P2P Authentication

P2P Authentication
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
P2P Authentication frank 10-25-2005
|--> Re: P2P Authentication Edward A. Feust...10-27-2005
|--> Re: P2P Authentication Edward A. Feust...10-27-2005
Posted by frank on October 25, 2005, 6:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I have the following problem:

I'm working on a hybrid p2p network where there is a central server and
lots of clients (peers). I need a way for clients to authenticate
themselves when they join the network. I've looked at doing a challenge
response type thing using Challenge Handshake Authentication Protocol
(CHAP) but that means putting a shared secret key in each client and
the server.

It seems entirely possible that someone could reverse engineer the
client executable to get hold of the shared secret key and then write a
'rogue' client (or server) to subvert the network?

Is there a standard (or any) way of authenticating peers in p2p
networks that doesn't require secret shared keys?

Cheers,
F.



Posted by Edward A. Feustel on October 27, 2005, 5:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> Hi,
>
> I have the following problem:
>
> I'm working on a hybrid p2p network where there is a central server and
> lots of clients (peers). I need a way for clients to authenticate
> themselves when they join the network. I've looked at doing a challenge
> response type thing using Challenge Handshake Authentication Protocol
> (CHAP) but that means putting a shared secret key in each client and
> the server.
>
> It seems entirely possible that someone could reverse engineer the
> client executable to get hold of the shared secret key and then write a
> 'rogue' client (or server) to subvert the network?
>
> Is there a standard (or any) way of authenticating peers in p2p
> networks that doesn't require secret shared keys?
>
> Cheers,
> F.
>
How about using PKI challenge/reply as per mutually authenticated SSL? No
shared secret -- only distribution of public keys.

Ed
Ed




Posted by Edward A. Feustel on October 27, 2005, 5:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> Hi,
>
> I have the following problem:
>
> I'm working on a hybrid p2p network where there is a central server and
> lots of clients (peers). I need a way for clients to authenticate
> themselves when they join the network. I've looked at doing a challenge
> response type thing using Challenge Handshake Authentication Protocol
> (CHAP) but that means putting a shared secret key in each client and
> the server.
>
> It seems entirely possible that someone could reverse engineer the
> client executable to get hold of the shared secret key and then write a
> 'rogue' client (or server) to subvert the network?
>
> Is there a standard (or any) way of authenticating peers in p2p
> networks that doesn't require secret shared keys?
>
> Cheers,
> F.
>
How about using PKI challenge/reply as per mutually authenticated SSL? No
shared secret -- only distribution of public keys.

Ed
Ed




Posted by Volker Birk on October 30, 2005, 3:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Is there a standard (or any) way of authenticating peers in p2p
> networks that doesn't require secret shared keys?

PKI.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister


Similar ThreadsPosted
SSL Server authentication, SSL client authentication, SSL connection and SSL session August 14, 2006, 1:05 pm
WEP authentication, why WEP authentication scheme is flawed and how it can be attacked August 1, 2006, 12:51 pm
IKE authentication June 11, 2004, 8:50 am
authentication (SRP*, DH, TLS) April 14, 2006, 2:16 pm
authentication September 21, 2006, 5:45 pm
Sign On Authentication August 15, 2005, 7:56 pm
RSA SecurID authentication details July 16, 2004, 12:53 pm
AD authentication via Nortel 450 switch December 21, 2004, 1:17 pm
Question about IKEv2 authentication May 3, 2006, 4:46 pm
802.1x machine authentication without directory October 30, 2006, 4:15 pm

The site map in XML format XML site map

Contact Us | Privacy Policy