<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:cc="http://cyber.law.harvard.edu/rss/creativeCommonsRssModule.html">
    <channel>
        <title><![CDATA[Stories by vixentael on Medium]]></title>
        <description><![CDATA[Stories by vixentael on Medium]]></description>
        <link>https://medium.com/@vixentael?source=rss-5d8623d95b92------2</link>
        <image>
            <url>https://cdn-images-1.medium.com/fit/c/150/150/0*YigcQPPS_oEbGKXH.png</url>
            <title>Stories by vixentael on Medium</title>
            <link>https://medium.com/@vixentael?source=rss-5d8623d95b92------2</link>
        </image>
        <generator>Medium</generator>
        <lastBuildDate>Mon, 13 Jul 2026 22:35:14 GMT</lastBuildDate>
        <atom:link href="https://medium.com/@vixentael/feed" rel="self" type="application/rss+xml"/>
        <webMaster><![CDATA[yourfriends@medium.com]]></webMaster>
        <atom:link href="http://medium.superfeedr.com" rel="hub"/>
        <item>
            <title><![CDATA[My interview with Sonya Moisset]]></title>
            <link>https://medium.com/@vixentael/my-interview-with-sonya-moisset-ca87f3605162?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/ca87f3605162</guid>
            <category><![CDATA[security]]></category>
            <category><![CDATA[cyber]]></category>
            <category><![CDATA[cybersecurity]]></category>
            <category><![CDATA[security-engineering]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Mon, 19 Oct 2020 10:27:32 GMT</pubDate>
            <atom:updated>2020-10-19T10:27:32.111Z</atom:updated>
            <content:encoded><![CDATA[<p><a href="https://medium.com/u/dbdd9894be12">Sonya Moisset</a> has this cool project “Epic Women in Cyber”, where she shares stories about women who work in cybersecurity.</p><p>When I was reading some of these stories, I was amazed by how different and extraordinary these women are. They live in different countries, have different education, work in various cybersec areas like building security software, breaking systems, reverse engineering, training developers, managing risks, etc. — they are unique, yet connected by cybersecurity field.</p><p>Here is my story:</p><p><a href="https://medium.com/epic-women-in-cyber/epic-women-in-cyber-anastasiia-voitova-5e59b0193928">Epic Women in Cyber — Anastasiia Voitova</a></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=ca87f3605162" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Popular note-taking apps share these security flaws: security tips for developers]]></title>
            <link>https://medium.com/@vixentael/popular-note-taking-apps-share-these-security-flaws-security-tips-for-developers-326180e41329?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/326180e41329</guid>
            <category><![CDATA[ios-development]]></category>
            <category><![CDATA[encryption]]></category>
            <category><![CDATA[notes]]></category>
            <category><![CDATA[app-security]]></category>
            <category><![CDATA[security]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Fri, 15 Feb 2019 11:25:11 GMT</pubDate>
            <atom:updated>2019-02-15T16:46:23.616Z</atom:updated>
            <content:encoded><![CDATA[<p><em>This is a very short review of security flaws I found when searching for a note-taking app I’d like to use. I decided to publish some of my findings with security improvement suggestions (because security is complicated). These tips might be useful for you even if you are not a note-taking app developer.</em></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*yCgvQfdGT0-Ukvlu2yVApQ.png" /></figure><h3>Background</h3><p>Usually, I use Apple Notes app between all my devices. I write ideas for blog posts and tweets there, draft my conference talks and keep track of things I do during a week (for internal reports at work). I often “lock” sensitive notes.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/700/1*VZLOzhBljjqEnsEKCZWa8w.png" /><figcaption>Apple Note app shows locked (encrypted) note</figcaption></figure><p>Time to time I try other applications for note-taking and drafting. I’m very concerned about my privacy (not to mention corporate policy, which adds extra layers of tinfoil), and despite the fact that I don’t store passwords and credit cards in note-taking apps anyway, I don’t want publishers to have access to my notes.</p><p>This is a short summary of data security flaws I noticed among 6–7 popular note-taking apps. In most cases, these are not “bugs”, but rather “design caveats”. It’s nothing too complicated — for an experienced mobile developer with a security background, it’s just running the typical checks — which security controls are in place and are implemented well.</p><p>I’m not going to publish app names or specific bugs — those apps are great, developers are doing a great job, and security is complicated. I’ve suggested help to the developers, so there’s a small chance that some apps will become more secure soon 🤞</p><h3>1. No protection at all</h3><p>If notes are stored as plaintext and are synced to other devices as plaintext — that’s not my kind of application ¯\_(ツ)_/¯</p><h3>2. Password protection only</h3><p>Apps that allow users to “lock”/”unlock” note using their custom password, Touch ID or Face ID. Until a password is not entered, users can’t read note content.</p><p>This is rather cool because apps can use native <a href="https://developer.apple.com/documentation/localauthentication">Apple LocalAuthentication framework</a> and rely on the authentication mechanism of iOS itself.</p><h4><strong>How to improve?</strong></h4><p><strong>— </strong><a href="https://codeburst.io/biometric-authentication-using-swift-bb2a1241f2be"><strong>Touch ID / Face ID is the second factor</strong></a><strong>, </strong>and if a device doesn’t have these capabilities, or user can’t use them now, users should fallback to enter a password. The application should show password screen, and save the password for later usage (but not infinitely, and store securely), until users attempt to unlock next note. It might be a good idea not to store password exactly, but to use key derivation functions (like <a href="https://en.wikipedia.org/wiki/PBKDF2">PBKDF2</a>, <a href="https://crackstation.net/hashing-security.htm">bcrypt/scrypt</a>) to derive hash from a password. On unlock — calculate hash again and compare hashes. The app should store the hash in a Keychain.</p><p><strong>— Cache password.</strong> If a user has several notes “locked”, once a password is entered (or Touch ID or Face ID), the app can cache it for X minutes in a way, that user won’t need to re-enter password again. However, after X minutes, the app should flush the cache and ask password again (pattern is called <a href="https://github.com/cossacklabs/themis/wiki/Secure-Comparator-cryptosystem#secure-comparator-use-cases">“repeated authentication”</a>).</p><p><strong>— Wrong password attempts.</strong> If a user can’t input correct password for 3–5 times, increase the time before attempts (like iOS itself does). This pattern is called <a href="https://learn.onemonth.com/defensive-hacking-how-to-prevent-a-brute-force-attack/">“incremental authentication delay”</a>.</p><p><strong>— Reset / change password.</strong> There should be a way to change the password (set up a new one after a correct input of an old password or Touch ID / Face ID). Reset should work in a similar way.</p><p><strong>— Password syncing. </strong>Imagine that a user has two devices with the same application, and decides to update their password on one of them. Of course, the password should be updated on both devices / apps. <a href="https://developer.apple.com/documentation/security/keychain_services">iCloud Keychain</a> might help in this case <a href="https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/">(be careful, it can be hacked too)</a>, or you can build secure cloud storage where the app can store password hashes.</p><h4><strong>Why it’s not enough?</strong></h4><p><em>Password protection is not an encryption</em>.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*gcMLvaEMgUuyfApQ-O0hoA.png" /><figcaption>Difference between password-protected notes stored as plaintext vs Encrypted notes that require password-protected encryption key to decrypt</figcaption></figure><p>The content of the note is still plaintext, even if the access is protected. If the application stores the notes in local file storage, they might appear in backups, <a href="https://www.imobie.com/support/decrypt-itunes-backup-without-password.htm">can be accessible if device access is compromised</a>, and can be leaked from cloud system that syncs/stores them.</p><h3>3. Bad network security (rely on TLS only)</h3><p>Of course, all apps now use TLS to send network requests to the backend server. However, <a href="https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html">TLS is not enough if someone wants to read your notes</a>. <a href="https://github.com/vixentael/my-talks#x-things-you-need-to-know-before-implementing-cryptography">In my talks</a>, I describe in more details why sometimes and in some countries, we can’t rely on TLS itself.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/800/1*Ai7biWnO1tivy4WVBpnGrg.gif" /><figcaption>Using Burp suite to intercept server response and to change subscription status to “true” to access Pro features</figcaption></figure><p>During my testing, I could easily intercept and change network requests — which allows me to not only read notes content, investigate API, send not-allowed network requests, but also to unlock some app features available after subscription only. (I was able to access Pro mode features just by changing the value of <em>“is_subscription_active”</em> to <em>true</em> in the response of <em>account_status</em> request ¯\_(ツ)_/¯).</p><h4>How to improve?</h4><p><strong>— Use </strong><a href="https://developer.apple.com/documentation/cloudkit"><strong>CloudKit</strong></a> and its API instead of your network layer. A simple and easy way to transfer a problem to Apple’s shoulders.</p><p><strong>— Use </strong><a href="https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices"><strong>strong TLS certificate settings</strong></a> and rotate certificates often (90 days, as Let’s Encrypt suggests).</p><p><strong>— </strong><a href="https://medium.com/@dzungnguyen.hcm/ios-ssl-pinning-bffd2ee9efc"><strong>TLS/SSL pinning</strong></a><strong>: </strong>hardcode server’s public certificate inside the app and compare it with certificate received from server connection. So if someone nasty (like me 😅) <a href="https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/intercepting-ssl-and-https-traffic-with-mitmproxy-and-sslsplit/">wants to intercept requests</a>, their certificate differs from hardcoded one, so the app breaks the connection. <a href="https://www.owasp.org/index.php/Pinning_Cheat_Sheet">Keep an eye on updating hardcoded TLS certificates</a> in the right time: hardcode several certificates in the app (current and future ones), and rotate the certificate list on new releases.</p><p><strong>—</strong> <strong>Extra layer of encryption.</strong> Unfortunately, <a href="https://medium.com/@kennethpoon/lets-write-swift-code-to-intercept-ssl-pinning-https-requests-12446303cc9d">certificate pinning can be broken even on non-jailbroken devices</a>. For transferring really sensitive data you might want to add an extra layer of encryption like <a href="https://github.com/cossacklabs/themis/wiki/Swift-Howto#secure-session"><em>Themis Secure Session</em></a><em>,</em> <a href="https://github.com/jedisct1/libsodium"><em>libsodium</em></a><em>, </em><a href="http://www.noiseprotocol.org/"><em>noise protocol</em></a>, but then you need to manage the keys to additional transport layer really well.</p><h3>4. Bad storage encryption</h3><p>As we learnt above, password protection is not encryption. From the user perspective, the application works in a similar way — user inputs password / Touch ID / Face ID to “lock”/”unlock” a note, but this time note’s content is encrypted.</p><blockquote>To build proper encryption and key management schemes, developers should answer a question — “what is the worst: data leakage or data loss”?</blockquote><p>First means that app should not have a way to decrypt data if the user forgot their password (and there are no other ways to prove their identity), second means that app should have a ‘backup’ way to decrypt the data.</p><h4>How to improve?</h4><p><strong>—</strong> <strong>Define exactly what data to encrypt.</strong> One application, that I tried, encrypted my notes, but at the same time it generated preview image with note content, that was stored as file next to the encrypted note. Totally visible, a picture, in plaintext. 🙄</p><p><strong>— Do not hardcode encryption key inside your app</strong>. Never ever. Don’t store it in user defaults or CoreData/SQLite/Realm. Use Keychain (<a href="https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/">but Keychain can be broken</a>, so protect encryption keys with user-derived keys).</p><p><strong>— Use KDF.</strong> As described above, users come up with bad and short passwords. So, use KDF to make passwords stronger (longer, more random), or use <a href="https://github.com/cossacklabs/themis/wiki/Secure-Cell-cryptosystem">libraries for storage encryption that use KDF under the hood</a>.</p><p><strong>— Access password != encryption key.</strong> Imagine that user decided to update their password: if the app uses exactly this password to encrypt the notes, it should decrypt notes with old password and re-encrypt them with a new one (what will happen if the user forgot password? 😉). It’s better to separate user password from encryption key: app should generate a long random encryption key, and store it in the Keychain (or iCloud Keychain). Before encryption/decryption app asks user password / Touch ID / Face ID to make sure that user is really a note-owner, <a href="https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id">unlocks Keychain</a>, reads encryption key and decrypts the note.</p><p><strong>— Change / reset password</strong> — depending on your answer to the “what is the worst” question, techniques differ.