Application giúp bảo mật thông tin trên ổ cloud, thesis của Cao Khắc Lê Duy và Lê Sử Trường Giang.......................................................................................................
ACKNOWLEDGEMENTS We wish to express our sincere thanks to the faculty of Information Technology at University of Science for providing us with all the necessary facilities not only for the thesis but also for our whole university life with the faculty We are profoundly grateful to Dr Thai-Son TRAN for his expert, thoroughly guidance and his continuous encouragement throughout the process of this project to see that the project rights its target since its commencement to its completion Those words may not contain all our gratefulness to his belief in our ability, but by all our heart, we wish he would always have a good health and an infinite passion to continue to inspire the next and next student generation as well as have more and more great researches to make the world better and better This is also an opportunity for us to express heartfelt gratitude to all of the Teachers and staff of the Advance Program in Computer Science who helped us directly or indirectly during the journey of university as well as during the thesis project Besides, we also wants to give our special appreciation to all professors and instructors who have convey to us the precious knowledge which is definitely the most important preparation for us at the entrance of our career in the enormous world of computer science No one has no friend, especially in the time of university, so we want to give our thanks to all friends, all senior students who have gone through the happiness, the sadness, and even all kinds of difficult situation together with us We wish them would always find the success in any thing they desire to Last but not least, we simply just want to express the gratefulness from the bottom of our heart to our parents , who have always been beside us, taken care of us, given us the very first important lessons about life since the day we saw this world LE SU TRUONG GIANG & CAO KHAC LE DUY i TABLE OF CONTENTS TABLE OF CONTENTS ii LIST OF FIGURES iv ABSTRACT vi Introduction 1.1 Objective and Scope 1.2 Brief description 1.2.1 Device-based Encryption 1.2.2 Authorization Mechanism 1.2.3 Backup Mechanism 1.2.4 Extendability 1.2.5 Files management 1.3 Related Works 4 7 Background 2.1 Server-side Development 2.1.1 Representational State Transfer 2.1.2 Python and Flask Framework 2.2 Client-side Development 2.2.1 Android and the basic knowledge 2.2.2 Client Cloud Drive APIs 2.2.3 Local Area Network (LAN) Server 2.2.4 ReactJS in Web Development 2.3 Cryptography 2.3.1 RSA Algorithm 2.3.2 Advanced Encryption Standard Algorithm 2.3.3 AES and RSA Combination 2.4 Multi-step Authentication 9 11 14 14 17 18 19 21 21 24 26 28 32 32 33 52 56 56 57 60 Methodology 3.1 Front-end Development 3.1.1 Android Mobile Application 3.1.2 Web Application 3.2 Device-based Cryptography 3.2.1 Unique and Non-unique Identifiers 3.2.2 Multiple Device 3.3 Authorization ii Results 63 Conclusions 69 Future Works 6.1 Platforms 6.2 Performance Optimization 6.3 Features Addition and Modification 6.4 UI/UX Refining 6.5 Satellite Application 71 71 71 72 73 73 APPENDICES 74 A Google and its Drive API 74 B Dropbox and its API 77 C Android Activity and Fragment Lifecycles 79 D React Componnent Lifecycle 80 REFERENCES 89 iii LIST OF FIGURES 1.1 The mobile OS market shares in Quarter of 2016 [1] 1.2 Shares of cloud drive service for SMBs.[2] 2.1 2.2 2.3 2.4 2.5 2.6 2.7 16-byte matrix of each plain-text block Bytes Substitution Step of each AES rounds Row Shifting Step of AES Columns Mixing Step of AES Key Addition Step of AES Combination of AES and RSA Multi-step Verification General Flow chart [3] 24 25 25 26 26 27 31 3.1 Credential Use Cases 3.2 Files Management Use Cases 3.3 Other Use Cases 3.4 Entrance to the application 3.5 OTP Interaction between root client and server 3.6 Main screen 3.7 Forms of Bottom Sheet used in the Main Screen 3.8 Other screens in the application 3.9 LAN Server Access Point 3.10General Context Relationship Diagram 3.11The Application Specific UI Components Structure 3.12Behind-the-scene Structure 3.13Decrypting and encrypting packets with SConnectInputStream and SConnectOutputStream 3.14Web Application Use Case 3.15Web Application Main Screen 3.16Web Application User Screen 