[OpenSER-Devel] SF.net SVN: openser: [4294] trunk/modules/auth

Anca Vamanu anca at voice-system.ro
Mon Jun 2 17:18:47 CEST 2008


Revision: 4294
          http://openser.svn.sourceforge.net/openser/?rev=4294&view=rev
Author:   anca_vamanu
Date:     2008-06-02 08:18:46 -0700 (Mon, 02 Jun 2008)

Log Message:
-----------
added re-usage check for nonces:

the authentication mechanism offers protection against sniffing intrusion. The module generates and verifies the nonces so that they can be used only once (in an auth response). This is done by having a lifetime value and an index associated with every nonce. Using only an expiration value is not good enough because,as this value has to be of few tens of seconds, it is possible for someone to sniff on the network, get the credentials and then reuse them in another packet with which to register a different contact or make calls using the others's account. The index ensures that this will never be possible since it is generated as unique through the lifetime of the nonce.

the auth module keeps state for each nonce - to validate it only on the first usage. A binary array (which can by default accomodate 100K nonces) is used to keep the state. An index in this array is allocated when the challenge is generated; this index in kept for the whole life duration of the nonce. After the first auth result (for the nonce), the following auth results for that nonce are discarded and re-challenged.

Modified Paths:
--------------
    trunk/modules/auth/README
    trunk/modules/auth/api.c
    trunk/modules/auth/auth_mod.c
    trunk/modules/auth/auth_mod.h
    trunk/modules/auth/challenge.c
    trunk/modules/auth/doc/auth_admin.xml
    trunk/modules/auth/nonce.c
    trunk/modules/auth/nonce.h

Added Paths:
-----------
    trunk/modules/auth/index.c
    trunk/modules/auth/index.h


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



More information about the Devel mailing list