Approach to Authenticate Clients to TCP Server

Posted by dab on Programmers See other posts from Programmers or by dab
Published on 2013-11-05T20:16:57Z Indexed on 2013/11/05 22:12 UTC
Read the original article Hit count: 197

I'm writing a Server/Client application where clients will connect to the server. What I want to do, is make sure that the client connecting to the server is actually using my protocol and I can "trust" the data being sent from the client to the server.

What I thought about doing is creating a sort of hash on the client's machine that follows a particular algorithm. What I did in a previous version was took their IP address, the client version, and a few other attributes of the client and sent it as a calculated hash to the server, who then took their IP, and the version of the protocol the client claimed to be using, and calculated that number to see if they matched. This works ok until you get clients that connect from within a router environment where their internal IP is different from their external IP. My fix for this was to pass the client's internal IP used to calculate this hash with the authentication protocol. My fear is this approach is not secure enough. Since I'm passing the data used to create the "auth hash".

Here's an example of what I'm talking about:

Client IP: 192.168.1.10, Version: 2.4.5.2
hash = 2*4*5*1 * (1+9+2) * (1+6+8) * (1) * (1+0)
Client Connects to Server
client sends: auth hash ip version
Server calculates that info, and accepts or denies the hash.

Before I go and come up with another algorithm to prove a client can provide data a server (or use this existing algorithm), I was wondering if there are any existing, proven, and secure systems out there for generating a hash that both sides can generate with general knowledge. The server won't know about the client until the very first connection is established.

The protocol's intent is to manage a network of clients who will be contributing data to the server periodically.

New clients will be added simply by connecting the client to the server and "registering" with the server. So a client connects to the server for the first time, and registers their info (mac address or some other kind of unique computer identifier), then when they connect again, the server will recognize that client as a previous person and associate them with their data in the database.

© Programmers or respective owner

Related posts about algorithms

Related posts about security