Zero-knowledge web application

Zero-knowledge web application

Zero-knowledge web applications are a special kind of online services that were defined and introduced by the development team at [http://www.clipperz.com Clipperz] in 2006. They dubbed their online password manager the first zero-knowledge web application, a web service that knows nothing about its users and their data.

Zero-knowledge web applications aim to leverage the Internet to manage personal data, especially sensitive one, without disclosing any information to the server providing the service. The basic idea is to deliver a "'no trust needed" web service, where users have the ability to inspect and verify anything running in their browser.Zero-knowledge web applications drift the attention away from trusting the provider and let users focus on trusting the application.

The new paradigm for developing web applications is based on a small set of rules and principles, the so-called zero-knowledge methodology.

Host-proof hosting

In order to avoid storing readable data on the server a zero-knowledge web application should encrypt and decrypt the data inside the browser. A neat idea, not new though. Richard Schwartz and others introduced the above concept under the name of host-proof hosting in the first half of 2005. Here is their definition from the [http://ajaxpatterns.org/Host-Proof_Hosting AjaxPatterns wiki]

Host sensitive data in encrypted form, so that clients can only access and manipulate it by providing a passphrase which is never transmitted to the server. The server is limited to persisting and retrieving whatever encrypted data the browser sends it, and never actually accesses the sensitive data in its plain form. It. All encryption and decryption takes place inside the browser itself.

Eventually Ajax made pure browser-based cryptography a reality. Javascript implementations of crypto functions have been around for years, but Javascript alone can’t remember data between page loads. This causes an annoying issue since it forces the user to re-enter the passphrase each time. On the other hand, an application developed with Ajax techniques tends to not actually do page transitions, hence solving the problem of keeping a persistent key to perform crypto operations.

Hide nothing

A zero-knowledge application should be trusted for itself and not because of the reputation of its developers. Therefore full access to the source code of the application is required. This does not imply that a zero-knowledge application should be free or open source. As an example, Clipperz is released under a [http://www.clipperz.com/learn_more/reviewing_the_code/license reference licence] meant to allow security code reviews but prohibiting copying and forking.

Code inspection

Developers of zero-knowledge web applications must provide the same exact files that are loaded into the browser when accessing the application. Usually these files are quite difficult, almost impossible, to work with: spaces and comments have been removed, variables have been renamed. To make life easier to code reviewers, it's recommended to maintain the source files in their original form and provide instructions on how to derive the compressed and optimized versions.

Code integrity

Performing a code security review it's a complex matter, and it's quite likely that most users will rely on reviews performed by others. However any zero-knowledge web application should provide an easy way to verify that the application downloaded by the browser is the same application built from the code available for inspection.

The ideal solution should be completely browser based and relying on a redundant and distributed network of servers not associated with the application provider. Each third party server hosts the fingerprint of the zero-knowledge web application, i.e. the checksum of its source code. For practical reasons, developers are also advised to condense the whole source code into a single file containing all the resources needed to run the application on the browser: html, css, javascript and the images.

Prevent code changes

Zero-knowledge applications are basically huge Javascript programs running in the browser. Therefore it's of the utmost importance to implement the necessary measures to stop any attempt to modify the code executed by the browser.

Download before login

The whole source code must be downloaded to the browser before the user signs in. This is an essential requirement! If additional chunks of source code were downloaded from the server after the login phase, the user wouldn't have any chance to verify in advance the security of the web application. Therefore not a single line of Javascript code should be moved to the browser after a successful user authentication.

Avoid code injection

Since Javascript is a very powerful and dynamic language, the borders between data and code are quite blurred. In order to reassure a user about the fact that the web application he logged in won't morph into a malicious program, a true zero-knowledge application should adopt the following measures:

* Never, ever, use the "eval" function on data loaded from the serverThe eval function offers great flexibility since it's able to "run" any string. But if a web application allows to use it to process data provided by the server, then any kind of code could be easily injected, thus hijacking the original application.
* Limit the use of the "document.write" functionKeep its use to the bare minimum, allowing for closer inspection when it is really necessary to use it.
* Never, ever, load any html content from the serverLoading html chuncks from the server is another easy way to subvert the behavior of the application. Just imagine what would happen if the server could push this little html snippet:

18+
© Academic, 2000-2024
Dictionaries export, created on PHP,
Joomla,
Drupal,
WordPress, MODx.

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”