TELNET Authentication Using KEA and SKIPJACK(2)

　　On completing these exchanges, the parties have a common SKIPJACK　key. Mutual authentication is provided by verification of the　certificates used to establish the SKIPJACK encryption key and　successful use of the derived SKIPJACK session key. To protect　against active attacks, encryption will take place after successful　authentication. There will be no way to turn off encryption and　safely turn it back on; repeating the entire authentication is the　only safe way to restart it. If the user does not want to use　encryption, he may disable encryption after the session is　established.

　　3.1. SKIPJACK Modes

　　There are two distinct modes for encrypting TELNET streams; one　provides integrity and the other does not. Because TELNET is　normally operated in a character-by-character mode, the SKIPJACK with　stream integrity mechanism requires the transmission of 4 bytes for　every TELNET data byte. However, a simplified mode SKIPJACK without　integrity mechanism will only require the transmission of one byte　for every TELNET data byte.

　　The cryptographic mode for SKIPJACK with stream integrity is Cipher　Feedback on 32 bits of data (CFB-32) and the mode of SKIPJACK is　Cipher Feedback on 8 bits of data (CFB-8).

　　3.1.1. SKIPJACK without stream integrity

　　The first and least complicated mode uses SKIPJACK CFB-8. This mode　provides no stream integrity.

　　For SKIPJACK without stream integrity, the two-octet authentication　type pair is KEA_SJ AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE | INI_CRED_FWD_OFF. This indicates that the　SKIPJACK without integrity mechanism will be used for mutual　authentication and TELNET stream encryption. Figure 1 illustrates　the authentication mechanism of KEA followed by SKIPJACK without　stream integrity.

　　---------------------------------------------------------------------

　　Client (Party A) Server (Party B)

　　<-- IAC DO AUTHENTICATION

IAC WILL AUTHENTICATION -->　　IAC WILL AUTHENTICATION -->

　　<-- IAC SB AUTHENTICATION SEND

<　　

　　IAC SE

　　IAC SB AUTHENTICATION

　　NAME -->

　　IAC SB AUTHENTICATION IS

　　KEA_SJ

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　KEA_CERTA_RA

　　CertA||Ra IAC SE -->

　　<-- IAC SB AUTHENTICATION REPLY

KEA_SJ

AUTH_CLIENT_TO_SERVER |

AUTH_HOW_MUTUAL |

ENCRYPT_AFTER_EXCHANGE |

INI_CRED_FWD_OFF

IVA_RESPONSEB_NONCEA

KEA_CERTB_RB_IVB_NONCEB

CertB||Rb||IVb||

Encrypt( NonceB )

IAC SE

IAC SB AUTHENTICATION IS

KEA_SJ

AUTH_CLIENT_TO_SERVER |

AUTH_HOW_MUTUAL |

ENCRYPT_AFTER_EXCHANGE |

INI_CRED_FWD_OFF

KEA_IVA_RESPONSEB_NONCEA

IVa||Encrypt( (NonceB XOR 0x0C12)||NonceA )

IAC SE -->　　KEA_SJ

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　IVA_RESPONSEB_NONCEA

　　KEA_CERTB_RB_IVB_NONCEB

　　CertB||Rb||IVb||

　　Encrypt( NonceB )

　　IAC SE

　　IAC SB AUTHENTICATION IS

　　KEA_SJ

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　KEA_IVA_RESPONSEB_NONCEA

　　IVa||Encrypt( (NonceB XOR 0x0C12)||NonceA )

　　IAC SE -->

　　Client (Party A) Server (Party B)

　　

　　<-- IAC SB AUTHENTICATION REPLY

KEA_SJ

AUTH_CLIENT_TO_SERVER |

AUTH_HOW_MUTUAL |

ENCRYPT_AFTER_EXCHANGE |

INI_CRED_FWD_OFF

KEA_RESPONSEA

Encrypt( NonceA XOR 0x0C12 )

IAC SE

<　　KEA_SJ

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　KEA_RESPONSEA

　　Encrypt( NonceA XOR 0x0C12 )

　　IAC SE

　　

　　---------------------------------------------------------------------

　　Figure 1.

