I'm working on an Android project that utilizes Couchbase-Lite (1.1.0) and the requirements are that all data (the documents themselves and any Couchbase attachments) is encrypted prior to storage.
I had originally envisioned encrypting the entire database file using something like SQLCipher, but I haven't been able to find a straightforward implementation for that (I know that the Couchbase-Lite implementation for iOS uses this approach, but the Android build is a bit behind), so instead my plan is to encrypt the documents (the JSON representation) and the attachments (the stream) before saving them into Couchbase-Lite database.
My questions:
What are the recommendations for this kind of encryption? What methodology / libraries? I assume AES-256, but should I build it myself or utilize a 3rd party library (any suggestions)?
What's the best way to maintain a passphrase within the device that is more secure than hardcoding it within the app (which is really, really bad)?
Has anyone seen something similar to this (my googling ability has left me high and dry) that could point me to a similar use case?
Thanks!
Use an existing AES library. Either use CBC mode with an HMAC to check authenticity, or a self-checking mode like GCM. Not all libraries have GCM since it is more recent.
Write the passphrase on a piece of paper and keep it in a locked drawer. That is unhackable. Type it in when needed. Clear the memory immediately after you have finished using it. Alternatively, keep it on a memory stick, and lock that in the drawer. You will still need to clear the memory. Change the passphrase regularly. Yes, this does mean decrypting the entire database with the old key and re-encrypting with the new key. Allow time in your daily/weekly/monthly/whatever schedule to do this. Just before a backup is good. Keep the old passphrase securely offline, in a safe perhaps, in case you need to rederive the key to recover an old backup.
Look at a good Key Derivation Function like HKDF (from RFC 5869) to derive the actual key from your passphrase.
This is crypto, and it is complex. It has all been done before, so you need to stick to tried and tested methods.
Related
I read many tutorial and topic about this about SqlCipher , but I didn't understand what should I do exactly!
I have ready database in my assets folder . My database contains about 4 tables and 5000 records .I want to make it more secure.How I can do it ? Could somebody help me with this problem ? As I am novice with android , I need step by step solution . At the moment I use sqliteasset.SQLiteAssetHelper library to read database from assets folder.
Do not waste development time on encryption of client-side data - the data which should be accessible by the application in unattended manner (i.e. decrypted by application without user's input of any kind of password).
Here is an explanation of my statement:
Lets assume that you managed to protect(encrypt) your database by some encryption key and application upon startup should read all encrypted data.
It means that your application should have built-in key required for the decryption.
And any person with minimal reverse-enginering knowledge can extract both key and the database from your apk file and decrypt it.
When you design security mechanism to protect the data one of the first questions which you need to answer is:
How much time adversary will need to spend to open the data?
If your answer is something like "It will require 10,000 years to brute force my protection" then your protection is probably ok.
But right now you are trying to implement security through obscurity and it newer works.
Determined person can easily extract encryption key from your own code and decrypt your database in almost no time.
When you design client-server architecture there is only one way to protect trade secrets - place everything sensitive to the server side.
If your client-side application relies on some business sensitive information (like calling some paid APIs with your own API key) then your application has design flaw.
If your application relies on information which is not business sensitive then it does not make sense to encrypt this information.
I have an application that stores its data and test results in a SQLite database on either and Android or ios phone.
Is it possible to secure this data so that only the application can access it or is the data open to anyone (that knows how) to go in and make changes to the database?
You could look into encrypting your db. There are libraries like SQLCipher you could look into.
Since the database is just a file in SQLite, if other apps can't access that file you're good.
If you mean accessing it by tinkering with the filesystem, it's definitely possible on Android, unless you encrypt the file. On iOS it's a bit more difficult, but on a jailbroken phone it's entirely possible as well.
You'd want to research SQLite encryption libraries, but these are different on iOS and Android. If you want a common approach, encrypt the file and decrypt it before access.
SQLCipher is a popular library for encrypting your db on Android.
You should definitely enable Proguard as well if you're worried about modifications to your app.
