celox.message (https://celox.me) is yet another self-destructing, single serve message web application. It’s my first Ruby on Rails app; a work-in-progress, and far from feature complete. It’s also open source (and available on github).
Overview:
- Message is securely transmitted and stored in a data store.
- Message is destroyed once it is read (self destructs).
- Message eventually expires and is removed from the system (even if not read).
Components Used:
- Ruby 1.9.2 (initial development)
- Rails 3.0.x; later migrated to 3.1.3.
- Twitter Bootstrap 1.1 framework.
- lib OpenSSL.
Security:
- Form is submitted via HTTPS (TLS/SSL).
- OpenSSL cipher suite is used for data encryption (server-side). Server operator can choose any crypto algorithm supported by OpenSSL (via config file).
- A multi-case alphanumeric pseduo-random key is generated per message (key length can be set via config file). Key is passed on to the user as part of the retrieval URL.
- Key is hashed (SHA2-256), and stored as a stub (used to retrieve message). PBKDF2 is used to create to a strong cipher key; however, the stub hash is the weakest link in the chain against a brute force attack.
- Encryption algorithm, encrypted data, salt, and IV (initialization vector) objects are marshalled (binary) and encoded (base64) before being stored. This also allows for the encryption algorithm to be changed without invalidating previously encrypted messages.
- Message body is overwritten once stub URL is accessed. Reader IP and timestamp are stored, and displayed should the user access the URL again (configurable).
- Entire message (row) is eventually removed from the data store (cron job; configurable).
TO DO:
- Improve exception handling (don’t want to lose user data if server-side issue/exception).
- Allow user to select expiration period (not to exceed operator’s limits).
- Brute force protection against data (data/key isolation); blacklisting.
- Notify user when message is read.
- Mobile site?
- Mobile APP that utilizes the REST API.
- ‘Are you human?’ mechanism. Issue with Facebook, and various security applications accessing the message URL, effectively destroying the data, before it’s seen by the intended party.
Johanns
If you enjoyed this article, please consider sharing it!
