CloudServices/Notifications/Meetings/2011-03-03-Crypto

From MozillaWiki
Jump to navigation Jump to search

The goal of this meeting was to have a closer inspection of the push notification Crypto-system, as well as the security of the system as a whole.

Problems and Solutions

  • Problem: Can still infer where notifications are coming from using reverse DNS lookup
    • Solution: Users can run their own server if this is a serious concern
  • Problem: (Social Attack) Consider the following -- you are logged in to Facebook on a friend's computer. You leave the computer and your friend registers for notifications on their computer with you still signed in. Result: your friend now receives all notifications intended to be sent to you.
    • Solution: Recommend web apps keep track of subscriptions so users are made aware of them. Web apps can also use email confirmation if security is absolutely necessary.
  • Problem: Service providers (i.e. web apps) will want to be sure that decryption keys are securely stored on the client.
    • Solution: Seems to be more of an OS problem. Should use a keychain to store keys if available. If someone has access to your computer you're hosed anyway.

Recommendations

  • Use AES/HMAC to encourage adoption, as most encryption libraries support it
  • Try padding messages so it can't be deduced what type of notification you are receiving based on the size.
  • HMAC needs to verify the entire message, not just payload. Outermost JSON should have three fields: token, HMAC, and everything else.
  • On initial token exchange, web app should be able to specify a set of links (e.g. using a regex) that the client is allowed to follow-through via clicking (e.g. for Facebook they can route all links through "www.facebook.com/l/.*". This ensures that if someone does acquire a token that they can't send a phishing link to www.evilsite.com/phishy.

Unsolved Issues

Multiple users on a single client

  1. Alex can receive notifications from Gmail on his browser
  2. Alex "lends" his computer to Shane to check Shane's email; Shane logs in
  3. Gmail discovers that it can send notifications to Alex's browser about Shane's email and asks for this.
  4. How does Gmail know who is it sending notifications to?
    • Potential Solution: Have an anonymous mode that Alex can activate before lending his machine?

To Do

Schedule meetings with:

  • UX
Retrieved from "https://wiki.mozilla.org/index.php?title=CloudServices/Notifications/Meetings/2011-03-03-Crypto&oldid=288983"