Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Table of Contents

advertisement 
Design Document
Authentication System
With
Resource Management
Computer Networks
CSC 4900
Todd Little
Gregory Geosits
Authentication System with Resource Management
Table of Contents
1. Abstract ..................................................................................................................... 3
2. Summary .................................................................................................................... 3
3. Design Decisions ........................................................................................................ 3
4. Security Specifics ...................................................................................................... 3
4.1 DES ....................................................................................................................... 3
4.2 System Interaction Diagram ................................................................................. 4
5. Design Specifics ......................................................................................................... 5
5.1 The Server ............................................................................................................. 5
5.1.1 The Main Method .............................................................................................. 5
5.1.2 The Server Constructor ...................................................................................... 5
5.1.3 The client_Connect Method ............................................................................... 5
5.1.4 The resource_Connect Method .......................................................................... 5
5.1.5 The get_Hour Method ........................................................................................ 6
5.1.6 The resource_Deliver_Message Method ........................................................... 6
5.2 The Resource Manager ......................................................................................... 6
5.2.1 The Main Method .............................................................................................. 6
5.2.2 The Resource Constructor.................................................................................. 6
5.2.3 The resource_Deliver_Message Method ........................................................... 6
5.2.4 The resource_Connect Method .......................................................................... 7
5.2.5 The client_Connect Method ............................................................................... 7
5.3 The Client.............................................................................................................. 7
5.3.1 The Main Method .............................................................................................. 7
6. Compilation and Installation ................................................................................... 7
6.1 Compiling the System ........................................................................................... 7
6.2 Installation of the Proper Class Files .................................................................... 7
6.3 Running the System .............................................................................................. 8
7. System Testing ........................................................................................................... 8
7.1 (Failure) Incorrect NAME, Correct Key ............................................................... 8
7.2 (Failure) Correct Client NAME, Incorrect Key .................................................... 9
7.3 (Failure) Incorrect Client NAME, Incorrect Key ................................................. 9
7.4 (Success) Correct Client NAME, Correct Key ................................................... 10
8 Test Report ............................................................................................................... 10
9. Enhancements ......................................................................................................... 10
9.1 Private Key Transmission ................................................................................... 10
9.2 Resource Manager Functionality ........................................................................ 11
9.3 Implementation in TCP ....................................................................................... 11
10 Conclusions ............................................................................................................. 11
Page 2 of 11
Authentication System with Resource Management
1. Abstract
The purpose of this document is to provide a detailed description of the design
methodologies needed to create an Authentication System with Resource Management.
This document will cover implementation selections for programming tools, and it will
discuss specifics on interactions between classes and methods. In addition, system
installation and product testing will covered as well.
2. Summary
This system will provide two services. The first service will be provided by a Server
which will provide a means of authentication for a client. The authentication must be
secure and not easily duplicated. The second service will provide a resource for a client.
The resource will be a simple message, but the client must be authenticated to the system
before the resource will be made available. A secure communication must be made
between a Server, Resource Manager, and a Client.
3. Design Decisions






The system will be implemented using Java RMI. RMI provides a robust
interface for communications between machines and remote java methods.
All three pieces of the system (Server, Client, and Resource Manger) will reside
on separate computers on a network.
The RMI components will be linked via IP address.
The Data Encryption Standard private-key encryption method will be used for
authentication purposes.
A time window of one hour will be provided for the client to contact the resource
manager after having authenticated to the server.
A single interface will be implemented for the Server and Resource Manger to
share.