</p><p><strong>— Syncing access passwords and encryption keys</strong>. When the application runs on several devices under the same user profile, it needs to sync keys. Sending encryption key in a plaintext (even above TLS) is a bad practice. Use iCloud Keychain <a href="https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/">(but it can be broken too)</a>, encrypt encryption key with a temporary password before syncing (hehe, this is the point where cryptographic rabbit hole opens 🌀).</p><p><strong>— Use strong cipher.</strong> AES GCM 256. Forget about CBC mode, it’s hard to get CBC right<em> (</em><a href="https://en.wikipedia.org/wiki/Padding_oracle_attack"><em>many</em></a><em> </em><a href="https://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/"><em>attacks</em></a><em> </em><a href="https://medium.com/100-days-of-algorithms/day-83-breaking-aes-f73bd6129137"><em>exist</em></a><em>)</em>. <a href="https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm">GCM mode has built-in authentication</a>, so if the message was changed, it can’t be decrypted.</p><p><strong>—</strong> <strong>Do not manipulate </strong><a href="https://en.wikipedia.org/wiki/Padding_oracle_attack"><strong>paddings</strong></a><strong>, </strong><a href="https://crypto.stackexchange.com/questions/3883/why-is-cbc-with-predictable-iv-considered-insecure-against-chosen-plaintext-atta"><strong>IV</strong></a><strong>, and </strong><a href="https://crackstation.net/hashing-security.htm"><strong>salt</strong></a> during encryption, if you don’t know why they are used. Use “hard-to-misuse” cryptographic libraries that are built by cryptographers for developers. As maintainer of <a href="https://github.com/cossacklabs/themis">Themis</a>, I can’t recommend it enough.</p><p><strong>— Check compatibility.</strong> If your app should work on multiple platforms, make sure that encryption cipher and keys format are the same. Ensure that notes encrypted on iOS app can be decrypted on Android app (and vice versa, for each platform. Better write tests for that). <a href="https://github.com/cossacklabs/themis">Use libraries</a> that are built to support multiple platforms ‘out of the box’.</p><p><strong>— Versioning</strong>. You might want to change the encryption algorithm later, so it’s better to add some information about the encryption version. Add it as a prefix to the encrypted note content, or save as a separate field in note object. Trust me, you’ll need this later.</p><h3>5. Lack of end-to-end encryption</h3><p>The best of the best way to encrypt all my notes and to hide them from prying eyes is to use <a href="https://medium.com/@cossacklabs/eli5-end-to-end-encryption-ae46821db74f">E2EE</a>. In this case, notes are stored and transferred encrypted, in a way that only the owner (me) can access them.</p><p>I’d rather pay a subscription fee for the app that uses E2EE, than use a <em>free app</em> that scans my notes and sells data to ads companies <em>(face-khe-khe-book)</em>.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/800/1*gWj1UMKPuHBbrLPxCjvy0g.png" /><figcaption>Multi-layered data protection model</figcaption></figure><p>E2EE might be really tricky if users have many devices, or if they want to share their (encrypted) notes with other users. Fortunately, I have some <a href="https://github.com/vixentael/zka-example">workshop-ready applications</a> for mobile platforms, that use Themis as encryption engine and Firebase as a server. For a large distributed applications with E2EE data collaboration — there’s another open source <a href="https://github.com/cossacklabs/hermes-core">cryptographic engine Herme</a>s (free for non-commercial use) that was built specifically to handle complex cases.</p><p>That’s it for today!</p><p>If you want make your apps more secure — you are on the right track, check links from this post, <a href="https://github.com/vixentael/my-talks">follow my talks</a><strong> </strong>and<strong> </strong><a href="https://twitter.com/vixentael">tweets</a> (my DMs are open). If you would like to get more personalized help — <a href="mailto:vixentael@gmail.com">ping me</a><strong>.</strong> Me and my team not only build software for data security, we run <a href="http://training.cossacklabs.com">training for developers</a> and even work <a href="http://cossacklabs.com/dgap/">as external security engineering team</a><strong>.</strong></p><p><em>Found interesting ideas and useful links? 👏 me!</em></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=326180e41329" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[How to start learning cryptography ]]></title>
            <link>https://medium.com/@vixentael/how-to-start-learning-cryptography-49e7d91b54a8?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/49e7d91b54a8</guid>
            <category><![CDATA[cryptography]]></category>
            <category><![CDATA[security]]></category>
            <category><![CDATA[development]]></category>
            <category><![CDATA[tech]]></category>
            <category><![CDATA[infosec]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Sat, 19 May 2018 09:04:40 GMT</pubDate>
            <atom:updated>2020-02-05T11:40:04.065Z</atom:updated>
            <content:encoded><![CDATA[<p>—this is what people ask me often 😊</p><p><em>Below you’ll find my typical reply, that I’ll keep updating when changing my mind.</em></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*YFq5erB0JiINPKz65xXWtg.jpeg" /><figcaption>Listen to cosmic Prof. Felix!</figcaption></figure><p>📕 I can really recommend a <a href="https://www.amazon.com/Serious-Cryptography-Practical-Introduction-Encryption/dp/1593278268"><strong>Serious Cryptography book</strong></a><strong>. </strong>It’s awesome, easy-to-understand and covers many questions starting from discussing Randomness to Quantum Computing.</p><p>📒 Of course, the <a href="https://www.schneier.com/books/practical_cryptography/"><strong>Practical Cryptography</strong></a><strong> </strong>book<strong> </strong>by Schneier is a must have as well: deep, serious, practical.</p><p>📺 Also, on Coursera there’s a <a href="https://www.coursera.org/learn/crypto"><strong>Cryptography 1 and 2</strong></a> courses. They are quite deep (I mean <em>quite complicated</em>).</p><p>🖥 Aaaand I like <a href="https://www.udacity.com/course/applied-cryptography--cs387"><strong>Applied Cryptography</strong></a> lessons on Udacity (they are easy and interactive!).</p><p>🕹 Aaaaand <a href="https://www.crypto101.io/"><strong>crypto101</strong></a> is a pdf book, explaining both basic crypto-algorithms and more complex crypto-systems.</p><p>📝 <a href="https://github.com/pFarb/awesome-crypto-papers"><strong>pFarb/awesome-crypto-papers</strong></a><strong> </strong>— many links on different concepts, articles, books. Great starting point when you’ve learnt simple things and want to continue with more complicated ones.</p><p>💻 <a href="https://github.com/sobolevn/awesome-cryptography"><strong>sobolevn/awesome-cryptography</strong></a> — more practical links here: libraries, tools, easy-to-integrate encryption bits into your infrastructure. Tip: select ‘boring crypto’ libs.</p><p>🦊 <a href="https://github.com/vixentael/my-talks"><strong>vixentael/my-talks</strong></a> — my own talks about applied cryptography/security for developers. I touch many different aspects, from secure app architecture to tips-and-tricks every dev can do. Each presentation has ‘home reading list’ on the last slide 😊</p><p>Sometimes you can find 💎 like <a href="https://howhttps.works/">cat explaining HTTPS</a>, or explain-me-like-I’m-five series about <a href="https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff">Zero Knowledge Proof</a>, <a href="https://medium.com/@cossacklabs/eli5-end-to-end-encryption-ae46821db74f">E2EE</a>, or <a href="https://www.youtube.com/watch?v=YEBfamv-_do">great video</a> about public-key-cryptography based on mixing colors.</p><p>Hope it helps 🤟</p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=49e7d91b54a8" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Zero Knowledge Architectures for Mobile Applications]]></title>
            <link>https://medium.com/@vixentael/zero-knowledge-architectures-for-mobile-applications-b00a231fda75?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/b00a231fda75</guid>
            <category><![CDATA[mobile-app-development]]></category>
            <category><![CDATA[zero-knowledge-proofs]]></category>
            <category><![CDATA[zero-knowledge]]></category>
            <category><![CDATA[security]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Thu, 28 Dec 2017 14:18:31 GMT</pubDate>
            <atom:updated>2017-12-28T14:18:31.500Z</atom:updated>
            <content:encoded><![CDATA[<figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*v4s_92-IyNa0OkFIQJAeEg.png" /></figure><p>This is a small handout doc following my talk “Zero Knowledge Architecture for mobile applications”, which I gave <a href="https://github.com/vixentael/my-talks#zero-knowledge-architectures-for-mobile-applications-">at several conferences</a> during the autumn of 2017.</p><h3>Sensitive data narrative</h3><p><em>If you want to hear the story about sensitive data we have and how we use it, please read through the slides or watch the video.</em></p><blockquote>We have sensitive data and we can’t avoid sharing it.</blockquote><p>We cannot trust data providers by default and we don’t want to think about data security all the time. So we choose to <strong>retain control</strong> over sensitive data while we store and share it. How? Read below :)</p><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fspeakerdeck.com%2Fplayer%2F72e5d10d87754c3dbc6f23511a6ecd6f&amp;url=https%3A%2F%2Fspeakerdeck.com%2Fvixentael%2Fzero-knowledge-architectures-for-mobile-applications&amp;image=https%3A%2F%2Fspeakerd.s3.amazonaws.com%2Fpresentations%2F72e5d10d87754c3dbc6f23511a6ecd6f%2Fslide_0.jpg&amp;key=a19fcc184b9711e1b4764040d3dc5c07&amp;type=text%2Fhtml&amp;schema=speakerdeck" width="710" height="463" frameborder="0" scrolling="no"><a href="https://medium.com/media/8d8ddc2e4a923cc76759022856da3781/href">https://medium.com/media/8d8ddc2e4a923cc76759022856da3781/href</a></iframe><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F79iqPsPc6ZE%3Ffeature%3Doembed&amp;url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D79iqPsPc6ZE&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F79iqPsPc6ZE%2Fhqdefault.jpg&amp;key=a19fcc184b9711e1b4764040d3dc5c07&amp;type=text%2Fhtml&amp;schema=youtube" width="854" height="480" frameborder="0" scrolling="no"><a href="https://medium.com/media/660ef2ebda45c4d39073ba7ae06acccd/href">https://medium.com/media/660ef2ebda45c4d39073ba7ae06acccd/href</a></iframe><h3><strong>Zero Knowledge Architectures</strong></h3><p>ZKA is a design principle.</p><p>In simple words, everything you do on a Zero Knowledge system is encrypted before it is sent to the server and the key to the encryption is also never revealed to the vendor.</p><ul><li><a href="https://clipperz.is/blog/2007/08/24/anatomy_zero_knowledge_web_application/">Anatomy of a zero-knowledge web application</a></li><li><a href="https://spideroak.com/articles/why-we-will-no-longer-use-the-phrase-zero-knowledge-to-describe-our-software">Why We Will No Longer Use the Phrase Zero Knowledge to Describe Our Software | SpiderOak</a></li></ul><p>The first important principle of ZKA is <strong>end-to-end encrypted clients</strong> that perform crypto computations. The server knows nothing about the nature of the data. By the way, sometimes ZKA is referred to as No-Knowledge architecture.</p><p>Second, <strong>all operations are on encrypted data.</strong> It means that if you’re going to add a new record to a database, you should add it in encrypted form. If you want to share a piece of data, you should share it in encrypted form. You even perform a <a href="https://www.google.com/search?q=how+to+search+inside+encrypted+data">search inside the encrypted data</a>.</p><p>These principles don’t add additional security in a common sense of this term, but rather guarantee that client-side encryption is used properly. Zero knowledge algorithms and protocols ensure that no keys, passwords, files, or any other sensitive material ever gets transferred in an unencrypted or reversible form. There is no point in time when encryption keys or unencrypted files are visible to the servers or service administrators.</p><h4><strong>Why mobile?</strong></h4><p>ZKA relies on cryptography and requires trust to the device that runs crypto code. Mobile has a quite trustworthy runtime environment, compared to the browser or most desktops. Still it is not entirely without risks.</p><h4><strong>Where is ZKA used?</strong></h4><p><strong>In messaging,</strong> we can use end-to-end encryption. Apart from clients, nobody can read your secret communication. Clients have means to verify trust to each other and to the server to ensure that cryptographic protection is working properly right now. End-to-end trust without leaking anything to storage or transmission layer is the basis of ZKA. You already know many examples of E2EE chats.</p><p><strong>In authentication,</strong> we can use interactive crypto protocols known as Zero Knowledge Proof protocols. ZKP enables two parties to compare a secret without exposing it, efficiently avoiding leakage of secrets during transmission.</p><h4><strong>What about sharing data?</strong></h4><p>We know how to collaborate securely when a document is one blob of data, but modern document is actually a large tree-like structure, so will everyone be able to see everything?</p><p>Let’s say, you want to share sensitive data with some users. The naive approach is to encrypt the data several times — once for each user, using their keys.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*JKxGVz0WPh1np6cAClcjAA.png" /><figcaption>Encrypting shared data for each user is good, but naive approach</figcaption></figure><p>So if you are sharing data with five users, you need to encrypt the data five times with different keys and transfer these keys to each user. This approach leads to data duplication: you now need to store five times more and if you need to update the data or to change the access policy, you need to decrypt and encrypt some or all the records again.</p><p>Does this sound like ZKA? Well, yes. Does it sound easy? Not really.</p><p><strong>But there are better approaches to data sharing: </strong>you can provide access to specific blocks of encrypted data for particular users. Accessing or encrypting or re-encrypting only what you need; and when you need to change access policy (who has access to what), you have to re-encrypt just one small access block.