3.17Device-based Encryption 3.18Device-based Decryption 34 35 36 38 39 40 43 44 46 47 48 50 52 53 54 55 58 59 4.1 File browser list and grid mode, otp display screen, loading lock screen 64 4.2 Demo navigation menu, profile screen, LAN Transferring IP Screen, Add new file and folder feature 65 4.3 Demo register screen, transferring task watching screen, bottom sheet menu, log-in screen 66 iv 4.4 Web Application Main Screen Demo 67 4.5 Web Application Dashboard User Profile Demo 67 4.6 Web Application Dashboard Devices Demo 68 C.1 Activity Lifecycle and Fragment Lifecycle [4] [5] 79 D.1 React Component Lifecycle [6] 80 v ABSTRACT Cloud Service has become an essential tool which tremendously supports business and individual to extend their storage usage With regard to overarching trends, the secure extent of such storage are most concerned for those that has confidential documents and resources stored in these cloud server Accordingly for Small and Medium Businesses (SMBs), as a way to optimally use the maximum amount of storage within a limited range of expenditure, one common storage will be used in order to store multiple files across employees The regard way of using cloud storage has posed a problem of securing hierarchically confidential files against some extent of jurisdiction Some of cloud services may implement ways to protect a particular files with password created by the administrator of the storage However, these may only be a temporary method to provide required security but not absolutely secure it In this project, the authors attempt to provide a solution for providing security in a common shared cloud storage based on the idea of device-based encryption As regards encryption, files will be encrypted using an identifier which can uniquely identify the only device that can decrypt or access the confidential information within Moreover, the authors implemented an application to offer a service with regarding encryption idea and advantageous flow to avoid losing data in such case that users lost their unique device Furthermore, two-factor authentication will be applied to authorize a new device to decrypt the encrypted files for further modification and display Beside that, the application also centralizes the cloud drive services used by an user, files can be accessed and managed across different cloud drives in just one application instead of installing multiple applications to utilize the services vi After considering the given time for the project and requirements from our own proposal, the authors decided to develop the applications on only two platforms: An android application for authentication, encryption, authorization as the root device and a website for deauthorizing the root device in case it is lost or disabled permanently, and for editing profile information The client mobile application plays the role of accessing files and providing a comfortable service for users to manage files Encryption process is only performed within the root device with the android platform running Keywords: unique identifier, device-based encryption, two-factor authentication, user-name and password authentication vii CHAPTER INTRODUCTION Chapter Introduction As an important development of technology, Cloud Service plays an essential role for business and individual which provide an advantageous solution for storing data in a greater extent without spending huge expenditure for hardware upgrading and maintenance Replacing the simplest solution of purchasing extended hard drives for storing and backing up the data, which is not yet mentioned with other bills for maintaining these hard drives and data at a fully-protected condition, Cloud Service is considered to be a reliable and affordable option for Small and Medium Businesses (SMBs) as its storage can be paid monthly or annually depends on the businesses’ factors Additional services and tools may be purchased along side with Cloud Service to build up a circulation or a work-flow restrained to the company’s policies and regulations Smaller companies may consider purchasing an appropriate pack of service for providing enough storage with smallest expenditure Not only reliable data backup solution is served, instant access from everywhere and simple file sharing or large file sender which email cannot accommodate are key factors to create overarching theme for SMBs The proposed application