[OpenSER-Devel] NEW FUNCTIONALITY: secure nonce in auth module

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Jun 3 11:45:02 CEST 2008 

Hi,

Thanks to Anca Vamanu < anca at voice-system dot ro> , the auth module 
has a new mechanism for protecting the nonce against third party attacks.

So far, the auth module provided only nonce lifetime limitation to 
prevent re-usage of the nonce. The new mechanism offers protection 
against sniffing intrusion. The module generates and verifies the nonces 
so that they can be used only once (in an auth response). This is done 
by having a lifetime value and an index associated with every nonce. 
Using only an expiration value is not good enough because,as this value 
has to be of few tens of seconds, it is possible for someone to sniff on 
the network, get the credentials and then reuse them in another packet 
with which to register a different contact or make calls using the 
other's account. The index ensures that this will never be possible 
since it is generated as unique through the lifetime of the nonce.



What problem is solved:
========================

Typical intrusion scenario is:

1) UAC sends INVITE with no credentials
2) openser sends challenge to UAC
3) UAC sends INVITE with credentials (lifetime 1 minute)
4) the credentials (auth response) are exposed on the net, so anybody 
can grab them (lets assume by person X)
5) openser accepts the credentials and call is establish
6) person X injects (by sending to openser) an re-INVITE (to change the 
media destination, for example) by re-using the credentials that he 
grabbed from the net.
7) credentials are accepted by openser if the lifetime is not expired.


So, third parties can modify (or even initiate) dialogs by re-using the 
credentials they captures from a previous authentication. The only 
limitation is the nonce lifetime which is about 30 - 60 seconds, long 
enough for allowing such an atack.


The new mechanism, by blocking the re-usage of the same nonce (even if 
the lifetime is still valid), will block step 7) as the same nonce was 
used in step 5) (by UAC).



Technical details:
==================

The auth module keeps state for each nonce - to validate it only on the 
first usage. A binary array (which can by default accomodate 100K 
nonces) is used to keep the state. An index in this array is allocated 
when the challenge is generated; this index in kept for the whole life 
duration of the nonce. After the first auth result (for the nonce), the 
following auth results for that nonce are discarded and re-challenged.

As nonce can be generated and later checked from different processes, 
the nonce state (binary array) is kept in shm memory and the access to 
it is synchronized via locking.

The see what is the overhead added by the computation time (keeping the 
nonce state) and locking (sharing between processes), Anca run several 
of tests :
    - openser single process
    - openser multiple processes, single processor machine
    - openser multiple processes, multi processor machine
For tests we were using authentication via PV (for password and 
username) to avoid using any slow data backend (radius or DB) that might 
eclipse the overhead.

The measured overhead is 4% - 7% (from the original version).


Regards,
Bogdan

More information about the Devel mailing list