RSA SecurID , formerly referred to as SecurID , is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource.
70-400: The RSA SecurID authentication mechanism consists of a " token "—either hardware (e.g. a key fob ) or software (a soft token )—which is assigned to a computer user and which creates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded almost random key (known as the "seed"). The seed is different for each token, and is loaded into
140-553: A PIN or a simple button to start a generation routine with some display capability to show a generated key number. Connected tokens utilize a variety of interfaces including USB , near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth . Some tokens have audio capabilities designed for those who are vision-impaired. All tokens contain some secret information used to prove identity. There are four different ways in which this information can be used: Time-synchronized, one-time passwords change constantly at
210-458: A USB input device to function. Another combination is with a smart card to store locally larger amounts of identity data and process information as well. Another is a contactless BLE token that combines secure storage and tokenized release of fingerprint credentials. In the USB mode of operation sign-off requires care for the token while mechanically coupled to the USB plug. The advantage with
280-506: A computer . The tokens have a physical display; the authenticating user simply enters the displayed number to log in. Other tokens connect to the computer using wireless techniques, such as Bluetooth . These tokens transfer a key sequence to the local client or to a nearby access point. Alternatively, another form of token that has been widely available for many years is a mobile device which communicates using an out-of-band channel (like voice, SMS , or USSD ). Still other tokens plug into
350-636: A hash chain , to generate a series of one-time passwords from a secret shared key. Each password is unique, even when previous passwords are known. The open-source OATH algorithm is standardized; other algorithms are covered by US patents . Each password is observably unpredictable and independent of previous ones, whereby an adversary would be unable to guess what the next password may be, even with knowledge of all previous passwords. Tokens can contain chips with functions varying from very simple to very complex, including multiple authentication methods. The simplest security tokens do not need any connection to
420-416: A keyboard or keypad . Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification. Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. Tokens in this category automatically transmit the authentication information to the client computer once
490-433: A backup. The simplest vulnerability with any password container is theft or loss of the device. The chances of this happening, or happening unaware, can be reduced with physical security measures such as locks, electronic leash, or body sensor and alarm. Stolen tokens can be made useless by using two factor authentication . Commonly, in order to authenticate, a personal identification number (PIN) must be entered along with
560-423: A buffer for later use. Upon further attempts to unlock the vehicle, the transmitter will jam the new signal, buffer it, and playback an old one, creating a rolling buffer that is one step ahead of the vehicle. At a later time, the attacker may use this buffered code to unlock the vehicle. Various devices use speaker recognition to verify the identity of a speaker. In text-dependent systems, an attacker can record
630-414: A component number. This combination of solutions does not use anything that is interdependent on one another. Due to the fact that there is no interdependency, there are fewer vulnerabilities. This works because a unique, random session ID is created for each run of the program; thus, a previous run becomes more difficult to replicate. In this case, an attacker would be unable to perform the replay because on
700-546: A later date in order to produce an effect. For example, if a banking scheme were to be vulnerable to this attack, a message which results in the transfer of funds could be replayed over and over to transfer more funds than originally intended. However, the Kerberos protocol, as implemented in Microsoft Windows Active Directory, includes the use of a scheme involving time stamps to severely limit
770-437: A later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication . One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. These can also be used during the authentication process to help establish trust between
SECTION 10
#1732793971354840-510: A message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. Timestamps are also implemented during mutual authentication , when both Bob and Alice authenticate each other with unique session IDs, in order to prevent the replay attacks. The advantages of this scheme are that Bob does not need to generate (pseudo-) random numbers and that Alice doesn't need to ask Bob for
910-486: A new run the session ID would have changed. Session IDs , also known as session tokens, are one mechanism that can be used to help avoid replay attacks. The way of generating a session ID works as follows. Session tokens should be chosen by a random process (usually, pseudorandom processes are used). Otherwise, Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at
980-417: A physical connection is made, eliminating the need for the user to manually enter the authentication information. However, in order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens (also called security keys ), which require a smart card reader and a USB port respectively. Increasingly, FIDO2 tokens, supported by
