SecurID, now known as RSA SecurID, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC) for performing two-factor authentication for a user to a network resource.
Website | http://www.rsa.com/node.aspx?id=1156 |
---|
Contents |
The RSA SecurID authentication mechanism consists of a "token" — either hardware (e.g. a USB dongle) or software (a soft token) — which is assigned to a computer user and which generates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded random key (known as the "seed". The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased[1].
The token hardware is designed to be tamper-resistant to deter reverse engineering. When software implementations of the same algorithm ("software tokens") appeared on the market, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server.[2] In the RSA SecurID authentication scheme, the seed record is the secret key used to generate one-time passwords. Newer versions also feature a USB connector, which allows the token to be used as a smart card-like device for securely storing certificates.[3]
A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a personal identification number and the number being displayed at that moment on their RSA SecurID token. Some systems using RSA SecurID disregard PIN implementation altogether, and rely on password/RSA SecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
On systems implementing PINs, a "duress PIN" may be used—an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication.
While the RSA SecurID system adds a strong layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to resync a token manually in the RSA Authentication Manager. Providing authentication tokens to everyone who might need to access a resource can be expensive (about $15 per year + licencing costs), particularly since tokens are programmed to "expire" at a fixed time, usually three years, requiring purchase of a new token.
RSA Security has pushed forth an initiative called "Ubiquitous Authentication", partnering with device manufacturers such as IronKey, SanDisk, Motorola, Freescale Semiconductor, Redcannon, Broadcom and BlackBerry to embed the SecurID software into everyday devices such as USB flash drives and cell phones, to reduce cost and the number of objects that the user must carry.[4]
The most simple practical vulnerability with any password containers is just losing the special key device or the activated smart phone with the integrated key function. Such vulnerability cannot be healed with any single token container device within the pre-set time span of activation. All further consideration presumes loss prevention, e.g. by additional electronic leash or body sensor and alarm.
While RSA SecurID tokens offer a level of protection against password replay attacks, they are not designed to offer protection against man in the middle type attacks. If the attacker manages to block the authorised user from authenticating to the server until the next token code will be valid, he will be able to log in to the server. RSA SecurID does not prevent Man in the Browser (MitB) based attacks.[5]
SecurID authentication server tries to prevent password sniffing and simultaneous login by declining both authentication requests, if two valid credentials are presented within a given time frame. This has been documented in an unverified post by John G. Brainard. If the attacker removes from the user the ability to authenticate however, the SecurID server will assume that it is the user who is actually authenticating and hence will allow the attacker's authentication through. Under this attack model, the system security can be improved using encryption/authentication mechanisms such as SSL.
Although soft tokens may be more convenient, critics indicate that the tamper-resistant property of hard tokens is unmatched in soft token implementations, which could potentially allow seed record secret keys to be duplicated and user impersonation to occur.
Hard tokens on the other hand can be physically stolen (or acquired via social engineering) from end users. The small form factor makes hard token theft much more viable than laptop/desktop scanning. A user will typically wait more than one day before reporting the device as missing , giving the attacker plenty of time to breach the unprotected system.
As of 2003, RSA SecurID commanded over 70% of the two-factor authentication market[6] and 25 million devices have been produced to date. A number of competitors, such as VASCO, make similar security tokens, mostly based on the open OATH HOTP standard. A study on OTP published by Gartner in 2010 mentions OATH and SecurID as the only competitors.[7]
Other network authentication systems, such as OPIE and S/Key (sometimes more generally known as OTP, as S/Key is a trademark of Telcordia Technologies, formerly Bellcore) attempt to provide the "something you have" level of authentication without requiring a hardware token.
On 17 March 2011, RSA announced that they had been victims of "an extremely sophisticated cyber attack".[8] Concerns were raised specifically in reference to the SecurID system, saying that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation". However, their formal SEC 8K submission[9] indicates that they do not believe the breach will have a "material impact on its financial results". The breach cost EMC, the parent company of RSA, $66.3 million, taken as a charge against second quarter earnings, covered costs to investigate the attack, harden its IT systems and monitor transactions of corporate customers, according to EMC Executive Vice President and Chief Financial Officer David Goulden, in a conference call with analysts.
The breach into RSA's network was carried out by hackers who sent phishing emails to two targeted, small groups of employees of RSA.[10] Attached to the email was an Excel file containing malware. When an RSA employee opened the Excel file, the malware exploited a backdoor in Adobe Flash. The exploit allowed the hackers to use Poison Ivy Remote Administration Tool to gain control of machines and access servers in RSA's network.[11]
There are some hints that the breach involved the theft of RSA's database mapping token serial numbers to the secret token "seeds" that were injected to make each one unique.[12] Reports of RSA executives telling customers to "ensure that they protect the serial numbers on their tokens"[13] lend credibility to this hypothesis.
In a 21 March 2011 email to customers, RSA essentially admitted that the information stolen from their internal network would allow an attacker to compromise a SecurID-protected system without having physical possession of the token:
7. Have my SecurID token records been taken?
For the security of our customers, we are not releasing any additional information about what was taken. It is more important to understand all the critical components of the RSA SecurID solution.
The breach into RSA's network was carried out by the hackers sending phishing emails to employees of RSA. Attached to the email was an Excel file containing malware. When an employee opened the Excel file, the malware exploited a backdoor security hole in Adobe Flash. The exploit allowed the hackers to use Poison Ivy remote access tool to pull and execute commands at servers at RSA.
To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful attack, someone would need to have possession of all this information.
Barring a fatal weakness in the cryptographic implementation of the token code generation algorithm (which is unlikely, since it involves the simple and direct application of the extensively scrutinized AES-128 block cipher), the only circumstance under which an attacker could mount a successful attack without physical possession of the token is if the token seed records themselves had been leaked.
On 6 June 2011, RSA admitted that all 40 million tokens need to be replaced, saying that it did not release details about the extent of the attack in order not to give potential attackers information they could use in figuring out how to attack the system.[14] In spite of the resulting breaches, company chairman Art Coviello said that "We believe and still believe that the customers are protected".[15]
In April 2011, unconfirmed rumors cited L-3 Communications as having been attacked as a result of the RSA compromise.[16]
In May 2011, this information was used to attack Lockheed Martin systems.[17][18] However Lockheed Martin claims that due to "aggressive actions" by the company's information security team, "No customer, program or employee personal data" was compromised by this "significant and tenacious attack".[19] The Department of Homeland Security and the US Defense Department have offered to help determine the scope of the attack.[20]