trying to implement a basic authentication mechanism

From: Anuz <chambilkethakur@xxxxxxxxx>
Date: Tue, 25 May 2010 06:52:14 -0700 (PDT)

Hi all,
I am trying to implement some form of basic authentication mechanism.
Suppose I have a server process A, to which other client process B, C,
D etc connect using some form a IPC.
I want to allow only genuine client process to connect to server
process A, if any Malicious or unknown process tries to connect, it
should deny/close the connection.
So in order to provide such mechanism. I took two numbers one as
"server_id" and other as "salt/cipher". Using "server_id" and "salt",
I create a set of keys based on "client_ids". Now on client side, I
take its "id" and using "server_id" and "salt", I create a unique
"identifier", which is encrypted using setkey() and encrypt()
function. This "encrypted string" is then sent to server process for
authentication. On server side using key , "encrypted string" is
decrypted and the value is compared against the set of keys, which
were previously generated based on client ids.
Since, the "encrypted key" is generated using three numbers i.e.
"client id", "salt" and "server_id", the malicious program cannot
connect until unless, it knows all three numbers.
However, the problem is I donno how can I possibly store these
numbers? Client ids need not to be stored, since they are based on
client numbers. However client and server both should know these keys
in order to generate(or verify against) encrypted string.
For now I have hardcoded both number in code(server and client side)
as "automatic const", but that is a very bad idea. I cannot generate
random or timebased keys, since sync between client and server is
difficult to implement.

I have very little familiarity with security mechanisms(implementation
or usage). Can anyone suggest a better way of doing this?

Thanks
Anuz
.

Prev by Date: Extended deadline (15 July 2010): CACS Singapore [EI Compendex,ISTP,IEEE Xplore]
Next by Date: Nike,Jordan,Gucci,Adidas,Puma,Ed hardy,Polo,BBC,Gucci,Armani,LV,Christina Audigier Tshirt and Jeans--- www.tradingspring.com
Previous by thread: Extended deadline (15 July 2010): CACS Singapore [EI Compendex,ISTP,IEEE Xplore]
Next by thread: Nike,Jordan,Gucci,Adidas,Puma,Ed hardy,Polo,BBC,Gucci,Armani,LV,Christina Audigier Tshirt and Jeans--- www.tradingspring.com
Index(es):
- Date
- Thread

Relevant Pages

Re: What doesnt lend itself to OO?
... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
(comp.object)
This is going straight to the pool room
... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
(comp.os.vms)
[Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
(Full-Disclosure)
Re: What doesnt lend itself to OO?
... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
(comp.object)
RE: Fax monitor incoming + outgoing calls?
... problem between the client computer and the SBS server. ... Client is using the internal IP address of the SBS server as the ... To the folder redirection GPO issue: ...
(microsoft.public.windows.server.sbs)