1050-409: A popular choice for keyless entry systems and electronic payment solutions such as Mobil Speedpass , which uses RFID to transmit authentication info from a keychain token. However, there have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA Laboratories discovered that RFID tags could be easily cracked and cloned. Another downside
1120-404: A random number. In networks that are unidirectional or near unidirectional, it can be an advantage. The trade-off being that replay attacks, if they are performed quickly enough, i.e. within that 'reasonable' limit, could succeed. The Kerberos authentication protocol includes some countermeasures. In the classic case of a replay attack, a message is captured by an adversary and then replayed at
1190-454: A real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered. On older versions of SecurID, a "duress PIN" may be used—an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication. Using
1260-404: A set time interval; e.g., once per minute. To do this, some sort of synchronization must exist between the client 's token and the authentication server . For disconnected tokens, this time-synchronization is done before the token is distributed to the client . Other token types do the synchronization when the token is inserted into an input device . The main problem with time-synchronized tokens
1330-417: A smart kettle, unlocking doors, or manipulating security systems. Such breaches pose significant safety, security, and privacy risks, as malicious actors can gain control over critical home systems. Replay attacks exploit the lack of robust security measures in many IoT devices. These attacks typically involve eavesdropping on network traffic, capturing legitimate communication packets, and then replaying them to
1400-442: A wide array of devices, including smart plugs, security cameras, and even household appliances. A recent study demonstrated that a substantial portion of consumer IoT devices are prone to replay attacks. Researchers found that 75% of tested devices supporting local connectivity were vulnerable to such attacks. These vulnerabilities allow attackers to mimic legitimate commands, potentially enabling unauthorized actions such as turning on
1470-480: Is accounted for automatically by the server by adjusting a stored "drift" value over time. If the out of sync condition is not a result of normal hardware token clock drift, correcting the synchronization of the Authentication Manager server clock with the out of sync token (or tokens) can be accomplished in several different ways. If the server clock had drifted and the administrator made a change to
SECTION 20
#17327939713541540-465: Is available apart from the standardised Bluetooth power control algorithm to provide a calibration on minimally required transmission power. Bluetooth tokens are often combined with a USB token, thus working in both a connected and a disconnected state. Bluetooth authentication works when closer than 32 feet (9.8 meters). When the Bluetooth link is not properly operable, the token may be inserted into
1610-671: Is called Square , a credit card reader for iOS and Android devices. Some use a special purpose interface (e.g. the crypto ignition key deployed by the United States National Security Agency ). Tokens can also be used as a photo ID card . Cell phones and PDAs can also serve as security tokens with proper programming. Many connected tokens use smart card technology. Smart cards can be very cheap (around ten cents) and contain proven security mechanisms (as used by financial institutions, like cash cards). However, computational performance of smart cards
1680-475: Is losing the special key device or the activated smart phone with the integrated key function. Such vulnerability cannot be healed with any single token container device within the preset time span of activation. All further consideration presumes loss prevention, e.g. by additional electronic leash or body sensor and alarm. While RSA SecurID tokens offer a level of protection against password replay attacks , they are not designed to offer protection against man in
1750-401: Is often rather limited because of extreme low power consumption and ultra-thin form-factor requirements. Smart-card-based USB tokens which contain a smart card chip inside provide the functionality of both USB tokens and smart cards. They enable a broad range of security solutions and provide the abilities and security of a traditional smart card without requiring a unique input device. From
1820-614: Is one of the lower-tier versions of a man-in-the-middle attack . Replay attacks are usually passive in nature. Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run." Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like hashing , or even salting ,
1890-473: Is provided by these three keys help aid in preventing replay attacks. Wireless ad hoc networks are also susceptible to replay attacks. In this case, the authentication system can be improved and made stronger by extending the AODV protocol. This method of improving the security of Ad Hoc networks increases the security of the network with a small amount of overhead. If there were to be extensive overhead then
1960-448: Is that contactless tokens have relatively short battery lives; usually only 5–6 years, which is low compared to USB tokens which may last more than 10 years. Some tokens however do allow the batteries to be changed, thus reducing costs. The Bluetooth Low Energy protocols provide long lasting battery lifecycle of wireless transmission. Although, the automatic transmission power control attempts for radial distance estimates. The escape
2030-435: Is that they can, over time, become unsynchronized. However, some such systems, such as RSA's SecurID , allow the user to re-synchronize the server with the token, sometimes by entering several consecutive passcodes. Most also cannot have replaceable batteries and only last up to 5 years before having to be replaced – so there is an additional cost. Another type of one-time password uses a complex mathematical algorithm, such as
