Encrypt / Protect Data my Application Uses
We are writing a program (in either C# or MFC) in which some of our data will need to be used. We do NOT want the user to be able to get access to this data in it's decrypted form. We could use something like AES encryption but then the key is easily captured. Same thing with DPAPI in Windows; at some point there is always going to be some kind of key and even obfuscated the key will be pretty easy to pick out.
Is there any other way to help protect this data?
- The data is read-only
- They may or may not be connected to the Internet
- The data does not belong to the person using the application but 开发者_开发知识库the program will need access to it
Any suggestions?
Probably the easiest way to achieve this goal is by use of a co-processor of some sort; off-load the computations with the restricted data to a piece of tamper-resistant hardware, and maybe your users won't go through the effort required to read the data. (If your data is ever in plaintext in the main memory or CPU, they can just read it right out of memory using strace(1)
, ltrace(1)
, gdb(1)
, or other platform-native debugging tools -- so be sure the plaintext never leaves the device.)
Co-processors run a range of abilities: Something like the Maxim Java iButton can provide low-power and potentially low cost of entry for your solution -- but with low power comes slower processing. Something like the IBM PCIeCC cryptographic co-processor has more rigorous hardware and power requirements, but has way more processing horsepower for whatever operations you might want to perform.
If hardware requirements are beyond what your customers would consider, perhaps you could come to an agreement with your customers to either have Internet access or some private networking access, so you could host the data on your own servers and provide access to it via an API. (Think Wolfram Alpha -- they provide a huge amount of curated data to their customers, but it lives entirely on their servers.)
If the application is in a controlled environment, meaning you've supplied the application and hardware it runs on (I'm thinking trade show kiosks off the top of my head), then you may have some pretty interesting options.
Whether running Windows, MacOS or Ubuntu (or something else), you might be able to work together a localized MySQL (or other database) server, have the database setup so that the data is encrypted, then obfuscate the hell out of your script/code (not sure if you're talking Java/PHP/.Net or compiled C application for native use on Windows or something.
At least this way only the compiled or encrypted code is housed on the machine, and the link between the database (even though localhost) can be secured via SSH encryption.
Just rambling a unique idea off the top of my head. May need to be fleshed out a bit more to fit your specific situation, but that seems like a good start to me.
Update:
I re-read your post and somehow glanced over the fact that you're planning to do it in C#. The localized database may still work if this is a shared machine, where you can essentially backup the database offsite nightly or something via a secure tunnel, but the writing to the database can still happen via localhost and secure tunnel as well.
If you're thinking about an iPhone app, you may want to think about a SaaS API being setup offsite where you can validate and accept information securely over the air, but I'm still unsure if this is expected to be an "install it yourself and use it" easy piece of software, or if you're operating in some kind of controlled situation where you control when/where/who uses it.
精彩评论