- PDA
...IV...VI 1.1.Page 1 1.2..Page 2 1.2.1 Linux Login Page 2 1.2.2 Web Page 3 1.2.3...Page 3 1.3..Page 4 1.3.1 SafeWord 5.1...Page 4 1.3.2...Page 4 1.4..Page 5 1.5..Page 6 2.1..Page 9 2.2...Page 10 2.2.1 Page 11 I
2.2.2 Page 12 2.2.2.1.Page 15 2.2.2.1-1..Page 16 2.2.2.1-2..Page 19 2.2.2.2.Page 24 2.3...Page 26 SafeWord 5.1 3.1...Page 29 3.2...Page 31 3.3...Page 33 3.4...Page 35 3.5...Page 36 3.6...Page 37 3.7...Page 40 3.8...Page 44 4.1...Page 46 4.1.1 Page 46 II
4.1.2 Page 47 4.1.3 Page 48 4.2...Page 49 4.3...Page 50 4.3.1 Server.Page 50 4.3.2 Client.Page 52 4.4...Page 57 4.4.1..Page 57 4.4.2..Page 57 5.1...Page 59 5.2...Page 60 5.3...Page 63 A.Page 65 B......Page 67 III
1.1 Page 5 1.2 Page 6 1.1 Page 7 2.1 Page 9 2.2 Page 9 2.3.Page 10 2.4.Page 15 2.5.Page 18 2.6.Page 20 2.7.Page 21 2.8.Page 23 2.9.Page 24 2.10.Page 25 3.1 SafeWord 5.1 Page 28 3.2 SafeWord.Page 29 3.3 SafeWord.Page 30 IV
3.4 SafeWord Domain...Page 35 3.5 SafeWord.Page 41 3.6 SafeWord.Page 42 3.7 SafeWord.Page 43 3.8 SafeWord.Page 43 3.9 SafeWord.Page 45 4.1 MD5 Sha-1...Page 49 4.1.Page 50 A PDA.Page 67 B.Page 67 V
VI MIC B2B B2C
VII Two-Factor Authentication ) One-Time passeword Token )
VIII
(Authentication Server ) IC ( IX
1.1 Cracker 1
1.2 Demo ( SafeWord 5.1; ) (1) Linux Login (2) Web 1.2.1 Linux Login Linux Login ( root ) Token 2
1.2.2 Web Server 1.2.3 SafeWord 5.1 Linux Token Program License 3
1.3 1.3.1 SafeWord 5.1 Server SafeWord 5.1 OS Cliemt SafeWord 5.1 OS SafeWord Platinum Token SafeWord Silver 2000 Token Server SafeWord 5.1 OS SafeWord Manager Cliemt SafeWord 5.1 OS SafeWord Client SofToken-II 1.3.2 Server Windows 2000 Cliemt PDA Server Cliemt 4
1.4 ( ) DES SafeWord 5.1 MD5 Sha-1 PDA Server Client ( 1.1 ) 5
1.5 2 ~ 3 T1 3 ~ 4 T2 3 ~ 7 T3 SafeWord 5.1 5 ~ 6 T4 Linux login 6 ~ 7 T5-7 ~ 9 T6 7 ~ 8 T7 MD5 Sha-1 8 ~ 9 T8 9 ~ 11 T9 10 ~ 12 T10 ( 1.2 ) 6
2 3 4 5 6 7 8 9 10 11 12 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 ( 1.1 ) 7
8
2.1 ( 2.1 ) 1 ( 2.2 ) 9
2 3 4 5 2.2 ( 2.3 ) ( Dynamic Password ) ( One-Time Password ) 10
( ) 2.2 ( Authentication Card ) 2.2.1 11
1 2 3 1 2 3 2.2.2 ( Dynamic Password Generator ) 12
Authenticator ( ) Token ( ) Private Key ( Secret Key ) Private Key 13
(Synchronous) ( Asynchronous ) ( Synchronous Authenticator ) ( Asynchronous Authenticator ) 1 2 PIN 3 One-Time Password 4 PIN 1 2 3 14
2.2.2.1 ( ) ( 2.4 ) 2.4 15
SafeWord 5.1 Silver 2000 Keyring 2.2.2.1-1 ( Time Synchronous ) 16
Secure Computing Program Private Key 17
Demo ( 2.5 ) 1 2 1 2 Challenge / Response 18
3 PC 4 2.2.2.1-2 (Event Synchronous) One-Time Password ( ) 19
( 2.6 ) A B C D E E E D C B A 20
( 2.7 ) 2.7 D D 21
2.7 D C A B D ( C ) ( B ) 22
( A ) D C ( 2.8 ) 1 2 3 23
1 PIN 2 2.2.2.2 ( Challenge-Response ) Challenge ( 2.9 ) 2.9 SafeWord 5.1 SafeWord Platinum Token Silver 2000 Silver 2000 Platinum Token Challenge-Response Challenge 24
( 2.10 ) ( Challenge ) ( Response ) Challenge-Response ( Challenge ) One-Time Password 25
1 2 3 1 Challenge 2 2.3 DNA 1 1 26
