Re: Socket Server with Encryption help

...and another thing I forgot.
Nobody answer me the 3 questions!

--
Andre

"Valery Pryamikov" <valery@xxxxxxxxx> wrote in message
news:%23g0PWFvQGHA.4976@xxxxxxxxxxxxxxxxxxxxxxx
Hi, (I'm valery :-)



After reading your post I got a very strong suspicion that regardless of
your saying that you read "a lot of papers about Symmetric, Asymmetric,
Hash, Envelope and Signature" you didn't read even distantly enough to be
able to implement something even distantly secure.

Authentication protocols are fiercely difficult to get right. The
classical paper on three party authenticated protocols design was written
by Needham and Schroeder "Using encryption for authentication in large
networks of computers" in 1978, where they described several protocols,
one of witch was modified, strengthened and extended a bit later to become
what is now known as Kerberos. At the end of their paper, Needham and
Schroeder wrote that "protocols such as those developed here are prone to
extremely subtle errors that are unlikely to be detected in normal
operations. The need for techniques to verify the correctness of such
protocols is great." Since then it was many attempts to develop a formal
protocol verification tools. When it concerns authentication protocols,
the most successful is BAN logic that stays for the names of their
creators Burrows, Abadi, Needham and was first described in their "A logic
of authentication" 1990 paper that could be found here
http://www.stanford.edu/class/cs259/papers/ban1990.pdf. BAN logic was
successfully used for analyzing and detecting errors/redundancies in many
authentication protocols such as Kerberos (redundancy), Needham-Shroeder
(design problem), Denning-Saco (design problem) and many others (don't
recall names from the top of my head, but there was quite a lot).

Another well known formal method of analyzing protocol correctness was NRL
protocol analyzer (Navy Research Laboratory). Here you can find more
details on it:

http://chacs.nrl.navy.mil/publications/CHACS/1994/1994meadows-pap.pdf

With some extension to address problems of Denial of Service that could be
found in another paper by Meadows "Formal Framework and Evaluation Method
for Network Denial of Service" http://citeseer.ist.psu.edu/384.html



Very good survey of formal methods of protocol analysis you can find here:
http://www.csc.liv.ac.uk/~wiebe/pubs/Documents/survey.ps



And you can check this my blog post for very quick point on single aspect
of authentication protocol:
http://www.harper.no/valery/PermaLink,guid,aa88fdd0-ac5c-4315-969a-6954b4e05ad7.aspx



But frankly, I think that you really need a lot of cryptographic
background before even starting reading papers on development of
authentication protocols and think of implementing such protocols
yourself!



"Practical Cryptography" book, that was suggested to you earlier, could be
a good starting point if you only need overall understanding of basic
cryptographic problems and don't plan to make cryptography to be your
specialty.



However if you want cryptography to be your speciality you probably have
to start with Bellare-Rogaway's "Introduction to Modern Cryptography"
http://www-cse.ucsd.edu/~mihir/cse207/classnotes.html (online)

After that, I'd highly recommend you to read Douglas Stinson's
"Cryptography Theory and Practice" third edition (second edition doesn't
contain chapters on protocols) http://www.amazon.com/gp/product/1584885084
(book)

Good alternative (or addition) to Stinson's book is Wenbo Mao's "Modern
Cryptography: Theory and Practice" is also a recommended reading at that
stage.

http://www.amazon.com/gp/product/0130669431 (book)



After that you MUST! read Goldwasser-Bellare's "Lecture Notes on
Cryptography" http://www.cs.ucsd.edu/users/mihir/papers/gb.html (online)



If you want implement algorithms yourself - you should read encyclopedic
"Handbook of Applied Cryptography" http://www.cacr.math.uwaterloo.ca/hac/
(available online and as printed book)



After you done with it, for hardcore cryptography and protocol design work
you'll need to read Goldreich's "Foundations of Cryptography" (draft is
available online http://theory.lcs.mit.edu/~oded/frag.html, but I'll
highly recommend to buy books http://www.amazon.com/gp/product/0521791723

http://www.amazon.com/gp/product/0521830842)



Only after you done reading references above (and reading papers that are
most often cited in references section of mentioned books, lections notes
and papers), then you may try to implement your own authentication
protocols, and I'm sure - you will not be asking the questions that you
are asking today.



From the other side, I would not recommend reading Schneier's "Applied
Cryptography". His non-rigorous discussion of protocols and algorithms
makes it very easy to miss (oversee) difficulties of designing them, plus
there are a number of conceptual mistakes in some of his descriptions
(that was mussed many times in discussions that you can find in Usenet
groups and on Internet). Schneier's book was an attempt to create simple
exposition to cryptography for developers; however by Schneier's own words
it was a mistake.



-Valery.

http://www.harper.no/valery



"Andre Azevedo" <xpto@xxxxxxxx> wrote in message
news:%23U1j2DtQGHA.3192@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,

I've started to develop a server and client socket classes with
encryption. The main communication/transport classes is working fine and
now I will write some encryption process.
After reading a lot of papers about Symmetric, Asymmetric, Hash, Envelope
and Signature I still have somes doubts and I will explain what I calling
the "Authenticate Flow" in client/server socket communication:

1. Client connects into Server and Server accepts the connection.
2. Server send his encryption public-key to Client.
3. Client creates a new symetric session-key, encrypt it using the Server
encryption public-key and send it to Server plus the Client sign
public-key.
4. Server decrypt Client symetric session-key and simply replies to
Client, telling "Ok, I have the symetric session-key and your sign
public-key".

Now, every time Client need send some data, it does the following:

5. Client encrypts data with symetric session-key, sign (hash) the result
with sign private-key. Client then sends the hash result and the
encrypted data to server.
6. Server sign (hash) the encrypted data with the same Client hash
algoritm and save it in Hash1. After, it decrypt the sign (hash) sended
by client using Client sign public-key to obtain the Hash2. If Hash1 and
Hash2 are the same, then is the correct Client. Otherwise, closes the
connection.
7. If ok, Server then decrypt data with symetric session-key.

Well, que questions now:

A - The hash algoritm is know by the Client and Server since it's my
implementation of both and I don't need to send the hash algoritm
information. Is this acceptable?
B - Sendind the Client sign public-key to Server is ok. But, after that,
I'm sending some data using Client sign private-key to Server. Is this
secure? Is a normal way to do it?
C - Do I need to do the 5, 6 and 7 steps every time Client needs send
some data to Server and vice-versa? Or these steps it's executed only
once only certify the Client and, after that, both sides can send
messages encrypted only with symetric session-key?

Sorry for the long post. Any help will be apreciated

TIA,

--
Andre Azevedo








.