Security: HTTPS, WSS, PFS and E2EE with Phoenix framework

At start some definitions:

  1. HTTPS (is a protocol for secure communication over a computer network which is widely used on the Internet) - see HTTPS Wikipedia article
  2. WSS (secured WebSocket protocol) - see WebSocket Wikipedia article
  3. PFS (is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys) - see Perfect Forward Secrecy Wikipedia article.
  4. E2EE (a cryptographic paradigm involving uninterrupted protection of data traveling between two communicating parties) - see End-to-end encryption Wikipedia article

Summary:

  1. HTTPS, WSS protocols can be set in configuration
  2. PFS can be set in configuration too and need more attention (ciphers, SSL version)
  3. E2EE - to setup this we need choose algorithm(s) to generate, export, import, encrypt and decrypt for Web Cryptography API; time between generate new keys depends on what is used in application

Helpful sources:

  1. Mozilla wiki article describes SSL configuration and splits it by client support.
  2. SSL configuration could be set in standard nginx way or in cowboy/phoenix configuration.
  3. An examples of using Web Cryptography API
2 Likes

Phoenix has HTTPS and WSS support builtin, see http://www.phoenixframework.org/docs/configuration-for-ssl

For PFS I believe you need to configure your server to use specific key exchange algorithms (i.e. it’s not a matter of the certificate). I don’t know how to do that with Phoenix. Personally I terminate TLS with Nginx and proxy it to Phoenix.

HTTPS and WSS are end-to-end encrypted, one end being the client’s browser and the other end being the server.

For free certificates, take a look at https://letsencrypt.org/

2 Likes

First link describes only https or it will work also with WebSocket?
You reminded me that I already have seen that this is a matter of configuration algorithm. To summarize answer what was encryption algorithm name in PFS?
Summary:
I need any valid SSL certificate + configure ssl in phoenix + configure encryption algorithm that provide PFS, right?

It should also enable WSS as far as I know.

Yes, but I don’t know how to do the last part. Maybe someone else can help.

I found interesting article from Mozilla Wiki.
What do you think about it?
Is Modern configuration robust enough?

1 Like

That’s a good article, I’ve followed it in my own configurations. You need to decide for yourself which configuration you can use based on the clients you need to support.

My demo site (in future) will support only modern standards. I do not want to support M$ standards, IE and other old leafs of web programming. I decide to CSS3/Ecmascript6/HTML5 in fronted and Elixir/Phoenix + my libs in backend, so I want Modern configuration. Is this configuration describes all SSL configuration must-have or you know more SSL configuration options that should be set (of course we need to generate certificate and add configuration to generated files)?

I think that’s pretty comprehensive but I’m not an expert by any means.

Ok, thx - here I will summarize all info:

  1. HTTPS, WSS protocols are configurable
  2. WSS is already provided in above protocols
  3. PFS is configurable too and need more attention (ciphers, SSL version)

Mozilla wiki article describes SSL configuration and splits it by client support.
SSL configuration could be set in standard nginx way or in cowboy/phoenix configuration.

And just a note about end-to-end encryption: This is a whole different beast. Usually it means that you have to use a JavaScript cryptography library, which is used to encrypt data before it is sent towards the server, and to decrypt certain data coming from the server (at a later time, or for a different user). Because usually with end-to-end encryption the server is ‘in the middle’, there are no special settings for the server software (such as Phoenix) to work with it.

1 Like

@Qqwy: Can you recommend any JavaScript library?
I found Web Cryptography API Examples github project, but I don’t know if one of this is good.

@Eiji I cannot recommend any libraries personally. When I did end-to-end encryption earlier it was for a secure secret-sharing tool, which used Diffie-Helmann. I wrote my own implementation of RFC3526 in JavaScript for that which was relatively trivial and only relied on jsbn, whch is a library that allows big-number arithmetic. That was a few years ago, so the landscape might have changed now.

WebCrypto looks like it is good; also because of the fact that it has received quite some stars from other developers. But doing some deeper research into this (i.e. what alternatives are there) is definitely a good idea, since it is very easy to make a mistake in a cryptographic implementation, with possibly devastating results.

1 Like

@Qqwy: I don’t know which algorithm much this needs. I’m new so I created this topic to link to some tutorials.
Also not all algorithms have described encypt and decrypt algorythm.
Encrypt methods returns ArrayBuffer. Does Phoenix supports it in WebSockets?
I can see that DH algorithm (Diffie-Helmann?) have not encrypt and decrypt methods. Should I use DH to generate keys and use other algorithm to encrypt/decrypt data with these keys?

There are many different algorithms that are used for very different reasons.

Diffie-Helmann (which is indeed what DH stands for) lets two parties compute a shared secret. It does not do encryption/decryption itself, that’s just not what it is for. Indeed, usually DH is used to find a shared key, which is then used as encryption/decryption key in a symmetric cypher, such as AES or Blowfish.

