Ellen Stuart
CS265 Cryptography and Computer Security
Fall 2004

 Introduction
 Components
 Tokens
 Server
 Algorithm
 Weaknesses
 Comparison
 Conclusion
11/24/2004 E.Stuart
2

 RSA SecurID
®
Authentication
 History of the RSA and SecurID
®
 Two Factor Authentication
 Customer List
 NSA
 CIA
 White House
E.Stuart
11/24/2004
3

Components of the SecurID
®
System
 Tokens
 Authentication Server
 Algorithm
E.Stuart
11/24/2004
4

Components of the SecurID
®
System
 Tokens
 Issued to users


Each token had a unique 64 bit seed value
“Something the user has”
Key Fob
User required to login in with
Device
•User required to use PIN to access pass code
E.Stuart
11/24/2004
5

Components of the SecurID
®
System
 Authentication Server
 Maintains database of user assigned tokens
 Generates pass code following the same algorithm as the token
 Seed – similar to symmetric key
E.Stuart
11/24/2004
6

Users issued tokens
E.Stuart
Internet
RSA
Authentication
Server
7
11/24/2004

Components of the SecurID
®
System
 Algorithm
 Brainard’s Hashing Algorithm
 AES Hashing Algorithm
11/24/2004 E.Stuart
8

Components of the SecurID
®
System
 Brainard’s Hashing
Algorithm
 Secret key := unique seed value
 Time := 32 bit count of minutes since January
1, 1986
E.Stuart
11/24/2004
9

Components of the SecurID
®
System
 ASHF description of Brainard’s Hashing
Algorithm
Each round -> 64 sub-rounds
11/24/2004 E.Stuart
10

Weaknesses of the SecurID
®
System
 Violation of Kerckhoff’s Principle
 Publication of the alleged hash algorithm
 Key Recovery Attack (Biryukov,
2003; Contini, 2003)
 AES Implementation
 Human Factors
E.Stuart
11/24/2004
11

Comparison to Password Systems
 Password systems are built-in, no additional implementation cost?
 Administration Costs
 Security Costs
 SecurID
 No need to regularly change passwords
 No changes as long as tokens uncompromised (and hash function)
E.Stuart
11/24/2004
12

 Former implementation of SecurID supports Kerckhoff’s principle

RSA phasing out versions with Brainard’s
Hash Function
13
11/24/2004 E.Stuart
















Mudge, Kingpin, Initial Cryptanalysis of the RSA SecurID Algorithm, January 2001 www.atstake.com/research/reports/acrobat/initialsecuridanalysis.pdf
V. McLellan; Firewall Wizards: RE: securid AES tokens, http://www.insecure.org, Apr 26 2004, retrieved
November 2004
F. Muhtar, Safer means to use passwords, Computimes, NSTP, Feb 13th 2003, retrieved November 2004 from http://www.transniaga.com/Default.htm
S. Contini, Y.L. Yin, Improved Cryptanalysis of SecurID, Cryptology ePrintArchive, Report 2003/205, http://eprint.iacr.org/2003/205, October 21, 2003.
V. McLellan, Re: SecurID Token Emulator, post to BugTraq, http://cert.unistuttgart.de/archive/bugtraq/2001/01/msg00090.html
I.C. Wiener, Sample SecurID Token Emulator with Token Secret Import, post to
BugTraq, http://www.securityfocus.com/archive/1/152525
The Authentication Scorecard, White Paper, RSA Security, Inc, http://www.rsasecurity.com
, retrieved
November 2004.
Protecting Against Phishing by Implementing Strong Two-Factor Authentication, White Paper, RSA Security,
Inc, http://www.rsasecurity.com
, retrieved November 2004.
Are passwords Really Free? A closer look at the hidden costs of password security, White Paper, RSA
Security, Inc, http://www.rsasecurity.com
, retrieved November 2004.
RSA Laboritories, FAQ Version 4.1, May 2000 RSA Security, Inc, http://www.rsasecurity.com
.
G. Welsh; Breaking the Code, Macquarie University News Feature, March 2004. Retrieved November 2004, from http://www.pr.mq.edu.au/macnews.
Biryukov, J. Lano, and B. Preneel; Cryptanalysis of the Alleged SecurID Hash Function (extended version),
Lecture Notes in Computer Science, Springer-Verlag, 2003.
RSA security website, http://www.rsasecurity.com/company
14
11/24/2004 E.Stuart