</p><p>As an implementation of such approach, we have an open source library called <a href="https://github.com/cossacklabs/hermes-core">Hermes</a>. It has C-core, and it is available for many platforms.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*7BewZ-mVnj0uUihPcq_oqw.png" /><figcaption>A better way of collaborating on sensitive data</figcaption></figure><p><strong><em>Credit history example</em></strong></p><p>Credit history is a beautiful example of sensitive data that is shared among multiple entities. Credit Bureaus store your credit history and send it to your banks by their request. A credit history has lots of sensitive details about your life and your interest, so it’s preferable to minimize its sharing.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/600/1*cvh49wZht_C8O30sIuJ4Xg.gif" /></figure><p>Usually, credit history is stored in encrypted form, as a single blob of data, so when it is leaked, you lose everything. Splitting the file into separate encrypted blocks and allowing banks to manipulate only specific blocks minimizes the risks.</p><p>Please, see the slides or the video to grasp the whole example with credit history and a cat.</p><h3><strong>How to implement a ZKA kind of collaboration on shared data</strong></h3><p>Let’s describe the implementation of secure data collaboration.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*v2aT-2iCZPIokRKnTN0t2g.png" /><figcaption>Things ZKA relies on</figcaption></figure><h4>Key wrapping</h4><p>Split a single blob of data into smaller encrypted blocks. Decouple storage keys from the user keys, encrypt data with storage keys — they will protect the data.</p><h4>Manage privileges</h4><p>Store storage keys in containers; cryptographically control that users can change stored keys by comparing actual ownership tags (basically, authenticated MAC) to prove that they can perform an operation.</p><h4>Control requests</h4><p>Since the data is available only through the crypto layer, you should make sure that your architecture translates every operation over your dataset into crypto API commands; that no one puts data in a plaintext bypassing your crypto core.</p><h4>Mitigate remaining attacks</h4><p>Crypto is not a magic wand; it just narrows the attack surface. You still need backups; you need to use ZKP to protect against replay attacks, you need to ensure code trust, secure keys lifecycle, and use traditional things like intrusion detection, monitoring, and traffic inspection.</p><p><a href="https://www.cossacklabs.com/zero-knowledge-protocols-without-magic.html">Cossack Labs / Zero Knowledge Protocols without magic</a></p><h3><strong>Other use cases for ZKA</strong></h3><p>You can use ZKA approach everywhere you want to provide access securely to small blocks of data shared among different clients.</p><p><a href="https://keybase.io/blog/encrypted-git-for-everyone">Keybase launches encrypted git</a></p><ul><li><strong>complex documents with comments</strong> or detailed spreadsheets (i.e. Google Docs, Dropbox Paper, etc.). In many cases, users shouldn’t have access to the whole document.</li></ul><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*h0pR1DVUx7eDna3znpUZUA.png" /></figure><ul><li><strong>file systems</strong> are a perfect example of small blobs of data, structured and shared with different access control rights.</li><li><strong>document store protection.</strong> If every blob in a database is a protected one, and access rights are protected, then you get an end-to-end document store, where every document or field’s rights can be granted to everybody. Imagine MongoDB with custom queries on secure data for the untrusted web apps and trusted queries from your mobile apps.</li></ul><h3><strong>How difficult is it to implement ZKA in your products?</strong></h3><p>Well, <em>it depends</em>. Of course, custom implementation will take a lot of time, but there are plenty of existing solutions:</p><ul><li><a href="https://github.com/whispersystems/libsignal-protocol-c">Axolotl</a> for messaging,</li><li><a href="https://github.com/cossacklabs/themis">Themis</a>’ Secure Cell and Secure Session,</li><li><a href="https://github.com/cossacklabs/hermes-core">Hermes</a>.</li></ul><p>Are there other implementations? Yes!</p><p>Check out <a href="https://tahoe-lafs.org/trac/tahoe-lafs">LAFS</a>. It is a secure storage system that stores your files encrypted separated by chunks on different servers.</p><p>Or check out <a href="https://tresorit.com/zerokit/">ZeroKit</a> that has integration with CareKit.</p><h3><strong>Recap</strong></h3><p>Zero Knowledge Architecture is a design approach that solves problems of trusting the server and the transmission environment. It’s rather easy to solve when interactions are simple and gets rather complicated when we’re talking about databases or collaboration. But it’s not impossible now: I’ve shown you some examples of solving everyday problems using ZKA. I believe that we will collaborate on data more and more with each year, and it’s wise to prepare our products and to protect our users.</p><h3>More links to follow</h3><ul><li><a href="https://medium.com/@cossacklabs/eli5-end-to-end-encryption-ae46821db74f">Explain Like I’m 5: End-to-end Encryption</a></li><li><a href="https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff">Zero Knowledge Proof: Explain it Like I&#39;m 5 (Halloween Edition) | HackerNoon</a></li><li><a href="https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer">Zero Knowledge Proofs: An illustrated primer</a></li></ul><h3>Looking for something else?</h3><p>Handy list of my other talks</p><p><a href="https://github.com/vixentael/my-talks">vixentael/my-talks</a></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=b00a231fda75" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Key Management Approaches for Mobile apps]]></title>
            <link>https://medium.com/@vixentael/key-management-approaches-for-mobile-apps-57bb4db63906?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/57bb4db63906</guid>
            <category><![CDATA[mobile-apps]]></category>
            <category><![CDATA[mobile-app-development]]></category>
            <category><![CDATA[infosec]]></category>
            <category><![CDATA[ios-app-development]]></category>
            <category><![CDATA[security]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Sun, 04 Jun 2017 23:46:27 GMT</pubDate>
            <atom:updated>2017-06-05T00:01:54.292Z</atom:updated>
            <content:encoded><![CDATA[<p><strong>Some of you know, and some of you don’t, but we all fail at building secure mobile apps.</strong></p><p>Today we going to talk about key management. We start our journey step by step: discovering infrastructure layout, digging into ideas of threats, trust, and keys. Discussing key management system: what is a key generation, how to access and revoke keys, and many other exciting theoretical things! But of course, we will apply this knowledge to the mobile apps.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*TvaWn6DG6EeKMlD4s90iJg.gif" /><figcaption>Input a key or two, receive result</figcaption></figure><h3><strong>Watch Video</strong></h3><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.ustream.tv%2Fembed%2Frecorded%2F102860531%3Fhtml5ui&amp;url=http%3A%2F%2Fwww.ustream.tv%2Frecorded%2F102860531&amp;image=http%3A%2F%2Fstatic-cdn2.ustream.tv%2Fi%2Fvideo%2Fpicture%2F0%2F1%2F102%2F102860%2F102860531%2F1_20445410_102860531%2C640x360%2Cb%2C1%3A2.jpg&amp;key=a19fcc184b9711e1b4764040d3dc5c07&amp;type=text%2Fhtml&amp;schema=ustream" width="435" height="271" frameborder="0" scrolling="no"><a href="https://medium.com/media/5ac56f87a33af7d6842239ddb1ab69d3/href">https://medium.com/media/5ac56f87a33af7d6842239ddb1ab69d3/href</a></iframe><h3>Scroll slides</h3><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fspeakerdeck.com%2Fplayer%2Fbffa3d6c28954c6db81bd4ac933d9269&amp;url=https%3A%2F%2Fspeakerdeck.com%2Fvixentael%2Fkeys-from-the-castle-ancient-art-of-managing-keys-and-trust&amp;image=https%3A%2F%2Fspeakerd.s3.amazonaws.com%2Fpresentations%2Fbffa3d6c28954c6db81bd4ac933d9269%2Fslide_0.jpg&amp;key=a19fcc184b9711e1b4764040d3dc5c07&amp;type=text%2Fhtml&amp;schema=speakerdeck" width="710" height="463" frameborder="0" scrolling="no"><a href="https://medium.com/media/fcaa0f62d3db67137cbd9c3de2034d12/href">https://medium.com/media/fcaa0f62d3db67137cbd9c3de2034d12/href</a></iframe><h3><strong>Establishing trust</strong></h3><p>How do you know that you should trust someone in a real world? How do you know, that your friend over the phone is the one you should trust? You recognize them by their voice or typical words. How about a stranger? Probably you would use a secret keyword.</p><p>In shiny worlds of computers, there’re many ways to build trust to parties you don’t know and can’t easily recognize: sharing passwords, asymmetric keys, zero knowledge proof.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*Tu4IvHxfVr_DZZfbB6GBBw.png" /></figure><p>Usually, we establish trust on servers, mobile, data in transit via public channels, and so on. I mean, real things. Like cables and stuff. Our infrastructure is full of keys and data, all that in cables, yeah. Those cables are important — they’re out of your control, and whatever you reach outside your office — you rely on these creatures.</p><blockquote>Why do we need trust?</blockquote><p>– To protect the data in those cables, where evil CIA and badass crackers are looking for your secrets. Using special super mathematical techniques, we provide guarantees of confidentiality, authenticity, and integrity towards protected data, bound to trusted keys or secrets. It’s provable and unhackable if you manage the keys correctly.</p><p>Since “keys are what we trust” and they control trust in the system, managing them is managing trust. So, let’s talk about key management.</p><h3><strong>Keys</strong></h3><p>– What is a key? – It’s an array of bytes.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*hdzw613lNy_24pfNmDojfA.png" /></figure><p>Based on what kind of process is going on, we need different arrays of bytes with different properties:</p><p>1. We use secret keys for symmetric ciphers.</p><p>2. Public/private keypair for asymmetric ciphers</p><p>3. Passwords are strings that you can remember. It’s a poor key, by the way. We should use KDF instead of user password itself.</p><p>4. One-time PINs are small and easy to transfer key with risky properties. It’s an additional trust token, like that thing you get via SMS from your bank when logging into their system.</p><blockquote>– What kinds of keys we know in our shiny iOS world?</blockquote><p>App tokens, server tokens, user passwords, certificates, well, familiar things, aren’t they? They all are keys.</p><blockquote>– What do we need them for?</blockquote><p>Keys protect the data!</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*TJX_-AWP8OfJIVg698NXfQ.png" /></figure><p>They let you access the data, verify data authenticity and integrity. Of course, mostly we deal with user-generated data that users are putting into our apps. However, we also care about access to external resources (like 3rd party services or your web servers), and identifiable data of other users in our app (for example, user info from those who like your tweets, if any).</p><blockquote>– What do we protect data from?</blockquote><p>Oh well, you know, all those threats we can and can’t handle. Like data tampering and leakage, a man in the middle, active and passive, and of course really common problems like <a href="https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis">rubber-hose cryptanalysis</a>.</p><p>Keys are arrays of bytes that are stored somewhere, and they unlock protected data and facilitate trust. Of course, the attacker wants them. Basically, keys are small chunks of data, and they’re subject to threats too.</p><blockquote><strong>Keys are small chunks of data and should be protected too!</strong></blockquote><p>What can happen to the keys?</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*lyZeHyvpWVHbc8ix9z5IZw.png" /></figure><p>1. Attackers can <strong>steal</strong> the keys, and that’s bad (reasons are obvious, no?).</p><p>2. What’s worse, stolen keys can be <strong>replayed</strong> — they can be used to access something protected.</p><p>3. And, if the attackers are lucky enough, and you’re not, keys can even be <strong>replaced</strong>: attackers can throw in their own evil keys to access resources.</p><p>So we need to build a system which protects and manages keys.</p><h3><strong>Key management system: goals and actions</strong></h3><p>In key management, there is one practical goal: trust and security are preserved yet the system is usable. If you don’t do that, you’ll end up with another ultra-secure super-paranoid end-to-end system nobody’s willing to use :)</p><p>Any key management system consists of several processes, which are linked sequentially: from generation to exchange, from exchange to storage and access, with revocation to control compromised and outdated keys, and rotation to ensure key lifetime. Sometimes, this system should contain service processes too: like backups and admin access to encrypted data.</p><p><strong>Generation and exchange</strong></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*hXukDamgE4YWpQRDUBJcNg.png" /></figure><p>The goal of key generation is to create mathematically strong trust tokens: ones that stand against brute force and smart enumeration. We need to use good random number generator and an algorithm, combined with a secret, to produce a key. To ensure it does not leak, we need to produce it where user inputs secret, or where it is safe to store the key.</p><p>Basically, keep it as close to usage and storage location as possible.</p><p>How about a password? A password is not a very good key: it’s easy to brute force, and usually, users come up with poor passwords. Key derivation function (KDF) helps to convert the password to the cryptographically strong key so that attackers will be sad.</p><p>After we generate the keys, next step is exchanging the keys between trusted parties. Key exchange is an essential process in establishing trust: we need to exchange or distribute keys securely.</p><p><strong>Storage and access</strong></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*YMSmMxsMzUFtLeDSQf_Z2Q.png" /></figure><p>Key storing is a big deal: we need to store them in a way which minimizes the risk. One big point: never store the keys with the data encrypted with these keys.</p><p>Once the keys are stored, we want to access them to actually use them. Achieving the balance is tricky: keys should be protected, but still easy to access legitimately.</p><p><strong>Rotation and revocation</strong></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*HNawu6fsfxvAGVVA0XlqWA.png" /></figure><p>Now that we know that keys are generated and stored… do they live forever? Of course no!</p><p><em>The key lifecycle is a biography of a single mr. Key — from birth to oblivion.</em></p><p>The lifecycle will specify when a key should no longer be used for encryption, when a key should no longer be used for decryption, when a key is a key no more.</p><p>And of course, you don’t want everything to be encrypted with one key, right? If you leak it, you’re done. You want to have several keys — one per user, or maybe one per group, or at least one per certain number of records. It’s all about controlling the risk.</p><p><em>Now, what if key should be changed?</em></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*4t3y2wVnIgKLsbKYL_gYEw.png" /></figure><p>You need your system to support re-encryption with new keys. What if somebody finds an attack for the algorithm you’re using? You need to change it. To do that, you need to decrypt the data, generate new kinds of keys, encrypt and store the data, sometimes eliminate unused records, sometimes ensure correct purging of non-encrypted data from memory. Wheeeww. A lot of things to consider for key rotation.</p><p>Now that we’re mostly done with theoretical ideas, there’s a practical consideration.</p><p>Apart from user features, the system has certain maintenance procedures, which require special access to data, like backups, admin access, password resets. These things are better implemented through additional keys and separate protection layer for them.</p><h3><strong>Key management in practice</strong></h3><p>There are three main ways to establish trust on mobile.</p><p>1. <strong>On channel exchange.</strong> You connect first to a server, record it’s certificate, and when you connect again, you can compare the certificates. This away, apart from trusting the certificate itself, you trust the server too.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*lxWQd7OZK3mTqMqGcrxNDA.png" /></figure><p>2. <strong>Mediated exchange.</strong> You know remote party’s identifier and can ask someone you trust for their public key. For example, you may use <a href="https://keybase.io/">keybase.io</a> to exchange public keys in a trusted fashion.</p><p>3. <strong>Trusted channel exchange.</strong> Two methods above rely on many assumptions: you have to trust somebody. The most simple way is always just handing the key or secret to the party you’re establishing trust with. For example, to build trust with Facebook in your app, you need to authenticate via app token. To do that, you register the app in Facebook dev portal and copy app token into your code. That is exactly trusted channel key exchange — via you!</p><h3><strong>Storing or not storing?</strong></h3><p>So people, where do you store the keys?</p><p>~Code?~ Keychain!</p><p>Keychain is great, but sometimes you can’t use it, or you don’t want to use it (by the way, Keychain will break if the device is jailbroken).</p><p>The easiest way to avoid leaking keys — don’t store them at all! :)</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*r7-BbM9M4UVe-EQH0W39ZQ.png" /></figure><h3>But if I need to store..?</h3><p>Mostly, we deal with two kinds of keys: user-defined and app-defined.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*-WltRS90OCbzZiyM001Elg.png" /></figure><p><em>App-defined</em> keys are built in. You already have them in the app, but they should be stored and accessed correctly.</p><p><em>User-defined</em> keys are something that user inputs or based on user input. Those keys should be put in right place on right time.</p><h3><strong>Obfuscation is fun, but don’t rely on it</strong></h3><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*gdrQ-ZAxSA8Vi0TnZ2C-pQ.png" /></figure><p>There are different ways to obfuscate the keys: store them as hex chars, or replace characters inside key strings.</p><p>Obfuscation depends on social engineering, and the goal is to confuse the attacker: save certificate, but rename it to mp3 file, for example. Or split key to different pieces and put them in different places. Experiment.</p><p>However, a well-trained attacker will break this defense in minutes. Better spend your time on serious defenses.</p><h3><strong>Store encrypted</strong></h3><p>Easy:</p><blockquote>1. Encrypt keys during development</blockquote><blockquote>2. Store encrypted keys only</blockquote><blockquote>3. Decrypt before using</blockquote><p>This technique works well with <em>app-defined</em> keys. You may ask: how to store keys that were used to encrypt keys? :)</p><p>The answer is: not every key should be stored. You can generate or calculate encryption key based on something you already know, something like bundle id or next 4-digits of the result of division 27 by 13.</p><h3><strong>Poison keys and Honeypot</strong></h3><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*2JBedOKAtVzDOp4uhUGFkg.png" /></figure><p>Another prominent technique in the school of deception known as <strong>poison keys</strong>.</p><p>Make attackers think they have the right keys, make them use those keys. And be alarmed: attackers are poking in your app, naive enough to try fake keys on you.</p><p>This technique works well with <strong>honeypot</strong>: store these poison keys in obvious places and just watch the logs.</p><p>For example, store a fake key in the plist file, or put “server.cert” in the app bundle. Sometimes, the best you can do to prevent attacks is actually detect them timely. This is such case. By the way, you still have to protect the real keys really well.</p><h3><strong>Key-points</strong></h3><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*yNhhtyV8-ngRFTuFXTLG0g.png" /></figure><p>For every fragment of your system, trust is applied differently. There are no religious choices. Best solutions come from assessing your real architecture and fitting the tools to it.</p><h3><strong>Read more</strong></h3><ul><li><a href="https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet">Cryptographic Storage Cheat Sheet [OWASP]</a></li><li><a href="https://www.owasp.org/index.php/Key_Management_Cheat_Sheet">Key Management Cheat Sheet [OWASP]</a></li><li><a href="https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/KeyManagementAPIs/KeyManagementAPIs.html">Managing Keys, Certificates, and Passwords [Apple</a>]</li></ul><h3>Wanna see more of my security slides?</h3><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*NUWC2Wd0nNjSek23L55Gnw.png" /><figcaption><a href="https://speakerdeck.com/vixentael/">https://speakerdeck.com/vixentael/</a></figcaption></figure><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=57bb4db63906" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Upgrading Approaches to the Secure Mobile Architectures]]></title>
            <link>https://medium.com/@vixentael/upgrading-approaches-to-the-secure-mobile-architectures-7a8fcb10d28a?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/7a8fcb10d28a</guid>
            <category><![CDATA[security]]></category>
            <category><![CDATA[authentication]]></category>
            <category><![CDATA[mobile-app-development]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Sat, 14 May 2016 12:17:32 GMT</pubDate>
            <atom:updated>2016-05-14T12:17:32.936Z</atom:updated>
            <content:encoded><![CDATA[<p>That’s the follow-up to the talk I first gave at <a href="https://appbuilders.ch/">#appbuilders16</a> conference in Zurich, Switzerland.</p><p>We’ll talk a bit about the most undervalued part of mobile security: ideas and concepts. Another name for this talk could be “Everything Will Be Broken,” but what should we do?</p><h3>Intro: this is the picture</h3><p>Let’s take a look at the problem domain. What’s on the landscape? The picture shows our typical infrastructure — an iOS app talking over some network connection to a server where we have some custom logic serving our tasks.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Bf6E3JmXwcOFvLPt." /><figcaption><em>Typical infrastructure of iOS apps</em></figcaption></figure><p>So, what do we care about while we’re making apps? User experience, fast &amp; continuous delivery, and getting things done. And Swift, of course. Swift is very exciting!</p><p>What don’t we care about? <em>Server crap</em>. Everything not iOS is magical and unknown :)</p><p>Imagine you put on the Security Wizard Hat. What will you see?</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*qeuPA0WRUmO5BJqv." /><figcaption><em>Security Wizard Hat on! Thanks @timd for this cute shot</em></figcaption></figure><p>This is what should be important for mobile developers if they care about security:</p><p>– iOS runtime and user-held secrets are sources of trust. Apple is good, mostly. Trust Apple (…mostly).</p><p>– Beware on the Net, the dragons are near. Limit trust to the server: there’s plenty of unknown dangers.</p><p>– Be attentive to server logic: it’s easy to fuck up, and there is no sandbox around.</p><h3>Why should you care about that?</h3><p>Because you’re not alone.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*5uoySBu_VCwzPOXJ." /><figcaption><em>Potential threats for your infrastructure</em></figcaption></figure><p>In the app, the FBI is knocking at your door. On the net, the NSA and Russian Hackers are here to get your data. On the server… oh well, everyone will try to attack your home base.</p><p>The question is, what can we do about it?</p><p>What is in our control? The brains.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*ep3Xc53UAzDgT-Xy." /><figcaption><em>Tool to control infrastructure: the brains</em></figcaption></figure><p>In other words, the amount of mental effort we put into our app security and the amount of knowledge about protecting things we have at our disposal.</p><h3>Why does the problem exist?</h3><p>What exactly is wrong with the way we see app security now? Well, a lot. Security is hard; it is an engineering discipline, unlike familiar subjects we know.</p><blockquote>“It is secure” is not a valid statement; instead, we can just say, “It has not been broken yet.”</blockquote><p>Not very reassuring, right? There are three main reasons why the problem exists: speed, openness, and ignorance.</p><p>We need to get things done. Fast. We live in the design-driven world, where short iterations are bound to the functions visible to the user. In the world of constant MVP, security is outside that bare minimum we do to meet deadlines. It accumulates technical debt, which is a synonym to bugs and failures.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*FqTDnIyXFGMQlNd-." /><figcaption><em>We care about many different things, but not about security</em></figcaption></figure><p>Using the OpenSource libraries and third-party APIs are easy and convenient, but you can’t be sure that they’re secure enough.</p><p>Usually mobile developers know little about security. And — unfortunately — we don’t think about these “security things” a lot because it requires another type of thinking we rarely encounter.</p><h3>Everyone makes security mistakes</h3><p>You may not notice, but there’re lots of security vulnerabilities found every month. The more applications we create, the more applications we use every day, the higher the chances that we’ll use vulnerable software.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*FG9G6BxkEicyNyhR." /><figcaption><em>Security is hard</em></figcaption></figure><p>Apps for car remote controls are amazingly popular now. Unfortunately, lots of them skip the authentication stage, so the attacker can access private data and even unlock the car. You can find some examples &amp; links in my slides.</p><p>Everything will be broken. Hacked cars are just more scary than hacked photo services, right?</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*JlLlbYylrBiFx9jp." /><figcaption><em>If attacker had access to other people’s cars </em>😈</figcaption></figure><p>But even Apple makes security mistakes. In the last few months, twice in the iMessage — the core infrastructural app — huge vulnerabilities were found.</p><p>The first one allows the attacker to <a href="http://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/">recover messages in plaintext</a> via redirecting application flow using javascript.</p><p>The second one concerns <a href="http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-imessage.html">the attachment transfer protocol</a>, allowing the attacker to grab your photos by enumerating cryptographic keys via the silent flood of malformed messages, precisely a quarter million messages. That’s a really long and tedious hack, but hacking via key enumerating in 2016 looks rather striking.</p><p>(Now the desktop version of iMessage has <em>screen sharing with remote control</em>. Wanna guess what problems come next?)</p><h3>Taking a look at the bigger picture</h3><p>There’s no official statistics for iOS applications, but there’s some for iOS itself. According to the National Vulnerability Database, a record-breaking number of vulnerabilities was registered in 2015.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/680/0*ytCbGXcPKvbUXpvI." /><figcaption><em>iOS vulnerabilities by years, raw data from</em><a href="http://cvedetails.com"><em> cvedetails.com</em></a></figcaption></figure><p>Unfortunately, mobile developers make things even worse!</p><p>Last year’s notorious <a href="http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html">AFNetworking bugs</a> turned hundred of apps into an insecure state immediately. But what’s even more exciting: everybody knows that without SSL pinning your apps might not tell friend from foe; only one tenth of popular apps use SSL pinning.</p><h3>Why does this even happen?</h3><p>Is this miserable state of things our fault? Not really; it’s just the way things are. But there are some problems we can solve if we understand what makes our mobile platforms unique.