- Zero-knowledge web application
Zero-knowledge web applications are a special kind of online services that were defined and introduced by the development team at [http://www.clipperz.com Clipperz] in 2006. They dubbed their online password manager the first zero-knowledge web application, a web service that knows nothing about its users and their data.
Zero-knowledge web applications aim to leverage the Internet to manage personal data, especially sensitive one, without disclosing any information to the server providing the service. The basic idea is to deliver a "'no trust needed" web service, where users have the ability to inspect and verify anything running in their browser.Zero-knowledge web applications drift the attention away from trusting the provider and let users focus on trusting the application.
The new paradigm for developing web applications is based on a small set of rules and principles, the so-called zero-knowledge methodology.
In order to avoid storing readable data on the server a zero-knowledge web application should encrypt and decrypt the data inside the browser. A neat idea, not new though. Richard Schwartz and others introduced the above concept under the name of host-proof hosting in the first half of 2005. Here is their definition from the [http://ajaxpatterns.org/Host-Proof_Hosting AjaxPatterns wiki]
Host sensitive data in encrypted form, so that clients can only access and manipulate it by providing a passphrase which is never transmitted to the server. The server is limited to persisting and retrieving whatever encrypted data the browser sends it, and never actually accesses the sensitive data in its plain form. It. All encryption and decryption takes place inside the browser itself.
A zero-knowledge application should be trusted for itself and not because of the reputation of its developers. Therefore full access to the source code of the application is required. This does not imply that a zero-knowledge application should be free or
open source. As an example, Clipperz is released under a [http://www.clipperz.com/learn_more/reviewing_the_code/license reference licence] meant to allow security code reviews but prohibiting copying and forking.
Developers of zero-knowledge web applications must provide the same exact files that are loaded into the browser when accessing the application. Usually these files are quite difficult, almost impossible, to work with: spaces and comments have been removed, variables have been renamed. To make life easier to code reviewers, it's recommended to maintain the source files in their original form and provide instructions on how to derive the compressed and optimized versions.
Performing a code security review it's a complex matter, and it's quite likely that most users will rely on reviews performed by others. However any zero-knowledge web application should provide an easy way to verify that the application downloaded by the browser is the same application built from the code available for inspection.
The ideal solution should be completely browser based and relying on a redundant and distributed network of servers not associated with the application provider. Each third party server hosts the fingerprint of the zero-knowledge web application, i.e. the
Prevent code changes
Download before login
Avoid code injection
* Never, ever, use the "eval" function on data loaded from the serverThe eval function offers great flexibility since it's able to "run" any string. But if a web application allows to use it to process data provided by the server, then any kind of code could be easily injected, thus hijacking the original application.
* Limit the use of the "document.write" functionKeep its use to the bare minimum, allowing for closer inspection when it is really necessary to use it.
* Never, ever, load any html content from the serverLoading html chuncks from the server is another easy way to subvert the behavior of the application. Just imagine what would happen if the server could push this little html snippet:
The scary part, is that this token could be hidden anywhere, even attached to a legitimate response. For this reasons, all the html elements used by a zero-knowledge application must be loaded together with the source code before the sign-in phase.
There are countless design decisions that could disclose information to the server. Sometimes data leaks are easy to detect, sometimes very subtle and dangerous. A zero-knowledge application should pay maximum attention to work with as little information as possible. It’s easy to fall for a new fancy feature that can destroy the whole security architecture.
As an example, consider the protocol behind user authentication. The following paragraph clearly explains why a zero-knowledge application should adopt the SRP protocol or an equivalent verifier-based protocol.
While any reasonably secure authentication protocol is expected not to leak any information about the password to eavesdroppers, protocols classified as zero-knowledge do not even leak any information about the password to the legitimate host (except the fact that the party at the other end really does know it). This subset of verifier-based protocols is strong indeed, since the host never stores plaintext-equivalent information and is never given any such information during the course of authentication. (from [http://srp.stanford.edu/ndss.html http://srp.stanford.edu] )
SRP is complex and slower than traditional methods, but it's perfect to achieve zero-knowledge! Moreover it can be deployed without revealing to the host both the password and the username! As a consequence of the "learn nothing" mantra, every zero-knowledge application should be completely anonymous, or at least it should make it impossible to relate the real name or email of a user to his data.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Application security — encompasses measures taken throughout the life cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgradation,or maintenance of the … Wikipedia
Evenness of zero — The number 0 is even. There are several ways to determine whether an integer is even or odd, all of which indicate that 0 is an even number: it is a multiple of 2, it is evenly divisible by 2, it is surrounded on both sides by odd integers, and… … Wikipedia
Project Zero — Infobox Software| name = WebSphere sMash caption = developer = IBM latest release version = 188.8.131.52 latest release date = 28 May 2008 latest preview version = latest preview date = operating system = Cross platform genre = Application Server… … Wikipedia
Food web — A freshwater aquatic and terrestrial food web. A food web (or food cycle) depicts feeding connections (what eats what) in an ecological community. Ecologists can broadly lump all life forms into one of two categories called trophic levels: 1) the … Wikipedia
Safari (web browser) — Safari Safari 5.1 on Mac OS X Lion Developer(s) … Wikipedia
Commitment scheme — In cryptography, a commitment scheme allows one to commit to a value while keeping it hidden, with the ability to reveal the committed value later. Commitments are used to bind a party to a value so that they cannot adapt to other messages in… … Wikipedia
Password — For other uses, see Password (disambiguation). A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password… … Wikipedia
Security token — Several types of security tokens with a penny for scale … Wikipedia
Morfik — Technology Pty Ltd. Industry Computer software Founded Hobart, Tasmania, AUS (2000) Headquarters Sydney, NSW, Australia … Wikipedia
Cryptography — Secret code redirects here. For the Aya Kamiki album, see Secret Code. Symmetric key cryptography, where the same key is used both for encryption and decryption … Wikipedia