11

TeamSpeak 3 VoIP communication system uses a concept of so called identities to identify the client to the server. These identities are basically public/private key pairs.

In order to prevent people from just generating a new identity after being, e.g., banned, they added a feature called security levels. Increasing security levels take exponentially more CPU time to reach.

This way a banned user needs to spend at least a minimum amount of time to generate a new identity with the required security level before he is able to join the server again.

Now to my question:

How are security levels implemented, so that the time to improve one can increase exponentially but the time to verify one at the server-side stays the same (or at least increases just linear)?

AviD
  • 72,138
  • 22
  • 136
  • 218
Max Truxa
  • 213
  • 1
  • 2
  • 6
  • what is "TeamSpeak 3"? –  Dec 14 '13 at 14:16
  • 1
    Sorry, I assumed [TS3](http://www.teamspeak.com/?page=teamspeak3) is a pretty common software. – Max Truxa Dec 14 '13 at 14:19
  • 2
    It's some [hashcash](http://en.wikipedia.org/wiki/Hashcash) variant, but I don't know the details. Probably each level is one bit more that must be zero, similar to bitcoin mining. – CodesInChaos Dec 14 '13 at 17:04

4 Answers4

6

A TeamSpeak identity is simply an ECC key pair for the NIST curve ECC-256 as generated by the libtomcrypt library, together with a counter value that is a 64-bit unsigned integer.

The security level makes use of a classical Proof-of-work system.

Let PUBLICKEY be the base64-encoded string of the identity's ASN.1 DER encoded public key. Further, let COUNTER be the decimal ASCII-encoding of a 64-bit unsigned integer. Then the security level is defined as follows.

securitylevel := leadingzerobits(sha1(PUBLICKEY || COUNTER))

Consequently, the expected number of counter values that need to be tried to reach security level n is 2^n (under the assumption that SHA-1 is a uniform random function).

Note that in theory, the maximum security level could be 160 (as SHA-1 produces a 160-bit hash). However, the TeamSpeak client seems to set the limit artificially to 128. In practice, this makes no difference, as no one will ever reach a security level over 128 (except another breakthrough in attacking SHA-1 happens).

Source: TSIdentityTool, which is an open source implementation of the identity and security level mechanisms.

landave
  • 76
  • 1
  • 1
3

The method that is used is based on hashcash. http://en.wikipedia.org/wiki/Hashcash

Hashcash is a proof-of-work system designed to limit email spam and denial-of-service attacks.

Source: http://forum.teamspeak.com/showthread.php/57988-Security-level-how-is-it-determined-increased-technical?p=257115#post257115

Woodsy
  • 39
  • 4
  • 3
    Links have a bad habbit of dying and leaving answers useless, please consider including relevant information from your second link in your answer. – Shelvacu Feb 15 '15 at 08:15
  • 1
    A reference to an official post from someone on the TeamSpeak team, nice! – Max Truxa Aug 10 '15 at 07:51
2

I can't tell for sure. But if you are looking for a similar feature I would implement it as following: An ID contains a private and a public part (That's what Teamspeak does). So I guess it's some asnyc encryption key you can generate yourself.
Now just generate a sequence of numbers e.g. s = [1..n] and hash them.

As soon as the first M bits of the generated hash match the first M bits of the public key you take it as a valid prof of work for the Security level of M.

You needed n rounds of hashing to find the hash, but to prof it, the server must only hash the result s once and check how many bits match to your public key. The dificulty for you will rise exponentially.

This is in fact similar to what Bitcoin does. But Bitcoin tries to get a certain numbers of Zeros in front of the hash and you don't hash a random number but the b-tree of the block you want to mine plus a nonce (random number).

From Teamspeak: Generate an ID e.g. IHoxfrQNl152vs80N4wYvsEmNd8= Export it to see the secret: e.g. 205VFy/YWQLyDeTxIIQvyy4hGQYxWloFH0R9VW4VRCxQHkcOdFdyX2YHMztQDQQeDA1gNG9Ce0N6CipVHkMie2lzX3ReRX4HFQhqFiB5FBQEEi0DVhhCUltiOE4GcmV2W3FkDX1OdXcrUUxwUUloQVBHRjYvM3EzWCtGeUpkRHlWTTFXZGh1VHJRZVA0Q3hMWE1ITXVxNlU1TTQ=

If you now increase the security, just the first part of the export changes. From 8 → 9 → 24 it gets from 205 to 247 to 520935.

My highest key has some number around 29147155819 at level 34.

I think this number will somehow hash to something that is related to my public key. So anyone can proof it with a single round of hashing, but my PC needed 29147155819 rounds of hashing to find it, which took quite a while ;)

Btw: The max security is 128, so I guess that's the length in bits of the public key.

I hope I was able to help - Tarion

Community
  • 1
Tarion
  • 121
  • 3
1

You could basically use something like Bitcoin difficulty and consider as valid only keys which happen to have a give prefix (starts by a given number of '0' for example).

Dillinur
  • 468
  • 3
  • 7