ad7i@hou2h.UUCP (Paul Newland) (11/16/84)
i too have been thinking about how to verify that a user of a packet network is who he or she claims to be. i see from laurens comments that our ideas are very similiar. mine are still somewhat half-baked but i will present them here so that others can recommend improvements or alternatives. what i am considering is the situation that a user would like to change some parameters of a remote station (digipeater, host, weather stn, nuclear reactor, etc.) but doesn't want the bad guys to screw it up. the though would be that when i was connected to, say, my remote home station and wanted to turn on the the coffee pot, the home station would respond with a command prompt that included a random number (64 bits printed as a 16 digit hex value). I would encrypt that random number using DEA (that's Data Encryption Algorithm, the software approach to DES) using the key-of-the-day and return it with my command to turn on the coffee pot. my home station would also encrypt the random number it generated using the same key and compare the result with what i sent to it. if they are the same then it is very likely i am who i say i am (within the 'bad-guys' fudge factor) and the home station will switch on the coffee pot. if they don't match, the home station will give me a new prompt and a new random number to encrypt and send back with my command. note that the command and response are not encrypted, only the verification data. because every prompt from the home station would include a NEW random number and because the keys are changed daily, it would be very difficult for a 'bad-guy' to masquerade as a 'good-guy'. Simply repeating the command and the encrypted random number wouldn't solve the problem for the 'bad-guy'. more sophistocated techniques would be needed (and i am sure the 'bad-guys' would try them -- some might succeed). If you don't like DES/DEA then choose another encryption scheme. At the least, DES is a known algorithm that offers good security. what do others think about this??? cu, paul, ad7i SK