Questions tagged [protocols]
A description and set of rules for the ordered exchange of structured information designed with the goal of protecting the security of the system.
328
questions
1
vote
0
answers
40
views
benefits of a common session key over a common password [migrated]
Password-authenticated key exchange (PAKE) is a method in which two or more parties, based on their knowledge of a shared password,
establish a cryptographic key using an exchange of messages, such ...
- 25
1
vote
0
answers
32
views
Security considerations in choosing DTLS connection IDs
Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:
32bit connection IDs handed out sequentially: There is obviously statistical data ...
- 262
1
vote
0
answers
26
views
Can puzzle-based data exchange enhance decentralized network security? [closed]
I'm a student and during one of my classes I came up with an idea about sharing data online. I'll say right away that I'm not an expert, but rather an amateur who wants to share my thoughts and get ...
- 11
0
votes
3
answers
355
views
Need for authentication in an offline system
I need to design a scheme, where access to an offline System is granted based on some kind of information/proof of knowledge, provided by a separete system, Prover system.
I'm in position where I can ...
- 111
1
vote
0
answers
257
views
Any vulnerability of OCSP for proof of concept
I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability.
My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack....
- 11
0
votes
0
answers
206
views
How long does Signal keep the keys for out-of-order messages?
I was reading the Signal protocol on how it handles out-of-order messages. What if those messages never arrived, does Signal keep the keys forever or are the keys deleted as soon as a new session is ...
- 175
1
vote
2
answers
491
views
Can a VPN connection be detected (and get blocked) even after the key exchange happens
If the key exchange happens when using lets say Wireguard or any other protocols that use IKA, and the connection never drops, could the ISP still detect the VPN traffic using Deep Packet Inspection?
- 21
1
vote
1
answer
224
views
Why is this simple encryption protocol not enough for messaging?
Signal Messenger is basically state of the art chat when it comes to security and privacy: It uses only phone numbers for user identification, doesn't store user chat and the encryption protocol is ...
- 11
3
votes
2
answers
433
views
Does any real world protocol makes use of the associated data in AEAD?
I'm trying to find evidence of use of the associated data (authenticated cleartext associated with the encrypted and authenticated data) feature offered by AEAD (Authenticated Encryption with ...
- 5,507
2
votes
0
answers
140
views
How to evaluate a responsive but unknown network protocol?
I am studying CREST CPSA where the syllabus is listed here.
There is a part of the syllabus which states I should know the Evaluation of responsive but unknown network applications.
I find this ...
- 211
1
vote
1
answer
166
views
Why is the authentication server needed in the Kerberos protocol
Consider the diagram in https://en.wikipedia.org/wiki/Kerberos_(protocol)#/media/File:Kerberos_protocol.svg depicting the Kerberos protocol.
I'm wondering how the authentication server (AS) is useful.....
- 111
0
votes
0
answers
105
views
Usage of HMACs to verify the licensing during production
We have a production that uses our software (put on a chip) and a requirement that we need to limit the amount of chips produced for each customer (so they need to buy a license) - so they can't ...
- 101
9
votes
9
answers
4k
views
Can proprietary protocols be considered as secured?
I am new to the info-sec industry and was recently tasked with evaluating the communication protocols used by my various subsystems.
So it was stated in the requirements that the systems have to ...
- 99
1
vote
3
answers
937
views
Standard for encrypt files before transfer them over internet
I know there are some standards for transferring data securely such as HTTPS for web applications, or SPC & SFTP for secure file transfers.
Encrypting files using PGP is a way to encrypt files ...
- 185
1
vote
1
answer
2k
views
Could someone the real IP address when using tunnel protocols like ngrok, localtunnel or serveo?
Could someone get the real IP address that is hidden behind the URL generated by tools like ngrok, localtunnel or serveo?
- 13