RE: [flexcoders] Re: localconnection data encrypted?
The most vulnerable part of using the ELS is after the data has been decrypted. It is then stored in memory in plain text until it is garbage collected. (Curious question - I wonder if strings are interned in AIR, if so, that could pose another security problem.) Strings are interned by the AVM in both the Player and AIR. So if you have highly sensitive character data and you're worried about memory scanning, you'd want to use an array of characters, and scramble the contents manually after you've used the value in order to render it illegible until the array is GCed. There's no perfect solution here, but this reduces the attack surface. Again, not a concern for most apps. Best, Seth -Original Message- From: Seth Hodgson Sent: Wednesday, January 28, 2009 3:36 PM To: 'flexcoders@yahoogroups.com' Subject: RE: [flexcoders] Re: localconnection data encrypted? Sorry - typo. That should have been: You _don't_ need to worry about encryption in this scenario. If you're worried about encrypting bytes sent over LocalConnections (just a block of shared memory on your local system), I'd assume you'd also need to be worried about those same values in the memory space used by the Player or AIR instances that are communicating via LocalConnections. Given the GC'ed nature of ActionScript, you don't have direct control over how long variables will stick around. So if there's a rogue process running locally that can scan and read anything in system memory, the values in Player/AIR memory space are just as vulnerable as values in the shared memory block used for LocalConnections. If that's the case, then you have bigger issues to worry about than encrypting what you're exchanging via LocalConnection, like getting good anti-virus software installed or something :) Best, Seth -Original Message- From: Seth Hodgson Sent: Wednesday, January 28, 2009 2:50 PM To: 'flexcoders@yahoogroups.com' Subject: RE: [flexcoders] Re: localconnection data encrypted? There's no network involved. More details here: http://greetingsfromoakland.blogspot.com/2008/11/zen-and-art-of-localconnection.html You need to worry about encryption in this scenario unless you're worried about other processes on the local machine trolling randomly through memory... What you likely do need to worry about are the gotchas mentioned in the blog post. Best, Seth From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Pete Appleby Sent: Wednesday, January 28, 2009 2:45 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: localconnection data encrypted? It would seem that there is a network connection being used, but I have not been able to find out for sure. The localconnection allows different versions of the Flash player to communicate via AMF0. This leads me to believe that the network is being used as opposed to a shared memory model. It would be nice to know for sure, but it is now a moot point for my applications. I have taken the time to implement RSA encryption in my communication classes so that the two AIR applications exchange public keys at the time of the first Send command. Once the handshaking of public keys has been completed, the future messages are encrypted and pushed out through the use of the Send method. The receiving app then decrypts the message using its private keys. I am storing the keys in the encrypted local store. That brings up the question of just how secure is the encrypted local store? Pete
[flexcoders] Re: localconnection data encrypted?
It would seem that there is a network connection being used, but I have not been able to find out for sure. The localconnection allows different versions of the Flash player to communicate via AMF0. This leads me to believe that the network is being used as opposed to a shared memory model. It would be nice to know for sure, but it is now a moot point for my applications. I have taken the time to implement RSA encryption in my communication classes so that the two AIR applications exchange public keys at the time of the first Send command. Once the handshaking of public keys has been completed, the future messages are encrypted and pushed out through the use of the Send method. The receiving app then decrypts the message using its private keys. I am storing the keys in the encrypted local store. That brings up the question of just how secure is the encrypted local store? Pete
RE: [flexcoders] Re: localconnection data encrypted?
There's no network involved. More details here: http://greetingsfromoakland.blogspot.com/2008/11/zen-and-art-of-localconnection.html You need to worry about encryption in this scenario unless you're worried about other processes on the local machine trolling randomly through memory... What you likely do need to worry about are the gotchas mentioned in the blog post. Best, Seth From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Pete Appleby Sent: Wednesday, January 28, 2009 2:45 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: localconnection data encrypted? It would seem that there is a network connection being used, but I have not been able to find out for sure. The localconnection allows different versions of the Flash player to communicate via AMF0. This leads me to believe that the network is being used as opposed to a shared memory model. It would be nice to know for sure, but it is now a moot point for my applications. I have taken the time to implement RSA encryption in my communication classes so that the two AIR applications exchange public keys at the time of the first Send command. Once the handshaking of public keys has been completed, the future messages are encrypted and pushed out through the use of the Send method. The receiving app then decrypts the message using its private keys. I am storing the keys in the encrypted local store. That brings up the question of just how secure is the encrypted local store? Pete
[flexcoders] Re: localconnection data encrypted?
