Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.openuat.authentication.accelerometer
Class MotionAuthenticationProtocol1

java.lang.Object
  extended by org.openuat.authentication.AuthenticationEventSender
      extended by org.openuat.authentication.DHOverTCPWithVerification
          extended by org.openuat.authentication.accelerometer.MotionAuthenticationProtocol1
All Implemented Interfaces:
SegmentsSink
public class MotionAuthenticationProtocol1
extends DHOverTCPWithVerification
implements SegmentsSink

This is the first variant of the motion authentication protocol. It uses Diffie-Hellman key agreement with verification that the shared keys are equal on both hosts by sending the full time series segment through interlock, encrypted with the shared key. THen both hosts compute the coherence between the received time series segment and their own and continue when it exceeds a threshold.

Version:
1.0
Author:
Rene Mayrhofer

Field Summary
protected  double lastCoherenceMean
          This is only used to remember the coherence mean that has been computed last.
static int TcpPort
          The TCP port we use for this protocol.
 
Fields inherited from class org.openuat.authentication.DHOverTCPWithVerification
useJSSE
 
Fields inherited from class org.openuat.authentication.AuthenticationEventSender
eventsHandlers
 
Constructor Summary
MotionAuthenticationProtocol1(double coherenceThreshold, int windowSize, boolean useJSSE)
          Initializes the object, only setting useJSSE at the moment.
 
Method Summary
 void addSegment(double[] segment, int startIndex)
          The implementation of SegmentsSink.addSegment.
 double getCoherenceThreshold()
          Returns the current value of the coherence threshold.
 boolean getContinuousChecking()
          Returns the current value of continuousChecking.
 double getLastCoherenceMean()
          Returns the last coherence mean value that has been computed locally.
static void main(java.lang.String[] args)
           
protected  void protocolFailedHook(java.net.InetAddress remote, java.lang.Object optionalRemoteId, java.lang.Exception e, java.lang.String message)
          Called by the base class when the whole authentication protocol failed.
protected  void protocolProgressHook(java.net.InetAddress remote, java.lang.Object optionalRemoteId, int cur, int max, java.lang.String message)
          Called by the base class when the whole authentication protocol shows progress.
protected  void protocolSucceededHook(java.net.InetAddress remote, java.lang.Object optionalRemoteId, java.lang.String optionalParameterFromRemote, byte[] sharedSessionKey, java.net.Socket toRemote)
          Called by the base class when the whole authentication protocol succeeded.
protected  void resetHook()
          Called by the base class when the object is reset to idle state.
 void setCoherenceThreshold(double coherenceThreshold)
          Sets the coherence threshold.
 void setContinuousChecking(boolean continuousChecking)
          Enable or disable continuous checking.
 void startAuthentication(java.lang.String remoteHost)
          This method only calls the base class startAuthentication method.
protected  void startVerification(byte[] sharedAuthenticationKey, java.net.InetAddress remote, java.lang.String param, java.net.Socket socketToRemote)
          Called by the base class when shared keys have been established and should be verified now.
 
Methods inherited from class org.openuat.authentication.DHOverTCPWithVerification
isIdle, isVerifying, startAuthentication, startServer, stopServer, verificationFailure, verificationSuccess
 
Methods inherited from class org.openuat.authentication.AuthenticationEventSender
addAuthenticationProgressHandler, raiseAuthenticationFailureEvent, raiseAuthenticationProgressEvent, raiseAuthenticationSuccessEvent, removeAuthenticationProgressHandler
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TcpPort

public static final int TcpPort
The TCP port we use for this protocol.

See Also:
Constant Field Values

lastCoherenceMean

protected double lastCoherenceMean
This is only used to remember the coherence mean that has been computed last. It should only be used for debugging, because the decision if verification succeeded or not is made within this class.

Constructor Detail

MotionAuthenticationProtocol1

public MotionAuthenticationProtocol1(double coherenceThreshold,
                                     int windowSize,
                                     boolean useJSSE)
Initializes the object, only setting useJSSE at the moment.

Parameters:
coherenceThreshold - A good value is 0.65 for samplerate=512 or 0.82 for samplerate=128.
windowSize - A good value is samplerate/2.
useJSSE - If set to true, the JSSE API with the default JCE provider of the JVM will be used for cryptographic operations. If set to false, an internal copy of the Bouncycastle Lightweight API classes will be used.
Method Detail

resetHook

protected void resetHook()
Called by the base class when the object is reset to idle state. Resets localSegment and remoteSegment to null.

Specified by:
resetHook in class DHOverTCPWithVerification

protocolSucceededHook

protected void protocolSucceededHook(java.net.InetAddress remote,
                                     java.lang.Object optionalRemoteId,
                                     java.lang.String optionalParameterFromRemote,
                                     byte[] sharedSessionKey,
                                     java.net.Socket toRemote)
Called by the base class when the whole authentication protocol succeeded. Does nothing.