</p><p>We think mobile and backend are in a classical client-server relationship. But they’re not. Mobile apps don’t have many features we are used to having in classical apps. And mobile apps require very specific server behaviors, not all of which are good security-wise.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*4GSsvj7ZQtoTPjK4." /><figcaption><em>Mobile is not a ‘classical’ client, but a ‘thin’ client</em></figcaption></figure><p>In the end, the problem is that if it works — it does not mean it’s secure.</p><p>There are many things we don’t notice: Apple or ecosystem took care of them already. But looking closer at your app and device, we see the disparity between client and server in many things. The mobile app is not a ‘classical’ client, but a thin client, talking over several layers of abstractions. This, together with the aforementioned human problems, gets us into a sad state of things…</p><p><strong>Mobile security is hard and still undeveloped</strong>. Security relies on the shared wisdom of previous generations. In our world, there is no yet. And we find it hard to import common knowledge for some reasons. One of them is that our ecosystem is really very different, another is that risk models are blurred even for us.</p><h3>What exactly are we risking?</h3><p>What bad could happen to our mobile apps? Potential attackers are looking for three things: data, identity, and control.</p><p>Security people will notice I’ve skipped something in the next slides: local access. iPhone’s architecture makes JailBreak hard enough for a remote attacker, and it’s no better than smashing your fingers for a local one.</p><p><strong>Data</strong> is anything sensitive for the user. Either data that is useful (and the user wants to keep it safe) or data that is private (and the user wants to hide it from other people’s eyes).</p><p>Why do we keep it on the phone in the first place? Because the user needs it, and, if done right, it is safer than on backend.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*xzipjmwBMi1kTfX9." /><figcaption><em>Data contains things the user cares about</em></figcaption></figure><p><strong>Identity</strong> is anything that could be used to impersonate the user, like tokens or passwords (a password to your system is actually not only your security risk — users reuse the same passwords across many systems, so any password is a valuable asset). The server is not talking to your phone or your app, it recognizes you by your identification tokens and that’s what attackers want.</p><p>Why do we even want to store that on the phone? Your phone is a good place to store data access credentials if you plan to access the data from your app: you can execute code around the credentials in a sandbox!</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*rf7XB4BGJaKnROam." /><figcaption><em>Beware: the attackers want to steal your identity</em></figcaption></figure><p><strong>Control</strong> — the abilities that are bound to your phone: for example, being able to redirect application flow to make it authorize some backend action. Remember those cars, right?</p><h3>What should we do?</h3><p>We face serious threats, this means more work and trying to figure out sophisticated boring technologies invented by people who don’t know anything about mobile tech. However, we have many benefits; we are going to achieve some decent level of security only by understanding what is important.</p><h4>Understand the strong sides</h4><p>Things Apple got right for you in the first place.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*7hAK_fep24KFEd1Y." /><figcaption><em>The strong sides of iOS ecosystem</em></figcaption></figure><p><strong>User trust relationships:</strong> you have direct contact with users over (almost) bare metal. What the user types, we can trust most of the time. But don’t trust fingerprints too much: these keys are not easily rotated yet are easily stolen, so they are not good keys.</p><p><strong>Trust the device:</strong> iPhone is quite well protected, well you know that story with the FBI. What is stored in the local storage is safe enough from anything around. So you have to take care only of your own process, which is good news.</p><p><strong>Narrow scope:</strong> iOS apps don’t frequently open network ports for listening because we get push notifications for the outside world to ping us. We don’t run 3rd party code embed on runtime. And it’s really complicated to push buffer overflow payload using an iPhone keyboard.</p><p><strong>Low collateral risk</strong>: unlike the server, you don’t run a gazillion of processes with shared resources. Processes are sandboxed, so privilege escalation and external control flow hijacking are less likely.</p><h4>Trust: the result of authentication</h4><p>Now, let’s talk more about trust — the core thing in security.</p><p><strong>Trust server less: </strong>A server has a lot of moving parts, dependencies and people you don’t know running it. Your app, once compiled, is considerably safer than your NodeJS backend. The server is your backend, but it is subject to more traditional attacks, and should have as little trust as possible by default.</p><p><strong>Explicit trust.</strong> Trust is given as the result of authentication, not as some default decision. App flows should require constant verification of trust.</p><p><strong>Involve users:</strong> users are good carriers of secrecy, which is hard to steal. Users operate with physical devices, which are a good auth factor. We’ll talk about using multiple factors to authenticate users later.</p><h4>Echelonization: add more layers of defense</h4><p>Echelonized risk management is an idea from ancient warfare. If the system has only one protected perimeter, no matter how strong it is, it will fall, even if it promises all security guarantees in the world.</p><p>Okay, what is the solution? Every layer has its own defense, defenses are connected, trust and threats are calculated for each system layer, and for the whole system, too.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*cx6PmKjRncs8-pOG7f9hWQ.gif" /><figcaption><em>Echelonize risks by adding several secure layers</em></figcaption></figure><p>It means for mobile apps:</p><p>– authenticate important things manually, even within the app’s flow;</p><p>– verify credentials and certificates more than once and compare results;</p><p>– use multi-factor authentication, use different factors in different combinations;</p><p>– protect data with keys, which are stored elsewhere.</p><h4>Compartmentalization: limit access to everything</h4><p>The third important principle you should know. The policy of limiting access to the information, making things private by default and allowing access only to entities that need this info to perform their tasks.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Gn97qgjhZrhsVryf." /><figcaption><em>Imagine you need to display only avatar image in your app. Following the compartmentalization principle, you need to transmit only the avatar image from a backend, no matter what is stored there</em>.</figcaption></figure><p>Access only the data you need. Where you need. When you need. Never work with full records, only fields you need. Don’t transmit everything over the network. If anything goes wrong, you’ll leak only a part of the data, a minor credential or an insignificant ID.</p><p>Make sure trust tokens and protected data are stored separately and are not easily stolen together. Read the <a href="https://en.wikipedia.org/wiki/Compartmentalization_(information_security)">corresponding wiki page</a> for deeper understanding.</p><h3>Practical techniques for securing mobile apps</h3><p>It may look like very complicated theoretical things. However, most of this hard theory makes a lot of sense in practice.</p><h4>Classic security techniques</h4><p>First of all, do all these traditional things:</p><p>– protect transport well, pin certificates;</p><p>– authenticate everything: both user and server;</p><p>– encrypt data in motion and at rest;</p><p>– protect keys well.</p><p>These techniques will stop most of the attackers. But not all. Let’s talk a bit about advanced ideas.</p><h4>End-to-end encryption</h4><p>End-to-end encryption allows you to echelonize risk, and it compartmentalizes sensitive data.</p><p><em>If you don’t trust your backend to store unprotected data, it can’t be stolen from there.</em></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*H7IOvcVKQbePi5dy." /><figcaption><em>Data can be encrypted and decrypted only by a user app, the server is just a medium</em></figcaption></figure><p>Real end-to-end has only users and their credentials as a source of trust. Servers and network act as the medium only, so their state does not matter much. Their malfunction/compromise is only as bad as <a href="https://en.wikipedia.org/wiki/Denial-of-service_attack">Denial of Service attack</a>.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*jq5Xy2n0XaL4g6MB." /><figcaption><em>Click to see more details and read more on </em><a href="https://cossacklabs.com/choose-your-ios-crypto.html"><em>cossacklabs.com</em></a></figcaption></figure><p>Good end-to-end exists for both data in motion and data at rest. Take a look at the scheme above and read <a href="https://cossacklabs.com/choose-your-ios-crypto.html">this useful guide</a>, if you have doubts about what iOS crypto library to use in your app. For data in motion, there’re plenty of specialized protocols, with ephemeral keys and strong crypto. With data at rest, you can pick any easy AES wrapper, and just manage the keys correctly. But being quite biased, I advice using <a href="https://github.com/cossacklabs/themis/wiki/Swift-Howto#secure-cell">Themis Secure Cell</a> anyway :)</p><h4>Multi-factor authentication</h4><p>Multi-factor authentication<strong> </strong>is a very important idea: authenticate users only when they show several proofs of who they are. Talking in a more scientific way, there are three large classes: “thing you know” (password), “thing you have” (mobile phone), “thing you are” (fingerprint). The important idea is that all credentials are independent of one another and cannot be derived from one another.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Rz9M-680G8zkCAZS." /><figcaption><em>MFA means using credentials from more than two different classes</em></figcaption></figure><p>MFA follows compartmentalization: it involves checking isolated, unrelated things you have to ensure it’s you.<strong> </strong>If they’re properly isolated, chances are they won’t be stolen at the same time.</p><p>MFA means that it’s not enough to use different authentication methods from one class. You should combine methods from different classes: like a fingerprint (thing you are) and password (thing you know), or password plus Google Authenticator, or voice confirmation of your password over a phone (all three).</p><h4>Zero knowledge proof</h4><p>Sometimes, even a single request is data leakage. Imagine you need to enter your passport ID to log into some governmental system — now, if the connection or remote party was compromised, attackers know your passport ID. Sometimes you need to transmit sensitive authentication data, but don’t have a trusted channel of communication at all. In this situation, establishing trust is a complicated task, isn’t it?</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*vogaPBHwLKw45L8Q." /><figcaption><em>Sometimes we can’t trust the network at all</em></figcaption></figure><p><a href="https://en.wikipedia.org/wiki/Zero-knowledge_proof">Zero Knowledge Proof</a> is a protocol, which allows two parties to compare some secret without sending (leaking it). It has <a href="https://cossacklabs.com/static/secure-comparator-paper-v1.pdf">real mathematical proofs</a> and was invented by scientists a few decades ago. You may find <a href="http://mathoverflow.net/a/22628">this small example</a> useful for better understanding of the protocol itself.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*bDnF8V5CHgTqZcbA." /><figcaption><em>ZKP allows you to establish trust with a server</em></figcaption></figure><p>If the remote party doesn’t have the same credential as you, the request will fail without leaking the request data. It works for passwords, document ids, and any private credentials with the public identifier. By the way, it combines really well with MFA. Unfortunately, I’m not aware of any iOS implementations other than the <a href="https://github.com/cossacklabs/themis/wiki/Advanced-features">library I’m contributing to</a>, so it’s a shameless plug :)</p><h3>Combining things</h3><p>Well, remember echelonization? No single tool is good enough. Let’s combine them.</p><p>A typical secure app layout has SSL over a network, and it somehow encrypts data on both ends. But, well, it’s barely enough. Such a system may be still vulnerable to MitM and data leakage.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*2Vn8jVVRyPKj2r8y1uYkGg.gif" /><figcaption><em>Building secure architecture layer by layer</em></figcaption></figure><p>Step 2 makes trust model consistent and compartmentalize things from one another. Let’s keep most of the trust in the user’s hands: encrypt all stored data by keys derived from the user’s password. So only the application can decrypt data only upon password input. As for traffic, encrypt everything with ephemeral keys, which are derived from public keys. This way, the transport and the data itself are separated and have their own layers of protection.</p><p>Now, let’s add more novel techniques to enable even better security guarantees: by introducing several authentication factors we will make identity forgery even more complicated and minimize the risks of stealing even encrypted data. Moreover, when the parties only negotiate to exchange the data, adding zero knowledge protocol helps us to stay strong in a case where the whole system gets compromised, and the remote party gets replaced by an evil twin.</p><p>Feeling more secure now? :)</p><h3>Key points</h3><p>I would be happy if you tap on links from the text/slides and read them. Obviously, one post (even long read) is not enough to describe everything. You may also be interested in reading <a href="https://medium.com/@vixentael/data-protection-for-mobile-client-server-architectures-6e6dcabd871a">my other slides</a>, where I discuss some approaches in more depth, like SSL pinning, ephemeral keys and so on. Then put that Security Wizard Hat on and analyze your system from security point of view. Find possible threats and implement a thing or two.