Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004."— Presentation transcript:

1 RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004

2 E.Stuart2 11/24/2004 Agenda Introduction Components  Tokens  Server  Algorithm Weaknesses Comparison Conclusion

3 E.Stuart3 11/24/2004 Introduction RSA SecurID ® Authentication  History of the RSA and SecurID ®  Two Factor Authentication  Customer List NSA CIA White House

4 E.Stuart4 11/24/2004 Components of the SecurID ® System Tokens Authentication Server Algorithm

5 E.Stuart5 11/24/2004 Components of the SecurID ® System Tokens  Issued to users  Each token had a unique 64 bit seed value  “Something the user has” Key Fob User required to login in with PIN and displayed pass code Hardware Token User required to login in with PIN and displayed pass code PINPAD User required to use PIN to access pass code Software Token Does not require separate Device User required to use PIN to access pass code

6 E.Stuart6 11/24/2004 Components of the SecurID ® System Authentication Server  Maintains database of user assigned tokens  Generates pass code following the same algorithm as the token  Seed – similar to symmetric key

7 E.Stuart7 11/24/2004 SecurID Login Users issued tokens Internet RSA Authentication Server

8 E.Stuart8 11/24/2004 Components of the SecurID ® System Algorithm  Brainard’s Hashing Algorithm  AES Hashing Algorithm

9 E.Stuart9 11/24/2004 Components of the SecurID ® System  Brainard’s Hashing Algorithm Secret key := unique seed value Time := 32 bit count of minutes since January 1, 1986

10 E.Stuart10 11/24/2004 Components of the SecurID ® System  ASHF description of Brainard’s Hashing Algorithm Each round -> 64 sub-rounds

11 E.Stuart11 11/24/2004 Weaknesses of the SecurID ® System  Violation of Kerckhoff’s Principle  Publication of the alleged hash algorithm  Key Recovery Attack (Biryukov, 2003; Contini, 2003)  AES Implementation  Human Factors

12 E.Stuart12 11/24/2004 Comparison to Password Systems Password systems are built-in, no additional implementation cost?  Administration Costs  Security Costs SecurID  No need to regularly change passwords  No changes as long as tokens uncompromised (and hash function)

13 E.Stuart13 11/24/2004 Conclusion Former implementation of SecurID supports Kerckhoff’s principle RSA phasing out versions with Brainard’s Hash Function

14 E.Stuart14 11/24/2004 References Mudge, Kingpin, Initial Cryptanalysis of the RSA SecurID Algorithm, January 2001 www.atstake.com/research/reports/acrobat/initialsecuridanalysis.pdf V. McLellan; Firewall Wizards: RE: securid AES tokens, http://www.insecure.org, Apr 26 2004, retrieved November 2004 F. Muhtar, Safer means to use passwords, Computimes, NSTP, Feb 13th 2003, retrieved November 2004 from http://www.transniaga.com/Default.htm S. Contini, Y.L. Yin, Improved Cryptanalysis of SecurID, Cryptology ePrintArchive, Report 2003/205, http://eprint.iacr.org/2003/205, October 21, 2003. V. McLellan, Re: SecurID Token Emulator, post to BugTraq, http://cert.uni- stuttgart.de/archive/bugtraq/2001/01/msg00090.html I.C. Wiener, Sample SecurID Token Emulator with Token Secret Import, post to BugTraq, http://www.securityfocus.com/archive/1/152525http://www.securityfocus.com/archive/1/152525 The Authentication Scorecard, White Paper, RSA Security, Inc, http://www.rsasecurity.com, retrieved November 2004.http://www.rsasecurity.com Protecting Against Phishing by Implementing Strong Two-Factor Authentication, White Paper, RSA Security, Inc, http://www.rsasecurity.com, retrieved November 2004.http://www.rsasecurity.com Are passwords Really Free? A closer look at the hidden costs of password security, White Paper, RSA Security, Inc, http://www.rsasecurity.com, retrieved November 2004.http://www.rsasecurity.com RSA Laboritories, FAQ Version 4.1, May 2000 RSA Security, Inc, http://www.rsasecurity.com.http://www.rsasecurity.com G. Welsh; Breaking the Code, Macquarie University News Feature, March 2004. Retrieved November 2004, from http://www.pr.mq.edu.au/macnews. Biryukov, J. Lano, and B. Preneel; Cryptanalysis of the Alleged SecurID Hash Function (extended version), Lecture Notes in Computer Science, Springer-Verlag, 2003. RSA security website, http://www.rsasecurity.com/company

Download ppt "RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Department of Electrical & Computer Engineering Advisor: Michael Zink.

Department of Electrical & Computer Engineering Advisor: Michael Zink.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
RSA SecurID November 10, 2005.

RSA SecurID November 10, 2005.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google