November 14, 2014 | Las Vegas, NV

Travell Perkins, Fidelity

•

•

•Virtual asset transfer (inheritance)

Amazon

Amazon ELB

Twilio Server

DSM DSMCloudant Cloudant

CloudFiles Twilio Server

S3 S3

EC2 Auto Scaling Group

Application Server

Application Server

Application Server

Generates encryption keys using AES-256 Cipher. The keys are used to

encrypt/decrypt files.

(DynamicSecurityModule - PHP Service/FidelityVDC)

Documents and data are encrypted for persistent storage and decrypted for

presentation layer

(Core Service/Node.JS/AWS EC2)

Customer facing interface to upload/

download documents

(Javascript, EC2)

Sends emails for Account Signup,

Password Resets, File Sharing Notices etc.

(Simple Email Service)

Register new users, password resets, user profile management

(Core Service/Node.JS/AWS EC2)

Get Encryption Key

Encrypted documents

(S3)

Store Encrypted Documents and meta- Data

Notify users

Redundant document

storage

(CloudFiles)

Document Meta-data is stored. Customer accounts info is also

stored.(Cloudant)

Add a new user, manage users

Register User, Authenticate users

Admin interface to manage system users

(Javascript, EC2)

SMS/Voice for multi-factor authentication

(Twilio)

Authenticate & Authorize

(Core Service/Node.JS/AWS EC2)

Is the user a valid user?

Manage Users/Admins

Customers Admins

Encrypt and Store Documents, Get Customer Documents

Send Email to users

Send Email to users

Upload/DownloadDocuments

Manage Admin Users

Component Threat Protocol A.S. Mitigation

All data flows TID HTTPS Various SSL/TLS everywhere

Component Threat Mitigation

EndUser S Form Authentication; Multi-factor Authentication

RD Not Applicable

Admin (Jump

Box)

S SSH UserName/Password; Multi-factor Authentication

RD Not Applicable

Twilio S Shared Access Key

RD No fallback SMS service. But Fidsafe Auth falls back to

Security Questions.

SES (Email) S Shared Access Key

RD No fallback. Messages are sent async.

Component Threat Mitigation

DSM S HTTPS SSL Server Authentication

E Low Privileged Account

TRID All PHP files are read only (for non-root) and owned by root

Core Service S HTTPS SSL/TLS Server Authentication

E Low Privileged Account, Node (Non-root user)

TRID Permissions on Node.JS application files 644

Web UI S Forms Authentication over HTTPS; SMS or Preference Based Security Question

E Running as logged-in user

TRID Default permissions (User has no permissions to Framework binaries)

Mobile App S Digital Signature provides authenticity and tamper detection

E Default container defenses provide least privilege

TRID Digital Signature provides authenticity and tamper detection

Component Threat Mitigation

Cloudant TID Database Permission (Read, Write, Delete) for CRUD

operations.

CloudFiles TID Shared Access Key; All data bits are encrypted; Hashes

stored separately in Cloudant

S3 TID Shared Access Key; All data bits are encrypted; Hashes

stored separately in Cloudant

Request Processing Stack

HTTPS Transport

IP Filtering

HMAC SHA256 Signing

JSON XSS Filtering

Authentication

Authorization

Exception Handling

Execution

http://bit.ly/awsevals