PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk.

Slides:



Advertisements
Similar presentations
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Masaryk U., Monet White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
CHAPTER FOUR COMPUTER SOFTWARE.
Practical Computer Literacy Week-02
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Android Security Auditing Slides and projects at samsclass.info.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Security Planning and Administrative Delegation Lesson 6.
1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?
The Diagnostic Pathfinder System Introduction Getting Started.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
PV204 Security technologies Team projects Petr Švenda Faculty of Informatics, Masaryk University, Brno, CZ | PV204 - Security technologies.
1. Presentation Agenda  Identify Java Card Technology  Identify Elements of Java Card applications  Communicating with a Java Card Applet  Java Card.
1 OPERATING SYSTEMS. 2 CONTENTS 1.What is an Operating System? 2.OS Functions 3.OS Services 4.Structure of OS 5.Evolution of OS.
PV204 Security technologies
2 Factor & Multi Factor Authentication
Computer System Laboratory
PV204 Security technologies
chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
PV204 Security technologies
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
PV204 Security technologies LABS
Lab 05 Firewalls.
PV204 Security technologies LABS
Protecting Interprocess Communications
SECURITY FEATURES OF ATM
A Wireless LAN Security Protocol
Outline What does the OS protect? Authentication for operating systems
PV204 Security technologies
AAA Introduction Chalk Talk
Module 8: Securing Network Traffic by Using IPSec and Certificates
Introduction to ZBOSS Embedded Systems Software Training Center
Deploying and Configuring SSIS Packages
FTP - File Transfer Protocol
Two-factor authentication
Introduction to Networking
Information and Network Security
Outline What does the OS protect? Authentication for operating systems
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
NERC CIP Implementation – Lessons Learned and Path Forward
slides borrowed and adapted from Alex Mariakis and CSE 390a
DHCP, DNS, Client Connection, Assignment 1 1.3
Proximity-based Access Control for Implantable Medical Devices
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)
2N® Access Unit Bluetooth
Lecture 2 - SQL Injection
Chapter 28: User Security
Web Server Design Week 13 Old Dominion University
Faculty of Science IT Department By Raz Dara MA.
Radoslaw Jedynak, PhD Poland, Technical University of Radom
Web Server Design Week 13 Old Dominion University
Web Server Design Week 13 Old Dominion University
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
O.S. Security.
Mohammad Alauthman Computer Security Mohammad Alauthman
Week 7 - Wednesday CS363.
Advanced Penetration testing
2N® Access Unit Bluetooth
Presentation transcript:

PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk University

Laboratory JavaCard implementation of HOTP/TOTP – Upload compiled applet, use desktop application (Yubico) Inspection of application code Attacking HOTP/TOTP authentication Improving HOTP/TOTP authentication 2 PV204 - Labs

YUBIKEY OAUTH 3 PV204 - Labs

Yubikey OATH applet – –Already included in AppletPlayground –Compile applet  OATH.cap (ant toys) –Upload to card (gp -install) Desktop OAUTH utility – Change name of reader –File  Settings  Card reader name –Insert your reader name (use gp to obtain it) E.g.,Gemplus USB Key Smart Card Reader 0 4 PV204 - Labs

Add new secret File  Add Credential name: anything Secret key: key shared with verification server –Base32 encoding (a-z0-9=) –E.g., password= Try HOTP option (rfc4226) Try TOTP option (rfc6238) What difference you can see? 5 PV204 - Labs

Testing OATH applet YkneoOathTest project No main function, execution via unit tests Add JUnit library –Libraries  RClick  JUnit 4.10 –YkneoOathTest should now compile Run test you wish –Place breakpoint into target test –RClick  Debug focused test method for run Can you localize functions responsible for TOTP/HOTP computations? 6 PV204 - Labs

Questions Produce descriptions of basic steps of HOTP/TOTP operation executed on card –What is APDU command used to invoke certain step? –Localize methods and steps inside methods By what is user authenticated in HOTP scheme? Who is authorized to use generating capability of card’s applet? What is advantage/disadvantage of TOTP to HOTP? Why PROP_ALWAYS_INCREASING is introduced? –What attacks are addressed? 7 PV204 - Labs

Attacking HOTP Design attacks against HOTP verification –What to compromise? –Where to compromise? –How to technically perform compromise? 8 PV204 - Labs

Where to log communication? | PV204 Smart cards User application winscard.dll reader driver USB driver APDU In-application logging Virtual reader SW USB sniffer HW USB sniffer In-card logger “Stub” winscard.dll logging 9

Dump data between app and card Download pre-prepared Yubico.zip from IS –Contains modified winscard.dll (logging functionality) –Contains original winscard.dll (renamed as original.dll) Run yubioath.exe –winscard_log.txt is produced –Dump of all APDU commands Create new item via yubioath GUI –Try to locate creation inside log file –Consider using 10 PV204 - Labs

Existing dump - yubico_winscard_log.txt yubico_winscard_log.txt dump created for you Can you obtain used password for OATH applet? Can you obtain key for HOTP/TOTP computation? 11 PV204 - Labs

Option: Create dump with USB monitor Wireshark to monitor USB on Linux – USB Monitor to monitor on Windows – Not only APDU, but also surrounding USB frames are captured (need for extraction) 12 PV204 - Labs

Improving HOTP How you can improve HOTP protocol? –Think about attack addressed –Think about technical feasibility –Think about cost and usability impact 13 PV204 - Labs

Homework No new homework this week (bonus assignment: bulk encryption device, 29.3.) 14 PV204 - Labs

(SOME ) SOLUTIONS 15 PV204 - Labs

Solution: attacking HOTP/TOTP Client-side compromise –Extract HOTP key from card –Keylogger to capture PIN + steal card –Capture HOTP code and block genuine user code transmission Attacker will submit code by itself later –Manipulate input data for HOTP computation if challenge is also included (e.g., money transfer info) –Manipulate time input for TOTP (no on-card time available) Compute TOTP for future use –… 16 PV204 - Labs

Solution: attacking HOTP/TOTP Server-side compromise –Compromise HOTP/TOTP key –Decrease counter for HOTP (old codes can be reused) –Corrupt generator of challenges (if used for HOTP) –Corrupt implementation of check logic (accept always) –… 17 PV204 - Labs

Solution: improving HOTP Including transaction info into HOTP computation –HOTP will depends on what is authorized, not only counter Secure channel between card and auth. server –Protection against eavesdropping of code on path Dedicated input pad for entering PIN –Protection of PIN value against client-PC compromise Secure hardware to protect HOTP keys on server side –Server hack will not reveal all keys Secure hardware to perform whole HOTP verification –Keys and integrity of verification operation of protected 18 PV204 - Labs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.