I have developed security sensitive App. I had to use TEA based algorithm to encrypt/decrypt data to communicate with server and follow Server protocols. I have used AsyncSocket for trasport level communication which uses CFNetwork APIs. I have noticed that TEA algorithm is not very secure and can be hacked easily. Moreover, AsyncSocket library isn't using Apple's Security Framework anywhere. I am planning to rewrite transport layer and redefining client-server security protocols. I have been researching on what kind of security algorithm should I use for data protection which has no or minimum performance impact and difficult to break. Moreover, I am going through Security frameworks but couldn't find any example that uses this framework to implement transport layer. Could someone please assist me on this? What are the things I should follow to code secure transport layer? what are the security measures that I could check against my App?
Writing secure transport level using security framework
1k Views Asked by Paresh Masani At
1
There are 1 best solutions below
Related Questions in IOS
- URLSession requesting JSON array from server not working
- Incorrect display of LinearGradientBrush in IOS
- Module not found when building flutter app for IOS
- How to share metadata of an audio url file to a WhatsApp conversation with friends
- Occasional crash at NSURLSessionDataTask dataTaskWithRequest:completionHandler:
- Expo Deep linking on iOS is not working (because of Google sign-in?)
- On iOS, the keyboard does not offer a 6-character SMS code
- Hi, there is an error happened when I build my flutter app, after I'm installing firebase packages occurs that error
- The copy/paste functionalities don't work only on iOS in the Flutter app
- Hide LiveActivityIntent Button from Shortcuts App
- While Running Github Actions Pipeline: No Signing Certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID
- Actionable notification api call not working in background
- Accessibility : Full keyboard access with scroll view in swiftui
- There is a problem with the request entity - You are not allowed to create 'iOS' profile with App ID 'XXXX'
- I am getting "binding has not yet been initialized" error when trying to connect firebase with flutter
Related Questions in CRYPTOGRAPHY
- Secure Messaging Implementation in C#
- How to verify JWS (x5c chain) is signed by apple using Jose
- How to Safely Use Crypto.subtle Property for Local Testing Without Security Risks?
- OpenSSL3.0 RSA Signature Verification in C
- npm install tulind in my crypto server side
- how i need place arg in code for funtion send?
- Mbed TLS: in-place en-/decryption for OAEP doesn't seem to work
- Cannot test cryptographic performance using crypto_aesni_mb
- Installation Private Blockchain
- Encountered this error while implementing NTT cpp code: terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc
- Cryptography Notion - Diffie-Hellmann
- Hash password with another password
- How to convert CryptAcquireContext to .NET 8 using System.Security.Cryptography methods
- Error "Cannot find module 'crypto'" in WalletConnect module
- Why do some cryptographic signature npm packages (like superdilithium) convert text to an array of integers before signing?
Related Questions in TRANSPORT-SECURITY
- Binding validation failed because the wshttpbinding does not support reliable sessions over transport security over HTTPS
- TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy
- Transport Layer Security Elasticsearch configuration
- Does Message Security still work when I set Security Mode to Transport in WCF
- Secure Elastic connection using transport client
- nginx with TLS Client Authentication... Error response is not mutual authenticated?
- Transport Level Security for Spring MVC Website
- Is TLSv1.3 supported in OpenJDK 11 under Ubuntu?
- The HTTP request is unauthorized with client authentication scheme 'Basic'.The authentication header received from the server was 'Basic realm="
- Configure Transport Level Security over tcp in a cross domain environment
- How do I make use of SSLSetALPNProtocols?
- Get an error of "The server has rejected the client credentials" in WCF Service call
- C# WCF Service Result
- The HTTP request was forbidden with client authentication scheme 'Anonymous' on wsDualHttpBinding
- No solution for Transport Security?
Related Questions in SECURITY-FRAMEWORK
- Using `SecTrustSettingsSetTrustSettings` binding in Rust cause `errSecInternalComponent`
- SecKeychain: sign data with RSA PKCS1 PSS PADDING algorithm
- SecItemCopyMatching returns errSecItemNotFound (-25300) only on iPhone 13 Pro Max
- Assuming you mean 'Optional<LABiometryType>.none'; did you mean 'LABiometryType.none' instead?
- How can I get the a certificate's validity period using Apple's Security framework?
- Mobile Security Framework (MobSF) Installation issue
- How do I parse an x509 certificate and extract its key's signature algorithm?
- iOS [Keychain Sharing]: items are no longer accessible after transitioning from Lockbox to KeychainSwift
- Always getting kSecTrustResultRecoverableTrustFailure, even after changing trust settings in Keychain Access
- Update Keychain kSecAttrAccessible with SecItemUpdate returns -50
- Keychain Query Always Returns errSecItemNotFound After Upgrading to iOS 13
- How to convert encoded DER certitificate to NSString format?
- How to implement AutoFill Credential Provider Extensions - iOS 11, swift4
- How to serialize a SecTrustRef object?
- Generate a symmetric key on iOS using Security.framework
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
As @CodesInChaos notes, you should use TLS for this. You absolutely should not design or implement a new transport protocol.
The fact that CFNetwork supports TLS does not mean that you are using it. You need to actively use it. Your server needs a certificate that your client trusts, and it needs to negotiate a TLS session. In general, if you just use HTTPS and the standard
NSURLConnectionroutines , then you're going to get most of what you need for free. But if you start building it by hand inCFNetwork, you need to make sure that you're configuring it correctly. My recommendation is to use HTTPS whenever possible. It's simple and makes a wide variety of problems go away.That said, just because the transport is secured does not mean that your app is "secured enough." In particular, your server still needs to be able to deal with malicious clients talking over a secured transport. You need to properly authenticate the user and you need to handle malicious data gracefully. When the data reaches your server, you need to store is securely. You may need to encrypt data on the client. There are many aspects to securing a system beyond the transport.