4. Security Specifics
4.1 DES
The security attributes used in this system involve DES data encryption. The DES
implementation used was taken from a homework assignment for ECE5477, Computer
Communications Security. It involves the following classes:
 DES.java
 DEA.java
 Cipher.java
Page 3 of 11
Authentication System with Resource Management
 Crypt.java
 TwoLongs.java
This implementation allows for a simple DES encryption of a long value as follows:
DES d = new DES(key);
Long encrypted_value = d.encrypt(value);
Long decrypted_value – d.decrypt(encrypted_value);
4.2 System Interaction Diagram
Resource
Manager
Server
Client
Client NAME & Encrypted KEY
Encrypted HOUR_OF_DAY
Client NAME & E_HOD
Client NAME & E_HOD
Boolean true or false
Message
Page 4 of 11
Authentication System with Resource Management
5. Design Specifics
5.1 The Server
The server will provide an authentication service for a client. Likewise, it will also
provide a means of verifying authentication to a Resource Manager. The server will keep
a current record of permissible clients and their corresponding private keys. A client may
only be added by a system administrator (no dynamic entries). Once a client is in the
server’s record, it can only be removed by an administrator. A client may contact the
server for authentication. In this case, the client will send the server its name and an
encrypted copy of its key, using its own key for the encryption. The server will respond
to a properly authenticated client by sending it an encrypted HOUR_OF_DAY. The
server will also function as a means of verification for a Resource Manager. In this case,
the server will receive a client name and encrypted HOUR_OF_DAY, using the client’s
private key, and it will return a Boolean variable of whether or not the client was properly
authenticated.
5.1.1 The Main Method
The main method will provide the function of setting up the RMI host. It will bind the
RMI host to a given port, 8182, and create a registry on that port. It is also in this method
where clients and their corresponding private keys will be defined.
5.1.2 The Server Constructor
This is a dummy method in which nothing is done.
5.1.3 The client_Connect Method
 Parameters: String name, long e_key
 Return Value: long encrypted_HOD
This method will receive a NAME and E_KEY value from the client. The name will
simply be the name of the client. E_KEY will be an encrypted version of the client’s
key. This method will decrypt the key sent to it by using the key in its own database. If
the key is valid, this method will generate an HOUR_OF_DAY. This value will be
encrypted using the client’s private key so that only it may reveal its true value. This
method will return this value to the client if the client is properly authenticated. If the
client is not authenticated, a value of 0x000L will be returned.
5.1.4 The resource_Connect Method


Parameters: String name, long e_data
Return Value: Boolean authenticated
Page 5 of 11
Authentication System with Resource Management
This method will provide a means for a Resource Manager to verify a client’s
authentication. This method will be given a client NAME and E_DATA. The method
will decrypt the data using the private key of the client indicated by NAME. It will
compute a current HOUR_OF_DAY, and check to see if the decrypted data matches the
current HOUR_OF_DAY. If this is true, it will return a value of TRUE to the Resource
Manager, otherwise it will return FALSE.
5.1.5 The get_Hour Method
 Parameters: none
 Return Value: integer HOD
This method will only compute an integer value for the HOUR_OF_DAY.
5.1.6 The resource_Deliver_Message Method
 Parameters: String name, long data
 Return Value: String message
This is a dummy method that must be implemented by the interface Message.
5.2 The Resource Manager
The Resource Manager will only provide the service of giving a specific message to a
properly authenticated client. If a client is not properly authenticated, a corresponding
message will also be sent. This component will communicate with the Server component
to determine authentication status.
5.2.1 The Main Method
This method only initializes the proper RMI components. The RMI host is initialized to
port 8183, and the registry is bound.
5.2.2 The Resource Constructor
This is a dummy method and has no functionality.
5.2.3 The resource_Deliver_Message Method
 Parameters: String name, long data
 Return Value: String message
This method receives two parameters, the client NAME and E_DATA. Upon being
called, this method contacts the Server with the data passed to it (NAME and E_DATA)
and receives from the server a Boolean value for the client’s authentication status. If the
client is properly authenticated, a specific string is returned to the client. Likewise, an
appropriate message is delivered to the client if proper authentication was not achieved.
Page 6 of 11
Authentication System with Resource Management
5.2.4 The resource_Connect Method
 Parameters: String name, long e_data
 Return Value: Boolean authenticated
This is a dummy method that must be implemented by the interface Message.
5.2.5 The client_Connect Method
 Parameters: String name, long e_key
 Return Value: long encrypted_HOD
This is a dummy method that must be implemented by the interface Message.
5.3 The Client
The Client is responsible for initiating the interaction between the components in the
system. The client must create two RMI connections, one to each other component
(Server, and Resource Manager). The client must encrypt its own key using its own key.
Then it must connect to the server sending it its NAME and E_KEY. The server will
respond according to the client’s authentication status. If the authentication is successful,
a message will be displayed to the terminal and the client will contact the resource
manager for the message. The client will then display the message returned. If the
authentication is not successful, the client will still attempt to get the resource. This will
result in an improper message being returned.
5.3.1 The Main Method
All of the above details for the client will be initiated and completed in the Main method.
6. Compilation and Installation
6.1 Compiling the System
All classes must be compiled using the JAVAC command from the JDK 1.3. Only the
Server and Resource classes must be compiled using the RMIC compiler.
6.2 Installation of the Proper Class Files
All of the following files are needed to be on each respective machine:
 Server
o Server.class
o Server_Skel.class
o Server_Stub.class
o Resource_Skel.class
o Resource_Stub.class
o DES.class
o DEA.class
Page 7 of 11
Authentication System with Resource Management


o Cipher.class
o Crypt.class
o Message.class
o TwoLongs.class
Resource Manager
o Resource.class
o Resource_Skel.class
o Resource_Stub.class
o Server_Skel.class
o Server_Stub.class
Client
o Client.class
o Server_Skel.class
o Server_Stub.class
o Resource_Skel.class
o Resource_Stub.class
o DES.class
o DEA.class
o Cipher.class
o Crypt.class
o TwoLongs.class
o Message.class
6.3 Running the System
On each terminal, the respecting java file must be run using the JAVA command.
 SERVER – java Server
 RESOURCE MANAGER – java Resource
 CLIENT – java Client
7. System Testing
7.1 (Failure) Incorrect NAME, Correct Key
Client attempts to authenticate with a name that is slightly misspelled, but with the
correct key. Verify that the output from the client is as follows:
TSOD:
TSOD:
TSOD:
TSOD:
TSOD:
TSOD:
TSOD:
TSOD:
Contacting Server rmi://172.18.2.5:8182/Server
Sending Client Name - TSOD
Sending Encrypted Key - 2129943306463753651
Authentication Failed
Received Encrypted Message From Server - 0
Contacting Resource Manager rmi://172.18.2.5:8183/Resource
Attempting to Get Message from Resource Manager
The Message received is as follows:
No Cash $ for You!
Also, verify that the output from the server is as follows:
Server: Client Authentication Attempted by TSOD
Server: Client NOT Authenticated
Page 8 of 11
Authentication System with Resource Management
Server: Resource Manager Contacting Server
Server: Negative Result Sent to Resource Manager
Finally, verify that the output from the Resource Manager is as follows:
Resource: Contacted by TSOD
Resource: Verifying Authentication with Server
rmi://172.18.2.5:8182/Server
Resource: Client Rejected and Not Delivering Message
7.2 (Failure) Correct Client NAME, Incorrect Key
Client attempts to authenticate to the server using an incorrect private key. Verify that
the output from the client is as follows:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
Contacting Server rmi://172.18.2.5:8182/Server
Sending Client Name - TSODD
Sending Encrypted Key - -9075231674391406948
Authentication Failed
Received Encrypted Message From Server - 0
Contacting Resource Manager rmi://172.18.2.5:8183/Resource
Attempting to Get Message from Resource Manager
The Message received is as follows:
No Cash $ for You!
Also, verify that the output from the server is as follows:
Server:
Server:
Server:
Server:
Client Authentication Attempted by TSOD
Client NOT Authenticated
Resource Manager Contacting Server
Negative Result Sent to Resource Manager
Finally, verify that the output from the Resource Manager is as follows:
Resource: Contacted by TSOD
Resource: Verifying Authentication with Server
rmi://172.18.2.5:8182/Server
Resource: Client Rejected and Not Delivering Message
7.3 (Failure) Incorrect Client NAME, Incorrect Key
Client attempts to authenticate using an incorrect name and key combination. Verify that
the output from the client is as follows:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
TSODD:
Contacting Server rmi://172.18.2.5:8182/Server
Sending Client Name - TSODD
Sending Encrypted Key - -9075231674391406948
Authentication Failed
Received Encrypted Message From Server - 0
Contacting Resource Manager rmi://172.18.2.5:8183/Resource
Attempting to Get Message from Resource Manager
The Message received is as follows:
No Cash $ for You!
