I Want to create my own safe connection for a VOIP app.
Now I am looking into key exchange which seems to be much more Tricky than encrypting/decrypting.
Are there any better approaches than Diffie-Hellman in practice ?
I understand the concept of Diffie-Hellman but I think it needs the right values to be safe since with natural numbers it could be easily be guessed. How can I get those values using python, what are they and is it really safe from key guessing?
Please help me with some background informations / inspiring.
Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.
The most serious limitation of Diffie-Hellman in its basic or "pure" form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks. Ideally, Diffie-Hellman should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium.
More light on the topic is available below:
1 link 1
2 link 2
3 link 3
DH is fine for this purpose, just make to sure to use 2048 bit keys or more.
However for VoIP the standards are TLS with SRTP/zrtp so it would be better if you would implement these. With DH you loose compatibility and will introduce a lot of complications. Also note that DH is only for key exchange, so you will need something also for the encryption itself. With TLS you could handle all these in one step by using a well know implementation instead to write your own encryption stack from scratch.
Diffie-Hellman is a key exchange algorithm. So Anyone can access your public parameters. You can use safety except declassified private parameters. It's so important create sharedkey safety. If you want to more secure system, try forward-secrecy
Related
I'd like to check the time/date inside an obfuscated python script.
datetime is not reliable as it's easily possible to change the computer clock time.
Using ntplib with a ntp server like europe.pool.ntp.org is not secure either because the user could change the DNS or something like that.
Is there a reliable and secure way to get current date in python ? Using certificates or something like that ? I could gather and parse data from unixtimestamp and verify SSL certificates, but I'm pretty sure that's not the cleanest way of doing this.
It's possible to verify authenticity and integrity of the NTP packets via a shared (symmetric) key. You'd have to ship the key (or retrieve it on the fly from a service under your control) and then use it with one or more NTP servers that support the key. Multiple servers and multiple keys are possible. For example, NIST runs a service that supports this feature.
While packet auth might be enough to mitigate a simple attack vector, the NTP threat model is quite extensive. The hostile actor might not be the client (device) owner...but the date/time you will receive may still be incorrect. Even in the proposed auth solution, the key would have to reside somewhere on the client and a determined attacker could exfiltrate it, even from memory. The mitigation techniques and whether some of the issues cited in the threat model are relevant to you will depend on your definition of "reliable and secure" in your specific use case.
Longer-term solution is NTS, it's adding TLS-/AEAD-based security to NTP.
I'm pretty good at Googling my programming needs, but could really not find this.
I'm finishing this security-related Python 3 application which runs on Raspberry Pi Zero W. Its data is in an Azure SQL DB and I reach it via a WCF service. Now it's time to protect data back and forth regardless of https implementation, so I tried hard to find an encryption mechanism supported on both worlds in such a way that I encrypt stuff in the device and decrypt it in Azure DB and the other way around. Since I could not find it I went ahead and developed an encryption mechanism based on the timestamp plus some partial scrambling but would appreciate if I could employ a real industry standard encryption scheme. It would benefit the product in many ways, really... So, has any of you guys been in this scenario, and if so, how did you proceed ? Does this make sense to you ?
Thanks very much.
-- Emilio
The industry standard for encrypting data is AES (Advanced Encryption Standard), notice the word: Standard.
I have a server implementing a python API. I am calling functions from a frontend that uses Angular.js. Is there any way to add an authentication key to my calls so that random people cannot see the key through the Angular exposed code? Maybe file structure? I am not really sure.
As long as you send the sensitive data outside, you are at risk. You can obfuscate your code so that first grade malicious users have a hard time finding the key, but basically breaking your security is just a matter of time as an attacker will have all the elements to analyse your protocol and exchanged data and design a malicious software that will mimic your original client.
One possible (although not unbreakable) solution would be to authenticate the users themselves so that you keep a little control over who is accessing the data and revoke infected accounts.
I cant seem to find a reliable asymmetric encryption solution to secure data between a python based server application and a client over an open data channel.
I need some way for my client to prevent a man in the middle attack over an open data channel, my current exchange has me sending my clients a token they use to verify they are talking to my server application by checking the token is valid with a php script on my site.
This is far from ideal and could easily be compromised by waiting to be sent the token and passing it off to another user.
I have tried as3crypto's rsa encryption but it is an old implementation that is not supported by many libraries as well as having a known vulnerability.
I would really like a solution that lets me hard code public/private keys into both the client and server to prevent something like this from happening.
Since decompiling swf content is not a major problem for experienced hackers, I would strongly advise against hardcoding keys. Have you thought about using SSL at all?
Hardcoding they public keys won't help you, if someone really plans an attack, because the SWF itself is transfered over an unsafe channel, thus the keys can be exchanged just as if they were transmitted individually.
There is basically nothing you can do to prevent man in the middle attacks, you can only make them harder. I think HTTPS is about the best you can get and it's also a fairly easy solution.
