在不连接服务器的情况下偶尔在设备上进行安全认证(Secure authentication on a device occasionally without connection to a server)

我正在研究一个服务器应用程序,它将有相当多的客户端设备访问它。 问题是我们无法保证客户端设备始终可以访问服务器。 设备完全可以在网络外停留1周或更长时间。 与此同时,我们仍然希望设备以自主方式工作,并附带必要内容的副本(连接到网络时自动更新)。

当然,这会导致一些与用户身份验证相关的安全问题。 我们计划让设备拥有用户列表的副本。 我们正在思考如何在设备上保护身份验证。 显然,我们无法在更新包中以纯文本形式发送密码。

主服务器上的密码是盐渍和散列的,我们正在考虑使用某种散列(SHA1?),用于客户端设备可用的列表。

通过这样做,我们降低了攻击设备的门槛(无盐)。

您是否有任何关于保持客户端设备尽可能安全的有效方法的建议?

谢谢!

I am working on a server application which will have quite a fair number of client devices accessing it. The problem is we cannot guarantee that the client devices will always have access to the server. It is perfectly possible for a device to be outside the network for 1 week or more. In the meantime, we still want the device to work in an autonomous manner with a copy of the necessary content (automatically updated when connected to the network).

Of course, this is causing some security issues related to the user authentication. We plan to have the device have a copy of the users list. We are pondering on how to have the authentication secured on the device. Obviously we cannot send the passwords in plain text in the update packages.

Passwords on the main server are salted and hashed and we are thinking of using a hash of some sort (SHA1 ?), for the list available to the client device.

By doing so however we are lowering the bar for attacks on the devices (no salt).

Would you have any suggestion for an efficient way to keep the client devices as secure as possible?

Thanks!

最满意答案

首先,您需要清楚攻击者是谁。 在这种情况下,如果有人在哪里窃取设备怎么办? 另一种情况是,如果有人在哪里与恶意客户端连接到服务器? 如果有人在哪里嗅到交通怎么办?

要停止嗅探,所有通信都应该通过ssl(可能是https)来完成。 为防止恶意客户端,您可以通过硬编码的SSL证书识别​​每个客户端设备,并将这些凭据存储在数据库的服务器端。 服务器可以使用来自CA的普通证书。 如果设备被盗,您可以撤销本地数据库中的证书。 完整的PKI不是必需的,尽管这是一个可以使用效果很好的情况。

将密码哈希值泄露给攻击者(客户端)始终是一个漏洞。 将所有密码哈希值传输到客户端通常使用sql注入。 这不是解决方案。

md5以许多不同的方式被打破,并在现实世界的攻击中被利用。 sha1更安全,仍然得到NIST的认可,但sha256是一个非常好的选择。 需要使用随机值的密码密码哈希值。

我能想到的密码问题的安全解决方案是只允许在连接到网络时进行身份验证。 该用户可以被缓存,然后该用户可以注销并重新登录。这限制了攻击情形,但并未否定它。 如果有人在哪里窃取设备,他也会有密码哈希,在这种情况下,用户必须被迫更改他的密码(希望这发生在攻击者有机会打破哈希之前)。

不太安全的解决方案是使用重型散列函数,例如PBKDF2 。 这在winzip等应用程序中使用,其中密码哈希始终可供攻击者使用。 缺点是它非常 ,因此无法用于普通的Web应用程序。

First of all, you need to be clear who the attacker is. In this case, what if someone where to steal the device? Another scenario is what if someone where to connect to the server with a malicious client? What if someone where to sniff the traffic?

To stop sniffing all communication should be done over ssl (probably https). To prevent malicious clients you can identify each client device by a SSL certificate hardcoded and store these credentials on the server side in a database. The server could use a normal certificate from a CA. If a device is stolen you could revoke the certificate in your local db. A full PKI isn't necessary, although this is a case where one could be used with great results.

Spilling the password hashes to the attacker(client) is always a vulnerability. Transferring all of the password hashes to the client is commonly done with sql injection. This is not a solution.

md5 is broken in many different ways and exploited in real world attacks. sha1 is more secure and still approved by NIST, however sha256 is a very good choice. Salting password hashes with a random value is necessary.

A secure solution that I can think of for your password problem is to only allow authentication while connected to a network. That user could be cached and then that user could log out and log back in. This limits the attack scenario but doesn't negate it. If someone where to steal the device he would also have a password hash, in this case the user must be forced to change his password (and hopefully this happens before the attacker has a chance to break the hash).

A less secure solution would be to use a heavy hash function such as PBKDF2. This is used in applications like winzip where the password hash is always available to the attacker. The drawback is its EXTREMELY SLOW and can't be used for normal web applications because of this.

在不连接服务器的情况下偶尔在设备上进行安全认证(Secure authentication on a device occasionally without connection to a server)

我正在研究一个服务器应用程序,它将有相当多的客户端设备访问它。 问题是我们无法保证客户端设备始终可以访问服务器。 设备完全可以在网络外停留1周或更长时间。 与此同时,我们仍然希望设备以自主方式工作,并附带必要内容的副本(连接到网络时自动更新)。

当然,这会导致一些与用户身份验证相关的安全问题。 我们计划让设备拥有用户列表的副本。 我们正在思考如何在设备上保护身份验证。 显然,我们无法在更新包中以纯文本形式发送密码。

主服务器上的密码是盐渍和散列的,我们正在考虑使用某种散列(SHA1?),用于客户端设备可用的列表。

通过这样做,我们降低了攻击设备的门槛(无盐)。

您是否有任何关于保持客户端设备尽可能安全的有效方法的建议?

谢谢!

I am working on a server application which will have quite a fair number of client devices accessing it. The problem is we cannot guarantee that the client devices will always have access to the server. It is perfectly possible for a device to be outside the network for 1 week or more. In the meantime, we still want the device to work in an autonomous manner with a copy of the necessary content (automatically updated when connected to the network).

Of course, this is causing some security issues related to the user authentication. We plan to have the device have a copy of the users list. We are pondering on how to have the authentication secured on the device. Obviously we cannot send the passwords in plain text in the update packages.

Passwords on the main server are salted and hashed and we are thinking of using a hash of some sort (SHA1 ?), for the list available to the client device.

By doing so however we are lowering the bar for attacks on the devices (no salt).

Would you have any suggestion for an efficient way to keep the client devices as secure as possible?

Thanks!

最满意答案

首先,您需要清楚攻击者是谁。 在这种情况下,如果有人在哪里窃取设备怎么办? 另一种情况是,如果有人在哪里与恶意客户端连接到服务器? 如果有人在哪里嗅到交通怎么办?

要停止嗅探,所有通信都应该通过ssl(可能是https)来完成。 为防止恶意客户端,您可以通过硬编码的SSL证书识别​​每个客户端设备,并将这些凭据存储在数据库的服务器端。 服务器可以使用来自CA的普通证书。 如果设备被盗,您可以撤销本地数据库中的证书。 完整的PKI不是必需的,尽管这是一个可以使用效果很好的情况。

将密码哈希值泄露给攻击者(客户端)始终是一个漏洞。 将所有密码哈希值传输到客户端通常使用sql注入。 这不是解决方案。

md5以许多不同的方式被打破,并在现实世界的攻击中被利用。 sha1更安全,仍然得到NIST的认可,但sha256是一个非常好的选择。 需要使用随机值的密码密码哈希值。

我能想到的密码问题的安全解决方案是只允许在连接到网络时进行身份验证。 该用户可以被缓存,然后该用户可以注销并重新登录。这限制了攻击情形,但并未否定它。 如果有人在哪里窃取设备,他也会有密码哈希,在这种情况下,用户必须被迫更改他的密码(希望这发生在攻击者有机会打破哈希之前)。

不太安全的解决方案是使用重型散列函数,例如PBKDF2 。 这在winzip等应用程序中使用,其中密码哈希始终可供攻击者使用。 缺点是它非常 ,因此无法用于普通的Web应用程序。

First of all, you need to be clear who the attacker is. In this case, what if someone where to steal the device? Another scenario is what if someone where to connect to the server with a malicious client? What if someone where to sniff the traffic?

To stop sniffing all communication should be done over ssl (probably https). To prevent malicious clients you can identify each client device by a SSL certificate hardcoded and store these credentials on the server side in a database. The server could use a normal certificate from a CA. If a device is stolen you could revoke the certificate in your local db. A full PKI isn't necessary, although this is a case where one could be used with great results.

Spilling the password hashes to the attacker(client) is always a vulnerability. Transferring all of the password hashes to the client is commonly done with sql injection. This is not a solution.

md5 is broken in many different ways and exploited in real world attacks. sha1 is more secure and still approved by NIST, however sha256 is a very good choice. Salting password hashes with a random value is necessary.

A secure solution that I can think of for your password problem is to only allow authentication while connected to a network. That user could be cached and then that user could log out and log back in. This limits the attack scenario but doesn't negate it. If someone where to steal the device he would also have a password hash, in this case the user must be forced to change his password (and hopefully this happens before the attacker has a chance to break the hash).

A less secure solution would be to use a heavy hash function such as PBKDF2. This is used in applications like winzip where the password hash is always available to the attacker. The drawback is its EXTREMELY SLOW and can't be used for normal web applications because of this.