How to make sure records were not temper changed
-
Hello, everyone, this is my first question in codeproject, please forgive me for my bad English. Currently, I was working on designing a system which will store some data in local PC(ATM machine). The customers(banks) hope we providing a security mechanism which can make sure any data recorded in PC was not changed by anyone. I learned from internet and I fail to find a good way to handle it. Since we know if we have the right to visit the pc, we can changed the data, even though we can add MAC field for each records recorded. I know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer. Any suggestion is welcome and highly appreciated.
-
Hello, everyone, this is my first question in codeproject, please forgive me for my bad English. Currently, I was working on designing a system which will store some data in local PC(ATM machine). The customers(banks) hope we providing a security mechanism which can make sure any data recorded in PC was not changed by anyone. I learned from internet and I fail to find a good way to handle it. Since we know if we have the right to visit the pc, we can changed the data, even though we can add MAC field for each records recorded. I know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer. Any suggestion is welcome and highly appreciated.
-
Calculate a hash-key and store it in another table with a reference to your original table. If anyone modifies the data, it'll result in a different hash-key than the one that you stored.
Bastard Programmer from Hell :suss:
Hi Eddy, thanks a lot for that response, and I am glad to say you and I have a same understanding on that Issue. From my previous thought, I think I can at least add a column in the data table, and record the hash key in this column, whereas you mean we can record the hash key in another table. I think your idea is a little better than me, since if someone delete one row from data table the correlation will be broken for the foreign key doesn't match. I want to know if tamper man change the data and meanwhile he/she change the hash key, how can we prove the data was not changed.
-
Hi Eddy, thanks a lot for that response, and I am glad to say you and I have a same understanding on that Issue. From my previous thought, I think I can at least add a column in the data table, and record the hash key in this column, whereas you mean we can record the hash key in another table. I think your idea is a little better than me, since if someone delete one row from data table the correlation will be broken for the foreign key doesn't match. I want to know if tamper man change the data and meanwhile he/she change the hash key, how can we prove the data was not changed.
songbo07 wrote:
I want to know if tamper man change the data and meanwhile he/she change the hash key, how can we prove the data was not changed.
If the hacker can generate a new hash, you're toast. If the tamper-man has the seal of King Midas - he'll be King Midas. It's the same as logging who's accesssing your Linux-machine - if a hacker gains root-access, they can change the logs as they like and the logs become useless. Hence the suggestion to store it somewhere else (with limited access).
songbo07 wrote:
From my previous thought, I think I can at least add a column in the data table, and record the hash key in this column, whereas you mean we can record the hash key in another table.
I think your idea is a little better than me, since if someone delete one row from data table the correlation will be broken for the foreign key doesn't match.Not only that; if a hacker sees a column with something that resembles a hash, he/she will focus on that column. If you got .NET code that's not obfuscated, then it might become very easy to break it. Another layer of security could be added by adding auditing[^], but this requires a licensed version of Sql Server 2008 (not available for Sql Express, but you could leave a trace running there). Additionally, you can have the logs being written to an encrypted drive as suggested by Microsoft. ..and no, there is no fool-proof lock. The idea is to make it as hard as possible, just as you lock the doors around your house. Ask the bank, even their vault is vulnerable to attack in certain (yet hard to create) circumstances.
Bastard Programmer from Hell :suss:
-
Hello, everyone, this is my first question in codeproject, please forgive me for my bad English. Currently, I was working on designing a system which will store some data in local PC(ATM machine). The customers(banks) hope we providing a security mechanism which can make sure any data recorded in PC was not changed by anyone. I learned from internet and I fail to find a good way to handle it. Since we know if we have the right to visit the pc, we can changed the data, even though we can add MAC field for each records recorded. I know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer. Any suggestion is welcome and highly appreciated.
songbo07 wrote:
designing a system which will store some data in local PC(ATM machine).
songbo07 wrote:
know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer.
What I see there is a contradiction. How is the bank going to verify that what you wrote does what it says it does? Not to mention that if an ATM requires PCI compliance, which is probably something that will happen in the near future, it would require a PCI audit.
-
songbo07 wrote:
designing a system which will store some data in local PC(ATM machine).
songbo07 wrote:
know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer.
What I see there is a contradiction. How is the bank going to verify that what you wrote does what it says it does? Not to mention that if an ATM requires PCI compliance, which is probably something that will happen in the near future, it would require a PCI audit.
This is indeed a contradiction. When customer came to Bank and claims he/she got a fake money from ATM machine. bank need a proof to prove whether or not this money was dispensed by their ATM or not. Obviously, Bank will always announce the security of their ATM and won't like to pay for the cost of fake money. If bank and their customer can not get an agreement on that, there is probably a court case to deal with it. The court will ask bank to give our a proof to prove the money was not dispensed from their ATM. So bank want ATM vender to record transaction information on ATM for at least 30 days, if there is any case like we mentioned happened, ATM should provide this type of information including serial number of each money. it is quite easy to get and record these required information on ATM, but who can prove no one changed in after it is record on hard disk. Bank ask us do it, we have to do it, because "Customers are always right". this transfer the responsibility of proof from Bank to ATM vender(my company), meanwhile the trouble and risk was changed to us. Now, without 3rd party certification organization, I think we need to hold a hash function in same assembly and generate runtime key with this function, then encrypt sensitive data with the generated key. I don't know if this method have the legal validity, all in all, I think I have to do it for time urgency. And I believe other venders will have the same problem. we can do it first and see what need to do to solve this problem. :omg:
-
Calculate a hash-key and store it in another table with a reference to your original table. If anyone modifies the data, it'll result in a different hash-key than the one that you stored.
Bastard Programmer from Hell :suss:
He wants to PREVENT from people modifying the data. Not to KNOW if someone modified it. Plus, if someone can modify the data, she can also calculate the hash and modify it too. And then you wont even KNOW! My answer is, use asymmetric encryption. Encrypt data with banks public key. And only the bank can retrieve the data then.
-
He wants to PREVENT from people modifying the data. Not to KNOW if someone modified it. Plus, if someone can modify the data, she can also calculate the hash and modify it too. And then you wont even KNOW! My answer is, use asymmetric encryption. Encrypt data with banks public key. And only the bank can retrieve the data then.
krumia wrote:
He wants to PREVENT from people modifying the data. Not to KNOW if someone modified it
Hmz, might have missed that bit.
krumia wrote:
Plus, if someone can modify the data, she can also calculate the hash and modify it too. And then you wont even KNOW!
With the salt in another location, I would now.
krumia wrote:
My answer is, use asymmetric encryption. Encrypt data with banks public key. And only the bank can retrieve the data then.
:thumbsup:
Bastard Programmer from Hell :suss:
-
krumia wrote:
He wants to PREVENT from people modifying the data. Not to KNOW if someone modified it
Hmz, might have missed that bit.
krumia wrote:
Plus, if someone can modify the data, she can also calculate the hash and modify it too. And then you wont even KNOW!
With the salt in another location, I would now.
krumia wrote:
My answer is, use asymmetric encryption. Encrypt data with banks public key. And only the bank can retrieve the data then.
:thumbsup:
Bastard Programmer from Hell :suss: