Authentication Scheme #134
Conversation
|
Amazing path @erikzhang ! It was less than a month ago that @vncoelho and I got a discussion on the matter. Structure looks nice, it would be interesting to provide some example perhaps, with Alice and Bob, and maybe sone contextualization over existing OAuth 2. Neo can certainly be such pioneer, specially with oracle technology. |
|
Any comment? @neo-project/everyone |
authentication-scheme.mediawiki
Outdated
|
|
||
| A 64-bit unsigned integer used to identify this authentication. | ||
|
|
||
| The server should record the expiration time of the nonce and check it when the response is received. |
There was a problem hiding this comment.
This requires the authentication server to be stateful. That could be avoided by including a signature for the nonce and timestamp in the request (and requiring that the client provide the signature in the response).
There was a problem hiding this comment.
If the server is stateless, how to identify the clients?
There was a problem hiding this comment.
State will definitely be needed to provide any useful authorization (e.g. a table mapping from Neo address to roles and/or other application-specific identity data). I'm just showing an opportunity to remove a database table and to avoid a database write on the initial authentication request (which could become a vector for unauthenticated denial-of-service).
There was a problem hiding this comment.
If the server does not record the nonce, it will become reusable. We need a mechanism to ensure that when a client is successfully authenticated, the nonce is immediately invalidated.
There was a problem hiding this comment.
It would be good to mention here that the server is required to prevent nonce re-use:
When the server receives the response, it should check whether the nonce has expired. If the nonce has expired or not exists, the authentication fails.
It's currently not clear that this is required and a server implementor might choose to delete a nonce after successful use rather than invalidate it. I'm also curious as to why preventing nonce re-use is required (what security property breaks if the server doesn't do that?)
I'd still lean towards having the nonce invalidation happen post-authentication though.
There was a problem hiding this comment.
For example, I log in to a website by scanning a QR code. If the nonce can be reused, the second person who scans the code will kick my login.
There was a problem hiding this comment.
It sounds like the nonce is being used as a session ID? If that is the case there is a vulnerability: Anyone who has observed the QR code can later hijack the session (it wouldn't be safe to use this flow in a room with security cameras, for example).
To mitigate this, the nonce should be swapped for a session ID and this swap should only be allowed to happen once (note that there is still a race condition where an attacker can steal the session, though--to prevent that you need some sort of communication channel from the phone back to the browser).
There was a problem hiding this comment.
The nonce is a one-time random number. There should be a nonce to sessionId mapping table on the server side.
There was a problem hiding this comment.
This requires the authentication server to be stateful.
This is an interesting point @djnicholson, I need to study more on authentication. But perhaps, one way of not storing these nonces is to have some good pseudo-random algorithm, such as mersenne twister on server, starting with some secret seed, and then strongly hash mersenne twister outputs (via SHA-256, for example) to generate the nonce. The good thing is that, as long as some timestamp is involved, server can re-execute seeding process to find the nonce, instead of storing it. The bad thing is that, as soon as seed is leaked on server, nonces could be predicted.
Is it Neo servers or other servers that require being stateful?
|
Rename |
|
To prevent site A from using site B's QR code to trick you into logging in. We should add the website |
|
Do we need to add an expiration timestamp to the Challenge payload. |
authentication-scheme.mediawiki
Outdated
|
|
||
| #After the wallet recognizes the QR code, a pop-up window asks the user to confirm login. | ||
|
|
||
| #If the user cancels the login, the authentication process ends. Otherwise, go to the next step. |
There was a problem hiding this comment.
How the server gets the authentication refused/cancel message? Add State in Response data, include scaned, confirmed, refused, to optimize user experience?
There was a problem hiding this comment.
If the authentication is cancelled, the server won't receive the response payload. So nonce has an expiration time, and it is recommended to be 5 minutes.
The challenge payload will also need to be signed by the website (or the attacking site can just modify it) |
It's not UUID. It is a one-time random number.
I don't think it's necessary. |
In QR mode, there is a |
No description provided.