User Tools

Site Tools


spoll:remote_feature

Remote Feature

The remote feature enables filling in polls on an external server, while the data is still resided on a local server only. The system can be restricted in a way, that a generated URL is required to be able to fill in a poll. The entered information on a remote poll is stored encrypted on the remote server with a single used key. The key is generated on the local server, and encoded into the URL which then is used to fill in the poll. The local server periodically polls the remote server to fetch and decrypt the poll fillins.

Workflow

URL Format

The URL is generated on the local system, which also generates a one-time key. The key is persisted on the local system and Base64 encoded in the generated link. Additionally a MAC is generated over all URL values (incl. the key). The remote system has the key to check the MAC and displays the poll according to the (authenticated) information in the link (e.g. reference to associate the information to a person on the local system, ID of poll to show, etc.). The filled in answers are encrypted using the key passed via the URL. The key is not persisted on the remote system.

Design Considerations

  • WebService is called via TLS, therefore the key is protected while calling the URL
  • If one intercepts the connection between the remote server and the client, or compromises the remote server, he can make note of all passed information even before encryption. Since the key is used only once, he does not gain any benefit in knowing the key.
  • Each remote fill in uses a separate key, which does not give an attacker additional information about previous fillins, which were done before his attack.
spoll/remote_feature.txt · Last modified: 30.01.2014 17:19:41 by Manuel Faux