Basics of string based protocol security

I wasn't sure how to phrase this question, so apologies in advance if it's a duplicate of something else.

I wanted to sanity check how I've secured my twisted based application and think I've done a good job at it, but it's been over a decade since I've written anything that uses raw or managed sockets.

Authentication transaction: Client connects and immediately a challenge response is sent back with a 16 character hex string. Client side takes user name & password, password is converted sha1( salt + sha1(password)) and credentials are sent back to the server as { username, password }. On the server side, authentication does standard lookup pattern ( if user exists and has password equal to input then grant ).

If the connection between user & client is lost, the protocol class marks itself as dirty and disconnects itself from the user object. Any time after this point, to get access to the user object again, the client would have to repeat the authentication process with a new salt.

Am I missing something? Is there a better/more secure approach for a character stream based protocol?

The protocol you described addresses one attack, that is the a replay attack. However, you are very vulnerable to MITM attacks. The TCP connection won't drop when the attacker moves in on the protocol. Further more anything transferred over this system can be sniffed. If you are on the wireless at a cafe everyone in the area will be able to sniff everything that is transmitted and then MITM the authenticated session. Another point is that sha1() is proven to be insecure you should use sha256 for anything security related.

NEVER REINVENT THE WHEEL, especially when it comes to security.

Use SSL! Everyone uses SSL and it has a LONG history of proven secuirty, and that is something you can't build. SSL Not only solved Man in the Middle Attacks but you can also use Certificates instead of passwords to authenticate both client and server which makes you immune to brute force. The sun will burn out before an attacker can brute force a 2048bit RSA certificate. Father more you don't have to worry about an eve dropper sniffing the transmission.

Keep in mind that OpenSSL is FREE, generating certificates is FREE, and the singing of certificates is FREE. Although the only reason why you would want to sign a certificate is if you want to implement a PKI, which is probably not necessary. The client can have the server's public key hard coded to verify the connection. The server could have a database of client public keys. This system would be self contained and not require OCSP or CRL or any other part of a Public Key Infrastructure.

SRP6? What is wrong with you. Everything uses ssl. You have no idea what you are doing.

Rook 2010-01-28 15:58:58

Huh, what do you think is wrong with me? I guess if SSL would be an option David woudn't have asked this question. And by the way, SRP is not only more secure but also has several other advantages over SSL. see: http://srp.stanford.edu/analysis.html

x4u 2010-01-28 16:07:00

Do you also reinvent the wheals on your car so that you can drive to work?

Rook 2010-01-28 16:09:07

@unknown: _"everything uses ssl"_?! Really?? Everything? I agree that SSL is standard in Internet-based, computer-to-computer communications but that is hardly everything. There are many cases in which the overhead of SSL is too large (embedded devices) or where TCP is not available so SSL is out of the question. There are also many cases in which only authentication is necessary and full-stream encryption is not.

D.Shawley 2010-01-28 16:22:57

Where did I reinvent the wheel? SRP is nothing I would be able to invent. It just happens to be one of the most advanced authentication protocols that is available today. Coincidently, SRP-6 has recently been suggested to improve TLS/SSL authentication in RFC 5054. So if you are lucky, you find a SSL implementation that already supports this but might still need a expensive and difficult to get CA certificate.

x4u 2010-01-28 16:36:59

SSL is available on every single platform that is worth while. Any platform that can use SRP, SSL would be easier and more secure. There is absolutely no reason not to use SSL. I was a bit harsh, I'm sorry SRP is a cool protocol and it is more secure than the OP's.

Rook 2010-01-28 16:45:01

+1 SSL. Using SSL is not a magic bullet, and there will be (and have been) vulnerabilities. However, there are many people paying attention to SSL and fixing these vulnerabilities for you. When you invent a new security scheme, it's very likely that the only people looking for vulnerabilities in it are people trying to attack you. They're not going to fix your vulnerabilities when they find them, they're going to exploit them.

Jean-Paul Calderone 2010-01-28 16:10:02

Aah yes, I see the the security in obscurity debate budding. You don't know how secure something is until it is broken. The more eyes you have on the problem the better the system is going to be.

Rook 2010-01-28 16:23:00

I assume you believe the protocol itself is sound if your suggesting additions to the transport layer?

David 2010-01-28 16:23:50

If you go with SSL, remember that the client must verify that the server certificate is correct. This is not necessarily done automatically by your SSL library! Way too many applications miss this, but TLS/SSL is entirely vulnerable to MITM attacks if you accept any random certificate.

Baffe Boyois 2010-01-28 16:33:45

@Baffe yes, you could go with a full on PKI and that is sexy. But an easier implementation would be to hardcode the server's public key into the client. The server would also have to have a list of client public keys if you wanted to authenticate the clients using asymmetric cryptography.

Rook 2010-01-28 17:23:08

SSL can be a very costly solution if you are working with a large degree of individual nodes.

jathanism 2010-01-28 18:54:02

SSL certificates are free if you sign them. Signing them is only needed if you go the PKI route, which is probably overkill. I don't think synack or Baffe has ever used SSL out side of https.

Rook 2010-01-28 18:58:19

I didn't mean to imply that you need a cert issued by any particular authority that happens to be supported by your browser. You certainly can set up your own CA and only accept certs signed by it. What I wanted to point out is that you can far too easily end up accepting ANY cert without noticing you're misusing the SSL library.

Baffe Boyois 2010-01-29 02:45:15

ansaurus

tags:

views:

answers:

Basics of string based protocol security

related questions