Documentations and added account specific maximal lifetimes for session tickets

[CGIscriptor.git] / Private / manual.html

<html>
<head>
<title>
        Private data
</title>
<script type="text/javascript">
<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CGIscriptorSession.js"></SCRIPT>

window.onload = function() {
        loadSessionData (CGIscriptorSessionType, CGIscriptorChallengeTicket);
        return true;
};
</script>

<script type="text/javascript">
<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/sha.js"></SCRIPT>
</script>
</head>
<body>
<p ALIGN=RIGHT><a href="?LOGOUT">Logout</a></p>
<p ALIGN=RIGHT><a href="ChangePassword.html">Change Password</a></p>
<h1 align=CENTER>Manual</h1>
<p align=CENTER>Logged in from <script type="text/ssperl" CGI='$LOGINIPADDRESS="" $LOGINPATH=""'>"$LOGINIPADDRESS $LOGINPATH"</script></p>
<p align=CENTER><form method=GET action="index.html">
        <p align=CENTER><input type="submit" value="Go back to home page" /></p>
        <input type="hidden" name="SESSIONTICKET" id="SESSIONTICKET" value="" />
        <input type="hidden" name="CHALLENGETICKET" id="CHALLENGETICKET" value="" /><br />
        </form>
        </p>


<A NAME="SESSIONTICKETS"><H2 ALIGN="CENTER">SERVER SIDE SESSIONS AND ACCESS CONTROL (LOGIN)</H2></A>
<p>
An infrastructure for user acount authorization and file access control
is available. Each request is matched against a list of URL path patterns.
If the request matches, a Session Ticket is required to access the URL.
This Session Ticket should be present as a CGI parameter or Cookie, eg:
</p>
<p>
CGI: SESSIONTICKET=&lt;value&gt;<br />
Cookie: CGIscriptorSESSION=&lt;value&gt;</p>
<p>
The example implementation stores Session Tickets as files in a local
directory. To create Session Tickets, a Login request must be given 
with a LOGIN=&lt;value&gt; CGI parameter, a user name and a (doubly hashed)
password. The user name and (singly hashed) password are stored in a
PASSWORD ticket with the same name as the user account (name cleaned up 
for security).
</p>
<p>
The example session model implements 3 functions:
<ol>
<li>Login<br />
The password is hashed with the user name and server side salt, and then 
hashed with a random salt. Client and Server both perform these actions 
and the Server only grants access if restults are the same. The server 
side only stores the password hashed with the user name and
server side salt. Neither the plain password, nor the hashed password is
ever exchanged. Only values hashed with the one-time salt are exchanged.
</li>
<li>Session<br />
For every access to a restricted URL, the Session Ticket is checked before
access is granted. There are three session modes. The first uses a fixed
Session Ticket that is stored as a cookie value in the browser (actually, 
as a sessionStorage value). The second uses only the IP address at login
to authenticate requests. The third
is a Challenge mode, where the client has to calculate the value of the
next one-time Session Ticket from a value derived from the password and 
a random string.
</li>
<li>Password Change<br />
A new password is hashed with the user name and server side salt, and 
then encrypted (XORed)
with the old password hashed with the user name and salt. That value is 
exchanged and XORed with the stored old hashed(salt+password+username). 
Again, the stored password value is never exchanged unencrypted.
</li>
</ol>
</p>
<H3 ALIGN="CENTER">Implementation</H3>
<p>
The session authentication mechanism is based on the exchange of ticket
identifiers. A ticket identifier is just a string of characters, a name 
or a random 64 character hexadecimal string. Ticket identifiers should be
"safe" filenames (except user names). There are four types of tickets:
<ul>
<li>PASSWORD: User account descriptors, including a user name and password</li>
<li>LOGIN: Temporary anonymous tickets used during login</li>
<li>IPADDRESS: Authetication tokens that allow access based on the IP address of the request</li>
<li>SESSION: Reusable authetication tokens</li>
<li>CHALLENGE: One-time authetication tokens</li>
</ul>
All tickets can have an expiration date in the form of a time duration 
from creation, in seconds, minutes, hours, or days (<em>+duration</em>[smhd]).
An absolute time can be given in seconds since the epoch of the server host.
Note that expiration times of CHALLENGE authetication tokens are calculated 
from the last access time. Accounts can include a maximal lifetime 
for session tickets (MaxLifetime).
</p>
<p>
A Login page should create a LOGIN ticket file locally and send a
server specific salt, a Random salt, and a LOGIN ticket 
identifier. The server side compares the username and hashed password, 
actually hashed(Random salt+hashed(serversalt+password)) from the client with 
the values it calculates from the stored Random salt from the LOGIN 
ticket and the hashed(serversalt+password) from the PASSWORD ticket. If 
successful, a new SESSION ticket is generated as a hash sum of the LOGIN 
ticket and the stored password. This SESSION ticket should also be 
generated by the client and stored as sessionStorage and cookie values 
as needed. The Username, IP address and Path are available as 
$LoginUsername, $LoginIPaddress, and $LoginPath, respectively.
</p>
<p>
The CHALLENGE protocol stores the same value as the SESSION tickets. 
However, this value is not exchanged, but kept secret in the JavaScript
<em>sessionStorage</em> object. Instead, every page returned from the 
server will contain a one-time Challenge value ($CHALLENGETICKET) which 
has to be hashed with the stored value to return the current ticket
id string.
</p>
<p>
In the current example implementation, all random values are created as
full, 256 bit SHA256 hash values (Hex strings) of 64 bytes read from 
/dev/urandom.
</p>

<H3 ALIGN="CENTER">Security considerations with Session tickets</H3>
<p>
For strong security, please use end-to-end encryption. This can be 
achieved using a VPN (Virtual Private Network), SSH tunnel, or a HTTPS 
capable server with OpenSSL. The session ticket system of CGIscriptor.pl 
is intended to be used as a simple authentication mechanism WITHOUT
END-TO-END ENCRYPTION. The authenticating mechanism tries to use some
simple means to protect the authentication process from eavesdropping.
For this it uses a secure hash function, SHA256. For all practial purposes,
it is impossible to "decrypt" a SHA256 sum. But this login scheme is
only as secure as your browser. Which, in general, is not very secure.
</p>
<p>
Humans tend to reuse passwords. A compromise of a site running 
CGIscriptor.pl could therefore lead to a compromise of user accounts at 
other sites. Therefore, plain text passwords are never stored, used, or 
exchanged. Instead, a server site salt value is "encrypted" with 
the plain password and user name. Actually, all are concatenated and hashed 
with a one-way secure hash function (SHA256) into a single string. 
Whenever the word "password" is used, this hash sum is meant. Note that
the salts are generated from /dev/urandom. You should check whether the
implementation of /dev/urandom on your platform is secure before 
relying on it. This might be a problem when running CGIscriptor under 
Cygwin on MS Windows.<br />
<em>Note: not attempt is made to slow down the password hash, so bad
passwords can be cracked by brute force</em>
</p>
<p>
For the authentication and a change of password, the (old) password 
is used to "encrypt" a random one-time token or the new password, 
respectively. For authentication, decryption is not needed, so a secure 
hash function (SHA256) is used to create a one-way hash sum "encryption". 
A new password must be decrypted. New passwords are encryped by XORing 
them with the old password.
</p>
</body>
</html>