EGEN5202 - Course Project - F24

Client-Server Architecture in Banking Systems

and
Literature Review on Security in Cloud Computing

GROUP NO: 14

Team Members:

• DIVYESH RATHOD (101329981)

• NISHANT KOTADIA (101335728)
Introduction

This project aims to design and implement a secure and fault-tolerant distributed banking
system using Python, replicating client-server architecture to enhance understanding of
security and fault tolerance fundamentals. By implementing algorithms such as RSA for
encryption, SSL/TLS for secure communication, and hashing techniques like SHA-512
for data integrity, the system will ensure robust security measures. Additionally, load
balancing will be utilized to enhance reliability and availability, simulating real-life scenarios
in critical infrastructure monitoring. This project focuses on applying theoretical knowledge
to practical challenges while also enhancing Python programming skills in network
programming, multithreading, and the use of security libraries.

Figure 1 Banking system Client server Architecture

Security and fault fault-tolerance strategies used

1. Client to Load Balancer (Confidentiality): The client communicates with the system
via MFA, ensuring confidentiality in data transmission.
2. Load Balancer to Web Servers (Availability - Fault Tolerance): The load balancer
distributes requests evenly across web servers, ensuring availability and fault tolerance.
3. Web Servers to Application Servers (Integrity - Data Verification): Web servers
forward verified requests to the application servers, enforcing data integrity.
4. Application Servers to Primary Database (Integrity - Encryption at Rest): Secure
data storage in the primary database, encrypted for integrity protection.
5. Primary Database to Database Replica (Availability - Data Synchronization): Raft
protocol synchronizes data to maintain consistent and available replicas.
6. Primary Database to Backup Server (Availability - Data Backup): Regular backups
ensure data availability for disaster recovery.
7. Disaster Recovery to Backup Server (Availability - Data Recovery): Monitors data
backups for quick recovery if necessary.
8. Web Servers to Monitoring (Integrity - Real-Time Monitoring): Real-time monitoring
tracks activity logs, supporting data integrity and threat detection.
9. Primary Database to Auto-Failover (Availability): Auto-failover reroutes requests to
replicas if the primary database fails.
10. Backup Server - Regular Data Backup (Availability): Routine data backups help
ensure continuity of service.
Research Plan

The increasing reliance on cloud computing necessitates secure and efficient methods for data
sharing and searchability over encrypted data. Traditional encryption schemes often face
challenges in balancing security, usability, and scalability, which underscores the importance
of exploring advanced cryptographic techniques. This research will focus on Encryption with
Equality Test (EET) mechanisms, specifically Identity-Based Encryption with Equality Test
(IBEET) [1], Group ID-Based Encryption with Equality Test (G-IBEET) [2][3], and Public-
Key Encryption with Multi-Ciphertext Equality Test (PKE-MET) [4]. These approaches aim
to facilitate secure searches and comparisons of ciphertexts without revealing plaintext,
addressing critical issues such as group-level authorization and resistance to insider attacks.

Preliminary Findings
Our preliminary literature review highlights significant advancements in encryption schemes
designed to enhance privacy-preserving data sharing and searchability. Research by Li et al.
(2019) introduced IBEET-FA, which enables equality tests across ciphertexts encrypted with
diKerent keys [1]. Ling et al. (2019, 2020) developed G-IBEET to support group-level comparisons,
focusing on eKicient group ID-based encryption with equality test mechanisms [2][3].
Additionally, Zhang et al. (2019) improved computational eKiciency with PKEET [5], while Susilo
et al. (2022) extended this work with PKE-MET, emphasizing greater flexibility in equality testing
[4]. Collectively, these advancements provide a foundation for exploring the potential of EET
mechanisms to improve secure data sharing and searchability in cloud environments.

Delving Deeper

To deepen our investigation into this topic, we will initiate a comprehensive literature analysis
to identify gaps in existing research and synthesize key findings. Following this, we will
conduct a comparative evaluation of the proposed encryption schemes to assess their
performance and effectiveness in real-world scenarios. We will also explore potential design
enhancements to address any identified limitations. This structured approach aims to contribute
valuable insights into advanced encryption techniques that can improve secure data sharing
and searchability in cloud computing, ultimately facilitating more effective and secure data
management practices.

Key References

[1] H. Li, X. Zhang, J. Li, Y. Shi, and W. Dai, "Authorized Equality Test on Identity-Based
Ciphertexts for Secret Data Sharing via Cloud Storage," IEEE Access, vol. 7, pp. 125270-
125282, 2019.

[2] Y. Ling, Z. Zhang, J. Zhang, and S. Zhang, "Group ID-Based Encryption with Equality
Test," in Proc. Australasian Conf. Information Security Privacy, Auckland, New Zealand,
2019, pp. 150-166.

[3] Y. Ling, Z. Zhang, J. Zhang, W. Liu, and W. Ma, "Efficient Group ID-Based Encryption
with Equality Test Against Insider Attack," Computer Law Journal, vol. 42, no. 2, pp. 210-
223, 2020.
[4] W. Susilo, R. Steinfeld, H. Wang, and D. Liu, "PKE-MET: Public-Key Encryption with
Multi-Ciphertext Equality Test in Cloud Computing," IEEE Trans. Cloud Comput., vol. 10,
no. 3, pp. 1287-1298, Jul.-Sep. 2022.

[5] K. Zhang, Y. Zheng, X. Wang, Z. Chen, and J. Zhou, "Efficient Public-Key Encryption
with Equality Test in the Standard Model," Theoretical Computer Science, vol. 803, pp. 88-
101, 2019.

Project Plan: Banking System Replication

Timeline: November 1, 2024 – November 14, 2024

Milestone 1: Front-End GUI Development

• Date: November 1 – 4, 2024

• Tasks:
o Design and implement the user interface using Python (Tkinter/PyQt).
o Ensure user-friendliness and intuitive navigation.
• Deliverables:
o Functional front-end GUI.

Milestone 2: Database Schema Design

• Date: November 5 – 7, 2024

• Tasks:
o Define the database schema using Prisma with CockroachDB.
o Implement role-based access control (RBAC).
• Deliverables:
o Documented database schema and RBAC implementation.

Milestone 3: Secure REST API Development

• Date: November 8 – 11, 2024

• Tasks:
o Develop RESTful API endpoints for authentication and transactions.
o Implement authentication with RSA, SHA-512, and JWT.
o Use SSL/TLS for secure communication.
• Deliverables:
o Functional and secure REST API with documented endpoints.

Milestone 4: Testing and Fault Tolerance Implementation

• Date: November 12 – 14, 2024

• Tasks:
o Conduct thorough testing of the GUI, database, and API.
o Implement fault tolerance strategies (e.g., load balancers, replicas).
o Perform security testing.
• Deliverables:
o A tested, polished banking system replication with implemented fault tolerance.