The Fenrir Project

Transport, encryption, authentication protocol

This project is maintained by Luca Fulchir

RSS feed
Posted:
03 Dec 2014

F1r57 P057

Hello, and welcome to the official blog of the Fenrir Project!

This blog will be used to track everything regarding the project, from technical decisions, discussions to simple explanations on why we do stuff in a certain way.

But, wait a second, who are we? And what is this “Fenrir Project”?

My name is Luca Fulchir, a student at the last year of a master in C.S. at the University of Udine, in Italy. I spent the last years studying and working on protocols and security, even beyond my curriculum.

If you want to know more about me and the people I want to work with in this project, follow the “About Us” page.

Let’s talk a bit about the project instead: in short, Fenrir is a new layer 3 protocol that manages transport, encryption and authentication in federated environments. The focus is on the authentication.

Do we need yet another protocol?

In my opinion, yes. I have studied lots of them, and implemented some of the higher level ones (OAuth). They are so horrible I just had to fix them.

While I was at it, I tried fixing some stuff from the lower protocols (TLS, TCP), too. The result is a single flexible protocol that has the features of TCP,UDP,SCTP,TLS and Kerberos.

But having a new protocol doesn’t mean that I am throwing everything away. If you know by heart SCTP, QUIC and minimaLT you might find that a lot of things are done in a very similar way. It is not by chance, I’m trying to improve by incorporating what was good of the old designs.

The real reason I think we need a new protocol is to eliminate once and for all the mess of reimplementing authentication everywhere, while keeping all the possible features of the lower layer protocols, and forgetting about all the details such as session id, authentication tokens and so on.

In short, the current protocol stack is inefficient, dispersive and needlessy complicated. And I’m still being generous here.

Wait, TCP,UDP,SCTP,TLS, Kerberos… isn’t that too much?

By “too much” I assume you are afraid of things getting complicated, feature creep and so on.

Actually, it turns out that if you try to manage all those things together, things get even more simple. You are forced to keep things general and flexible, and this helps a lot in the overall design.

Gathering features from TCP,UDP and SCTP is not really difficult, and when you think a bit about it, that’s exactly what QUIC has done, and its results are an overall simplification of the stack, and they even managed to secure every stage of the handshake.

Including TLS is a bit more work, but it’s only complicated if you are trying to view the protocol in stacks. If you just try to add to TLS what it needs to work on top of IP, things turn out to be simpler.

Kerberos and OAuth are not really included in Fenrir. This new protocol includes a from-scratch design of a federated authentication algorithm, that completely eliminates the need of clock synchronization, X.509 certificates and shared passwords.

…And from here, the tricks and features at your disposal are endless :)

New Authentication Algorithm? It sounds already broken…

It actually isn’t groundless or completely new. I started studying protocols with trusted 3rd-parties authorities some years ago just ‘cause I was interested, but everyone knows this is not enough.

No one ca break their own cryptosystems, or authentication algorithms.

But nobody has broken this yet, and still, I am pretty confident in it, also because it’s already been tested with proverif, a formal protocol verifier.

I am still waiting for actual cryptographers to have a look at it (I can’t pay them yet), but the message exchange is pretty simple.

Even if it turns out to be wrong: Everything is so modular that changing it with an other one should not be a problem, and we are nowhere near a standard, so everything can be changed.

And everything will be changed, if broken

So stay tuned for more information on the development of this project, help us by checking things, or merely financially ;)

-Luker