OMA DM MD5 Authentication Nonce
4/8/2010
The client and server use nonces to authenticate themselves to each other using the MD5 authentication algorithm. Nonce refers to a 'number used once'. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in 'repeat attacks'. The MD5 client and server nonces are specified in the DMAcc Configuration Service Provider.
The MD5 server nonce is used in a server notification message or in an OMA DM session when a device authenticates the server. For the device to connect to the server, the nonce that is stored in the device must be the same as the nonce that the server has. Typically, they are synchronized, but could become different because of a server database issue, or because of an update on the device. The DM server that supports OMA DM version 1.2 can support a nonce resynchronization request per the OMA specification OMA Device Management Notification Initiated Session (OMA-TS-DM_Notification-V1_2-20070209-A) available from the OMA Web site.
By default, nonce resynchronization is not turned on for Windows Mobile devices. You can turn it on when you bootstrap the device with DM server access information. You should turn it on only if the following conditions are true:
The DM server supports nonce resynchronization
The server will update the value of the server AuthSecret node on the device with a new value when nonce resynchronization is used for authentication. For information about the AuthSecret, see DMS Configuration Service Provider.
Note
Updating the DM account server AuthSecret helps protect against repeated attacks during nonce renegotiation.
A backup nonce value of 0x00000000 is used for the resynchronization request. For more information about turning on nonce resynchronization support, see the USENONCERESYNC parameter in the w7 APPLICATION Configuration Service Provider.
The following illustration shows how the nonces are synchronized between server and client.
The following list describes the illustration in more detail. The numbers in the list correspond to the numbers in the illustration.
- The Server sends a notification message, also known as a trigger, to the device to begin a DM session. The notification has the server's nonce value in it. This is package 0.
- The device fails to authenticate the message using the server nonce value that is stored on the device. No session is initiated.
- The server sends the notification message again to the device. The message has the same server nonce value in it, and it is still package 0.
- Again, the device fails to authenticate the message using the server nonce value. No session is initiated.
- The server changes the server nonce value in the notification message to the backup server nonce value: 0x00000000. This is the third attempt at sending package 0.
- The client accepts the backup server nonce and client authentication succeeds.
- The client then initiates a session with credentials based on the nonce value of 0x00000000 for application layer security for both client and server authentication. It sends the MD5 client credential with 0x00000000 as the client nonce value. This is package 1.
Or, if authentication fails, no session is initiated and no more attempts are made. - The server is authenticated at the SSL level.
- Recognizing that the device accepted the notification message that had the backup server nonce value, the server challenges the device with a new nonce. This is package 2.
- The client sends a success status code with a Chal to update the server nonce on the server. This is package 3.
- The Server sends a success status to the client.
Microsoft recommends that the server also replace the server AuthSecret on the device to better protect against repeated attacks on the nonce renegotiation protocol. The AuthSecret is in the DM Account object that is managed through the DMS Configuration Service Provider. This is package 4.
See Also
Concepts
The Device Management (DM) Session