Mixing
why do we asume that in the registration process communication is over the secure channel?
I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.
encryption transport-security
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
add a comment |
I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.
encryption transport-security
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
2
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
1
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44
add a comment |
I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.
encryption transport-security
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.
encryption transport-security
encryption transport-security
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
edited Jan 1 at 12:18
hafeez shah
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
asked Jan 1 at 11:32
hafeez shahhafeez shah
113
113
2
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
1
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44
add a comment |
2
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
1
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44
2
2
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
1
1
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44
add a comment |
1 Answer
1
active
oldest
votes
Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?
Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.
If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.
Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66209%2fwhy-do-we-asume-that-in-the-registration-process-communication-is-over-the-secur%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?
Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.
If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.
Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
add a comment |
Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?
Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.
If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.
Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
add a comment |
Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?
Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.
If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.
Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?
Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.
If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.
Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
answered Jan 1 at 13:24
SEJPM♦SEJPM
28.5k554132
28.5k554132
add a comment |
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66209%2fwhy-do-we-asume-that-in-the-registration-process-communication-is-over-the-secur%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM♦
Jan 1 at 11:39
1
@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
Jan 1 at 11:44