0

I have an app that runs in the client and this app sends and receives data to/from a remote server.

Is there any way that I can guarantee that the data sent to the server really originated from the allowed app?

Of course I can encrypt the data, but as it can be decompiled, it wouldn't make it 100% secure.

We're using .net/c#.

thanks!

Eric Lippert
  • 647,829
  • 179
  • 1,238
  • 2,067
Gustav
  • 413
  • 1
  • 5
  • 9
  • Sounds like you want a public key encryption. – Maynza Jul 14 '11 at 21:32
  • 1
    I do not understand "Of course I can encrypt the data, but as it can be decompiled, it wouldn't make it 100% secure.". If encryption doesn't make your communications 100% (or say 99.9999%) secure there's something wrong with the encryption. – fvu Jul 14 '11 at 21:33
  • I mean, the app can be decompiled and the source code will show how it is encrypted... – Gustav Jul 14 '11 at 21:36
  • 1
    @Gustav The decompilation thing would be "Security by Obscurity". A crypto algorithm is considered secure, when it complies with some given criteria although the implementation is well known. You may know how the encryption works, but without the proper key you mustn't (easily) get the plain text from the cypher. – Hyperboreus Jul 14 '11 at 21:41
  • Do you trust the user of the specific installation of your program not to tamper with his own data? Preventing people from tampering with other people's data is easy --- just use SSL with a known key. Preventing people from tampering with their own data is impossible. – CodesInChaos Jul 14 '11 at 21:44

4 Answers4

6

Your question is too ambiguous and cannot be answered in its present form. You'll need to more precisely state the threat that you want to mitigate.

For example, suppose you have a client, Alice, attempting to send a message to a server, Bob. Is the threat:

  1. A third party, Eve, could be listening to the communication channel. Alice desires Bob to understand the message, but Eve must not be able to understand the message.

  2. A third party, Mallory, could be actively tampering with the communication channel. Bob desires to know whether or not anyone has tampered with Alice's attempt to send a message.

  3. Eve and Mallory are working together. By monitoring the channel, Eve has accumulated recordings of a number of genuine message from Alice to Bob. Even though she cannot understand them, she believes they are good messages. Eve gives the messages to Mallory. Mallory will tamper with the communication channel so that Bob appears to be getting valid messages from Alice even though Alice is not sending messages right now. (Or, Mallory will tamper with the channel such that Alice's current valid message is replaced with a previous valid message.)

  4. A third party, Moriarty, has murdered Alice and is now sending messages to Bob purporting to come from her. (The communication channel is uncompromised; Mallory and Eve have the night off.) Bob wishes to know whether the message is really coming from Alice, as the message claims.

Those problems might seem similar but in fact they are different problems and solved with different techniques. If you think you are solving all of them by solving one of them then you are building an insecure system. You need to carefully and clearly describe what threat you want to mitigate before anyone here can give you advice on how to do so.

Eric Lippert
  • 647,829
  • 179
  • 1,238
  • 2,067
1

There's a never-ending arms war between people that want to secure software and digital communication, and those that want to break that security.

The state of the art for this type of problem includes:

  • Creating tamper-resistant client code (e.g. How to preventing decompilation of any C# application)
  • Encrypting your communication channel (you can use message level and/or transport-level encryption depending on your environment and needs)
  • Using a hash or similar to detect if the transmission was decrypted (having a salted hash makes it harder, not impossible, to change or forge message contents).
  • Following best practices to secure your server both from remote and physical access.
Community
  • 1
  • 1
Eric J.
  • 147,927
  • 63
  • 340
  • 553
0

There isn't such a thing as "100% secure". But yes, one feasable way would be encryption with signing and a Trusted Third Entitiy (RCA), that validates the certificates.

Hyperboreus
  • 31,997
  • 9
  • 47
  • 87
  • Assuming you mean RSA? Even they are not 100%... http://www.eweek.com/c/a/Security/RSA-SecurID-Hacked-but-Not-UnWitnessed-193133/ – Eric J. Jul 14 '11 at 21:36
  • My words exactly. Nothing is 100%. And I did not mean River-Shamir-Adelman, but a Root Certificate Authority. Or what do you call these correclty? – Hyperboreus Jul 14 '11 at 21:38
  • You don't need a trusted third party. Just put the fingerprint of the server key in your program. – CodesInChaos Jul 14 '11 at 21:45
  • If you put the "fingerprint" of the server in your client application, what prevents me as a user to read it or alter it? – Hyperboreus Jul 14 '11 at 21:47
  • That the user of the program is not the threat by definition. It's his data that SSL tries to protect. And what thread does reading the fingerprint pose? – CodesInChaos Jul 14 '11 at 22:06
0

if you want to make it less likely that your code is tampered with you will want to obfuscate your code. I like this free obfuscator.

http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx

as it gives you a lot of functionality and is a simple drop and go type application.

then you can simply use https and web Services to enable a secure communication with 128 bit encryption (or better if your not crossing country lines)

if they spend the time to get past that then you should feel good knowing your application is worth that much trouble.

The Lazy Coder
  • 11,560
  • 4
  • 51
  • 69