Microsoft marries RSA Security to Windows

[Ed Gerck]

"Arnold G. Reinhold" wrote:

> I can see a number of problems with using mobile phones as a second
> channel for authentication:

Great questions. Without aspiring to exhaust the answers, let me comment.

> 1. It begs the question of tamper resistant hardware. Unless the
> phone contains a tamper resistant serial number or key, it is
> relatively easy to clone. And cell phones are merging with PDAs. If
> you have secure storage, why not implement a local solution on the
> PDA side?

Cloning the cell phone has no effect unless you also have the credentials
to initiate the transaction. The cell phone cannot initiate the authentication
event. Of course, if you put a gun to the user's head you can get it all but
that is not the threat model.

A local solution on the PDA side is possible too, and may be helpful where
the mobile service may not work. However, it has less potential for wide
use. Today, 95% of all cell phones used in the US are SMS enabled.

> 2. Even if the phone is tamperproof, SMS messages can be intercepted.
> I can imagine a man-in-the-middle attack where the attacker cuts the
> user off after getting the SMS message, before the user has a chance
> to enter their code.

Has no effect if the system is well-designed. It's possible to make it mandatory
(under strong crypto assurances) to enter the one-time code using the *same*
browser page provided in response to the authentication request -- which
page is supplied under server-authenticated SSL (no MITM).

> 3. Cell phones don't work everywhere. Geographic coverage is limited.
> Most U.S. phones don't work overseas. Reception can fail inside
> buildings and cell phone use is prohibited on commercial airplanes
> in-flight (the airlines are planning to offer Internet access in the
> near future). And what happens if I choose to TEMPEST shield my
> facility?

No solution works everywhere. Cell phones are no exception. But it is
possible to design the system in a such a way that the user can use a different
access class (with less privileges, for example) if the cell phone does
not work. After all, the user is authenticated before the message is sent to
the cell phone.

That said, cell phone coverage is becoming ubiquitous and the solution also
works with pagers (while they still exist), email accounts (blackberrys) and
other means of communication -- including voice.

> 4. The cell phone network can get clogged in times of high stress,
> e.g. a snow storm at rush hour, a natural disaster or a terrorist
> incident. Presumably some people who use two factor authentication
> have important work to do. Do you want them to be locked out of their
> computers at such critical times?

Let's be careful with generalizations. During the tragic events of 9/11, cell
phones emerged as the solution for communication  under a distributed terrorist
attack.

Second, as I hint somewhere above, the important point here is not to rely on
something that will never fail (which is, clearly, impossible) but to offer
the user a recourse -- alternative ways to get the job done, even under reduced
privileges.

> 5. Cell phones are vulnerable to denial of service attacks. A simple
> RF jammer could prevent an individual or an entire building from
> accessing their computers.

See above.

> 6. People are generally cavalier about their cell phones. They wear
> them on belt pouches, leave them in cars and gym lockers, let
> strangers borrow them. I left mine in a coat pocket that I checked at
> a restaurant and ended up with a $40 long distance bill. Habits like
> that are hard to change. On the other hand, a token that goes on a
> key chain or is worn as jewelry taps into more security conscious
> cultural behavior.  Human factors are usually the weak link in
> security, so such considerations are important.

I see your argument backwards -- you are more likely to notice that
you lost or forgot your cell phone than a hardware token that you
seldom use, or even notice.  Cell phones also prevent a silent compromise
more effectively (as in theft, which involves no violence) because you
have a tendency to notice its absence -- the cell phone is sueful for many
other purposes!  And, you don't have to carry additional devices, that you
may lose or forget.

Additionally, just having my cell phone does not get you anywhere. You
also need my credentials to begin the authentication process and they are
NOT in my cell phone.

> 7. It's a tax on logins. SMS messages aren't free.

;-) nothing is free, but an SMS message is pretty close to that -- $0.05
to $0.10 per message. It's pay-as-you-go versus investing money
upfront on a hardware device that will also need replacement.

> 8. If I lose my token, I can use my cell phone to report it promptly.
> If I lose my cell phone...

You use a pay phone or your wired phone. You can also use email.

> 9. Improved technology should make authentication tokens even more
> attractive. For one thing they can be made very small and waterproof.
> Connection modes like USB and Bluetooth can eliminate the need to
> type in a code, or allow the PIN to be entered directly into the
> token (my preference).

It's costly, makes you carry an additional thing and -- most important
of all -- needs that pesky interface at the other end.

> 10. There is room for more innovative tokens. Imagine a finger ring
> that detects body heat and pulse and  knows if it has removed. It
> could then refuse to work, emit a distress code when next used or
> simply require an additional authentication step to be reactivated.
> Even implants are feasible.

There is always room for evolution, and that's why we shan't run out of
work ;-)

However, not everyone wants to have an implant or carry a ring on their
finger -- which can be scanned and the subject targeted for a more serious
threat. My general remark on biometrics applies here -- when you are the
key (eg, your live fingerprint),  key compromise has the potential to be
much serious and harmful to you.

BTW, what is the main benefit of two-channel (as opposed to just two-factor)
authentication? The main benefit is that security can be assured even if the user's
credentials are compromised -- for example, by writing their passwords on stick-it
notes on their screen, or under their keyboards, or by using weak passwords, or
even having their passwords silently sniffed by malicious sofware/hardware,
problems that are very thorny  today and really have no solution but to add
another, independent, communication channel. Trust on authentication effectiveness
depends on using more than one channel, which is a general characteristic of trust
( http://nma.com/papers/it-trust-part1.pdf  )

Cheers,
Ed Gerck


>
>
> Arnold Reinhold
>
> At 8:56 AM -0700 10/9/02, Ed Gerck wrote:
> >Tamper-resistant hardware is out, second channel with remote source is in.
> >Trust can be induced this way too, and better. There is no need for
> >PRNG in plain
> >view, no seed value known. Delay time of 60 seconds (or more) is fine because
> >each one-time code applies only to one page served.
> >
> >Please take a look at:
> >http://www.rsasecurity.com/products/mobile/datasheets/SIDMOB_DS_0802.pdf
> >
> >and http://nma.com/zsentry/
> >
> >Microsoft's move is good, RSA gets a good ride too, and the door may open
> >for a standards-based two-channel authentication method.
> >
> >Cheers,
> >Ed Gerck
> >
> >"Roy M.Silvernail" wrote:
> >
> >> On Tuesday 08 October 2002 10:11 pm, it was said:
> >>
> >> > Microsoft marries RSA Security to Windows
> >> > http://www.theregister.co.uk/content/55/27499.html
> >>
> >> [...]
> >>
> >> > The first initiatives will centre on Microsoft's licensing of RSA SecurID
> >> > two-factor authentication software and RSA Security's
> >>development of an RSA
> >> > SecurID Software Token for Pocket PC.
> >>
> >> And here, I thought that a portion of the security embodied in a SecurID
> >> token was the fact that it was a tamper-resistant, independent piece of
> >> hardware.  Now M$ wants to put the PRNG out in plain view, along with its
> > > seed value. This cherry is just begging to be picked by some blackhat,
> > > probably exploiting a hole in Pocket Outlook.
> >>
> >


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com