Secure Remote Client Authentication - Finnova
Secure Remote Client Authentication - Finnova
Secure Remote Client Authentication - Finnova
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
IBM Zurich Research Laboratory<br />
<strong>Secure</strong> <strong>Remote</strong> <strong>Client</strong> <strong>Authentication</strong><br />
Thorsten Kramp<br />
Thomas Weigold<br />
<strong>Finnova</strong> Partner Summit 11/09/2007 ©2007 IBM Corp
IBM Zurich Research Laboratory<br />
Introduction<br />
• <strong>Remote</strong> authentication is ubiquitous nowadays<br />
– Distributed data services and web services<br />
– <strong>Client</strong>/server are connected via some potentially insecure network<br />
• Large ranges of different schemes proposed<br />
– Ranging from simple passwords to PKI to biometrics<br />
– Running on desktop PCs to smart cards to mobile phones<br />
public network<br />
2 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (1): Passwords<br />
• Shared secret known to client and server<br />
– Most primitive and oldest method<br />
– Same static password is used over and over again<br />
– Changed infrequently every couple of weeks<br />
– Works only in well-controlled environments<br />
3 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (2): One-Time Codes<br />
• Scratch Lists<br />
1. 2937<br />
2. 9665<br />
3. 9754<br />
…<br />
index (optional)<br />
one-time code<br />
1. 2937<br />
2. 9665<br />
3. 9754<br />
…<br />
4 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (2): One-Time Codes<br />
• Short-Time Passwords<br />
time<br />
secret(s)<br />
ƒ(x)<br />
short-time code<br />
ƒ(x)<br />
time<br />
secret(s)<br />
5 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (2): One-Time Codes<br />
• Challenge/Response<br />
challenge<br />
challenge<br />
challenge<br />
secret(s)<br />
ƒ(x)<br />
response code<br />
ƒ(x)<br />
secret(s)<br />
6 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (3): PKI<br />
• Public-key infrastructure<br />
certificate<br />
private key<br />
challenge<br />
sig(Challenge) + certificate<br />
challenge<br />
CRL<br />
CA certificate(s)<br />
7 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
<strong>Authentication</strong> Schemes (4): Biometrics<br />
• <strong>Authentication</strong> based on “being something” instead<br />
of “knowing something” or “having something”<br />
– Fingerprints, facial expressions, iris pattern, …<br />
– Biometric information captured during enrollment<br />
– Captured again and compared for authentication<br />
– Probabilistic approach!<br />
Threshold<br />
Impostors<br />
Genuine<br />
FREQ<br />
False Reject<br />
False Accept<br />
MATCH SCORE<br />
8 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Security Devices (1): Smart Cards<br />
• CPU plus memory in a tamper-resistant package<br />
– Clock and power provided externally<br />
– Contact-based or contact-less communication<br />
• Generally accepted as sufficiently secure to…<br />
– …store sensitive data (e.g., keys)<br />
– …generate keys (e.g., for PKI)<br />
• Reader required for access<br />
– Online (e.g., connected to a PC)<br />
– Offline w/ display and keyboard of its own<br />
9 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Security Devices (2): Mobile Phones & PDAs<br />
• Separate computing platform<br />
– Keyboard and display of its own<br />
– May be used offline and online (e.g., via Bluetooth)<br />
– Mobile phones can use mobile network as secure channel<br />
• Potential target of attack<br />
– General computing platform (e.g., w/ Sun’s Java)<br />
– Requires a security token such as a smart card<br />
– Second smart card for secure processing communicating via<br />
NFC (near-field communication)<br />
10 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Security Devices (3): Smart Memory Sticks<br />
• Memory stick w/ smart card<br />
– USB connected, mounts as read-only volume<br />
– Contains immutable software for remote authentication<br />
(e.g., hardened web browser)<br />
– Mutable state as well as sensitive data on smart card only<br />
– Difficult to update (e.g., security patches)<br />
11 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Attacks (1): Phishing/Malicious Software<br />
12 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Countermeasures (1): Phishing/Malicious Software<br />
• Phishing<br />
– Short-time codes limit window opportunity<br />
– Full protection only with challenge/response or PKI<br />
• Malicious Software<br />
– Requires separate security token such as a smart card<br />
– Directly connected with challenge/response scheme or PKI<br />
– With display and keyboard of its own prevents unsolicited<br />
usage, especially if combined with transaction signing<br />
– Stand-alone if challenge/response are easily to transfer or if<br />
an independent secure channel exists (e.g., mobile network)<br />
13 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Attacks (2): Man in the Middle<br />
14 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Countermeasures (2): Man in the Middle<br />
• PKI-certificate with SSL/TLS connection<br />
– Users tend to ignore warning messages about invalid or<br />
untrusted server certificates<br />
• Full protection requires…<br />
– Identification of the information channel by client and server<br />
– Challenge/response or PKI authentication scheme that uses<br />
the channel identification as additional input<br />
• Partial protection by transaction signing<br />
– MITM can “sniff” but not manipulate transactions or take<br />
over the communication channel<br />
15 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Attacks Overview and Classification<br />
16 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Conclusions & Recommendations<br />
1. Scratch lists are not state-of-the-art anymore as they<br />
do not withstand phishing and malicious software<br />
attacks.<br />
2. Challenge/response one-time codes or PKI-based<br />
schemes in combination with a secure device should<br />
be the basis for current authentications solutions.<br />
3. MITM attacks will become a problem in the near<br />
future. Therefore, current solutions should be built<br />
with a clear vision of how they could be extended to<br />
thwart MITM attacks.<br />
17 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation
IBM Zurich Research Laboratory<br />
Contact<br />
• Thorsten Kramp<br />
IBM Zurich Research Laboratory<br />
thk@zurich.ibm.com<br />
• Thomas Weigold<br />
IBM Zurich Research Laboratory<br />
twe@zurich.ibm.com<br />
18 <strong>Finnova</strong> Partner Summit 11/09/2007<br />
©2007 IBM Corporation