10

I have a piece of data. At the moment, it's an XML file, but the architecture may change. So let's assume for the moment it's a C# Class.

When I store the data on disk or in the database, I need to add some sort of signature or fingerprint or checksum or whatever to ensure that no one can modify the data. The caveat: even an administrator or developer with access to all source code should not be able to modify it.

I assume that since someone with full code access can create a new signature easily (the signing needs to be done programatically, so no manual passphrase entry), the signature somehow needs to contain some additional data. Ideally I should be able to extract this data back from the signature, for example the date of signing and some strings.

My general approach is to use symmetric encryption. I generate a Hash, i.e. SHA-512 from all the fields and then encrypt that hash and my additional data with to get my signature, using the hash as password. To decrypt, my function would generate the hash from the actual data in the file, and try to decrypt the signature. That would not be tamper-proof though as it's easy to generate a signature where the signing date and additional information is still intact.

As I am not an expert on the field, I believe that I am trying to re-invent the wheel, and that it's not a very good wheel. I just wonder if there is some standard approach? I believe that part of my request is impossible (after all, if someone controls the entire environment, that person also controls the system time), but I still wonder how this is generally tackled?

Michael Stum
  • 177,530
  • 117
  • 400
  • 535
  • 1
    Just wanted to confirm that admin and developer have full access to source code, but if you use an asymmetric key, will they have access to the private part of the key as well? – Ants Mar 04 '09 at 03:47

6 Answers6

8

It sounds to me like you want a combination of a digital signature with a secure digital timestamp.

In brief, after signing your data, you call a third party web service to provide an official timestamp and their own digital signature linking that timestamp to your signature value, thus providing evidence that the original signature (and thus the original data) was created on or before that date. With this scheme, even if the original signing key is later compromised, revoked or otherwise invalidated, any signatures that were made before the invalidation are still valid thanks to the timestamp.

A tamper-resistant hardware signature device may help. If the target hardware is fairly recent it may have some support already on the motherboard in the form of a TPM, but there are plenty of vendors out there willing to charge an arm and a leg for their own hardware security modules, or somewhat less for a smart card.

Sufficient security may not be achievable by technology alone. You may need independent validation of the system. You may need remote CCTV monitoring and recording of the machine's location or other physical security measures to detect or stop tampering. You may need third-party code escrow, review and signing to ensure that the code loaded on the machine is what was intended, and to deter and/or detect the insertion of backdoor logic into the code.

The bottom line is that how much money, time and effort you need to spend on this depends very much on what you stand to lose if records are forged.

Jeffrey Hantin
  • 35,734
  • 7
  • 75
  • 94
4

You need both a digital signature and a trusted timestamp. The trusted timestamp gets a third-party involved to validate the message. Then any attacker doesn't have 'full control' of the whole system.

Leonard
  • 13,269
  • 9
  • 45
  • 72
1

You may want to leverage PGP by using GPGME (GnuPG Made Easy) a library designed to make access to GnuPG easier for applications.

David Segonds
  • 83,345
  • 10
  • 45
  • 66
1

Jeffrey Hantin's answer is the best I think you're going to be able to do. It's NOT perfect, though:

1) It doesn't stop your black hat from making a totally fake transaction.

2) It doesn't perfectly stop tampering with the transaction. Yes, the new transaction will have a different timestamp but how do you prove the timestamp has been messed with if they clean up the relevant data? Even if you give them some tamperproof receipt (hash & sign the data on it), when it comes to a showdown how do you prove whose record was faked?

Loren Pechtel
  • 8,945
  • 3
  • 33
  • 45
0

You want a digital signature using asymmetric cryptography.

This article seems to have some good examples and explanations.

Mitch Wheat
  • 295,962
  • 43
  • 465
  • 541
0

This is basically what code signing is except, in your situation, it's not code that is actually what is getting signed. You will either have to arrange for a certificate to be purchased or set up your own certificate server.

Glenn
  • 7,874
  • 3
  • 29
  • 38