</p><p>If you have any questions or comments, please, feel free to contact me via <a href="https://twitter.com/vixentael">Twitter</a> or <a href="mailto:vixentael@gmail.com">mail</a>.</p><h3>Additional reading</h3><p>– Text, slides and video from my previous talk “<a href="https://medium.com/@vixentael/data-protection-for-mobile-client-server-architectures-6e6dcabd871a">Data protection for mobile client server architecture</a>”</p><p>– <a href="http://mashable.com/2016/04/16/apple-security-explained/">How Apple Security works</a></p><p>– <a href="https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html">Why you should avoid ssl for your next application</a></p><p>– Choose <a href="https://cossacklabs.com/choose-your-ios-crypto.html">crypto iOS library</a> that works for you</p><p>– OWASP: iOS application <a href="https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet">security testing cheat sheet</a></p><p>– <a href="http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html">Zero knowledge proof</a> illustrated primer</p><h3>Slides</h3><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fspeakerdeck.com%2Fplayer%2Fdcfea8085bb940bdb6008338d17dbf90&amp;url=https%3A%2F%2Fspeakerdeck.com%2Fvixentael%2Fupgrading-approaches-to-the-secure-mobile-architectures&amp;image=https%3A%2F%2Fspeakerd.s3.amazonaws.com%2Fpresentations%2Fdcfea8085bb940bdb6008338d17dbf90%2Fslide_0.jpg&amp;key=d04bfffea46d4aeda930ec88cc64b87c&amp;type=text%2Fhtml&amp;schema=speakerdeck" width="710" height="463" frameborder="0" scrolling="no"><a href="https://medium.com/media/fd94fa756b96eadebdaed3b5479122c6/href">https://medium.com/media/fd94fa756b96eadebdaed3b5479122c6/href</a></iframe><h3>Video</h3><p>Coming soon. I’ll post it here as soon it is ready :)</p><h3>P. S.</h3><p>If you like my post and sketches, tap on 💚!</p><p><em>Originally published on </em><a href="https://stanfy.com/blog/upgrading-approaches-to-the-secure-mobile-architectures/"><em>Stanfy’s blog</em></a><em> on May 2016.</em></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=7a8fcb10d28a" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Data Protection For Mobile Client-Server Architectures]]></title>
            <link>https://medium.com/stanfy-engineering-practices/data-protection-for-mobile-client-server-architectures-6e6dcabd871a?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/6e6dcabd871a</guid>
            <category><![CDATA[mobile-app-development]]></category>
            <category><![CDATA[security]]></category>
            <category><![CDATA[ios]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Sun, 14 Feb 2016 14:42:53 GMT</pubDate>
            <atom:updated>2016-02-22T10:07:52.500Z</atom:updated>
            <content:encoded><![CDATA[<figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*kkAMlq-gGym9mzi2KOlHnA.png" /></figure><p><em>That’s the follow-up of several talks about data protection for mobile applications I gave at the end of 2015. Geography is wide: twice in Ukraine (</em><a href="http://mdday.lviv.ua/team_member/anastasiia_voitova/"><em>mdday.lviv.ua</em></a><em>, </em><a href="https://www.facebook.com/CocoaHeadsUkraine/photos/a.597462120299311.1073741830.558275340884656/964782386900614/?type=3&amp;theater"><em>CocoaHeads Kyiv #7</em></a><em>); once in Amsterdam, Netherlands at </em><a href="http://www.do-ios.com"><em>do{iOS} conf</em></a><em>; and in Minsk, Belarus at </em><a href="http://conf.cocoaheads.by/"><em>CocoaConfBy</em></a><em>.</em></p><p>We, mobile app developers, usually consider security to be a complicated topic, and that is why security talks are rather tedious. I also watched lots of talks like those. While some security concepts are very difficult to understand, it’s also almost impossible to remember and implement them. I decided to take the other way round and make my talk about data protection easy to grasp, with a plenty of cute pictures.</p><p>Look on the slides, watch the video of my talk at do{iOS} conf, or read the whole story.</p><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fspeakerdeck.com%2Fplayer%2F37b20b81d330432c9793164865783ae0&amp;url=https%3A%2F%2Fspeakerdeck.com%2Fvixentael%2Favoiding-damage-shame-and-regrets-data-protection-for-mobile-client-server-architectures&amp;image=https%3A%2F%2Fspeakerd.s3.amazonaws.com%2Fpresentations%2F37b20b81d330432c9793164865783ae0%2Fslide_0.jpg&amp;key=d04bfffea46d4aeda930ec88cc64b87c&amp;type=text%2Fhtml&amp;schema=speakerdeck" width="710" height="596" frameborder="0" scrolling="no"><a href="https://medium.com/media/3b558feb2e69b1220051d973260003d2/href">https://medium.com/media/3b558feb2e69b1220051d973260003d2/href</a></iframe><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FzKvt0fv_mkc%3Ffeature%3Doembed&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DzKvt0fv_mkc&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FzKvt0fv_mkc%2Fhqdefault.jpg&amp;key=d04bfffea46d4aeda930ec88cc64b87c&amp;type=text%2Fhtml&amp;schema=youtube" width="854" height="480" frameborder="0" scrolling="no"><a href="https://medium.com/media/36d895b876bde77fe48abf674a48b2ea/href">https://medium.com/media/36d895b876bde77fe48abf674a48b2ea/href</a></iframe><h3>Real world security vs cyber world security</h3><p>Let’s start with <strong>a real-world security</strong>. Meet two dodo birds: Alice and Bob. They are rare species and want to secure themselves from Eve, a Fennec Fox with looooong ears intended to listen all birds’ secrets. When birds notice Eve, they fly away to the bushes.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Ax9_L-8RhDvUjjGD.png" /><figcaption>Eve-the-Fox eavesdrops birds chatting, but they can fly away to the bushes</figcaption></figure><p>Well, in the real world things are clear:<strong> when somebody wants to hear your secrets — you can physically move away.</strong> Avoiding dangers is a part of our nature.</p><p>In the cyber world information security requires us to solve puzzling problems for which <strong>we don’t have intuitive instruments.</strong></p><p>We only know the general direction:</p><ul><li>make communication confidential</li><li>and limit access to the stored goods</li></ul><p>It can be surprising, but every program is a potential target for attackers who will try to find a security vulnerabilities in our apps.</p><blockquote>We — developers — are responsible for keeping things secure from bad guys.</blockquote><p>We really care about users’ data. We want to protect data in the storage (saved to the database, files, NSUserDefaults, etc) and on it’s way from an app to a server.</p><h3>Protect the data on its way to the server</h3><p>Developers tend to think mobile apps are quite safe from malicious attacks in their neat sandboxed environments. This is only partially true: data-in-motion is still at risk, and the risk is high: all sorts of man-in-the-middle and passive eavesdropping attacks are still efficient, if you don’t protect the data the right way.</p><p><strong>Why is this happening?</strong> Security is thought to be tangled and hard to implement. Instead of thinking about building the app based on the fundamental security principles, developers prefer to copy the quick solution from StackOverflow or to implement already existing cryptoalgorithms themselves. It leads to buggy software, full of vulnerabilities and security holes that can be easily cracked.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*_5vk-Z7TdOFVJpNx6qj0xA.png" /></figure><p>Thanks to the Apple ATS policies, now almost every iOS9 application uses HTTPS. HTTPS relies on SSL/TLS protocol, that — unfortunately — has a <a href="https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html">number of security issues</a> and a lot of moving parts, which are easy to break.</p><p><strong>Using HTTPS alone doesn’t make your app very secure: </strong>there are lots ways to break SSL encryption. From the attacker perspective, it looks like Alice wears a paper hat and Bob encircles himself with a handmade fence, and they feel secure. But they are not.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*JHCNiurLQoAa2wFX.png" /><figcaption>Using HTTPS with default setup is like using paper hat and handmade fence against Eve</figcaption></figure><p>It’s very important to do SSL right to be more secure: disable old protocols (like sslv3), use long encryption keys and pin certificate inside the client. Well, you can read more in that <a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">tiny cheat sheet.</a></p><p><strong>SSL pinning</strong> is one of the easiest things to implement inside iOS app that complicates MitM attacks. You just need to pin server’s certificate inside the app, encrypt it and store in a secure place. Well, of course, don’t forget to update certificate before it expires. Many apps are already using SSL pinning, for example, <a href="https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile-applications/">Paypal</a>. As usual, there are amazing libs that can be helpful! For example, it takes only three lines of code on Swift to pin certificate using <a href="https://github.com/johnlui/Pitaya">Pitaya</a> lib.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*ncAd9YP59SOP5bRj4q4EYA.png" /></figure><p><strong>But using SSL encryption is not enough.</strong> SSL <a href="https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf">was proven to have weak Forward Secrecy</a>, which means that if the encryption key is leaked, all past and future(!) messages can be decrypted. Forward Secrecy is based on using ephemeral keys — keys that are constantly changing — and even if current key is revealed, only small portion of messages is decrypted.</p><p><strong>Encrypting data with persistent keys causes the illusion of safety, but it’s just an illusion.</strong></p><p>Always encrypt crucial data with ephemeral keys that are re-generated each session, and no one will be able to grab it using the soldering iron.</p><p>Before sending data, client and server negotiate about temporary key and use it only during current — rather short — session. Opening new session requires to generate new temporary key. It sounds quite tricky, but there are cool libs for that! <a href="https://github.com/cossacklabs/themis">Themis</a> and <a href="https://github.com/ChatSecure/OTRKit">OTRKit</a> libs provide easy client and server interfaces to add encryption to your current client-server architecture.</p><h3>Keep users data correctly</h3><p>Okay, enough about data in motion, securing data in storage is also important. iOS has own crypto, protecting user’s data while your device is locked. But what if device is stolen and unlocked?</p><blockquote>Wherever you store sensitive data, please, make sure it’s encrypted.</blockquote><p>You don’t need to implement everything yourself. Realize possible security risks for your specific app, build the stout architecture based on CIA principle (confidentiality, integrity, authentication), use right tools, and <em>own brains</em> — this is a proper way to create the app that will take lots of time to break.</p><p>It’s quite simple: pick the good library, generate the encryption key (aka master password), encrypt data before writing to the storage, decrypt it after reading back. And of course, don’t put your master password plaintext inside your app or in the NSUserDefaults. Use Keychain (<a href="https://github.com/soffes/sskeychain">SSKeychain</a> and <a href="https://github.com/square/Valet">Valet</a> are nice wrappers) or generate master password ‘on the fly’ using custom math formula and <a href="https://en.wikipedia.org/wiki/Key_derivation_function">KDF</a>.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*6Iqppoojgj-1R4PN.png" /><figcaption>Alice and Bob build stout secure architecture, poor Eve is crying in the corner</figcaption></figure><h3><strong>To summarize, securing your app is rather simple:</strong></h3><p>– use HTTPS and make sure you’ve disabled old and weak ciphers;<br>– implement SSL pinning, but encrypt the certificate and keep it safe;<br>– encrypt data in motion with the additional layer of encryption using the ephemeral keys;<br>– encrypt data before putting it in the storage and remember to store master key secure or to compute it “on the fly”.</p><h3><strong>What to see next</strong></h3><ul><li>Look at <a href="https://speakerdeck.com/vixentael/avoiding-damage-shame-and-regrets-data-protection-for-mobile-client-server-architectures">my slides</a> to catch the full story.</li><li>Read amazing blog posts by <a href="http://nabla-c0d3.github.io/">nabla-c0d3</a>, pay attention on the audit of <a href="https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf">CryptoCat iOS app</a>.</li><li>Watch <a href="https://realm.io/news/seth-law-swift-security/">the great talk “Swift-ly Secure” by<em> </em>Seth Law</a>.</li><li>Follow Moxie Marlinspike and <a href="https://www.google.com.ua/webhp?sourceid=chrome-instant&amp;ion=1&amp;espv=2&amp;ie=UTF-8#q=moxie+marlinspike&amp;tbm=vid">watch all his talks</a> :)</li></ul><p><a href="https://twitter.com/vixentael">Let me know</a> if you care about security as much as I do =)</p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=6e6dcabd871a" width="1" height="1" alt=""><hr><p><a href="https://medium.com/stanfy-engineering-practices/data-protection-for-mobile-client-server-architectures-6e6dcabd871a">Data Protection For Mobile Client-Server Architectures</a> was originally published in <a href="https://medium.com/stanfy-engineering-practices">Stanfy Engineering Practices</a> on Medium, where people are continuing the conversation by highlighting and responding to this story.</p>]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Using MBaaS for real-life applications.]]></title>
            <link>https://medium.com/@vixentael/using-mbaas-for-real-life-applications-fb4761095ad0?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/fb4761095ad0</guid>
            <category><![CDATA[parse]]></category>
            <category><![CDATA[ios]]></category>
            <category><![CDATA[mobile-app-development]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Mon, 07 Dec 2015 11:06:06 GMT</pubDate>
            <atom:updated>2016-02-25T11:41:38.848Z</atom:updated>
