I'm working on a C++ project that deals with data transmission. My system is composed of two different devices, that have to exchange sensitive data in a trusted mode. To do this I downloaded and set up the last bluez library (v5.50) on my Raspberry Pi.
Is there any possibility to enable data encryption using the bluez API?
Googling around the possibility to use the BLE encryption mechanism I found discordant opinions. Someone suggests using it while others one discourage it in favor of application-level encryption exploiting, for instance, the Cripto++ library.
Which is the best solution?
Thanks
My recommendation is to always have the connection encrypted. Please see this answer which explains the benefits and importance of encrypted connections vs open connections.
In regards to encrypted connections, you can easily do this by pairing with a device. In BLE, pairing allows connection packets to be encrypted. Using BlueZ, you can easily do this from the command line using the bluetoothctl command as follows:-
bluetoothctl
[bluetoothctl] connect 00:11:22:33:44:55
[bluetoothctl] pair 00:11:22:33:44:55
Beforehand, please ensure that your BlueZ device can perform/accept connections and pairing as follows:-
btmgmt connectable on
btmgmt bondable on
btmgmt io-cap
btmgmt 3
The last command sets your IO capability to NoInputNoOutput, but you can change this to one of the following values:-
0 DisplayOnly
1 DisplayYesNo
2 KeyboardOnly
3 NoInputNoOutput
4 KeyboardDisplay
However, if you do that, you will need to pass the equivalent command line option when launching bluetoothctl as follows:-
bluetoothctl --agent KeyboardOnly
bluetoothctl --agent KeyboardDisplay
bluetoothctl --agent NoInputNoOutput
bluetoothctl --agent DisplayOnly
If you want to view the underlying API for this, please have a look at the BlueZ source code, and you can start with client/main.c for the connection and pairing commands.
Finally, as Solomon Slow indicated, if you are promising the protection of sensitive data then you should definitely go for multi-level encryption. In other words, the link should be encrypted, as well as the data before being sent in the software, and if your device supports hardware-level encryption, then do that as well.
For further reading on BLE Encryption, please visit the Bluetooth Specification Version 5.0, Vol 2, Part H, Section 1: Security Overview.
I hope this helps.
Related
How can I upload a file in FTP in segmented way ? Is there any open source tool/library so that I can use it?.
Is there any server side change needed to combine the uploads? Currently I am using vsftpd.
The first thing to consider is that segmented transfers are not considered to be good net citizen behaviour. (i.e. you are gaming the system by setting up multi downloads on a shared link, gaining more than your fair share of bandwidth) As such, the protocol definitions do not support specifically segmented upload. (Or download for that matter) Resume yes.
Segmented DOWNLOAD is a hack by some tools that use the RESUME function of the protocol to transfer different parts of the same file at the same time.. this behaviour has a "NON-STANDARD" and not the intention of the protocol specifications.
Segmented UPLOAD is possible but the client AND ftpd server (or whatever protocol server your using) would need to support this NO-STANDARD and frowned upon implementation.
Again, this is not supported specifically in any standards as such poor behaviour is not encouraged by an open standard.
HOWEVER, you will find tools like lftp that support segmented ftp downloads. But currently, I have not seen any implementation of segmented upload that uses common open protocols like ftp.
I did find a java (Custom open source) based udp tool that did this, but udp needs tcp fallback if you want reliability in the internet. (udp is dropped by some internet gateways)
In FTP protocol, you can implement a transfer by parts using REST command.
The REST command defines offset in a file, where transfer starts. You then transfer as many bytes as you want. And then you can restart the transfer again from a further offset.
vsftpd server supports REST command.
I am trying to implement secure communication between a server and client in c++. The limitation is that both the client and server must run on windows and have to be in c++. This is for a research project I am working on at my university.
So far I have found that SChannel is the best option, but the documentation is extremely confusing and I can not find any guides/tutorials on how to use it. I have already looked at this link https://learn.microsoft.com/en-us/windows/desktop/secauthn/creating-a-secure-connection-using-schannel but still do not understand how to get it working. Could someone guide me through this if this is the best way?
I also looked into use SSLStream using the CLR to have .net run inside of a c++ application. However I can not use this because the client application is threaded and threads can't be used with CLR.
I already have a dummy client and server set up with communication between the two, I am just trying to secure and encrypt that communication.
Any help is greatly appreciated!
Whichever SSL library you choose to use there are a few things you need to know as a beginner in this field:
The server and client implementations will end up looking quite different in places.
Your server is absolutely going to need a certificate with a private key. During development you clearly don't want to get one from Verisign or something so you need to create a self-signed certificate. You can do this with openssl or other tools.
The certificate consists of a private part and a public part. The public part needs to go to the client, and will be used to validate the connection. When you are using something like SChannel the certificates (private and public) will need to be installed in the certificate stores of the server and client respectively.
SChannel does not send or receive data for you. So the core of your implementation is going to be: when the network has data: read ciphertext from socket and write to SChannel. Read clear text from SChannel (if any) and pass to application. When the application has data to send, get clear text from Application and pass to SChannel. Get the resulting ciphertext buffers from SChannel and write to the socket.
buffers from the internet may be partial, and negotiations and re-negotiations means there's no 1:1 mapping of passing data into SChannel and getting data out.
