Collaborate Disseminate
I am now researching RF security on IoT devices such as doors, cars, etc. I have a HackRF device for performing RF-signal manipulations such as replay attacks. It is very easy to record the signals emitted from a door key using the HackRF… Continue reading What techniques are there for preventing radio-signal replay attacks?
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can’t track it, so we have to make a choice: do we risk and accept it, or do we drop it?
If we drop all these outside-window pa… Continue reading Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
At work, I’m used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to auto-testing business processing logic of… Continue reading Testing in case of TLS 1.3 with AES-GCM
I am used to using JWTs so when I needed the same behavior but with no plaintext user data I looked at JWE. JWE is very similar to JWT; however, I did not see the exp, nbf or iat fields which limit the time the message is valid for (preven… Continue reading How to prevent replay attacks with JWE?
I have a web app that communicates with a backend server, and the users of the web app are organisations that each have a single login for the entire organisation. The app is meant to be used for example on TV’s in the cafeteria to display… Continue reading Concatenating timestamp to data before encrypting it – is this a commonly used technique?
Reading: https://mulloverthing.com/how-does-ssl-protect-against-replay-attack/ it says:
The SSL/TLS channel itself is protected against replay attacks using
the MAC (Message Authentication Code), computed using the MAC secret
and the sequ… Continue reading How SSL Protects against Replay Attacks?
Question: It appears that somebody can intercept and read emails that I send from my server, although
I have set up 2-Factor authentification for sudo-access
I log all logins on my server (Did not notice anything suspicious)
Emails sent f… Continue reading How are validation links getting triggered by a third party?
I recently found this document: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-121r2.pdf , Guide to Bluetooth Security from NIST.
Unfortunately, there is nothing described w.r.t.actual protection of the communication oth… Continue reading Freshness Protection in BL and BLE
I haven’t seen any seen mechanism by which UEFI can detect the most recent update to a binary from being swapped out for an older binary that was signed with the same key as the up-to-date binary. Google’s vboot is the only PC firmware I k… Continue reading UEFI secure boot anti-rollback
I am working on an end-to-end encrypted messaging application as an educational activity with some of my extra time. I have chosen to use libsodium for the underlying crypto. I have run into a hang-up with how to properly implement replay … Continue reading Replay Safe Mutual Authentication (libsodium)