Presentation is loading. Please wait.

Presentation is loading. Please wait.

PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk.

Published byWillis Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk."— Presentation transcript:

1 PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda svenda@fi.muni.czsvenda@fi.muni.cz Faculty of Informatics, Masaryk University

2 Laboratory JavaCard implementation of HOTP/TOTP –https://github.com/Yubico/ykneo-oathhttps://github.com/Yubico/ykneo-oath Upload compiled applet, use desktop application (Yubico) Inspection of application code Attacking HOTP/TOTP authentication Improving HOTP/TOTP authentication 2 PV204 - Labs

3 YUBIKEY OAUTH 3 PV204 - Labs

4 Yubikey OATH applet –https://github.com/Yubico/ykneo-oath/https://github.com/Yubico/ykneo-oath/ –Already included in AppletPlayground –Compile applet  OATH.cap (ant toys) –Upload to card (gp -install) Desktop OAUTH utility –https://developers.yubico.com/yubioath-desktop/Releases/https://developers.yubico.com/yubioath-desktop/Releases/ Change name of reader –File  Settings  Card reader name –Insert your reader name (use gp to obtain it) E.g.,Gemplus USB Key Smart Card Reader 0 4 PV204 - Labs

5 Add new secret File  Add Credential name: anything Secret key: key shared with verification server –Base32 encoding (a-z0-9=) –E.g., password= Try HOTP option (rfc4226) Try TOTP option (rfc6238) What difference you can see? 5 PV204 - Labs

6 Testing OATH applet YkneoOathTest project No main function, execution via unit tests Add JUnit library –Libraries  RClick  JUnit 4.10 –YkneoOathTest should now compile Run test you wish –Place breakpoint into target test –RClick  Debug focused test method for run Can you localize functions responsible for TOTP/HOTP computations? 6 PV204 - Labs

7 Questions Produce descriptions of basic steps of HOTP/TOTP operation executed on card –What is APDU command used to invoke certain step? –Localize methods and steps inside methods By what is user authenticated in HOTP scheme? Who is authorized to use generating capability of card’s applet? What is advantage/disadvantage of TOTP to HOTP? Why PROP_ALWAYS_INCREASING is introduced? –What attacks are addressed? 7 PV204 - Labs

8 Attacking HOTP Design attacks against HOTP verification –What to compromise? –Where to compromise? –How to technically perform compromise? 8 PV204 - Labs

9 Where to log communication? | PV204 Smart cards User application winscard.dll reader driver USB driver APDU In-application logging Virtual reader SW USB sniffer HW USB sniffer In-card logger “Stub” winscard.dll logging 9

10 Dump data between app and card Download pre-prepared Yubico.zip from IS –Contains modified winscard.dll (logging functionality) –Contains original winscard.dll (renamed as original.dll) Run yubioath.exe –winscard_log.txt is produced –Dump of all APDU commands Create new item via yubioath GUI –Try to locate creation inside log file –Consider using http://www.asciitohex.com/http://www.asciitohex.com/ 10 PV204 - Labs

11 Existing dump - yubico_winscard_log.txt yubico_winscard_log.txt dump created for you Can you obtain used password for OATH applet? Can you obtain key for HOTP/TOTP computation? 11 PV204 - Labs

12 Option: Create dump with USB monitor Wireshark to monitor USB on Linux –https://wiki.wireshark.org/CaptureSetup/USBhttps://wiki.wireshark.org/CaptureSetup/USB USB Monitor to monitor on Windows –http://www.hhdsoftware.com/Download/usb-monitor.exehttp://www.hhdsoftware.com/Download/usb-monitor.exe Not only APDU, but also surrounding USB frames are captured (need for extraction) 12 PV204 - Labs

13 Improving HOTP How you can improve HOTP protocol? –Think about attack addressed –Think about technical feasibility –Think about cost and usability impact 13 PV204 - Labs

14 Homework No new homework this week (bonus assignment: bulk encryption device, 29.3.) 14 PV204 - Labs

15 (SOME ) SOLUTIONS 15 PV204 - Labs

16 Solution: attacking HOTP/TOTP Client-side compromise –Extract HOTP key from card –Keylogger to capture PIN + steal card –Capture HOTP code and block genuine user code transmission Attacker will submit code by itself later –Manipulate input data for HOTP computation if challenge is also included (e.g., money transfer info) –Manipulate time input for TOTP (no on-card time available) Compute TOTP for future use –… 16 PV204 - Labs

17 Solution: attacking HOTP/TOTP Server-side compromise –Compromise HOTP/TOTP key –Decrease counter for HOTP (old codes can be reused) –Corrupt generator of challenges (if used for HOTP) –Corrupt implementation of check logic (accept always) –… 17 PV204 - Labs

18 Solution: improving HOTP Including transaction info into HOTP computation –HOTP will depends on what is authorized, not only counter Secure channel between card and auth. server –Protection against eavesdropping of code on path Dedicated input pad for entering PIN –Protection of PIN value against client-PC compromise Secure hardware to protect HOTP keys on server side –Server hack will not reveal all keys Secure hardware to perform whole HOTP verification –Keys and integrity of verification operation of protected 18 PV204 - Labs

Download ppt "PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk."

Similar presentations

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Masaryk U., Monet+ 8.3.2013 White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,

Masaryk U., Monet White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
CHAPTER FOUR COMPUTER SOFTWARE.

CHAPTER FOUR COMPUTER SOFTWARE.
Practical Computer Literacy Week-02

Practical Computer Literacy Week-02
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services,

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Android Security Auditing Slides and projects at samsclass.info.

Android Security Auditing Slides and projects at samsclass.info.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?

1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?
The Diagnostic Pathfinder System Introduction Getting Started.

The Diagnostic Pathfinder System Introduction Getting Started.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.

HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.

Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.

Similar presentations

Ads by Google