Aabhas Sao | Ockam Routing & Messaging Protocols In TypeScript

[aabhas-sao]

Hi, I am Aabhas Sao. I am a pre-final undergrad student of Industrial Design from NIT Rourkela. I am passionate about tech, software, computer science.

Secure communication is crucial. I never knew that the current paradigm of communication between systems is vulnerable. I am amazed by what Ockam is trying to do.

I have worked on games (using Unity), web apps, backend apps, android apps(flutter) in the past. I am interested in web development, more on the backend side. I have experience using technologies like HTML, CSS, JavaScript, TypeScript, React.js, Next.js, Node.js, Express, Passport.js, OAuth 2.0, Firebase, AWS EC2.

I'm also familiar with basic Data Structures and Algorithms. I'm also into competitive programming (beginner). Honestly, I have never used rust before. But I'm excited to learn rust.

Looking forward to learning new things and working under the Ockam team's guidance under externship.

[aabhas-sao]

Learnings from Build End-to-End Encrypted and Secure Messaging Channels

Link to orignal guide

Modern applications are complex. The messages sent by one application to another application may travel through many endpoints and not just a single point to point. It is possible that a system between sender and receiver can modify the data. This creates a huge security risk.

In this sample app we have tried to make the messages between sender and receiver are:

• not modified and complete (integrity, availability)
• sent by the right person (authentication)
• allowed to send messages (authorization)

We can achieve this through end-to-end encryption and methods exposed by Ockam to create secure channels.

Basic Components

Node

It is the environment in which workers can execute.

Workers

These are stateful components that are the main actors. I think the abstraction of workers has simplified the API.
Workers can spawn other workers, handle messages, send messages, have an identifier (address).

Routing Messages

It is the object which contains the main data and parameters on how to transmit the data.

Transport

The medium through which the routing messages travel.

Working and code

The example tutorial demonstrates how to create end-to-end encryption using Ockam between two users/entities.

// examples/bob.rs
use ockam::{Context, Entity, Result, TrustEveryonePolicy, Vault};
use ockam::{RemoteForwarder, Routed, TcpTransport, Worker, TCP};

struct Echoer;

// Define an Echoer worker that prints any message it receives and
// echoes it back on its return route.
#[ockam::worker]
impl Worker for Echoer {
    type Context = Context;
    type Message = String;

    async fn handle_message(&mut self, ctx: &mut Context, msg: Routed<String>) -> Result<()> {
        println!("\n[✓] Address: {}, Received: {}", ctx.address(), msg);

        // Echo the message body back on its return_route.
        ctx.send(msg.return_route(), msg.body()).await
    }
}

#[ockam::node]
async fn main(ctx: Context) -> Result<()> {
    // Initialize the TCP Transport.
    TcpTransport::create(&ctx).await?;

    // Create a Vault to safely store secret keys for Bob.
    let vault = Vault::create(&ctx).await?;

    // Create an Entity to represent Bob.
    let mut bob = Entity::create(&ctx, &vault).await?;

    // Create a secure channel listener for Bob that will wait for requests to
    // initiate an Authenticated Key Exchange.
    bob.create_secure_channel_listener("listener", TrustEveryonePolicy)
        .await?;

    // The computer that is running this program is likely within a private network and
    // not accessible over the internet.
    //
    // To allow Alice and others to initiate an end-to-end secure channel with this program
    // we connect with 1.node.ockam.network:4000 as a TCP client and ask the forwarding
    // service on that node to create a forwarder for us.
    //
    // All messages that arrive at that forwarding address will be sent to this program
    // using the TCP connection we created as a client.
    let node_in_hub = (TCP, "1.node.ockam.network:4000");
    let forwarder = RemoteForwarder::create(&ctx, node_in_hub, "listener").await?;
    println!("\n[✓] RemoteForwarder was created on the node at: 1.node.ockam.network:4000");
    println!("Forwarding address for Bob is:");
    println!("{}", forwarder.remote_address());

    // Start a worker, of type Echoer, at address "echoer".
    // This worker will echo back every message it receives, along its return route.
    ctx.start_worker("echoer", Echoer).await?;

    // We won't call ctx.stop() here, this program will run until you stop it with Ctrl-C
    Ok(())
}

Echoer is a custom worker which prints the messages received by Bob and echoes it back. Secret keys are stored in the vault and transport used here is TCP. Other transport types can also be selected.

bob.create_secure_channel_listener("listener",TrustEveryonePolicy).await?;

The above snippet establishes one end of the secure channel. Alice can connect to this channel to create a secure connection.

    let node_in_hub = (TCP, "1.node.ockam.network:4000");
    let forwarder = RemoteForwarder::create(&ctx, node_in_hub, "listener").await?;

The above snippet taken from Bob.rs creates ockam node worker which can forward a message to Bob which cannot directly connect to the external network.