Thanks for the info! I have not been able to find out much about this out there. I have implemented my localconnection between AIR apps like you describe, with Send and ack/nack from the receiving apps. This is all working great. I am passing data back and forth from one app to another. In my first case we have an order entry system. The second app is a financial calculator. I can push the info back and forth if needed to calculate the financing. Both apps can be used standalone, but it is great to have them working in tandem when needed. Since I was not able to find the answer, I have used the as3crypto library to implement RSA encryption. The two apps do a quick handshake of public keys at the beginning, then all remaining Sends are encrypted. The only weakness I can see in this is that I am using the Encrypted Local Store to save the RSA keys. I intend to use this same technique in communicating sensitive with back end web services. Which brings up the next question: How secure is the Encrypted Local Store? If someone can get the private key from there, it's all for nothing. Thanks! Pete
RE: [flexcoders] Re: localconnection data encrypted?
Sorry - typo. That should have been: You _don't_ need to worry about encryption in this scenario. If you're worried about encrypting bytes sent over LocalConnections (just a block of shared memory on your local system), I'd assume you'd also need to be worried about those same values in the memory space used by the Player or AIR instances that are communicating via LocalConnections. Given the GC'ed nature of ActionScript, you don't have direct control over how long variables will stick around. So if there's a rogue process running locally that can scan and read anything in system memory, the values in Player/AIR memory space are just as vulnerable as values in the shared memory block used for LocalConnections. If that's the case, then you have bigger issues to worry about than encrypting what you're exchanging via LocalConnection, like getting good anti-virus software installed or something :) Best, Seth -Original Message- From: Seth Hodgson Sent: Wednesday, January 28, 2009 2:50 PM To: 'flexcoders@yahoogroups.com' Subject: RE: [flexcoders] Re: localconnection data encrypted? There's no network involved. More details here: http://greetingsfromoakland.blogspot.com/2008/11/zen-and-art-of-localconnection.html You need to worry about encryption in this scenario unless you're worried about other processes on the local machine trolling randomly through memory... What you likely do need to worry about are the gotchas mentioned in the blog post. Best, Seth From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Pete Appleby Sent: Wednesday, January 28, 2009 2:45 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: localconnection data encrypted? It would seem that there is a network connection being used, but I have not been able to find out for sure. The localconnection allows different versions of the Flash player to communicate via AMF0. This leads me to believe that the network is being used as opposed to a shared memory model. It would be nice to know for sure, but it is now a moot point for my applications. I have taken the time to implement RSA encryption in my communication classes so that the two AIR applications exchange public keys at the time of the first Send command. Once the handshaking of public keys has been completed, the future messages are encrypted and pushed out through the use of the Send method. The receiving app then decrypts the message using its private keys. I am storing the keys in the encrypted local store. That brings up the question of just how secure is the encrypted local store? Pete
Re: [flexcoders] Re: localconnection data encrypted?
The only weakness I can see in this is that I am using the Encrypted Local Store to save the RSA keys. I intend to use this same technique in communicating sensitive with back end web services. Which brings up the next question: How secure is the Encrypted Local Store? If someone can get the private key from there, it's all for nothing. The Encrypted Local Store is just a wrapper around the operating system's, well, encrypted local store. On Windows, it's the DPAPI, and on the Mac, it's the keychain. No idea what it is on Linux. As for whether those APIs are vulnerable, well, if they were, it would be a pretty high priority bug for OS manufacturers given all kinds of even more secret things are stored in there. It is worth noting that those APIs depend on the security of the system and the user's password. On top of that, the AIR ELS implementation uses your app's cert as part of the key (as well as your app and publisher IDs), so only your app with your cert can access data you have encrypted. Any other app cannot access it (not quite sure what happens when your cert expires and you need to renew it). The most vulnerable part of using the ELS is after the data has been decrypted. It is then stored in memory in plain text until it is garbage collected. (Curious question - I wonder if strings are interned in AIR, if so, that could pose another security problem.) But like others have said, if memory scanning is a problem, the problem is bigger than AIR. Here's a bit of discussion on it - http://weblogs.macromedia.com/cantrell/archives/2007/12/encrypting_data.html