　　3.1.2. SKIPJACK with stream integrity　SKIPJACK with stream integrity is more complicated. It uses the　SHA-1 [3] one-way hash function to provide integrity of the　encryption stream as follows:

　　Set H0 to be the SHA-1 hash of a zero-length string.

　　Cn is the nth character in the TELNET stream.

　　Hn = SHA-1( Hn-1||Cn ), where Hn is the hash value　associated with the nth character in the stream.

　　ICVn is set to the three most significant bytes of Hn.

　　Transmit Encrypt( Cn||ICVn ).

　　The ciphertext that is transmitted is the SKIPJACK CFB-32 encryption　of ( Cn||ICVn ). The receiving end of the TELNET link reverses the　process, first decrypting the ciphertext, separating Cn and ICVn,　recalculating Hn, recalculating ICVn, and then comparing the received　ICVn with the recalculated ICVn. Integrity is indicated if the　comparison succeeds, and Cn can then be processed normally as part of　the TELNET stream. Failure of the comparison indicates some loss of　integrity, whether due to active manipulation or loss of　cryptographic synchronization. In either case, the only recourse is　to drop the TELNET connection and start over.

　　For SKIPJACK with stream integrity, the two-octet authentication type　pair is KEA_SJ_INTEG TH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL |　ENCRYPT_AFTER_EXCHANGE | INI_CRED_FWD_OFF. This indicates that the　KEA SKIPJACK with integrity mechanism will be used for mutual　authentication and TELNET stream encryption. Figure 2 illustrates　the authentication mechanism of KEA SKIPJACK with stream integrity.

　　---------------------------------------------------------------------

　　Client (Party A) Server (Party B)

　　<-- IAC DO AUTHENTICATION

IAC WILL AUTHENTICATION -->　　IAC WILL AUTHENTICATION -->

　　<-- IAC SB AUTHENTICATION SEND

<　　

　　IAC SE

　　IAC SB AUTHENTICATION

　　NAME -->

　　IAC SB AUTHENTICATION IS

　　KEA_SJ_INTEG

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　KEA_CERTA_RA

　　CertA||Ra IAC SE -->

　　<-- IAC SB AUTHENTICATION REPLY

KEA_SJ_INTEG

AUTH_CLIENT_TO_SERVER |

AUTH_HOW_MUTUAL |

ENCRYPT_AFTER_EXCHANGE |

INI_CRED_FWD_OFF

IVA_RESPONSEB_NONCEA

KEA_CERTB_RB_IVB_NONCEB

CertB||Rb||IVb||

Encrypt( NonceB )

IAC SE

IAC SB AUTHENTICATION IS

KEA_SJ_INTEG

AUTH_CLIENT_TO_SERVER |

AUTH_HOW_MUTUAL |

ENCRYPT_AFTER_EXCHANGE |

INI_CRED_FWD_OFF

KEA_IVA_RESPONSEB_NONCEA

IVa||Encrypt( (NonceB XOR 0x0D12)||NonceA )

IAC SE -->　　KEA_SJ_INTEG

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　IVA_RESPONSEB_NONCEA

　　KEA_CERTB_RB_IVB_NONCEB

　　CertB||Rb||IVb||

　　Encrypt( NonceB )

　　IAC SE

　　IAC SB AUTHENTICATION IS

　　KEA_SJ_INTEG

　　AUTH_CLIENT_TO_SERVER |

　　AUTH_HOW_MUTUAL |

　　ENCRYPT_AFTER_EXCHANGE |

　　INI_CRED_FWD_OFF

　　KEA_IVA_RESPONSEB_NONCEA

　　IVa||Encrypt( (NonceB XOR 0x0D12)||NonceA )

　　IAC SE -->

　　Client (Party A) Server (Party B)