4

What is sometimes called Zero Knowledge, sometimes end to end encryption occurs when a server only processes ciphered data (at least for sensitive data) with a result where a compromise of this server does not threat the confidentiality of the data.

In this model :

  • the data are deciphered at the client side (web browser, smartphone app, ...)
  • the data are always encrypted before to be sent to the server
  • the cipher key is never transmitted to the server

Some examples of existing architectures like this are privatebin, cryptpad, signal app, protonmail (not sure)

This kind of architecture is interesting because even if a hostile third party (government, hacker, ...) tries to take over the main server, the users'data remain unviolated as the key is never known by the server.
The counterpart is that when a user lost the key, the data are lost for ever (or until the next AES breakdown).

However, if the main server is compromised, the opponent can still change the code served to the client side and introduce malicious html/javascript to receive the clear data.
So this model is not perfect yet.

My question is : is there a way to ensure the client side code authenticity to avoid executing malicious code sent by a compromised server ?

The last time I talk with a dev at cryptpad, he told me about code signing for website. They tried to dig the idea of publish open source client side code, sign it somewhere and make the browser checks that the signature is the same as the one associated with the auditable open source code.
Is someone knowing something about that ?

This question came to my mind because, today, many people talk about Zero Trust for the Cloud based architectures.
I'm not sure to have the same definition of Zero Trust but I'm quite chocked to never see anywhere a little concern about the fact that, currently, no Cloud based architecture can be resilient to AWS compromise (or AWS becoming hostile). Something I feel more like "zero trust except amazon"...
Zero knowledge could be a solution but not a complete one until the client side is still exposed.

Sibwara
  • 1,316
  • 7
  • 19
  • 1
    See https://security.stackexchange.com/questions/238441/solution-to-the-browser-crypto-chicken-and-egg-problem?noredirect=1&lq=1 – mti2935 Sep 21 '20 at 22:25

1 Answers1

3

My question is : is there a way to ensure the client side code authenticity to avoid executing malicious code sent by a compromised server ?

Short Answer

No, there is currently no perfect, practical way to ensure that the server doesn't go rogue and serve you malicious code without raising any obvious red flags.

Long Answer

A complete Zero Trust model is simply not practical for web/cloud applications, and as far as I know, there are no 100% zero trust web applications, only zero knowledge ones where you still have to trust them to serve you secure code. If you can't trust a server to handle your secrets, you cannot trust it to serve you secure code either. Currently, the best possible way is what you have already mentioned in your question. The developers will have to publish the code so others can audit it and ensure that there are no backdoors. Then it lies on the end user to compare checksums and confirm that the code they received from the server is the same as the code published.

Of course, this approach is nowhere near perfect because of its sheer inconvenience. No sane human can be expected to manually check the integrity of every web page they visit. A better approach would be to have signed copies of the source code hosted on independent servers from where the browser (or perhaps an extension) would be able to ascertain whether the code it receives from the web server is the same as the publicly auditable version and hasn't been modified to include backdoors (and now you have to trust the independent server... although chances of both of them being compromised or going rogue simultaneously would be lower). But no browser currently supports this capability (and there isn't any established protocol for it either).

In the end, you'll just have to trust the developers and maintainers of whatever web/cloud service you're using and hope that if they get compromised (or are served a subpoena and gag order), someone will notice before any damage is done. The alternative is not trusting the cloud and relying on open source software running on trusted hardware.

The only source I could find that even remotely tried to address the problem of serving trusted code in a zero trust model: https://clipperz.is/blog/2007/08/24/anatomy_zero_knowledge_web_application/

nobody
  • 11,251
  • 1
  • 41
  • 60
  • 1
    The link was very interesting thanks. They reassured me about the fact that this subject deserve attention – Sibwara Jul 24 '20 at 15:48