2 Replies Latest reply on Feb 19, 2011 1:08 AM by Michael Thornburgh

    Object Replication Security

    nkrasney

      Hey gang!

       

      I'm building something using object replication and I'm worried about an attacker getting onto the netgroup and writing bad or malformed objects to peers.

       

      Is there any way to prevent or mitigate such an attack?

       

      Thanks,

       

      Nick

        • 1. Re: Object Replication Security
          Michael Thornburgh Adobe Employee

          1) control to whom you give the groupspec, making sure only the "right" people have it.

           

          2) use a cryptographic hash algorithm such as SHA256 (ActionScript implementation available in the Flex SDK) to compute hashes of each indexed object's serialization (or contents, if the object is a ByteArray).  distribute a manifest/catalog of the hashes for all the indices.  whenever you receive a wanted object, compute its hash and compare to the corresponding entry in the catalog.  if it matches, record the object and add it to your "have" set; if it doesn't match, discard the object and re-"want" it.

           

          for bonus points, for the "distribute the catalog" step, you could make the catalog object at a pre-arranged object replication index, such as 0.  you would then "want" index 0, and once you receive it, you'd know what else to want and how to verify each object.  if you distribute the catalog over an untrusted channel (such as object replication), you should also verify the catalog object's hash against what you know it should be (which you would have to obtain out-of-band).

           

          for even more extra credit, you could include the hash of the catalog object in the name of the group itself, which is an easy way of implicitly linking the group and its object set and reducing the amount of information you need to communicate out-of-band about the replication set to one piece of information.

          • 2. Re: Object Replication Security
            Michael Thornburgh Adobe Employee

            note that for consistent results, if the replicated objects are complex and not just ByteArrays or elementary types, you'll need to serialize them manually into a ByteArray, use replicate that serialization (and use the same for generating/verifying hashes).  this is because a complex ActionScript object may be unserialized from AMF and then reserialized differently (perhaps with its members in a different order or something).  in that case, the serializations (and therefore hashes) would be different even if the objects are equivalent.