tags:

views:

61

answers:

4
+2  Q: 

Securing an "open" web service without HTTPS or private shared key

I am producing a web service which will allow any third party "device" to communicate with it. Each device has a reasonably unusual string to identify itself and uses the web service to store data against this id. However, this allows someone who wishes to game the service to scan through and guess device ids and store malicious data against them.

The device itself using this web service is relatively "dumb" and doesn't offer a suitable interface for data entry, so a password or any form of entry on the client is not available.

As this web service is open for anyone who wishes to produce a device of this nature to use, I can't increase security with the use a private key as this would be publicly defined in a specification. Also due to the simplistic nature of the device and it's IP/HTTP stack, HTTPS is unsuitable for this implementation.

To the best of my knowledge I can't see a way of using a privately shared key in this operation. To this extent, I believe it be impossible to secure a system of this nature, but I am wondering if some other methods which I've yet to find may help me secure this system somewhat?

+1  A: 

You could try some simple challenge-response system, where the server sends a random string of bytes to the device. The device uses some known ID (ideally not the public one) and some hash like algorithm to produce a response.

This will only protect you from people without access to your devices, though.

jdv  2010-10-26 21:06:58
This would certainly be a possibility. There is an "ideal" use case that the device should "just work" out the box without the requirement to go to any form of input page on another machine to verify the communication beforehand. I'm quickly learning that the "ideal" use case and security are not necessarily the friendliest of neighbours...
andybee  2010-10-27 08:12:35
+1  A: 

Is there a reason you can't use a public/private key pair?

You could publish the server's public key with the specification, and require each device to generate a random public/private key pair for itself. The device could encrypt its public key with the server's public key and send it to the server. The server could use its private key to decrypt the device's public key, and then assume that nobody else could decrypt any message that the server encrypts using that public key. The server therefore registers that public key as the device's ID.

If you set up some kind of session, the server can retain the device's public key associated with that session. If not, some defined portion of any message sent from the device to the server must include the device's public key encrypted this way, so that the server can know which device sent the message.

Any message sent to the server will be encrypted with both the client's private key (so the server knows this device sent it) and the server's public key (so only the server can read it). Messages sent to the device will be encrypted with the server's private key (so the client knows the server sent it) and the client's public key (so only the client can read it). Only you know your private key, and only they know their private key, so everything's secure as long as you (and they) use good seeding and encryption algorithms.

Does that make sense?

StriplingWarrior  2010-10-26 21:17:24
I think I understand this (my memory of Network Security lectures from university are failing me spectacularly this week...) This method doesn't prevent MITM attacks as I could just replicate what another device is doing. Though, I'm realising, MITM protection is likely impossible in what I am trying to achieve.
andybee  2010-10-27 08:15:11
Actually, the man-in-the-middle will only ever see your public key. They can't even decrypt the client's public key without knowing your private key. Even if they knew the client's public key, they can't decrypt the messages the client sends because they won't have your private key, and they can't decrypt the messages you send because they won't have the client's private key. That's the beauty of public key cryptography.
StriplingWarrior  2010-10-27 15:39:13
The only real potential for a security hole would lie with the device manufacturers, since they could potentially set up the device to communicate with their own gateway, and serve as a man-in-the-middle. But it's unreasonable to expect to be able to protect clients from the manufacturer of their device. If you can assume the device manufacturer will follow your specs and use an good algorithm for generating unguessable seeds, this strategy will give you very good security.
StriplingWarrior  2010-10-27 15:47:39
Got it. Really wish I'd got more sleep to stay awake in those lectures... Thanks!
andybee  2010-10-28 10:32:09
There are some other issues to keep in mind. If someone captures an entire encrypted message and re-sends it, even if they don't know what it contains, you need to make sure it doesn't mess up your data. Also, many public-key systems just use the public keys for an initial handshake while they agree on a private key to use for the remainder of the session. Anyway, the point is that it is possible to have good security in the situation you describe: you just need to read a good book on it. :-)
StriplingWarrior  2010-10-28 15:47:03
A: 

If "guessing" device IDs is your only concern, make the device IDs unguessable? For instance, use the result of HMAC-SHA256 with a vendor-private key and serial number as the payload. Not even you would need a copy of the vendor's key.

That wouldn't be terribly useful though, as the device's network connection is probably sniffable thus its ID could be trivially captured over the wire. A secret key element must be present on the device, therefore. But this is where I get slightly confused - your concern over using a shared private key seems to be logistical, rather than whether the device can actually support it (implying that it does have some crypto) - yet you can't use HTTPS? What kind of limitations does the device have (memory/CPU/storage)?

SimonJ  2010-10-26 21:31:50
The implementation is likely to be a very simple "baked on" chip setup, the issue with HTTPS is not necessarily limited to resources but also complexity and cost. It's still standing up as the only reasonable option currently...
andybee  2010-10-27 13:12:47
A: 

Two things come to mind.

First, use a non-guessable device id. Something as simple as a base64 encoded guid would work.

Second you should require that the data being passed to your web service is encrypted using a public key. Your private key would then be required to decrypt the data.

This would ensure that even if they have a listener watching the data come across, they wouldn't be able to grab a different device id. Also, with a non-guessable ID they wouldn't be able to affect other device accounts.

Chris Lively  2010-10-26 22:13:54

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?