Implementing License Validation with RSA

views:

343

answers:

+1 Q:

Implementing License Validation with RSA

I am about to sell a program I have written in C# and I want to control licenses for it, strictly. That means I want to let the client connect to my server every single time it starts. This also gives me the ability to disable keys (in case of chargebacks on paypal or distribution of the code). Of course this might be a hassle for other users, but it is necessary in this case. Since I was unable to find any good .NET Licensing systems that are uncracked, I wanted to take the approach of writing a little one myself. My plan was to do the following:

Generate a key.dat containing 1024 characters that gets shipped with the software (individual to each user)
In the application entrypoint add a httprequest to my server that sends the key.dat + current timestamp, encrypted.
My HTTP server (running PHP) decrypts the request and checks if the key is valid (in my database) and replies with the "access level" (license type). If the key is invalid or disabled it replies with an errorcode. Just like with the request, the reply is being salted with a timestamp, so someone can't validate his program by sending a valid packet to himself. The timestamp is being checked in the client. The reply is encrypted with RSA and a previously generated public key.
Client receives response, decrypts with private key and reacts.

Is RSA the correct approach for this, so I can assure that the packets are sent by me and are not crafted (by noone else having the public key)? Is there a better approach for solving this problem?

Is RSA the correct approach for this?

I do not think RSA is your best choice.

One of the capabilities of PKE (Public Key Encryption) is that it lets parties talk to each other who previously have never exchanged information before (eg. strangers).

I do not see this applying to your case. Your software knows your server well. They are not "strangers".

Consider instead Shared Secret Key encryption, where each copy of the software you distribute is given a unique secret key, and your server knows each user's secret key as well. The keys are never sent, and must be protected, but can still be used to encrypt, sign, and validate communications.

Edit After considering the comments and other answers.

Anyone who wants your software badly enough will be able to bypass the authentication completely. RSA does nothing to prevent that.

The real question is: Does breaking a single license make all licenses vulnerable/worthless. In both cases, (RSA and Secret Key), the answer is No. Just because one copy of the software got hacked and got its key exposed, or the licenses system bypassed, other copies are no more exposed. PKE and SSE seem equal in that respect to me.

Because Shared Secret Key is easier to implement, and computationally faster to execute, I think it is preferred in this case over RSA/PKE. That is not to say RSA is "wrong". It will accomplish what you are after, to the same degree that SSE will (no more, no less). But I think SSE is the smarter choice.

abelenky 2009-09-28 18:51:40

Wouldn't having a shared key encryption have the problem that the client would store the same key as the server uses to encrypt the packet? This is the main thing I am trying to avoid, because this way someone who attempts to crack the software could easily craft those packets himself.

Patrick Daryll Glandien 2009-09-28 18:56:48

Hmm..... good point. I now think I might be wrong. I'll dwell on this a few more minutes, then consider deleting my answer.

abelenky 2009-09-28 19:01:56

In either case, the same attack applies. Anyone can defeat your software by replacing the key embedded in it, whether it's secret (symmetric), public (to verify a license signed by your server), or private (to decrypt a license from your server). It's not abelenky's fault that you've asked for the impossible.

erickson 2009-09-28 19:10:53

I am asking for a secure protocol. Securing the software from being modified is surely a thing that is impossible, but it can be made pretty hard with obfuscation. Again, I am not asking for a solution to make my program uncrackable.

Patrick Daryll Glandien 2009-09-28 19:16:27

"I am asking for a secure protocol." - Aren't we all?

Geoffrey Chetwood 2009-09-28 19:22:14

Symmetric algorithms can provide integrity and authentication services (prove that a message came from someone who knows a secret, and has not been altered), just as well as asymmetric encryption. The difficulty with symmetric algorithms is secure key exchange. A dedicated client doesn't have this difficulty. The only problem is, as you've recognized, the fact that you are giving the keys to your attacker and hoping that your obfuscation is sufficient that discovery won't be worth trying.

erickson 2009-09-28 19:23:43

If such a secure protocol existed, everything would be using it, and it would have been cracked already. What you're asking for is nothing more than security through obscurity, which isn't security at all.

Welbog 2009-09-28 19:24:06

@erickson: The OP need not (and should not) give the "master keys" away in the client-software. Rather, each client should have a unique shared secret with the server. If any client gives up its secret key, all other clients are still just as protected.

abelenky 2009-09-28 19:27:55

I agree, if symmetric crypto is used, every client should have its own key. What I was trying to say is that the shared key would need to be embedded in the client when it's distributed. For a client to safely obtain a key at runtime, it would have to perform key agreement. While it would be a pain to embed a different key in every copy of the client, it's possible, and has been done by other software. In that respect, it might be easier to use public key encryption, where every client has the same public key (used to verify license signature), and you hope the user doesn't replace it.

erickson 2009-09-28 20:53:27

+3 A:

Someone who wants your software bad enough will just decompile it and remove the part of the code that phones home on startup.

If you were to add a checksum to the app that checks whether the code has been altered, someone can just change the checksum the program checks against (or remove the check entirely).

People who want your application enough will find ways around any type of protection you can conceive. You're better off sticking to something simple, having a product that is worth paying for (and easily) and make sure it's worth the price you're asking.

EDIT

Given that protection is important, the fact that the users will have code running on their machines is a risk you can avoid. If the users don't have the code, they can't crack it. They can't copy it and share it.

Now, it might not apply to the application you intend to write, but you should consider writing a web, Flash or Silverlight application instead of a regular client application. That way you don't have to distribute the code to customers. All you have to do is manage credentials into the application, which should be a lot easier than your round-about RSA system.

It's also easier to push out new versions of the software in a centralized model, and you won't have to worry about theft at all. Of course, load will become an issue when it wasn't before. And not all applications can be centralized easily (or at all). I'm just proposing this to make sure you consider it because it is a valid solution to your problem.

A web-based application will have the same issues as your application (i.e. it will be down whenever the user is offline, whenever the network is down, whenever your server is down, etc). So there's no added risk in that regard.

Welbog 2009-09-28 19:04:50

Thanks but this is exactly the answer that I was not looking for, I know what you are telling me and I understand this philosophy. My software is not for the millions though and will only have around 200 buyers. I am not trying to prevent that it gets cracked at all, but I want to make it harder, for the sake of my own earnings. The audience I am selling to does not assess if its worth it buying it if they could get it for free.

Patrick Daryll Glandien 2009-09-28 19:08:24

@Patrick: If your potential userbase is 200 people, why on earth would you spend the time and money to implement this? This makes little or no business sense.

Geoffrey Chetwood 2009-09-28 19:09:49

I might consider using this for more of my software. Encryption is not exactly rocket science. As said, if you can suggest me a .net licensing software that is free and uncracked then I will thankfully take that.

Patrick Daryll Glandien 2009-09-28 19:12:33

You're right, it isn't rocket science. Rocket science is easier and better understood.

erickson 2009-09-28 19:17:02

This is the best answer. It is a horrible idea to make a client connect to your server just for license validation. Kiss your customers goodbye the first time this inconveniences them. You cannot maintain 100% uptime, so your app cannot.

Geoffrey Chetwood 2009-09-28 19:19:03

Encryption does have some relationship to rocket science. Rocket science is easy and simple, just like using a standard encryption algorithm. Rocket engineering is really difficult and tricky, just like writing a secure application using encryption.

David Thornley 2009-09-28 19:23:07

ansaurus

tags:

views:

answers:

Implementing License Validation with RSA

related questions