Re: Recognising one's own messages on an anonymous broadcast channel?

bergstrom.henrik@xxxxxxxxx wrote:

Problem:

A user sends operations to our server on a private channel. The result
is broadcast to all users (cannot be sent on the private channel).

1. The result must be anonymous, i.e. no other client must be able to
identify which client that sent the operation to the system or that
two operations belongs to the same client.
2. The client that sent the operation must be able to identify the
result as his own.
3. No collisions! I.e. no client should mistakenly identify a result
as his own.

Prerequisites:

o It's ok to add "user id:s", "correlation id:s" etc. to the input
messages.
o It's ok for the server and client to share secrets, if necessary.
The input channel is a persistent connection.
o The algorithms have to be message-based rather than stream-based.
o The algorithms used have to be "fast" since a quite high number
(100k) of messages are processed per second by the common server.


gnupg can be used to easily accomplish this:

[1] each client is assigned a public and private keypair, known only
to the client,
and the public key known only to the client and the server,
(ideally. each client should generate his/her own key,
otherwise the client can 'claim' that the server 'forged' the message)
(all the keys should be of the same size and type, i.e. 4096 rsa)

[2] the message itself is signed by the client's key, and is
unidentifiable by anyone who does not have the public key

[3] the signatures should all be of the same type,
e.g. sha-512,
(or whatever wins the NIST contest ;-) )

[4] this results in each signed message for any given client being
different than any other one,
and impossible to link to any other signed message without knowing the
public key

[5] the messages can be sent signed and encrypted
(signed by the client, encrypted to the server, and simultaneously
encrypted to the client, using the --hidden-recipient self option,
or,
if the message is desired to be made 'public' to all clients,
signed by each client, and symmetrically encrypted using a passphrase
distributed to each client on a daily basis)

[6] the signatures have a certain measure of non-repudiation
(but only as long as the client generates the keypair,
as stores it securely)


gnupg is free software,
(and specifically, also free for commercial use)


vedaal

.

Relevant Pages

  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • [NT] Dark Age of Camelot Man-In-The-Middle
    ... use of RSA public key cryptography and an RC4 based symmetric algorithm. ... Seeing the imminent release of code for cracking the game client (which ... At the beginning of each TCP session, the server sends a 1536 bit RSA ... void bytes_out(unsigned char *data, int len) ...
    (Securiteam)
  • Re: Debian SSH server configuration
    ... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
    (Debian-User)
  • RE: Problems with security requirements in Windows WorkGroups.
    ... "A remote side security requirement was not fulfilled during authentication. ... small chat application between a client and a server ... When I try to use the TCP channel I get the error (with NO inner exception ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Basics of key authentication
    ... The public key gets copied to the server, ... and the client decrypts it with its private key to prove he is who he ... and the digital signature to the server. ...
    (comp.security.ssh)