top | item 6396984

Establishing a truly secure connection with the server.

2 points| golubevpavel | 12 years ago | reply

The idea is to establish a truly secure connection between iOS app and an XMPP server to prevent any kind of spoofing, sniffing, man-in-the-middle, replay and other attacks.

After several days of research I end up with the following solution. Please let me know, if it is really secure or I missed something.

Establishing secure connection with XMPP server:

Network connection can be only established with one specific XMPP server, hardcoded in the app. Connection can only be established, if server SSL certificate is valid. SSL pinning is used in order to prevent MITM attacks in case root CA are compromised. No plain connections to XMPP server, only SSL/TLS.

OTR Encryption:

Any conversation should be forced with OTR encryption (http://www.cypherpunks.ca/otr/) version 3. Authenticated Key Exchange is required in every conversation. OTR v.3 is using SIGMA encryption protocol, which gives 100% protection agains MITM attack. Right?

TOR network usage:

Even if both OTR and SSL are hacked, client is always connecting to the server over TOR network to mask its original IP address.

Would you add anything else to make this configuration rock solid secure?

discuss

[+] kjs3|12 years ago|reply

[deleted]