Re: Security - ciphers - autentification

From: Lada 'Ray' Lostak (ray@unreal64.net)
Date: 04/17/02


From: "Lada 'Ray' Lostak" <ray@unreal64.net>
To: <secprog@securityfocus.com>
Date: Wed, 17 Apr 2002 09:21:27 +0200


>I'm not sure of all you requirements as the document was a little unclear
>but this might address a lot of your needs:
>
>http://www.cs.utexas.edu/users/mcguire/software/horatio/

It is my mistake - I will try to 'repeat' it more carefully. Horatio is
something what I need (yup :o) _BUT_ ....

I will try to split into 2 things:

1. 'Design' - HOW it should work
2. 'Program' HOW it internally works (which algos, etc.) - let's talk about
(2) when (1) will be clear :)

So, first I will try to define 'what' we have:

1. Server with some services (emails/busines things/web pages/shared
information system/etc.)
2. Some of these services are PUBLIC some are PRIVATE
3. Public services are avilable throw public 'web' (public domain)
4. Private services are avilable throw private 'server' (private domain)
5. There is a ONE server, lisenning on more IP addresses (pub/priv) - many
information are shared
6. Before server is firewall (separate machine)
7. Everything run BSD systems
8. private/public services sharing 'one' database, but I created more
'views' on database (more physical databases, more physical users with
restricted rights) - so, if there will be security trouble (and I think the
best way how to make something secure is presume, it is 'not' secure itselfs
:) there can't be easily readed other 'tables'
9. Many services all the time check 'destination' address - and physically
will not work if accessed from 'public' address
10. Many of 'shell' programs are 'trojans' - such as shells, etc. (on
standard paths) - they 'run' but doesn't do nothing, just send us someone
runs them (and automaticly (after some time, first time it logs what
attacker is doing) ban user on firewall)
11. I can't prevent good hacker. But there are not much good hackes.
Majority of attacks are by script kiddies, and I want to prevent mainly
them. If someone will want to break in, he will do. It is only question of
time. No more. There is no security at all....

This is 'server side'... Now user side...

1. Users can connect from dangerous places - inet coffies, hotels etc. _OR_
'work place'
2. With dangerous places, we have to calculate, that:
    a. user can't run any external program (downloaded, or from CD,
whatever)
    b. keyboard is logged
    c. connection is sniffed
    d. user is 'watched' by other ppl
    e. in this case, 99% of connections will be from windoze world
    f. some 'virus/trojan' is active
3. With 'work' place we should calculate:
    a. there are running windoze 9x (95/98/ME) - hell for security
    b. some % of users are running UNIX based OS (mainly BSD or Linux
clones)
    c. user can have some 'pernament' program authorizing

And what I need:

1. Something what doesn't require 'program' to authorize but keep security
(dangerous places)
2. Something what will allow using some 'program' to pernament authorizing
(work places)
3. Will be simple to create
4. Will allow 'parthers'... it means:
    a. some users will be from our company - they're OK - we can give them
notebook - whatever
    b. some users (~70%) will be from parthers companies (important/big one
only) - they can log into system and use 'some allowed parts' (like check
support for known bugs, etc etc. - these informations are NOT pulic - but
not for parthers - and it is more complicated - different pather can go to
different level of internal infos) - so, we need something what we can
easily 'distribute'

And where it will run:

1. Some X86 and PPC based CPU's - windoze/unixes (so, it have to be easily
portable)
2. On special one-chip based CPU's - probably (see down)

My biggest problem is: HOW to authorize user from 'dangerous' place ? There
are several ways ho to do it:

1. Password based auth (user/login basically - or some form)
2. Private key based auth (symmetric cryptography)
3. Public key based auth (asymmetric cryptography)
4. Body human based auth (finger print generated access key, etc.)
5. Some other big system (such as Kerberos, whatever) and/or in combination
with VPN
6. Some combination 1-4 with 'floating' code

Because we have to run on 'dangeours' places, where we can't put our
technology at all (or trust), we can remove 5 (requires
instalation/configuration). Then we can remove 4 (too expensive to create
tenths human metters) and 1 (it is not secure at all - doesn't matter of
connection will be throw SSL - keys can be loged). Not in all cases can
manager use his own notebook. Sometimes he need to access 'someone else
computer' or 'hotel network' (and keep notebook on room when going out) or
'special inet computer' which are often in hotels (computer dediacted only
for inet conenction I mean). And competition never sleeps :o)

Did I miss something ?

