Tactics to ensure payload has not been modified
When sending a request (POST, PUT, etc). I have a security requirement to ensure that the data in the payload has not been tampered with.
In other words I need to know with certainty that the data entered was entered by the user and has not been intercepted in flight with additional or altered data.
What are strategies and tactics to accomplish this?
I thought of using a key from a previous GET request followed by hashing the whole payload along with a timestamp. However I don’t see this as a solution since if there were a reverse proxy or key logger listening to an end-user's requests, then that keylogger and reverse proxy would just as soon know what the key used to hash was and could just overwrite the payload with the key and hash anyway - using the servers expected key and looking like a legitimate hash of the payload. Any ideas?
If the end-user’s system is compromised there nothing you can do to detect that data is coming from a legitimate user. However, you can use following measures to ensure some level integrity:
mTLS: Mutual Authentication for web request.
Issue a certificate for end users and store the keys into some hardware-based security modules e.g., smart card, TPM or HSM etc.
- You need to ensure that issuing certificate authority is good enough to be trusted.
- Windows key store or Keyring in Linux will also work but they do not provide high level security comparatively.
Use certificate parameters for authentication such as serial number or thumbprint to ensure the certificate belong to issuing person.
If you go with smart card, you can set PIN on smart cards to ensure extra security.
For all the above steps if you are using popular web server like Apache or nginx they provide the functionality to setup mTLS with configuration parameters mentioned above.