After doing some research I have decided to code the part of rsa I need from scratch.
I found some python code that will generate raw integer keys of any length and looked up how the rsa algorithm works.
T^P = X (mod R) to encrypt
X^Q = T (mod R) to decrypt
Where T is the starting data, X is the ending data, P is the public half of the key, Q is the private half of the key, and R is the shared part of the key (all integers).
Data will have a nonice whenever possible to prevent replay attacks and the message as a whole will be converted to a long integer to prevent traditional bit by bit cryptanalysis.
Here is where I am at presently. I am designing a card game with the aim of utilizing major components for future work. The part that is hanging me up is creating a layer of abstraction between the server and the client(s). A server is started, and then one or more clients can connect (locally or remotely). I am designing a thick client but my friend is looking at doing a web-based client. I would like to design the server in a manner that allows a variety of different clients to call a common set of server commands.
So, for a start, I would like to create a 'server' which manages the game rules and player interactions, and a 'client' on the local CLI (I'm running Ubuntu Linux for convenience). I'm attempting to flesh out how the two pieces are supposed to interact, without mandating that future clients be CLI-based or on the local machine.
I've found the following two questions which are beneficial, but don't quite answer the above.
Client Server programming in python?
Evaluate my Python server structure
I don't require anything full-featured right away; I just want to establish the basic mechanisms for abstraction so that the resulting mock-up code reflects the relationship appropriately: there are different assumptions at play with a client/server relationship than with an all-in-one application.
Where do I start? What resources do you recommend?
Disclaimers:
I am familiar with code in a variety of languages and general programming/logic concepts, but have little real experience writing substantial amounts of code. This pet project is an attempt at rectifying this.
Also, I know the information is out there already, but I have the strong impression that I am missing the forest for the trees.
Read up on RESTful architectures.
Your fat client can use REST. It will use urllib2 to make RESTful requests of a server. It can exchange data in JSON notation.
A web client can use REST. It can make simple browser HTTP requests or a Javascript component can make more sophisticated REST requests using JSON.
Your server can be built as a simple WSGI application using any simple WSGI components. You have nice ones in the standard library, or you can use Werkzeug. Your server simply accepts REST requests and makes REST responses. Your server can work in HTML (for a browser) or JSON (for a fat client or Javascript client.)
I would consider basing all server / client interactions on HTTP -- probably with JSON payloads. This doesn't directly allow server-initiated interactions ("server push"), but the (newish but already traditional;-) workaround for that is AJAX-y (even though the X makes little sense as I suggest JSON payloads, not XML ones;-) -- the client initiates an async request (via a separate thread or otherwise) to a special URL on the server, and the server responds to those requests to (in practice) do "pushes". From what you say it looks like the limitations of this approach might not be a problem.
The key advantage of specifying the interactions in such terms is that they're entirely independent from the programming language -- so the web-based client in Javascript will be just as doable as your CLI one in Python, etc etc. Of course, the server can live on localhost as a special case, but there is no constraint for that as the HTTP URLs can specify whatever host is running the server; etc, etc.
First of all, regardless of the locality or type of the client, you will be communicating through an established message-based interface. All clients will be operating based on a common set of requests and responses, and the server will handle and reject these based on their validity according to game state. Whether you are dealing with local clients on the same machine or remote clients via HTTP does not matter whatsoever from an abstraction standpoint, as they will all be communicating through the same set of requests/responses.
What this comes down to is your protocol. Your protocol should be a well-defined and technically sound language between client and server that will allow clients to a) participate effectively, and b) participate fairly. This protocol should define what messages ('moves') a client can do, and when, and how the server will react.
Your protocol should be fully fleshed out and documented before you even start on game logic - the two are intrinsically connected and you will save a lot of wasted time and effort by competely defining your protocol first.
You protocol is the abstraction between client and server and it will also serve as the design document and programming guide for both.
Protocol design is all about state, state transitions, and validation. Game servers usually have a set of fairly common, generic states for each game instance e.g. initialization, lobby, gameplay, pause, recap, close game, etc...
Each one of these states has important state data related with it. For example, a 'lobby' state on the server-side might contain the known state of each player...how long since the last message or ping, what the player is doing (selecting an avatar, switching settings, going to the fridge, etc.). Organizing and managing state and substate data in code is important.
Managing these states, and the associated data requirements for each is a process that should be exquisitely planned out as they are directly related to volume of work and project complexity - this is very important and also great practice if you are using this project to step up into larger things.
Also, you must keep in mind that if you have a game, and you let people play, people will cheat. It's a fact of life. In order to minimize this, you must carefully design your protocol and state management to only ever allow valid state transitions. Never trust a single client packet.
For every permutation of client/server state, you must enforce a limited set of valid game messages, and you must be very careful in what you allow players to do, and when you allow them to do it.
Project complexity is generally exponential and not linear - client/server game programming is usually a good/painful way to learn this. Great question. Hope this helps, and good luck!