Remainder is (a)symetric cryptography with floating code.

Because or 'dangerous' places (no trust), we need floating code. It is not
enough to bring own private key on some media (CD-rom, floppy, flahs memory
card, ...). Because it can be stollen.... Or I can't imagine scenario, where
we will use asymetric cryptography (ofcourse, good choice) - without danger
of stoling my key. We have to TRUST to browser (majority cases IE hehe) -
that if I will delete key, it will be REALLY delete or encrypted with strong
algo. We have to trust to OS - if IE will 'delete' key, OS will really
remove from media, etc....

Why we need dangerous places ? Because many of our businesmans are traveling
accross various states, and they need to 'stay in'. Check emails, give tasks
to other employments, update some parts of web, login to 'busines' system,
etc. (all done throw HTML (require some browser) and SSL/HTTPS).

So, HOW to autentificate user at all ?

I get following "idea" (not idea at all, just one of way where to go) - and
I ask, what do you think about it... Every user have small credit-card like
'computer' - small keyboard, verry small display - 'autentification device'.
I am system programmer (drivers, engines)/HW developer, so, I will have to
do this work...

'dangerous scenario'

1. User connects to https://server/auth (works for everyone)
2. User switch on his auth-device (put some pin - internal datas are
encrypted by some algo), it show him some 'number' (generated for
date/time/user) -> server recognize user name and verify, if user can some
from this IP address (stored on server)
3. User logs to server by his username and this generated number as
password -> now 'auth' really starts - this also prevent 'running out of
dictionary' (see down) and DOS attack to auth system (I don't mean DOS to
HTTP server)
4. Server shows to him some text (a-z 1-0) - user write to its device - text
is ~8-10 chars long
5. User reply by another generated number
6. Server inserts for some period his IP to firewall
7. User can connects to 'server' (all over ssl ofcoruse) - like
https://private.server.com
8. User (on end of work) or server (timeout) removes its IP address from
firewall
9. Auth device should also work for 'services' - instead of 'password'
should be always used some 'generated' text - because if there will be some
proxy, whatever, and user watched/key loged, someone un-authorized can log
into system
10. In 'text' will be coded (by symetric cipher for ex.) 'question' like:
word on line 50 row 40 (so, some of "dictionary" - different form than this
simple one, but still dictionary) -> server/auth-device have 'common'
dictionary, server remembers what data were asked

'work scenario'

1. User boots up system - if secure one (Unixes) - it automaticly auth on
server
2. On not well secure OS (Windoze) it asks for 'password' (and also for some
users will be required steps 2/3 from dangerous)
3. In some time periods program repeats auth (or server will remove entry
from firewall) - prevent system fall down (specically for 9x :o)
4. On session end, program removes entry from firewall

Note: I do not compare unix/windoze (secure/stupid/...) I mean: someone
using UNIX will (for sure) know what security is and his OS will be
'protected' well. Users running windoze... You know, it is not "easy" to
create/keep this OS 'secure' (any OS at all) - and total majority of users
don't know how..... And you know .... :)

This is what I need.... Now I will try to comment yours replies (thanx for
them):

====================================

>I'm not sure of all you requirements as the document was a little unclear
>but this might address a lot of your needs:
>
>http://www.cs.utexas.edu/users/mcguire/software/horatio/
>
I hope now I make it more clear. Sorry :)

Horation is something what 'we are creating' - so, we may use it, but it
doesn't solve (or I am miss ?) our 'dangerous' places - I didn't find any
other secure way, how to auth from dangerous places, except some 'auth
device'....

