[Reading Notes] iOS network-protects network transmission and Reading Notes for ios

[Reading Notes] iOS network-protects network transmission and Reading Notes for ios

1. Verify the server communication.

 

2. HTTP authentication.

 

Mobile banking applications have two authentication modes: standard verification and quick verification. Standard verification only prompts the user to enter the user name and password, while quick verification requires the user to register the device and then use the PIN for verification. The user name and password are not required for each verification. To ensure the security of quick authentication, if the user chooses to register a device in a given authentication request, the server response must contain an additional attribute, that is, the user's certificate. The application will store this certificate and check it at subsequent startup to determine which authentication view should be displayed.

 

1. HTTPBasic, HTTP Digest and NTLM authentication.

2. client certificate authentication.

 

3. Use hash and encryption to ensure message integrity.

Since the application has been verified to communicate with the correct server and has been successfully authenticated, the user can initiate a service request. The application must ensure that the transmitted data is safe and modified during transmission. This section describes the technologies that can meet this requirement, including password hashing, message authentication code, and encryption removal.

1. Hash: for a given data block, the hash and connection of passwords must generate a fixed bit sequence. These hash values simplify the comparison and sorting of data blocks. Common scenarios of hash include tracking file changes, downloading checksum, data obfuscation, database storage, and verifying the integrity of request data.

2. message authentication code. Message authentication code (MAC) is a mechanism that can detect whether the load is modified and verify its authenticity. The implementation is to generate a hash value for the incoming request data (or a subset of the pre-configured request data), and then compare the hash value with the pre-calculated MAC sent with the load. MAC is similar to the hash function described earlier, but it is more secure because it is always paired with a key.

1) It is common for developers to output various processing details to logs. However, they should never print the generated keys to the console, log files can be easily obtained from devices. If they are detected by attacks, they are very serious security problems.

3. encryption.

 

4. securely store authentication information on devices.

Since it can securely communicate with the service layer, it is necessary to store information securely on the device. Apple provides the Keychain Services API to complete this task.

 

 

Reference: iOS network advanced programming-enterprise application development for iPhone and iPad