I have an application running on remote systems. The remote systems are an embedded computer built into a kiosk. As a result, they are somewhat “untrusted,” in that the physical security for them is rather lax. However, these kiosks can be credit card processing, etc. via a WCF service to my server.
Using machine certificates, etc., I can verify that the client is who they say they are, which protects against someone copying my binaries off of the kiosk somehow and then running it on their own machine. However, how can I prevent against the following two attacks:
- Someone takes the binary, modifies it maliciously, and then runs it on the system
- Someone decompiles my application, and using parts of my code (such as where I reference certificates or shared secrets) writes their own application, and runs it on the machine.
Obviously I have taken steps using the operating system to prevent against these sort of attacks, but I need a way at the server to ensure that it is not being duped.
Any suggestions?
If the machines are not physically secure then there’s no way to guarantee any of those attacks won’t occur. Focus your efforts on minimising the damage that can be caused by a compromised machine. Examples:
In general, take the same precautions that you’d take when writing a web app exposed to the masses…