Security Tokens

Secure communications and tokens Tonimir Ki šasondi, dipl.inf , EUCIP DORS/CLUC 2010

$ finger tkisason Junior researcher/ teaching assistant @ Fakultet organizacije i informatike in Varaždinu www.foi.hr Security, Crypto, Linux… Mail: [email_address] GPG: 0x00C68442

Summary Authentication as a basis for good communications security Tokens and other methods for secure communications

Authentication goals : We authenticate ourselves every day … We want to determine validity of an entity to whom we offer a service 1:n Identification goes a step further 1:1 Relationship with secure communications ?

Authentication goals : We authenticate ourselves with the help of some factors: Something you know: Password , Passphrase Something you have: KeyFob, SmartCard, USB Token Something you are: Biometrics (behaviour or physiological)

Authentication problem : Not all, but some methods are static… Passwords They stay the same for a long time… Longer attack window Password reuse New analysis methods (GPGPU, Cuda, FPGA) Disk space is getting cheaper We can replay a known password Passwords don’t really identify no one.

Pyrit (http://code.google.com/p/pyrit/)

Authentication problem : Regarding the security of passwords : Size matters: Use long passphrases - Unknown author

Passwords : If passwords are bad, why are we using them?! Simplicity? How many passwords do you need to remember? Reliability Provisioning in big organizations Scaling They are cheap compared to any other method!

Passwords : And why should I dislike passwords? Remember Aurora? Password sniffing? Read Apache teams post mortem… Backdoored sshd?

Passwords : The main vulnerability of each of those systems is that they repeatedly use the same credential The other main vulnerability is that the implementation mostly gets bypassed… Same story as with crypto.. Lets see some other methods:

Biometrics : Excellent method for authentication and identification Unfortunately it can only be done with specialized hardware Portability and commonness of such HW? Most popular: fingerprint, handprint, keystroke dynamics Biometrics cannot be revoked. You can revoke a password! For a motivational example:

Machete: Biometric password sniffer

Biometrics: Biometrics would be used far more if we could send the characteristic over long ranges and authenticate ourselves remotely! Example: radius-fingerprint Radius auth that unlocked passwords based on fingerprints: #fail Academic works: Reconstructing an characteristic based on a template

Smart Cards: Memory card only Secure (encrypted) memory with PIN access Remember MIFARE crypto-1? Remember FedEx Kinko’s smartcard? PIN-s are really a deterrent if you have the right equipment Cryptographic smart cards

Smart Cards: Linux framework /stack for smart cards Libccid / OpenCS / pcscd OpenSC e sc (Centos/RedHat) Reader driver Card driver Application PKCS#11 / PKCS#15 support

Smart Cards: OpenSSH, OpenVPN, GnuPG support OpenSSH 5.4p1 has support for PKCS#11 Prior versions need OpenSSH-pkcs11 patches Not in mainline! A PAM module is available (pam_p11) Authentication with autorized ssh key Authentication with authorized x509 Why do we really have 3 representations for keys? (Openssh, gnupg, x509)

Smart Cards: GnuPG support? Gnupg-pkcs11 patches. GnuPG is compatible OpenPGP cards OpenVPN Good support strongSWAN Some limitations openSWAN - ???

Tokens : Time based, Hash based Two main viable approaches in Linux (Old and tested) S/key (deprecated) OPIE Packaged and simple! OTPW (prefix-suffix scheme) Like TAN lists I don’t want to carry a list with my suffixes!

