Skip to content

Commit ee55111

Browse files
ReferenceTypeReferenceType
authored
Update README.md
1 parent b4c3434 commit ee55111

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -360,3 +360,14 @@ Additionally to the standard 1-1 message callback we have room message callbacks
360360
client1.OnUdpMessageReceived += (message) => ..
361361

362362
```
363+
# Cyber Security
364+
All secure TCP variants are implementing standard SSL socket with TLS authentication/validation.
365+
366+
In case of P2P systems same strategy is applied for the TCP connection. if Peer A wants to communicate between Peer B through TCP, it sends a message to Relay server through its SSL connection. Relay server Decrypts the message and gets the destination peer. Then sends the message with the SSL connection of peer B
367+
368+
Considering the UDP where there is no TLS authentication (not provided by .NET), instead Symetric Key AES encrption is used. Key exchange is done by using previously authenticated SSL connection. Each peer has its own key, generated by the Relay server with secure random at runtime upon connection.
369+
This key is not shared and only provides communication with Relay server. If peer A wants to talk with peer B through UDP via Relay server, Peer A sends an encrpyted message to Relay. Relay then decrypts it and checks for the destination. Then encrypts the message with destination peers AES key. This way no peer can know each others keys where Relay server acts as security bridge.
370+
371+
In case of holepunching, during the procedure with two peers, Relay server generates a key to be shared between two peers. If the procedure succees, PeerA and B will use this symetric key to directly communicate. Of course this key exchange is also done with secure SSL channel.
372+
373+
The certificates(.pfx files) located in library are just placeholders, they are generated using OpenSSL only for test purposes. Eventhough they provide encrption, they are publicly avaibale hence not secure. You should generate your own certificates for usage. I am not going to go in detail for authority payments and signing procedure here but in future i will provide SSL generation and signing application where you can generate and sign certificates to be used on local networks.

0 commit comments

Comments
 (0)