2 3 27
SafeWord 5.1 SafeWord 5.1 Token Authenticator ( ) ( 3.1 SafeWord 5.1) 28
3.1 SafeWord 5.1 AAA ( Triple A; ) (Encryption) SafeWord One-Time Password SafeWord 5.1 ( 3.2 SafeWord ) SafeWord Authentication Server 3.2 SafeWord Authentication Server Communication Servers Network Devices 29
( 3.3 SafeWord ) SafeWord Manager Windows (GUI) SafeWord (Supervisor) SafeWord Manager (Add) (Remove) ( Activity logs ) User Database The SafeWord Database SafeWord Authenticator Secret key SafeWord Manager 30
DES(Data Encryption Standard) SafeWord Server (Replicated) Ident SafeWord Unix-based SafeWord Ident Client Authentication Server SafeWord Server Sasd The SafeWord Authentication Server Daemon (sasd) EASSP sasd SafeWord Server 3.2 SafeWord SafeWord Server SafeWord Server 31
EASSP RADIUS TACACS+ EASSP Secure Computing RADIUS TACACS+ EASSP(Extended Authentication and Single Sign on Protocol) Secure Computing Authenticators Secure Computing Single Sign On Secure Session Keys RADIUS(Remote Authentication Dial In User Service) Livingston Enterprises and the Network Access Server Requirements Working Group of the Internet Engineering Task Force (IETF) (Internet RFC2138) TACACS+ TACACS ARPANET Cisco Systems TACACS+ (Extended TACACS) (Internet RFC1492 ) 1985 32
Cisco routers Communication Servers 3.3 UNIX Solaris SunOS AIX HP-UX SGI IRIX BSDi Stratus VOS Open VMS AS400 DEC VAX OSF1/OSF2 Ultrix FreeBSD Windows NT Domain Microsoft NT Server Microsoft Workstation Windows 9X Web Server Microsoft IIS Server Netscape Enterprise Server Apache (Radius) Global Network ipass WorldComm Advanced Networking (formerly CompuServe Network services) IBM Global Network Cisco Ascend 3-Com Bay Networks Shiva Livingston Microsoft RAS RRAS 33
SecureZone SideWinder BorderWare firewalls Check Point's Firewall-1 TIS Gauntlet RADIUS ipass Inc. Red Creek Aventail RADIUS VPN RADIUS Ascend Aventail Check Point Cisco Funk Software Hayes Microcomputer ipass Livingston Microsoft Windows NT RRAS Red Creek Shiva Telebit Bay Networks Cayman Systems CompuServe LeeMah DataComm Merit Network Express TechSmith Xyplex TACACS+ Cisco routers Communication servers SafeWord API 34
3.4 SafeWord SafeWord ( 3.4 SafeWord Domain ) SafeWord Domain SafeWord Domain ( ) Domain Domain Domain SafeWord Domain 35
SafeWord Domain SafeWord SafeWord Domain 3.5 SafeWord ANSI X9.9 Challenge/Response Challenge/Response SafeWord Server ( Challenge) ( Response) Challenge (Event Synchronization) (Private key) 36
SafeWord Server SafeWord Server 3.6 SafeWord SafeWord SafeWord SafeWord SafeWord SafeWord 37
SafeWord SafeWord 1 2 3 4 SafeWord SafeWord SafeWord SafeWord Bob 7:00AM 6:00PM 38
SafeWord SafeWord SafeWord SafeWord ( ) DES SafeWord SafeWord SafeWord 39
SafeWord SafeWord SafeWord Administration API SafeWord API SafeWord SafeWord DES SafeWord ( ) 3.7 SafeWord (Real-time mirroring) SafeWord 40
SafeWord Server SafeWord Server SafeWord Client SafeWord Server SafeWord Server ( 3.5 SafeWord ) SafeWord SafeWord Client SafeWord Client SafeWord Server 41
