Host-proof hosting

Host-proof hosting

Host-proof hosting aims to solve the "trust problem" faced by web applications: although SSL may protect user data on the wire it provides no guarantee of the privacy of that information once it reaches the server on the other end of the wire. Or, as Richard Schwartz, who co-developed the ideas behind host-proof hosting put it, "with current technology, trust in web applications only extends as far as trust in whoever is hosting it". Therefore Schwartz proposed to host sensitive data in encrypted form, so that clients can only access and manipulate it by providing a passphrase which is never transmitted to the server. The server is limited to persisting and retrieving whatever encrypted data the browser sends it, and never actually accesses the sensitive data in its plain form. All encryption and decryption takes place inside the browser itself.

Ajax and browser-based cryptography

Schwartz publicly unveiled the host-proof hosting concept in the first half of 2005, several years after developing the concept with Michael D. Griffes and additional colleages at eVelocity Inc. At that time, the browser environment was too limited to support building a practical solution for host-proof hosting, and the eVelocity version was not brought to market.

In fact, host-proof hosting requires browser-based cryptography and, even if Javascript implementations of crypto functions have been around for years, Javascript alone can’t remember data between page loads. This causes an annoying issue since it forces the user to re-enter the passphrase each time. Java applets or Flash could provide some viable alternative to run crypto algorithms in the browser, but with several downsides.

Eventually Ajax made pure browser-based cryptography a reality since an application developed with Ajax techniques tends to not actually do page transitions, hence solving the problem of keeping a persistent key to perform crypto operations. Ajax gave a new boost to the development of web applications adopting the host-proof hosting paradigm. Most of these applications are online password managers such as [http://www.passlet.com Passlet] , [http://www.clipperz.com Clipperz] and [http://www.passpack.com PassPack] .

Workflow

Here's a likely flow of events for a typical web application that follows the host-proof hosting paradigm.

* User enters a pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable.
* User requests a list of some or all data belonging to him.
* For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. Thus, system is able to return a list of record IDs for this user.
* User selects one of the record IDs.
* System checks that this user ID is associated with the record ID, and returns the corresponding message content.
* Browser uses stored pass-phrase to decrypt the contents.

Risks

Script injection is the main threat to host-proof hosting. It weakens this application paradigm, but doesn't invalidate it altogether.While script injection is theoretically possible, it does require some skill on the host's part and is also detectable if you know what the code should and should not be doing.

In theory, there is an even stronger claim in favour of this approach. It might be possible to develop a general-purpose plugin precisely for detection of script injection. For a given application, such a plugin would have access to a certified copy of the source code. Then, it could monitor traffic and caution about any unexpected activity. If such a plugin could be developed, the only way for script injection to succeed would be a conspiracy between the host, the code certifier, and the plugin manufacturer.

References

* [http://ajaxpatterns.org/Host-Proof_Hosting Definition from Ajax Patterns wiki]
* [http://smokey.rhs.com/web/blog/PowerOfTheSchwartz.nsf/d6plinks/RSCZ-6C5G54 Is AJAX The Answer For Crypto In Browser-Based Applications?] Seminal blog post by Richard Schwartz
* [http://smokey.rhs.com/web/blog/PowerOfTheSchwartz.nsf/plinks/RSCZ-6CCMCD Ajax And Crypto: The Obstacles To Public Key Encryption In The Browser] by Richard Schwartz
* [http://smokey.rhs.com/web/blog/PowerOfTheSchwartz.nsf/plinks/RSCZ-6CATX6 Proof of Concept: Browser-Based Field Encryption With Blowfish Via Ajax]

Resources

* [http://code.google.com/p/clipperz Clipperz Crypto Library] , a Javascript library of crypto algorithms for browser-based cryptography (AES, SHA2, Fortuna, ...), released under a BSD license.
* [http://code.google.com/p/passpack/ Host-Proof Hosting Package] - Released by Passpack. Dual licensed MIT/LGPL. Package for building a Host-Proof Hosting application. Includes sample "secret notes" application with PHP backend.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Self-hosting — The term: Self hosting was coined to refer to the use of a computer program as part of the toolchain or operating system that produces new versions of that same program mdash;for example, a compiler that can compile its own source code. Self… …   Wikipedia

  • Zero-knowledge web application — Zero knowledge web applications are a special kind of online services that were defined and introduced by the development team at [http://www.clipperz.com Clipperz] in 2006. They dubbed their online password manager the first zero knowledge web… …   Wikipedia

  • 2012 Summer Olympics bids — Olympic bid|2012|Summer winner = London votes1 = 54 runner up = Paris votes2 = 50 shortlisted1 = Madrid shortlisted2 = New York City shortlisted3 = Moscow venue = Raffles City, Singapore 1stBid = 15 July 2003 2ndBid = 15 January 2004 shortlist =… …   Wikipedia

  • List of The Lone Shark episodes — This is a list of some of the more popular or important episodes of The Lone Shark television program. Contents 1 List Of Notable Episodes 1.1 An Evening Of Bonding With Sy Becker (1991 – Recorded) 1.2 The Jeffr …   Wikipedia

  • Visa (document) — This article is about the international travel document. For other uses, see Visa (disambiguation). Entry visa valid in Schengen treaty countries. Issued by France …   Wikipedia

  • E-mail spam — E mail spam, also known as bulk e mail or junk e mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e mail. A common synonym for spam is unsolicited bulk e mail (UBE). Definitions of spam usually… …   Wikipedia

  • Germany — /jerr meuh nee/, n. a republic in central Europe: after World War II divided into four zones, British, French, U.S., and Soviet, and in 1949 into East Germany and West Germany; East and West Germany were reunited in 1990. 84,068,216; 137,852 sq.… …   Universalium

  • Black site — blacksite redirects here. For other uses, see Black Site (disambiguation). In military terminology, a black site is a location at which an unacknowledged black project is conducted. Recently, the term has gained notoriety in describing secret… …   Wikipedia

  • Ryan Seacrest — Seacrest in The American Idol Experience motorcade at Walt Disney World …   Wikipedia

  • Cher — This article is about the entertainer. For other uses, see Cher (disambiguation). Cher Cher at the London premiere of Burlesque in 2011 Background information Birth name …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”