Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

update identity server-side registration management #9

Closed
mwfarb opened this issue Jan 8, 2015 · 5 comments
Closed

update identity server-side registration management #9

mwfarb opened this issue Jan 8, 2015 · 5 comments
Assignees
@mwfarb
Labels
enhancement
Milestone
April

Comments

@mwfarb
Copy link
Collaborator

mwfarb commented Jan 8, 2015

Until now, we've tried to provide the most usable experience we can without storing user identify online. It's becoming increasingly difficult to do so since push registration IDs need to change more frequently than they have in the past, and need to be allowed to change more frequently that they have in the past. We warn users that they must sling keys when the registration has changed from past slings, but that is far less usable that it could be.

If all push registrations expired and devices were issues now ones at the same time, no devices would have the new address so they could receive messages and that is not acceptable. We'll need to store a table with at least:

  • registration update timestamp
  • key id
  • push registration id
  • push registration service type

We'll also need to add a new script for devices to register their new registration ids when they get them. However, this script should be constructed in such a way with the new table that it would not be trivial to to submit false redirection to another device, even though such a message would be useless without the private key.

Finally we need to modify the postMessage script to check for updated recipient registration ids before sending the push message. This could be rolled out separately in phases when each client has time to submit the proper changes. First Android could modify postMessage for types 1 and 3, and later iOS could modify postMessage for type 2.

Client-side relevant issues:
SafeSlingerProject/SafeSlinger-Android#38
SafeSlingerProject/SafeSlinger-iOS#45
@mwfarb mwfarb self-assigned this Jan 8, 2015
@mwfarb
Copy link
Collaborator Author

mwfarb commented Jan 16, 2015

One way to do this is to use the push messaging system itself to deliver a submission nonce for authentication. We could do a 3-way handshake that could ensure the nonce came only by way of the requesting device using the push service as well.

  • client sends to server key id, registration id.
  • server returns a random nonce in a push message to the registration id.
  • client receives push message and sends nonce as an authentication token.

@mwfarb
Copy link
Collaborator Author

mwfarb commented Jan 16, 2015

Another way to do this is to make a TOFU model where the first time a key id is added, each time an update to that key id is added it must survive a challenge the original entry made. Maybe the submission nonce could be a hash of the private key, which would help make sure it couldn’t be easily erased.

Sequence:

  • Client: submissionToken = H(private_key).
  • Client: post to server -> add_idenity_script(key_id, reg_id1, submissionToken).
  • Server: checks if key_id is in identity table, find 0 matches.
  • Server: inserts key_id, reg_id1, submissionToken into identity table.
  • Client: reg id changes.
  • Client: post to server -> add_idenity_script(key_id, reg_id2, submissionToken).
  • Server: checks if key_id is in identity table, find 1 match.
  • Server: checks if submissionToken sent == submissionToken in table.
  • Server: inserts key_id, reg_id2, submissionToken into identity table.

@mwfarb
Copy link
Collaborator Author

mwfarb commented Jan 21, 2015

Server side uploaded, Android client in progress.

@mwfarb mwfarb closed this as completed Jan 21, 2015
@tenmalin tenmalin reopened this Feb 16, 2015
@tenmalin
Copy link
Collaborator

Modified TOFU registration model. The sequence is listed as follows:

Sequence (for new registration):
Client: submissionToken = H(sign_pub).
Client: generate signature sig by signing (key_id, reg_id, submissionToken, nonce, sign_pub) with private key sign_pri and 32 bytes nonce.
Client: post to server -> add_idenity_script(key_id, reg_id1, submissionToken, nonce, sign_pub, sig).
Server: checks if key_id is in identity table, find 0 matches.
Server: verify (key_id, reg_id, submissionToken, nonce, sign_pub) through retrieve sign_pub and sig from packet.
Server: inserts key_id, reg_id1, submissionToken into identity table.

Client: reg id changes.
Client: post to server -> add_idenity_script(key_id, reg_id2, submissionToken, nonce, sign_pub, sig).
Server: checks if key_id is in identity table, find 1 match.
Server: checks if submissionToken sent == submissionToken in table.
Server: verify (key_id, reg_id, submissionToken, nonce, sign_pub) for sure.
Server: inserts key_id, reg_id2, submissionToken into identity table.

@tenmalin tenmalin assigned tenmalin and mwfarb and unassigned mwfarb and tenmalin Feb 16, 2015
@tenmalin tenmalin mentioned this issue Feb 16, 2015
Closed
@mwfarb
Copy link
Collaborator Author

mwfarb commented Apr 2, 2015

I'll add the server side handling to manage migration from scheme 1 to scheme 2.

@mwfarb mwfarb mentioned this issue Apr 2, 2015
Closed
@mwfarb mwfarb modified the milestone: April Apr 8, 2015
@mwfarb mwfarb closed this as completed in 24e0286 Apr 29, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mwfarb mwfarb

Labels
enhancement
Projects
None yet
Milestone
April
Development

No branches or pull requests
2 participants
@mwfarb @tenmalin