Consider a protocol that allows clients to retrieve XML \"forms\" from a server.
ID: 659367 • Letter: C
Question
Consider a protocol that allows clients to retrieve XML "forms" from a server. Forms are identified by a unique, randomly generated form ID that is embedded in the form. Clients fill out the form and submit it back to the server, communication uses relatively simple SOAP requests that contain the form in the SOAP body element.
I'm tasked with implementing the server side in this scenario. My problem is with malicious clients that might tamper with the embedded form ID (change it to some arbitrary value) and submit such a form back to the server. On the server side, a form with the modified form ID might already exist and would be overwritten by the submit, thus resulting in data loss.
My proposed solution would be to embed a PBKDF2 hash of the form ID alongside the plain text form ID. If the client tampers with either the plain or hashed ID the server would reject the submission. Is this a reasonably safe way to ensure form integrity? Is it a problem to disclose the hash to the client in this scenario (we are talking data integrity here, not confidentiality)? Are there any potential problems with my solution (e.g. use a better key derivation method)?
Explanation / Answer
If the salt used for PBKDF2 is of non-trivial length, say 128 bits, and the salt is stored with the form ID on the server (only), then this will allow you to check whether the form ID has been tampered with. There must be a secret component to the hash because of Kerckhoffs' principle, AKA Shannon's maxim. In this case, the salt, stored only on the server, is the secret.