Terminal data protection for Internet communication security

(click to register)

"xx detective, highly skilled, easy to obtain the other party's location or communication content." Follow [Rongyun Global Internet Communication Cloud] to learn more

You may have also encountered such illegal small advertisements of so-called "private investigators" on the Internet, or you may have seen legal popularization stories similar to "false location fraud" in legal programs.

The frequent occurrence of such incidents proves the fact that many people want to spy on other people's privacy through illegal means to achieve illegal purposes. This is the communication security challenge we face every day as we move every aspect of our lives and work online.

Under the topic of communication security, we have shared with you topics such as link security, WebRTC transmission security mechanism, and end-to-end encryption technology.

With the popularization of SSL/TLS and the application of various security products, it is almost impossible for hackers to obtain user communication messages directly through links or intrusion servers.

In this case, obtaining communication content by implanting Trojan horses has become an important way for them to do illegal activities.

How to prevent mobile phones and other terminals from being implanted by Trojan horses? At the user level, everyone needs to have good security awareness, such as installing anti-virus software, not clicking on unfamiliar links, not jailbreaking or rooting the system, etc.

The topic we will discuss today is, assuming that our device has been implanted with a Trojan horse, how to do the final protection from the software level to ensure the security and privacy of user communication messages.

It should be noted that when the system is implanted with a Trojan horse, the software body is generally not changed, but the content to be monitored is obtained through the local network proxy or by reading files in key locations. The local network proxy, which we have shared in the link security article, can prevent information from being monitored by enabling SSL/TLS.

Data storage security

The instant messaging system generally has the feature of terminal message storage, so as to facilitate the user to view the received messages offline. These messages are generally stored using a file-level database. The advantage of using a database is that it is convenient to add, delete, modify, and query data, and there will not be too many performance problems.

Among them, SQLite has become the preferred solution for data storage of many terminal software due to its small size, open source and high performance. So how to do encrypted storage of messages in SQLite?

The scheme encrypts the message to be stored

The message to be inserted into the database is first encrypted with AES, and then inserted into the data after the encryption is completed.

This method has obvious advantages, but the disadvantage is also very fatal - if the message needs to be queried vaguely, the message cannot be encrypted, so that the product needs and security requirements form a contradiction. Therefore, we generally do not choose this method .

Option 2 encrypts data

The open source release version of SQLite 3 does not provide encryption function, but its export header file contains the definitions of sqlite3_key and sqlite3_rekey, which can be used to implement database encryption.
The version with encryption implementation also needs to define the preprocessing macro SQLITE_HAS_CODEC in the precompile to enable the functions of these functions.

sqlite3_key

sqlite3_key is the input key. If the database is encrypted, you must execute this function and enter the correct key before the operation can be performed; if the database is not encrypted, after executing this function, the database operation will appear "This database is encrypted or not a database file". mistake.

 // db 是指定数据库，pKey 是密钥，nKey 是密钥长度。
int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) 

// 例：
sqlite3_key(db, "abc", 3);

sqlite3_rekey

sqlite3_rekey is to change the key or add a key to an unencrypted database or clear the key. Before changing the key or clearing the key, sqlite3_key must be executed correctly.

After the correct execution of sqlite3_rekey, the database can be operated normally before sqlite3_close closes the database, and there is no need to execute sqlite3_key again.

 // 参数同上 
int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey)

Add database password: If you want to add a password, you can call the sqlite3_key function at any time after the database file is created and before closing the database file.

Read database data: After opening the data file, call the sqlite3_key function. (If the database is not encrypted, the error "This database is encrypted or not a database file" will appear when the database operation is performed after executing this function; after testing, the password can only be set when creating a new database!)

Change the database password: First, you need to open the database correctly with the current password, then you can call sqlite3_rekey(db,"112233",6) to change the database password.

In addition to directly using sqlite3_key in SQLite 3, there are many SQLite open source frameworks in other languages that also provide database encryption capabilities, such as: SQLCipher, wxSQLite3, etc. Currently, SQLite 3 supports the version of these two interfaces to 3.31.1, and later versions are no longer supported. It is recommended to use some open source libraries.

Database password protection

Database passwords should be avoided directly in code or configuration files. Because once the program is decompiled its confidentiality will not exist, so the database password also needs to be protected .

First of all, the safest way is that the client does not store the database password at all. Every time the terminal software is opened, the network must be normal and the database password can be returned after complete user authentication by the server. The server needs to generate a different password for each device of each user, which can effectively prevent the following two situations:

① In a scenario where there are multiple users on a terminal, a password leak causes the entire terminal to be cracked;
② After a user's password is cracked, the data on the user's other devices can be viewed.

(Database password saving process)

Through the above flow chart, we can simply understand how the database password is saved. However, there is a problem with this method, that is, if the client has an offline opening requirement, this solution cannot be satisfied.

Offline requirements for database operations have potential security risks, all of which can be cracked. This is the conflict between security and convenience . However, we can increase the difficulty of cracking by setting complex rules. When designing rules, we at least ensure that the following principles are followed:

① The password is different for each user on each device.
② The result of the data password must be the same every time.
③ The password result is not stored in the terminal.
④ The code for the terminal to generate the password must be security reinforced.

For example: we get the database password by hashing the device ID with the user ID.

Nowadays, the problem of information security is becoming more and more serious. In real life, we cannot guarantee that the terminal software used adopts the encrypted data storage method.

Therefore, maintaining a good usage habit, not clicking on unfamiliar links, not installing applications from informal channels, and installing anti-virus software and other security products on the terminal can maximize the protection of our information and privacy from being obtained by criminals. use.