protection against foul computing [Lot's of <--]

[chrimeea]

Hi,

I would like to know if the folding@home software has a way of protecting itself against illegal clients. For example maybe someone can alter their client to make wrong calculations. Then the result of this calculation is send by the folding@home client to the main server. Can the server recognize that the calculations have been tempered with ?

Thanx !

[Ivoshiee]

Yes, the FAH client/servers have checks for WU data tampering, but what exactly is not known to outside parties.

[v00d00]

Plus if a person did do that, the chances are (going on whats happened in the past) the offenders account would be terminated and all points zeroed.

[Ren02]

Well I haven't heard about tempering but there is another way of returning bad results and that is running the client on unstable hardware.
The simulation has only so many possible trajectories though that faulty hardware always causes a cascading error. The simulation reaches a disallowed state and ends in EUE (early unit end). In such a case FAH servers reissue the same WU to somebody else.

If someone with a lot of computing power wanted to steer the research in a certain way then he could alter the simulation in a way that it picks an improbable route. But a single WU is just a part of a single trajectory. For a project hundreds (if not thousands) of trajectories are used and those that differ too much from the average will stand out, so such tampering would be discovered.

Of course if the evil mastermind managed to grab every WU (or at least a vast majority of WUs) from a project and then alter them to his sinister purposes then this might slip through. I don't see it happening though.

[chrimeea]

I was thinking that the best way to protect the research against this kind of errors or tempering would be to issue the same WU to at least two different teams. Then compare the results and if they match then the result is definetly ok. Of course this would half the speed of folding@home research.

[7im]

The clients can only be downloaded from Stanford, so you can't modify the clients to taint the results.

The WUs have checksums so you can't modify the WUs upon download.

There is also encryption.

You can only upload the WU to the Server it came from, and there are checks done upon uploading.

And even if you got past all of that, WU assignments are random enough that you couldn't significantly alter the specific results of any project number, let alone the whole project.

See also: FAH FAQ: What about security issues?

What about security issues?

We have worked very hard to maintain the best security possible with modern computer science methodology. Our software will upload and download data only from our data server here at Stanford. Also, we only interact with FAH files on your computer (we don't read, write, or transmit any other files, as we don't need to do so and doing so would violate our privacy policy). The Cores are also digitally signed (see below) to make sure that you're getting the true Stanford cores and nothing else.

How is this possible?
We take extensive measures to check all of the data entering your computer and the results we send back to Stanford with 2048 bit digital signatures. If the signatures don't match (on either the input or the output) the client will throw away the data and start again. This ensures, using the best software security measures developed to date (digital signatures and PKI in version 3.0), that we are keeping the tightest possible security. Finally, the client/screen saver are available for download only from this web site, so that we can guarantee the integrity of the software. We do not support Folding@home software obtained elsewhere and prohibit others to distribute the software.

So with all of that, and I'm sure more that isn't disclosed, there is no need to waste resources by duplicating work units.