Hi there :o)
I have do make 'server autentification' thingy. For several reasons,
it
have to be made by ourself - _everything_. We can't use any form of any
library (because we will run at some wierd CPU's etc.).
Our server have strong IP-based firewall. One open port (avilable to
any
IP address) should 'authorize' user -> enable user to connect to services
throw filrewall (and process 'real' autentification). Ofcourse, it is
'not'
the only autentification, but 'low level' filter. Services behind this
firewall are avilable only to 'known' (autentificated) IP addresses. Every
user which should connect into services, have small 'key generator'
(one-chip CPU based thingy - card) or a program, which will do
autentification automaticly. Autentificaion have to be unique every time.
We
have to count with fact, that valid user is watched, keys are logged,
communication sniffed. Communication with services is done by public key
cryptografy.
My question: What should be the best way how to do this ? It is not
enought
to start public key crypto at the start and autentificate by user/pass or
something similar. It is also not enough to use some private key based
auth - because we have to count, that 'host' computer can 'store'
everything.
Right now, I am going this direction (what do you think):
On server, on some port sits small program. This program is doing
'autentification' itselfs. The protocol should be pretty simple. It
responds
to any IP address. Works in 'raw' format (like POP protocol)
0. User sends implementation version (server do not send any banner) - if
server can't communicate, connection fails
1. User sends 'user name/class' - server verify, is user can come from
this
IP address (defined in config on server - dualups, some users should come
from anywhere, etc.)
2. Server sends to user some 'random' number, user have to 'reply' with
the
same number (just to see if communication really works)
3. If sucessfull, server send encrypted 'question' do user (cipher baased
encrypt)
4. User reply with encrypted answer (for every user different)
5. If OK (reply match user) server inserts line in firewall (for some
period
of time) -> IP allowed to services
6. User is allowed to use services -> every service have own/another
autentification - this is just 'access' to services in general
or
1. User connects by https to "public" first
2. Server ask him for question (~10 letters+number, no more)
3. User reply with some answer (readed from autentification device)
4. like 6
or
1. User boots up his work computer (Win 9x in many cases :(
2. User writes pin to auth program / some users have to use 'device' - not
only PIN (if they are "stupid" and they should be affected by some
trojan/vir/...)
3. like 6
It ofcourse doesn't solve any way trouble with proxies, routers, etc.
'Question/Answer' should be ask for some 'dictionary' based thingy (server
should remember what were asked - like 'seek to position ABC read XYZ
bytes - few cycles) in combination with time and few other things. It
means,
every user have 'randomly generated bunch of datas' in its autentification
device (encrypted by pin) and server hold copy of datas. Question will be
every time unique. Doesn't matter, if someone sniff connection/log
keys/watch keyboard. Am not going to use public crypt because it cost time
to implement at chip we will use (or is any algo (RSA kind) really simple
to
implement ?) - public key crypto should be best solution probably.
The point is to have fast solution, but with resonable security. There is
several 'user classes' - some connection by modem, some from fixed IP
addresses, sometimes from 'inet coffe' or 'hotel connections' and similar
[so, we can't trust to connection itselfs in any form]
What do you think about this problem in general ? And about this 'way' ?
What cipher encyrption you recomend ? (3DES, RC6, TwoFish, BlowFish,
CAST-128/256, ...) Cipher is not really needed, so, it is just to make it
'more presice'.
It is not important, but server OS is BSD based system, user OS
unixes/linuxes and windoze (mainly). Autentification chip looks like small
card with 'keyboard' (calculator). It also autentificate user for other
services (different way).
Any idea, how to well-protect from 'stole' auth device/program ? (except
startup up pin and crypt "dictionary").
Dictionary should be whatever, buch on random numbers, some algo,
whatever.
Or am I too paraonic ?
Thanx for comments,
Best regards,
Lada 'Ray' Lostak
Unreal64 Develop group
http://www.unreal64.net
This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 10:03:17 PDT