that we built is implemented initially on only two platforms as its purpose of providing extended method for data security Therefore, two platforms are enough for the application to show its capabilities of device-based security The authors implemented the client within Android OS platform which has the biggest share in the mobile operating system market, where the demo application can have wide test environment [7] In order to process authentication, authorization and backup mechanism for essential data key, we built a mid- 1.1 OBJECTIVE AND SCOPE CHAPTER INTRODUCTION Others : 0.4 Windows Phone : 0.3 iOS : 12.5 Windows Phone : 0.3 Others : 0.4 iOS : 12.5 Android : 86.8 Android iOS Windows Phone Others Android : 86.8 meta-chart.com Figure 1.1: The mobile OS market shares in Quarter of 2016 [1] dle server Python programming language together with Flask framework (this concept will be explained more in the section Background) , which has flexibility and amplification [8] 1.1 Objective and Scope The main problem lies in the sharing service of Cloud Services when comprehensive security for confidential data is not available in an advantageous way SMBs mostly purchase one storage only for multiple extent of purposes In regard to hierarchical storing purpose, it’s unable to protect data against invalid jurisdiction Additional tools for providing password to a particular folder or data may accommodate temporarily these requirements but not entirely secure the data due to human factors upon password-based protection as losing password or being brute forced Another matter is the pricing, cloud drive services 1.1 OBJECTIVE AND SCOPE CHAPTER INTRODUCTION only provide a limited space to free users, to gain more spaces for storing files, users have to purchase, so an economical solution in using cloud drive is using services of multiple providers However, in that case, users need to have the applications of those providers installed in the users’ devices, which leads to the decrease of devices’ free spaces as well as the inconvenience when managing files across the cloud drives From the observation above, the authors develop an idea of protecting data to avoid human factors which serve the regarding requirement from SMBs that is to limit the access to the device level On the other hand, the authors also attempt to implement multiple cloud drive services into one client application with extendability to more services and flexibility to changes or addition of functionality across services in the future In other words, the authors’ purpose is to build an application which not only puts users’ files into safe mode but also ease the way of managing files and lower the cost of consuming cloud drive spaces In order to secure data among shared cloud drive space hierarchically, we implemented an application for providing middle service to encrypt confidential data locally before storing these data back to the cloud The application featured the security with different approaches from regular authentication and encryption method to attempts to ease the way of using By applying state-of-the-art encryption method in combination with advanced key system and several additional feature, as well as utilizing the adaptability of third-party services (cloud drive services), we built a service to raise a more secured and more efficient solution for using cloud drives in order to meet common needs of SMB The application and proposed solution are based on some main concepts and requirements: device-based encryption, authorization mechanism, backup mechanism, extendability to more cloud services, files management ability APPENDIX A GOOGLE AND ITS DRIVE API Google Drive API currently has two types, one is Google Drive Android API and the other is Google Drive REST API Google Drive Android API has not been supported for Team Drives [71, Android], therefore the flexibility for the expansion in the future is not ensured, then Google Drive REST API is an appropriate choice for any projects (even Android) with multiple-programming-language supports including Java, of course Google Drive REST API has some main concepts and requirements to be adapted: • Preparation and Configs: For any projects in any programming languages, developers need to go to Developer Console page to add credential to Google API Project created on this page After that, a json file will be generated to be added