Core Embedded Web page tamper-Proofing Technology

I. Basic Principles
All Web websites require page content protection to prevent unauthorized users from tampering with the content at will. This is more required for websites with fast updates, large capacity, large numbers of authority.

External Websites are exposed to the Internet because they need to be accessed by the public. Therefore, they are prone to attacks by hackers. Although existing security measures such as firewalls and intrusion detection are available, the complexity and diversity of modern operating systems result in an endless stream of system vulnerabilities and prevent website intrusions and page tampering.

The Core Embedded Web page tamper-proofing technology uses the core embedded technology of Web servers to use cryptographic algorithms for each object to be protected (static Web pages, execution scripts, binary files) calculate a unique digital watermark. Each time the public accesses a webpage, the content of the webpage is compared and calculated with a digital watermark. Once the webpage is found to have been illegally modified, it is automatically restored, this completely ensures that illegal webpage content is not browsed by the public.

Ii. System Composition

1. Page protection Subsystem

The page protection subsystem is the core of the system and embedded in Web server software. Subsystems are implemented based on different Web servers using different embedded technologies, such as ISAPI, Apache-Module, NSAPI, and JAVA-class.

The Page Content Protection subsystem checks the integrity of each sent webpage in real time. If the webpage is normal, the webpage is sent externally. If the webpage is tampered with, the webpage is blocked for sending and alarm and recovery are performed according to certain policies.

2. Auto Release Subsystem

The automatic Publishing sub-system is responsible for automatic page publishing, which consists of the sender and acceptor. the sender is located on the publishing server and is called the automatic publishing program, when it detects changes in the file system, It computes the file watermark and sends it over SSL. the receiving end is located on a Web server, which is called a synchronization server. after it receives the webpage and watermark, store webpages in the file system and watermarks in the security database.

All valid Web pages must be added, modified, and deleted through the automatic publishing subsystem. Otherwise, the webpage is regarded as illegal.

3. Monitoring Management Subsystem

Responsible for automatic recovery after tampering, and provides the user interface of the system administrator. Its functions include manual upload, warning viewing, system running detection, Configuration modification, and log viewing and processing.

Iii. Working Process

1. Normal webpage upload process:

-You can use your content management system to upload webpages to the Publishing Server;
-The automatic release program monitors changes to the file system;
-The Auto Release program uses the HMAC function to calculate the digital watermark of a webpage;
-The automatic release program authenticates the Web server;
-The synchronization server authenticates the Publishing Server;
-The automatic publishing program securely transmits web pages and digital watermarks to the synchronization server using the SSL protocol;
-The synchronization server stores the digital watermark in the secure database and updates the webpage in the file system.

2. Content Protection process:

When the public sends a Webpage Browsing request, the Web server obtains the webpage content and submits it to the tamper-proofing module for detection.

The tamper-proofing module uses the Security Hash function HMAC-MD5 to calculate the digital watermark of the webpage to be issued, and compared with the digital watermark in the security database.

If the comparison of a digital or digital watermark fails, it is a suspicious or illegally tampered webpage. When the system calls the management subsystem to perform automatic recovery, it sends an alarm to the regulator, you can also execute custom External commands or programs.

The Web server sends the correct webpage to the webpage viewer.