什么是移动应用使用AWS(特别S3)的preferred方式? [英] What is the preferred way of using AWS (specifically S3) from mobile apps?
问题描述
添加直接在app code中的AWS访问密钥和秘密密钥绝对不是一个好办法,主要是因为该应用程序驻留在用户设备上(不同于服务器端code),并可以进行逆向工程,以获得凭证,然后可被滥用。
Adding the AWS access key and secret key directly in app code is definitely not a good approach, primarily because the app resides on the users device (unlike server side code), and can be reverse engineered to get the credentials, which can then be misused.
虽然我到处都找不到这些信息,但我无法找到一个明确的解决这个问题。我有什么选择?我看了一下令牌自动售货机架构临时凭证,但我不相信这是任何好转。如果我能逆向工程的密钥,那么我可以逆向工程,code的临时凭证请求。而一旦我有一组临时凭据访问S3,我就好像我有钥匙一样好。我可以一次又一次地要求临时凭证,即使他们很快就过期pretty的。总之,如果一个应用程序可以做一些事情,我可以做同样的恶意用户。如果有的话,TVM可在管理好一点(旋转的凭据,以及更改关键的情况下,违约等)。请注意,我们可以把相同的访问限制密钥,因为我们计划做的情况下TVM临时凭证。
Though I find this information everywhere, but am unable to find a definitive solution to this problem. What are my options? I read about the token vending machine architecture for temporary credentials, but I am not convinced that it is any better. If I can reverse engineer the secret key, then I can reverse engineer the code which requests for temporary credentials. And once I have a set of temporary credentials to access S3, I am as good as if I had the key. I can request the temporary credentials again and again, even if they expire pretty quickly. To summarize, if an app can do something, I can do the same as a malicious user. If anything, the TVM can be a bit better at management (rotating credentials, and changing key in case of breach, etc.). Please note we can put the same access restrictions on the secret key, as we plan to do in case of TVM temporary credentials.
此外,如果亚马逊不希望人们直接在应用程序中使用的密钥,他们为什么不阻止它在自己的SDK,并执行TVM或正确的解决方案。如果您将离开的路径,人们会使用它。我读了几篇文章这样的,不知道为什么?:的http://blog.rajbala.com/post/81038397871/amazon-is-downloading-apps-from-google-play-and
Additionally, if Amazon doesn't want people to use the secret key directly in the App, why don't they block it in their SDK, and enforce TVM or the correct solution. If you will leave a path, people are going to use it. I read several articles like these, and wonder why?: http://blog.rajbala.com/post/81038397871/amazon-is-downloading-apps-from-google-play-and
我主要从网页背景,所以我对这个理解可能有点瑕疵。请帮助我了解,如果这是更好的,以及是否有一个完美的(或者可能是好的)解决方案提供了这个问题。
I am primarily from web background, so my understanding of this may be a bit flawed. Please help me understand if this is better, and whether there is a perfect (or may be good) solution available to this problem.
PS:有没有轨道实现自动售票机的
PS: Is there a rails implementation of TVM?
推荐答案
在应用code嵌入S3键是非常危险的。任何人都可以很容易地得到您的应用程序code是关键(无反向工程或需要的高技能),即使存储加密,它仍然受到损害只是有人需要更加努力(这取决于你如何加密)。
Embedding S3 keys in App code is very risky. Anyone can easily get that key from your app code (no reverse engineering or high skill set required), even if that is stored encrypted it is still compromised just that someone need to try harder (depending on how do you encrypt).
我希望你明白使用临时凭证访问亚马逊(S3等),资源(主要是安全+其他一些人一样,没有应用程序更新等)的优势。我觉得你更困惑的过程中得到来自TVM临时凭证,以及如何,它比code嵌入密钥更安全。
I hope that you understand the advantages of using temporary credentials to access Amazon (S3 etc) resources (mainly security + some others like no app update etc). I think you are more confused about the process to get the temporary credentials from TVM and how that is safer than embedding keys in code.
使用自动售票机首先需要由您主持的TVM服务器实现注册的每个客户端。应用程序(使用自动售票机客户端)和TVM服务器之间的通信是通过SSL。
Every client using TVM first need to register with the TVM server implementation hosted by you. The communication between App (using TVM client) and TVM server is over SSL.
首先,应用程序提供的UUID和密钥注册TVM。请注意,密钥不嵌入应用code(我认为这是主要的原因,你的困惑),但随机生成的(使用<一个href="https://developer.apple.com/library/ios/documentation/security/reference/randomizationreference/Reference/reference.html"相对=nofollow> SecRandomCopyBytes 生成的加密安全随机字节数组)的注册(和十六进制的时间EN codeD)。
First the app register with TVM by providing UUID and a secret key. Please note that the secret key is not embedded in App code (which I think is main reason for your confusion) but generated randomly (using SecRandomCopyBytes which generates an array of cryptographically secure random bytes) at the time of registration (and hex encoded).
在设备与TVM,客户TVM保存生成的UDID和密钥在一个名为钥匙串存储在iOS和共享preferences在Android的成功注册。在iOS中的钥匙串是由内部监督办公室提供的共享存储安全(加密)存储信息(主要是密钥,密码等)。
Once the device is registered successfully with TVM, the client TVM store the generated UDID and secret key in a storage called Keychain in iOS and Shared Preferences in Android. The keychain in iOS is the shared storage provided by iOS to securely (encrypted) store information (mainly keys, password etc).
登记和UDID /秘密金钥存放后,应用程序可以通过发送UDID,加密签名和时间戳获得TVM令牌。加密签名是使用密钥的 HMAC哈希从时间戳的生成。该TVM可以使用UDID来查找密钥,并用它来验证签名。该TVM然后通过发送回临时凭证,它使用密钥进行加密的响应(使用 AES ) 。该应用程序使用解密密钥的临时凭证,然后可以使用它们来访问为其临时凭证授权任何AWS服务。最终,这些临时凭证期满时间必达,在该点,应用程序可以得到的新鲜临时凭证,如果需要的话。
After registration and UDID/Secret Key storage, App can get the token from TVM by sending the UDID, cryptographic signature, and a timestamp. The cryptographic signature is an HMAC hash generated from the timestamp using the secret key. The TVM can use the UDID to lookup the secret key and uses it to verify the signature. The TVM then responds by sending back temporary credentials, which are encrypted using the secret key (uses AES). The application decrypts the temporary credentials using the key and can then use them to access any AWS services for which the temporary credentials are authorized. Eventually, the expiration time of these temporary credentials will be reached, at which point the application can get the fresh temporary credentials, if required.
这篇关于什么是移动应用使用AWS(特别S3)的preferred方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
