Encryption in App, Decryption in Backendfrom the CommonsWare Community archives
At December 17, 2018, 6:13pm, Raptor asked:
I am developing an application and I need some help. I am trying to send a string (which is actually a Base64 encoded photo) to the backend and based on this photo the backend checks a face recognition service and if it recognizes a user, it returns information about that user. I have solved the problem of spoofing (checking if the user is “alive” and not just a printed image of his face or a photo on a telephone screen) in the app. However, I am still accessing the backend endpoint with just a regular photo - anybody with knowledge of the endpoint can send a base64 encrypted photo of that particular user and she will get back information about that user.
My thought is to encrypt the string containing the picture as I send it to the backend, and then the backend can decrypt it. Obviously, if you’re a “hacker” trying to send the same picture unecrypted, then it will fail at decryption, getting gibberish.
I have three questions:
Is my approach sensible? Is this simply a matter of encrypting the string describing the user’s face or do you see any other issues, here?
In your experience, how should I approach this? Simply use a Caesar chiper on the characters of the string, and then back to the original in the backend? Some elaborate key system?
Let’s say I have the string as “abc”, and I encrypt it to “xyz”. I send that information to the backend. What’s stopping a hacker from intercepting that, see that I sent “xyz”, and then he can simply send the same “xyz” to the backend again and get the information? In other words, how does encryption protect me if it’s always the same? And if it doesn’t, how would I go about making the encryption dynamical, somehow?
PS. I will take my time tomorrow to research this, but I would like to know your opinion on the questions above.
At December 17, 2018, 10:20pm, mmurphy replied:
That depends entirely on the sophistication of the attacker. In general, if your code is capable of generating the encrypted photo, so is the attacker’s.
In your experience, how should I approach this?
Ideally, don’t write it unless you can afford a well-qualified legal team in addition to security audits. If you are writing this for somebody else, while they might be the ones to pay for the security audits, you still might find yourself individually liable (civil and/or criminal), so discuss this with qualified legal counsel. Biometrics — which includes facial recognition — may come with lots of regulations in your jurisdictions.
Beyond that, in most respects, this is no different than any other Web service scenario:
- Use server authentication, so an attacker needs valid credentials, and employ best practices for the creation and monitoring of those credentials
- Use SSL with certificate pinning to prevent over-the-air interception and spoofing
What’s stopping a hacker from intercepting that, see that I sent “xyz”, and then he can simply send the same “xyz” to the backend again and get the information?
Nothing. The SSL-and-certificate-pinning would prevent over-the-air interception, but that just means a hacker has to attack things through the app or their own client that reproduces what your app does.