protocols – WindowsTechs.com

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

Posted on April 5, 2024 by Bruce Schneier

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol:

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.

The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity…

Continue reading Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed→

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Posted on December 6, 2023 by Bruce Schneier

Interesting analysis:

This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example, it gives some opportunities to minorities while ensuring that more popular candidates are more likely to win, and offers some resistance to corruption of voters…

Continue reading Security Analysis of a Thirteenth-Century Venetian Election Protocol→

Fingerprinting Remote BACnet devices

Posted on July 21, 2023 by ArkoD

I am trying to understand how does engines like Shodan is able to fingerprint remote Bacnet devices with the responses as shown in the screenshot below.

I tried using a sample python code using BAC0 library.
import BAC0
bacnet = BAC0.lite… Continue reading Fingerprinting Remote BACnet devices→

Kerberos protocol attacks?

Posted on March 17, 2023 by meta_warrior

I have a question in my mind regarding the inner workings of Kerberos protocol. If the generation of the session key is somehow insecure, does this compromise the security of the Kerberos protocol?
I am thinking at the point of the Ticket … Continue reading Kerberos protocol attacks?→

How can Trudy attack the protocol where both Alice and Bob complete authentication and Trudy gets the session key?

Posted on February 23, 2023 by HeatherWeatherNever88

I’m studying up protocols, authentication and attacks for a class I’m taking, but I’ve encountered a question that I just cannot figure out.
If Alice and Bob have the below protocol and the session key, which is achieved in 3 messages and … Continue reading How can Trudy attack the protocol where both Alice and Bob complete authentication and Trudy gets the session key?→

Need for authentication in an offline system

Posted on January 17, 2023 by pwes

I need to design a scheme, where access to an offline System is granted based on some kind of information/proof of knowledge, provided by a separete system, Prover system.
I’m in position where I can put any information on both Systems.
Th… Continue reading Need for authentication in an offline system→

Any vulnerability of OCSP for proof of concept

Posted on November 28, 2022 by Pedro

I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability.
My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack. However I’m having trouble doing the … Continue reading Any vulnerability of OCSP for proof of concept→

How long does Signal keep the keys for out-of-order messages?

Posted on October 23, 2022 by user2600798

I was reading the Signal protocol on how it handles out-of-order messages. What if those messages never arrived, does Signal keep the keys forever or are the keys deleted as soon as a new session is started?
https://signal.org/docs/specif… Continue reading How long does Signal keep the keys for out-of-order messages?→

Can a VPN connection be detected (and get blocked) even after the key exchange happens

Posted on October 16, 2022 by Emily1001

If the key exchange happens when using lets say Wireguard or any other protocols that use IKA, and the connection never drops, could the ISP still detect the VPN traffic using Deep Packet Inspection?

Continue reading Can a VPN connection be detected (and get blocked) even after the key exchange happens→

How does QUIC provide delivery guarantee [migrated]

Posted on September 20, 2022 by Ghost Rider

I’m struggling to grasp how QUIC implements handshakes in contrast with 3 handshakes in TCP. I came across with this picture on wikipedia. As QUIC uses UDP, I don’t understand how the protocol ensures that a packet was delivered and a clie… Continue reading How does QUIC provide delivery guarantee [migrated]→