You therefore can't get away with a naive implementation that calls SChannel once to pass data in, and once again to get un/encrypted data. There will potentially be nothing available, or a whole lot of packets to send between the client and the server, before you'll get any application bytes. i.e. You will need some kind of state machine to keeptrack of this.
Obviously, don't write both the client and server at the same time: Start with your client against an https server.
That's the general outline of the process - the things that confused me when I first encountered SSL and why none of the samples were nearly as simple as I had hoped them to be.
Quick background, I am an intern at a company assigned to a project that I have no experience with, and I need some help trying to figure out where to start.
The goal of the project is to transfer very large chunks of data from a database, to a PC and then to a Mac. I am trying to code the communication between the PC and the Mac (this has to be done in c++, I've heard Python is easier but I have to use c++). Some requirements are that the PC and Mac be directly connected via an ethernet cable, and neither computer will have access to internet. The data transfer needs to be automated, so whenever the PC detects that it has received a full dataset from the database, it transfers the data to the PC. I cannot use any third party software to do this.
So far, through the research I've done, I think I need to set up a TCP Server-Client network. I've been using the code here (http://cs.ecs.baylor.edu/~donahoo/practical/CSockets/practical/) as a guideline for socket coding. I am first trying to test this by sending files between two macs (I don't have access to a PC atm). Any guidelines as to where I go from here would be helpful. I have looked into setting up static IP addresses and such, but I get stuck from there.
I don't expect anyone to code this for me, I am just new to socket coding and this sort of project, so just looking for a nudge in the right direction. Thanks!
Before you start coding, keep in mind that to connect PC to Mac you may need a crossover cable.
Then do some reading on the wired ad-hoc networks. The last post in this discussion may help.
Finally, configure and mount shared volumes (using the stock software, no 3rd parties involved), and don't use the low-level socket interface.
So we have some server with some address port and ip. we are developing that server so we can implement on it what ever we need for help. What are standard/best practices for data transfer speed management between C++ windows client app and server (C++)?
My main point is in how to get how much data can be uploaded/downloaded from/to client via his low speed network to my relatively super fast server. (I need it for set up of his live stream Audio/Video bit rate)
My try on explaining number 3.
We do not care how fast is our server. It is always faster than needed. We care about client tyring to stream out to our server his media. he streams encoded (via ffmpeg) live video data to our server. But he has say ADSL with 500kb/s of outgoing traffic. Also he uses some ICQ or what so ever so he has less than 500 kb/s per second. And he wants to stream live video! So we need to set up our ffmpeg to encode video with respect to the bit rate user can provide. We develop server side and client side. We need a way of finding out how much user can upload per second currently (so value can change dynamically over time)
Check this CodeProject Article
it's dot-net but you can try figure out the technique from there.
I found what I wanted. "thrulay, network capacity tester" A C++ code library for Available bandwidth tracking in real time on clients. And there is "Spruce" and it is also oss. It is made using some of linux code but I use Boost library so it will be easy to rewrite.
Offtop: I want to report that there is some group of people on SO down voting on all questions on this topic - I do not know why they are so angry but they deffenetly exist.
I am trying to get events when the internet connection is reestablished after it is lost. It is for a data transfer software that I am developing. If I lose the network during data transfer, I would like to be notified when it is back and continue the transfer automatically.
I can of course create a separate thread and check the network once in a while with a timer, but maybe there is a better option out there.
I am developing for windows mainly, in C++ (not .net).
I can also use wxwidgets (I use it for GUI) but I doubt it offers any related functionality.
You might want to check out the System Event Notification Server (SENS) API http://msdn.microsoft.com/en-us/library/cc185680(VS.85).aspx
I have not actually used it, but it seems like it supplies the events your looking for.
EDIT:
WMI appears to have all the information you need about various network connectivity and state changes. It also has an asynchronous event model that can be used to get notifications. The trick is, i suppose, generating the proper WMI query to get the information you want. This blog looks like the right type of query, and this MSDN explains how to handle the events asynchronously.
I don't know which protocol you use and whether you can control the destination, but in that case, the destination can poll for a retry. The destination knows best what it has received, so it can give the received number of bytes as offset for the retransmission.
This MSDN link gives a very detailed example of how to capture events on WMI with COM. The example doesn't actually capture network events - but I believe that if you plug the right query in, it would work.
(lots of code here, so I'm not copying it into the answer)
http://msdn.microsoft.com/en-us/library/aa390425%28v=vs.85%29.aspx
this Codeproject link gives detail on
How to use the Windows NLM API to get notified of new network
connectivity
And maybe helpful to any challenge related to this one.
An application often needs to know if the machine has internet
connectivity and take actions depending on that. In this sample, we
are looking at the usage of the Windows NLM API in managed code so
that an application can choose to respond to internet connectivity
changes. There are many other specific NLM APIs for checking domain
connectivity, network adapter interfaces etc., that haven't been
mentioned in this article; you can refer to this link for further
details. The downloadable zip file has the source code.
more reading here
https://www.codeproject.com/Articles/34650/How-to-use-the-Windows-NLM-API-to-get-notified-of