Tamper Detection
-
- UpdatedAug 1, 2024
- 3 minutes to read
- Xanadu
- Now Platform Security
Use tamper detection to improve security by detecting unauthorized changes to your quorum control settings.
Tamper detection process
When enabled, tamper detection validates your quorum control settings by checking for any unauthorized modifications (tampering). Tamper detection uses hash-based message authentication code (HMAC).
- When a setting is changed or created, your instance creates an HMAC. The HMAC is based on the value of the setting (dare_property) record.
- Whenever your instance uses these settings, tamper detection validates it using the HMAC.
- If the setting validates successfully, it can be used by the platform, otherwise it cannot.
- Tamper detection runs daily on your instance
Tamper detection checks your settings for tampering using a daily scheduled job, and reports validation failures in your node and security logs. Tamper detection send a notification to Security and KMF admins for validation failures.
- Tamper detection runs before executing a key withdrawal
Tamper detection also validates your properties when you request a key withdrawal. If your settings do not pass validation, the key withdrawal does not execute. In this case, you must resolve any validation issues before key withdrawal can compete.
Identifying tampering
- Tamper detection updates your logs when validation fails.
If tamper detection fails to validate any of your quorum control settings, these failures appear in your node and security logs. The log entry includes the sys_id of the settings (dare_property) record that failed validation.
Logging displays information similar to these examples when validation fails. Successful validations do not appear in the logs.
- Tamper detection displays a warning message on your quorum control settings page
If a quorum control setting has failed validation, you can see a warning when you view the Quorum Control Policy settings page on your instance. The warning includes the sys_id of the settings (dare_property) record that failed validation.
- Tamper detection sends notifications to users with the Security Admin and KMF Admin roles
If tamper detection fails to validate any of your quorum control settings, your security admins and KMF admins receive a notification similar to this example.
Resolving tampering issues with ServiceNow support

If tamper detection fails to validate any of your quorum control settings, contact ServiceNow support for assistance in resolving the issue. After a support agent has resolved the validation failure, security and KMF admins receive a notification indicating that the issue has been resolved.
