Posted by:
admin
12 years, 5 months ago
The original paper on the attack is Efficient Padding Oracle Attacks on Cryptographic Hardware' by Bardou, Focardi, Kawamoto, Simionato, Steel and Tsay> here (pdf). They have combined and optimized a handful of attacks against the PKCS#11 encryption that they claim make it possible to extract the private keys. There is a great summary by Matthew Green from John Hopkins.
First of all, WiKID does not use PKCS#11. We use AES 256 to protect the private keys on the token. Once the token is opened, we encrypt the PIN by the user's private key. We use RSA 2048 bit encryption or equivalent for this. Along with the PIN we also send an one-time use AES 256 key. The WiKID server decrypts the PIN with the user's public key and if all is ok, generates an OTP, encrypts it with the server's private key and the one-time use AES key and returns it to the token. The token decrypts the one-time passcode with the server's public key and the one-time use AES key. Note that for an encryption-based solution, WiKID is pretty damn simple.
The attack is against multi-purpose USB-based tokens. In addition to doing two-factor authentication, these keys can be used to perform smartcard-esque functionality such as unlocking an encrypted hard drive and domain authentication. It is exactly the type of system that information security professionals want: a single tool that encrypts data at rest, performs session security and user authentication. If it had a biometric reader, all the better! Granted, there are situations where that is warranted, but for most organizations it is not and blowing your budget on the "One Tool That Protects from All" is a mistake.
You might be tempted to say "Time to upgrade to a Hardware Security Module". Again, I ask, is that in your budget? And will it secure you? Here's what Matthew Green has to say:
Oh, not because your HSM is secure or anything. Hilariously, the researchers were unable to run their attacks on a commercial HSM because they couldn't afford one. (They can costs upwards of EUR20,000.) Don't get complacent: they're working on it.
Security through Costliness! Yeah, you may want an HSM, but in the between now and when you get the NoBudgetFantasyLand, what will you do?
Here are my take-aways:
- This is an attack against the smart card functionality. It is not "Two-factor authentication fail" so stop adding pointless mis-information.
- RSA is questioning the usefulness of the attack. They state attacker needs the smartcard and the PIN.
- RSA is also saying "This vulnerability does not yield the private key stored on the smartcard." The researchers state: "we were actually able to execute the attack and extract the correct encrypted key." One of these statements is wrong.
- Things get broken. The real test is how they get fixed.
At the same time, I can't help but think about how small the market for this type of combined two-factor authentication and USB-based smart card must be. How will this help you with BYOD? Your iDevice doesn't have a USB port. Actually, this device won't even work on MacOS or Linux.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)