GKSession: securely pair two devices

Discussion in 'iOS Programming' started by MrFusion, May 15, 2012.

  1. MrFusion macrumors 6502a

    Joined:
    Jun 8, 2005
    Location:
    West-Europe
    #1
    GKSession is a nice, beginners friendly API to connect two iDevices over an ad hoc wifi connection and exchange data. As far as I can tell the link is unsecure and any devices can be connected (if the app accepts).

    I want to encrypt the transmitted data and ensure the two right devices are talking to each other. With bluetooth, two people have to exchange a short key (4-5 digits) before a connecting is established (pairing). I am thinking about implementing this with GKSession, but I don't know where to start.

    Any idea where I should start? Which google/xcode documentation search keys do I need? Pairing leads me to just keyboards and mouses. Encryption leads to AES(?) and keys that way, way to long to type in.

    My goal is to exchange data between a few people in a room without any eavesdropping.
     
  2. ArtOfWarfare macrumors 604

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #2
    Correct me if I'm wrong, but I thought both devices in a GKSession had to accept each other?

    If a third device attempted to join, wouldn't at least one of the other two have to accept the third?

    (Maybe I'm mistaking this for a different connection method in game kit... I haven't tried using any of them since last summer.)
     
  3. MrFusion thread starter macrumors 6502a

    Joined:
    Jun 8, 2005
    Location:
    West-Europe
    #3
    Yes, incoming requests have to be accepted. But anyone can make a request. The device can't know who the other party is. It can ask the other party for a display name, but this is easily spoofed. The other device can be a person inside the room or a person standing outside the door. Exchange a key (like with bluetooth) should solve this, or not?
     
  4. ArtOfWarfare macrumors 604

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #4
    Why do you need such security? Can you not trust users to simply commune with each other face to face and say "Did you send me a request? Oh, you didn't? I'll reject this request then..."
     
  5. MrFusion thread starter macrumors 6502a

    Joined:
    Jun 8, 2005
    Location:
    West-Europe
    #5
    Isn't the paring key also used in encrypting the data?

    Well anyway, even if it's not necessary, I just want to know how to do it in principle.
     

Share This Page