            <content:encoded><![CDATA[<p><em>UPD: Parse.com announced its shutting down :(</em></p><p>But we know what to do next!</p><p><a href="https://medium.com/p/97d7fc432c5"></a></p><p>Have you tried to use Parse.com for your apps? I have. And I liked it! But there’re a couple of things to keep in mind before you blindly sinking into ‘codeless backend’.</p><p>This is my story, based on more than 3 years experience of building apps with Parse →</p><p><a href="https://medium.com/p/9965d7b3606">Backend without code. Parse.com: myth vs reality</a></p><h3>P.S.</h3><p>Just want to have all my stories in one place. Take this rubber duck picture for your inconvenience.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*BKMHWJkhVgbE-9FOD6O5gA.jpeg" /><figcaption>en la playa</figcaption></figure><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=fb4761095ad0" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[How to Estimate Mobile Projects 2. Why Estimation Fails and How to Prevent This]]></title>
            <link>https://medium.com/stanfy-engineering-practices/how-to-estimate-mobile-projects-2-why-estimation-fails-and-how-to-prevent-this-e93b06bdb3d3?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/e93b06bdb3d3</guid>
            <category><![CDATA[mobile-app-development]]></category>
            <category><![CDATA[project-management]]></category>
            <category><![CDATA[ios]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Mon, 30 Nov 2015 10:23:06 GMT</pubDate>
            <atom:updated>2015-12-29T09:33:25.621Z</atom:updated>
            <content:encoded><![CDATA[<p><em>After the project is estimated and engineers start development, everything looks clear. What could possibly go wrong? Read about challenges and pitfalls during estimations.</em></p><p>This is the second part of post series “How to Estimate mobile projects”. Read also <a href="https://medium.com/@vixentael/how-to-estimate-mobile-projects-1-a-step-by-step-guide-8b4c25ba7621#.20movro4u"><strong>Part 1 — A step by step guide</strong></a> where we described the initial process of breaking down features and estimations.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*HeEtOKQ5nRq08R7W.png" /></figure><blockquote>The first 90 percent of the code accounts for the first 90 percent of the development time. The remaining 10 percent of the code accounts for the other 90 percent of the development time.</blockquote><blockquote>— Tom Cargill, Bell Labs</blockquote><h3>Changes and uncertainty</h3><p>Sometimes, a project’s details change during development. Some changes are small (changing fonts or colors), some changes are large (adding an extra page or swapping screens). Changes themselves are not a problem, but they certainly affect the initial estimation. Sometimes, in order to make small changes, you need to rewrite a large piece of the system.</p><p>Read this <a href="https://medium.com/@stanfymobile/developer-horror-story-abf3d8add243">developer horror story</a>, which describes how many steps you need to take in order to change the text in the application that is already published in the AppStore.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*ExuQPdYPmxBVLLa9.png" /><figcaption><em>Asking the team to estimate another feature…</em></figcaption></figure><p>The future changes are the things that nobody can estimate at the beginning of the project. Therefore, we must keep in mind that initial estimation becomes irrelevant when the project’s scope changes, which is the case in 90% of all projects.</p><h3>Reinventing the wheel</h3><p>The world of iOS development has lots of libraries that significantly reduce development time. We use libs like AFNetworking/RestKit, ReactiveCocoa, Runes, Themis, SDWebImage, SVProgressHUD, other UI controls, our own libs and so on. We can focus on the really interesting or complex components, and implement more valuable features before release. The more cool problem-solving libraries are in our arsenal, the more accurate our estimation is.</p><p>The mobile world is evolving so fast that we often google before implementing large components of the application, for example, how fast our favourite database is in the new version of iOS. Such research reduces the chance of stumbling upon unexpected problems during development and allows us to be in the know.</p><h3>Some tasks are more time-consuming than they appear</h3><p>Never underestimate the challenges that are associated with the real-world features. Among them are such things as time operations, especially with time zones, and specific hardware capabilities like cameras, GPS, push notifications or Bluetooth. It takes more time because development on a real device is “slightly” slower than on the simulator (although Apple tries to make our life easier every year).</p><p>In the same category we include integration with other physical devices such as an external microphone or smart watch.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*d0y6tpU3aEqKyrLl.png" /><figcaption><em>Augmented reality and working with physical devices: that takes time!</em></figcaption></figure><p>Normally, embedding Apple services such as In-App purchasing and iAd doesn’t take a long time, and most developers think “it’s easy”, but it may take a long time to test, so we usually mark previously mentioned tasks as “time-consuming”.</p><p>In addition, <strong>the application won’t submit itself to the Store.</strong> We add several hours for submission to the overall estimated time. This is especially sad when you have to take lots and lots of screenshots for each localization, but now we can open up the <a href="https://github.com/KrauseFx/fastlane">fastlane</a> tool, and things go much faster. Needless to say that it’s easy to forget something in the pre-release atmosphere, so we have created a ‘<a href="https://medium.com/@stanfymobile/check-list-submit-to-appstore-b0a56f42275a">before submission checklist</a>‘ to keep things in one place.</p><h3>Must-have features that are always forgotten</h3><p>What features are present on 80% of the applications, but are often forgotten during the estimation? Screens with a bunch of texts, such as the FAQ, TOS, license agreement and disclaimer. Alert-reminders asking users to rate an application and leave some comment in the store. A “contact us” button to send an email. These features are ‘easy’, but you should put them on the list, too.</p><p>Gathering usage statistics is very important in order to make the right decisions in the future. The simplest way is to track each screen opening and the pressing of every button. But sometimes you need to collect more complex events to calculate conversion or to understand whether the design works as expected. To do this, you need to think about what kind of events statistics will be useful and to integrate analytics tools (like <a href="http://www.flurry.com/">Flurry</a>, <a href="http://www.google.com/analytics/mobile/">Google Analytics</a> or <a href="https://mixpanel.com/">Mixpanel</a>).</p><h3>Communication and documentation also take time</h3><p>Developers usually estimate only the technical side of the story. Time spent on communication is also important. For example, often it’s necessary to design server-client API before starting the development phase, but sometimes API documentation is being designed on-the-fly. It takes time to coordinate teams, especially if they work remotely. In this case we don’t estimate ‘communication’, but ‘creating/updating API doc’.</p><p>According to the <a href="http://www.agilemanifesto.org/">agile manifesto</a>, working product is more important than comprehensive documentation, but it doesn’t mean that docs should not be created. When we estimate complicated features we don’t forget to add points to create the documentation. Talking about client-server interactions we often create <a href="http://www.tracemodeler.com/articles/a_quick_introduction_to_uml_sequence_diagrams/">sequence diagrams</a>. Reading such diagrams instead of digging through the code trying to figure out what’s going on, saves hours, but creation of the diagram also takes time.</p><h3>Unpredictable team factors</h3><h4>Teams make mistakes.</h4><p>More often the team underestimates the complexity of the task, but sometimes they can overestimate it. A few tips on how to reduce this risk to a minimum.</p><p>Permanently increase the level of the team (gain more Exp!). More projects estimated and done means more XP gained. Besides, it is important to conduct the retrospective team meetings to try to figure out the reasons for inaccurate estimates.</p><p>Also, communicating with other teams, listening to their experience and mistakes, helps. And of course, reading a variety of developer resources daily or weekly to monitor community’s pitfalls and trends is also helpful.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*q1PLdVuzpL5VKRS_.png" /><figcaption><em>Team changes are unpredictable…</em></figcaption></figure><h4>Teams change.</h4><p>Swapping horses when crossing a stream is obviously a bad idea. It’s not a developer’s fault if one team estimated the project, but another one is going to develop it.</p><p>Unfortunately, it happens. In this case, it is necessary to discuss and re-estimate the project with the new/updated team. Well, it seems like a waste of time, but in fact, it makes it easier to navigate in the project timeline and to understand the schedule before it gets too late.</p><h3>Iterate and re-estimate</h3><p>We talked about rough estimates in <a href="https://stanfy.com/blog/how-to-estimate-mobile-projects-a-step-by-step-guide">Part 1</a>. In fact, agile project development involves continuous planning and evaluation sessions every sprint or two. Those features that were rough estimated should be re-estimated in more detail, taking into account the knowledge of the system that has emerged.</p><p>Features estimation, implementation, and estimation analysis are a part of the development cycle. The team gains XP and reduces the risks associated with every new project estimation.</p><h3>Well,</h3><p>in the developers’ world, there are many factors that affect the project’s estimation at the different stages. Unfortunately, it’s impossible to take all of them into account. Fortunately, we know many of these factors and know how to minimize risks.</p><p>On the one hand, it is crucial to improve the team constantly, creating various and complex projects, sharing practices with other teams and absorbing their experience. On the other hand, development should move by small iterations, constantly keeping one’s eye on the ball to see the possible divergences from the plan as early as possible.</p><h3>Read More</h3><p>Part 1 — <a href="http://How%20to%20Estimate%20Mobile%20Projects%201">How to Estimate Mobile Projects. A step by step guide</a></p><h3>P.S.</h3><p>Found useful? Enjoyed my pony sketches? Feel free to like and share post! :)</p><p><em>Originally published on </em><a href="https://stanfy.com/blog/how-to-estimate-mobile-projects-a-step-by-step-guide/"><em>Stanfy’s blog</em></a><em> on October 12, 2015.</em></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=e93b06bdb3d3" width="1" height="1" alt=""><hr><p><a href="https://medium.com/stanfy-engineering-practices/how-to-estimate-mobile-projects-2-why-estimation-fails-and-how-to-prevent-this-e93b06bdb3d3">How to Estimate Mobile Projects 2. Why Estimation Fails and How to Prevent This</a> was originally published in <a href="https://medium.com/stanfy-engineering-practices">Stanfy Engineering Practices</a> on Medium, where people are continuing the conversation by highlighting and responding to this story.</p>]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[How to Estimate Mobile Projects 1. A Step by Step Guide]]></title>
            <link>https://medium.com/stanfy-engineering-practices/how-to-estimate-mobile-projects-1-a-step-by-step-guide-8b4c25ba7621?source=rss-5d8623d95b92------2</link>
            <guid isPermaLink="false">https://medium.com/p/8b4c25ba7621</guid>
            <category><![CDATA[ios]]></category>
            <category><![CDATA[project-management]]></category>
            <category><![CDATA[mobile-app-development]]></category>
            <dc:creator><![CDATA[vixentael]]></dc:creator>
            <pubDate>Mon, 30 Nov 2015 10:22:38 GMT</pubDate>
            <atom:updated>2015-12-07T10:39:14.158Z</atom:updated>
            <content:encoded><![CDATA[<p><em>Read some advice on how to transform the project into achievable tasks and what to keep in mind during estimation.</em></p><p>This is the first part of articles series How to Estimate mobile projects. Read also <a href="https://medium.com/@vixentael/how-to-estimate-mobile-projects-2-why-estimation-fails-and-how-to-prevent-this-e93b06bdb3d3#.sw8n7jshu"><strong>Part 2 — Why Estimation Fails and How to Prevent This</strong></a><strong> </strong>to learn about challenges and pitfalls that may occur.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*rlu7UMSZx8GrOoK3U13jtw.png" /></figure><p>If anyone asks two dev teams to estimate one project, most likely we will get <em>two different estimates</em> because each team’s judgement will be based on their experience and expertise.</p><p>In a perfect world, before engineers take off with an estimation,the project is already divided into functional modules, each is well-described, and interactions between them are documented, too. This project is evaluated by a team of experienced developers and they start development instantly. But the real world is not so rosy.</p><h3>Start development from estimation</h3><p>There is a widespread opinion that project estimations are a waste of time because they are very volatile in their nature: projects frequently turn out to be more challenging, new demands arrive, new features are added, members of the team come and go.</p><p>It is especially true in the case of a startup or an innovative project — where lots of things are to be validated or even completely pivoted. It’s hard to argue with harsh reality, but it’s always fun to look back at the end and realize how the project began and how naive we were.</p><blockquote>Estimation of the project is the first step to a successful release.</blockquote><p>The estimation is important: it explains how much time is needed to complete the project and get to release. It also helps to move from deliberation of the idea to the elaboration of the detailed plan; to estimate the complexity of system pieces; and to prioritize them.</p><h3>Dig into the project’s problem domain</h3><p>Here at <a href="https://stanfy.com/">Stanfy</a> we estimate projects at different stages. The first stage is a rough estimation when the project only appears on the horizon. Here we explore the project’s industry (medicine, e-commerce, video streaming), and define users and what functions they may need.