I want to apply web service security according to OWASP Web Service Security. Thereby I stumbled over the two points:
So far there is just a RESTful service which can be directly accessed by a client. For each request the client needs to authenticate by the server. All communication is secured via TLS. I'm now unsure about Message Integrity
since I don't understand the sentence:
When using public key cryptography, encryption does guarantee confidentiality but it does not guarantee integrity since the receiver's public key is public. For the same reason, encryption does not ensure the identity of the sender.
Is it also required that the data was signed by the client in order that message integrity is ensured? TLS is only point-to-point, what is about proxies?
Concerning Message Confidentiality
, I understood it as follows.
- Use TLS to ensure message confidentiality over the wire.
- Use a symmetric encryption to encrypt the transmitted data.
- The encrypted data get stored in data base.
Did I understand that right?
From the TLS specification:
So, yes, TLS will provide you with integrity and confidentiality of the message during its transport, provided that it was used correctly.
In particular, the client needs to verify the certificate to ensure it is communicating with the right server (verifying that the certificate is genuine and issued by a trusted party, and issued to the host name it intended to contact).
TLS will provide confidentiality via encryption. (You need to use an appropriate cipher suite, in particular not a anonymous cipher suite or a cipher suite will null encryption, but that's always the case by default.)
If you want to encrypt the data in your database, that's a different problem. TLS only provides you with integrity and confidentiality during transport. Once it's handled by your web application, it's deciphered.
HTTP proxies only relay the TLS traffic as-is, without looking into it or altering it. (Some proxy servers can intercept the traffic, but the certificate verification would fail, unless you forget to check the certificate.)
Yes.
Irrelevant. Answer is still yes.
Irrelevant. TLS isn't public-key cryptography. I really fail to see the point of these remarks in this context, but they're not correct. No form of encryption alone guarantees either integrity or identity: you need additional measures for that; and the key being public is irrelevant to that as well.
No. A secure HMAC will do as well, and TLS uses one of those. TLS does use digital signatures during the authentication phase.
Proxies are either trusted TLS endpoints of their own or else transparent byte-passing proxies that therefore preserve the properties of TLS between their peers as endpoints.
Correct.
TLS does that.
No. The encrypted data gets descrypted by the peer off the wire. The peer can re-encrypt to the database, or the database can do it, but that's a separate issue.