Security Overview
The FIDA platform requires frequent network communication in order for the server and the clients to work together. Anytime you send data across a network, there is a risk that a 3rd party could attempt to read or tamper with your data in transit. In order to minimize this risk we have added some security to the FIDA package.
FIDA was not only created as a platform on which to build distributed applications, it was also built to allow you to seamlessly update/change your application, without requiring user involvement on the client side. In order for this to work, the client portion of the FIDA platform and the client application are physically separated into distinct files. The application portion is located in a dynamically loaded library (a .dll file on Windows and a .so file on UNIX). FIDA allows you to replace this library, sending a new file, over the network, from the server, whenever you wish to change your application.
The process of updating the application requires FIDA to send code, which may eventually be executed on the client system, over the network. For a 3rd party to tamper with this code transfer would require significant knowledge of the FIDA system as well as advanced knowledge of network protocols. Having said that, we, none-the-less, decided that it would be prudent to enhance the security of the FIDA package when this code transfer is involved.
Additional security is achieved by using digital signatures. The signature process is as follows:
1. The server generates a hash value (an identifying number) from the application file that is to be transmitted. The function that is used to generate this hash value (SHA1) is designed such that, given this function and the hash value, it would still be very computationally complex for someone to create a different file that hashed to the same value.
2. The server then encrypts this hash value using the private key from a public-key cryptographic system (RSA in this case). This encryption is saved to a signature file.
3. When FIDA transfers the code file, it also transfers the contents of the signature file, in the same message.
4. The client, using the server’s public key, decrypts the signature.
5. The client then runs the same hash function on the code that it has received.
6. The client compares its hash value to the one that it decrypted from the signature. If they match, the signature is valid and the code is accepted. If they do not match, the client deletes the code without ever executing it.
The protocol described above, protects the client systems by allowing them to verify the validity of the code that they have received. In order to use the security included in FIDA, the client modules must be installed along with the server’s public key file (key.pub). When clients decode the signature using this key certificate, they verify that the signature came from your server (because they now know that it was encoded using your private key). Now, if they find that the file that you sent to them hashes to the same value as your signature, they can be assured that the file also came from your server (because it is extremely difficult to construct another file that hashes to the same value but is not identical).
IMPORTANT NOTE: Be aware, the FIDA package does not provide security for any of the other data that is passed, between the server and the clients, during the course of an application run. The assignments sent to the server, as well as the results returned, are not signed, nor are they encrypted. Securing this data was not necessary for the application for which FIDA was originally constructed. If you need to have these messages secure, you will need to implement this capability yourself.