Multipeer connectivity and certificates

Question

isenwald OP

Created Aug ’15

Replies 1

Boosts 0

Views 2k

Participants 2

Hi all,

I was hoping you could help me out with a design issue I've been having for my application.

Scenario:

I have a decentrizlied p2p network, no central node and no central server (so I can't rely on a 3rd party) I wish to make it as secure as possible. My biggest problem (not suprising given the setup) is having some degree of confidence as to a device's identity.

- (instancetype _Nonnull)initWithPeer:(MCPeerID * _Nonnull)myPeerID
                     securityIdentity:(NSArray * _Nullable)identity
                 encryptionPreference:(MCEncryptionPreference)encryptionPreference

According to the documentaiton: https://developer.apple.com/library/prerelease/ios/documentation/MultipeerConnectivity/Reference/MCSessionClassRef/index.html#//apple_ref/occ/instm/MCSession/initWithPeer:securityIdentity:encryptionPreference:, the identity paremeter contains a SecIdentityRef as the first object... so I need a certificate. My question is, was this intended to work on decentralized p2p networks, and if so how?

a. Does one ship the .der and .p12 of a purchased valid signed certificate along with the application? If so, isn't that risky? I.e. the p12 password could be extracted from the binary

b. Does one rely on the application to create a self-signed certificate at runtime (through say the use of openssl) and then try to evaluate these?

or

c. I simply ignore this and go straight to the stage where the peers exchange public keys in order to proceed with encrypted communicaiton.

I'm aware that the with C I don't really know the identity of the other party and that could render all encryption pointless.

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’15

c. I simply ignore this and go straight to the stage where the peers exchange public keys in order to proceed with encrypted communicaiton.

You don't need to do that yourself; you can pass NULL as your identity and

MCEncryptionRequired

as your encryption preference and you'll get encryption without identity checking (for whatever that's worth).

Getting back to your overall question, there's a fundamental issue here: in a decentralised peer-to-peer network, how do you determine identity? This isn't a problem specific to networking; you get exactly the same issue in the real world (if someone comes up to you and says "Hi, I'm Boris.", how do you know that they are really Boris).

I've thought about this issue a lot and I can see two basic strategies:

centralised server -- You don't have to use this for communication; it's solely for setting up the identity on the device. I posted about this on the old DevForums.
ask on meet, then remember -- This is the approach used by SSH: the first time you interact with a peer, you ask the user whether they want to trust them. You can then use crypto to verify their identity on subsequent connections.

I don't know of any other strategies that are both feasible to implement and yield any actual security benefits.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0