Thesis

I finally finished my master thesis, and the result can be found here.

Feel free to look at it to better understand the Fenrir protocol.

The document

The thesis starts from some requirements, then moves on to design the authentication protocol describing what we are introducing and why, comparing it to existing solutions.

You will not find a full RFC. The thesis is focused on the authentication and authorization algorithm, so while the transport part of the protocol is described, along with the packet structure, details such as the full packet contents of the handshakes are not included.

New stuff

Shared secrets between the Client Manager and the Authentication Server, and betwen the C.M. and the Service have been introduced.

This simple measure will make the action of compromising the trust source (DNSSEC) or the authentication server completely useless.

More Work needed

While it took me more time than I would have liked, the result is a bit rushed and more works is still needed. The Thesis does not include OTP tokens, which would hugely improve the security, as we would be able to identify any and each unauthorized access.

Multicast is still not there, and stun support needs to be finalized.

What happens now

From now on I’ll try to make Fenrir my full-time job.

In the next weeks I’ll prepare a Kickstarter campaign, then ask for founds to the Open Technology Fund. Hopefully I’ll be able to hire a couple of developers to speed up the project.

In a couple of months the code base should stabilize enough for new developers to start working, and at the end of this year a stable version should be ready and usable.

So keep an eye on the project :)

-Luker