to the developers’ project directory Some environments also require SHA key for the credential config step [71, REST] • Authorization: Because Google Drive can be accessed by users via Google Account system so, it is necessary to turn on Google Signin API in Developer console to handle this progress [71, REST] • Files and Folders: Actually, folder derives from file with file listing ability, so a folder can be considered as a file Google Drive manages files with Metadata - holding the file’s basic information, Permissions - restrict the access from users, Content - the raw file, Revisions - history of events taking place related to the file, Thumbnail - preview of the file’s content.[71, REST] • Team Drives: the space that owned by organization, where files can be accessed from members in that organization [71, REST] • Changes detecting: To detect the changes of a file, developers can manually make a request to Google Drive API to get the change logs of the file For the automation, a server or some cloud service needs to be involved to receive a POST request from Drive API, this 75 can be done by initially make a ’watch’ request to Drive API with necessary information This is also the feature that can be utilized to carry out file-sync action [71, REST] • File Searching: Drive REST API for Java client provides a mechanism to retrieve files based on some conditions about the file basic information, the permissions, and so on, which can be expressed in a query string with a simple syntax This functionality is also utilized to list files in a folder by giving it the condition about the parent folders [71, REST] Google Drive API latest version is v3, which have eliminated the duplicate functionalities and rename some fields for developers to understand better than the previous version APPENDIX B DROPBOX AND ITS API Appendix B Dropbox and its API Dropbox is a file storing service which provides multiple-platform applications to users to access and manage their files from anywhere at anytime Dropbox was established in 2007 by Drew Houston and Arash Ferdowsi, two MIT students[72] Dropbox has experienced an amazing growth in the number of users since the day its service was launched, and in 2016, it was reported that Dropbox is serving 500 million users around the world [72] Dropbox appears in most platforms from PC to Mobile: Microsoft Windows, Mac OS, Linux, Windows Phone, iOS and Android As the rapid development in the amount of users, Dropbox also has an API, supporting multiple-programming-language, to give third-party applications a manner to communicate with users’ files under their permissions in the Dropbox service, this is also away to serve users better [73] Diving into the Dropbox API, according to the authors, it is easier to implement to the application in comparison with Google Drive API especially in the Account Authentication step, one of the reasons is that Dropbox is a company centralized to cloud-storage service whereas Google Drive is just a branch of Google Services, by that way Google Drive API has to follow some specific rules and mechanisms of Google to adapt to the whole system and to the other services of Google Dropbox API provides to developers four main namespaces to communicate with Dropbox Service [73]: • auth: this is used for executing authorization operations such as getting access tokens, revoking access tokens 77 APPENDIX B DROPBOX AND ITS API • files: this is where developers can access to users’ files and folders when the users have already accepted the requested permissions • sharing: the namespace that the shared folders and shared links can be accessed and managed • paper: the namespace to manage documents and folders in Dropbox Paper Service • users: the namespace where developers can access users public information about their accounts 78 APPENDIX C ANDROID ACTIVITY AND FRAGMENT LIFECYCLES Appendix C Android Activity and Fragment Lifecycles Figure C.1: Activity Lifecycle and Fragment Lifecycle [4] [5] Left figure: activity life cycle Right figure: fragment lifecycle 79 APPENDIX D REACT COMPONNENT LIFECYCLE Appendix D React Componnent Lifecycle Figure D.1: React Component Lifecycle [6] 80 REFERENCES REFERENCES REFERENCES [1] IDC, “Smartphone market share,” 2016, last accessed on 2017-0627 [Online] Available: http://www.idc.com/promo/smartphonemarket-share/os [2] S Patrick, “Small business cloud storage