How to uniquely identify a network?

Question

Let's say I want to make an application where stored data is encrypted so only my application is able to read it.

But I want the application to be accessed only if the user is on a particular network. For instance the application is an Android app that deals with medical records in a hospital. How to be sure that the device is connected to the network of the hospital ? The idea is that outside this network, the app won't work.

The question is not particularly related to wireless networks, wireless devices or Android, this is general to programming and network identification.

Could a certificate do that ? I'm new to this. Does a network "identifier" could be faked ? For instance I'm pretty sure that a WiFi SSID is easy to fake.

Cheers.

More details: Let's assume that the point of the local data is not for an "offline mode", but to avoid network latency. In that case, the data needs to remain accessible only if connected to a particular network, in case the device is stolen.

But if there is no way to be sure of the network's identity... What about a server that would answer to the question "Heya am I on the right network ?" and if no response comes out I know that I'm not on the right one ? (Or that the server just does not respond...) But, again, if the app is hacked, that can be faked too.

Answer 1

Interesting problem.

Generally speaking the purpose of storing data locally is so that it can be accessed while "offline".

However, I think there may be some underlying misconceptions here. Presumably the only reason you'd want to do this is to try and prevent a stolen device from giving up it's secrets. Fact of the matter is, you can't. If the device is no longer under your physical control then it's just a matter of time before it can be hacked.

If we are talking about sensitive data, it shouldn't be stored on the devices. Instead the device should retrieve the data it needs from your server when it needs it and delete it locally when no longer necessary.

The fact that you want the device to only work when connected to your local network implies that you can accomplish this goal.

As a side note, this is why things such as "remote wipe" exist. It's also why every time the device connects to your network it needs to test it's authentication and authorization. Point is if someone reports the device lost or stolen then you need to be able to ban it from your network AND, if the device supports this, remotely disable it.

Bearing in mind that it is entirely possible to pull a device from the network and therefore disable a remote wipe from executing.

---

With that out of the way, there is absolutely no way you can ensure the device is on a given network. All of that can be faked. It's kind of trivial to setup a router of a given name and change it's MAC to masquerade as whatever, and assign it certain IP addresses. For all intents and purposes it could be made to look exactly like an access point you have... And that's just with normal run of the mill wireless routers you can buy at your local computer store.