OPIE One time passwords give a good security mostly because of their flexibility. You cannot reuse a onetime password Here i will concentrate on OPIE and OATH-HOTP, making them work with PAM/SSH Why are they better? Soft tokens as apps on your cellphone

OPIE OPIE (One time passwords in everything) Opie-server and client libpam_opie Useful for local su when you have multiple admins Apache team requires them on some hosts (read their post mortem!) How does it work? Create a password seed Make a hash-chain h499(h498(h497(…h2(h1(S))…))) Represent output as 6 words… Start asking for otps from 499 to 0

OPIE You need to seed the OPIE for each user with opiepasswd You can create a random seed which can be secret from the end user. If you want to use OpenSSH with opie, you need to enable ChallengeResponseAuthentication in your sshd config You need to add it to PAM.d (more on that later…)

OPIE Challenge can be pre-set Don’t tempt yourself to install multiple hosts with the same challenge, you don’t have OTP then Before you reach seq 0, you will need to rekey the otp.

OPIE OTP’s can be generated with opiekey or another token generator (java,android,iphone app) tony@enigma:~$ opiekey 498 en1234 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: NUDE JAN ATE BOGY FIEF NAP tony@enigma:~$

OPIE You can precompute OTP’s and carry them with you or hand them out (single use method?) tony@enigma:~$ opiekey -n 5 498 en1234 … Enter secret pass phrase: 494: MOD SOIL DUMB OLDY ROOF RISE 495: LIMA HIT BUSS DIVE OUR SPY 496: CORK CORK MAN HOLM TURF MET 497: MUSH SAGE SO WEIR EVEN AMRA 498: NUDE JAN ATE BOGY FIEF NAP

OPIE Android: OpieKey Java: J2Me-otp, jfreesafe Iphone: 1key Linux - opiekey Paper... Google : Search for OPIE, OTP-MD5, S/Key MD5… If you need strong security – generate the OTP-s on a SEPARATE device than the one that you use for comms and use twofactor auth.

Configuring PAM to work with OTP-s tony@enigma:~$ ls /etc/pam.d/ atd chpasswd common-account common-password common-session-noninteractive cups gdm-autologin login other polkit-1 samba su chfn chsh common-auth common-session cron gdm gnome-screensaver newusers passwd ppp sshd sudo Su, sshd, sudo are safe to use with OPIE Test any service which you want to OTP first in a VM. Try not to lock yourself out of your box 

PAM configuration Sufficient and required statements in PAM Depends if you want single or multiple mode auth. Debug your OTP’s with the debug statement Use sufficient at first until you know it’s working Most of the time you can never be to careful and add: auth required pam_deny.so at the end…

OATH – Initiative for open authentication Relatively new standard www.openauthentication.org Two methods: HOTP, TOTP

OATH-HOTP Currently no support for TOTP under linux Wrong: RCDevs-OpenOTP RSA-SecurID is the proprietary exception HOTP support is provided in: HOTP toolkit (libpam_hotp) (http://freshmeat.net/projects/hotp-toolkit) Barada (libpam_barada) ( http://barada.sourceforge.net/ ) Apache module mod-auth-otp RADIUS rlm_otp support.

OATH-HOTP My experience was buggy with hotp-toolkit, Go with barada, it’s packages are available for Debian Squeeze (not in lenny yet.) As always: YMMW  mod_authn_otp

Yubikey Yubikey usb token Yubi OTP, HOTP, Static password mode OSS Pam modules, apache, radius Great community, bindings for everything. As far as I am concerned, the most promising token Now would be the good time to show some demos 

Conclusion Passwords scale, you can’t beat that. Implement a strong password policy! Biometrics are great for local authentication Use them on fixed workstations Fingerprint scanners are relatively cheap Check our fprint lib. SmartCards are good Watch out for reader/card/app compatability! HOTP-s are really great, but the support is terrible Yubikey – bright future (i hope…)

Conclusion The easiest way to ensure OTP is with OATH-HOTP or with yubikey Use multifactor authentication (OTP+Password) Watch out for implementation errors OTPs won’t protect you against security bugs Did i mention? Patch your code! Principle of least privilege, service separation Yes, you probably should implement ISMS!

E nd rant… Questions, comments, ideas, criticisms  [email_address]

Security Tokens

More Related Content

Similar to Security Tokens (20)

Security Tokens