2100-593: Is the secret key used to generate one-time passwords . Newer versions also feature a USB connector, which allows the token to be used as a smart card -like device for securely storing certificates . A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a personal identification number and the number being displayed at that moment on their RSA SecurID token. Though increasingly rare, some systems using RSA SecurID disregard PIN implementation altogether, and rely on password/RSA SecurID code combinations. The server, which also has
2170-491: Is the user who is actually authenticating and hence will allow the attacker's authentication through. Under this attack model, the system security can be improved using encryption/authentication mechanisms such as SSL . Although soft tokens may be more convenient, critics indicate that the tamper-resistant property of hard tokens is unmatched in soft token implementations, which could allow seed record secret keys to be duplicated and user impersonation to occur. Hard tokens, on
RSA SecurID - Misplaced Pages Continue
2240-564: Is used in addition to, or in place of, a password . Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking , or signing transactions such as wire transfers . Security tokens can be used to store information such as passwords , cryptographic keys used to generate digital signatures , or biometric data (such as fingerprints ). Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of
2310-431: The computer operating system 's point of view such a token is a USB-connected smart card reader with one non-removable smart card present. Unlike connected tokens, contactless tokens form a logical connection to the client computer but do not require a physical connection. The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens. As a result, contactless tokens are
2380-750: The software accesses the I/O device in question to authorize the use of the software in question. Commercial solutions are provided by a variety of vendors, each with their own proprietary (and often patented) implementation of variously used security features. Token designs meeting certain security standards are certified in the United States as compliant with FIPS 140 , a federal security standard. Tokens without any kind of certification are sometimes viewed as suspect, as they often do not meet accepted government or industry security standards, have not been put through rigorous testing, and likely cannot provide
2450-445: The Bluetooth mode of operation is the option of combining sign-off with distance metrics. Respective products are in preparation, following the concepts of electronic leash. Near-field communication (NFC) tokens combined with a Bluetooth token may operate in several modes, thus working in both a connected and a disconnected state. NFC authentication works when closer than 1 foot (0.3 meters). The NFC protocol bridges short distances to
2520-673: The Excel file, the malware exploited a vulnerability in Adobe Flash . The exploit allowed the hackers to use the Poison Ivy RAT to gain control of machines and access servers in RSA's network. There are some hints that the breach involved the theft of RSA's database mapping token serial numbers to the secret token "seeds" that were injected to make each one unique. Reports of RSA executives telling customers to "ensure that they protect
2590-533: The SecurID information stolen from RSA. In spite of the resulting attack on one of its defense customers, company chairman Art Coviello said that "We believe and still believe that the customers are protected". In April 2011, unconfirmed rumors cited L-3 Communications as having been attacked as a result of the RSA compromise. In May 2011, this information was used to attack Lockheed Martin systems. However Lockheed Martin claims that due to "aggressive actions" by
2660-470: The SecurID software into everyday devices such as USB flash drives and cell phones, to reduce cost and the number of objects that the user must carry. Token codes are easily stolen, because no mutual-authentication exists (anything that can steal a password can also steal a token code). This is significant, since it is the principal threat most users believe they are solving with this technology. The simplest practical vulnerability with any password container
2730-463: The SecurID system, saying that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation". However, their formal Form 8-K submission indicated that they did not believe the breach would have a "material impact on its financial results". The breach cost EMC, the parent company of RSA, $ 66.3 million, which was taken as a charge against second quarter earnings. It covered costs to investigate
2800-442: The attack, harden its IT systems and monitor transactions of corporate customers, according to EMC Executive Vice President and Chief Financial Officer David Goulden, in a conference call with analysts. The breach into RSA's network was carried out by hackers who sent phishing emails to two targeted, small groups of employees of RSA. Attached to the email was a Microsoft Excel file containing malware . When an RSA employee opened
2870-400: The authenticating server then sends its acknowledgment in response to this; an intercepting client is therefore, free to read transmitted data and impersonate each of the client and server to the other, as well as being able to then store client credentials for later impersonation to the server. Challenge-Handshake Authentication Protocol (CHAP) secures against this sort of replay attack during
RSA SecurID - Misplaced Pages Continue
2940-658: The authentication phase by instead using a "challenge" message from the authenticator that the client responds with a hash-computed value based on a shared secret (e.g. the client's password), which the authenticator compares with its own calculation of the challenge and shared secret to authenticate the client. By relying on a shared secret that has not itself been transmitted, as well as other features such as authenticator-controlled repetition of challenges, and changing identifier and challenge values, CHAP provides limited protection against replay attacks. There are several real-world examples of how replay attacks have been used and how
