Re: authenticating peers
Re: authenticating peers
- Subject: Re: authenticating peers
- From: Michael Ash <email@hidden>
- Date: Sat, 29 May 2010 07:15:38 -0400
On Fri, May 28, 2010 at 10:34 PM, Jens Alfke <email@hidden> wrote:
>
> On May 28, 2010, at 6:59 PM, Michael Ash wrote:
>
>> An attacker can execute a man-in-the-middle attack...
>> An attacker can simply impersonate your app...
>> Neither of these can be defended against, even theoretically, when communicating peer-to-peer.
>
> Not true; if you use SSL or some equivalent, both peers can use certificates to identify themselves. This works if either (a) the certs are signed by a reputable authority (as in the traditional use of SSL by web servers), or if (b) each peer has previously verified the other’s identity and remembered the cert (as is done by SSH.)
>
> GameKit doesn’t do anything like this, though, although I can’t say for sure because Apple’s never published any information about the protocol used (to my knowledge).
Man-in-the-middle: if I execute the attack the first time you talk to
a given peer, you have no way of detecting me.
Impersonation: I use a legitimate copy to talk to you once. Now we
have two peers which have identified themselves. Afterwards, I take my
copy of the app and modify it to emit malicious code. When we connect
again, I use the credentials we already exchanged to identify my side
again, then hit you with malicious data.
How does your scheme protect against that? It doesn't, and can't. It
is impossible for you to tell the difference between "I am talking to
a legitimate copy of this application" and "I am talking to something
that appears to be a legitimate copy of this application, but will
actually send me evil data."
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden