Reputation: 31
Security of an authentication algorithm
I am making a little script in python, in which a client has to authenticates to the server. The idea is that an attacker cannot authenticate himself by listening to the network, without knowing the password. Despite any good practices, I am trying to make my own secure authentication (it is only for personal use).
In my current algorithm, the client and the server share :
- the password that authenticates the client
- an encryption key
- the encryption algorithm (AES with pycrypto)
It works as follows :
- The server generates a token
- The server encrypts the token
- The encrypted token is sent to the client
- The client decrypts the token
- The client encrypts the set (password + token)
- The encrypted set (password + token) is sent to the server
- The server decrypts (password + token)
- If the received information corresponds to the shared password and the token sent by the server, then the client is successfully authenticated.
In this algorithm, the client and the server share 2 secrets : the password and the encryption key.
I am wondering if it would be secure to do like this :
- The server generates a token
- The server sends the token to the client (in plain text)
- The client encrypts the token, and returns it to the server
- If the decrypted token is correct, the client is successfully authenticated.
In this case, the server and the client share only one secret (the encryption key). From my (small) knowledge of AES, I think that an attacker should not be able to guess the key with the token and the encrypted token, nor to guess the encrypted token without owning the key.
So my questions are: do you see any flaws in my algorithms? Is the second as secure as the first?
Thanks for your help
Upvotes: 0
Views: 403
Answers (1)
Reputation: 7140
I am not a crypto expert (shout out to https://crypto.stackexchange.com), but AES is meant to assure confidentiality, and your method does not prevent non-repudiation. In other words, I can't read the contents of the token, but I can intercept your message and send the same one to the server to "authenticate" myself, right? (https://en.wikipedia.org/wiki/Replay_attack) Additionally, someone in the middle could modify your message and potentially cause problems, since again, AES assures confidentiality, but not integrity of the message. Aside from those core issues, there are subtle mistakes you can make when implementing this that can cause issues that are very difficult for you (and me) to detect, but possible for attackers to sniff out.
Perhaps when combined with an HMAC, you can overcome these weaknesses... but I would have to encourage you to not "roll your own" crypto scheme and perhaps all you need is HTTPS to secure the communication between the two devices (and a pre-shared token/key/password to prove identity). If you do decide to continue down this route, I would also encourage you to do significant research and having a security expert review your code/implementation before using in any sort of production environment. If this is just for fun/research, that's another story.
Upvotes: 2
Related Questions
- Authentication?
- Authenticated encryption and OpenSSL keys
- Symmetric key authentication protocol
- Authentication system - is my one secure?
- Authentication via AES
- Secure user authentication
- AES key derivation
- Which attacks are possible concerning my security layer concept?
- Basic encryption to authenticate users
- AES decryption Algorithm