R
Roedy Green
I think about this problem periodically and then throw my arms in the
air that it is impossible. Yet perhaps perfection is not needed, any
more than you don't need a perfect lock on your front door to deter
most thieves.
What I am looking for is a scheme for Applet Authentication -- I want
assurance nobody has tampered with the code that is talking to my
server. I don't mean validate the user, I mean validate the code.
You may say, don't sweat it, just validate messages at the server.
This is not enough. Why?
1. The Applets/JAWS apps might be playing a game where they interact
directly with other players. You want to prevent people from
cheating.
2. The Applets/JAWS apps might be doing a BitTorrent like download
where they must co-operate with each other. You want to prevent fake
Applets that take but don't give.
What possible tools come to mind?
1. jar signing. This seems to be designed only to protect the end
user. I know of no way for the server to find out if the code running
was signed by the appropriate party, even when the server knows the
private key. The problem here is the hacker has the legit code, so
can compute any checksum desired on demand.
2. snap inspection. The code downloads a byte array with a custom
classloader and runs the code and returns a response within a time
limit. Since the hacker has no advance knowledge of the code, it is
difficult for him to prepare. Even if he hands it to a legit copy to
compute, that legit copy likely won't have the expected internal
state. If the code fails inspection the userid/password/logon cert is
invalidated.
3. leave out some crucial modules and download the version of the day
each time. You change the protocol daily.
I wondered if anyone has some ideas, especially ones that could be
encapsulated and plopped into any app.
air that it is impossible. Yet perhaps perfection is not needed, any
more than you don't need a perfect lock on your front door to deter
most thieves.
What I am looking for is a scheme for Applet Authentication -- I want
assurance nobody has tampered with the code that is talking to my
server. I don't mean validate the user, I mean validate the code.
You may say, don't sweat it, just validate messages at the server.
This is not enough. Why?
1. The Applets/JAWS apps might be playing a game where they interact
directly with other players. You want to prevent people from
cheating.
2. The Applets/JAWS apps might be doing a BitTorrent like download
where they must co-operate with each other. You want to prevent fake
Applets that take but don't give.
What possible tools come to mind?
1. jar signing. This seems to be designed only to protect the end
user. I know of no way for the server to find out if the code running
was signed by the appropriate party, even when the server knows the
private key. The problem here is the hacker has the legit code, so
can compute any checksum desired on demand.
2. snap inspection. The code downloads a byte array with a custom
classloader and runs the code and returns a response within a time
limit. Since the hacker has no advance knowledge of the code, it is
difficult for him to prepare. Even if he hands it to a legit copy to
compute, that legit copy likely won't have the expected internal
state. If the code fails inspection the userid/password/logon cert is
invalidated.
3. leave out some crucial modules and download the version of the day
each time. You change the protocol daily.
I wondered if anyone has some ideas, especially ones that could be
encapsulated and plopped into any app.