3010-501: The authentication system themselves. Since the token value is mathematically correct, the authentication succeeds and the fraudster is granted access. In 2006, Citibank was the victim of an attack when its hardware-token-equipped business users became the victims of a large Ukrainian-based man-in-the-middle phishing operation. In 2012, the Prosecco research team at INRIA Paris-Rocquencourt developed an efficient method of extracting
3080-415: The browser (MitB) based attacks. SecurID authentication server tries to prevent password sniffing and simultaneous login by declining both authentication requests, if two valid credentials are presented within a given time frame. This has been documented in an unverified post by John G. Brainard. If the attacker removes from the user the ability to authenticate however, the SecurID server will assume that it
3150-487: The company's information security team, "No customer, program or employee personal data" was compromised by this "significant and tenacious attack". The Department of Homeland Security and the US Defense Department offered help to determine the scope of the attack. Security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token
3220-405: The computer and may require a PIN. Depending on the type of the token, the computer OS will then either read the key from the token and perform a cryptographic operation on it, or ask the token's firmware to perform this operation. A related application is the hardware dongle required by some computer programs to prove ownership of the software . The dongle is placed in an input device and
3290-434: The corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. On-demand tokens are also available, which provide a tokencode via email or SMS delivery, eliminating the need to provision a token to the user. The token hardware is designed to be tamper-resistant to deter reverse engineering . When software implementations of the same algorithm ("software tokens") appeared on
3360-496: The duress PIN would allow one successful authentication, after which the token will automatically be disabled. The "duress PIN" feature has been deprecated and is not available on currently supported versions. While the RSA SecurID system adds a layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built into the authentication tokens. Normal token clock drift
3430-432: The effectiveness of replay attacks. Messages which are past the "time to live (TTL)" are considered old and are discarded. There have been improvements proposed, including the use of a triple password scheme. These three passwords are used with the authentication server, ticket-granting server, and TGS. These servers use the passwords to encrypt messages with secret keys between the different servers. The encryption that
3500-435: The funds are to be transferred to. Replay attack A replay attack (also known as a repeat attack or playback attack ) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. This
3570-457: The information provided by the token the same time as the output of the token. Any system which allows users to authenticate via an untrusted network (such as the Internet ) is vulnerable to man-in-the-middle attacks . In this type of attack, an attacker acts as the "go-between" of the user and the legitimate system, soliciting the token output from the legitimate user and then supplying it to
SECTION 50
#17327939713543640-507: The issues were detected and fixed in order to prevent further attacks. Many vehicles on the road use a remote keyless system , or key fob, for the convenience of the user. Modern systems are hardened against simple replay attacks but are vulnerable to buffered replay attacks. This attack is performed by placing a device that can receive and transmit radio waves within range of the target vehicle. The transmitter will attempt to jam any RF vehicle unlock signal while receiving it and placing it in
3710-400: The market, public code had been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original 64-bit RSA SecurID seed file introduced to the server. Later, the 128-bit RSA SecurID algorithm was published as part of an open source library. In the RSA SecurID authentication scheme, the seed record
3780-448: The middle type attacks when used alone. If the attacker manages to block the authorized user from authenticating to the server until the next token code will be valid, he will be able to log into the server. Risk-based analytics (RBA), a new feature in the latest version (8.0) provides significant protection against this type of attack if the user is enabled and authenticating on an agent enabled for RBA. RSA SecurID does not prevent man in
3850-480: The network would run the risk of becoming slower and its performance would decrease. By keeping a relatively low overhead, the network can maintain better performance while still improving the security. Authentication and sign-on by clients using Point-to-Point Protocol (PPP) are susceptible to replay attacks when using Password Authentication Protocol (PAP) to validate their identity, as the authenticating client sends its username and password in " normal text ", and
3920-571: The open OATH HOTP standard. A study on OTP published by Gartner in 2010 mentions OATH and SecurID as the only competitors. Other network authentication systems, such as OPIE and S/Key (sometimes more generally known as OTP , as S/Key is a trademark of Telcordia Technologies , formerly Bellcore ) attempt to provide the "something you have" level of authentication without requiring a hardware token. On 17 March 2011, RSA announced that they had been victims of "an extremely sophisticated cyber attack". Concerns were raised specifically in reference to
