client side secure storage

Why Client Side Storage?Where to store?

How to store secure?Conclusion

Client Side Secure StorageScalability for free

Dominik Gatjens

Computer Science and MediaHochschule der Medien, Stuttgart

27. January 2012

Dominik Gatjens Client Side Secure Storage 1 of 24



Agenda

1 Why Client Side Storage?Sessions are a workaroundSessions scale very badScaling at no cost

2 Where to store?Client Side CapabilitiesTransmission PerformanceClient Side Scaling

3 How to store secure?Encrypt DataSignaturesMessage Authentication Codes

4 ConclusionConclusion




Sessions are a workaroundSessions scale very badScaling at no cost

Agenda









HTTP is stateless

”HTTP is a stateless protocol. A stateless protocol does notrequire the server to retain information or status about eachuser for the duration of multiple requests.”

– Wikipedia –





HTTP Sessions are a Workaround, arent they?

HTTP is build on a stateless approach

no connection indicatorwhen does a session start? when does it end?⇒ sessions can only be closed by timeout

Every open session consumes memory





Server Side State

Server

Memory

Session A

Session BSession C

Client D

Client C

Client B

Client A





Sessions scale very bad

No simple adding of machines

You have to guarantee that one user always lands on the samemachine

Or you have to implement a complex multi-machine sessionstorage





Scaling at no cost

Build your webserver like a webservice:

The client brings the data

The server application consists of several independet functions

Functions are without side effects

so you get an easy stateless webserver which you can simply upgradethrough adding machines




Client Side CapabilitiesTransmission PerformanceClient Side Scaling

Agenda









Client Side Capabilities

Cookies

RFC 2965: min. 20 Cookies a 4kb = 80kb pro DomainFirefox 2,3 and IE7 supports 50 cookies a 4kb = 200kbFlash-Cookies unlimited storage

HTML-Markup e.g.hidden fields

Javascript-RAM

HTML5 Storage





Transmission Performance

76 ms 82 ms 112 ms

145 ms

209 ms

297 ms

598 ms

935 ms

ms

100 ms

200 ms

300 ms

400 ms

500 ms

600 ms

700 ms

800 ms

900 ms

1000 ms

1 kB 2 kB 8 kB 16 kB 32 kB 128 kB 512 kB 1024 kB

Typical Roundtrip Times

100BaseT 1msWLAN 10msDSL-6000 40msDSL-2000 55msISDN 200ms





Client Side State

Server

Memory

Client D

Client CSession C

Client BSession B

Client ASession A

Session D





Client Side State

Server

Client Check integrity

Method

Method

Method

MethodState Data




Encrypt DataSignaturesMessage Authentication Codes

Agenda









Encrypt Data

Client can’t manipulate encrypted data without knowledge ofencryption-key

but Client can’t even read encrypted data without encryption-key

Security is the same as the use Encryption-Algorithm and Key





Signature

Don’t crypt data, just sign them

Most Webserver have SSL-Certificates

Use your private key to sign client-saveed data





Signature

1000 Samples with DSA

0

1

2

3

4

5

6

7

512 B 1 KB 4 KB 1MB

DSA Sign

DSA Verify

Complexity independentfrom Datasize

Verrification consumes a lotof CPU-Time





HMAC

HMAC = Keyed-Hash Message Authentication Codea cryptographic secure message authentication

hmac = H(K ⊕ opad,H(K ⊕ ipad, text))

K = Key

B = Blocksize

opad = 0x5C repeatedB times

ipad = 0x36 repeatedB times

Popular cryptographic functions are SHA1 and MD5





MD5 vs. SHA1

MD5 is faster than SHA1, isn’t it?

Digest Perfomance in MegaBytes per Second 1

Pentium P5 90MHz Power Mac 80MHz SPARC 4 110 MHzMD5 13.1 3.1 5.1SHA1 2.5 1.2 2.0

1Bob Baldwin, RSA Data Security Inc. (1996)Dominik Gatjens Client Side Secure Storage 19 of 24




HMAC Perfomance

1000 Samples with HMAC-SHA1 and HMAC-MD5

0

0,02

0,04

0,06

0,08

0,1

0,12

512 B 1 KB 4 KB 1MB

SHA-1

MD5





HMAC Perfomance

1000 Samples with HMAC-SHA1 and DSA

0

1

2

3

4

5

6

7

8

9

10

512 B 1 KB 4 KB 1MB

HMAC_SHA1

DSA Signatur




Conclusion

Agenda








Conclusion

Conclusion

Don’t store Information in the server session if there is any chancethat you have to scale

Compute HMAC-SHA1 over data that shouldn’t be alterted bythe client

If your Datasize is low use Cookies

If your Datasize is medium use Cookies but be sure they wont betransmitted with every request

If your Datasize is high youse signed HTML5-Storage or flashcookies

Cryptographic Client Side Storage as secure asHTTP-Sessions




Conclusion

The End

Keep your state less

Further questions or discussion? Contact me at:

E-Mail: [email protected]

Xing: http://xing.to/gaetjens


[email protected]

http://xing.to/gaetjens

client side secure storage

Business

conclusion client

state client

memory dominik gtjensa

secure storagescalability

secure storage13

workaround sessions

cost conclusionhttp

bad scaling