( 3.6 SafeWord ) A B SafeWord Server SafeWord Client SafeWord Server SafeWord Server 42
( 3.7 SafeWord ) SafeWord ( 3.8 SafeWord ) 43
3.8 SafeWord SafeWord 1 2 SafeWord API 3 4 SafeWord SafeWord 25 SafeWord 44
SafeWord ( 3.9 SafeWord ) 45
4.1 SafeWord 5.1 4.1.1 PDA Palm OS 46
PDA PIN PDA 4.1.2 2.7 47
4.1.3 ( ) MD5 MD5 Hash Function Hash DES MD5 Sha-1 MD5 Hash DES Private Key 48
Key Recovery Sha-1 MD5 MD5 Sha-1 25% ~ 30% MD5 MD5 128 bits Sha-1 160 bits 64 80 4 4 64 4 ( 4.1 MD5 Sha-1 ) 4.2 4.1 (PDA) WEB 49
( 4.1 ) Hash 4.3 4.3.1 Server Java Servlet Java Java 50
Servlet Server Server Servlet Java Server Web Server Mail Server Application Server Windows Linux Login PDA Token MD5 Hash Function MD5 Hash Hash n n Server Servlet Applet Server 51
Applet Server init() Driver Statement Server Client doget( ) dopost( ) Hash Hash n SQL Server 4.3.2 Client Palm OS Palm OS ( http://www.palmos.com ) Metrowerks Code Warrior ( Free Software Foundation GNU ) gcc 52
PRC-Tools C Javasoft Java 2 Platform, Micro Edition Palm OS Java KVM ( Kilobytes Virtual Machine ) Palm OS Java Code Warrior PRC-Tools gcc ( gun c compiler ) Java 2 Platform, Micro Edition Java PDA J2ME Java J2SE J2ME J2ME J2ME PDA Java Palm OS Palm OS 53
Code Warrior PRC-Tools PDA Intel 80x86 Palm Dragon Ball Motorola 68000 MD5 Function Byte Order Intel 80x86 MD5 Java 11 Northeastern University Hector Ho Fuentes & Duncan Shek Wong Mdlib MD5 Hash Function Sha-1 MD5 MD4 Output Input Input Output 54
Email MD5 Hash unsigned char half byte 16 Palm OS API const char Byte Byte 16 : 16 static char hs[] = "0123456789ABCDEF"; digest outp = MemPtrNew(len*2+1); 4 bits 15 AND 16 char for(i=0; i<len; i++) { outp[2*i] = hs[in_str[i]>>4]; outp[2*i+1] = hs[in_str[i]&15]; } 55
PDA MD5 digest unsigned char MD5 Hash Function char digest PDA Palm Palm 8MB C Java Compiler Client 56
4.4 4.4.1 Hash Hash Hash 4.4.2 Private Key MD5 Hash Funtion 57
MD5 Hash Function 128 bits 58
5.1 SafeWord 5.1 Linux SafeWord 5.1 SafeWord SafeWord 5.1 Palm OS Dynamic Password Dynamic Password Paper Meeting PDA Palm OS Palm OS Palm OS MD5 Hash Function Java 59
J2SE J2ME Northeastern University Hector Ho Fuentes & Duncan Shek Wong Palm OS Email MD5 5.2 60
Secure computing SafeWord 5.1 SafeWord 5.1 SafeWord 5.1 61
62
5.3 Private key Public key Token Server Token Private key Server PDA SafeWord Server Windows Server OS Server Server Server String Private key n 63
Java Java JSP PHP Servlet Server SUN Java Servlet Java Servlet Tomcat Web server Server SQL class.forname("sun.jdbc.odbc.jdbcodbcdriver"); DriverManager.getConnection( j dbc:odbc:somedb, user, passwd ) servlet SQL Java 64
SafeWord 5.1 Secure Computing One-Time Password One-Time Password Authentication Card (Dynamic password generator) Token Authenticator 65
Triple A (AAA) Authentication( ) Authorization( Auditing( ) Authentication Authorization Auditing (Message Digest Function) 1 bit bit 2 bit bit 50% 3 66
B ( A PDA ) ( B ) 67