3990-530: The open specification group FIDO Alliance have become popular for consumers with mainstream browser support beginning in 2015 and supported by popular websites and social media sites. Older PC card tokens are made to work primarily with laptops . Type II PC Cards are preferred as a token as they are half as thick as Type III. The audio jack port is a relatively practical method to establish connection between mobile devices, such as iPhone , iPad and Android , and other accessories. The most well known device
4060-481: The other hand, can be physically stolen (or acquired via social engineering ) from end users. The small form factor makes hard token theft much more viable than laptop/desktop scanning. A user will typically wait more than one day before reporting the device as missing, giving the attacker plenty of time to breach the unprotected system. This could only occur, however, if the user's UserID and PIN are also known. Risk-based analytics can provide additional protection against
4130-414: The password); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (acting as Alice) connects to Bob; when asked for proof of identity, Eve sends Alice's password (or hash) read from the last session which Bob accepts, thus granting Eve access. Replay attacks can be prevented by tagging each encrypted component with a session ID and
4200-426: The private key also serves as a proof of the user's identity. For tokens to identify the user, all tokens must have some kind of number that is unique. Not all approaches fully qualify as digital signatures according to some national laws. Tokens with no on-board keyboard or another user interface cannot be used in some signing scenarios, such as confirming a bank transaction based on the bank account number that
4270-451: The reader while the Bluetooth connection serves for data provision with the token to enable authentication. Also when the Bluetooth link is not connected, the token may serve the locally stored authentication information in coarse positioning to the NFC reader and relieves from exact positioning to a connector. Some types of single sign-on (SSO) solutions, like enterprise single sign-on , use
SECTION 60
#17327939713544340-409: The same level of cryptographic security as token solutions which have had their designs independently audited by third-party agencies. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via
4410-581: The secret key from several PKCS #11 cryptographic devices. These findings were documented in INRIA Technical Report RR-7944, ID hal-00691958, and published at CRYPTO 2012. Trusted as a regular hand-written signature, the digital signature must be made with a private key known only to the person authorized to make the signature. Tokens that allow secure on-board generation and storage of private keys enable secure digital signatures, and can also be used for user authentication, as
4480-413: The serial numbers on their tokens" lend credibility to this hypothesis. Barring a fatal weakness in the cryptographic implementation of the token code generation algorithm (which is unlikely, since it involves the simple and direct application of the extensively scrutinized AES-128 block cipher ), the only circumstance under which an attacker could mount a successful attack without physical possession of
4550-436: The system clock, the tokens can either be resynchronized one-by-one, or the stored drift values adjusted manually. The drift can be done on individual tokens or in bulk using a command line utility. RSA Security has pushed forth an initiative called "Ubiquitous Authentication", partnering with device manufacturers such as IronKey , SanDisk , Motorola , Freescale Semiconductor , Redcannon, Broadcom , and BlackBerry to embed
4620-601: The target individual’s speech that was correctly verified by the system, then play the recording again to be verified by the system. A counter-measure was devised using spectral bitmaps from the stored speech of verified users. Replayed speech has a different pattern in this scenario and will then be rejected by the system. In the realm of smart home environments, Internet of Things (IoT) devices are increasingly vulnerable to replay attacks, where an adversary intercepts and replays legitimate communication signals between an IoT device and its companion app. These attacks can compromise
4690-483: The token is if the token seed records themselves had been leaked. RSA stated it did not release details about the extent of the attack so as to not give potential attackers information they could use in figuring out how to attack the system. On 6 June 2011, RSA offered token replacements or free security monitoring services to any of its more than 30,000 SecurID customers, following an attempted cyber breach on defense customer Lockheed Martin that appeared to be related to
4760-589: The token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned. Usually most tokens store a cryptographic hash of the password so that if the token is compromised, the password is still protected. Programmable tokens are marketed as "drop-in" replacement of mobile applications such as Google Authenticator (miniOTP ). They can be used as mobile app replacement, as well as in parallel as
4830-412: The two parties that are communicating with each other. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example, Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob
4900-419: The use of lost or stolen tokens, even if the user's UserID and PIN are known by the attackers. Batteries go flat periodically, requiring complicated replacement and re-enrollment procedures. As of 2003, RSA SecurID commanded over 70% of the two-factor authentication market and 25 million devices have been produced to date. A number of competitors, such as VASCO , make similar security tokens , mostly based on
#353646