in 2017 I would like to make an ios App for iphones/ipads in which I will have a database.
The database is the result of 7 years of research. This database is highly important to us. If it gets stolen, it could destroy our business.
Our idea is a medical app.
Users put their symptoms and it queries the database that gives the disease.
A developer told me it was not possible to protect the database. So its offer was simple : the symptoms are asked locally, then it generates a code that is sent to a server (internet). The server reads the code and process the query and sends back its result. The security is done on the server and not on the ios App. I dont like that solution as it is not local.
Another developer told me it was possible. The database is encrypted and decrypted in the RAM. It is highly secured. At least as secured as a server.
I dont know what to think, but I really would like to have your lights.
I would like the database to be highly secured and the app to work in local (no internet).
Thanks for your help
PS: I forgot to add that users never write on the database. They are just using it...
In my openion
If the data is extremely sensitive then it should never be stored offline on the device because all devices are crackable.
The keychain is one option for storing data securely. However it's encryption is based on the pin code of the device. User's are not forced to set a pin, so in some situations the data may not even be encrypted. In addition the users pin code may be easily hacked.
A better solution is to use something like SQLCipher which is a fully encrypted SQLite database. The encryption key can be enforced by the application and separate from the user's pin code.
Other security best practices are:
Only communicate with remote servers over SSL/HTTPS.
If possible implement certificate pinning in the application to prevent man-in-the-middle attacks on public WiFi.
Clear sensitive data out of memory by overwriting it.
Ensure all validation of data being submitted is also run on the server side.
According to this post, it's possible to decompile an iOS application.
How can I prevent an attacker from gaining access to my AWS DynamoDB database? Just having the access keys out in the open like shown on the Amazon developer guide doesn't seem like it would be very safe.
I would think that I could use keychain to store the keys, but I feel like there would be an easy way to get past this for a motivated attacker, given they have the app's assembly source code.
Currently, I connect using Amazon Cognito. All I have to use to connect are the identity ID and the role name. I don't see anything stopping an attacker from simply getting those values and connecting to the database.
For example, what stops an attacker from decompiling the Facebook iOS app code and deleting all of the users?
How can I prevent attackers from decompiling my iOS application and getting access to the database access keys, or at least prevent them from doing any major damage, such as deleting users?
Based on my admittedly limited experience, I'd say that a really motivated attacker will always be able to retrieve the credentials you use to access your database regardless of what you do to your executable. I would, however, question why you application needs to have direct access to your database in the first place.
The usual way to safeguard your serverside data is to use a web service to access it. App contacts web service with request, service contacts db, gets data, sends it back. Since the web service and the db are both hosted on your server and only the web service needs direct access to your db, there is no need to store db access info in your app. Problem solved.
It's impossible. In order for your program to do something, it must contain the instructions that allow the computer to follow to do that thing, which means anyone else can also follow those instructions to learn how to do the exact same thing.
You can use SQLCipher and use your auth's userToken and/or userId as cipher keys.
I'm doing some research on a new project we want to work on, but before we actually take on the project I have some concerns.
This project involves storing a lot of (text) data somewhere on a server, you can think about it like Instagram (but without photos).
So you can follow people, view profiles, list of activity ...
The question is, how do these apps send all this data securely to a server?
And what kind of server do they use? Something like Amazon AWS?
They are sent over https which is built into the NSURLConnection class. You can have a server (I use linux but you can use anything) have a self signed ssl certificate and your App code can give an exception to that particular URL for self signed certificates if you are wanting to save money. It is better practice and more secure to have a signed certificate though.
As far as storing it, most don't actually store it encrypted. It is sent to the server running a web service encrypted and then is stored in the database / file system unencrypted. The reason for this is there is a lot of processing power required to compress things and the extra over head of storing encrypted things as well as making it harder to search and index depending on how you do it.
Amazon AWS would work although I run my own server at home. It's quite easy to set up.
I need to store payment gateway processor username/password credentials on a production web server, but would prefer not to do so in clear-text. What is the best way to store these credentials? Are their best practices for encrypting and decrypting this information?
It's a classic chicken-egg problem. Encryption does not help you at all if you can't protect the keys. And you obviously can't.
What I would suggest is to try to make the other services / users use hashes towards your authentication code, and save those hashes instead. That way at worst you will lose the hashes, but it might prove hard (depending on the rest of the setup) to actually use them maliciously. You might also want to salt the hashes properly.
An other possibility would be using an external authentication store if you can't enforce using hashes. It does not really solve the problem, but you can control the attack vectors and make it safer by allowing only very specific contact with the actual source with the important data.
Store outside of any directory that is web accessible.
Make sure only the app processes have read access.
Harden server.
I'm making a twitter client, and I'm evaluating the various ways of protecting the user's login information.
IMPORTANT: I need to protect the user's data from other other applications. For example imagine what happens if a bot starts going around stealing Twhirl passwords or Hotmail/GMail/Yahoo/Paypal from applications that run on the user's desktop.