// examples/alice.rs
use ockam::{route, Context, Entity, Result, TrustEveryonePolicy, Vault};
use ockam::{TcpTransport, TCP};
use std::io;

#[ockam::node]
async fn main(mut ctx: Context) -> Result<()> {
    // Initialize the TCP Transport.
    TcpTransport::create(&ctx).await?;

    // Create a Vault to safely store secret keys for Alice.
    let vault = Vault::create(&ctx).await?;

    // Create an Entity to represent Alice.
    let mut alice = Entity::create(&ctx, &vault).await?;

    // This program expects that Bob has setup a forwarding address,
    // for his secure channel listener, on the Ockam node at 1.node.ockam.network:4000.
    //
    // From standard input, read this forwarding address for Bob's secure channel listener.
    println!("\nEnter the forwarding address for Bob: ");
    let mut address = String::new();
    io::stdin().read_line(&mut address).expect("Error reading from stdin.");
    let forwarding_address = address.trim();

    // Combine the tcp address of the node and the forwarding_address to get a route
    // to Bob's secure channel listener.
    let route_to_bob_listener = route![(TCP, "1.node.ockam.network:4000"), forwarding_address];

    // As Alice, connect to Bob's secure channel listener, and perform an
    // Authenticated Key Exchange to establish an encrypted secure channel with Bob.
    let channel = alice
        .create_secure_channel(route_to_bob_listener, TrustEveryonePolicy)
        .await?;

    println!("\n[✓] End-to-end encrypted secure channel was established.\n");

    loop {
        // Read a message from standard input.
        println!("Type a message for Bob's echoer:");
        let mut message = String::new();
        io::stdin().read_line(&mut message).expect("Error reading from stdin.");
        let message = message.trim();

        // Send the provided message, through the channel, to Bob's echoer.
        ctx.send(route![channel.clone(), "echoer"], message.to_string()).await?;

        // Wait to receive an echo and print it.
        let reply = ctx.receive::<String>().await?;
        println!("Alice received an echo: {}\n", reply); // should print "Hello Ockam!"
    }

    // This program will keep running until you stop it with Ctrl-C
}

Alice can use the forward address provided by Bob and use that address to create a route.

let channel = alice.create_secure_channel(route_to_bob_listener, TrustEveryonePolicy).await?;

This snippet helps in creating a secure connection between Alice and bob by passing the route to Bob as a parameter.

Now Alice can send messages that will get encrypted on Alice's side to a routing message and then again decoded to the original message on Bob's end.

The keys are shared mutually by Alice and Bob and no entity in between transport has access to those keys. The process of creating a secure connection between Alice and bob requires multiple handshakes. The routing message can not be modified by hop workers or workers between Alice and Bob. I am wondering how the secure connection established is guaranteed to be secure using cryptography.

In this example, both the entities were on a local network. I would like to explore more on how can we make end-to-end encrypted connections with devices connected to the internet. I think the only modification required for that might be to provide a remote address of a node.

[aabhas-sao]

Aabhas Sao
Github
Portfolio Site

Projects

Eklavya (Team Project)

source code
demo
apk
An application that provide Easy Access to Professional Guidance.
Technologies used: Flutter, Firebase, Cloudinary, Razorpay, Socket.io

I integrated the payment API of Razorpay and worked on the backend as well.

Learnings that can help me in the Ockam externship project

I have participated in a total of 7 hackathons with my friends. These participations have helped me get an experience of working in a team. I have also learned a lot from my teammates. It has also helped me get involved in the whole process of designing a solution. Thinking about the user needs, coming with a solution, planning it out, working on the project, managing priorities.

GameBasket

source code
live link
An e-commerce platform for electronics and games. I am currently working on this project and trying to add more features.
Technologies used: TypeScript, React.js, Next.js, Tailwind CSS, Firebase

Learnings that can help me in the Ockam externship project

I am using TypeScript in this project because TypeScript helps spot bugs early on. As the projects proposed are in TypeScript this experience will surely help me. I have a lot more to learn in TypeScript.

I tried to focus on writing modular code. I organized files via features rather than type. I did a setup of ESLint and prettier for linting and reducing bugs.

Personal Portfolio site

source code
live link

I learned new frameworks like Svelte and Astro to build my portfolio site. Astro is a framework that can help reduce unnecessary JavaScript in static sites like blogs. Less JavaScript means faster load times. I had an amazing experience using svelte and Astro. As these are new technologies there is less support but the community is growing.

Open Source Contributions

anitab-org

issue: #312
PR: #313

Hackodisha

issue: #41
PR: #43

Problem Solving Skills

leetcode
codechef

Learnings that can help me in the Ockam externship project

Knowledge of Data structures and algorithms is foundational. We can optimize for time or space complexity and choose tradeoffs that better suit the application's needs. It's better than having a faster algorithm than having a better computer. I have a lot to improve in this area.

[aabhas-sao]

Proposal

I have come up with a plan based on my understanding of the project.

Ockam Routing & Messaging Protocols in TypeScript

Routing and messaging protocols make transport between nodes and workers possible. Protocols are a set of rules to follow. An implementation in Rust exists. The task is to help expand to languages like TypeScript. Browsers are the most popular client devices on the internet. Implementations for different languages are important to create a complete ecosystem.

General Approach

My general approach would be to learn from the codebase, documentation, rust implementation. Learn about new skills that would be required to do the task. Coordinate with mentors to guide me in the right direction. Iterate over the suggestions made by mentors.

Timeline

Week	goals	description
1	community bonding	interact with community
2	code base	understanding the code base
3	architecture, mechanisms	developing deep understanding how things work under the hood
4	rust implementation	understand rust implementation for protocols
5	plan out code discussing with mentors	from all the insight collected plan out a strategy to write code in TypeScript
6	Pipe component	following documentation standards create pipe (unidirectional transport).
7	Channel Component	following documentation standards create channel (bidirectional transport).
8	Stream Component	following documentation standards create stream (transport with persistent storage)
9	Further improve code	improve core logic
10	Further improve code	tweak code style, modularity
12	Write Tests	write tests for long run mantainability and reliable behaviour of code

I have prepared the plan with a limited understanding. Upon discussion with mentors a better plan can be prepared.

The implementation might require some variations from rust as the runtime environment is completely different.
The plan contains some things in a linear fashion which might be better to do togethor (like writing code, tests, and improving it).

Time commitments

Other college lectures are ongoing (starting January) I don't have any other commitments during the externship period. So I would be adequately able to commit to the project.