Skip to main content
Information Security

Questions tagged [protocols]

Ask Question

A description and set of rules for the ordered exchange of structured information designed with the goal of protecting the security of the system.

330 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
9 votes
3 answers
2k views

Overlap for One-Time Passwords

I've got multiple OTP managers on my telephone. All of them seem to work with a constant timeout on the one-time passwords that are generated. For instance, the Microsoft authenticator works using a 6-...
Maarten Bodewes's user avatar
Maarten Bodewes
  • 4,983
1 vote
0 answers
77 views

How can intermediary devices securely forward traffic using only session IDs in a symmetric encryption system, without risking MITM attacks? [closed]

I'm imagining a Utopian world where the internet nowadays doesn't have as much overhead as the OSI layer. In this world, network engineers never make mistakes, such as using IPv4, which has been ...
Muhammad Ikhwan Perwira's user avatar
Muhammad Ikhwan Perwira
  • 145
3 votes
2 answers
521 views

In practice, what are the identities in the Needham–Schroeder protocol?

In the Needham–Schroeder public-key protocol we have the identities A and B of Alice and Bob, respectively. The initial version of the protocol was vulnerable to a MitM attack where the fix consists ...
Daniel C's user avatar
Daniel C
  • 709
1 vote
0 answers
52 views

Security considerations in choosing DTLS connection IDs

Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example: 32bit connection IDs handed out sequentially: There is obviously statistical data ...
Perseids's user avatar
Perseids
  • 262
1 vote
0 answers
31 views

Can puzzle-based data exchange enhance decentralized network security? [closed]

I'm a student and during one of my classes I came up with an idea about sharing data online. I'll say right away that I'm not an expert, but rather an amateur who wants to share my thoughts and get ...
Lesha's user avatar
Lesha
  • 11
0 votes
3 answers
477 views

Need for authentication in an offline system

I need to design a scheme, where access to an offline System is granted based on some kind of information/proof of knowledge, provided by a separete system, Prover system. I'm in position where I can ...
pwes's user avatar
pwes
  • 111
1 vote
0 answers
340 views

Any vulnerability of OCSP for proof of concept

I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability. My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack....
Pedro's user avatar
Pedro
  • 11
0 votes
0 answers
246 views

How long does Signal keep the keys for out-of-order messages?

I was reading the Signal protocol on how it handles out-of-order messages. What if those messages never arrived, does Signal keep the keys forever or are the keys deleted as soon as a new session is ...
user2600798's user avatar
user2600798
  • 175
1 vote
2 answers
584 views

Can a VPN connection be detected (and get blocked) even after the key exchange happens

If the key exchange happens when using lets say Wireguard or any other protocols that use IKA, and the connection never drops, could the ISP still detect the VPN traffic using Deep Packet Inspection?
Emily1001's user avatar
Emily1001
  • 21
1 vote
1 answer
253 views

Why is this simple encryption protocol not enough for messaging?

Signal Messenger is basically state of the art chat when it comes to security and privacy: It uses only phone numbers for user identification, doesn't store user chat and the encryption protocol is ...
Angelica's user avatar
Angelica
  • 11
3 votes
2 answers
542 views

Does any real world protocol makes use of the associated data in AEAD?

I'm trying to find evidence of use of the associated data (authenticated cleartext associated with the encrypted and authenticated data) feature offered by AEAD (Authenticated Encryption with ...
Bruno Rohée's user avatar
Bruno Rohée
  • 5,552
2 votes
0 answers
152 views

How to evaluate a responsive but unknown network protocol?

I am studying CREST CPSA where the syllabus is listed here. There is a part of the syllabus which states I should know the Evaluation of responsive but unknown network applications. I find this ...
questioner's user avatar
questioner
  • 221
1 vote
1 answer
178 views

Why is the authentication server needed in the Kerberos protocol

Consider the diagram in https://en.wikipedia.org/wiki/Kerberos_(protocol)#/media/File:Kerberos_protocol.svg depicting the Kerberos protocol. I'm wondering how the authentication server (AS) is useful.....
user2224350's user avatar
user2224350
  • 111
0 votes
0 answers
119 views

Usage of HMACs to verify the licensing during production

We have a production that uses our software (put on a chip) and a requirement that we need to limit the amount of chips produced for each customer (so they need to buy a license) - so they can't ...
Archeg's user avatar
Archeg
  • 101
9 votes
9 answers
5k views

Can proprietary protocols be considered as secured?

I am new to the info-sec industry and was recently tasked with evaluating the communication protocols used by my various subsystems. So it was stated in the requirements that the systems have to ...
Lucas's user avatar
Lucas
  • 99

15 30 50 per page
1
2 3 4 5
22