Why do we need security measure likes control flow integrity and buffer overflow guard if we have good access control protocol in place?

Reading into information security, I noticed two branches. Access control when communication with external device by using some type of cryptographic authentication and encryption mechanism and things like control flow integrity. My question is why do we need the latter if former is good enough. Are there example of control flow exploits on access control protocol implementation themselves? My focus is mainly on embedded devices.

Why since I configured my smartphone APN protocol to IPv4/IPv6 I (might) only have IPv6 addresses?

About a week ago I configured my smartphone Access Point Name (APN) of the type APN protocol from including the value IPv4 to including the value IPv4/IPv6, all IP addresses I recognized for my smartphone were IPv6 addresses.
I didn’t change the value for the APN type APN roaming protocol → its value is still IPv4 only.

I understand I can now have both IPv4 addresses and IPv6 addresses but the purpose of the following question is to understand the tendency I personally recognize for IPv6 (only?) addresses for my smartphone.

Why since I configured my smartphone APN protocol to IPv4/IPv6 I (might) only have IPv6 addresses? Is it a coincidence or the cause of some global standard cellular operators are now following?

What are the advantages and disadvantages of using a HackRF One compared to specific protocol sniffers?

I am performing some research on IoT test tools and came across the HackRF One which can transmit and receive from 1 MHz to 6 GHz. I therefore think that it can analyze many protocols, but I cannot find a list of them anywhere. Can it for example analyze (and exploit) Zigbee, Z-Wave, LoRaWAN, RFID and NFC? Why is there no list, because there are too many protocols? Is the HackRF a more general sniffer then?

I also came across some specific protocol sniffers, like the Suphacap Z-Wave Sniffer and the Proxmark and so on. What are the advantages of these over the HackRF? Is the best option to start with a HackRF and then when necessary buy specific sniffers according to the needs of the current pentest?

I would like to know this, because then I know which devices to afford for penetration testing.

How do I fix ‘Bad protocol version identification’ errors?

I’m a beginner at using SSH, and I’m trying to connect to a VM from a tablet using an app. The app says that it connects successfully, but soon, it loses the connection to the server.
I have installed OpenSSH, and when I check the systemctl status, I receive the following log:
Bad Protocol Version Identification ‘0.0,0.0,0.0,0.0,
Bad Protocol Version Identification ‘0.0,0.0,0.0,0.0,

Accepted password from [my VM username] from 127.0.0.1 port 58982 ssh2
Bad Protocol Version Identification ‘0.0,0.0,0.0,0.0,
Bad Protocol Version Identification ‘0.0,0.0,0.0,0.0,
I’ve set a port redirect already, but it’s not working. I wonder if it’s an issue with the app or with my SSH settings.
Any help is appreciated.

Understanding DIQKD protocol, a few questions

I’m refering to this paper here “Fully Device-Independent Quantum Key Distribution” (Umesh Vazirani and Thomas Vidick) and unfortunately there are many things I don’t understand.

1) Page 3: by the word round, what do the authors actually mean? Is it right to say it’s basically how many times Alice and Bob use their own devices?

2) Page 3, Testing section: this equality aᵢ ⊕ bᵢ = xᵢ ∧ yᵢ I was told it describes the requirement of the CHSH game. Alice input can be anything belonging to the set {0,1,2} while Bob’s input can only be an element of the following set{0,1}. Their output can be 0 or 1, respectively. The paper says “They compute the fraction of inputs in B that satisfy the CHSH condition aᵢ ⊕ bᵢ = xᵢ ∧ yᵢ..“. My understanding is: if ⊕ is exclusive OR and ∧ is logical AND then the following makes sense: aᵢ=1 bᵢ=0 1 ⊕ 0 = 1 ∧ 1 Is that correct? If I’m right what does the following expression mean? “If this fraction is smaller than cos2 π=8 − η they abort the protocol


Cross-posted on quantumcomputing.SE

Ideal time complexity in analysis of distributed protocol

I need some explanation about the definition of ideal time complexity. My textbook says:

The ideal execution delay or ideal time complexity, T: the execution delay experienced under the restrictions “Unitary Transmission Delays” and “Syn- chronized Clocks;” that is, when the system is synchronous and (in the absence of failure) takes one unit of time for a message to arrive and to be processed.

