TransWikia.com

How to validate the integrity of a back end?

Information Security Asked on November 6, 2021

I just read following statement in a technical guideline about network-accessible mobile devices with medical applications (BSI TR 03161):

The application MUST verify the integrity of the back end before
accessing it

with reference to:

The application MUST support certificate pinning, i.e. it SHALL NOT
accept certificates whose certificate chain does not appear
trustworthy to the manufacturer [RFC7469].

and also:

The application MUST validate the integrity of the backend responses

What possibilities are there for an application to verify the integrity of a back end rsp. its responses?

As far as I understand it, the certificate pinning is used to validate the authenticity and aid to the confidentiality.
However, a compromised back end with compromised keys and manipulated data (thus not providing integrity) could still send a valid certificate.
Regarding the back ends responses, I find multiple ways of interpreting this.

  • The integrity could refer to validity of a protocol
  • The integrity could refer to data being logically valid

Or am I misinterpreting the statement?

integritymedicaldeviceweb application

One Answer

While the differences between authenticity and integrity are difficult in practice, as your example of a compromised key set illustrates, as far as I understand it, this aims at the network level rather than the logic level. Thus, checking the integrity comes down to trusting the authenticity of the certificate and accepting only such cipher suites that provide ways to detect (possibly blind) modifications by a man in the middle.

Another way to satisfy this would be to allow for any ciphers that guarantee confidentiality and evaluate the integrity of the payload in the application logic, for example by restricting the payload to a fixed data format that itself provides integrity, for example JSON Web Signature.

As to your example of the server being compromised and thus the authenticity claim of the certificate holding but an attacker changing the data: that's not exactly true. While it might not look that way for a client, the authenticity goal as already been breached then: the answering party is no longer who they claim to be but rather the attacker.

Additionally: As the TR is currently in a Trial Use Status, for questions regarding compliance with the TR, the contact data of the document can be used.

Answered by Tobi Nary on November 6, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP