0

I am currently working on a java search project that will be distributed to the clients' local server, the project contains some valuable data that we hope it cannot be accessed directly on the machine, but can only be accessed from the project services/apis. The data will be updated on a daily basis and need to be avaliable for query 24/7. I am thinking of eCryptFs, but after some test, it seems that once the encrypted data is mounted under the service user, say 'root1', as I have to keep the encrypted data in the mounted state to support query, all the other login users can access the de-crypted data without password. Is there anyway to support my scenario? Thanks.

Tammy
  • 123
  • 1
  • 7
  • 2
    If your app can access the data, and the user has root access to the machine, there is no way that you can prevent the user from accessing the data. – SLaks Dec 18 '12 at 01:28
  • Thanks SLaks, What I want is: 1)the Data is encrypted state 2) there's a unique key held by the Application Account to decrypt/read/write the encrypted data 3) users cannot access the key.4) users without the key cannot decrypt the encrypted data. Do you think this is possible? – Tammy Dec 18 '12 at 01:34
  • @Vreality2007 mainly because the project is a behind-firewall/lan solution. – Tammy Dec 18 '12 at 01:38
  • @Tammy Sorry, but I don't get why that would really matter. I'm not trying to criticize your question, It just doesn't seem like a good approach to a problem. – Vreality Dec 18 '12 at 01:39
  • @Vreality2007, The clients' users are within their LAN, without access to Internet based service. That means we cannot keep the data on our server side and expose some Web Services for them. We have to the data along with the service to their local server, while do not want to expose the data directly to the clients and want them can only access the data from the service.(say there are 10000000 data within the dataset; from service, they can only get 100 per query) – Tammy Dec 18 '12 at 01:50
  • @Vreality2007, sorry for my broken English:) We are giving users a bunch of data, and allow them to access all; what we don't want is that user takes all the data set, change the format, put them into their own project or sell it to someone else. Within the service, if we can make users only get a small fraction of information per query, then it would be economically unuseful to do so. – Tammy Dec 18 '12 at 01:57

2 Answers2

1

If your users don't have root access, you can simply store the encryption key in a file and deny read access to other users.

If your users do have root access, there is nothing you can do.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964
0

EDIT: Under most circumstances, someone with root account can do anything that the other users can do. So, even if you did get per user r/w permissions on a file but only for a certain user (which is very possible), it would be rather pointless. (Someone with sudo/root access could just run sudo su USER, where USER is the account with the r/w permissions. I think a better way to go about this is to look at options that users do not have control over. The first thing that came to mind was compiled programs. While they are not really meant for holding secure information, you could compile a simple program to output a little bit of the information after a time delay (to prevent them from just running it continuously and then compiling all of the data they get from it.) Actually, modifying your Java program might be easier; just have it store the information as an enormous string or something. :D These open source Java obfuscators will make it harder (but certainly not impossible) to reverse engineer your program and, along with it, the data inside.

A more secure option would be to write a C program, compile it, and have it output information (after a time delay) that the JAVA file can then manage. In order to make it harder to decompile, you could add some encryption methods to the string so if the Decompiler messes up on any part of it, it's still worthless information to them.

Final verdict: Nothing is really 100% secure when it is stored on someone else's computer(s) but, then again, neither is it 100% secure on your own server. I would suggest looking into other options, but if you have no other option and you have legal protection on the information, this might work for you.

Vreality
  • 305
  • 5
  • 16