[Opensim-dev] User Authentication

Charles Krinke cfk at pacbell.net
Mon Feb 23 20:35:25 UTC 2009 

Dear Diva:

As "Charles.Krinke at osgrid.org", all I can say to all that is : "Harumph".

And the fact that you bring up a number of good points. It is especially thrilling to actually think we may have enough reliability to actually begin thinking about implementing some of the needed security.

It is always a balance between software development forward motion and security for the users, even this "Charles.Krinke at osgrid.org" guy, who sounds a bit like a loose cannon visiting "Sports Illuminated".

So, I commend you for thinking through some of this and offer my whole hearted support to encourage folks to test it *before* I get up one morning and find "Wright Plaza" is a smoking hole in the ground.

Charles Krinke




________________________________
From: Diva Canto <diva at metaverseink.com>
To: opensim-dev at lists.berlios.de
Sent: Monday, February 23, 2009 11:47:19 AM
Subject: [Opensim-dev] User Authentication

Hi,

I'm about to start tightening the ropes for the Hypergrid in order to 
make it safer, and also make safer some loose ends of OpenSim without 
HG, and I would appreciate feedback on this.

The first issue that needs to be addressed is the issue of user 
authentication. The regions need to be able to verify that the agent 
that claims to be representing Charles.Krinke at osgrid.org is, indeed, 
representing Charles.Krinke at osgrid.org. (As you know, right now this 
is... err... a bit overlooked... *coughs*... and not just in the HG... 
*more coughs*).

Having looked at OpenID, I came to the conclusion that it's not enough 
to know that osgrid.org has a user named "Charles Krinke", and we 
certainly don't want Charles to be constantly typing his password 
everytime he moves; the region needs to know that this user is already 
logged in to the system AND the region also needs to know that the agent 
that is representing this user is a legitimate agent.

OK, so the part about being logged in is easy; the user server already 
knows that, to some approximation.

However, the part about the agent being legitimate is a bit more tricky. 
Here's the bad thing that can happen: Charles logs in to OSgrid, and TPs 
to this intriguing region called "Sports Illuminated Swimming Suite 
Edition". That region happens to be up to no good. It grabs Charles 
current notion of identity (all the current identifiers we use), it 
crashes Charles' viewer so that the user server never knows about it, 
and proceeds to impersonate Charles using all those stolen identifiers; 
for example, it can go back to Charles's regions and erase them 
completely pretending to be Charles.

So, what can we do to detect the legitimacy of agents?

Having scratched my head over this, I came to the conclusion that the 
most promising element that can be used to identify agents is the 
Viewer's EndPoint. This is what happens down in the LLUDPServer (I'm 
sure something similar happens in other viewers' packet handlers):

            if (packet != null)
            {
                if (packet.Type == PacketType.UseCircuitCode)
                    AddNewClient((UseCircuitCodePacket)packet, epSender, 
epProxy);                                
                else
                    ProcessInPacket(packet, epSender);
            }

The EndPoint epSender comes directly from the socket and I'm assuming it 
can't be faked, at least the IP part. Is this correct? This is a 
critical assumption.

So, back to the "Sports Illuminated" scenario: that sim would then try 
to launch an agent at Charles' region. It can fake everything except 
being Charles' viewer machine. When Charles' region does that code 
above, it asks the User server for authentication of an agent with all 
those identifiers and the given EndPoint, and the User server tells back 
that Charles wasn't using that EndPoint to start with, so the 
authentication fails, and an alarm is rang.

Thoughts?

Crista

Disclaimer: I'm not an expert in security, I'm just using my brain in 
context.


_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090223/04211e25/attachment-0001.html>

More information about the Opensim-dev mailing list