RE: Cryptanalysis of SecurID (ACE/Server)

New Message Reply About this list Date view Thread view Subject view Author view

Alex Alten (Alten@Home.Com)
Thu, 01 Oct 1998 22:45:55 -0700


At 04:49 PM 10/1/98 -0700, John Moore wrote:
>> -----Original Message-----
>> From: Perry E. Metzger [mailto:perry@piermont.com]
>>
>> Encryption technology has many uses. Although you may be unfamiliar
>> with the use of encryption for authentication, the developers of
>> technologies like IPSec and SSH do not seem to have been ignorant
>> of these techniques. MACs and digital signatures are hardly shocking
>> and unknown technologies.
>
>> The token isn't bonded to the person's skin. It is just as easily
>> stolen as anything else -- like their laptop with their (encrypted)
>> private key, say.
>[...]
>>
>> Okay. So, we've changed the problem from stealing the laptop to
>> stealing the token in the guy's wallet. Could you explain why this is
>> better in some way?
>>
>>
>Yes. The two fact works if the guy doesn't have a laptop. If he is using
>some other system to make access (yes, I know, it could have a trojan in
>it). Or, if he is using a shared system. In other words, one could consider
>the securID token sort of like a portable key - it can significantly reduce
>key/certificate management problems and increase security.
>
>I might be at a friend's home and need secure access to a critical system.
>How do I do that in a secure manner - for example, one that doesn't allow
>him to simply grab my password and use it later?
>What methodology verifies by both physical and secret-knowledge encryption?
>How would you achieve this?
>

These are tough questions. Fundamentally you need to have an unbroken chain
of trust via humans all the way back to the "security officers" of the system.
Whether the actual mechanism to establish your identity to the system is 1, 2
or 3 factor is not important, except as additional hurdles to prevent someone
from posing as you. Generally the more factors, the less user friendly it is.
So the use of a combination of PIN, shared secret (a card or a token), or
a biometric really is a system design decision. Other considerations are
whether
or not you need to enroll users remotely or whether you want certain software
(a web server) to participate without human involvement (like not having to
supply a password on reboot). Ideally you want the authentication mechanism
to work in "pure" software, without relying on hardware for protection. An
online mechanism can achieve this, but offline usually needs to rely on
special
hardware/chips. (However you will probably need at least one hardware
based RNG
involved somewhere.) Regardless of design the best authentication is usually
two-way, you verify the system and the system verifies you. Along with all
this
you want to ensure that the system can survive successful attacks on many
users
or the collusion between users. Plus you need policing mechanisms, in
particular
a trusted human agent should be able to remove the trust given to a user at
any
time. The cryptography used should be sparingly chosen based on engineering
design needs.

- Alex

--

Alex Alten

Alten@Home.Com Alten@TriStrata.Com

P.O. Box 11406 Pleasanton, CA 94588 USA (925) 417-0159


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19