Clarification: I asked this before without the 'important' portion but stackoverflow's UI doesn't help with adding details later inside the Q/A conversation.
Hashing apparently doesn't do it
Obfuscating in a reversable way is like trying to hide behind my finger
Plain text sounds and propably is promiscuous
Requiring the user to type in his password every time would make the application tiresome
Any ideas ?
This is a catch-22. Either you make the user type in his password every time, or you store it insecurely (obfuscated, encrypted, whatever).
The way to fix this is for more operating systems to incorporate built-in password managers - like OS X's Keychain. That way you just store your password in the Keychain, the OS keeps it secure, and the user only has to type in 1 master password. Lots of applications (like Skype) on OS X use Keychain to do exactly what you are describing.
But since you are probably using Windows, I'd say just go with some obfuscation and encryption. I think you may be slightly paranoid about the password-stealing-bots; if your application doesn't have a large userbase, odds are pretty low that someone will target it and specifically try to steal the passwords. Besides that, they would also have to have access to their victim's filesystem. If that's the case, they probably have a virus/worm and have bigger problems.
I think you are missing the bigger picture here:
If the desktop is compromised, you're F#*%ED!
To steal a password from your program, a virus would have to be running on the system as administrator. If the virus has achieved that, stealing passwords from your program is way down on it's list of malicious things it wants to do.
Store it in plain text and let the user know.
That way, there are no misconceptions about what level of security you have achieved. If users start complaining, consider xor'ing a published-on-your-website constant onto it. If users keep complaining, "hide" the constant in your code and tell them it's bad security.
If users can't keep bad people out of the box, then in effect all secret data they have is known to Dr. Evil. Doesn't matter whether it's encrypted or not. And if they can keep evil people out, why worry about storing passwords in plain text?
I could be talking out my ass here, of course. Is there a study showing that storing passwords in plain text results in worse security than storing them obfuscated?
If you are making a twitter client then use their API
Twitter has very good documentation, so I advise you read it all before making a client. The most important part in relation to this question is that you don't need to store the passwords, store the OAuth token instead. You need to use the xAuth stage to get the OAuth token, then use other Twitter API's with this OAuth token where necessary.
xAuth provides a way for desktop and mobile applications to exchange a
username and password for an OAuth access token. Once the access token
is retrieved, xAuth-enabled developers should dispose of the login and
password corresponding to the user.
You never store passwords if you can get away with it
Using OAuth the worst that can happen is a 3rd party (black hat hacker) gets access to that Twitter account but not the password. This will protect users which naively use the same password for multiple on-line services.
Use a keychain of some sort
Finally I agree that pre-made solutions such as OSX's keychain should be used to store the sensitive OAuth information, a compromised machine would only reveal the information of the currently unlocked keychains. This means in a multi user system only the logged in users have their keychains become vulnerable.
Other damage limitations
There may be stuff that I've missed take a Google for "best security practices" and start reading for what may be relevant.
EDIT (in response to finnw desired general case solution)
You want, given no user input, access to an on-line service. This means typically you have, at most, user level access control to the authentication credentials via something like Keychain.
I have never used OSX Keychain so now I'll talk about SELinux. In SELinux you can also ensure these authentication credentials would only given to your program. And if we are continue going on OS level stuff, you could also sign all processes from boot to cryptographicly be certain no other program could be mimicking your program. This is all beyond a typical user system and given this level of setup you can be assured the user is not naive enough to be compromised, or a sysadmin is compitant enough. At this level we could protect those credentials.
Lets assume we don't go that far into protecting those credentials, then we can assume the system is compromised. At this point the authentication credentials become compromised, obfuscation/encryption of these credentials on the local side don't add any real security and neither does storing part or all of it on a 3rd party server. This is easy to see because given no user input, your program needs to bootstrap itself to obtain those credentials. If your program can do it with no input, then so can anyone who has reversed engineered your obfuscation/encryption/server protocol.
At this point it is damage limitation, don't store the password as authentication credentials. Use OAuth, cookie sessions, salted hashs, etc, they are all just tokens representing that at some point in the past you proved you knew the password. In any good system these tokens can be revoked, time expired and/or periodical exchanged for a new token during active session.
The token (whatever form it may be) can also contain additional non user input authentication information which restricts your ability to use them elsewhere. It could for example encapsulate your hostname and/or IP address. This makes it difficult to use the credentials on a different machines since mimicking these forms of credentials would require access to the appropriate level of network infrastructure.
Upon further contemplation I think I found a way. I will use ASP.net authentication for my application desktop application, store their credentials online and let Internet Explorer's password manager handle the local caching of this secondary pair or credentials for me.
I will just have to have them authenticate through a Facebook-API like form during the first login.
I don't get it... why is encryption no good? Use a large key and store the key in the machine key store (assuming Windows). Done, and done.
OSX: Use the Keychain
Windows: Use CryptProtectData and CryptUnprotectData
Linux: Use GNOME Keyring and KDE KWallet