Skip to main content

Introduction

What is tiCrypt Front-End?

The tiCrypt front-end is the UX and user-facing portion of the tiCrypt software.

The tiCrypt front-end contains three major user portions:

Vault Tab

The Vault tab provides the functionality required for ad-hoc sharing, secure file preview, group sharing, and other storage functionality. It is designed for users and researchers to transfer files securely into the system. The vault oversees current users, groups and projects and has the functionality of creating inboxes for external contributors (more about this in the tiCrypt mailboxes chapter).

Management Tab

The Management tab serves as permission control and management of the users. Here, admins can develop the user profiles and their teams, the workflow structure of the projects, and the virtual machine management as well as system back-ups. In tiCrypt, the management tab may be one of the most complex tabs due to its functionalities and effect on the system. Most of the admin work is taking place in the management tab.

tip

If you are a system admin, you may want to read 'Administrators Best Practices'

Virtual Machines Tab

The Virtual Machines tab allows users to start and manage VMs. Users spend most of their time in the virtual machine environment.

For the Users

Vault

Vault is tiCrypt's in-house file and directory management feature, that allows one to securely move files from one directory to next, share files with another tiCrypt user, given the different constraints of when a user can actually access a file's contents. Along with that, the vault also includes the functionality of Inbox, to help one dedicate a directory specifically for receiving purposes. The backbone underlying this feature is public key cryptography as data confinement is achieved using independent keys for each resource. The key management nightmare is avoided in tiCrypt through public key cryptography.

Virtual Machines

This is the heart of tiCrypt which allows secure computation by upholding security in mind first. It secures the VM right from the start and spins up a new image of the underlying OS each time not to carry over any chance of risk from the last execution. The access to VM is again PKI based; which allows the VM to be owned by users and not admins. Auditing allows this to be a reporting feature in its own concern; as every action is tracked as files move in and out of the VM and gives a clear history of what happened; allowing one to verify if required. VMs allow complete ownership to researchers as no tool/ mechanism restrictions are in place; rather all the security is upheld at tiCrypt level with no compromise to provide secure processing.

User Action Modals

These are the features that iterate what a user can do when it comes to navigating ownership and file management. In particular, User Action Modals is the collective term that encapsulates the different actions a user does. These allow one to deal with:

  • Drives: Create/ Manage drives mounted on to VM that are secured by powers of encryption
  • Forms: Create/ Manage forms and connect them to a project for it to be managed or viewed.
  • Groups: Allows to create a collective- to assist collaboration, a group per se for easy assignment to projects; and dealing with its users with given constraints
  • Mailbox: A bookkeeping feature to quickly navigate to inbox directories and exposes an access point to allow one to bring data in using web interfaces
  • Certifications: This is a place where one can relay restrictions as needed of a certain assessment to permit access to say a certain project. This modal iterates all the certifications a user has and allows one to manage their validity in tiCrypt here.
  • Permissions: This is the knowledge dump as to what actions one is authorized to do.
  • Tasks: This is like a view of recently completed/ running tasks- a modal essentially tracking the progress and relaying it to the user.
  • Profile Management: Place to edit and manage one's profile and look over the resource consumptions of the team with its limits

For the Admins

User Management

A feature that allows the administrators to manage users' team ownership and their authentication and authorization access to tiCrypt. It essentially allows an admin to grant users' activation status, and their belonging to the collaboration collectives like teams, projects. Permissions are used here as access control lists over the underlying PKI. All the actions for this feature aren't required to be done one at a time; but rather as bulk edits and that's a capability that tiCrypt provides.

Team Management

To allow for resource constraints on a collection of users, the idea of teams has been introduced in tiCrypt. This management is with the administrators- as it allows one to add/ remove users and edit to the concerned resource limits.

Project Management

To manage the trade-off between friction and ease of access; projects are the idea that allows resources to be tagged against them and then allow authorization to all the users in that. Essentially, a security tagging mechanism that allows for any type of resource, even drives or VMs to be protected, and only shared with other users who are part of that project. Once a resource or group has been tagged by a project label, the way it can be manipulated or accessed is significantly restricted.

Backups

As the name suggests, this feature allows admins to create a backup of collections of users/projects/teams specified by domains. This can be done incrementally or as a full backup; allowing for kind of a checkpoint mechanism, but again with the encryption at its root.

Escrow

All tiCrypt resources are encrypted under PKI. At its core, each user has a private key that can be used to decrypt the user's copy of the resource encryption key. Should a user lose their key, the data (files, messages, drives) is impossible to recover, just given the academic limits the encryption entails. In order to allow users to regain access to their data in case of key loss or to allow data access for law enforcement in extenuating circumstances, tiCrypt provides a sophisticated key-escrow mechanism that can recover a user's private key and thus re-establish access- and that's the Escrow mechanism. This is achieved by the idea of segregation of duties and posing a limit to one's admin power- essentially imposing increased friction to reduce the chance of any fraud.