tags:

views:

91

answers:

6
Q: 

Is it possible/valid to have a TCP connection with secure login only, but non-secure messages?

Say I am writing a chat server and client that allows users to login with their user-name and password. Now I could just send and receive the information as plain-text but there is the risk that the information may be intercepted. So the socket should be secured to protect the user. I am not interested in certificates or verifying identity, I just want to make sure that the information supplied is not at risk of being exposed. Neither am I interested in protecting subsequent messages that are sent/received. What is a good approach to take?

  1. Can I replace a regular socket with a secure socket transparently?
  2. Is there overhead associated with a secure socket that I might want to avoid for non-secret information messages?

I would prefer java pointers/examples, but interested in other languages also.

+1  A: 

You can use a hashed exchange, with each party sending a per-connection nonce (a one-time random value).

Software Monkey  2009-10-18 06:37:31
+1  A: 

With C# it's easy to do. You would pass a normal unencrypted NetworkStream (which is the encapsulation of the TCP socket connection) as the parameter to an SslStream object. Once you've finished with the initial SSL transmissions you can simply close the SslStream and use the underlying NetworkStream for subsequent plaintext transmissions.

sipwiz  2009-10-18 06:50:00
+1  A: 

"login auth" is not enough, please think a case that the client is wrapped in a shell so it is able to login successfully and is able to inspect or send any malicious message because of clear message format and protocol.

EffoStaff Effo  2009-10-18 07:12:56
The same is true for most SSL implementations ( as long as the shell has access to the key store and host resolution ). SSL gives you protection against man-in-the-middle between client and server, but assumes the client's environment is secure.
Pete Kirkham  2009-10-18 09:01:09
+1  A: 

You seems need the RSA public key authentication which means that the username and password is encryped with server's public key.

With a quick a google search, here is a http auth scheme may be referenced:

http://www.httpsec.org/

arsane  2009-10-18 07:28:38
+1  A: 

Most systems which allow login this use a secure login without SSL by passing the hash of the password and some unique information from the server to prevent replay. Several best practices are encapsulated in SASL.

I am not interested in certificates or verifying identity, I just want to make sure that the information supplied is not at risk of being exposed

In that case you could encrypt just that information, though if you're not using it for identifying the user, and it can't be used in any further messages ( as they are sent in plain text ), why is it being sent at all?

Much of the cost of SSL is in the handshake creating the stream, so creating a temporary stream doesn't seem to be a good way of going about it, though the only way you'll know for your application is measuring it.

Pete Kirkham  2009-10-18 08:56:32
+2  A: 

This isn't a valid use case. Why authenticate, only to allow an attacker to step in and forge the information that is subsequently sent and received?

SSL isn't just for confidentiality. It also provides integrity: every packet that is exchanged is protected by a message authentication code so that a man-in-the-middle cannot alter the contents.

If the content lacks integrity protection, the connection is effectively anonymous. In that case, why bother pretending to authenticate?

erickson  2009-10-18 14:02:47
I'm looking for a trade-off: there are messages that I don't want hacked - and there are messages I don't really care about. Perhaps my example should be a little more complicated like: "chat messages should be secured, but there is also a 'key pressed time-stamp' message which is sent frequently and is not critical so I want the least possible overhead for that".
Timothy Pratley  2009-10-19 00:58:45
Most of the overhead in SSL is in the initial handshake. The symmetric algorithms used after the handshake don't add a lot of overhead (you'd have to profile your specific application to see how big of an impact it has). However, if you do have a mix of secure and insecure traffic, it's probably best to have two separate channels... an SSL connection, and an insecure connection, maybe even using UDP for things like key-presses. Even though SSL avoid expensive handshakes when resuming an SSL handshake, the overhead of turning SSL on and off on one connection would be counterproductive.
erickson  2009-10-19 02:58:03

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS