How Should I Implement Security On UDP Socket [closed] - c++

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm working on a peer to peer networking application but I cannot solve how I'm going to provide security on UDP sockets.
I don't want to reinvent the wheel, but I don't which method I should choose to implement security.
My idea is to generate RSA keys between every peer and share these keys over an insecure socket at first and keep the connection secure with those keys. But I'm not sure about how to implement RSA and if this is the most secure way to go.
I'm using C++ for this project by the way
Thank you very much

You are looking for DTLS, the Datagram TLS.
It is like the TLS protocol that you know from HTTPS and various other secure point-to-point communication links, but it is implemented over UDP. You will find it already implemented in various libraries including GnuTLS and OpenSSL.
From the security point-of-view, one major difference between TLS and DTLS is that TLS defines an ill-formed message as an unrecoverable error, whereas DTLS specifically allows the connection to continue in this case. This makes the protocol more sensitive to even slight coding errors (think Lucky Thirteen), so you had better not try to implement it yourself.

Related

TCP/IP connection over global internet connection (C/C++) [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
Essentially I've been trying to relay messages between two computers using c/c++ using standard socket programming. Everything works fine on LAN. The issue is making the connection using something like external ip address. I searched online and saw methods that mention ensuring the router is configured for "port forwarding". However, I was wondering how do peer to peer communication apps like qTox overcome this barrier, since they do not require that technical step? To summarize, how can I connect two sockets between two computers that are NOT on the same network?
here is some methods we usually use to solve the problem.
If you can use a server in WLAN as relay or central controller, it's quite simple. The computers connect to the server, the server change messages for them and can do many more operations.
If you don't want to use a server, then here is a problem: NAT devices may drop those packets which haven't established a connection according to their type. Here are four types: full cone NAT, restricted NAT, port restricted NAT and symmetric NAT. And here are some methods for this circumstance
2.1 Use NAT traversal algorithm, but they may not work well in symmetric NAT.
2.2 Use STUN/TURN/ICE to realise NAT traverse, it's quite reliable but need to learn how to use them.

Connection Management in UDP with C++ [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have a client/Server systems implemented by Boost asio in C++ that a client sends a request to server. Then the server registers this client to the list of alive clients and keeps sending data to it over UDP protocol. But, the server should keep track of alive clients and stop sending data to a disconnected or dead client.
I wonder how I can implement the UDP session/socket management here since UDP is a connectionless protocol and cannot provide us any information about alive clients. Should I use another library for UDP session management in C++? Or I should use another protocol in the application layer for UDP session management.
I know there is a library in Java called Verax IPMI https://en.wikipedia.org/wiki/Verax_IPMI which provides this ability. But, how about in C++?
Thanks for reading my question.
Just keep a list of endpoints that you've seen recently (meaning they sent you a datagram). Usually, you allow for a grace time (e.g. 30s) before removing a client from the list.
That way, if some datagrams were dropped you don't immediately forget the "connection".

Connection without TCP/IP over Internet [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Today I am thinking about connect two computer without tcp/ip. Actually i am searching: connection without ip; if i manage to connect without ip, these network is untraceable.
My full question is :
It is possible to connect two computer without tcp/ip over internet.
May these scenario impossible for the ISP. I don't know.
If possible, It can be competitor of Internet.
From the first line of Wikipedia on Internet:
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide.
The internet is built upon the IP framework. You can't "not use" IP through the internet. That's like to say I want to use the post system without addresses. Without the IP framework, there is no way to identify devices from each other or have any standard format to route packets anywhere at all. This is not to say that it is the only way to establish networked communications, it's just the most popular and most used way.
Regarding the first part of your question: It is possible to connect two computer without tcp/ip? There are plenty of ways this is done e.g. Bluetooth, RS-232, proprietary RF communications and so forth.
Also, towards competitor of Internet is that really such a good idea? For once we have one system that is universally compatible with all devices around the globe (almost!). I don't think the rest of the world would be keen on a brand new system unless it is much much much better (in which it'll probably be implemented into the Internet Protocol Suite anyway).

How to handle a single connection from multiple clients on a single ip using TCP [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to develop a server for an application of mine in C++. I'm not really familiar with networking concepts. This server is going be a simple one and I'll use one of the networking libraries out there. I just couldn't figure out the necessary keywords to research the following issue:
Let's say that there are 100 users on 100 different computers, all sharing the same internet connection, behind the same router. They all decide to open my client to connect to my server. How do you deal with this issue if you want to keep the connections open and on the same port.
For the purposes of your server, it doesn't make any difference whether those 100 connections are all coming from the same computer, from the same router, or from totally separate networks.
While the server side of the connection will use the same port for all of these, each connection will have a different combination of client side IP address and port. In the case you describe, where all 100 are behind the same router using the same IP address, the router will take care of making sure they all have different client side port numbers. You can read about network address translation (NAT) if you want to learn the details about one common way that is done.
This kind of server programming is not easy and requires network skills. You can have a look at this tutorial. It's C and unix, but it shows the function you'll need to use:
socket interface for network access
listening/accepting new connextion
forking new processes to handle the different clients (although in C++ you'd probebly look for multithreading which is more efficient for this kind of task).

TLS client and server on Windows [openssl vs. sspi vs. cryptlib] [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Let me say that I am doing this first time and I know very little in this domain (learning more).
My requirement is to implement a secure channel of communication between server and client.
I will be proved x509 certificate on both side (server/client). Communication will via sockets.
One option is to use openssl. But priority is to develop it on the Windows API.
I see two options cryptolib & sspi.
Please suggest what is best and proven option on Windows.
OpenSSL works just fine on Windows, and there are precompiled DLLs available if you do not want to compile it yourself.
But, if for whatever reason, you cannot use OpenSSL, then have a look at SChannel:
Secure Channel
Creating a Secure Connection Using Schannel
It uses SSL/TLS and CryptoAPI internally. It also allows you to do your own socket I/O, so you can add it to existing socket code.
Alternatively, have a look at WinSock's built-in security:
Winsock Secure Socket Extensions