Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have a Java applet, which records the whole screen of the user and uploads the

ID: 656956 • Letter: I

Question

I have a Java applet, which records the whole screen of the user and uploads the images to the server.

If one would be able to (and many people could, I know) falsify the screen recording they could cheat legitimate users of the system out of their money, so there are incentives.

I have been doing some reading on this topic and it seems like any attempt at client-side validation is pretty much useless ie. trusting the client is out of the question. Obfuscation and such only create an inconvenience to malicious users, not an obstacle.

This problem is partially solved by a feature I came up with, which enables the system to be sure that the recording is authentic up to a certain point. After that point in time, however, it becomes ambiguous again. After that point the hacker could overwrite my applet's functions and upload faked screenshots. Or he could switch monitors of his computer, where the new monitor has a fake, but identical-looking screen, open programs etc.

Somehow I need to be 99.9% sure that the recording is authentic.

So far I have come up with something like this: Log all upload times/rates of all screenshots of all users and then if someone is suspected of cheating, compare the upload rates to other users, especially before and after the potential "switch"/"overwrite", the underlying assumption being that overwriting the code slows down the application slightly or switching monitors creates some abnormal delay.

Explanation / Answer

Your application looks like it's mainly running client-side because the server only receives those images. You therefore have very little data you can trust. This makes it very difficult to have it tamper proof, or be able to detect the data tampering.

Let's say you expect an untampered client to upload images every second to the server. Assuming the tampering takes half a second, you expect the tampered images to be uploaded every second and a half, but the tampered client can start processing earlier and still hit the 1 second upload rate. You cannot rely on timestamps provided by the client because they can also be forged.

You said you could rely on the upload rates of the other users in order to establish a pattern of know good rates, but what if an attacker or attackers would outnumber legitimate users? There is a difficult theoretical problem about this. A Google engineer described the difficult problem of detecting spam based on user reports and building systems that could resist sybil attacks.

Related Questions

I have a 1 TB external hard disk and a 512 GB internal hard disk. I am looking f
Question #660809
I have a 1 inch long, 1/2 inch thick sponge. For my experiment, the sponge must
Question #7118
I have a 10 year old nephew who enjoys computers and seems be interested in the
Question #660994
I have a 100 questions homework and need help with some of the questions! Thank
Question #101778
I have a 100 questions homework and need help with some of the questions! Thank
Question #102051
I have a 1st generation iPad, and I usually use it for web browsing when I\'m ho
Question #661900
I have a 2 part question I cannot figure out.. I dont even know where to start t
Question #2204876
I have a 250.0 mL solution which contains .100 M hypochlorous acid and .100 M so
Question #875229

Navigate

Previous
I have a Java Programming question. I have the following code and at Scanner.nex
Next
I have a Java homework question - I have an idea of how this should be solved bu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.