access:key_tamper_detection
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
access:key_tamper_detection [2011/02/14 18:04] mjallison created |
access:key_tamper_detection [2012/10/10 16:20] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Summary ====== | ====== Summary ====== | ||
| + | To prevent a key from being checked out, then copied, the key is fingerprinted with various pieces of system information. These fingerprint values are later checked to make sure that the system currently running is largely the same as it was before. Some changes are allowed, in case the user needs to update parts of their hardware (memory, disk, etc). Some of the parameters (listed in the next section) are not appropriate for all platforms. The selection of platform parameters is dependent upon the actual tamper resistance detection implementation. | ||
| - | ===== Parameters ===== | + | ====== Application Program Responsibilities ====== |
| + | The Application program is responsible for assisting the key tamper detection. To do this, the application program must save the key to a local data store using a similar call to: | ||
| + | LicenseKey.save( OutputStream fos ); | ||
| + | This is done immediately after a successful checkout, at program shutdown, and each time the program successfully reads the key and passes a tamper check. Once the key has been checked in, the saved information must be deleted. | ||
| + | |||
| + | Tamper checking is done using the following calls: | ||
| + | |||
| + | LicenseKey.restore( InputStream fis ); | ||
| + | LicenceKey.checkIntegrity(); | ||
| + | |||
| + | The checkIntegrity method will return an error (exception in Java) if the finger print no longer matches. When this happens, the application MUST delete the saved information, and then inform the user that the key was invalid. | ||
| + | |||
| + | Saved information should be stored in a non obvious manner. For instance, saving on a file store the file should, at least, be given an abstract name, not related to Licenses. The contents of the store will be hashed and signed versions of the parameter information. The save parameters may be readable with effort, but the signature uses a significantly strong encryption mechanism to prevent casual tampering (current thinking is to use SHA-512). | ||
| + | ====== Parameters ====== | ||
| + | Grabbing system parameters is highly platform dependent. The following platforms are musts for coverage: | ||
| + | * Windows XP and beyond - Custom code | ||
| + | * Android - /Proc file system like Linux | ||
| + | |||
| + | The following platforms are highly desireable: | ||
| + | * Linux - /proc file system like Android | ||
| + | * OS X - ? | ||
| + | |||
| + | Because the purpose of fingerprinting the system is make a checked out key non-transferable, the implementation of the fingerprint routines need not be platform independent. In fact, each platform may use a different set of parameters. | ||
| + | |||
| + | | **Parameter** | **Weight** | **Notes** | | ||
| + | | Mac Address | 9 | Retrievable in Java 6, java.net.NetworkInterface | | ||
| + | | EIN Number | 9 | http://stackoverflow.com/questions/2322234/how-to-find-serial-number-of-android-device | | ||
| + | | Processor Info | 9 | # Processors, speed, model, "/proc/cpuinfo" Good on Linux & Android | | ||
| + | | | | Windows REG <html>\\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\[0, 1, ...]</html> | | ||
| + | | Memory Size | 5 | /proc/meminfo on Linux & Android | | ||
| + | | | | Winds REG <html></html> | | ||
| + | | Disk partitions | 7 | /proc/partitions | | ||
| + | | OS Version | 3 | /proc/version | | ||
| + | | | | Windows REG <html>HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProductId</html> | | ||
| + | | BIOS Version | 3 | Linux - N/A | | ||
| + | | | | Windows REG <html>HKLM\HARDWARE\DESCRIPTION\System\SystemBiosVersion</html> | | ||
| + | | System Clock | 0 | Not used for system finger printing, check to make sure clock was not set back. | | ||
| + | |||
| + | Solo parameters | ||
| + | | Hard Drive Format Serial | 4 | | ||
| + | | MAC Address of Network Interface Card (NIC) | 9 | | ||
| + | | Windows Product ID | 4 | | ||
| + | | Bios Revision Number/Date | 3 | | ||
| + | | Computer Name | 1 | | ||
| + | | Processor Information | 9 | | ||
| + | | Processor Speed | 3 | | ||
| + | | Memory Size | 2 | | ||
| + | | SID | 4 | | ||
| + | | Video Card | 4 | | ||
| + | | Hard Drive Model | 9 | | ||
| + | | Hard Drive Serial | 9 | | ||
| + | | Motherboard Model | 9 | | ||
| + | | Motherboard Serial | 9 | | ||
| + | | CD/DVD Drive | 3 | | ||
| + | | Sound Card | 4 | | ||
| + | | Domain | 6 | | ||
| + | |||
| + | ====== Key Tamper Detection ====== | ||
| + | It is possible that the user may attempt to tamper with the stored version of the key. To reduce this possibility, the contents of the key are cryptographically signed. When the key is read in from storage, the contents are again signed and the two signatures are compared. If the signature is different, the assumption is that the key has been tampered with. After a positive tamper event, the key will no longer work. | ||
access/key_tamper_detection.1297706648.txt.gz · Last modified: 2012/10/10 16:20 (external edit)
Page Tools
