Closed
Bug 1215457
Opened 9 years ago
Closed 8 years ago
[TV 2.5][meta] Secure connection between remote control server and client
Categories
(Firefox OS Graveyard :: Gaia::TV::System, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: etsai, Unassigned)
References
Details
(Whiteboard: [ft:conndevices])
httpd.js only supports http, we need secure connection like https to provide remote control service.
Reporter | ||
Updated•9 years ago
|
Blocks: TV_RemoteControl_TVSide
Reporter | ||
Comment 1•9 years ago
|
||
Try to find some clue for implementation a https server: 1) necko client test case for https server 2) WebRTC default certification, try to leverage for build-in https server
Priority: -- → P1
Reporter | ||
Comment 2•9 years ago
|
||
Hi Paul, Luke and I have secure connection proposal for remote control: https://wiki.mozilla.org/Firefox_OS/Remote_Control#Secure_Connection Would you mind to give us some opinion on the proposal?
Flags: needinfo?(ptheriault)
Updated•9 years ago
|
Whiteboard: [ft:conndevices][partner-blocker]
I've a look here but really there isn't enough information. From the information I can see on the wiki, this solution seems to add almost no security at all. But really there isn't enough information to go off. From our consersations it sounds as thought you have a more detailed plan than documented. As we discussed, I'll get some feedback from platform security team, but my advice here would be stop trying to implement your own security protocol, and use something provided by the platform as previously suggested (WebRTC peerConnection), or dont do anything at all. My overall though is that it would be significantly easier to re-implement your communication protocol than trying to replace SSL with some encryption at the javascript layer.
Flags: needinfo?(ptheriault)
Reporter | ||
Comment 4•9 years ago
|
||
Add steps to verify public key by fingerprint: 1. User connect to TV firstly. 2. TV send public key to user, print fingerprint on TV screen. 3. User receive public key, generate fingerprint on device screen. Compare the two fingerprints are the same. 4. User press "Confirm" on the device. 5. TV dismiss the fingerprint on TV screen. 6. Continue to exchange symmetric key and follow the PIN code pairing steps.
Updated•9 years ago
|
Whiteboard: [ft:conndevices][partner-blocker] → [ft:conndevices][partner-blocker][partner-cherry-pick]
Reporter | ||
Comment 5•9 years ago
|
||
1. Unpaired device musn’t be able to just send commands directly to the TV. - I think this is protected by the requirement of a UUID cookie 2. Prevent CSRF attacks against the remote control - This attack involves a malicious website making an request to the TV - While any website can induce an XHR request to the TV which will include the UUID cookie, the website doesn’t know the encryption key stored in localStorage, so it can’t make a valid request (you should be sure to use an authenticated encryption mode to reduce the attack surface here). 3.Prevent clickjacking attacks against the remote control - make sure the remote control web page can not be framed (i.e. set the "X-Frame-Options DENY;” http header see https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)
Reporter | ||
Comment 6•9 years ago
|
||
After try webcrypto, I think use RSA-OEAP to do exchange AES-GCM key is fine. But AES-GCM encrypt and decrypt requires the same IV, I think we can send IV with non-encrypted message or cookie?
Comment 7•9 years ago
|
||
Change this bug to a meta bug and break down works.
Summary: [TV 2.5] Secure connection between remote control server and client → [TV 2.5][meta] Secure connection between remote control server and client
Updated•9 years ago
|
feature-b2g: --- → 2.5+
Target Milestone: --- → 2.6 S4 - 1/1
Updated•8 years ago
|
feature-b2g: 2.5+ → 2.6+
Updated•8 years ago
|
Target Milestone: 2.6 S4 - 1/1 → ---
Updated•8 years ago
|
blocking-b2g: --- → 2.6?
feature-b2g: 2.6+ → ---
Whiteboard: [ft:conndevices][partner-blocker][partner-cherry-pick] → [ft:conndevices][partner-blocker]
Comment 8•8 years ago
|
||
Hi ChunMin, Could you help to take this bug for now we change the use case of Remote Control to use TCP socket. Thanks.
blocking-b2g: 2.6? → ---
Flags: needinfo?(cchang)
Whiteboard: [ft:conndevices][partner-blocker] → [ft:conndevices]
Reporter | ||
Comment 10•8 years ago
|
||
Modify dependency, TV part is in bug 1207996, addon is in bug 1228262. Both are landed, set this bug to resolved fixed.
You need to log in
before you can comment on or make changes to this bug.
Description
•