trends in 2015,” 2015, last accessed on 2017-06-27 [Online] Available: https://clutch.co/cloud/resources/small-business-cloudstorage-trends-2015 [3] P Moore, “The difference between two-factor and twostep authentication,” 2014, last accessed on 2017-06-27 [Online] Available: https://paul.reviews/the-difference-betweentwo-factor-and-two-step-authentication/ [4] Google, “Android guide, activity,” 2017, last accessed on 2017-06-27 [Online] Available: https://developer.android.com/ guide/components/activities/index.html [5] ——, “Android guide, fragments,” 2017, last accessed on 2017-06-27 [Online] Available: https://developer.android.com/ guide/components/fragments.html [6] T McGinnis, “An introduction to life cycle events in react,” 2016, last accessed on 2017-06-27 [Online] Available: https://tylermcginnis.com/an-introduction-to-life-cycleevents-in-react-js/ [7] J Dunn, “There’s no hope of anyone catching up to android and ios,” 2017, last accessed on 2017-06-27 [Online] Avail- 81 REFERENCES REFERENCES able: http://www.businessinsider.com/smartphone-market-shareandroid-ios-windows-blackberry-2016-8 [8] E Z, “The best 10 python frameworks for web development,” last accessed on 2017-06-27 [Online] Available: https://www.linkedin.com/pulse/best-10-pythonframeworks-web-development-elyn-z-6059523132912394240 [9] N Drake, “Top 10 best cloud storage services of 2017,” 2017, last accessed on 2017-06-27 [Online] Available: http://www.techradar.com/news/top-10-best-cloud-storageservices-of-2017 [10] D Kelley, “Examining device-based authentication,” last accessed on 2017-06-27 [Online] Available: http://searchsecurity.techtarget.com/opinion/Examiningdevice-based-authentication [11] 5Dimes, “Device-based authentication service,” last accessed on 2017-06-27 [Online] Available: https://www.5dimes.eu/ authentication-service.html [12] S Daya, N Van Duy, K Eati, C Ferreira, D Glozic, V Gucer, M Gupta, S Joshi, V Lampkin, M Martins et al., Microservices from Theory to Practice: Creating Applications in IBM Bluemix Using the Microservices Approach IBM Redbooks, 2016 [Online] Available: https://books.google.com.vn/books?id=eOZyCgAAQBAJ [13] E Wilde and C Pautasso, REST: From Research to Practice, ser SpringerLink : Băucher Springer New York, 2011 [Online] Available: https://books.google.com.vn/books?id= NZgHIFJeZvcC [14] R Fielding, Architectural Styles and the Design of Network-based Software Architectures University of California, Irvine, 2000 82 REFERENCES [Online] Available: 1xN9NwAACAAJ REFERENCES https://books.google.com.vn/books?id= [15] J Guttag, Introduction to Computation and Programming Using Python: With Application to Understanding Data MIT Press, 2016 [Online] Available: https://books.google.com.vn/ books?id=KabKDAAAQBAJ [16] W McKinney, Python for Data Analysis, ser Oreilly and Associate Series O’Reilly Media, Incorporated, 2012 [Online] Available: https://books.google.com.vn/books?id= UWlo-c4WEpAC [17] S Holden and D Beazley, Python Web Programming, ser Landmark Series New Riders, 2002 [Online] Available: https://books.google.com.vn/books?id=NmkD220i9KsC [18] A Martelli, Python in a Nutshell, ser In a Nutshell (o’Reilly) Series O’Reilly, 2003 [Online] Available: https://books.google.com.vn/books?id=6TEcaEzA8N0C [19] C Ewing, “5 reasons why python is powerful enough for google,” Clutch, January 2014 [Online] Available: https://www.codefellows.org/blog/5-reasons-why-pythonis-powerful-enough-for-google/ [20] M Grinberg, Flask Web Development: Developing Web Applications with Python O’Reilly Media, 2014 [Online] Available: https://books.google.com.vn/books?id=5aNwAwAAQBAJ [21] D Phillips, Creating Apps in Kivy: Mobile with Python O’Reilly Media, 2014 [Online] Available: https://books.google.com.vn/ books?id=ROJRAwAAQBAJ 83 REFERENCES REFERENCES [22] K Das, “Introduction to flask,” last accessed on 2017-0627 [Online] Available: http://pymbook.readthedocs.io/en/latest/ flask.html [23] A Ronacher, “The python wsgi utility library,” last accessed on 2017-06-27 [Online] Available: http://werkzeug.pocoo.org/ [24] ——, “Template engine for python,” last accessed on 2017-06-27 [Online] Available: http://jinja.pocoo.org/ [25] L Richardson, M Amundsen, and S Ruby, RESTful Web APIs: Services for a Changing World O’Reilly Media, 2013 [Online] Available: https://books.google.com.vn/books?id= wWnGAAAAQBAJ [26] D Gourley and B Totty, HTTP: The Definitive Guide, ser