RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004.

Slides:

Advertisements

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Department of Electrical & Computer Engineering Advisor: Michael Zink.

FIT3105 Smart card based authentication and identity management Lecture 4.

Chapter 5 Cryptography Protecting principals communication in systems.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

RSA SecurID November 10, 2005.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Cryptography Lecture 1: Introduction Piotr Faliszewski.

CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Introduction to Information Security J. H. Wang Sep. 15, 2014.

Introduction to Network Security J. H. Wang Feb. 24, 2011.

1.NET Web Forms Security Issues © 2002 by Jerry Post.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.

Crypto Bro Rigby. History

SEC835 Practical aspects of security implementation Part 1.

CRYPTOGRAPHY How does it impact cyber security and why you need to know more?

DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.

The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.

Information Systems Security

Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

Some Perspectives on Smart Card Cryptography

Lieberman Software Random Password Manager & Two-Factor Authentication.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.

Introduction to Information Security J. H. Wang Sep. 18, 2012.

NETWORKING & SYSTEM UPDATES

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

Information Systems Design and Development Security Precautions Computing Science.

Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.

Unit 3 Section 6.4: Internet Security

Crypto in information security

Hardware Cryptographic Coprocessor

ICS 454 Principles of Cryptography

Operating Systems Security

Student: Ying Hong Course: Database Security Instructor: Dr. Yang

ICS 454 Principles of Cryptography

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Week 7 - Wednesday CS363.

Presentation transcript:

RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004

E.Stuart2 11/24/2004 Agenda Introduction Components  Tokens  Server  Algorithm Weaknesses Comparison Conclusion

E.Stuart3 11/24/2004 Introduction RSA SecurID ® Authentication  History of the RSA and SecurID ®  Two Factor Authentication  Customer List NSA CIA White House

E.Stuart4 11/24/2004 Components of the SecurID ® System Tokens Authentication Server Algorithm

E.Stuart5 11/24/2004 Components of the SecurID ® System Tokens  Issued to users  Each token had a unique 64 bit seed value  “Something the user has” Key Fob User required to login in with PIN and displayed pass code Hardware Token User required to login in with PIN and displayed pass code PINPAD User required to use PIN to access pass code Software Token Does not require separate Device User required to use PIN to access pass code

E.Stuart6 11/24/2004 Components of the SecurID ® System Authentication Server  Maintains database of user assigned tokens  Generates pass code following the same algorithm as the token  Seed – similar to symmetric key

E.Stuart7 11/24/2004 SecurID Login Users issued tokens Internet RSA Authentication Server

E.Stuart8 11/24/2004 Components of the SecurID ® System Algorithm  Brainard’s Hashing Algorithm  AES Hashing Algorithm

E.Stuart9 11/24/2004 Components of the SecurID ® System  Brainard’s Hashing Algorithm Secret key := unique seed value Time := 32 bit count of minutes since January 1, 1986

E.Stuart10 11/24/2004 Components of the SecurID ® System  ASHF description of Brainard’s Hashing Algorithm Each round -> 64 sub-rounds

E.Stuart11 11/24/2004 Weaknesses of the SecurID ® System  Violation of Kerckhoff’s Principle  Publication of the alleged hash algorithm  Key Recovery Attack (Biryukov, 2003; Contini, 2003)  AES Implementation  Human Factors

E.Stuart12 11/24/2004 Comparison to Password Systems Password systems are built-in, no additional implementation cost?  Administration Costs  Security Costs SecurID  No need to regularly change passwords  No changes as long as tokens uncompromised (and hash function)

E.Stuart13 11/24/2004 Conclusion Former implementation of SecurID supports Kerckhoff’s principle RSA phasing out versions with Brainard’s Hash Function

E.Stuart14 11/24/2004 References Mudge, Kingpin, Initial Cryptanalysis of the RSA SecurID Algorithm, January V. McLellan; Firewall Wizards: RE: securid AES tokens, Apr , retrieved November 2004 F. Muhtar, Safer means to use passwords, Computimes, NSTP, Feb 13th 2003, retrieved November 2004 from S. Contini, Y.L. Yin, Improved Cryptanalysis of SecurID, Cryptology ePrintArchive, Report 2003/205, October 21, V. McLellan, Re: SecurID Token Emulator, post to BugTraq, stuttgart.de/archive/bugtraq/2001/01/msg00090.html I.C. Wiener, Sample SecurID Token Emulator with Token Secret Import, post to BugTraq, The Authentication Scorecard, White Paper, RSA Security, Inc, retrieved November Protecting Against Phishing by Implementing Strong Two-Factor Authentication, White Paper, RSA Security, Inc, retrieved November Are passwords Really Free? A closer look at the hidden costs of password security, White Paper, RSA Security, Inc, retrieved November RSA Laboritories, FAQ Version 4.1, May 2000 RSA Security, Inc, G. Welsh; Breaking the Code, Macquarie University News Feature, March Retrieved November 2004, from Biryukov, J. Lano, and B. Preneel; Cryptanalysis of the Alleged SecurID Hash Function (extended version), Lecture Notes in Computer Science, Springer-Verlag, RSA security website,