[Opensim-dev] User Authentication
Charles Krinke
cfk at pacbell.net
Mon Feb 23 20:35:25 UTC 2009
Dear Diva:
As "Charles.Krinke at osgrid.org", all I can say to all that is : "Harumph".
And the fact that you bring up a number of good points. It is especially thrilling to actually think we may have enough reliability to actually begin thinking about implementing some of the needed security.
It is always a balance between software development forward motion and security for the users, even this "Charles.Krinke at osgrid.org" guy, who sounds a bit like a loose cannon visiting "Sports Illuminated".
So, I commend you for thinking through some of this and offer my whole hearted support to encourage folks to test it *before* I get up one morning and find "Wright Plaza" is a smoking hole in the ground.
Charles Krinke
________________________________
From: Diva Canto <diva at metaverseink.com>
To: opensim-dev at lists.berlios.de
Sent: Monday, February 23, 2009 11:47:19 AM
Subject: [Opensim-dev] User Authentication
Hi,
I'm about to start tightening the ropes for the Hypergrid in order to
make it safer, and also make safer some loose ends of OpenSim without
HG, and I would appreciate feedback on this.
The first issue that needs to be addressed is the issue of user
authentication. The regions need to be able to verify that the agent
that claims to be representing Charles.Krinke at osgrid.org is, indeed,
representing Charles.Krinke at osgrid.org. (As you know, right now this
is... err... a bit overlooked... *coughs*... and not just in the HG...
*more coughs*).
Having looked at OpenID, I came to the conclusion that it's not enough
to know that osgrid.org has a user named "Charles Krinke", and we
certainly don't want Charles to be constantly typing his password
everytime he moves; the region needs to know that this user is already
logged in to the system AND the region also needs to know that the agent
that is representing this user is a legitimate agent.
OK, so the part about being logged in is easy; the user server already
knows that, to some approximation.
However, the part about the agent being legitimate is a bit more tricky.
Here's the bad thing that can happen: Charles logs in to OSgrid, and TPs
to this intriguing region called "Sports Illuminated Swimming Suite
Edition". That region happens to be up to no good. It grabs Charles
current notion of identity (all the current identifiers we use), it
crashes Charles' viewer so that the user server never knows about it,
and proceeds to impersonate Charles using all those stolen identifiers;
for example, it can go back to Charles's regions and erase them
completely pretending to be Charles.
So, what can we do to detect the legitimacy of agents?
Having scratched my head over this, I came to the conclusion that the
most promising element that can be used to identify agents is the
Viewer's EndPoint. This is what happens down in the LLUDPServer (I'm
sure something similar happens in other viewers' packet handlers):
if (packet != null)
{
if (packet.Type == PacketType.UseCircuitCode)
AddNewClient((UseCircuitCodePacket)packet, epSender,
epProxy);
else
ProcessInPacket(packet, epSender);
}
The EndPoint epSender comes directly from the socket and I'm assuming it
can't be faked, at least the IP part. Is this correct? This is a
critical assumption.
So, back to the "Sports Illuminated" scenario: that sim would then try
to launch an agent at Charles' region. It can fake everything except
being Charles' viewer machine. When Charles' region does that code
above, it asks the User server for authentication of an agent with all
those identifiers and the given EndPoint, and the User server tells back
that Charles wasn't using that EndPoint to start with, so the
authentication fails, and an alarm is rang.
Thoughts?
Crista
Disclaimer: I'm not an expert in security, I'm just using my brain in
context.
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090223/04211e25/attachment-0001.html>
More information about the Opensim-dev
mailing list