Definitive Guides O’Reilly Media, Incorporated, 2002 [Online] Available: https://books.google.com.vn/books?id= 3EybAgAAQBAJ [27] FAUguy, “Google’s android os: Past, present, and future,” 2011, last accessed on 2017-06-27 [Online] Available: http://www.phonearena.com/news/Googles-Android-OSPast-Present-and-Future id21273 [28] Z Nakamura, Programming Android, 2nd Edition O’Reilly Media, Incorporated, 2012 [Online] Available: https: //books.google.com.vn/books?id=d JaAQAACAAJ [29] Google, “Introduction to android,” 2017, last accessed on 2017-06-27 [Online] Available: https://developer.android.com/ guide/index.html [30] ——, “Android guide, intent,” 2017, last accessed on 201706-27 [Online] Available: https://developer.android.com/guide/ components/intents-filters.html 84 REFERENCES REFERENCES [31] M Rouse, “What is a cloud drive?” 2017, last accessed on 2017-06-27 [Online] Available: http: //searchmobilecomputing.techtarget.com/definition/cloud-drive [32] W Maalej and M P Robillard, “Patterns of knowledge in api reference documentation,” IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, vol X, no Y, April 2012 [Online] Available: https://mast.informatik.uni-hamburg.de/wp-content/ uploads/2013/03/TSE-2012-04-0081.R2 Maalej.pdf [33] G Donahue, Network Warrior O’Reilly Media, Inc., 2007 [34] M Course, Exam 98-365 Windows Server Administration Fundamentals Wiley, 2016 [Online] Available: https: //books.google.com.vn/books?id=7OIargEACAAJ [35] M Bergljung, Alfresco Business Solutions, ser Community experience distilled Packt Publishing, 2011 [Online] Available: https://books.google.com.vn/books?id=WqZ7zzdCbxsC [36] T Reenskaug and J Coplien, “The dci architecture: A new vision of object-oriented programming,” Artima Developer, March 2009 [Online] Available: http://www.artima.com/articles/ dci vision.html [37] B Fisher, “How was the idea to develop react conceived and how many people worked on developing it and implementing it at facebook?” 2015, last accessed on 2017-06-27 [Online] Available: https://quora.com/How-was-the-idea-to-developReact-conceived-and-how-many-people-worked-on-developingit-and-implementing-it-at-Facebook [38] M Godlewski, “Why react? reasons we love it,” 2016, last accessed on 2017-06-27 [Online] Available: https: //blog.syncano.io/reactjs-reasons-why-part-1/ 85 REFERENCES REFERENCES [39] S Robbestad, ReactJS Blueprints Packt Publishing, 2016 [Online] Available: https://books.google.com.vn/books?id=SMqDQAAQBAJ [40] A Kurniawan, Nodejs Programming By Example PE Press, 2012, last accessed on 2017-06-27 [Online] Available: https: //books.google.com.vn/books?id=PT4UAgAAQBAJ [41] J Vepslinen, “Survivejs webpack from aprrentice to master,” 2015, last accessed on 2017-06-27 [Online] Available: https: //survivejs.com/webpack/appendices/comparison/ [42] D Shapiro, “Understanding component-based architecture,” 2016, last accessed on 2017-06-27 [Online] Available: https://medium.com/@dan.shapiro1210/understandingcomponent-based-architecture-3ff48ec0c238 [43] M Hinek, Cryptanalysis of RSA and Its Variants, ser Chapman & Hall/CRC Cryptography and Network Security Series CRC Press, 2009 [Online] Available: https://books.google.com.vn/ books?id=LAxAdqv1z7kC [44] A Das and C Madhavan, Public-key Cryptography: Theory and Practice Pearson Education, 2009 [Online] Available: https://books.google.com.vn/books?id=fzoiOeUf8fIC [45] R Smith, Elementary Information Security Jones & Bartlett Learning, 2011 [Online] Available: https: //books.google.com.vn/books?id=j39uAvxv6IMC [46] C Paar and J Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners Springer Berlin Heidelberg, 2009 [Online] Available: https://books.google.com.vn/books?id= f24wFELSzkoC 86 REFERENCES REFERENCES [47] V Spraul, How Software Works: The Magic Behind Encryption, CGI, Search Engines, and Other Everyday Technologies No Starch Press, 2015 [Online] Available: https://books.google.com.vn/books?id=fvSbCgAAQBAJ [48] I Bagad, Information Security Technical Publications, 2009 [Online] Available: https://books.google.com.vn/books?id= Ux7gMy-f6DEC [49] C S E Erds, Paul; Pomerance, Carmichael’s lambda function Acta Arithmetica, 1991 [50] R Mollin, Fundamental Number Theory with Applications, Second Edition, ser Discrete Mathematics and Its Applications CRC Press, 2008 [Online] Available: https://books.google.com.vn/books?id=u3IBcdhfaeEC [51] ——, RSA and Public-Key Cryptography, ser