2

I'm designing a very simple data collection device for a research project. Because we are logging, among other stuff, the GPS position of actual vehicles, we need to protect the data. Since we manually deploy every logging device, there is no need for registrations or logins.

I have set up a web server (Node.js), a database (MongoDB), an app (native iOS), and a data format (JSON). The client regularly sends JSON to the web server with the following command:

PUT/store/[deviceId]/?hash=[hash]

(with the actual data as a POST variable)

Where the deviceId is a simple identifier, for now just a number (0, 1 or 2), to make me choose which MongoDB collection to store the data in.

The hash is a hash of the HTTP verb, the url, and the device's secret (just a random string hard-coded into each device), inspired by this answer.

My concern here is how secure such a system is. I am using HTTPS to protect the data transfer, and the device secret to make sure it's actually one of our devices, and not the neighbor's son trying to hack us.

Is that enough?

Community
  • 1
Erlend D.
  • 245
  • 2
  • 5

1 Answers1

0

To answer your question you have to first gather some information: - What risks are there you want to mitigate through security? - What Prevention techniques do you want to employ, and how much money are you willing to spend on them? - Do you have any form of intrusion detection? - Do you use a firewall?

for the rest, HTTPS is a good step, but for this type of "research" a verification with client-side certificates might be apt. this means not only is the data secured in transit. but only clients that know your "secret" way of communicating with you can (e.a. the client certificate has to be valid or the server won't even listen to the request)

for storage of critical data mongoDB is not the best solution (it can loose data or even not store it at all) But that is a discussion for another thread (like programmers or sysadmin stackexchange).

On the looks of things, for a wide scale use its not that bad. just add some intrusion detection and misuse detection (no one should be trying random strings on your back-end without getting banned y your firewall for at least 10 minutes after each try, incrementing exponentially with each try, or other security methodology).

Also, at the moment you have no protection against replay attacks. add some time sensitive part to your data that locks out after some time (like a session cookie does or a CSRF token does). a counter that increments after each request send could do this trick already.

LvB
  • 8,943
  • 1
  • 30
  • 47
  • Are there any links on how mongo loses data? It seems base is very different from acid.

    As can be seen, if you enumerate all vectors, you're left with a certain amount of tasks that have to be looked into. If you're up against your neighbour's son, just a simple https should be enough as long as you don't have that freak protocol degrade problem on your server.

     – munchkin Mar 05 '15 at 12:12
  • I'm sorry, I can not link you a source (its based on some internal stress tests we have done in the company I work, which are not (yet) published). the data loss can occur as I understand it because mongoDB does not 'check' if an update (or new data entry) actually succeeds, so if there is any error, or packet loss it will just "lose" the data, and what is worse it will lose it silently. – LvB Mar 05 '15 at 13:39
  • Yes I've heard about that, but never tried it out myself. It seems it behaves like the udp of data. In any case this should be appropriate behaviour for online computation from lots of sources. The errors get minimized in the end. – munchkin Mar 05 '15 at 17:03
  • I think HTTPS and certificates will be good enough for us. The main goal is to protect the data, as they are personal (it tracks a driver for the entire duration of the project). A secondary goal would be to protect from random hackers, but we don't expect to be targeted, and we have an IT company running the servers and their security, so as long as my solution doesn't open up any large security holes, it's good enough. – Erlend D. Mar 13 '15 at 09:47