>Generally what you're talking about sounds like a great candidate for
>public/private key cryptography. I don't even know why you need dedicated
>hardware ... at most you need to authenticate once per session (where a
>session is a borrowed IP address) so even if you used a 2048 bit key it
>should be managable.
Because, HOW I will 'use' my private key ? I have to 'put' into 'host'
computer, throw which one I am going to administrate something (check
emails, update some web, put tasks to emplyments, ....) -> it can be really
easily STOLEN. Or any other way how to protect it ?

>The simplest solutions (though a little insecure since a web server is a
>complicated piece of software and hence introduced possible compromises)
True. That's why there is firewall, views on database, separate machines. It
doesn't make 'secure' thing (it doesn't exist IMHO) but increases a bit
'global security'....

>is a web server on the firewall or on a trusted, secure host inside the
>firewall (with only encrypted HTTP access allowed). The user logs onto
>the web server (you can even have a second layer of username/password
>authentication) and it challenges them with a randomly generated string.
Yes.

>They encrypt it on their local box via some simple customer code you give
>them and then cut and paste the response into the web server. If the
>string is encrypted using the private key associated with a trusted
>public key on the web server then the web server writes new entries in a
>local database corresponding to the users IP (andtimestamps it). A pull
>based client on the firewall regenerates firewall rules every five minutes
>or so by reading them out of the database.
The trouble is 'local box'. It need to be SMALL AS POSSIBLE. We are doing in
commnucations devices (wirelees devices - 2-30+GHz, laser devices, network
connectors/converters/etc.). Imagine situation, where businesman is
somewhere - on busines meet. They are about to create some agreement. Bigger
one. And now he need to online query something: How fast we can supply
requested amount of devices ? He have to login into 'private' system - to
ask some developer, look on 'bug lists' or check manufacturing. Whatever. In
some cases, he can have his notebook and connect to network (not best
solution, because you have to apply new network parametres -> sometimes can
occur troubles, second side have to call 'admid' for network params,
businsman doesn't need to be good in adminisrating network, whatever....).
Or he can use some wirelees/phone connection (not all the time will
work...). Or he can use parther's computer to get information. The
fastest/best way. And we are comming to point: For them is the best choice
'small' dedicated HW to autentificate. And next thing - I explained above
'parthers'... It is not easy to give notebook to EVERYONE or TRUST to key
pair which we will give to them. But it is easy to give them small
'calculator' :o)

>A daemon process watches entries in the database and removes them after a
>time interval (this might be done a better way using a log on the firewall
>and then scanning it for idle times).
Yup.

>The main concern with this kind of setup is users coming in from behind a
>proxy (particularly a company wide one) open up your network to everyone
>behind that proxy. The only route around that I can imagine is to use
>something like VPN which will actually build a secure tunnel.
All services itselfs are based on 'HTTPS' at all (thin client). I belive,
HTTPS with 'generated' keys (so, no private key for auth) should be
'enough', if server will require at least 128 bits. And we can assume
browser is cappable to use https/128. On 'work' computers, we are allready
using secure tunnels (just simple SSL layer - stunnel - you know this thingy
I guess). VPN itselfs requires some 'instalation' and 'configuration' - and
it is something, what I want prevent (if possible).

All the time, we have to mix together few things:

1. Money required to build 'auth'
2. Money required to 'add' someone into ring
3. Security
4. Time
5. Time/Money for every 'connection'
6. Technical knowledge of 'end' users

I personally thing, that small dedicated HW (which will cost ~$15 per unit)
fill majority of need well. Anyway, it is why I select small CPU not some
USB existing device. By use some existing USB/COM device (Flash card, CPU,
...), we have to 'write' SW which will access it - and we have to do it for
X opearing systems/browsers - ActiveX for IE, etc. In the result, 'HW/OS'
indepenend piece of HW will cost lees. SW itselfs to read these devices is
simple, but have to be done 'x' times....

The best solution - send auth to mobile phone/pages can't be used, because
of speed :( [cross-country]

Thanx for your time,
Have a nice day,
Best regards,
Lada 'Ray' Lostak
Unreal64 Develop group
http://www.unreal64.net