What is intended for “Syncronized Clocks”?

Take for example broadcast problem and flooding protocol.

In this protocol each uninformed node wait that some informed node (at the beginning only the source) send to it the information and next it resend the info to all neighbors.

Now the ideal time complexity of this protocol is at most the eccentricity of the source and so at most the Diameter of the comunication graph.

Now if the ideal time complexity is this, necessarily al nodes send message to neighbor in parallel, correct?

and we are assuming that:

  • The source send message to each neighbor => 1 unit of time
  • The neighbors of the source send message to them neighbors => 1 time

and so on.. until we reach the most far away node from the source.

It’s a correct view?

Thought process on Network Protocol Attack

I’m preparing for an introductory information security examination in university and this is one of the tutorial question on Network Protocol attacks. I tried (a) and came to this conclusion: Since the EPbX() is a public key encryption operation, C can decrypt any encrypted message to get back its original message, m as though it is anyone in the pair of people exchanging messages.

However, when I re-read the question, the decryption requires the use of private keys, which means it might be impossible to get the message unless C impersonates as the other to each of A and B, and is involved in the key exchange, generating 2 pairs of private keys, which seems repetitive. This confusion prevents me from doing the later part (b).

Can anyone suggest the thought process and solution to the above problem?

Here is the question description. Sorry the actual paper document is not formatted such that it allows copy over.

webatk 1

webatk 2

Posting from HTTPS without specifying protocol – secure?

I have a form that is sat on a secure (HTTPS) page, which posts to another page. In the form action, the protocol is not specified but I would assume uses the same protocol as the page that it came from, please see below:

<form id="dummy_form" action="do_action.php" method="POST">     <input type="hidden" name="some_field" id="some_field"> </form> 

The way I have believed this worked, is that the relative URL would use the same protocol as the page it is sat on, therefore all traffic is encrypted.

However I recently had someone contact me saying that the form is insecure and that the information is being transmitted in plaintext. I assume they have just inspected the network traffic using their browsers dev tools (they sent me a screenshot of their data in the network tab of Google console), but I thought it would be better that I ask the wider community and check?

Better safe than sorry!

Does timestamp protocol following thomas’s write rule allow non-view-serializable schedules in some cases?

I have came across following line in text book (Database System Concepts Textbook by Avi Silberschatz, Henry F. Korth, and S. Sudarshan $ 6e$ ) page no. 686:

Thomas’ write rule allows schedules that are not conflict serializable but are nevertheless correct. Those non-conflict-serializable schedules allowed satisfy the definition of view serializable schedules (see example box).

What I understood from above lines is that every schedule generated by timestamp protocol following thomas’s write rule is view serializable.

Now let’s take following little schedule: $ S: R_1(X), W_2(X), W_1(X)$ .

This schedule $ S$ is allowed under timestamp protocol which follows thomas’s write rule.

And serialization order is $ R_1(X), W_1(X).$

But I was not able to prove that it is view serializable.

Actually I think that it is non-view serializable because,

  1. Consider serial order as $ T_1, T_2$

    Now final value of $ X$ is being written by $ T_2$ . So not equivalent.

  2. Next alternative serial order is $ T_2, T_1$

    here, $ R_1(X)$ will read value of $ X$ written by $ T_1$ not original value which was there before start of both transaction. So this too is not view-equivalent.

What is going wrong here. please help me with this one.

Outcome of Needham-Schroeder protocol

I am studying Needham-Schroeder protocol in my course subject and I understood it well, but there is a homework problem which is asking, “what is the outcome of Needham-Schroeder protocol?”

According to me, its outcome is a security session between Alice and Bob for communication and kdc is responsible for that security session. Is my answer is correct or is this question is about anything else?