Harbor Labs Internship

by Benjamin Salzberg

Posted on April 6, 2017

Harbor Labs

For a period of three weeks, I served as an Intern at Harbor Labs. I worked with both Michael Rushanan and Dr. Avi Rubin learning about information security and WebRTC.

In senior year at Beth Tfiloh High School, students have a chance to take part in an internship. I got in contact with Dr. Avi Rubin who allowed me to take part in an internship at his company Harbor Labs which takes part in information security. They deal with both legal issues and cryptography research.

I worked with Micheal Rushanan who provided me with a task to create a chat client utilizing WebRTC and encrypt the messages sent using the Stanford JavaScript crypto library (sjcl). I spent the first week learning about WebRTC and building a simple preliminary application which taught me a great deal about how WebRTC data channels work.

Once I began to understand WebRTC, I made use of other resources to build an application that allows for two browsers to connect as well as a node server. I then added to the application a data channel to allow for text (or chats) to travel through.

After succeeding with creating a data channel to communicate between two browsers, I began implementing AES encryption using the SJCL a crypto library, and the CBC block cipher mode of operation. This was difficult because the documentation for SJCL is lacking. However, the library does contain a vast number of test cases.

After successfully implementing symmetric AES encryption using CBC, I moved on to asymmetric encryption. This involved me learning how asymmetric encryption works. Each side generates both an ECDSA signing key pair and an ElGamal encryption key pair. I used these to encrypt the symmetric key. To do this, the initiator of a chat creates an AES session key and receives the other’s (non-initiator) ElGamal public key. I then had the initiator encrypt the AES key with the other's ElGamal public key.

The initiator, after encrypting the AES key, uses its private key to sign the encrypted key. It finally sends the signature, the encrypted key, and it's ECDSA public key. When the other receives this information, it first verifies the information with the received ECDSA key, then uses its elGamal private key to decrypt the AES key. This then allows the AES session key to be used for message encryption between the initiator and the other.

Ideally, I would not have to implement key generation between two unknown parties. Certificate authorities are trusted entities that can verify the identity of the imitator and other communicator.

I also worked with Mike Rushanan using Wireshark, a program that analyzes all network packets passing through a system. He taught me how several information systems and networking protocols work (e.g., TCP and UDP). We got to see the information each packet held and the information passed through my application.

Final Thoughts

I had an incredibly fun time at working with Mike Rushanan and Dr. Avi Rubin. I learned a great deal about wireless communication and encryption.