At the same time, though, a security threat is encroaching from the server direction. Increasingly, no one except a few large corporations has control over their servers anymore. Even data that needs to conform to HIPAA security requirements is being moved into "the cloud" – which is to say, onto computers managed by a few companies. This is primarily the largest cloud provider, Amazon; trailed by Microsoft, IBM, and Google.
It's not just that the servers reside at these large providers in the form of virtual machines which can potentially be accessed by the provider, or any government that can compel them. It's also that increasingly, servers are being abstracted away. Amazon's Lambda offers a premise where the website author just writes code, deploys it "on the cloud", and does not worry about servers. Google has long offered this with AppEngine.
What does this mean for security against cloud providers? Or for security against governments?
Suppose you run a website and want to protect your users from wholesale monitoring and surveillance without warrants. You cannot achieve this using current cloud infrastructure because a critical security component is missing.
If your website stores data in a cloud database without encryption, then obviously, this data is available wholesale. It is accessible both to the cloud provider and to any government that can compel it, and in an easy format.
Suppose you encrypt your database. If you store the keys anywhere on your cloud server at any time, the keys are accessible both to the cloud provider and to any government that can compel it. They can decrypt your user data without informing either you or your users.
Suppose you encrypt your database, but you use a secret key derived from each user's password, and you do the encryption locally in the browser. You design your application so that neither the password, nor the key, nor the plaintext data are ever sent to the server. Would this be secure?
Currently, the only defense is to maintain your own datacenter. This is cost-prohibitive, and makes it impossible to defend against Distributed Denial of Service attacks. You must choose between:
Assurance against DDoS. Requires surrendering your TLS key to CloudFlare or Amazon. A government can compel the cloud provider to backdoor your website, and you'll never notice.
Assurance against someone backdooring your website. In this case, your website's load times are worse because it is in one location, and it's vulnerable to DDoS unless you have tremendous resources.
There is a solution. It is to sign website assets using keys that do not have to be online for TLS.
Standard needed: Signed web assets
A new standard is needed, including support in browsers – Chrome, Firefox, Edge, Opera, Safari – allowing website authors to sign all components of a website. This would include HTML, CSS, JavaScript, images, video, and WebAssembly. A new, no-nonsense binary format for signed files could be defined (preferred), or a MIME type such asmultipart/signed
could be used (complex and inefficient since designed for email). Signing would be done using a private key separate from TLS. There would need to be a new type of signing certificate similar to code signing in Microsoft systems.This would not work without browser support. It would have to be an initiative spearheaded by implementers of at least two major browsers.
Showing 4 out of 4 comments, oldest first:
Comment on Jan 28, 2018 at 10:35 by Boris Kolar
Steps:
1. Write a service worker that will intercept network requests and check signature.
2. Provide a simple html page installing the service worker (on a site under you control).
Cached version of service worker will be used when/if your site goes offline.
Comment on Jan 28, 2018 at 10:48 by denisbider
The problem is the platform specificity of downloaded software. If I ship an iPhone app, an Android app, and a Windows app, all of those have code signing available. However, if I want to ship a cross-platform app using WebAssembly, there's no code signing available - just TLS.
Comment on Jan 28, 2018 at 12:42 by Boris Kolar
Comment on Jan 28, 2018 at 23:25 by denisbider