1

What is best practice for the encryption of offline application data?

I have an application where multiple users can log in. The user gets data from an internet API, where the user authenticates. I want to store some of the data, for example, a list of events (name, location, etc.) offline in a database for access with no internet connection.

My plan is to use a key generated from a PBKDF2-algorithm with the users password and store the database in the app directory identifiable by the username. I'm not storing the password, just the username as the database name for checking during login, if the login data is available at all. I will delete the data and store the new updated data when there is internet access and the user logs in again.

Is this approach dangerous, because attackers can brute force the user password on these databases? Are there any security vulnerabilities or weaknesses that I'm missing out on?

Implementation notes: The programming language is Dart (in combination with the flutter framework) and the platforms are iOS and Android. The database will be a hive, which uses AES-256 encryption.

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
Donatic
  • 11
  • 2
  • Do you have multiple users on the same smartphone? If so, what prevents you from using one user profile per user (see https://support.google.com/android/answer/2865483?hl=en#zippy=%2Cadd-user)? – A. Hersean Jun 02 '22 at 08:43

1 Answers1

0

Use secure enclave for iOS or similar hardware-backed keystore for Android to store the encryption key.

Even if an attacker gets access to the device RAM or disk storage, it is impossible to extract such keys/secrets.

If the attacker obtains the encrypted data, the only way to decrypt them is brute-forcing, which, with proper encryption algorithm and password, is impossible.

mentallurg
  • 8,536
  • 4
  • 26
  • 41
  • A nitpick: bruteforcing the data is near-impossible in the current time, don't get too caught up by the Zeitgeist ;-) In the not so far future the encrypted data might get easily decrypted using Quantum Computers or something similar. – Sir Muffington Jun 01 '22 at 19:29
  • 1
    @SirMuffington: A nitpick for nitpick: Quantum computers can potentially break RSA and ECC only, not symmetric algorithms. That's why **AES is post-quantum resistant** To be precise, for the same strength in the quantum case, you need keys twice longer than in the pre-quant case. To get 128 bit security, you need 256 bits key. The reason for this see [here](https://en.wikipedia.org/wiki/Post-quantum_cryptography): *"The best quantum attack against generic symmetric-key systems ... requires work proportional to the square root of the size of the key space"*. – mentallurg Jun 01 '22 at 21:01
  • Isn't it only in case of Shor's algorithm? Or is it valid in general? I mean what if a more efficient algorithm comes out – Sir Muffington Jun 02 '22 at 16:36
  • Shor's algorithm is applicable to integer factorization, to discrete logarithm problem and to elliptic-curve logarithm problem only, not to symmetric encryption. For symmetric encryption other algorithms are used. The most efficient one is the Grover's algorithm. To *"what if a more efficient algorithm comes out"*: I am not a fortune teller. You can post your question at [Sci-Fi SE](https://scifi.stackexchange.com) or at [Crypto SE](https://crypto.stackexchange.com). – mentallurg Jun 02 '22 at 20:01
  • 1
    Grover's search on unstructured data set is proven to be optimal asymptotically. As a result block ciphers and hash functions with enough keys and output sizes are safe against Grover's quantum search. Shor's algorithm, on the other hand, is a period finding algorithm that exploited the periodic structures of RSA and discrete logs. This is why there is no post-quantum symmetric cipher and hash function competition on the NIST post-quantum, however, there are public key system encryption and digital signature algorithm.. – kelalaka Jun 03 '22 at 07:29
  • Is it really impossible to extract such keys/secrets or there is no known method to extract such keys/secrets under xyz conditions? – kelalaka Jun 03 '22 at 07:31
  • 1
    @kelalaka: According to [Apple](https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc): *"Can’t import preexisting keys. You must create keys directly inside the Secure Enclave. Not having a mechanism to transfer key data into or out of the Secure Enclave is fundamental to its security."* – mentallurg Jun 03 '22 at 16:11
  • So, it is impossible according to Apple and lived up to today according to public sources. This what your last sentence should be around? – kelalaka Jun 03 '22 at 20:11
  • @kelalaka: Not quite Apple Secure Enclave was *designed* to be unbreakable. But there can be defects in the hardware, there can be problems like [this one](https://mspoweruser.com/hackers-say-they-cracked-apples-t2-security-chip/). Breaking is not trivial, it requires physical access to the device. But it is not impossible. – mentallurg Jun 03 '22 at 22:41
  • Is it possible to secure user secrets (e.g. PIN/passwords) with Secure Enclave on iOS and TEE on Android using some cryptographic primitive that isn't hookable with Frida? – user1118764 Jun 07 '22 at 04:39