Secure Protocol

The secure protocol enables transcrypt to work over NFS. It consists of mainly three steps.

5.3.2.1 PKS Registration

Location of the user’s PKS is conveyed during log in time to Transcrypt for sending the authentication messages when the user accesses the TransCrypt volumes. This is

done by a process of registration of user’s PKS location with the file server kernel. File server kernel stores this location (i.e. Smart Card Uniform Resource Identifier (SCURI)) and sends authentication messages for file access to the corresponding user’s PKS.

The file server needs the identification of the user on the workstation before giving access to the files. On NFS, this identification is provided by a common UID. However, this is not possible in our case since the workstation is usually a public one, not under the same administrative control. For the purpose of user identification, the file server uses the certificate of the user provided by the user’s smart card. This certificate is verified and the user’s name is extracted from the certificate. The login program on the workstation facilitates this by reading certificate from the smart card and sending the user’s name along with the UID at workstation and a uniform resource identifier to locate the user’s smart card (SCURI) to the file server. The file server locates the certificate from its repository by matching the certificate name and verifies the validity of the certificate. The workstation gets the file server address from a configuration file in the smart card to communicate with the file server.

5.3.2.2 Authenticated session between workstation kernel and smart card

In order to secure the smart card communication with the public workstation, Abhay Khoje [17] proposed and built a scheme where the smart card and workstation estab- lish session keys for encryption and message integrity. More details can be found in his M’tech thesis.

5.3.2.3 Authenticated session between workstation and file server kernels

To protect against threats mentioned earlier, the file server and the workstation need to mutually authenticate each other and establish session keys for encryption and message integrity before any file operation. The session keys are generated using equal contributions of key material from the hosts.

The sequence of steps are shown in Figure 5.4.

1. File server kernel sends a random challenge (r fs) and its contribution of the session key (k fs) to the login process on workstation encrypted with the public key of the user. The medium between the workstation and the smart card is vulnerable to many attacks [17]. In our trust model, the login process on the workstation is not a trusted entity as a malicious login process can intercept the messages between the workstation and smart card and can obtain credentials of a genuine user. It may also remember the session key being established between the workstation and file server and use it later to decipher messages flowing between them. Therefore in our design, we use the smart card to establish a session key between the workstation and file server. For this purpose, the gen- uine login process must send the challenge and key material to the kernel of workstation.

There is already a session established between the smart card and the worksta- tion kernel and the corresponding secret key (SK ws sc) is known only to these two entities. Therefore the smart card or the PKS is expected to receive mes- sages only on this secure channel. Hence a malicious login process cannot know the keys and other confidential data such as credentials. In order for the genuine login process to work, it must forward the message to the workstation kernel.

The message received from the File Server by the login process is therefore sent to the kernel of the workstation.

2. Workstation kernel forwards the message to the smart card on the secure and confidential channel protected using session key (SK ws sc).

3. The smart card recovers the message by using the session key (SK ws sc). It then decrypt the message from the file server using the private key of the user and sends the response (r fs and k fs) to the workstation kernel for relaying to file server over the secure channel with the session key (SK ws sc).

4. Workstation kernel decrypts the message using the session key (SK ws sc) and sends back, the response to file server challenge (r fs), a random challenge (r ws) and its contribution of the session key (k ws) to the workstation login process after encrypting with the public key of the file server. Workstation login process then forwards the message to the file server.

5. File server kernel decrypts the message using its private key and verifies the challenge response (r fs). If the verification is successful, user is authenticated to the file server. After authentication, the file server kernel generates random and unique credentials (SID) for this particular user session. It then sends back the credentials (i.e. SID) and the response to the workstation challenge (r ws) to the login process encrypted with the public key of the user. File server kernel now computes the session key (SK fs ws) using the key materials (k fs and k ws) and stores the state information, (UID ws, SCURI, SID, SK fs ws) for future use. UID ws represents the UID of the user at the workstation. UID ws and SCURI together uniquely identify the state information corresponding to a

6. Login process on the workstation forwards the message to the workstation kernel as in step (1). Workstation kernel then forwards this message to the smart card on the secure channel.

7. Smart card recovers the message on the secure channel and decrypts it using the private key of the user. The decrypted message containing (r ws and SID) is sent to the workstation kernel on the secure channel. Workstation kernel verifies the response (r ws) using the challenge issued by it. If the verification is successful, the file server is authenticated to the user. After authentication, the work station computes the session key (SK fs ws) using the key materials (k fs and k ws) and assigns the credentials (SID) to the login process.