1 / 23

SIP Authentication

SIP Authentication. Speaker : Shin-Fu, Huang Date : 2008/11/27. Outline. SIP Authentication FreeBSD Password System One-Time Passwords OPIE(One-time Passwords In Everything) Reference. Outline. SIP Authentication FreeBSD Password System One-Time Passwords

elma
Download Presentation

SIP Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Authentication Speaker:Shin-Fu, Huang Date:2008/11/27

  2. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  3. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  4. SIP Authentication User Agent Proxy Server (1) Register (2) 401 Unauthorized ( nonce ) (3) Register ( response ) (4) 200 OK

  5. Authentication Scheme • For the "MD5" algorithms H(data) = MD5(data) • Request-digest = H( H(A1) ":"nonce-value ":" H(A2) ) • A1 is: A1 = username-value":" realm-value ":" passwd where passwd = < user's password > • A2 = Method ":" request-uri

  6. 以 x-lite實證 • (1)User Agent 向 Proxy Server 送出註冊訊息。

  7. 以 x-lite實證(cont.) #使用者端 Username -value=xinfu Passwd-value =xinfu #Proxy端 Realm-value = ms11.voip.edu.tw Nonce-value = 48db04ca9182a3e1a3b08e025e3771c729e2ff3b A1=xinfu:ms11.voip.edu.tw:xinfu A2 = REGISTER:sip:ms11.voip.edu.tw H(A1) = b2bc8ec65be5d6ca1483dec219811de3 H(A2) = 4a0ac47579d7bff66cda555ff6317738 Request-digest = H( H(A1) : nonce-value : H(A2) ) ##Response =3e800eeabed5d5491c8c74ec4ad6929a • (2)Proxy Server 向 User Agent 送出要求認證訊息。

  8. 以 x-lite實證(cont.) • (3)User Agent 經MD5計算得到結果之後,向 Proxy Server 送出夾帶計算結果的訊息。

  9. 以 x-lite實證(cont.) • (4)Proxy Server 向 User Agent 送出認證成功的訊息。

  10. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  11. FreeBSD Password System • “one-way hash” • MD5->$1$ • DES(Data Encryption Standard) • By default FreeBSD uses MD5 to encrypt passwords. • more/etc/login.conf

  12. FreeBSD Password System(cont.) • /etc/master.passwd (vipw) • /etc/passwd

  13. FreeBSD Password System(cont.) • 檔案權限。 • /etc/master.passwd • /etc/passwd

  14. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  15. One-Time Passwords • 登入密碼每次都不同。 • OPIE (One-time Passwords In Everything), which uses the MD5 hash.

  16. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  17. OPIE • 帳號使用OPIE。(預設是產生499組密碼) • 產生1000組一次性密碼 opiepasswd -f -c -n 1000

  18. OPIE(cont.) • 查詢單一組密碼。 • 查詢多組密碼。

  19. OPIE(cont.) • 登入帳號時顯示一組challenge。 • 登入成功,下次登入密碼組就會減一。

  20. OPIE(cont.) • /etc/opieaccess • 後門檔案設定,可直接使用系統密碼登入。 • 或是使用OPIE密碼組登入。

  21. Outline • SIP Authentication • FreeBSD Password System • One-Time Passwords • OPIE(One-time Passwords In Everything) • Reference

  22. Reference • [1]. DES, MD5, and Crypt http://www.freebsd.org/doc/zh_TW/books/handbook/crypt.html • [2].One-time Passwords http://www.freebsd.org/doc/zh_TW/books/handbook/one-time-passwords.html • [3].RFC3261 -Section 22. Usage of HTTP Authentication • [4].RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication

  23. 報告完畢 ~敬請指教~

More Related