3

This is what I am trying to do:

local                    web                  local
Recipient <--- local tunnel host server <--- Sender
server1            ngrok or other            device1

My goal is to securely transmit a string from device1 to server1. server1 is not accessible from the internet, thus starting a tunnel via ngrok or similar. However, I do not want to/can trust the tunnel server in the middle. If I understand correctly, the tunnel server could become compromised (as in MITM listening to the tcp socket/proxy).

What options do I have to securely transmit data from let's say a mobile phone to an app running behind a firewall if you can't trust the infrastructure in the middle?

I am researching https://signal.org/docs/ right now, but don't quite understand how it could work in a local tunnel context.

EDIT: Asymmetric keys seems to be what I am looking for.

Mario Tacke
  • 133
  • 1
  • 6
  • or you could setup your own tunnel server ... checkout https://www.tinc-vpn.org/ – CaffeineAddiction Jan 10 '18 at 19:56
  • also, why isnt server1 accessible from the internet? Is there some corporate rule stating that you can not port forward some ephemeral port for api usage? – CaffeineAddiction Jan 10 '18 at 20:11
  • The tunnel server works over port 80 so that should address any blocking on a corporate network; the tunnel is outbound. Also, I don't even want to trust my own tunnel server and assure complete privacy between `device1` and `server1`. I'm looking into asymmetric keys right now and that seems to provide a solution to my problem. – Mario Tacke Jan 10 '18 at 21:34
  • asymmetric keys for encrypting trafficking through an un-trusted source ... yah, that is one way to do it. I would recommend using asymmetric keys to initially send a symmetric key and then secure all futher communication for that session with the symmetric key for stronger/faster encryption (this is how SSH works) – CaffeineAddiction Jan 10 '18 at 21:45
  • Very interesting approach. Can you add this as an answer? I will accept it shortly. – Mario Tacke Jan 10 '18 at 23:19

1 Answers1

3

It would be possible to use ngrok or some other un-trusted source as long as you encrypt the traffic before you send it. This isnt to say that ngrok is a bad service, simply that it is an unknown and thus un-trusted.

To encrypt this traffic you would need to setup your own key exchange ... both the Sender and the Recipient would need to create a pub/priv key pair and share the public keys with each other. Once the public keys have been shared one or both parties can randomly generate a binary string to be used as the symmetric key for further communication. If you want both parties to contribute to the key you can hash the binary strings together to create the final key. (it should be noted that these symmetric keys should be encrypted with the opposing parties public key before being exchanged). Once the symmetric keys have been exchanged something like aes256 could be used to encrypt all further traffic.

This is a high level overview of how things like SSH handle key exchange and setup a secure tunnel. see also: https://security.stackexchange.com/a/73132/92213

CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40