ArrayBuffers are things that were added to JavaScript to allow easier (more efficient and less error-prone) manipulations of binary data. I am not entirely sure if the HTML5 WebSocket API (regardless of Phoenix) supports transferring such an object directly; it could very well be that it needs to be converted to either a binary file or a Base64 string.

2 Likes

@Qqwy: Ok, last question:
How often should I generate public and/or private keys in combination of DH and AES-CTR algorithms?
For any WebSocket connection?
Every x minutes/hours/days?

That completely depends on what it is used for in your application.
If you want to store encrypted data for an end-user, then he is in control of when a key is changed.

If you want to allow end-to-end encrypted communication between two parties, then it is best to use something like Ephemeral Diffie-Hellman (as it allows for perfect forward secrecy) where for each session a new key is generated.

2 Likes

@Qqwy: Ok, thx - here I summarize all info:

  1. HTTPS, WSS protocols are configurable
  2. WSS is already provided in above protocols
  3. PFS is configurable too and need more attention (ciphers, SSL version)
  4. E2EE - to setup this we need choose algorithm(s) to generate, export, import, encrypt and decrypt for Web Cryptography API; time between generate new keys depends on what is used in application

Mozilla wiki article describes SSL configuration and splits it by client support.
SSL configuration could be set in standard nginx way or in cowboy/phoenix configuration.
An examples of using Web Cryptography API

2 Likes

Maybe I shouldn’t revive this topic (in that case, sorry!), but I believe figuring out ways to make it easier to implement encryption in Elixir and Phoenix applications is more relevant, and pertinent, than ever.

The following library is a good choice to use if attempting to implement encryption in your Elixir/Phoenix applications:

Sodium (libsodium) is a fork of NaCl, a trusted library by security experts. By using enacl (libsodium/NaCl) you set yourself up to not accidentally make a mistake that renders your security not as secure as you think. The PragProg book, Practical Security, also recommends the library for encryption for this very reason.

Additionally, this is an interesting take by Badu on implementing both symmetric encryption and asymmetric encryption (along with user derived keys).

Symmetric Encryption
In regard to symmetric encryption, dwyl made a great Phoenix encryption example that I’ve been testing and works exceptionally well from a developer and client perspective.

It is worth noting however, that the person (or company/people) with access to the encryption keys can theoretically decrypt the data. This is true of all symmetric encryption.

Asymmetric Encryption
Badu has two nice examples here with Elixir, Part III and Part IV.

Asymmetric encryption is commonly referred to as public-key cryptography. I don’t know of any other example in Elixir/Phoenix other than Badu’s.

End-to-End Encryption (E2EE)
The Signal Protocol set the bar here. Good news is that the IETF has a working group (MLS) developing a Messaging Layer Security architecture and protocol standard. In theory, it’ll be an excellent choice for anyone working to implement end-to-end encryption (especially for large groups).

I’ve been following their development: MLS GitHub, Datatracker.

E2EE tends to use combinations of asymmetric and symmetric encryption to make it all work.

I’m not aware of any current example offering end-to-end encryption with a Phoenix app. My initial thinking is that you can take guidance from Badu’s asymmetric encryption example and dwyl’s transparent symmetric encryption example to essentially create an end-to-end encrypted Phoenix app. It would work something like this:

  • password derived key → gives each person/user access to their data
    Since the password is hashed, only knowledge of someone’s password can ever decrypt their data. This ensures the company/person with access to the system cannot access a client’s key to decrypt their data (in theory).

  • transparently shared public keys → gives people the ability to share/edit data with each other
    This would work behind the scenes, transparently to the client, like how dwyl’s example works.

This is clearly not a finished thought, but the idea being that there may be a way to take a symmetric encryption example and combine it with Badu’s asymmetric example to deliver something close to end-to-end encryption in a Phoenix and Elixir app.

Other approaches
For instance, if you’re implementing video chat through Phoenix, over WebSockets, with authentication, using a peer-to-peer mesh architecture and STUN server, then your video chat is already end-to-end encrypted and avoids some of the known WebSocket security vulnerabilities.

I was able to achieve this by following the incredible guide by Jesse Herrick of Littlelines, then tying it into an existing authentication solution (phx_gen_auth for example).

This makes me think that, as mentioned 4 years ago, communication over channels would also be secured similarly provided you setup your Phoenix socket configuration to use :websocket and not :longpoll.

:blush::heart:

4 Likes

I just discovered that Threema implements NaCl for their E2EE. They have a great cryptography white paper that gives an overview of how they implement everything, including using a STUN and TURN server encrypted with SaltyRTC.

This is a similar strategy to what I’m planning to implement for Metamorphic. :blush:

1 Like