tags:

views:

204

answers:

4
+2  Q: 

Three-way authentication/handing an authenticated client off to a different server?

Hi,

I'm interested in creating a sort of hand-off authentication method, where there's a client and two servers (let's call them Alice, Bob and Carmen Sandiego, respectively). Alice is a client (in a browser) somewhere on the 'net, possibly behind a NAT that gives a different IP for outgoing requests to different addresses (I know there are some corporate NATs that do this, so just in case).

Alice logs onto Bob using standard challenge-response authentication. The goal is that Alice can now make a request to Carmen and be recognized as an authenticated user. I assume the best method would be to have Bob create some temporary passkey which is sent to both Alice and Carmen and Alice will send that passkey to Carmen. However, I'm no crypto expert and so I'm unsure exactly how to make this communication safe. That is, if there's an eavesdropper on the Alice-Bob line that accesses the passkey, it could just send this straight to Carmen and get unauthorized access.

So does anyone have any ideas about how to do this? I'm assuming it involves a lot of shared secrets, random numbers, and hashing, but I'm not sure exactly what's cryptographically sound.

Thanks, Robert

+1  A: 

As long as the 3 machines only communicate over SSL with each other, you are safe. The weak point is going to be on the Alice browser itself. A person with access to the Alice browser might be able to extract the tokens and use them from another machine.

David  2009-09-01 20:23:29
It's an open-source project, so I'm loath to pay for any SSL certificates. Also, there's no need for the data to be encrypted -- just authentication.
Robert Fraser  2009-09-01 20:42:31
So long as your users/clients can accept them, you can sign an SSL certificate for free. I don't think this gets around the problem of exchanging keys beforehand, but it reduces the exposure.
Karl Anderson  2009-09-03 23:39:16
+2  A: 

It sounds like you're talking about a key-exchange algorithm. This is a well-understood problem, you'll be glad to hear, although it's not particularly well understood to me, I must admit. The Diffie-Hellman algorithm seems to be the best example of this.

If you want to get a good understanding of this stuff, the standard text is Bruce Schnieier's Applied Cryptography. It's highly readable, as is Practical Cryptography.

Whatever you do, don't try and implement this stuff without thoroughly understanding the problem, or you'll just end up with a swiss-cheese security model. Always safer to use proven third-party products, although offhand I'm not familiar with any.

skaffman  2009-09-01 20:24:22
Ah, thanks... Yeah, this stuff is hella complex. I understand challenge-response well enough to implement it, but this looks a bit more daunting.
Robert Fraser  2009-09-01 20:44:02
Aye. It's fun, though...
skaffman  2009-09-01 20:47:21
Ah, on further investigation, this seems to allow two parties to exchange encryption keys, but it seems that there is no authentication involved. How does Carmen know that Alice is Alice?
Robert Fraser  2009-09-01 20:52:40
Indeed, DH only provides the basic mechanism for key exchange, from which you need to build upon the additional layers such as secure auth. At this point, however, I'm outy of my depth, and I can only recommend you once again to Mr Schnieier.
skaffman  2009-09-01 20:59:23
+4  A: 

You might want to have a look at Kerberos. I don't know if this protocol satisfies your needs, but at least it is worth a try.

In particular with Kerberos a client can authenticat himself to a server1 that fore example can verify the clients password. If the client then wants to authenticate himself to a second server, he can ask for a ticket. A ticket is basically a short message that contains information such as the server ids, a timestamp and a session key K. This message is encrypted with a key that is shared by the two servers. The client receives the session key K and the ticket. With these two things he can now authenticate himself to the second server. I.e. the client sends the ticket to the second server, this server decrypts the ticket checks the ids timestamp etc. and gets the session key K. That is the client and the second server now share the key K, which they can use for the authentication.

I'm aware that this description is too short to include all details. I hope it is not too confusing.

Accipitridae  2009-09-02 17:31:36
If you're looking to roll your own, Kerberos is a pretty solid platform, so you could model it after that, though it's more complicated and involves a few more steps than what you're asking, but it's somewhere to start.
rwmnau  2009-09-02 17:40:18
Yup; that's what I'm looking for; thanks!
Robert Fraser  2009-09-02 19:46:41
Realise that this requires confidentiality between the client and server1 - otherwise anyone else watching can get the ticket and session key too. Kerberos covers this - if you roll your own along similar lines its something to be aware of.
caf  2009-09-03 00:18:50
Yup, doing the authentication and the key distribution right is not easy. Kerberos itself went through multiple versions because it contained serious flaws. Even just looking at its history to understand the potential problems is quite instructive.
Accipitridae  2009-09-03 06:41:57
Well, I think for my project (streaming video server), a baseline level of security is sufficient.
Robert Fraser  2009-09-03 19:23:43
+2  A: 

Rather than passing authentication tokens, Carmen could use OpenID to authenticate Alice through Bob. This wouldn't involve Alice giving Carmen any credentials. It could involve another user interaction, but user-agent assistance (signed cookies or client certs) should reduce this (I generally have to interact with my OpenID provider the first time I authenticate for a consumer).

This assumes that Bob and Carmen can communicate each time authentication is needed.

Karl Anderson  2009-09-03 23:22:44

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi