Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Is there a way to have a secure by design client-server communication in a sense

ID: 647425 • Letter: I

Question

Is there a way to have a secure by design client-server communication in a sense that the server can check if the client is not a modified version?

What I'd like to do is give the user access to both the client's and the server's source code, but keep him from communicating with a modified version.

As a practical example, let's suppose a multiplayer race game. Is there a way to give the user access to the source (and to compiling it and playing it on the server if he wants) but keeping him from, let's say, altering the speed of his car to 2x normal speed and using this new version to play?

As I understand, the compiled program could generate some hash and send it together for the server to verify. But then there also comes stuff like being able to get this code and making another version send it, etc.

If this is a known problem, please also provide further information about it. (Any recommendations on books or papers related to that are also welcome)

Explanation / Answer

The short answer is: No, you can't verify what code is running on the client. As a result, you should never trust what is running on the client.

You could use all sorts of hashes, but nothing prevents a malicious client from lying to you about its hash and telling you what you want to hear. Asking the client to hash itself and tell you its hash would be like having airport security ask passengers "Are you a terrorist?" and then believing them when they say "No".

In principle this problem could be solved with trusted hardware on the client, such as a a TPM. Currently, a TPM is about the only way to check that the client is running unmodified code. However, in practice using TPMs for this has major issues that typically render it not deployable in practice for the purpose you have in mind.

Therefore, in practice the answer is basically "no, there's no way to check". See

For a partial explanation why TPM-based solutions are not really deployable in practice, see .

If you want to explore the TPM approach,. However, I don't recommend it as a promising avenue. In the future, Intel will be releasing SGX technology, which might be a better way to achieve this -- but it has not yet been released, so it will be quite some time before you can count on all your clients to run on hardware that supports SGX.

Related Questions

Is there a faster way to formulate an answer for a question of probabilities , f
Question #3182036
Is there a fibre-to-the-home or fibre-to-the-business project in Trinidad and To
Question #353858
Is there a future for life on Earth? As we have discussed in class, the Sun has
Question #297003
Is there a general way to calculate the speed of a source if the speed of the wa
Question #1576497
Is there a general way to calculate the speed of a source if the speed of the wa
Question #1869088
Is there a generation gap in the type of music that people listen to? The accomp
Question #3270885
Is there a generation gap in the type of music that people listen to? The accomp
Question #3297499
Is there a genetic factor that causes some families to favor one gender over the
Question #3170248
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Is there a way to generally characterize how species \"regrew\" after the variou
Next
Is there a way to implement a long division algorithm in java, not on numbers bu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.