Home page logo

basics logo Security Basics mailing list archives

Re: Security for grades stored online
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 11 Dec 2009 00:41:10 -0430

On Wednesday 09 December 2009 11:57:58 Eitan Adler wrote:
I will be coding a system for a university in which teachers will be
able to enter grades into a web based form. The grades will then be
stored in a database and used by the university to supply the final
This system is obviously a target for people wishing to change their
grades. While I intend on coding securely and keeping the servers
secure (no access from the internet and such) I (and the university)
would like security a guarantee that is similar to that of teachers
manually handing in grades. My thought was to create a hash of the
names & grades which the teacher could print out and hand in to the
main office. This hash (one per class) could be verified against the
hash that is generated when the grades are viewed by the
administration. This reduces the amount of work required to verify
that the grades have not been changed and (I think) without reducing
the security of the grades.

Is this true? Can you find any flaws or implementation "gotchas" that
I should be aware of?

Hi Eitan.

I think that is a good idea, but, one of the main problems with the hashes is 
the generation and comparison. A hacker could carry out some types of attacks:

- Generation: Changing the source code that usually make the hash to print an 
invalid hash when inserting scores.
- Comparison: Changing the source code that generates the hash to make the 
hash pre-printed, but with a different grade.

This can be done in two ways:
- Man in the middle attack (network access required)
- Modifying the source code (requires access to operating system)

Additionally, another factor to be considered is the possibility for a hacker 
to destroy the data.


Prevent data modification between the server and the teacher eyes, is a very 
difficult task.  


PKI could be the solution.

for example, you could install one digital certificate per-teacher, and write 
an application resident on the teacher computer to digitally sign the grades.

This application sends the grades to a webservice and saves it with his 
digital signature in a database.

Validation may occur at the end point ( think on firegpg ;-) or similar ), and 
if someone changes something (hash or data) in the network, or in the 
database, the digital signature will not be ok.

Furthermore, you can improve it with:

- Save data in a non-rewritable media, in addition to the database (eg a 
multisession DVD or/and printer attached to the server)
- Security Hardening on the operating system and the source code
- Security Hardening on teacher computers... (Very important). For extreme 
security you can deploy an encrypted live cd per-teacher with his certificate 
and his application in order to prevent certificate stealing and/or application 
- Declaring immutable and read-only web related files (php, asp, jsp, 
- Securing web services connections with SSL... SSL must have a valid digital 
certificate for server and clients. 


I understand that live cd's does not automatic updates on the operating 
system, but the most of attacks will be prevented with a minimalistic OS 
Installation, strong security policies, and periodic updates each time that a 
serious security vulnerability affects libraries involved on data communication 
( Eg. libssl vulns, kernel tcp stack vuln, ... ).

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
 certificate.  We look at how SSL works, how it benefits your company and
 how your customers can tell if a site is secure. You will find out how to
 test, purchase, install and use a thawte Digital Certificate on your
 Apache web server. Throughout, best practices for set-up are highlighted
 to help you ensure efficient ongoing management of your encryption keys
 and digital certificates.


Ing. Aaron G. Mizrachi P.    

T: + 58 416-6143543
BBPIN: 0x 247066C1

Attachment: signature.asc
Description: This is a digitally signed message part.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]