[whatwg] Proposal for secure key-value data stores

Evan Ireland eireland at sybase.com
Mon Aug 16 16:03:58 PDT 2010 

One of our key concerns is with Web SQL Database API (which we prefer) or
Indexed Database API.

I might wish to build an offline web application which will refuse to
operate if the browser cannot guarantee that the database is encrypted. Now
full-disk encryption would be fine (if the O/S has a power-on password), but
how can my web application author detect (using a JS API) if any data stored
in a browser's database is in fact encrypted (or not)?

Such uncertainty might force us (as a vendor) to have to develop
platform/browser-specific plugins to providew an alternative implemantation
of the database API so we can be confident that database storage is secure.

> -----Original Message-----
> From: Ian Hickson [mailto:ian at hixie.ch] 
> Sent: Tuesday, 17 August 2010 10:58 a.m.
> To: whatwg at lists.whatwg.org
> Subject: [whatwg] Proposal for secure key-value data stores
> 
> On Tue, 30 Mar 2010, Nicholas Zakas wrote:
> > 
> > In attempting to use localStorage at work, we ran into some major 
> > security issues. Primary among those are the guidelines we 
> have in place 
> > regarding personalized user data. The short story is that 
> personalized 
> > data cannot be stored on disk unless it's encrypted using a 
> > company-validated encryption mechanism and key. So if we 
> actually wanted 
> > to use localStorage, we'd be forced to encrypt each value as it was 
> > being written and then decrypt each value being read. 
> Because of this 
> > tediousness, we opted not to use it.
> 
> Doing that wouldn't actually help, either, since anyone 
> attacking the user 
> could simply intercept the key and then decrypt it all 
> offline. (In this 
> scenario, I'm assuming the attack being defeated is that of 
> an attacker 
> obtaining the data, and I'm assuming that the attacker has 
> physical access 
> to the computer, since otherwise the Web's security model would be 
> sufficient to block the attack, and that the computer is 
> logged in, since 
> otherwise whole-disk encryption would be sufficient to block 
> this attack.)
> 
> 
> > Another major issue also relates to the persistence of the data in 
> > localStorage. Whereas cookies allow you to specify a time 
> at which the 
> > data will be removed, localStorage is there more or less forever.
> 
> Right, it's there for as long as the data that would be saved 
> by the user 
> if the user viewed your page and chose "File > Save As" -- 
> that is, until 
> the user deletes it. (Or until he visits your page again and 
> your page 
> deletes it.)
> 
> 
> > It seems like any company that takes the security of its 
> data seriously 
> > would run into the same issues, and rather than forcing 
> every company to 
> > implement their own version of the same approach, a common native 
> > approach would be incredibly useful.
> 
> Why isn't whole-disk encryption sufficient? It seems like if 
> the user is 
> concerned about his disk being stolen, he'd be concerned 
> about all data on 
> the disk, including his HTTP cache, his cookies, his saved 
> usernames and 
> passwords, etc, not just the data in the Web page's localStorage area.
> 
> 
> On Tue, 30 Mar 2010, Dirk Pranke wrote:
> >
> > Nicholas is almost certainly discussing the case where the service 
> > provider requires any data stored on a customer's computer to be 
> > encrypted, not the provider's own computers. (e.g., this could be a 
> > Yahoo! policy that data stored on Yahoo! users' computers must be 
> > encrypted).
> > 
> > Hence they cannot enforce anything like "use FileVault".
> 
> If you can't enforce whole disk encryption, but you are 
> concerned that an 
> attacker could have access to your machine, it seems that there is no 
> solution, since an attacker could just install a rootkit and 
> then carry 
> out arbitrary attacks remotely, including simply replacing 
> the browser 
> with one that intercepts all the user's data as it is written.
> 
> 
> On Tue, 30 Mar 2010, Dirk Pranke wrote:
> > 
> > Perhaps we should instead focus on a set of JS Crypto APIs, 
> since that
> > is largely orthogonal to the storage APIs?
> 
> That would make more sense, I think. It would be useful in 
> other scenarios 
> too (such as replacing <keygen>). I would encourage people 
> interested in 
> such an approach to get vendors together and write a spec.
> 
> -- 
> Ian Hickson               U+1047E                
> )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   
> _\  ;`._ ,.
> Things that are impossible just take longer.   
> `._.-(,_..'--(,_..'`-.;.'
>

More information about the whatwg mailing list