How to uniquely identify a network?

2018-06-03 13:47:54

Let's say I want to make an application where stored data is encrypted so only my application is able to read it.

But I want the application to be accessed only if the user is on a particular network. For instance the application is an Android app that deals with medical records in a hospital. How to be sure that the device is connected to the network of the hospital ? The idea is that outside this network, the app won't work.

The question is not particularly related to wireless networks, wireless devices or Android, this is general to programming and network identification.

Could a certificate do that ? I'm new to this. Does a network "identifier" could be faked ? For instance I'm pretty sure that a WiFi SSID is easy to fake.

Cheers.

More details: Let's assume that the point of the local data is not for an "offline mode", but to avoid network latency. In that case, the data needs to remain accessible only if connected to a particular network, in case the device is stolen.

But if there is no way to be sure of the network's identity... What about a server that would answer to the question "Heya am I on the right network ?" and if no response comes out I know that I'm not on the right one ? (Or that the server just does not respond...) But, again, if the app is hacked, that can be faked too.

Interesting problem.

Generally speaking the purpose of storing data locally is so that it can be accessed while "offline".

However, I think there may be some underlying misconceptions here. Presumably the only reason you'd want to do this is to try and prevent a stolen device from giving up it's secrets. Fact of the matter is, you can't. If the device is no longer under your physical control then it's just a matter of time before it can be hacked.

If we are talking about sensitive data, it shouldn't be stored on the devices. Instead the device should retrieve the data it needs from your server when it needs it and delete it locally when no longer necessary.

The fact that you want the device to only work when connected to your local network implies that you can accomplish this goal.

As a side note, this is why things such as "remote wipe" exist. It's also why every time the device connects to your network it needs to test it's authentication and authorization. Point is if someone reports the device lost or stolen then you need to be able to ban it from your network AND, if the device supports this, remotely disable it.

Bearing in mind that it is entirely possible to pull a device from the network and therefore disable a remote wipe from executing.

With that out of the way, there is absolutely no way you can ensure the device is on a given network. All of that can be faked. It's kind of trivial to setup a router of a given name and change it's MAC to masquerade as whatever, and assign it certain IP addresses. For all intents and purposes it could be made to look exactly like an access point you have... And that's just with normal run of the mill wireless routers you can buy at your local computer store.

You could write your program so that the key to decrypt the data is stored on a server on the hospital network. If your program never stores the key, it makes it harder (although not impossible) for someone to access the device's data outside of the network.

As Chris pointed out a remote wipe would definitely be desirable. You could put in logic so that if the device ever attempts to read the data while not connected to the network, it wipes the data (this might lead to unintended wipes). Blacklisting is good too, so that if the device tries to reconnect to the network, you can essentially brick it. One thing that would be really bad is if you have a network outage, and all your devices accidentally get wiped.

Any network can duplicate another's SSID, so that's not reliable. You could start using a combination of SSID and a MAC address of a known router, but MAC addresses can be duplicated (although not on the same network) so that doesn't work either.

Frankly, unless the wireless network in question is using certificates to identify devices you're going to have no reliable way do it it, and even then this supposes you have a way in your application to get the certificate used the wifi network returns during network authentication.

链接地址: http://www.djcxy.com/p/12084.html

上一篇: 如何将urn（统一资源名称）分配给url

下一篇: 如何唯一标识一个网络？