YS SSL Communication security issues between end-to-end

1, Introduction:

Traditional Internet,SSL communication is mainly based on the client and the server, in the era of the Internet of things, the encryption communication between end and end will become very common, in the Ys business, the main end and end communication is:

(1), Client (mobileAPP, Ys Studio andWeb) and the two-way communication between the devices.

( 2

ssl communication.

Note: The client-based Hik is actually sdk sdk clients can communicate with Hik devices.

The main scenario map is as follows:

2, business requirements:

SSL bidirectional communication based on long and short links can be implemented between end and end .

3, risk analysis

(1), the device factory uses the same certificate, the attacker can export the certificate on any one device, the client to the device initiatedSSLcommunication for Man-in-the-middle hijacking attacks, because the certificate contains a public and private key, it can decryptSSLThe handshake communication process intercepts the symmetric key, also cannot use the certificate to judge the target device authenticity, similarly, the equipment certificate may also hijack the device and the deviceSSLcommunication.

(2Similarly, if HikSDKalso use the same certificate, the attacker can also export HikSDKbuilt-in certificate, hijacked device to client-initiatedSSLcommunication (such as alarm message push).

4and Solutions:

(1), ClientSDKand device vendors without a certificate, the first time the client usesSDKand the device automatically generates the certificate the first time it starts, while preserving the interface that generated the refresh certificate.

          advantages: High security, software level changes, can be real clients and devices now two-way certificate validation.

          cons: Client sdk on the low-end phone to generate a certificate time will be slow, the first user experience is poor, and the device because in the factory must go through the boot test, so the factory has been in the set up in the certificate, so in the user side is not affected, But in the supply chain link will increase the generation time, affecting capacity.

( 2 sdk The package has a default certificate that can be called to update the device certificate after the communication is generated using the default certificate.

          advantages: High security, scalability, but also real clients and devices are now two-way certificate validation.

Disadvantage: High software development costs, the first time you use the default certificate for SSL communication is still likely to be hijacked, and can only be made optional, the user is basically not used.

(3), AnalogSSLcommunication protocol, each timeSSLcommunication is dynamically generated by asymmetric encryption algorithms (such asRSA) key.

Advantage: High security, can solve the problem that the symmetric key gets decrypted.

         Disadvantages: High software development costs, need to be familiar withSSLprotocol, and cannot be used to verify certificate validity.

YS SSL Communication security issues between end-to-end