1. Field of the Invention
The present invention relates generally to methods of detecting software falsification, apparatuses configured to detect software falsification, and computer-readable storage media, and more particularly to a method of detecting falsification of software installed in an apparatus, an apparatus configured to detect falsification of installed software, and a computer-readable storage medium storing a program for causing a computer to execute such a method.
2. Description of the Related Art
As methods of detecting falsification (alteration) of firmware (software) installed in an apparatus, for example, those using a hash value are conventionally known. (See, for example, Japanese Laid-Open Patent Applications No. 2004-213057, No. 2005-084989, and No. 2007-041694.)
According to the conventional falsification detecting method using a hash value, the hash value of firmware to be installed in an apparatus is calculated and prestored in a secondary storage unit of the apparatus at the time of its installation. Then, at the time of starting the apparatus, the hash value of the firmware is recalculated and compared with the hash value prestored in the secondary storage unit. If these hash values do not match, it is determined that the firmware has been falsified, and an abnormal-time operation is performed.
The conventional falsification detecting method using a hash value can detect falsification of the firmware, but has a problem in that it is prevented from detecting falsification of the firmware if the hash value prestored in the secondary storage unit of the apparatus is also falsified along with the firmware.
Further, the conventional falsification detecting method using a hash value has a problem in that it is prevented from detecting deletion of the firmware if the hash value prestored in the secondary storage unit of the apparatus is also deleted along with the firmware. This problem is due to the fact that the hash value cannot detect a change in the firmware configuration of the entire apparatus although it can detect falsification of individual firmware.
With respect to the problem that falsification of the firmware cannot be detected if the hash value prestored in the secondary storage unit of the apparatus is falsified along with the firmware, falsification of the hash value may be prevented by providing an encryption/decryption key in the apparatus and encrypting the hash value to be prestored in the secondary storage unit of the apparatus.
However, since the encryption/decryption key is stored in the secondary storage unit of the apparatus, the falsification detecting method that encrypts a hash value to be stored in the secondary storage unit of the apparatus has a problem in that a malicious third party can illegally obtain the decryption key from the secondary storage unit of the apparatus and decrypt the encrypted hash value.
Thus, the conventional falsification detecting method using a hash value is ineffective with respect to falsification of a hash value stored in the apparatus. Further, the conventional falsification detecting method using a hash value is ineffective with respect to falsification of the firmware configuration of the entire apparatus. Further, the conventional falsification detecting method using a hash value cannot detect the falsification of a hash value or the falsification of the firmware configuration of the entire apparatus completely even with encryption for preventing falsification.