photon server encryption on tcp or udp sockets

Options
cindyb2087
cindyb2087
edited October 2013 in DotNet
we are planning to use tcp or udp sockets with photon server. which certificate does photon use to do encryption when a client invokes peer.EstablishEncryption()? Is there a way to configure the certificate used for encryption on photon server?

Comments

  • Philip
    Philip
    Options
    We don't use certificates. We use a http://en.wikipedia.org/wiki/Diffie%E2% ... y_exchange.
  • cindyb2087
    cindyb2087
    Options
    Thanks for the response.

    "the Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack. "

    If you do not use certificates, how does the client authenticate the server?
    We are planning to send client secrets like pwd/auth tokens etc after establishing encryption to enable the server to validate the client. However, if the client cannot validate the server, the client could be sending its secrets to any "man-in-the-middle".
  • Philip
    Philip
    Options
    'a man in the middle' is a quite complex undertaking. assumimg you are using our udp/enet protocol - they would have to implement the complete protocol. Im not saying its not possib
    le but hard to do.
    Customers concerned with passwords beeing hacked - we recommend using a https certificate secured connection and use tokens that are timebombed.

    If you have a high seciurity scenario that requires more security please send an email to:developers@exitgames.com.
  • cindyb2087
    cindyb2087
    Options
    Thanks for the response.

    If I understand correctly, for client to validate server, you are recommending the usage of websocket listeners explained at http://doc.exitgames.com/photon-server/ ... sSSLSetup/
    Right?

    I am assuming using websockets would be slower than using udp. If so, do you any rough numbers on how slower it would be?

    Thanks for your patience :)
  • Philip
    Philip
    Options
    > you are recommending the usage of websocket listeners
    not really - we don't have a websocket client sdk other than the javascript sdk.
    I was talking about https per http://msdn.microsoft.com/en-us/library ... tener.aspx.

    > any rough numbers on how slower it would be
    it depends a lot on usage - websockets are roughly the same as tcp.
    Both not recommendable for fps - or in general for a lot of unreliable messaging.

    Note: that diffie-hellman is only used for initial interchange of the key used for the encryption, which is http://msdn.microsoft.com/en-us/library ... ndael.aspx. Using the https a secured channel you could setup the upd encryption. Currently only the server allows to set the encryption-key, the client doesn't - but it would be a minor change. Let us know if that would be a feasible way to solve youre security concerns.
  • cindyb2087
    cindyb2087
    Options
    > Currently only the server allows to set the encryption-key, the client doesn't - but it would be a minor change. Let us know if that would be a feasible way to solve youre security concerns.

    Sorry for the delayed reply. honestly, I do not understand the full details of the solution you are suggesting. My requirement is the following:
    a client must be able to validate server securely and be sure that its not connecting to some rogue server doing a man in the middle attack. If the approach you said solves it, we are good :)
  • jacob374
    jacob374
    Options
    Customers concerned with passwords beeing hacked - we recommend using a https certificate secured connection and use tokens that are timebombed.

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).