why do we asume that in the registration process communication is over the secure channel?












1














I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.



Registration Process






encryption transport-security







share|improve this question









New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2




    Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
    – SEJPM
    4 hours ago












  • @SEJPM Please can you elaborate your answer.. ........thanks in advance
    – hafeez shah
    4 hours ago
















1














I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.



Registration Process






encryption transport-security







share|improve this question









New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2




    Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
    – SEJPM
    4 hours ago












  • @SEJPM Please can you elaborate your answer.. ........thanks in advance
    – hafeez shah
    4 hours ago














1












1








1


1





I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.



Registration Process






encryption transport-security







share|improve this question









New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I was reading some research papers and saw that in Registration phase/process it is always assumed that communication is over the secure/private channel, whereas, all of the phases communication is happening over the public/open channel. What is the reason for this? on the basis of which parameter! we assume that the channel is secure/private insecure/public?
Thanks in advance.



Registration Process






encryption transport-security




encryption transport-security






share|improve this question









New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 4 hours ago





















New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 4 hours ago









hafeez shah

63




63




New contributor




hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






hafeez shah is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 2




    Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
    – SEJPM
    4 hours ago












  • @SEJPM Please can you elaborate your answer.. ........thanks in advance
    – hafeez shah
    4 hours ago














  • 2




    Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
    – SEJPM
    4 hours ago












  • @SEJPM Please can you elaborate your answer.. ........thanks in advance
    – hafeez shah
    4 hours ago








2




2




Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM
4 hours ago






Well, if you use an insecure channel, an attacker can impersonate the server and later down the line also impersonate the server, as they become the server.
– SEJPM
4 hours ago














@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
4 hours ago




@SEJPM Please can you elaborate your answer.. ........thanks in advance
– hafeez shah
4 hours ago










1 Answer
1






active

oldest

votes


















3















Registration phase/process it is always assumed that communication is
over the secure/private channel, whereas, all of the phases
communication is happening over the public/open channel. What is the
reason for this?




Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.



If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.



Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).






share|improve this answer





















    Your Answer





    StackExchange.ifUsing("editor", function () {
    return StackExchange.using("mathjaxEditing", function () {
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    });
    });
    }, "mathjax-editing");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "281"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    hafeez shah is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66209%2fwhy-do-we-asume-that-in-the-registration-process-communication-is-over-the-secur%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3















    Registration phase/process it is always assumed that communication is
    over the secure/private channel, whereas, all of the phases
    communication is happening over the public/open channel. What is the
    reason for this?




    Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.



    If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.



    Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).






    share|improve this answer


























      3















      Registration phase/process it is always assumed that communication is
      over the secure/private channel, whereas, all of the phases
      communication is happening over the public/open channel. What is the
      reason for this?




      Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.



      If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.



      Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).






      share|improve this answer
























        3












        3








        3







        Registration phase/process it is always assumed that communication is
        over the secure/private channel, whereas, all of the phases
        communication is happening over the public/open channel. What is the
        reason for this?




        Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.



        If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.



        Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).






        share|improve this answer













        Registration phase/process it is always assumed that communication is
        over the secure/private channel, whereas, all of the phases
        communication is happening over the public/open channel. What is the
        reason for this?




        Well, the point of the registration phase is to register the client to the server, so that they can reach mutual authentication afterwards using the exchanged information and with minimal / no assumptions on the underlying channel.



        If you assume the channel to be insecure for this process, what an attacker can do, is wait for you to enter the registration phase with the legitimate server, intercept the request, act like they are the legitimate server and at the same time register themselves to the real server.



        Now if you connect after the registration stage, the attacker can perfectly fine be authenticated as "the real server" and intercept your entire traffic (and potentially forward it to the real server).







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 3 hours ago









        SEJPM

        28.2k553132




        28.2k553132






















            hafeez shah is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            hafeez shah is a new contributor. Be nice, and check out our Code of Conduct.













            hafeez shah is a new contributor. Be nice, and check out our Code of Conduct.












            hafeez shah is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Cryptography Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66209%2fwhy-do-we-asume-that-in-the-registration-process-communication-is-over-the-secur%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Eastern Orthodox Church

            Image
            Not to be confused with Oriental Orthodoxy, Eastern Christianity, or Eastern Catholic Churches. "Eastern Orthodoxy", "Orthodox Church", "Orthodox Catholic Church", and "Orthodox Christian Church" redirect here. For other uses, see Orthodox (disambiguation). This article may be too long to read and navigate comfortably . The readable prose size is 132 kilobytes. Please consider splitting content into sub-articles, condensing it, or adding or removing subheadings. ( January 2018 ) Part of a series on the Eastern Orthodox Church Mosaic of Christ Pantocrator, Hagia Sophia Overview Structure Theology (History of theology) Liturgy Church history Holy Mysteries View of salvation View of Mary View of icons Background Crucifixion / Resurrection / Ascension of Jesus Christianity Christian Church Apostolic succession Four Marks of the Church Orthodoxy Organization Autocephaly Patriarchate ...
            Read more

            Zagreb

            Image
            This article is about the Croatian capital city. For other uses, see Zagreb (disambiguation). City in City of Zagreb, Croatia Zagreb City Grad Zagreb City of Zagreb Clockwise, from top: St. Mark's Square, Croatian State Archives, Zagreb Tram, Art Pavilion, Cibona & HOTO towers and Croatian National Theatre. Flag Coat of arms Zagreb Location of Zagreb in Croatia Show map of Croatia Zagreb Zagreb (Europe) Show map of Europe Coordinates: 45°49′N 15°59′E  /  45.817°N 15.983°E  / 45.817; 15.983 Coordinates: 45°49′N 15°59′E  /  45.817°N 15.983°E  / 45.817; 15.983 Country   Croatia County City of Zagreb RC diocese 1094 Free royal city 1242 Unified 1850 Subdivisions 17 city districts 218 local committees (70 settlements) Government  • Type Mayor-Council  • Mayor Milan Bandić (BM 365)  • City Assembly 51 members BM 365, ZL, NS-R (14) SDP, GLAS, HNS, HSS, NH-PS (13) ...
            Read more

            Understanding the information contained in the Deep Space Network XML data?

            Image
            up vote 1 down vote favorite NASA's Deep Space Network activity can be viewed conveniently at https://eyes.nasa.gov/dsn/dsn.html but if you would like data in a more raw XML form, it can be accessed as described in this answer Below is a small Python script that reads the XML into a list of dictionaries, and saves it to disk as a JSON. The dictionaries are organized at the higher level by dish, then by spacecraft per dish. Question: What are the most-likely meanings of all the data field contained in the Deep Space Network XML data? This is the example url from the other answer, used in the script below: https://eyes.nasa.gov/dsn/data/1365107113.xml def dictify(r,root=True): # https://stackoverflow.com/questions/2148119/how-to-convert-an-xml-string-to-a-dictionary-in-python/30923963#30923963 if root: ret...
            Read more