1

I've got a project that will see a bunch of nodes [Raspberry Pis] being distributed to various geographically distributed clients.

Naturally, I am wanting to deploy an authentication / encryption system between the master server and the nodes.

In my mind's eye, the system overview would be a such:

  • The host server would have its own private key, and a database of the nodes' public keys.
  • Each node would have its own private key, and the Host Server's public key.

    Authentication would take place as follows:

  • Node contacts host with its ARM CPU ID, encrypted with the server's public key.
  • Server decrypts the ID, finds the Node in its database, and encrypts an auth token with the node's public key.
  • The node decrypts the auth token, and 'open' communication can flow from this point.

I've tried to devise a system that can allow for / thwarts MITM attacks and owned nodes. I'd anticipated using RSA as the algos.

- Are there more simple / better ways of doing what I want to do?
- Are there any inherent flaws in what I am wanting to do?
- Are there systems / packages that already do this?

Thanks kindly.

Evan Anderson
  • 142,379
swx
  • 13

2 Answers2

1

You could use Kerberos here. It provides a centralized key management, but it does require installing keys on the end clients as well, as would nearly everything out there.

Or, you could run your own CA, and use TLS / SSL for everything and check server and client certificates.

Or you could use ssh, and run into the usual key management problems you can expect from that.

Michael Graff
  • 6,698
  • Kerberos will handle authentication quite nicely and securely, very true. – mfinni Jan 29 '14 at 00:52
  • Hi Michael, thanks for your advice. I've done some background digging into Kerberos, and naturally, it looks very comprehensive. The only question I had remaining was: can it operate unattended? http://en.wikipedia.org/wiki/Kerberos_(protocol) under the section 'Client Authentication' isn't clear - it mentions client input passwords. Thanks again. – swx Jan 29 '14 at 07:42
  • Kerberos uses key files, stored locally, that are the equivalent of x.509 client certificates. They can be stored encrypted, or as often is the case, unencrypted for use by services. If you choose to store them encrypted, each device will have to get a decryption password on service startup, which sounds like something you don't want t do. – Michael Graff Jan 29 '14 at 21:58
0

Is there something wrong with simply using SSH for communication?

And for how you could thwart "owned nodes", I think you need something like Tripwire. Nothing in the communication stream is going to catch that a host with a known-good key has been compromised.

mfinni
  • 36,247