views:

38

answers:

2

Hello,

I've built a client-server system, where clients sign in to communicate securely with other clients through the server.

Here are the properties of my system:

-Client-server communication is SSL encrypted

-Client login details are stored as hashes securely with their salt on a database stored locally on the server

-On login, every client sends a session public key to be stored on the server, which other clients use to encrypt a symmetric key. The symmetric key is used for later message encryption to prevent server eavesdropping

-On chat initiation, fingerprint user authentication is used to ensure user is who he/she pretends to be. It is usually done through a phone call reading out the fingerprint, which is a SHA256 hash of both public keys split in two and XORed for convenience.

-MAC is sent along with every message

What would you suggest to improve this? What possible attacks could my server suffer?

Thanks

+2  A: 

It seems like you could still suffer from a Trojan client application, but what you really need to do is take a step back from the various security technologies. What does all this security protect? Who would like to break it? What would they do if they could break it? Answers to those questions will help you identify how the system might be attacked, and propose useful countermeasures.

Graham Lee
A: 

It looks like you are looking at this problem haphazardly - build a threat model of your design; and mitigations will come to you! Start here: http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx

Michael Howard-MSFT