RE: [fw-wiz] securid AES tokens
From: Vin McLellan (vin_at_theworld.com)
Date: 04/27/04
- Previous message: Dana Nowell: "Re: [fw-wiz] Passwords (was: Stanford break in)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Mon, 26 Apr 2004 20:38:17 -0400
ArkanoiD <<mailto:ark%40eltex.net>ark_at_eltex.net> recently
queried the List from St. Petersburg, Rossiyskaya Federatsiya:
>niqneH,
>
> Does anyone know exactly how do AES securid tokens work?
>Are those still time-based?
Privet ArkanoiD,
Glad to help. All versions of the SecurID use RSA's patented
technology to synchronize the use of Current Time in a SecurID token and
its remote authentication server, what RSA calls the
ACE/Server. (Typically, as you know, the link between the token-holder and
the ACE/Server is through an intermediary -- an ACE/Agent or RADIUS agent
-- which intercepts an authentication call and relays it to the ACE/Server
for processing.)
The classic SecurID, for 15 years, used a proprietary algorithm to
hash a token-specific 64-bit seed and Current Time. The new SecurID --
introduced at the beginning of 2003 -- uses the AES block cipher, in
standard ECB mode, to hash:
- a 128-bit token-specific true-random seed,
- a 64-bit standard ISO representation of Current Time
(yr/mo/day/hour/min/second),
- a 32-bit token-specific salt (the serial number of the token), and
- another 32 bits of padding, which can be adapted for new functions or
additional defensive layers in the future.
Conflated and hashed by the AES, these inputs generate the series
of 6-8 digit (or alphanumeric) token-codes that are continuous displayed on
the SecurID's LCD, rolling over every 60 seconds. (The standard mode of
use, as you know, requires two-factor authentication: the token-holder is
required to provide both a SecurID token-code and a user-memorized PIN to
the remote ACE/Server.)
ECB mode in AES is executed on 128-bit blocks, of course, so it is
obvious that RSA had to pad the standard 64-bit expression of Current Time
with another 64 bits. Using a token-specific salt blocks any attempt to
pre-calculate a library of possible token-codes for all 128-bit seeds. That
means that any brute-force attack on the AES SecurIDs would have be focused
on a particular token.
ArkanoiD also asked:
> Can i work with those without using ACE
> server(assuming US patent law does not apply for me)? Can i do it if
> it does?
Interesting questions. The relevant RSA patent, of course, is on
the server-based mechanism used to track and adjust to any relative "drift"
in the clocks used in the ACE/Server and individual SecurID authentication
tokens. (This "time-synch" scheme allows the authentication server to track
any offset necessary to synchronize the version of Current Time it uses to
calculate the token-code displayed on any particular token, at this
particular minute.) I'm a little unclear about how or why you might want
to "work with" RSA SecurIDs without an ACE/Server, but there are certainly
tokens available on the open market and, AFAIK, no overt constraints on
those who buy them.
If you are asking whether -- patent issues aside -- it is
technically feasible to copy the basic functionality of a time-synched
authentication token that uses AES, and then to create your own
authentication server that will recognize and respond to it -- sure! For
at a (copyrighted) template, you can even download, free, the SecurID code
modules (AES and all!) for Palms, Pocket PCs, Blackberries, various phones,
etc.., from RSA's website at:
<http://www.rsasecurity.com/products/securid/software_token.html>
What you can't do is use ersatz tokens on a RSA ACE/Server.
Access to the ACE/Server's authentication functions are restricted
not by the token's internal architecture -- which, distributed in software,
obviously can't be much of a secret -- but rather by RSA's control over
which *seeds* can be registered (as associated with particular SecurIDs) on
a particular ACE/Server.
RSA digitally signs all of its seed-files before it ships them,
with each batch of new SecurIDs, to a customer -- and RSA ACE/Servers will
only register SecurID seeds which have been signed by RSA.
Schast'ya i zdorov'ya!
_Vin
PS. I've been a consultant to RSA, off and on, for years, and for
much of that time, I've been intrigued by your salutation. "NiqneH," in the
Klingon warrior language, translates as both "hello" and a brusque demand:
"What do you want?" That reminds me of a lot of people. I've never doubted
that firewall wizards, and infosec pros in general, have more in common
with those big-browed Roddenberry warriors than with the ascetic Vulcans --
so why do the Vulcans always end up as the Starship Science Officers?
---------------------------------------------------------------
Vin McLellan + The Privacy Guild + <vin@theworld.com>
22 Beacon St., Chelsea, MA 02150-2672 USA
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dana Nowell: "Re: [fw-wiz] Passwords (was: Stanford break in)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
