Re: Simple resource protection with public keys

From: Ernst Lippe (ernstl-at-planet-dot-nl_at_ignore.this)
Date: 04/28/03 

Date: Mon, 28 Apr 2003 14:36:16 +0200

On Mon, 28 Apr 2003 11:34:08 +0100, Tim Goodwin wrote:

> I'd welcome any comments on the following.
>
> I have a server, which holds a resource. I wish to restrict access to
> this resource.
>
> The server knows public keys for clients who may be authorized to
> access the resource. Since I need these keys anyway (for another part
> of the system), I would like to use them for this case too.
>
> The channel between server and client is not necessarily encrypted. I
> would like to minimize round trips. The value of the resource is
> small: I want to protect it from casual mischief-makers, but I'm not
> worried about opponents with serious resources.
>
> I have devised the following protocol.
>
> The client sends a message comprising (the client's idea of) the
> current time to 1-second resolution, and a signature over that
> timestamp made with the client's private key.
>
> The server verifies the signature, and checks that the timestamp
> is within a small delta of (the server's idea of) the current
> time. If both tests pass, access to the resource is granted.
>
> The signature algorithm I intend to use is SHA1 + DSA.
>
> I like the simplicity of this, but I worry that the timestamp message
> is: i) short, and ii) predictable. Is there any value in adding a few
> bytes of output from a CSPRNG to the client message?

No, because the server cannot verify that they were actually
generated by the CSPRNG.

Like Henrick already pointed out this protocol is
vulnerable to replay attacks, you should record the
most recent time-stamp per client.

Also the protocol is vulnerable to a man-in-the-middle
attack.

Another point, in general it is difficult to have
synchronized clocks, so your protocol should also
consider how to handle an unsynchronized client.

Why don't you use SSL/TLS? It avoids all of these
problems.

greetings,

Ernst Lippe

Relevant Pages

  • passwordless ssh logins _STILL_ not working - help needed.
    ... I am trying to allow _all users_ on CLIENT to login to ... SERVER without a password. ... I am not interested in user keys _at all_ ...
    (freebsd-questions)
  • Re: Trying to set so that only the clients default printer is map
    ... All you should have to do is create the last few keys of: ... This is a client side fix, as specified in the support instructions you ... SDE - Terminal Services ... registry change was on the client, not the server - Was I mistaken? ...
    (microsoft.public.windows.terminal_services)
  • passwordless ssh logins with shared _HOST_ keys - not working.
    ... I am trying to allow _all users_ on CLIENT to login to ... SERVER without a password. ... I am not interested in user keys _at all_ ... CLIENT can login to SERVER without a password. ...
    (freebsd-hackers)
  • SIDHistory and kerberos max token size
    ... kerberos max token size on the client had to be modified ... because each user is a member of almost 1000 groups. ... Some of sites this current domain services are remote where the resource ... server is also the domain controller. ...
    (microsoft.public.windows.server.migration)
  • RE: MS RAS (pptp + MSCHAPv1)
    ... I'm not sure whether this tool already supports MS-Chap and have not seen ... Client requests a login challenge from the Server. ... Each of these keys is used to encrypt the challenge. ...
    (Pen-Test)