2

I want to collect certain data from my application using the driver and transfer it to the server to check its integrity. And I want to sign these packages using TPM to avoid forgery. However, a user can trick my program by writing a similar driver and intercepting, for example, messages to and from the server, replacing them with their own. What can I do? Is it possible to defend against this?

im_sorry
  • 23
  • 2

1 Answers1

4

You can't. You're running into a classic problem: the user has physical access and there's absolutely nothing you can do to concretely prevent them from modifying things.

You can certainly make it harder for them to attack, for example by using HTTPS with certificate pinning for your network communications so that they can't simply man-in-the-middle the traffic, but if the user writes their own driver to mess with your driver you really can't do much about it.

The strongest protection I can think of on a modern x86 system would be for your to get your code running in an SGX enclave, but this is a rather complicated task that requires a lot of development effort. The sensitive parts of your driver code would run inside of the enclave and a regular kernel-mode driver would talk to it through ECALLs/OCALLs. This doesn't prevent the user from blocking the driver from running though, nor does it prevent the user from reverse engineering the executables on disk and writing their own tool or driver to send requests to your server.

If your goal is to prevent the user from modifying something, then you need to have more privileges and access than they do. But in the case of your code running on their computer, they always have more privileges and access than you do, by design. You can't work around this.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • Thanks a lot, i got it! – im_sorry Feb 18 '21 at 13:57
  • Hmm, then I don't even need to use TPM, signature and all this challenge stuff...Okay, I want to check the integrity of my client application. So I calculate H(app_memory) and send it to server, but also save, just for example, last 2 bytes. After 5 times, my driver has 10 bytes and the server also has. The driver and the server will have an algorithm for calculating the reference value by these bytes. Well, let the server send the calculated control value to the driver every 5 such messages sent. And the driver will also calculate it to compare with the value from the server. – im_sorry Feb 18 '21 at 19:26
  • ....And now it is necessary to make sure that the algorithm can't be recognized.In the server, sure, we can hide it. Can I hide the algorithm in an enclave on the client? Is it stupid and crazy idea?)))) – im_sorry Feb 18 '21 at 19:26
  • No. You can't hide the algorithm. You'd need to load it into the enclave in the first place. – Polynomial Feb 19 '21 at 14:25