[aerogear-dev] Security for "Device Registration"

Bruno Oliveira bruno at abstractj.org
Tue May 21 18:11:39 EDT 2013 


Matthias Wessendorf wrote:
> Another idea....

I can see a lot of good ideas here, but we have to start to file jiras. 
There will be several several ways to make a system secure.

IMO start simple, make it ultra secure later.

>
> We generate, for EACH variant, an "access-key" with a generated
> secret(password).

What do you mean about secret? A shared secret? Now we have another 
problem, you must encrypt this shared secret.

This accessKey:secret combination would be, similar to
> the previous email, ONLY be able to perform updates for "device
> (un)registration".
>
> It would be NOT possible to use this combination for sending messages to
> a device, (read: our HTTP send interface would not allow this
> accessKey:secret combination).
>
>
> Not, sure, but this is (I guess) a bit simpler, initially, instead of
> using private/public key approach.
>

I'm still confuse, about what do you want to encrypt and why. Why not 
only create APP-KEY as a point of start, then we figure out how to 
authorize or not a server.

Then several people, including me suggesting it will say "it's not 
safe". Then you reply with "fix it" and we can make it work.

>
>
>
>
>
>
>
>
> On Sat, May 18, 2013 at 12:48 AM, Matthias Wessendorf <matzew at apache.org
> <mailto:matzew at apache.org>> wrote:
>
>     Hi,
>
>     once the app is installed on the phone (or launched in a browser),
>     we (as discussed in the spec/mailing list) need to upload the
>     "device token" (or channelID) from the actual device/channel to the
>     Unified Push Server.
>
>
>     My questions:
>     Is it safe, if every "Mobile Variant" has a Private/Public Key ???
>
>     The UP server keeps the private one.
>     Once we register a new mobile variant (e.g. HR for Android, HR for
>     iPad, HR for iPhone, ...) EACH variant has ONE Private/Public key
>
>
>     The Public Key of this combo would be "coded" into the actual mobiel
>     application...
>
>     On EVERY iOS app, it would use the PubKey from the iOS Variant, on
>     EVERY JS-app, it would use the PubKey from the SimplePush Variant, etc
>
>
>     So, that means EVERY installation (on the devices) would have that
>     pbulci key...
>
>     Would that be (extremely) odd, if "1 Mio Russian hacker" would have
>     that public key, used on the device, to perform some sort of "auth"
>     (e.g. via HTTP BASIC (just saying.....)) against the server, in
>     order to upload the "device token" ??
>
>
>     Note: This Private/Public key would/should be EXCLUSIVE for "device
>     registration". And really ONLY.. :-)
>
>     So that this "Private/Public key" pair can NOT be used (==invalid)
>     for sending messages to the installations, or creating the
>     Push-Applications / Mobile Variant Constructs.
>
>
>
>     Greetings,
>     Matthias
>
>     --
>     Matthias Wessendorf
>
>     blog: http://matthiaswessendorf.wordpress.com/
>     sessions: http://www.slideshare.net/mwessendorf
>     twitter: http://twitter.com/mwessendorf
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list