Discrete Mathematics and Its Applications CRC Press, 2002 [Online] Available: https://books.google.com.vn/books?id=owrOBQAAQBAJ [52] H Tipton and M Krause, Information Security Management Handbook, Sixth Edition Taylor & Francis, 2007 [Online] Available: https://books.google.com.vn/books?id= B0Lwc6ZEQhcC [53] H Dobbertin, V Rijmen, and A Sowa, Advanced Encryption Standard - AES: 4th International Conference, AES 2004, Bonn, Germany, May 10-12, 2004, Revised Selected and Invited Papers, ser Lecture Notes in Computer Science Springer, 2005 [Online] Available: https://books.google.com.vn/ books?id=iWnTwFGTCjgC [54] A Kahate, Cryptography and Network Security Tata McgrawHill Publishing Company Limited, 2003 [Online] Available: https://books.google.com.vn/books?id=SWbn3lBe2FcC 87 REFERENCES REFERENCES [55] R Mollin, An Introduction to Cryptography, Second Edition, ser Discrete Mathematics and Its Applications CRC Press, 2006 [Online] Available: https://books.google.com.vn/books?id= JNSOCgAAQBAJ [56] I Dubrawsky and J Faircloth, Security+ Study Guide Elsevier Science, 2007 [Online] Available: https://books.google.com.vn/ books?id=3YFwVj6 51IC [57] J Buntinx, “What is three-factor authentication?” last accessed on 2017-06-27 [Online] Available: //themerkle.com/what-is-three-factor-authentication/ 2017, https: [58] A Henry, “The difference between two-factor and two-step authentication,” 2016, last accessed on 2017-06-27 [Online] Available: http://lifehacker.com/the-difference-betweentwo-factor-and-two-step-authenti-1787159870 [59] M Rouse, “One-time password (otp),” 2013, last accessed on 2017-06-27 [Online] Available: http:// searchsecurity.techtarget.com/definition/one-time-password-OTP [60] Google, “Material design guide,” 2017, last accessed on 2017-06-27 [Online] Available: https://material.io [61] S Krug, Don’t Make Me Think, Revisited: A Common Sense Approach to Web Usability, ser Voices That Matter Pearson Education, 2013 [Online] Available: https://books.google.com.vn/books?id=QlduAgAAQBAJ [62] W Jackson, Pro Android UI Apress, 2014 [Online] Available: https://books.google.com.vn/books?id=J50QAwAAQBAJ [63] LordFokas, “Nanohttpd,” 2017, last accessed on 2017-06-27 [Online] Available: https://github.com/NanoHttpd/nanohttpd 88 REFERENCES REFERENCES [64] M Safyan, “Singleton anti-pattern,” 2017, last accessed on 201706-27 [Online] Available: https://www.michaelsafyan.com/tech/ design/patterns/singleton [65] G Inc., “Android developer document - build,” last accessed on 2017-07-02 [Online] Available: https://developer.android.com/ reference/android/os/Build.html [66] Google, “From the garage to the googleplex,” 2016, last accessed on 2017-06-27 [Online] Available: https://www.google.com/ intl/en/about/our-story/ [67] Alexa, “Google website rank,” 2017, last accessed on 2017-06-27 [Online] Available: http://www.alexa.com/siteinfo/google.com [68] B Womack, “Google rises after creating holding company called alphabet,” 2015, last accessed on 2017-06-27 [Online] Available: https://www.bloomberg.com/news/articles/2015-08-10/ google-to-adopt-new-holding-structure-under-name-alphabet[69] C Albanesius, “Why did google create alphabet?” last accessed on 2017-06-27 [Online] Available: //www.pcmag.com/article2/0,2817,2489387,00.asp 2015, https: [70] T T America, “Introduction to google drive,” 2016, last accessed on 2017-06-27 [Online] Available: http://techtalkamerica.com/ intro-google-drive/ [71] Google, “Google drive apis,” 2017, last accessed on 2017-06-27 [Online] Available: https://developers.google.com/drive/ [72] Dropbox, “Dropbox about,” 2017, last accessed on 2017-06-27 [Online] Available: https://www.dropbox.com/about [73] ——, “Dropbox developers,” 2017, last accessed on 2017-06-27 [Online] Available: https://www.dropbox.com/developers 89 ... CRYPTOGRAPHY 2.3.2 CHAPTER BACKGROUND Advanced Encryption Standard Algorithm Prior to Advanced Encryption Standard (AES), Data Encryption Standard (DES) was a well-used encryption standard as well as... Providers: this is a standard interface of Android operating system that provide a secured and official manner to access an application data as well as other applications data stored in the Android device... Further than ability to start another activity defined in the same application, an activity can also start the activity of another application by Intent with appropriate input An activity has a life