1 / 18

RWA: Resilient Web Apps Through Client-Side Processing, Database, and Web Cryptography

RWA: Resilient Web Apps Through Client-Side Processing, Database, and Web Cryptography. Master Project By Jebreel Alamari. Introduction: Cyber Resilience.

ferraro
Download Presentation

RWA: Resilient Web Apps Through Client-Side Processing, Database, and Web Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RWA: ResilientWeb Apps Through Client-Side Processing, Database, and Web Cryptography Master Project By Jebreel Alamari

  2. Introduction: Cyber Resilience • Cyber resilience: “ the ability of a system or domain to withstand attacks or failures, and in such events, to reestablish itself quickly.” by Nigel Inkster, Director of Transactional Threats and Political Risk at the International Institute of Strategic Studies . • Ways to have better cyber resilience: • Update software/ hardware • Backup and redundancy. • Security Resilient Web App / Jebreel Alamari

  3. Introduction: Research Scope • In my research I will concentrate on web applications as part of the cyber world. • Why web applications? why not native applications? • Easy to distribute. • Easy to update. • Easy to maintain. • Platform/device independent. Resilient Web App / Jebreel Alamari

  4. Introduction: Web App Resilient Web App / Jebreel Alamari

  5. Offline Web Applications: • Developing offline applications could solve part of the problem by not requiring Internet access, but it has some limitations. • Retaining data for a long period of time • Security • Browser dependency How to deal with these limitations? Resilient Web App / Jebreel Alamari

  6. Proposed design • We can develop Online/Offline web applications • Since modern browsers have become operating system like software, we can utilize them. Some of browser abilities: • Executes code • Creates and manages databases • Supports persistent storage • Performs cryptography Is it possible to develop resilient web applications using client-side ? Resilient Web App / Jebreel Alamari

  7. Project Description: • One of solutions we could offer people with bad connection is to develop web application that can handle bad connection. • My work can be divided into the following tasks: • Database management at server and client side • Performing cryptographic operations at client Side. • Switching from online to offline mode seamlessly and vice versa. • Client Side/Server Side synchronization Resilient Web App / Jebreel Alamari

  8. Synchronization on Demand • Data synchronization will be perform in online mode. • In offline mode, the app uses database within browser. • Online detection mechanism. • Purpose of synchronization: • Backup • Increase availability • Data sharing among browsers (They Do not share local storage) Resilient Web App / Jebreel Alamari

  9. Security: Indexed DB supports (SOP). is it enough? • Encrypt data before storing it in the database • Decrypt data using user’s secret/private key • Client Side/Server Side Authentication. • Key generation and management. • Hashing. Resilient Web App / Jebreel Alamari

  10. Why Web Crypto API? • Implemented in browser native code. • Hides cryptographic operations from JavaScript code. • Has methods to wrap/unwrap keys using browser specific key called keywrappingkey . • Performance. • Lightweight web applications Resilient Web App / Jebreel Alamari

  11. Related work • Pouch DB: JavaScript library for database management in the browser and data synchronization. This library requires Node.js web server and Couch DB. • xStorage: Extended local storage. • Kepler: Chrome extension. Resilient Web App / Jebreel Alamari

  12. Challenges: Browser compatibility: • API support • API implementation • Studied Browsers are Google Chrome, Firefox, Safari, and IE. JavaScript asynchronous nature: • Single threaded language. • None Blocking I/O. Resilient Web App / Jebreel Alamari

  13. Tools Used to Develop RWA • Browser Developer console Debugging JavaScript code and APIs • Sublime text2 Auto Completion, text highlighting, and project management. • JavaScript libraries such as: optional • AngularJS : Supports MVC pattern. • Jquery: Dom manipulation JavaScript library. • Q.js: Handle callbacks with promises, to have a cleaner code. Resilient Web App / Jebreel Alamari

  14. Resilient Web App / Jebreel Alamari

  15. Deliverable: • Master project report documents the design and implementation of the resilient web applications and their performance evaluation. • Two working resilient web applications that can handle bad Internet connection and be secure. Resilient Web App / Jebreel Alamari

  16. References: • Doc.ic.ac.uk, 'The CIA principle', 2014. [Online]. Available: http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm. [Accessed: 06- Oct- 2014]. • William West and S. MonishaPulimood. 2012. Analysis of privacy and security in HTML5 web storage. J. Comput. Sci. Coll. 27, 3 (January 2012), 80-87. • W3.org, 'Indexed Database API', 2015. [Online]. Available: http://www.w3.org/TR/IndexedDB/. [Accessed: 28- Jan- 2015]. • W3.org, 'Web Cryptography API', 2014. [Online]. Available: http://www.w3.org/TR/WebCryptoAPI/. [Accessed: 23- Nov- 2014]. • M. Jemel and A. Serhrouchni, 'Content protection and secure synchronization of HTML5 local storage data', Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, pp. 539-540, 2014. Resilient Web App / Jebreel Alamari

  17. References: • Polycrypt.net, 'PolyCrypt: A WebCryptoPolyfill', 2015. [Online]. Available: http://polycrypt.net/. [Accessed: 16- Oct- 2014]. • Code.google.com, 'crypto-js - JavaScript implementations of standard and secure cryptographic algorithms - Google Project Hosting', 2014. [Online]. Available: https://code.google.com/p/crypto-js/. [Accessed: 17- Nov- 2014]. • C. Reis, A. Barth and C. Pizano, 'Browser Security: Lessons from Google Chrome', Queue, vol. 7, no. 5, p. 3, 2009. • Pouchdb.com, 'PouchDB, the JavaScript Database that Syncs!', 2014. [Online]. Available: http://pouchdb.com. [Accessed: 28- Jan- 2015]. • Nodejs.org, 'Node.js', 2015. [Online]. Available: http://nodejs.org/. [Accessed: 28- Jan- 2015]. Resilient Web App / Jebreel Alamari

  18. References: • S. Naseem and F. Majeed, 'Extending HTML5 local storage to save more data; efficiently and in more structured way', Eighth International Conference on Digital Information Management (ICDIM 2013), 2013. • T. Wahlberg, P. Paakkola, C. Wieser, M. Laakso and J. Roning, 'Kepler -- Raising Browser Security Awareness', 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops, 2013. • C. Bansal, K. Bhargavan, A. Delignat-Lavaud and S. Maffeis, 'Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage', Principles of Security and Trust, pp. 126-146, 2013. Resilient Web App / Jebreel Alamari

More Related