# NCMB : Insurance and banking  This project aimed to develop a software that will be used by clients in order to access and manage relative information. Regarding this, this software has been developped in order to increase the security regarding the authenticity, the confidentiality and the data integrity of the exchanged messages. The communication between every stakeholders will be asymmetrically encrypted. Thanks to the mobile application, the access to the website will be secured according to the Two-Factor authentication. ## General Information The project has 3 main infrastructure components: a webserver with a website of the bank, a database server to store all the data and a client with a mobile app. The website and the mobile app enable the clients to perform 4 operations: get a credit card, make a bank transfer, buy stocks and take out a loan. ### Built With During the implementation of the project, as series of tools and technologies were used to fulfil separate tasks. First of all, the database was hosted by a [MySQL](https://www.mysql.com/) server, which is a database service. All the queries to the server were then also written in the MySQL language to access the database. Furthermore, a few Programming Languages have been used throughout the project. [Python](https://www.python.org/) was used to implement the mobile app, because of its useful libraries and ease of use. The most important library used in Python was certainly the [MySQL Connector for Python](https://dev.mysql.com/doc/connector-python/en/) to link the mobile app to the MySQL database. The connections from the webserver to the MySQL database were implemented using [php](https://www.php.net/) because of the built-in libraries that it offers. Finally, to create the website, the easiest tool to have popups and control the layout of the web page is [HTML CSS](https://www.w3schools.com/html/html_css.asp). ## Getting Started ### Prerequisites In order to rebuild the architecture in real life, the needed components are 2 routers (R1, R2), 2 servers (database, web application). For simplification purpose, the infrastruture can be rebuild using 5 virtual machines (VM) provided by the SEED Labs project: [SEEDUbuntu 20.04](https://seedsecuritylabs.org/labsetup.html) which are Linux 64-bit, Ubuntu 20.04 LTS machine dedicated for being 2 routers, 1 web server, 1 database server and a client ### Installing To set up the 5 VMs on VirtualBox, you can follow these [instructions](https://github.com/seed-labs/seed-labs/blob/master/manuals/vm/seedvm-manual.md). ##### R1 This first router should be configured with the following command : ``` # Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enp0s3: addresses: - 192.168.1.109/24 routes: - to: 192.168.0.0/24 via: 192.168.1.54 nameservers: addresses: [8.8.8.8, 8.8.4.4] enp0s8: dhcp4: yes nameservers: addresses: [8.8.8.8, 8.8.4.4] enp0s9: addresses: - 192.168.2.204/24 nameservers: addresses: [8.8.8.8, 8.8.4.4] ``` ``` sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -p tcp -d 192.168.1.62 -j ACCEPT sudo iptables -A FORWARD -p tcp --dport 3336 -s 192.168.2.72 -d 192.168.0.30 -j ACCEPT sudo iptables -A FORWARD -j REJECT ``` ##### R2 This second router should be configured with the following command : ``` # Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enp0s3: addresses: - 192.168.0.12/24 nameservers: addresses: [8.8.8.8, 8.8.4.4] enp0s8: addresses: - 192.168.1.54/24 routes: - to: 0.0.0.0/0 via: 192.168.1.109 nameservers: addresses: [8.8.8.8, 8.8.4.4] ``` ``` sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -p tcp --dport 3336 -s 192.168.1.62 -j ACCEPT sudo iptables -A FORWARD -p tcp --dport 3336 -s 192.168.2.72 -d 192.168.0.30 -j ACCEPT sudo iptables -A FORWARD -j REJECT ``` ##### Database The VM file /etc/netplan/01-network-manager-all.yaml should be configured as follows ``` # Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enp0s3: addresses: - 192.168.0.30/24 routes: - to: 0.0.0.0/0 via: 192.168.1.54 nameservers: addresses: [8.8.8.8, 8.8.4.4] ``` The database should be a mysql server installed with ``` sudo apt install mysql-server ``` and be started with ``` sudo systemctl start mysql.service ``` ##### Web application The VM file /etc/netplan/01-network-manager-all.yaml should be configured as follows ``` # Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enp0s3: addresses: - 192.168.1.62/24 routes: - to: 192.168.0.30 via: 192.168.1.54 - to: 0.0.0.0/0 via: 192.168.1.109 nameservers: addresses: [8.8.8.8, 8.8.4.4] ``` The web application should be a Apache2 server installed with ``` sudo apt install apache2 ``` and be started with ``` sudo systemctl status apache2 ``` The source code of the website that is included in the archive should be put in the /var/www/ folder. ##### Client The VM file /etc/netplan/01-network-manager-all.yaml should be configured as follows ``` # Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enp0s3: addresses: - 192.168.2.72/24 routes: - to: 0.0.0.0/0 via: 192.168.2.204 nameservers: addresses: [8.8.8.8, 8.8.4.4] ``` The client only needs to have the folder SIRS containing the `mobileapp.py` file as well as the encryption keys. ##### Mobile application To run the mobile app, a few commands are needed to first install the correct packages, those are: ``` pip install mysql-connector-python sudo apt-get install python3-tk ``` Afterwards, just running the line ``` python mobileapp.py ``` runs the mobile app. Then, the user should be asked its username and 6-digit password, as well as the account that this client wants to access. After the password is checked and that it is confirmed that this account belongs to the client, the mobile app opens and the client can make all sorts of actions. At the end, just clicking on "Exit the app" closes the program. ## Demo After a successful login on the website or the mobile app, you can perform 4 operations: get a credit card, make a bank transfer, buy stocks and take out a loan.  The connect page of the website  The home page of the website  The popup on the website to take out a loan  The home page of the mobile app  The popup on the mobile app to get a credit card  The popup on the mobile app to make a bank transfer ## Additional Information ### Authors * **Hadrien Nobels** - [HadrienNobels](https://github.com/HadrienNobels) * **Nicolas Cuveillier** - [nicolas-cuveillier](https://github.com/nicolas-cuveillier) * **Gilles de Waha** - [gillesdewaha](https://github.com/gillesdewaha) ### Acknowledgments * Thank you to Professor Miguel Pardal and Professor Ricardo Chaves for the lectures necessary for the implementation of our security systems. * Thank you to Afonso Gomes for the help during the lab classes and the weekly feedback on our progress.