Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!bionet!ig!ames!pacbell!att!homxb!mtuxo!att!alberta!calgary!ctycal!ingoldsb
From: ingoldsb@ctycal.COM (Terry Ingoldsby)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Summary: What about this idea . . .
Message-ID: <291@ctycal.UUCP>
Date: 23 Apr 89 03:44:06 GMT
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <1989Apr17.213712.5631@utzoo.uucp>
Organization: The City of Calgary, Ab
Lines: 44




Other people have offered their ideas on how to secure a network (whether it
is TCP-IP, DECNet or XNS is unimportant).  Here is my idea.  Shoot it down if
you can think of a good way to break it:

  This is derived on something I read in BYTE some time ago.  I don
remember what issue.

  Each authorized node has a file of a reasonably large size, say 100K,
filled with random numbers.  Make them really unpredictable (they don't
necessarily have to satisfy any particular distribution).  Protect both
files, so only privileged processes can read them (if you can't
trust superusers, your security is shot anyway).  Each side of the
connection gets to ask the other side 3 questions.  The questions are
of the form:
   What number is at position 32156?
   The number at position 2154 is 3261.  True or False.
It is unpredictable what the indices of the questions will be, so just
listening to one session won't give you the answers you need for the
next session.  The second type of the question is particularly good,
since if the answer is false, the eavesdropper still doesn't know what
the value at position 2154 is.

Each side gets a chance to decide if the other side is authentic.  Once
authentication has been established, the initiator suggests that both
sides use the D.E.S. (Data Encryption Standard) key found at index ###.
From that point on, all communication is DES encrypted.  There are
cheap chips to do that for you, so the overhead needn't be high.

Periodically, change the file at all nodes.  If anyone is eavesdropping,
they won't have sufficient sessions to observe to deduce the contents
of the mystery file.

Is that secure enough?

                                   Terry Ingoldsby
                                   Land Related Information Systems
                                   The City of Calgary

                                   ctycal!ingoldsb@calgary.UUCP
                                            or
                       ...{alberta,ubc-cs,utai}!calgary!ctycal!ingoldsb