3

I am doing some research and development into a possible project that my potential client is discussing with me.

I am looking at creating an asp.net 4.5 web application that will be accessed over the web and hold some pretty sensitive information. The information is going to be uploaded via the webApp and the files stored on the server for viewing / retrieval later. I want to ensure the information is securely uploaded and stored. in order to do this I will propose a EV SSL certificate is used across the application at all times and some sort of encryption applied to the files (jpeg,pdf,txt) to ensure that if someone gained access to the application at server level the files are not directly viewable without the application too, this is where I am looking for suggestions or improvements.

My research has guided me to AES encryption on the files, again is this going to be sufficient to protect the files ? Should encryption be applied at OS level (win2008) ? Should I store the files in the database ?

The files must be readable back to the user on the webApp and viewable in the browser.

Should any further information be needed, please ask!

user1691322
  • 31
  • 1
  • 2
  • In my opinion you only can be safe if you encrypt _before_ uploading. There are a lot of possible man-in-the-middle attacks I can think of. – Uwe Keim Sep 22 '12 at 18:47
  • You could possibly try client side encryption: http://dren.ch/js_blowfish/ might be a good starting point. – immutabl Sep 22 '12 at 19:01
  • 1
    Your solution to problem you are trying to solve is questionable. If attacker gets access to the server he can easily decrypt data (as encryption/decryption code is on the server and can be run directly). Consider finding/talking to people who have good understanding of security to validate your approaches. For startes - read Eric Lipperts's blogs around encryption like http://blogs.msdn.com/b/ericlippert/archive/2005/02/03/366274.aspx – Alexei Levenkov Sep 22 '12 at 19:20

3 Answers3

1

I am in a project which takes care of some very sensitive informations/file too. We decided to

  1. make use of https
  2. encrypt all sensitive data/files with the ssl cert

Right now we do not save files within our database although it is possible. But I don't see any big advantage of saving it to database (backup of files will be done separatly - which may be a point in your application). For pro and cons concerning Saving Files in DataBase see this question at StackOverflow

There is an example of How to encrypt using a X509 cert on MSDN and there are plenty of good articles in the web concerning this topic (codeproject.com, SO, ...).

Although this is our approach, there may be better solutions. I'd like to hear what kind of approch you choose.

Community
  • 1
  • 1
Pilgerstorfer Franz
  • 8,303
  • 3
  • 41
  • 54
  • my preference is not to store files within the database. To have the files in a filesystem is the preference. What was your approach for encryption of files? – user1691322 Sep 23 '12 at 09:11
  • As I said - we use our ssl certificate to encrypt all files. Furthermore files get a dynamically generated filename stored in the database as well as the original fileName. On transfer of the files they got decrypted and fileName is restored from the database! – Pilgerstorfer Franz Sep 25 '12 at 06:55
0

If you use private key cryptography to protect the files, you still have the problem that the key has to be in your source somewhere. The two alternatives that occur to me are:

  1. Public key cryptography - encrypt the data with a public key embedded in the dll, and don't have the private key on the machine. Then you'll take the files elsewhere before decrypting.
  2. Use the DPI functions to encrypt the data, with a user-level key. Then there's no explicit key to manage, and the data is only readable by processes running as that user (so you'll probably change your app pool to run with a machine account).
bmm6o
  • 6,187
  • 3
  • 28
  • 55
0

Since you're using SSL, transporting the data will already be encrypted. Basically after the SSL handshake is made the data is encrypted symmetrically with an algorithm like AES. This is done mainly for speed, public key cryptography is very slow so encrypting files using an algorithm such as RSA will probably not be a good idea, besides AES is supported on the chip these days in a lot of the Intel processors so it would be extremely fast to use it (that is what BitLocker is based on).

The problem you have is now a classic key management problem, which is, how to store and distribute the keys safely without compromising security? One thing you can do is create a key based on the users password + salt so your application (after authenticating the user) re-generate the key with an algorithm it based on their password + some random salt value and keep it in the session. Only the user would be able to decrypt the data that they upload into the system. A good side-effect of this is that the user now wouldn't be able to read other users data either. There is a drawback to doing this however and it's that if your user looses their password the key along with their files will not be recoverable. Typically in those situations what you would do is have some sort of key escrow where there is either a trusted third party that can store and encrypt all keys with a master password, or you are the trusted party and encrypt all keys with some master key that is not part of your application and stored on a separate secured system. Another drawback is that when the user changes their password you'll have to decrypt and re-encrypt all their data on the file system, this can be a long process depending on how much data is stored.

Regardless of all this you should keep some sort of contingency plan if you ever have a situation where the keys are stolen. A good place to start in desigining your applicaiton is to look at the OWASP (Open Web Application Security Project) for design elements https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet

nerdybeardo
  • 4,655
  • 23
  • 32