Specified by:
protocolSucceededHook in class DHOverTCPWithVerification
Parameters:
remote - The remote host with which the key exchange succeeded.
optionalRemoteId - An optional remote ID, exactly as it has been passed to verificationSuccess. May be null.
optionalParameterFromRemote - If the remote device reported an additional parameter with its success message, it will be put into this parameter. May be null.
sharedSessionKey - The shared session key (which is different from the shared authentication key used for verification) that can now be used for subsequent secure communication.
toRemote - If it has been requested that the socket to the remote host should stay connected, it will be passed in this parameter. May be null.

protocolFailedHook

protected void protocolFailedHook(java.net.InetAddress remote,
                                  java.lang.Object optionalRemoteId,
                                  java.lang.Exception e,
                                  java.lang.String message)
Called by the base class when the whole authentication protocol failed. Does nothing.

Specified by:
protocolFailedHook in class DHOverTCPWithVerification
Parameters:
remote - The remote host with which the key exchange succeeded.
optionalRemoteId - An optional remote ID, exactly as it has been passed to verificationSuccess or verificationFailure. May be null.
e - If not null, the exception describing the failure.
message - If not null, the message describing the failure.

protocolProgressHook

protected void protocolProgressHook(java.net.InetAddress remote,
                                    java.lang.Object optionalRemoteId,
                                    int cur,
                                    int max,
                                    java.lang.String message)
Called by the base class when the whole authentication protocol shows progress. Does nothing.

Specified by:
protocolProgressHook in class DHOverTCPWithVerification
Parameters:
remote - The remote host with which the key exchange succeeded.
optionalRemoteId - An optional remote ID, exactly as it has been passed to verificationSuccess or verificationFailure. May be null.
cur - @see AuthenticationProgressHandler#AuthenticationProgress
max - @see AuthenticationProgressHandler#AuthenticationProgress
message - @see AuthenticationProgressHandler#AuthenticationProgress

startVerification

protected void startVerification(byte[] sharedAuthenticationKey,
                                 java.net.InetAddress remote,
                                 java.lang.String param,
                                 java.net.Socket socketToRemote)
Called by the base class when shared keys have been established and should be verified now. In this implementation, verification is done listening for significant motion segments and exchanging them via interlock.

Specified by:
startVerification in class DHOverTCPWithVerification
Parameters:
sharedAuthenticationKey - This key should be verified to be equal on both sides.
remote - The remote host with which the key exchange succeeded.
param - Optional parameters sent by the remote host during the key agreement phase.
socketToRemote - This socket is still open and can be used to communicate with the remote host for verifying the authentication key. When it is used, care must be taken not to consume any bytes from the remote end that are not expected during verification, because the same channel will be used for exchanging status information about the success or failure of the whole authentication protocol.
See Also:
interlockRunner, AsyncInterlockHelper

addSegment

public void addSegment(double[] segment,
                       int startIndex)
The implementation of SegmentsSink.addSegment. It will be called whenever a significant active segment has been sampled completely, i.e. when the source has become quiescent again.

Specified by:
addSegment in interface SegmentsSink
See Also:
localSegment, localSegmentLock

startAuthentication

public void startAuthentication(java.lang.String remoteHost)
                         throws java.net.UnknownHostException,
                                java.io.IOException
This method only calls the base class startAuthentication method.

Parameters:
remoteHost - The remote host with which to authentication
Throws:
java.net.UnknownHostException
java.io.IOException

setCoherenceThreshold

public void setCoherenceThreshold(double coherenceThreshold)
Sets the coherence threshold.

Parameters:
coherenceThreshold - The threshold over which a coherence value will be taken as valid (i.e. shaken within the same hand). Must be between 0 and 1.
See Also:
coherenceThreshold

getCoherenceThreshold

public double getCoherenceThreshold()
Returns the current value of the coherence threshold.

Returns:
The current coherence threshold.
See Also:
coherenceThreshold

setContinuousChecking

public void setContinuousChecking(boolean continuousChecking)
Enable or disable continuous checking.

Parameters:
continuousChecking - Only set to true after reading the description of the member variable continuousChecking. Generally leave to false (the default).
See Also:
continuousChecking

getContinuousChecking

public boolean getContinuousChecking()
Returns the current value of continuousChecking.

Returns:
The current value of continuousChecking.
See Also:
continuousChecking

getLastCoherenceMean

public double getLastCoherenceMean()
Returns the last coherence mean value that has been computed locally. It is valid after protocolSucceededHook has been called and might be valid after protocolFailedHook has been called.

Returns:
The last coherence mean that has been computed.

main

public static void main(java.lang.String[] args)
                 throws java.io.IOException
Throws:
java.io.IOException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
2005-2006, Rene Mayrhofer.