Hi there :o) I have do make 'server autentification' thingy. For several reasons, it have to be made by ourself - _everything_. We can't use any form of any library (because we will run at some wierd CPU's etc.). Our server have strong IP-based firewall. One open port (avilable to any IP address) should 'authorize' user -> enable user to connect to services throw filrewall (and process 'real' autentification). Ofcourse, it is 'not' the only autentification, but 'low level' filter. Services behind this firewall are avilable only to 'known' (autentificated) IP addresses. Every user which should connect into services, have small 'key generator' (one-chip CPU based thingy - card) or a program, which will do autentification automaticly. Autentificaion have to be unique every time. We have to count with fact, that valid user is watched, keys are logged, communication sniffed. Communication with services is done by public key cryptografy. My question: What should be the best way how to do this ? It is not enought to start public key crypto at the start and autentificate by user/pass or something similar. It is also not enough to use some private key based auth - because we have to count, that 'host' computer can 'store' everything. Right now, I am going this direction (what do you think): On server, on some port sits small program. This program is doing 'autentification' itselfs. The protocol should be pretty simple. It responds to any IP address. Works in 'raw' format (like POP protocol) 0. User sends implementation version (server do not send any banner) - if server can't communicate, connection fails 1. User sends 'user name/class' - server verify, is user can come from this IP address (defined in config on server - dualups, some users should come from anywhere, etc.) 2. Server sends to user some 'random' number, user have to 'reply' with the same number (just to see if communication really works) 3. If sucessfull, server send encrypted 'question' do user (cipher baased encrypt) 4. User reply with encrypted answer (for every user different) 5. If OK (reply match user) server inserts line in firewall (for some period of time) -> IP allowed to services 6. User is allowed to use services -> every service have own/another autentification - this is just 'access' to services in general or 1. User connects by https to "public" first 2. Server ask him for question (~10 letters+number, no more) 3. User reply with some answer (readed from autentification device) 4. like 6 or 1. User boots up his work computer (Win 9x in many cases :( 2. User writes pin to auth program / some users have to use 'device' - not only PIN (if they are "stupid" and they should be affected by some trojan/vir/...) 3. like 6 It ofcourse doesn't solve any way trouble with proxies, routers, etc. 'Question/Answer' should be ask for some 'dictionary' based thingy (server should remember what were asked - like 'seek to position ABC read XYZ bytes - few cycles) in combination with time and few other things. It means, every user have 'randomly generated bunch of datas' in its autentification device (encrypted by pin) and server hold copy of datas. Question will be every time unique. Doesn't matter, if someone sniff connection/log keys/watch keyboard. Am not going to use public crypt because it cost time to implement at chip we will use (or is any algo (RSA kind) really simple to implement ?) - public key crypto should be best solution probably. The point is to have fast solution, but with resonable security. There is several 'user classes' - some connection by modem, some from fixed IP addresses, sometimes from 'inet coffe' or 'hotel connections' and similar [so, we can't trust to connection itselfs in any form] What do you think about this problem in general ? And about this 'way' ? What cipher encyrption you recomend ? (3DES, RC6, TwoFish, BlowFish, CAST-128/256, ...) Cipher is not really needed, so, it is just to make it 'more presice'. It is not important, but server OS is BSD based system, user OS unixes/linuxes and windoze (mainly). Autentification chip looks like small card with 'keyboard' (calculator). It also autentificate user for other services (different way). Any idea, how to well-protect from 'stole' auth device/program ? (except startup up pin and crypt "dictionary"). Dictionary should be whatever, buch on random numbers, some algo, whatever. Or am I too paraonic ? Thanx for comments, Best regards, Lada 'Ray' Lostak Unreal64 Develop group http://www.unreal64.net
This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 10:03:17 PDT