如何确保移动应用中由客户生成的数据的完整性和来源?

huangapple go评论60阅读模式
英文:

How to Ensure Integrity and Origin of Client-Generated Data in Mobile App?

问题

我正在开发一款移动应用程序,其中核心功能之一涉及客户端向服务器发送旅行距离以及旅行的起始和结束时间。由于我的业务要求的性质,服务器无法独立验证这些值。

这些数据的安全性和完整性至关重要。我需要确保请求来自于我的移动应用程序的合法实例(即不来自于恶意客户端,如篡改版本的应用程序或来自控制台的curl命令),并且客户端发送的数据没有被篡改。

尽管我目前正在使用HTTPS和带有刷新令牌的JWT身份验证,但这并不能阻止恶意用户使用他们的JWT令牌从非法客户端发送虚假数据。

我考虑过使用客户端证书,但分发到移动应用程序的每个实例似乎过于复杂,而且可能不可扩展。我也了解到Diffie-Hellman和HMAC等技术,但它们似乎存在类似的问题。

我如何确保客户端生成的数据的完整性,并确认它来自于我的移动应用程序的合法实例?是否有已建立的最佳实践或处理这种情况的模式?

英文:

I'm developing a mobile application where one of the core functionalities involves the client sending travel distance and travel start and end times to the server. Due to the nature of my business requirements, the server has no way to independently verify these values.

The security and integrity of this data are paramount. I need to ensure that the request originates from a legitimate instance of my mobile app (i.e., not from a rogue client like a manipulated version of the app or a curl command from a console), and that the data sent by the client hasn't been tampered with.

While I'm currently using HTTPS and JWT authentication with refresh tokens, this doesn't prevent a malicious user from using their JWT token to send false data from an illegitimate client.

I've considered using client-side certificates but the distribution to each instance of the mobile app seems overly complex and potentially unscalable. I'm also aware of techniques like Diffie-Hellman and HMAC, but they seem to have similar issues.

How can I ensure the integrity of the client-generated data and confirm that it's coming from a legitimate instance of my mobile app? Are there established best practices or patterns for handling this kind of situation?

答案1

得分: 1

以下是翻译好的部分:

  1. 使用TLS来保护通道(毫无疑问)。
  2. 在应用程序中实施检查,以确定是否在已获取Root权限的设备上运行。如果是的话,停止处理。攻击者使用已获取Root权限的设备来了解应用程序的运行方式。
  3. 在移动应用程序端固定TLS证书。这将使中间人攻击变得更加困难。通过这种方式,了解您的终端点将更加困难。
  4. 对二进制文件进行混淆。攻击者会尝试通过禁用证书固定和检查Root权限设备来搜索二进制文件。通过这种方式增加难度。
  5. (可选)作为另一层防御,您还可以将一些秘密信息嵌入应用程序中,并基于请求内容和秘密信息计算一些HMAC。同样,这并不提供终极保护,但与混淆一起,将提高安全性。
英文:

There are some good practices you can use along the way, but all they can do is discourage attackers and they do not offer 100% security. The best thing you can do is to look into how banking apps are protected, as the requirements for these are similar to yours. So let's try to enumerate what you need to take care of:

  1. Use TLS to protect the channel (no-brainer).
  2. In the application implement a check if it runs on a rooted device. If so, stop processing. Rooted devices are used by attacker to learn about how the app operates.
  3. Pin the TLS certificate on the mobile application side. This will make the MitM attacks much harder to perform. Learning about your endpoints can be way harder this way.
  4. Obfuscate the binaries. The attacker will try to search the binaries through trying to disable certificate pinning and rooted devices checks. Make it harder this way.
  5. (optional) as another layer of defence you can also put some secrets into the application and calculate some HMACs based on request content and secert. Again, this offers no ultimate protection, but together with obfuscation the bar will be raised higher.

huangapple
  • 本文由 发表于 2023年6月22日 09:34:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/76528122.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定