Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
SGX remote attestation procedure (variations: with and without the participation of the remote Intel service, the explanation / logic of the work is step by step.
Sadly, remote attestation is not possible without the Intel Attestation Service, which I'll call IAS from now on. Also, the party that's want to verify a quote needs to be registered as service provider (short SP) to the IAS. I'll now start with a high level overview of the typical of the remote attestation procedure:
The enclave connects to the SP and sends it's attestation group id.
The SP fetches a list with revoked clients, also known as SigRL, from the IAS and sends it to the client.
The client creates a quote using the SigRL.
The SP forwards the quote to the IAS which responds whether the quote is valid
On a lower level, the client will have to establish communication between the quoting enclave (short QE) which is provided by Intel and the enclave that want to remotely attest something, which usually is done using the AESM-service (which is part of the platform software).
Also, the quoting mechanism allows you to remotely attest some data which you should use since it makes the remote attestation proof that this particular data was generated in an enclave which enables trusted protocols. There is an extensive examle which does a key-exchange on Intels Devzone.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
Hi guys I'm creating a device that can be controlled by google assistant;
currently I created an arduino that interfaces with an esp8266 and through the service "IFTTT" I can communicate without problems. Now I would like to extend the project so as to make it public so as to find it in the "Home control" devices of google.
Is it possible to use "Arduino / esp8266"? How?
If it is not possible in this way what kind of board do you recommend?
In order for your device to work with the Google Assistant, you should consult the smart home documentation. If your device can connect to the Internet, you're good. The ESP8266, since it already connects through IFTTT, will work for a more public project as well.
You'll need to create some sort of server backend which will act as the source of truth, responding to requests from the Google Assistant and dispatching commands to devices. If you can use the ESP8266 as a web server with minimal (< 5s) latency, you'll be set. Alternatively, you can use a simple service like Firebase.
Your web server will need to respond to three primary types of intents: SYNC, QUERY, and EXECUTE. The documentation walks through all of them, but they give you the ability to provide devices for each user, return the state of these devices, and send commands to do actions.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
I am making a small project where there is a qt client application and basic server application written in c++. I am able to connect between two different computers through my application (over SSL, Socket). Now I want to connect my client application to access a sqlite database which is on server.
For example. lets say my client application is a simple login form. When user press Login button then I want my application to access the sqlite database on server, and verify whether the details are valid.
Above a just a example fr explanation. I know I can do the above thing in various other ways but I want the above functionality for something different.I searched a lot over internet but unable to find a good example or explanation. Please through some insight.
SQLite data is stored in a single file, and there's no database server running on top of it. So it does not have any network connection capability. A very simple solution is to make the SQLite database file available on a network in some way like sharing it's directory.
There are other options which use third party libraries :
netSQLite : a client/server solution running over TCP/IP with SQLite3 at its core.
Navicat : enables remote SQLite connection although it is not free.
SQLiteServer: a multithreaded TCP/IP server for SQLite
SQLiteDBMS: a database management server for SQLite. It allows an sqlite3 process to be accessed via a TCP/IP network.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
The community reviewed whether to reopen this question 10 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I'm trying to get a deeper understanding of how IIS works.
http.sys i understand is one its major components. However, i have been having trouble finding easily digestible information about it. I couldn't get a good mental model going until i heard about the WSK, then i think it all fell into place.
From a lot of random googling a little experimentation this is my current high level understanding of why it exists and how it does it's stuff.
Why:
Port sharing, and higher performance caching.
How:
User mode processes use the WinSock api to open a socket listening on a port to gain access to the networking subsystem, e.g. tcp/ip. Kernal mode software like the http.sys driver uses Winsock Kernal Sockets (WSK) api to achieve the same end using the same pool of TCP port numbers as the WinSock api.
IIS, a web service or anything that wants to use http registers itself with http.sys using a unique url/port combination. http.sys opens up a socket on this port using WSK (if it hasn't already for another url/port combination with the same port) and listens.
When the transport layer (tcpip.sys) has reconstructed a load of ip packets back into an http request that a client sent it gives it to http.sys via the port in the request. Http.sys uses the url/port number to send it the the appropriate process which parses it however it pleases.
I know it seems like I'm answering my own question but I'm really not that sure of myself on this and would like some closure so i can get on with more interesting things.
Am i close?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
In a peer-to-peer network, is every node connected to the network a client or do they act as both a server and a client? And how can you make the peer-to-peer network robust enough to support an unlimited number of nodes connected at one time?
Well, as it already states, its P2P. So, you could basically call them both client and server,
it doesnt matter in this case (its doing the job of a server and client). When a peer in this kind of network needs to update something, it has to send the data once to EVERY peer it is connected. And meanwhile, this peer waits for any incoming data sent from the peers its connected to, and updates it accordingly.
As for your second question - i wouldnt recommend using a P2P pattern for a unlimited amount of peers. for a higher number of peers, the network usage would grow even larger - because every single peer needs to be connected to every other peer and send data to all of them. not to mention that this could get the data desynchronised very easily. P2P is good for a smaller networks with a smaller number of peers. in that case, the raw sending speed will be higher than that of a server-client model, because there is no breakpoint in the connection(in a s-c model,this is the server). For a higher number of total Connections, i would stick to a Client-Server model.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Think of the following services on one box:
SOCKS proxy
HTTP proxy
SSH service
VPN service
I have found a case where it would be beneficial to run all of these services on the same box (save on high server costs with low usage), but they all need to listen on port 80 (network security restrictions require it).
I'm a proficient Java developer. What I am brainstorming is whether it's realistic to consider a simple Java app listening on port 80, determining which service a new connection is bound for, and then redirecting traffic from that connection to a local port where the service is listening.
Is there something in the initial packets after the connection that I would be able to queue off of to determine the appropriate service?
Creative thoughts are most welcome.
I don't know the structure of all of those protocols, but I would think that the easiest way to find the answer to your question would be to simply write a program that listens on port 80 and writes the initial data to log files, and then connect with each of the above protocols and see if there are obvious patterns.
Running a network analyser on either the server or the client like WireShark would also work, and you don't have to write any code.
Once you know the patterns, you probably should look up the protocol documentation to verify whether it is really reliable.
I agree with Luke's answer, and I think that such a creature is within the realm of possibility. Other factors to consider:
If the server receives heavy traffic, there may be some performance impact to running this java redirection service, especially if your heuristics for determining the appropriate destination service are complex.
For the HTTP service, you may want the java redirector to issue something like a 301 Moved Permanently to the new port.