Prevention of software tampering
First Claim
1. A method for protecting against software tampering in a node in a distributed computing system, comprising:
- (a) encrypting a message using a predetermined encryption algorithm at a first node, wherein the predetermined encryption algorithm uses a protection key based at least in part on node-specific information of the first node and at the first node any new activity resulting from a new software module introduction that would subsequently be copied or transferred to a second node must be first validated at the first node and, the node-specific information changes if node software in the first node is altered by an underlying change in the composition of node-specific information;
(b) sending the encrypted message to a second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software module introduction; and
(c) receiving the encrypted message at the second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software introduction;
(d) decrypting the encrypted message using the predetermined encryption algorithm and an authentication key, wherein the authentication key is based at least in part on node specific information of the second node, wherein the node-specific information changes if node software in the first node is altered by an underlying change in the composition of the node-specific information; and
(e) periodically changing the predetermined encryption algorithm or the node-specific information upon which the protection and authentication keys are based.
2 Assignments
0 Petitions
Accused Products
Abstract
In a distributed computing architecture, a method and system for authenticating a message as originating from an unaltered or unmodified node is provided. Prior to sending a messages, a black box software module in a node validates the node to determine whether the node has been altered or modified without authorization. Once validated, the black box alters a message, using a black box protection scheme, in such a manner that the message can be subsequently authenticated. The black box module sends the altered message to a peer node, whose own black box authenticates the message using an authentication scheme corresponding to the protection scheme. Because validation is performed, each node may assume that the message originated from an unaltered node. The protection and/or validation scheme can be changed in regular intervals so that attackers do not have time to reverse engineer the black box. Alternatively, validation may be skipped and the key used to alter/protect each message may be based on the environment of the node performing the alteration/protection, so that nodes that have been altered will generate different keys than unaltered nodes, and will not be able to communicate.
-
Citations
23 Claims
-
1. A method for protecting against software tampering in a node in a distributed computing system, comprising:
-
(a) encrypting a message using a predetermined encryption algorithm at a first node, wherein the predetermined encryption algorithm uses a protection key based at least in part on node-specific information of the first node and at the first node any new activity resulting from a new software module introduction that would subsequently be copied or transferred to a second node must be first validated at the first node and, the node-specific information changes if node software in the first node is altered by an underlying change in the composition of node-specific information; (b) sending the encrypted message to a second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software module introduction; and (c) receiving the encrypted message at the second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software introduction; (d) decrypting the encrypted message using the predetermined encryption algorithm and an authentication key, wherein the authentication key is based at least in part on node specific information of the second node, wherein the node-specific information changes if node software in the first node is altered by an underlying change in the composition of the node-specific information; and (e) periodically changing the predetermined encryption algorithm or the node-specific information upon which the protection and authentication keys are based. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for validating a node in a distributed computing system, comprising:
-
(a) validating a host node using a predetermined validation scheme based on physical characteristics of the host node and any managed agents including any independent nodes that communicate through the host node within the distributed computing system to allow dynamic changes to the host node without having to previously communicate the changes to a centralized server; (b) encrypting a message using a predetermined key and a predetermined encryption algorithm when the host node is successfully validated in step (a); (c) sending the encrypted message to a peer node; (d) receiving the encrypted message at the peer node; (e) validating the peer node using the predetermined validation scheme based on physical characteristics of the peer node and, when validation is successful, decrypting the encrypted message using the predetermined key and the predetermined encryption algorithm; and (f) changing the predetermined validation scheme when a predetermined event occurs. - View Dependent Claims (12, 13)
-
-
14. Distributed computer system comprising:
-
a node that authenticates a peer node based on a received message a protection module for altering messages using a predetermined algorithm that allows each message to be subsequently authenticated, and a protection key based at least in part on node specific information that includes specific parameter information relating to a security control routine and a node that introduces the peer node acting as an independent agent, allows the peer node acting as an independent agent to run on the node that conducts the introduction, and to allows the node that conducts the introduction to evaluate whether the peer node acting as an independent agent alters node software present on the node conducting the introduction; an authentication module for authenticating altered messages received from other nodes using the predetermined algorithm and an authentication key based at least in part on the node specific information; control logic that permits the node to process a message when the message is successfully authenticated by the authentication module; and wherein the control logic, when the authentication module unsuccessfully authenticates the message, polls a server to determine whether a new predetermined algorithm is available and, if so, retrieves the new predetermined algorithm from the server for use by the protection and authentication modules. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer storage readable medium storing computer readable instructions that, when executed, cause a computer system to perform a method for validating a sending node, comprising:
-
validating the sending node using a predetermined validation scheme based on characteristics of a program environment provided by the sending node, by comparing elements of the program environment to expected values to allow a dynamic change to the characteristics of a program environment of the sending node, without having to communicate the change to a centralized server; when the comparing step is successful, encrypting a message to be sent to a peer node based on a predetermined encryption algorithm, wherein the predetermined encryption algorithm includes a protection key that is based on node specific information corresponding to the sending node that includes specific parameter information relating to a security routine and an evaluation by the sending node to determine whether the dynamic change to the characteristics of a program environment of the sending node are present; and periodically changing the predetermined validation scheme and the node-specific information on which the protection key is based.
-
Specification