Re: keeping data safe offline

[AK <platsakos () gmail com>]

Hi Erki,

hopefully you are targeting as few platforms as possible and not aiming
for a cross platform solution. A nice way of slowing down attackers is
to rely on heavily obfuscated code, in order to make reverse engineering
difficult. You can also try to implement specific RE countermeasures,
such as the ones used by the games industry, in order to hinder the use
of software such as memory dumpers etc. This will be an uphill battle
though and, given enough interest, your solution will fall victim to a
class attack.

Another approach is to partition the data in many databases, separated
by functionality, so only a piece of the database will be unencrypted at
any given time. However, since you do not mention specific agreements
between you and the client, I am not sure this will be an option.

On 4/9/12 10:41 AM, Erki Männiste wrote:
> I am developing a software that is going to be distributed to end-users on usb sticks. The application and the 
> content will be stored on that device and the content will be stored in a one-file sqlCE database, it will be crypted 
> by default and will be encrypted by the application on-the-fly.
> My client has made it clear, that he wants to keep end-users from copying the content and using it on any other 
> device but that very stick. Now, due to the offline requirement this is impossible to achive because i have to store 
> the encryption key somewhere in the code and users are able to access the data while in unencrypted state. 
> Can anybody recommend me any mechanism that i could apply, to make it more difficult for users to copy the content? 
>
> ERKI
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------