We have a software that needs a connection to our servers for license management purposes. Now we have a new customer who wants to use our software on systems that don't have access to internet. So I was thinking about setting up a local server in their private network. Is it a good way? What are the flaws of this approach? Is it possible that they copy our server data and use it somewhere else? In other words can they clone our server? If they can what's the solution? Can I in some way use a TPM to prevent cloning?
4
-
1Could you add some more details on a) how the local server would be set up? and b) how the software client has to prove itself to a license management server?– Tom K.Commented Jun 8, 2020 at 9:04
-
I'm thinking about putting a mini pc in their network. The software has to authenticate itself with the license key that was provided to it. This key changes on each connection. The said server is supposed to manage changing and providing this key.– SepehrCommented Jun 8, 2020 at 9:07
-
I think it's a good question, because you are essentially trying to make a network "dongle". The "dongle" based protection being a USB key that is used to validate licenses for a lot of high value software. I am assuming you don't want to use an actual dongle because there are many machines on the same network that need to be licensed?– 8vtwoCommented Jun 9, 2020 at 15:07
-
we used to have a "phone-in" validation system. The way it works is they press a certain key combination and a key(series of numbers/letters) is displayed, they read the key to you on the phone and you type it in on your end and get back a validation code that you read back to them. They enter this key to validate the product.– browsermatorCommented Jun 9, 2020 at 19:23
Add a comment
|
4 Answers
You want a portable offline license server and want to make it as secure as possible. This is possible, and sounds like a fun project.
The secret licensing mechanism will need to be embedded into this server and therefore needs to be protected from copying and analysis.
So the licensing code will need to be encrypted using some type of on-board hardware to prevent the code from running elsewhere. A TPM could be used for this, but you should try to keep the device as small and as simple as possible to eliminate as many attack vectors as possible.
I would recommend a raspberry pi with a secure element: https://www.zymbit.com/blog-security-module-raspberry-pi/
Build your licensing server on something like this and you should have a nice little deployable solution for offline networks.
-
Thank you for your solution. I checked this Zymbit module and I found it really useful.– SepehrCommented Jun 10, 2020 at 9:04
Is it possible that they copy our server data and use it somewhere else? In other words can they clone our server?
Using Thunderbolt for example ?
They will have physical access to it so everything is possible. The question is: how much do you trust the client ? If you trust them enough you could work out another arrangement, for example deliver software that will work offline but with restrictions based on local conditions, for example a fingerprint of their local machine.
Even if there are time-based limitations you should be able to work out something.
There are things you can do like encrypt the hard drive, so it can't easily be mounted on another machine for examination. Disable all USB ports, Thunderbolt etc. But fully securing a system you can't even monitor is difficult.
How will your server validate licenses ? If you put a server connected to the Internet, and that server has connections with the client's computer, then you are indirectly exposing their machine to the Internet, which is something they probably want to avoid.
Personally I would not be comfortable at all with a black box on my network.
The client can be burglarized too. The computer could be stolen by third parties and expose your trade secrets. So think hard about what you are going to put on that machine and what would be the impact of a worst-case scenario.
I think the best option is to deliver a tailored version of your software but you can charge the client for that, because this is a software customization.
Perhaps you could ship a USB dongle or something. A tiny Tomu for example if cheap and versatile. Conceivably, the physical token could be replaced every year. Just ship it by post.
If you are working in good faith with your client, the solution you are proposing sounds somewhat reasonable. There are of course some accompanying challenges, but - depending on the relationship with your client - they are manageable.
Low priority risk, but it's good that you have it on your mind:
Your client could theoretically abuse this system, once it's in their infrastructure. As a rule of thumb, you should keep in mind, that "If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore" 1. So even with strong access control, protecting your PC with a tamper resistant lock and so on, it's nigh impossible to keep it safe forever, if someone wants to get in. That said, only you can estimate how bad the damage would be, if that happens.
The risk I would be worried about:
Going out of your way to provide this solution to one of your clients. Because this solution doesn't seem to be part of your current portfolio, it should't be too easy to maintain. Working outside your standardized products leaves you vulnerable for other forms of attacks. In this case:
- social engineering against the admin who is maintaining things is easier when an environment is unknown (this holds true for your customer as well)
- you are disclosing - possibly confidential - internal information to your customer
- you possibly have to create new guidelines on how to handle PCs that have been in another corporate network for some time
- probably more, but there's not enough detail on the setup
This doesn't mean that you cannot expand your portfolio, but you have to test before you run and you have to build controls that mitigate risk beforehand.
From your question, your real problem is
Now we have a new customer who wants to use our software on systems that don't have access to internet
Your rest of the problem arises when you consider below to be a solution
So I was thinking about setting up a local server in their private network? Is it a good way?What are the flaws of this approach?
No, it is definetly not a good way and the answers by @Tom and anonymous have done a good job letting your know the flaws/risks in approach.
So addressing your real problem, One possible way this issue can be solved is with the use of proxy and setting routes. The Traffic can be routed from this system to a proxy within the local network which has internet access which in turn allows license management to proceed as usual.
If the machine is devoid of internet connectivity purposefully and is considered unsafe to connect to internet at any point in time, let license be installed on machine's clone ensuring all safety and checks in place while doing so and then move the entire machine back to internal network replacing the original machine.
Hopefully I understood your problem correctly and this answers your question.
