Page MenuHomePhabricator

Encrypt tranfers
Closed, ResolvedPublic

Description

In addition to client-server TLS secured connection, encrypt data which is transferred from client to server.

Security and Encryption design see attached illustration:

secConcept.png (405×720 px, 56 KB)

Related Objects

StatusAssignedTask
Resolvedreicht

Event Timeline

reicht moved this task from RM ToDo to DKFZ ToDo on the CSI-HD board.
reicht claimed this task.
reicht moved this task from Doing to Done on the CSI-HD board.

First initialize a TLS based websocket connection between browser and server. In addition encrypt the files using AES-GCM 256. Key to encrypt files is computed using ECDH P-384. Private/Public Key for ECDH is generated independently from the TLS secured websocket connection.

reicht changed the visibility from "CSI-HD (Project)" to "Public (No Login Required)".Aug 17 2019, 11:04 PM
reicht reopened this task as Open.EditedAug 17 2019, 11:07 PM
reicht moved this task from Done to Doing on the CSI-HD board.
reicht changed the visibility from "Public (No Login Required)" to "All Users".

ToDos

  • implement final caseID socketbased
  • port encryptData to socketbased
  • distinguish between uploading sites (such as CSI, E010, etc.)
  • when decrypting, differentiate between files and string
  • include IV of encrypted file
  • include client PublicKey
  • can formData be transported by websockets
    • compile needed socket.emit statement. emit supports Buffer
json
const dataToTransfer = {
ivPathName: ivPathName,
encrypedPathName: encPN,
ivFileName: ivFN,
encryptedFileName: encFN,
ivFile: ivFile,
encryptedFile: encFile,
publicKey: clientPubKey
}

issues:

  1. encoding File/Blob object to ArrayBuffer (needed as input for AES encryption) crashes browser (tested on Chrome) if file is bigger 1GB:
    • check chunking
  2. transmitting files bigger than 100MB is not accepted by "standard" websocket.
    • check socket.io-stream
socket.io-stream cannot transfer bytearrays (or there are some undocumented flags to support it). However, manual chunking works fine and seems the best option for now.
reicht moved this task from Doing to Done on the CSI-HD board.

encryption works as expected

reicht changed the visibility from "All Users" to "Public (No Login Required)".Apr 18 2020, 7:39 PM