Bonifatius94/ChessAI.CS

Implement Security Concept

Opened this issue 4 years ago · 0 comments

Bonifatius94 commented 4 years ago

Implement useful Security Mechanisms

Encryption:

implement SSL for standard payload encryption, e.g. using Letsencrypt certificates

Authentication:

make sure that noone else can make a draw for a given player by providing a player token for each game session

Optional Encryption:

add triple diffie-hellman protocol (3DH) for end-to-end encryption on session creation; this heavy encryption overhead is reasonable because message payloads are rather small; disadvantage: the gameserver cannot see the draws anymore