13

I'm developing an intranet application (C#) that uses some data (local to the web server) that we'd like to keep private. This data is encrypted (AES) using a legacy data repository. We can't totally prevent physical access to the machine.

Clearly, we're never going to have perfect security here. However, we want to make it as hard as possible for anyone to gain unauthorized access to the data.

The question is how best to store the key. Encrypting it based on some machine specific ID is an option, but that information would be readily available to anyone running a diagnostic tool on the machine.

Encoding it in the application is an option (it's a one off application). However, .NET assemblies are pretty easy to decompile. So, would it be best to obfuscate it, use an encryption launcher, compile it?

Or is there an option I'm missing?

Just so we're clear, I know it's pretty much a lost cause if someone is determined, but we're looking to make it as hard as possible within the constraints.

4

3 回答 3

5

Encryption is built into the .NET configuration system. You can encrypt chunks of your app/web.config file, including where you store your private key.

http://www.dotnetprofessional.com/blog/post/2008/03/03/Encrypt-sections-of-WebConfig-or-AppConfig.aspx

于 2009-03-06T18:34:15.660 回答
4

用混淆术语来说,您所追求的称为常量隐藏,即将常量转换为例如在运行时执行以重新实现所述常量的许多函数和计算的方法。

然而,这仍然属于混淆领域,并且容易受到代码提取的影响,攻击者只需映射与此常量相关的代码,并在单独的应用程序中运行它以检索值;或在正确的位置转储应用程序的内存,以便扫描它以获得所需的值。

还有另一种稍微高级的隐藏加密密钥的方法,称为白盒密码术,它通过基本上从给定密钥生成密码函数,将它们烘焙在一起来使用无密钥密码。顾名思义,即使在白盒攻击场景中(攻击者可以访问字节码并能够在运行时检查和操作可执行文件),这种方法也被设计为具有弹性。

这些都是通过模糊实现安全性的非常先进的方法,可能值得考虑替代模型,它们一开始就不会强迫您这样做。

于 2012-09-30T17:17:42.787 回答
2

如果有人可以将调试器附加到您的程序,那么您绝对无能为力。他们不必弄清楚您的配置、反汇编您的应用程序等。他们所要做的就是运行应用程序 - 使用密钥观看它 - 宾果游戏。

在这种情况下,混淆是没有帮助的。

最好的防御是使用硬件来保护密钥——它会进行加密但不会泄露密钥本身(并且有时会针对诸如探测电线、将内存暴露于低温/辐射/其他新奇事物等攻击进行强化) . IBM 做了一些适当的事情(谷歌 IBM-4764),但它并不便宜。

于 2009-03-06T20:38:46.797 回答