Jun 2023, 6-min read

SentinelGuard

Flutter NestJS PostgreSQL Public Key Encryption
Image 1Image 2Image 3

Background

So, it was my first summer break at NUS when I heard about AML/CFT Hackathon held by the Central Bank of Malaysia. The goal is to develop a solution to prevent monetary frauds and scams, and even money laundering.

That sounded really interesting to me as this is a real-world problem that I could potentially solve. Initially, I was a bit hesitant to join as I was not sure if I had the bandwidth to commit. I was interning at CVWO and working on another part-time project for NUS libraries. But, I decided to give it a shot anyway. What’s the worst that could happen?

The Problem

So I did some brainstorming and do some research. I eventually found out that the most common type of fraud is impersonation scam. This is where the scammer impersonates as a bank officer and tricks the victim to eventually transferring money to the scammer’s account.

Apparently, this is a real problem in Malaysia - RM 3.3 Billion was lost to this kinds of scam in 2017 to 2021. We are talking about people’s life savings here, oftentimes from elderlies who are simply not tech-savvy enough. It is unfair to these people and it is a problem that I deeply care about.

The Solution

I believe the root cause of this problem boils down to human behavior. The scammers are able to trick the user into believing them simply because they are able to impersonate in a very compelling way: the use of traditional methods of communication such as phone calls and SMS, which are easily spoofable. Yes, I know, it is commonly known that these are the very common ways of scamming. But, the problem is that humans behaviors are hard to change. Most users are simply confused whether these messages are legitimate or not.

So, my solution aims to streamline the communication between banks and customers. The idea is to have a single app that the user can use to communicate with the bank. This app will be the only legitimate way of communication between the bank and the user.

After fiddling with ChatGPT, I have decided to call this project SentinelGuard.

The Implementation

The solution consists of 2 parts: the mobile app and the backend server.

I have considered using React Native for the mobile app as I have already had some experience with React. However, after some research, I have decided to use Flutter due to the following reasons:

  1. Flutter has a library called SecureStorage that allows me store sensitive data such as the user’s private key securely on any platform. This is critical as I have always envisioned the app to be encrypted end-to-end. I could not find an alternative to this on React Native at the time.

  2. This is a good opportunity to pick up a new technology! (Despite the fact that I only have less than 10 days to complete the project 😅)

For the backend server, I have decided to use NestJS as I think it will be a good opportunity to pick up a new framework. (Again, that’s despite the fact that I only have less than 10 days to complete the project 😅)

For end-to-end encryption, I decided to use the Cryptography library. This library provides a simple API to perform X25519 Diffie-Hellman key exchange. This is a key exchange protocol that allows 2 parties to derive a shared secret key from their private keys. This shared secret key can then be used to encrypt and decrypt messages between the 2 parties.

The Demo

Here’s a demo of the app running on iOS simulator:

Demo

  1. The user will be prompted to create a new account. The user will be asked to enter their name, email, and password.

  2. Upon logging in, a new key pair will be created automatically. The private key will be stored securely in the device’s storage. The public key will be sent to the server.

  3. The user can then add a bank using the bank’s communication ID. The communication ID is a unique identifier that is assigned to each bank. The user can get the communication ID from the bank’s website.

  4. A communication ID is created for each bank-user pair, and the user has to provide their communication ID to the bank. The bank will then use this communication ID to send messages to the user.

  5. The user can then receive the messages from the bank. The messages are encrypted end-to-end, so only the user and bank can decrypt the messages, and no one else, not even us.

  6. The user can delete the bank if they no longer want to receive messages from the bank.

The Result

Despite the fact that I only had less than 10 days to complete the project, I was able to complete the project within the deadline, all while juggling with my internship and another part-time project. I also learned a lot of new things along the way, such as Flutter and NestJS, and also public key encryption.

In the end, to my surprise, I was awarded the 1st prize for the hackathon! This is first time I have joined a hackathon, and I am really glad that I have decided to give it a shot.

The Future

This project is in a tough spot right now. The main problem lies in the project being quite disruptive to the current banking system. It is not easy to convince the banks to adopt this solution. Hence, this project must be backed by a regulatory body in order to be successful, such as the Central Bank of Malaysia.

Some Reflections

Other than all the technical stuff, I also learned a lot of other things from this project:

  1. Good solutions are not always the most technically advanced ones. Sometimes, the best solutions are the simplest ones that solve the problem in the most straightforward way. On the surface, this project may seem like a simple chat app with very simple CRUD operations. But, it is solving a serious problem that requires attention. After all, the goal of creating something is to solve a well-defined problem, not to show off technical skills.

  2. Sometimes, you just have to take the leap of faith. I was hesitant to join the hackathon at first, but I decided to give it a shot anyway. And, I am glad that I did.

  3. I learned how to work under pressure. I was able to complete the project within the deadline despite the fact that I was juggling with my internship and another part-time project. I was able to sacrifice my social life and entertainment time to focus on the project. This is possible as I was really passionate about learning new things and creating something that can potentially solve a real-world problem, a problem that I deeply care about.

The Code

The code for this project is available on GitHub.

  1. Mobile App
  2. Backend Server