4

I'm thinking of using an MBaaS such as Firebase or Kinvey for my next app, and am wondering if any exist which encrypt application data end-to-end (i.e. such that the encryption keys are never shared with the service provider). This seems feasible in theory, since the server is not expected to do any computation on the data, only store it and deliver it to clients.

Does such a service exist? I've found ZeroDB and Crypton, but neither are available as services AFAICT, which means I'd have to administer, scale, and back them up myself. I also thought of using something like Firebase and encrypting my app's data before I pass it to the Firebase API, but I'm wary of writing a one-off crypto layer like that unless I have to (i.e. I'd rather use something that's been peer-reviewed).

Alternatively, if no such service currently exists, why not? Is it technically infeasible, or is there just no market for it?

Edit: This seems closest to what I'm looking for, but considering the broken links on their website I'm guessing it's defunct: Adreneline Mobility

Joel Dice
  • 121
  • 1
  • 6
  • End-to-end encryption is not easy and hard to get correct. There is also another problem not in the question, how the clients exchange keys, this is not easy and in Apple's case involves the use of HSMs which are expensive hardware. What do you do in the case the receiving party is no online at the time the message is sent? Note that Apple's iMessages is described in detail by Apple and in several cryptographic reviews. – zaph Jul 06 '16 at 12:46
  • See [MTProto Mobile Protocol](https://core.telegram.org/mtproto). There is debate as to its security: [Telegram security](https://news.ycombinator.com/item?id=6916860) and [Moxie Marlinspike](https://moxie.org/blog/telegram-crypto-challenge/) comments. – zaph Jul 06 '16 at 12:58
  • Assuming you have the receiving party's public key, you can send them a message any time whether they're online or not. Of course, that presumes there's some reliable way to get the public keys of everyone you want to communicate with, which is admittedly a tough problem. [keybase.io](https://keybase.io) is one option, among others. – Joel Dice Jul 06 '16 at 13:37
  • If they are not online how will the message get to them? Don't dismiss handling the public keys. – zaph Jul 06 '16 at 13:46
  • The idea with a service like Firebase is that there's a persistent, cloud-based database in which clients may store arbitrary data. So I could leave a message there for you, encrypted with a random symmetric key, which is in turn encrypted with your public key. More generally, I could encrypt that symmetric key with multiple public keys to share the message with a group of people. – Joel Dice Jul 06 '16 at 18:37
  • Possible typo: "encrypted with **your** public key", the key needs to be encrypted wth the **receivers** public key. The problem is leaking who is sending messages to whom, of what length and when, the system should be secure against this even from an advanced hacker that can send and receive large numbers of messages. There is also the issue of court orders for messages and meta-data. – zaph Jul 06 '16 at 19:13
  • Look into [backendless](https://backendless.com) before you decide on Firebase or Kinvey. You do not need to share keys with the service provider and all the API traffic is encrypted. – Mark Piller Jul 06 '16 at 19:13
  • @MarkPiller: From what I see in the backendless API docs, they seem to handle authentication and access control the same way Firebase does, via server-side policy enforcement rather than client-side encrypt-and-MAC. Am I missing something? – Joel Dice Jul 06 '16 at 19:36
  • @JoelDice, it depends on the edition of the service you're using. With the public Cloud options, it is just like you said - user/role-based security. With the Managed Backendless (a dedicated installation we host and manage for you), it can be restricted any way you need. – Mark Piller Jul 06 '16 at 19:50

2 Answers2

2

The answer to your question is actually available on the market. CloudMine offers end-to-end encryption (disclosure - I work at CloudMine). They have a largely healthcare focused offering so it has to stand up to HIPAA and other government regs around data security.

Here's a good overview video on security featuring CloudMine's CTO. The first 45 sec. provide some more information on our encryption techniques.

I know I'm being the "sales guy" right now but I'm happy to hop on a call to share what we've built and discuss your specific use case. You can email me at nick at cloudmineinc.com if you're interested.

Nick
  • 31
  • 1
  • Thanks for your answer, Nick. Has CloudMine published any information on how it handles key management (e.g. how keys are matched with identities, who has access to those keys)? And are there developer API docs available? – Joel Dice Jul 06 '16 at 19:14
0

Virgil Security (full disclosure - I work there) has an end-to-end encryption SDK that works for any endpoint, and also has a special integration with Firebase. It's open source, of course. Check it out and feel free to ask any questions of the team here or on Slack - https://e3kit.readme.io/

Rebecca Yarbrough
  • 1