Also, verify that the output from the server is as follows:
Server:
Server:
Server:
Server:
Client Authentication Attempted by TSOD
Client NOT Authenticated
Resource Manager Contacting Server
Negative Result Sent to Resource Manager
Finally, verify that the output from the Resource Manager is as follows:
Resource: Contacted by TSOD
Page 9 of 11
Authentication System with Resource Management
Resource: Verifying Authentication with Server
rmi://172.18.2.5:8182/Server
Resource: Client Rejected and Not Delivering Message
7.4 (Success) Correct Client NAME, Correct Key
A client attempts to authenticate using a correct client name and matching key. Verify
that the output from the client is as follows:
BOB:
BOB:
BOB:
BOB:
BOB:
BOB:
BOB:
BOB:
Contacting Server rmi://172.18.2.5:8182/Server
Sending Client Name - BOB
Sending Encrypted Key - -7944375546559478566
Authenticated to Server
Received Encrypted Message From Server - -5870673329801642413
Contacting Resource Manager rmi://172.18.2.5:8183/Resource
Attempting to Get Message from Resource Manager
The Message received is as follows:
$ Bling Bling $
Also, verify that the output from the server is as follows:
Server:
Server:
Server:
Server:
Client Authentication Attempted by BOB
Client BOB is Authenticated
Resource Manager Contacting Server
Authenticated Result Sent to Resource Manager
Finally, verify that the output from the resource manager is as follows:
Resource: Contacted by BOB
Resource: Verifying Authentication with Server
rmi://172.18.2.5:8182/Server
Resource: Client Authenticated and Delivering Message
8 Test Report
Test ID Number
7.1
7.2
7.3
7.4
Test Description
Incorrect Name,
Correct Key
Correct Name,
Incorrect Key
Incorrect Name,
Incorrect Key
Correct Name,
Correct Key
Date Performed
04/18/2001
Pass / Fail
Pass
04/18/2001
Pass
04/18/2001
Pass
04/18/2001
Pass
9. Enhancements
9.1 Private Key Transmission
Because this system is dependent upon a secure private key, it would be nice to have a
public-key encryption algorithm to transmit a unique private key for each use. Due to
time restraints and code complexity, this feature was not implemented.
Page 10 of 11
Authentication System with Resource Management
9.2 Resource Manager Functionality
This Resource Manager distributes one of two messages. A better implementation would
have more options for the client to choose from.
9.3 Implementation in TCP
RMI hides a lot of the communication details from both the routers and the system
administrators. TCP allows for a better representation of what is actually happening in
the system. This option was not chosen because of the more difficult learning curve of
TCP.
10 Conclusions
RMI proved to be a very good implementation tool for communication among several
hosts. It was easy to learn, and easy to run using the JDK. Likewise, DES was easy to
understand and easy to implement in code. The security of the system is very good
considering the simplicity of the design. A better system could be designed using a
public-key encryption system, but this would complicate the code. Testing was
completed, and the system passed all functional tests. The system functions according to
the design specifications, and it runs very efficiently.
Page 11 of 11
Related documents
CS 2813 - Loyola College
CS 2813 - Loyola College
Chapter 11 HW
Chapter 11 HW
TotalMobile Service Definition TotalMobile from BT BT is working
TotalMobile Service Definition TotalMobile from BT BT is working
cryptography and network security
cryptography and network security
Efficient Authentication for Mobile and Pervasive
Efficient Authentication for Mobile and Pervasive
I think that public-key`s authentication process and symmetric key`s
I think that public-key`s authentication process and symmetric key`s
Ans5
Ans5
Davis
Davis
Download
advertisement