I have developed security sensitive App. I had to use TEA based algorithm to encrypt/decrypt data to communicate with server and follow Server protocols. I have used AsyncSocket for trasport level communication which uses CFNetwork APIs. I have noticed that TEA algorithm is not very secure and can be hacked easily. Moreover, AsyncSocket library isn't using Apple's Security Framework anywhere. I am planning to rewrite transport layer and redefining client-server security protocols. I have been researching on what kind of security algorithm should I use for data protection which has no or minimum performance impact and difficult to break. Moreover, I am going through Security frameworks but couldn't find any example that uses this framework to implement transport layer. Could someone please assist me on this? What are the things I should follow to code secure transport layer? what are the security measures that I could check against my App?
Writing secure transport level using security framework
1k Views Asked by Paresh Masani At
1
There are 1 best solutions below
Related Questions in IOS
- Overlapping UICollectionView in storyboard
- Cannot pod spec lint because of undeclared type errors
- Is the transactionReceipt data present in dataWithContentsOfURL?
- UIWebView Screen Fitting Issue
- ZXingObjC encoding issues
- iOS: None of the valid provisioning profiles allowed the specific entitlements
- How to hide "Now playing url" in control center
- CloudKit: Preventing Duplicate Records
- Slow performance on ipad erasing image
- Swift code with multiple NSDateFormatter - optimization
- iOS 8.3 Safari crashes on input type=file
- TTTTimeIntervalFormatter always returns strings in English
- How do I add multiple in app purchases in Swift Spritekit?
- Setup code for xibs in iOS. -awakFromNb:
- iOS Voice Over only reads out the title of any alert views
Related Questions in CRYPTOGRAPHY
- Do I have to randomize key in OpenSSL
- An exception of type 'System.Security.Cryptography.CryptographicException': keyset does not exist
- crypto.BadPaddingException: data hash wrong (EKYC-Response)
- Decrypted string returns "Length of the data to decrypt is invalid"
- Generate signature using private key with OpenSSL API
- Recovering an ECPublicKey from Java to JavaCard
- Proxy tool for CoAP integrated with DTLS
- Using CmsEnvelopedData with CmsSignedData to verify signed data
- Unchecked returned value causing unexpected states and conditions
- SQL-Server Verify SHA2_512 hash procedure
- SagePay Protocol 3.00 Encryption Error with ASP.NET
- Encrypting with PHP; decrypting with CryptoJS
- How can I write a function to recreate the original text obscured here by css magic?
- What encoding does [BouncyCastle] PKCS10CertificationRequest.getEncoded() return?
- Is integer comparison in Python constant time?
Related Questions in TRANSPORT-SECURITY
- WCF cross-domain duplex: your Thawtes
- TLS 1.2 on Windows Server 2003 and XP
- WCF - Soap Webservice with Basic Auth, no ssl, self-hosted
- Secure Elastic connection using transport client
- Does Message Security still work when I set Security Mode to Transport in WCF
- Configure Transport Level Security over tcp in a cross domain environment
- Binding validation failed because the wshttpbinding does not support reliable sessions over transport security over HTTPS
- One way SSL is one way encryption?
- What are the differences between Transport Security and Message Authentication over SSL?
- Diffie-Hellman min key size for different browsers
- Implementing SSL in WCF
- WCF security cross domain
- The HTTP request is unauthorized with client authentication scheme 'Basic'.The authentication header received from the server was 'Basic realm="
- SecurityNegotiationException: A Call to SSPI Failed
- Custom UserName/Password authentication in IIS6
Related Questions in SECURITY-FRAMEWORK
- Sign on OS X, Verify on iOS and OSStatus -9809
- iOS NSURLConnection with SSL: Accepting an expired self-signed certificate
- SecKeyRawVerify and OSError -9809
- How to do asymmetric encryption/decryption with OSX 10.7+ without openssl?
- SecKeychain: sign data with RSA PKCS1 PSS PADDING algorithm
- Item not invalidating after fingerprint change with biometryCurrentSet iOS
- How do I parse an x509 certificate and extract its key's signature algorithm?
- iOS keychain: SecItemUpdate returns -50 (paramErr) when updating kSecAttrAccessible
- SecPKCS12Import function doesn't work properly if run agent/daemon under root
- Convert NSData to SecKeyRef
- OSX 10.9 Mavericks Keychain API Broken?
- How do I extract and decode an ASN.1 message on tvOS?
- Get RSA key pair as String after generating in iOS (Swift)?
- Update Keychain kSecAttrAccessible with SecItemUpdate returns -50
- SecAddItem Only Retuns errSecParam, No Matter I Do
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
As @CodesInChaos notes, you should use TLS for this. You absolutely should not design or implement a new transport protocol.
The fact that CFNetwork supports TLS does not mean that you are using it. You need to actively use it. Your server needs a certificate that your client trusts, and it needs to negotiate a TLS session. In general, if you just use HTTPS and the standard
NSURLConnectionroutines , then you're going to get most of what you need for free. But if you start building it by hand inCFNetwork, you need to make sure that you're configuring it correctly. My recommendation is to use HTTPS whenever possible. It's simple and makes a wide variety of problems go away.That said, just because the transport is secured does not mean that your app is "secured enough." In particular, your server still needs to be able to deal with malicious clients talking over a secured transport. You need to properly authenticate the user and you need to handle malicious data gracefully. When the data reaches your server, you need to store is securely. You may need to encrypt data on the client. There are many aspects to securing a system beyond the transport.