Is the data open to anyone (that knows how) to go in and make changes
to the database?
Yes:
Jailbroken iPhone,iPad.
Rooted Android device.
Is it possible to secure this data so that only the application can
access it?
Not really but you can make it harder to leak through encrypting all the sensitive informations. Note: Do not use an opensource Encryption/Decryption chances are that the hacker also knows about it and it will be used againts you. Implements your own Encryption and Decryption instead if you have time.
It encrypts the SQLLite database at page level, ok thats fine, nothing wrong with that!
but what about your source code? its compiled, but even if its compiled someone could decompile it, retrieve your password and decrypt the database?
How safe is SQLCipher?
According to the SQLCipher design documentation, it is based on secure components (AES, OpenSSL, HMAC_SHA1, PBKDF2,...). If those claims are correct, it sounds good to me.
What is a bit unusual (to me, at least) is that there is a random IV per page. This is somewhat different to the typical file system encryption mode AES-XTS. The design used by SQLCipher has certain advantages over AES-XTS, for example writing the same data again will not result in the same encrypted page. However, possibly there are disadvantages, for example I'm not quite sure if with SQLCipher it is possible to move or copy pages (copy encrypted pages to another page). It might not be possible, however from the design document I don't see how this is prevented. Such is the risk if a non-standard encryption mode is used :-) But even if this is a problem, it wouldn't allow an attacker to read the data; it would only allow certain types of attacks. Even with AES-XTS certain types of attacks are possible, so I wouldn't be worried too much.
What about your source code?
To keep things save, don't store the password in the code. Instead, let the user enter the password, or store it in a key-chain. This is possible for both Android and iOS as far as I see, but I don't know the details.
I need to store couple of thousand text/number combinations in a database on iPhone and on Android. While creating a database on either device is no issue - I would like to know how "confidential" can one actually make the data in such databases?
What I would like to avoid is that anyone "cracks" the complete database with all the entries.
While I don't care if one can get to some entries by any means.
It just should be as difficult as possible to extract all the data from the database.
user387184,
For the most crucial data on iOS I'd personally recommend using Keychain APIs (which can be found in the Security framework. Keychain is an encrypted storage which can be used for storing accounts, passwords, sensitive data.
However if you wish to encrypt the whole database you should take a look at the Apple's Data Protection API which allow you to easily encrypt whole database using NSFileProtectionComplete flag.
As for the Android I am not sure if there's a publicly available API for such operations. You could take a look at Android Encryption, however it is available for Android devices with Android 3.0 and higher.
An alternative approach for Android could be using a storage encrypted using simple PIN code and prompting user to input the key on each subsequent launch of the app (however from user experience point of view that wouldn't be a good solution).
I need to find a way to encrypt/decrypt an images in Android.I'm new in Android programming and never been encrypt/decrypt on any other platform,so please provide me a good example,because I need to learn how to do it.I'm working on a project which needs to encrypt/decrypt images.I'll be really happy if you can help me about this.
Thanks anyway!
You can take a look at this Stackoverflow Encryption Accepted Answer
Keep in mind that this is probably going to take a lot of time to encrypt/decrypt images. You also have not set any security standards (how secure must this be) so it's hard to give an authoritative answer
Update
After your comment here are a few more things to think about. Typically faster = less secure. Are you really trying to secure the images or just make them unavailable to unauthorized users.
For instance do you only want the images to be viewable on an authorized device or are you worried about them falling into the wrong hands?
I had a problem where the images should only be shown on a device that was an authorized account, that was fairly easy to solve, a unique ID associated with the users account was used to encrypt the data, so each user had their own (unique) key on the device and on the server, encryption was done on the fly on the server side. I also only needed to encrypt part of the data (header - first 4096 bytes) to make it unusable, I wasn't trying to keep the NSA from decrypting the images, just keep them from being easily decrypted and passed around.
So that was fast and secure enough, this is why I am suggesting you figure out what you are trying to do and protect against before picking a implementation plan.