SecurID

RSA SecurID is a mechanism developed by RSA Security for performing two-factor authentication for a user to a network resource.

Overview

The RSA SecurID authentication mechanism consists of a "token"—a piece of hardware (e.g. a token or USB) or software (e.g. a "soft token" for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock and the card's factory-encoded random key (known as the "seed" and often provided as a *.asc file). The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. The seed is typically 128 bits long. Some RSA SecurID deployments may use varied second rotations, such as 30-second increments.

The token hardware is designed to be tamper-resistant to deter reverse engineering of the token. Despite this, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server. In the RSA SecurID authentication scheme, the seed record is the secret key used to generate One Time Passwords. "Soft tokens" are merely commercial software implementations of the same algorithms implemented in the tamper-resistant hardware, only the soft tokens require the seed record to be distributed to clients so that the seed record may be used as input in the One Time Password generation.

A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a personal identification number and the number being displayed "at that moment" on their RSA SecurID token. Some systems using RSA SecurID disregard PIN implementation altogether, and rely on password/RSA SecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.

On systems implementing PINs, a "duress PIN" may be used—an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication.

While the RSA SecurID system adds a strong layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to manually resync a token in the RSA Authentication Manager. Providing authentication tokens to everyone who might need to access a resource can be expensive, particularly since tokens are programmed to "expire" at a fixed time, usually three years, requiring purchase of a new token.

RSA SecurID currently commands over 70% of the two-factor authentication market (source: IDC) and 25 million devices have been produced to date. A number of competitors, such as VASCO, make similar security tokens.

RSA Security has pushed forth an initiative called "Ubiquitous Authentication", partnering with device manufacturers such as SanDisk, Motorola, Freescale Semiconductor, Redcannon, Broadcom and BlackBerry to embed the SecurID software into everyday devices such as USB flash drives and cell phones, to reduce cost and the number of objects that the user must carry.

Other network authentication systems, such as OPIE and S/Key (sometimes more generally known as OTP, as S/Key is a trademark of Telcordia Technologies, formerly Bellcore) attempt to provide the "something you have" level of authentication without requiring a hardware token.

Theoretical vulnerabilities

While RSA SecurID tokens offer a level of protection against password replay attacks, they might fail to provide adequate protection against man in the middle type attacks. In the attack model where an attacker is able to manipulate the authentication data flow between a user and the server, the attacker will be able to then forward this authentication information on to the server themselves, effectively masquerading as the given user. If the attacker manages to block the legal user from authenticating to the server until the next token code will be valid, he will be able to log in to the server.

SecurID authentication server tries to prevent password sniffing and simultaneous login by declining both authentication requests, if two valid credentials are presented within a given time frame. See an unverified [http://malpaso.ru/securid/brainard.htm John G. Brainard post] for more information. If the attacker removes from the user the ability to authenticate however, the SecurID server will assume that it is the user who is actually authenticating and hence will allow the authentication through. Under this attack model, the system security can be improved using encryption/authentication mechanisms such as SSL.

Although soft tokens may be more convenient, critics indicate that the tamper-resistant property of [http://securology.blogspot.com/2007/11/soft-tokens-arent-tokens-at-all.html hard tokens is unmatched in soft token implementations] , which could potentially allow seed record secret keys to be duplicated and user impersonation to occur.

External links

Technical details

* [http://seclists.org/lists/bugtraq/2000/Dec/0459.html Sample SecurID Token Emulator with token Secret Import] I.C.Wiener, Bugtraq post.
* [http://www.homeport.org/~adam/dimacs.html Apparent Weaknesses in the Security Dynamics Client/Server Protocol] Adam Shostack, 1996.
* [http://groups.google.ca/group/comp.security.misc/browse_frm/thread/e00fa564dc6aba5a/1f8529e8df4e02dc?tvc=1#1f8529e8df4e02dc Usenet thread discussing new SecurID details] Vin McLellan, et al., "comp.security.misc".
* [http://groups.yahoo.com/group/securid-users/ Unofficial SecurID information and some reverse-engineering attempts] Yahoo Groups "securid-users".

Published attacks against the SecurID hash function

* [http://eprint.iacr.org/2003/162.pdf Cryptanalysis of the Alleged SecurID Hash Function] (PDF) Alex Biryukov, Joseph Lano, and Bart Preneel.
* [http://eprint.iacr.org/2003/205.pdf Improved Cryptanalysis of SecurID] (PDF) Scott Contini and Yiqun Lisa Yin.
* [http://www.crypto-world.com/documents/securid.pdf Fast Software-Based Attacks on SecurID] (PDF) Scott Contini and Yiqun Lisa Yin.