3

We have a TCP/IP sockets server written in C# used for transferring binary files to clients. e.g., clips, images. Asynchronous BeginSend/EndSend with callbacks are being utilized to send byte[] buffers.

New requirement is to encrypt the data being transferred. Each client connection will supply an encryption key for the server to use. Actual encryption algorithm is not as essential, i.e., the goal is to simply ensure that the data is not sent in the clear. Even RC2CryptoServiceProvider with 40-bit keys would suffice... RijndaelManaged with 128-bit keys is an overkill and rather CPU-intensive in comparison with RC2.

It is certainly possible to first generate an encrypted version of data files before transferring them. Ideally though, we should encrypt the file on the fly as the data is read from file and sent on the socket. Given the size of data files, reading entire file contents to memory is neither efficient nor scalable.

Are there a few good patterns to follow when encrypting data from files on the fly to send to a sockets peer?

Improve this question
7
  • C# to C#? You should be using WCF. Commented Aug 19, 2013 at 2:23
  • 2
    How will you tell your clients the keys the data is being encrypted with? If not HTTPS/SSL you're doing it wrong. Commented Aug 19, 2013 at 2:24
  • Just go with TLS, and if necessary, use the RC4 cipher. Commented Aug 19, 2013 at 5:57
  • We do have another WCF server on the same machine. This server is the one that actually generates the needed "content" resources (images, clips, etc.) When resources are available, in response to requests, WCF callbacks are issued to the clients with the keys for clients to use. Actual transfers are NOT performed via WCF - we benchmarked binary transfers, and the overhead for WCF has its penalties. Instead, our TCP sockets server uses asynchronous overlapped I/O for transferring binary content... Commented Aug 19, 2013 at 10:40
  • What sorts of attacks do you want to protect against? If you send the key along with the data, the encryption is useless even against the simplest eavesdropping attacks. Or do you have something more specific in mind? Commented Aug 19, 2013 at 20:01

1 Answer 1

Reset to default
6

There's a handful of ways you can accomplish this. Here are some:

  • Infrastructure: Establish a SSL/TLS-enabled VPN with your client. Use the new private network to connect to your client's network. Pro: Little to no change in code, depending on your current implementation. Con: Depending on your client's infrastructure (and yours!), it may not be possible.

  • SSL: Establish a direct secure socket layer connection between the client and your server. Pro: Easy to implement. There's an example on CodeProject about how to implement it via MS SSPI SSL and OpenSSL you can use as a base for your own implementation; here's the link. Con: SSL have some well-known security issues you should know about before considering implementing it.

  • Common algorithms (AES, DES, Triple DES, Blowfish): Internal implementations you may use before sending and after receiving packages on your communication layer. Pro:Loads of libraries publicly available, some natively available since .NET 3.5 and up. Con: As you mentioned, some may be overkill.

  • Custom algorhythms: Create your own! Give those bits a shake. Pro: It can be as light as you want; public available cracking tools would be near useless. There's an example here of a simple custom encryption protocol for 32-bit integers, easily adaptable for larger content. Con: Public algorithms are thoroughly tested and validated, and do ensure a level of security that your implementation may not meet; there's little valid reasoning for reinventing the wheel.

You may, of course, mix two or more if you want extra security (for example AES-encrypted content over an SSL connection), but it's up to you to decide.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

All current vulnerabilities in TLS 1.1 and 1.2 are merely theoretical and definitely negligible compared to issues in the other approaches you mentioned. It's impossible to create a secure protocol from cryptographic primitives unless you are a team of world class cryptographers. Creating your own algorithm – even more so.
While generally correct, I believe you may have missed the OP's point: According to his own words, 'RijndaelManaged with 128-bit keys is an overkill' for his specific needs. The discussion isn't about which method is more secure, he wants a reasonable balance between encryption and performance.
The problem is that doing something non-standard is going to be more difficult and involve more work than going with standards. Also note that IT security is a binary thing – either there is security or there isn't. A false sense of security is worse than no security.
I can somewhat agree with you on the first topic. On another side, it is good to de-mistify criptography; It is a tool, there's available tools of various sizes and you can even be a toolmaker yourself, given enough understanding of what you want. But I completely agree on IT security, and I would even complement it by saying that it's a binary constant set to false: There is NO secure system - whatever someone creates, someone else can break, given enough time and resources. Nonetheless, there are acceptable intermediate levels of security that may fulfill your needs.
It is not possible to break (correctly implemented) standards like PGP or TLS, as long as the private keys stay private. You may be thinking of brute forcing, but that is not considered a viable attack since we are talking about billions of years of time with sufficient key lengths. And I still think security is boolean. Intermediate levels of security are almost always just obfuscation.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.