decrypted_length = private_decrypt(shared_memory[2],256,←-
shared_memory[0], decrypted);
101 if(decrypted_length == -1)
102 {

EC319- SecureIPC using RSA Page 10

103 printLastError("Private Decrypt failed ");
104 exit(0);
105 }
106 printf("Decrypted Text =%s\n",decrypted);
107
108 /* Detach the shared memory segment. */
109 shmdt (shmaddr);
110 return 0;
111 }

Both the programs can be compiled and executed via:

Listing 3: Compilation method

1 gcc client.c -o client -lrt -lcrypto -lm
2 gcc server.c -o server -lrt -lcrypto -lm
3 ./server

Result

Figure 1: Output

Figure 1 shows the result of execution of server code

Hence, The message is successfully encrypted, transferred and decrypted.

EC319- SecureIPC using RSA Page 11

 Conclusion

Securing IPC channels proves to be a largely beneficial idea in case of distributed systems.
For large networks like bit-coin mining farms with thousands of nodes around the world, our
approach of encrypting data transfer proves to be highly pragmatic. However, in case of lumped
systems like our personal computers with standard monolithic kernels deploying this scheme
proposes large overhead, due to importing of networking stack for each application. In that
case, our current IPC approach seems more practical.

References

Listing 4: References
1 http://www.jmeds.eu/index.php/jmeds/article/viewFile/←-
Secure_Inter_Process_Communication/jmeds_5_4_a_5
2 https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_bio_RSA_PUBKEY.html
3 https://whatis.techtarget.com/definition/interprocess-communication-IPC
4 https://www.geeksforgeeks.org/inter-process-communication/
5 https://www.geeksforgeeks.org/ipc-shared-memory/

EC319- SecureIPC using RSA Page 12