RSA SecurID Authentication - Department of Computer Science

advertisement

RSA SecurID

®

Authentication

Ellen Stuart

CS265 Cryptography and Computer Security

Fall 2004

Agenda

Introduction

Components

 Tokens

 Server

 Algorithm

Weaknesses

Comparison

Conclusion

11/24/2004

E.Stuart

2

Introduction

RSA SecurID

®

Authentication

 History of the RSA and SecurID

®

 Two Factor Authentication

 Customer List

NSA

CIA

White House

E.Stuart

11/24/2004

3

Components of the SecurID

®

System

Tokens

Authentication Server

Algorithm

E.Stuart

11/24/2004

4

Components of the SecurID

®

System

Tokens

Issued to users

Each token had a unique 64 bit seed value

“Something the user has”

Key Fob

User required to login in with

Device

•User required to use PIN to access pass code

E.Stuart

11/24/2004

5

Components of the SecurID

®

System

Authentication Server

 Maintains database of user assigned tokens

 Generates pass code following the same algorithm as the token

 Seed

– similar to symmetric key

E.Stuart

11/24/2004

6

SecurID Login

Users issued tokens

E.Stuart

Internet

RSA

Authentication

Server

7

11/24/2004

Components of the SecurID

®

System

Algorithm

Brainard’s Hashing Algorithm

 AES Hashing Algorithm

11/24/2004

E.Stuart

8

Components of the SecurID

®

System

Brainard’s Hashing

Algorithm

Secret key := unique seed value

Time := 32 bit count of minutes since January

1, 1986

E.Stuart

11/24/2004

9

Components of the SecurID

®

System

ASHF description of Brainard’s Hashing

Algorithm

Each round -> 64 sub-rounds

11/24/2004

E.Stuart

10

Weaknesses of the SecurID

®

System

Violation of Kerckhoff’s Principle

 Publication of the alleged hash algorithm

Key Recovery Attack (Biryukov,

2003; Contini, 2003)

AES Implementation

 Human Factors

E.Stuart

11/24/2004

11

Comparison to Password Systems

Password systems are built-in, no additional implementation cost?

 Administration Costs

 Security Costs

SecurID

 No need to regularly change passwords

 No changes as long as tokens uncompromised (and hash function)

E.Stuart

11/24/2004

12

Conclusion

Former implementation of SecurID supports Kerckhoff’s principle

RSA phasing out versions with Brainard’s

Hash Function

13

11/24/2004

E.Stuart

References

Mudge, Kingpin, Initial Cryptanalysis of the RSA SecurID Algorithm, January 2001 www.atstake.com/research/reports/acrobat/initialsecuridanalysis.pdf

V. McLellan; Firewall Wizards: RE: securid AES tokens, http://www.insecure.org, Apr 26 2004, retrieved

November 2004

F. Muhtar, Safer means to use passwords, Computimes, NSTP, Feb 13th 2003, retrieved November 2004 from http://www.transniaga.com/Default.htm

S. Contini, Y.L. Yin, Improved Cryptanalysis of SecurID, Cryptology ePrintArchive, Report 2003/205, http://eprint.iacr.org/2003/205, October 21, 2003.

V. McLellan, Re: SecurID Token Emulator, post to BugTraq, http://cert.unistuttgart.de/archive/bugtraq/2001/01/msg00090.html

I.C. Wiener, Sample SecurID Token Emulator with Token Secret Import, post to

BugTraq, http://www.securityfocus.com/archive/1/152525

The Authentication Scorecard, White Paper, RSA Security, Inc, http://www.rsasecurity.com

, retrieved

November 2004.

Protecting Against Phishing by Implementing Strong Two-Factor Authentication, White Paper, RSA Security,

Inc, http://www.rsasecurity.com

, retrieved November 2004.

Are passwords Really Free? A closer look at the hidden costs of password security, White Paper, RSA

Security, Inc, http://www.rsasecurity.com

, retrieved November 2004.

RSA Laboritories, FAQ Version 4.1, May 2000 RSA Security, Inc, http://www.rsasecurity.com

.

G. Welsh; Breaking the Code, Macquarie University News Feature, March 2004. Retrieved November 2004, from http://www.pr.mq.edu.au/macnews.

Biryukov, J. Lano, and B. Preneel; Cryptanalysis of the Alleged SecurID Hash Function (extended version),

Lecture Notes in Computer Science, Springer-Verlag, 2003.

RSA security website, http://www.rsasecurity.com/company

14

11/24/2004

E.Stuart

Download