Network security

From ComputerCraft
Jump to: navigation, search

Two major issues encountered when trying to design secure systems running over networks in ComputerCraft are spoofing - the act of pretending that one's computer is a different one (typically by faking IDs) - and interception - malicious actors being able to eavesdrop on the connection. To prevent these, it is important to stick to good security practices, as outlined here.

Rednet

TL;DR: Rednet is not actually secure, as messages can be intercepted and IDs can be faked!

Rednet, while at first glance appearing to enhance security by being able to send messages to specific computer IDs, is susceptible to the issues of spoofing (in this case, pretending that one's ID differs from one's actual ID) and interception, as it is built on top of the modem API, which permits doing this using its lower-level access.

It is possible to work around the issue of spoofing by transmitting keys or passwords instead of relying on IDs, but these can be intercepted, which means that without protection from interception, this is not particularly useful.

One step towards protecting against interception is using the modem API directly to send on specific channels - it is hard (but possible) to listen to every possible modem channel. However, if the channel is found out, communications will be just as insecure as with Rednet.

Preventing interception

Never develop your own encryption unless you really know what you are doing, i.e. have a firm understanding of cryptography and the mathematics involved. Your method will probably have serious flaws otherwise.

It is possible to properly prevent interception of messages by using various methods of encryption.

The simplest method is using symmetric encryption - in this, all the computers sending or receiving have a key stored on them which allows them to encrypt and decrypt messages for the others. An example of a symmetric encryption algorithm is AES, for which ComputerCraft implementations are available. Note that these are susceptible to replay attacks. This should only be used if it is made certain that the program code (including the key) can not be manipulated by malicious actors. Some examples of symmetric encryption algorithms available in ComputerCraft are ChaCha20 and AES.

If not all computers involved in communications can be trusted, a fitting alternative is asymmetric encryption. One available implementation of this is SMT.

One downside of most encryption is that it is significantly slower than transmitting messages directly over Modem/Rednet. However, in practice, most applications should not be bottlenecked by this.