</p><p><strong>We really need to understand the underlying domain and the problem we’re trying to solve.</strong></p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*rbPcugI9e37WHEce.png" /><figcaption><em>Exploring new areas is fun</em></figcaption></figure><p>At the rough estimation stage we devise how the user will work with the app and create the preliminary list of features. In order to make this list more accurate, we design low-fidelity wireframes, which show the user’s flow screen by screen inside the app. Wireframes allow us to put things in perspective: how the app’s features are correlated with the screens, and how the screens are connected to provide an intelligible user experience.</p><p><strong>The next step is picking out the most tricky technological pieces:</strong> for example, whether the application has an offline mode with synchronization or a barcode scanner or live chat or video streaming. It allows us to understand what technological challenges may arise along the way, and what constraints we should keep in mind.</p><p>For example, integration with Spotlight Search is available only starting from iOS9; we should take this into account if we are going to create an app for iOS8, too. The more tricky features an application has, the more the roughly estimated time may differ from the actual one.</p><p>At this stage most customers think carefully about their lives, money and plans, and make a decision about whether they are ready to move forward or want to stop. After that comes Stage 2 of estimation, which we call ‘make it as accurate as you can’.</p><h3>Design detailed screens</h3><p>Having a detailed design is very important during the estimation phase. Steps to detailed screens are simple: low-fidelity wireframes, high-fidelity wireframe, interactive prototypes, designs. Lo-fi wireframes are created in the previous step, and they can be transformed into high-fidelity ones. Hi-fi wireframes show more details on the screen: layout, buttons, content placeholders. They pay respect to the design guidelines for every platform: hi-fi wireframes for iOS look different from those for Android.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*dqbPKKWLIo7_9M2o.png" /><figcaption><em>High-fidelity wireframes vs implemented designs</em></figcaption></figure><p>Hi-fi wireframes can be easily transformed into interactive prototypes. One can open prototypes on mobile phones and interact with them like with real applications. Such prototypes are remarkably helpful for developers during the estimation phase; they help to understand an application’s navigation better and visualize its overall architecture.</p><p>Anyway, <strong>the result of estimating a project which has only wireframes — even interactive ones — is not completely accurate numbers.</strong></p><p>The next stage is to transform wireframes into the set of designed screens. Looking at designs, developers understand the app even better: which components to use and whether it’s necessary to write custom elements or it’s enough to customise native ones.</p><p>A good design corresponds to guides: the <a href="https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/MobileHIG/">Apple Human Interface Guidelines</a> and the <a href="https://developer.android.com/design/index.html">Android Design Guide</a>. The sets of native components for the web, desktops and mobiles are each different, so if the designer uses complex or non-native components, it increases the resulting estimates. For example, the radio button is native for Web applications, but it has the analogues for mobile — a <a href="https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/MobileHIG/Controls.html">switch</a> or <a href="http://developer.android.com/guide/topics/ui/controls/togglebutton.html">toggle button</a>. Nevertheless, estimating the prototypes is not as accurate as estimating already rendered designs.</p><h3>Create a detailed feature list</h3><p>It is hard to estimate the bare idea, so it’s necessary to create a features list or user stories that make up the project. Features are functional pieces that bring value to the user.</p><p>Describing features is something outside of the scope of the estimation and has to be done by the product owner’s team. Our development team clarifies and supplements the descriptions with the technical details.</p><p>For example, let’s consider a feature such as login via email. It consists of the login screen itself, keyboard behavior (it’s better to send data when the user presses the ‘done’ button on the keyboard than when he needs to hide the keyboard and look for the ‘send’ button behind it), data validation, sending requests to the server, handling responses, showing loading, showing error messages, etc.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*6rH03ymnhtDhix5s.png" /><figcaption><em>Spreadsheet with initial project’s estimation</em></figcaption></figure><p>Even the login feature that seemed so small hides many details, and a project is a set of such features. Usually we create a simple spreadsheet where features are divided into blocks, with less or more detailed descriptions of each.</p><h3>Estimate effort</h3><p>To estimate the feature means to find efforts (time and cost) that are required to get this feature done. There are different <a href="https://en.wikipedia.org/wiki/Estimation_%28project_management%29">methods of estimation</a>, but we use analogy based estimation, correlating the feature with its difficulty: easy, normal, hard, infinity — like game levels!</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*erizk_qQzFSxJQFw.png" /><figcaption><em>Imagine that you are choosing the difficulty level during the features’ estimation</em></figcaption></figure><h4>Let’s see examples.</h4><ul><li>Easy: Login, forgot password, FAQ, help screens. Usually, static or dynamic screens, without too complex a design, often without sending requests to the server.</li><li>Normal: Home screen, registration, tables, collections, custom controls. Usual screens with server requests, or custom controls.</li><li>Hard: Third-party API integration, audio/video recording, streaming, chatting, custom gestures, synchronization, offline mode.</li><li>Extreme. Usually they’re unclear and huge features. It’s better to divide them into smaller ones.</li></ul><p>Sometimes it’s hard to define where the line is between groups. The rule is simple: round upward if you have doubts.</p><p>Let’s look at an example. Almost every mobile application uses tableview to show content: like showing tweets or cat photos. In the mobile world, the table is a list of the cells, which contain texts, pictures, dates and so on.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Al8Pania4cDIFjUy.png" /><figcaption><em>Tables everywhere!</em></figcaption></figure><p>A table may look very simple, but from a developer’s perspective a simple table involves:</p><ul><li>Design cells (which can contain a lot of information and extra buttons and have flexible content depending on height).</li><li>Loading data (send requests to the server, parse response, create data models)</li><li>Loading more, pull-down-to-refresh.</li><li>Showing loading, empty, and error states (like connection errors).</li><li>Adding/removing items from the table. In my experience, removing items from the table can be very tricky — many apps crash due to data inconsistency.</li><li>Merging content. Sometimes you will need to merge local content with data from the server.</li><li>User interaction when tapping on the cell itself or on a button on the cell (usually the background changes to indicate the selected state and a new screen opens).</li><li>Image caching for pictures in cells (if any).</li><li>Nice animation when cells appear on the screen while scrolling (image fading or light bouncing, depending on the project style).</li></ul><p>Looks complicated, right? And after all, a table should look nice and be scrolled smoothly.</p><p>But the good thing is that most of these features only need to be written once and can be reused with different tables inside one project or in different projects.</p><p><a href="https://github.com/stanfy/ios-components-bikeshedding">We are working</a> on the list of components that are frequently used in many mobile applications, describing different user scenarios and corner cases. It’s useful to have this list on hand during project estimation to keep in mind unique peculiarities of every component.</p><p><strong>The result of this stage is the list of the estimated features.</strong> The more hard or even ‘extreme’ features there are in the list, the more time the project takes.</p><h3>Sort features by priority</h3><p>Some features are more important than others. Therefore, we divide them into “must have”, “nice to have” and “cool, but later.” “Must-haves” are core features — without them the application won’t serve its purpose.</p><p>This technique is called the <a href="https://en.wikipedia.org/wiki/MoSCoW_method">MoSCoW method</a>; <strong>it allows you to focus on the most important requirements</strong> to provide users a valuable product as soon as possible.</p><p>Prioritizing has to be done by the product owner’s team right after creating the features list. Priorities help developers to focus on the most important features (without spending time on the deep study and evaluation of the features in the bottom of the icebox).</p><p>If we are talking about a chat application, for example, then the chatting itself is a core feature, but stickers’ support and sending audio messages can be added in the next release.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*Ghm3WB7uN7Y5K3EB.png" /><figcaption><em>Sorting features by priority allows you to finish more important things first</em></figcaption></figure><p>Often, a list of “cool but later” features is changed right after the first release when users give their feedback. It may turn out they really want a geolocation function to share with friends, and stickers can be postponed.</p><h3>R&amp;D features</h3><p>Of course, there are features that we can’t estimate the value of at first. For such features, we do a little research, google and collect links to understand which way to go and what to expect. <strong>At the end of the estimation phase, we highlight such R&amp;D features and consider that they may increase the overall estimated time.</strong></p><p>For example, the integration with not very popular third-party services could be rather tricky. If a service is well documented, just to integrate it and be sure that it works correctly can make up around 20% of the overall work. But often, ‘correctly’ doesn’t mean ‘good enough’ — and you devote the remaining 80% of the time to customizing, improving or even hacking your app.</p><h3>Do not estimate tech practices!</h3><p>Some things we do not add to the features list even though we do them during development. Among these are engineering practices such as pair programming or writing tests on business logic or backend API. We also “automatically” integrate crash analytics tools (like Crashlytics) and use the continuous integration/continuous delivery services to regularly build and deliver the latest version of the app.</p><p>The time is required to set up such things, but usually this time is generously repaid even before the product is released. For example, first we must spend some time to obtain keys from the crash detecting system and configure your application to use them; but then analyzing the crash reports may save you an unbelievable amount of time in finding and fixing crashes before users notice them.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/0*J-6VrAQnK-SlylHV.png" /><figcaption><em>Using extreme programming practices should not be estimated as an extra cost</em></figcaption></figure><h3>Solutions instead of the problems</h3><p>During the estimation phase, understanding the challenges ahead is to some extent guesswork, as no problem is a real problem yet, and you have plenty of time to plan, simplify features, reiterate design and proceed on a clear path. If the proposed budget or schedule seems inadequate to do the work, we propose adjusting upward or downward the cost, schedule or features.</p><p>In essence, planning is about trying to understand the challenges ahead beforehand. In good teams, <strong>it is each member’s responsibility to maintain a special tone during estimations</strong> — talk about solutions to ‘possible problems’, not about ‘these monsters ahead’.</p><h3>So,</h3><p>the <strong>estimation process is a team job</strong>: the client describes his own vision, the product owner’s team clarifies the idea and creates and prioritizes the features list. Developers are immersed in the project area, trying to find out as much as possible about the project and the end-users. They estimate features, adding a technical point of view and trying not to forget anything.</p><p>Some features are typical for many applications, so they are easier to estimate (for example, you can like posts in almost every social app). It’s more complicated to estimate unique features that no one else has done before. Of course, much depends on the experience of the team and how many different unique applications they have developed.</p><h3>Read more</h3><p>Part 2 — <a href="https://medium.com/@vixentael/how-to-estimate-mobile-projects-2-why-estimation-fails-and-how-to-prevent-this-e93b06bdb3d3#.sw8n7jshu">Why Estimation Fails and How to Prevent This</a></p><h3>P.S.</h3><p>Found useful? Enjoyed my pony sketches? Feel free to like and share post! :)</p><p><em>Originally published on </em><a href="https://stanfy.com/blog/how-to-estimate-mobile-projects-a-step-by-step-guide/"><em>Stanfy’s blog</em></a><em> on October 12, 2015.</em></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=8b4c25ba7621" width="1" height="1" alt=""><hr><p><a href="https://medium.com/stanfy-engineering-practices/how-to-estimate-mobile-projects-1-a-step-by-step-guide-8b4c25ba7621">How to Estimate Mobile Projects 1. A Step by Step Guide</a> was originally published in <a href="https://medium.com/stanfy-engineering-practices">Stanfy Engineering Practices</a> on Medium, where people are continuing the conversation by highlighting and responding to this story.</p>]]></content:encoded>
        </item>
    </channel>
</rss>