All Questions
Tagged with protocols cryptography
46 questions
3
votes
2
answers
521
views
In practice, what are the identities in the Needham–Schroeder protocol?
In the Needham–Schroeder public-key protocol we have the identities A and B of Alice and Bob, respectively. The initial version of the protocol was vulnerable to a MitM attack where the fix consists ...
- 709
1
vote
0
answers
52
views
Security considerations in choosing DTLS connection IDs
Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:
32bit connection IDs handed out sequentially: There is obviously statistical data ...
- 262
3
votes
2
answers
542
views
Does any real world protocol makes use of the associated data in AEAD?
I'm trying to find evidence of use of the associated data (authenticated cleartext associated with the encrypted and authenticated data) feature offered by AEAD (Authenticated Encryption with ...
- 5,552
1
vote
0
answers
122
views
Detect use a private key by more than one or by someone other than the owner [closed]
I'm designing a protocol over the SSL but I faced a challenge. In the network each user takes a private key from authority. I want to just the owner can use his/her the private key. there are two ...
- 13
-1
votes
2
answers
214
views
technical difference between TLS and a certificate [duplicate]
I don't quite understand what the difference is between TLS and a certificate. TLS secures the transmission by encrypting the data. So normally no man in the middle attack is possible and nobody else ...
3
votes
1
answer
2k
views
Is there any open source SDK for implementing a KMIP server?
Is there any reputable open source SDK for implementing an OASIS Key Management Interoperability Protocol (KMIP) server?
- 439
-6
votes
1
answer
570
views
LTE Security: What kind of cryptograpy could be used to fix layer 2? [closed]
New attacks on LTE:
https://thehackernews.com/2018/06/4g-lte-network-hacking.html
https://www.alter-attack.net/media/breaking_lte_on_layer_two.pdf
Layer two (data link) does not guarantee the ...
- 107
0
votes
1
answer
122
views
Trustable Sources For Security Algorithms and Standards?
I am learner of cryptographic algorithms and security standards. I usually Google it to understand the basics of the algorithm or the protocol, and to find an implementation of a protocol. However I ...
- 507
11
votes
1
answer
2k
views
Why does TLS 1.3 deprecate custom DHE groups?
According to the second draft of the TLS 1.3 specification, custom DH groups have been deprecated. As we all know, hardcoded DH groups are vulnerable to a precomputation attack that allows retroactive ...
- 67.5k
2
votes
1
answer
178
views
Are there techniques or methods to develop security protocols without side channel attacks?
In general timing attacks are a manifestation of the implementation. So if I am processing data on the server or the client then I can leak information depending on how the code is written.
To ...
- 95
4
votes
1
answer
653
views
Secret Santa implementation that does not require a participant to trust the server
In the Christmas spirit I read Cryptographic Secret Santa from MathOverflow, and then followed the link to another page titled Cryptographic Secret Santa.
On this latter page the author explains an ...
- 1,682
2
votes
0
answers
328
views
How do adversary models and security types relate [closed]
Reading some questions in this forum I encountered this answer mentioning IND-CPA as a requirement for ciphers. It got me thinking about this paper I recently read, where a formal model of the Honest-...
- 39
5
votes
1
answer
2k
views
Minimum set of TLS features for an embedded device
I am reviewing the security of an embedded system, specifically how it uses the TLS or DTLS protocol to communicate securely. The system implements as few features of the protocol as it can get away ...
27
votes
6
answers
10k
views
Why did TLS 1.3 drop AES-CBC?
I was watching this video about TLS 1.3: "Deploying TLS 1.3: the great, the good and the bad (33c3)" and was somewhat surprised to see that in their effort to provide
"fewer, better choices"
they ...
- 373
1
vote
4
answers
2k
views
SSL Protocol Support
If I connect to a server using a specific SSL protocol version, but no cipher-suites are offered under that protocol, would that protocol still be considered supported?
For example, connecting to a ...
- 175