RSA Secur ID Authentication Ellen Stuart CS 265

  • Slides: 14
Download presentation
RSA Secur. ID® Authentication Ellen Stuart CS 265 Cryptography and Computer Security Fall 2004

RSA Secur. ID® Authentication Ellen Stuart CS 265 Cryptography and Computer Security Fall 2004 11/24/2004 E. Stuart

Agenda n n Introduction Components ¨ Tokens ¨ Server ¨ Algorithm n n n

Agenda n n Introduction Components ¨ Tokens ¨ Server ¨ Algorithm n n n Weaknesses Comparison Conclusion 11/24/2004 E. Stuart 2

Introduction n RSA Secur. ID® Authentication ¨ History of the RSA and Secur. ID®

Introduction n RSA Secur. ID® Authentication ¨ History of the RSA and Secur. ID® ¨ Two Factor Authentication ¨ Customer List NSA n CIA n White House n 11/24/2004 E. Stuart 3

Components of the Secur. ID® System Tokens n Authentication Server n Algorithm n 11/24/2004

Components of the Secur. ID® System Tokens n Authentication Server n Algorithm n 11/24/2004 E. Stuart 4

Components of the Secur. ID® System n Tokens Issued to users ¨ Each token

Components of the Secur. ID® System n Tokens Issued to users ¨ Each token had a unique 64 bit seed value ¨ “Something the user has” ¨ Software Hardware PINPAD Token Key Fob Token • User Doesrequired not require use separate PIN to to login in with Device PIN andpass access displayed code pass code • User required to use PIN to access pass code 11/24/2004 E. Stuart 5

Components of the Secur. ID® System n Authentication Server ¨ Maintains database of user

Components of the Secur. ID® System n Authentication Server ¨ Maintains database of user assigned tokens ¨ Generates pass code following the same algorithm as the token ¨ Seed – similar to symmetric key 11/24/2004 E. Stuart 6

Secur. ID Login Users issued tokens Internet 11/24/2004 E. Stuart RSA Authentication Server 7

Secur. ID Login Users issued tokens Internet 11/24/2004 E. Stuart RSA Authentication Server 7

Components of the Secur. ID® System n Algorithm ¨ Brainard’s Hashing Algorithm ¨ AES

Components of the Secur. ID® System n Algorithm ¨ Brainard’s Hashing Algorithm ¨ AES Hashing Algorithm 11/24/2004 E. Stuart 8

Components of the Secur. ID® System ¨ Brainard’s Hashing Algorithm n n 11/24/2004 Secret

Components of the Secur. ID® System ¨ Brainard’s Hashing Algorithm n n 11/24/2004 Secret key : = unique seed value Time : = 32 bit count of minutes since January 1, 1986 E. Stuart 9

Components of the Secur. ID® ¨ ASHF description of Brainard’s Hashing System Algorithm Each

Components of the Secur. ID® ¨ ASHF description of Brainard’s Hashing System Algorithm Each round -> 64 sub-rounds 11/24/2004 E. Stuart 10

Weaknesses of the Secur. ID® System ¨ Violation of Kerckhoff’s Principle ¨ Publication of

Weaknesses of the Secur. ID® System ¨ Violation of Kerckhoff’s Principle ¨ Publication of the alleged hash algorithm ¨ Key Recovery Attack (Biryukov, 2003; Contini, 2003) ¨ AES Implementation ¨ Human Factors 11/24/2004 E. Stuart 11

Comparison to Password Systems n Password systems are built-in, no additional implementation cost? ¨

Comparison to Password Systems n Password systems are built-in, no additional implementation cost? ¨ Administration ¨ Security n Costs Secur. ID ¨ No need to regularly change passwords ¨ No changes as long as tokens uncompromised (and hash function) 11/24/2004 E. Stuart 12

Conclusion Former implementation of Secur. ID supports Kerckhoff’s principle n RSA phasing out versions

Conclusion Former implementation of Secur. ID supports Kerckhoff’s principle n RSA phasing out versions with Brainard’s Hash Function n 11/24/2004 E. Stuart 13

References n n n n Mudge, Kingpin, Initial Cryptanalysis of the RSA Secur. ID

References n n n n Mudge, Kingpin, Initial Cryptanalysis of the RSA Secur. ID Algorithm, January 2001 www. atstake. com/research/reports/acrobat/initialsecuridanalysis. pdf V. Mc. Lellan; Firewall Wizards: RE: securid AES tokens, http: //www. insecure. org, Apr 26 2004, retrieved November 2004 F. Muhtar, Safer means to use passwords, Computimes, NSTP, Feb 13 th 2003, retrieved November 2004 from http: //www. transniaga. com/Default. htm S. Contini, Y. L. Yin, Improved Cryptanalysis of Secur. ID, Cryptology e. Print. Archive, Report 2003/205, http: //eprint. iacr. org/2003/205, October 21, 2003. V. Mc. Lellan, Re: Secur. ID Token Emulator, post to Bug. Traq, http: //cert. unistuttgart. de/archive/bugtraq/2001/01/msg 00090. html I. C. Wiener, Sample Secur. ID Token Emulator with Token Secret Import, post to Bug. Traq, http: //www. securityfocus. com/archive/1/152525 The Authentication Scorecard, White Paper, RSA Security, Inc, http: //www. rsasecurity. com, retrieved November 2004. Protecting Against Phishing by Implementing Strong Two-Factor Authentication, White Paper, RSA Security, Inc, http: //www. rsasecurity. com, retrieved November 2004. Are passwords Really Free? A closer look at the hidden costs of password security, White Paper, RSA Security, Inc, http: //www. rsasecurity. com, retrieved November 2004. RSA Laboritories, FAQ Version 4. 1, May 2000 RSA Security, Inc, http: //www. rsasecurity. com. G. Welsh; Breaking the Code, Macquarie University News Feature, March 2004. Retrieved November 2004, from http: //www. pr. mq. edu. au/macnews. Biryukov, J. Lano, and B. Preneel; Cryptanalysis of the Alleged Secur. ID Hash Function (extended version), Lecture Notes in Computer Science, Springer-Verlag, 2003. RSA security website, http: //www. rsasecurity. com/company 11/24/2004 E. Stuart 14

RSA Secur ID OTP RSA Security OTP RSARSA Secur ID OTP RSA Security OTP RSA
RSA 9 1977 RSA Shamir Rivest Adleman RSARSA 9 1977 RSA Shamir Rivest Adleman RSA
RSA Implementation Attacks RSA Attacks 1 RSA qRSA Implementation Attacks RSA Attacks 1 RSA q
RSA Implementation Attacks RSA Attacks 1 RSA oRSA Implementation Attacks RSA Attacks 1 RSA o
RSA Secur ID Update Rep Name Copyright 2015RSA Secur ID Update Rep Name Copyright 2015
Patriot Ellen Ochoa HispanicAmerican Ellen Ochoa 1958 EllenPatriot Ellen Ochoa HispanicAmerican Ellen Ochoa 1958 Ellen
Mary Stuart Mary Stuart early life Mary StuartMary Stuart Mary Stuart early life Mary Stuart
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Authentication Authentication Basics Definition 11 1 Authentication isAuthentication Authentication Basics Definition 11 1 Authentication is
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
COEN 351 Authentication Authentication n Authentication is basedCOEN 351 Authentication Authentication n Authentication is based
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication