Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any idea for Obfuscate ? #2

Closed
ghost opened this issue Jan 5, 2015 · 3 comments
Closed

Any idea for Obfuscate ? #2

ghost opened this issue Jan 5, 2015 · 3 comments

Comments

@ghost
Copy link

ghost commented Jan 5, 2015

Any idea for Obfuscate ?
We think about to using KCP , but need more security (less resource usage, no much more cpu and memory usage)
@skywind3000
Copy link
Owner

There 4 levels of protocol in our project:

SESSION level

connection maintenance, handshake, RC4 encryption, better interface to end-point user

KCP Level

ARQ

TRANSPORT level

Forward error cancellation, packet routing.

NETWORK level

UDP, quality estimating, 64bit-XOR encryption.

These 3 different levels are arranged in sequence:
packets 'output' from upper level will invoke 'send' to lower level.
packets received from lower level will be input to the upper level.

Session Level Encryption

RECOMMEND the RC4 algorithm in the SESSION level (upper level of KCP which use ikcp_send/ikcp_recv):

  1. after connection established, a token must be exchange between both side,
  2. use it as RC4-key, encrypt data before call ikcp_send, and decrypt it when ikcp_recv returns.
  3. add an checksum to the session level packet's head (each level has their own header), after decrypt from ikcp_recv, if checksum value doesn't equal to the real one, shutdown the connection.

Network Level Encryption

RECOMMEND simple 64 bit xor algorithm in NETWORK level (just before udp send) and verify another checksum and sockaddress from incoming udp packet

Last

Separate different function into different level, and link them with send/recv, input/output, update. each level maintains their own packet header. so echo level can be completely replaced with another implementation. So practical speaking, implement encryption in both session level and network level is a good idea. These mechanism has been working over two years in online gaming and audio/video streaming, seems to be stable.

@ghost
Copy link
Author

ghost commented Jan 7, 2015

Thanks.

@ghost ghost closed this as completed Mar 17, 2015
@xmudall
Copy link

xmudall commented Jul 9, 2019

@skywind3000
Thanks for your recommendations. Two more questions:

  1. Why does it need encryption in both session level and Network level?
  2. RC4 has been prohibited in TLS for its weakness in 2015. Is there any other efficient encryption algorithm instead?

@everett-moon everett-moon mentioned this issue Dec 20, 2021
Open
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xmudall @skywind3000