RSA SecurID is a mechanism developed by
RSA SecurityRSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
for performing
two-factor authenticationAn authentication factor is a piece of information and process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. Two-factor authentication or is a system wherein two different factors are used in conjunction to authenticate...
for a user to a network resource.
The RSA SecurID authentication mechanism consists of a "
tokenA security token may be a physical device that an authorized user of computer services is given to ease authentication...
"—a piece of hardware (e.g. a token or USB) or software (e.g. a "soft token" for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock and the card's factory-encoded random
keyIn cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption...
(known as the "seed" and often provided as a
*.asc file).
RSA SecurID is a mechanism developed by
RSA SecurityRSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
for performing
two-factor authenticationAn authentication factor is a piece of information and process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. Two-factor authentication or is a system wherein two different factors are used in conjunction to authenticate...
for a user to a network resource.
Overview
The RSA SecurID authentication mechanism consists of a "
tokenA security token may be a physical device that an authorized user of computer services is given to ease authentication...
"—a piece of hardware (e.g. a token or USB) or software (e.g. a "soft token" for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock and the card's factory-encoded random
keyIn cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption...
(known as the "seed" and often provided as a
*.asc file). The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. The seed is typically 128 bits long. Some RSA SecurID deployments may use varied second rotations, such as 30-second increments.
The token hardware is designed to be
tamper-resistantTamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
to deter
reverse engineeringReverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation...
of the token. Despite this, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server. In the RSA SecurID authentication scheme, the seed record is the secret key used to generate
One Time PasswordsA one-time password is a password that is only valid for a single login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not...
. "Soft tokens" are merely commercial software implementations of the same algorithms implemented in the
tamper-resistantTamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
hardware, only the soft tokens require the seed record to be distributed to clients so that the seed record may be used as input in the
One Time PasswordA one-time password is a password that is only valid for a single login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not...
generation. Newer versions also feature a USB connector, using which the token can be used as a
smart cardA smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed — by way of the ICC applications — and delivered as an output. There are two broad...
-like device for securely storing
certificatesIn cryptography, a public key certificate is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
.
A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a
personal identification numberA personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
and the number being displayed
at that moment on their RSA SecurID token. Some systems using RSA SecurID disregard PIN implementation altogether, and rely on password/RSA SecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
On systems implementing PINs, a "duress PIN" may be used—an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication.
While the RSA SecurID system adds a strong layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to manually resync a token in the RSA Authentication Manager. Providing authentication tokens to everyone who might need to access a resource can be expensive, particularly since tokens are programmed to "expire" at a fixed time, usually three years, requiring purchase of a new token.
RSA SecurID currently commands over 70% of the two-factor authentication market (source: IDC) and 25 million devices have been produced to date. A number of competitors, such as
VASCOVASCO Data Security International, Inc., is a US company that, through its subsidiaries, engages in the design, development, marketing, and support of hardware and software security systems that manage and secure access to information assets worldwide.
...
, make similar
security tokenA security token may be a physical device that an authorized user of computer services is given to ease authentication...
s.
RSA Security has pushed forth an initiative called "Ubiquitous Authentication", partnering with device manufacturers such as
SanDiskSanDisk Corporation is an American multinational corporation which designs and markets flash memory card products. SanDisk was founded in 1988 by Dr. Eli Harari and Sanjay Mehrotra, non-volatile memory technology experts. SanDisk became a publicly traded company on NASDAQ in November 1995. In...
,
MotorolaMotorola, Inc. is an American, multinational, Fortune 100, telecommunications company based in Schaumburg, Illinois. It is a manufacturer of wireless telephone handsets, and also designs and sells wireless network infrastructure equipment such as cellular transmission base stations and signal...
,
Freescale SemiconductorFreescale Semiconductor, Inc. is an American semiconductor manufacturer. It was created by the divestiture of the Semiconductor Products Sector of Motorola in 2004. Freescale focuses their integrated circuit products on the automotive, embedded and communications markets...
, Redcannon,
BroadcomBroadcom Corporation is an American supplier of integrated circuits for broadband communications. Henry Samueli and Henry T. Nicholas III founded Broadcom in 1991 in Los Angeles. The company was moved to Irvine three years later...
and
BlackBerryBlackBerry is a line of wireless handheld devices that was introduced in 1999 as a two-way pager. In 2002, the more commonly known smartphone BlackBerry was released, which supports push e-mail, mobile telephone, text messaging, internet faxing, web browsing and other wireless information services....
to embed the SecurID software into everyday devices such as USB flash drives and cell phones, to reduce cost and the number of objects that the user must carry.
Other network authentication systems, such as
OPIEOne Time Passwords in Everything is an authentication kit that enables the use of S/KEY one-time passwords with various Unix services and utilities that require password authentication. OPIE is mature and not actively maintained at present....
and
S/KeyS/KEY is a one-time password system developed for authentication to Unix-like operating systems, especially from dumb terminals or untrusted public computers on which one does not want to type a long-term password. A user's real password is combined in an offline device with a short set of...
(sometimes more generally known as
OTPA one-time password is a password that is only valid for a single login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not...
, as S/Key is a trademark of
Telcordia TechnologiesTelcordia Technologies, formerly Bell Communications Research, Inc. or Bellcore, is a telecommunications research and development company based in the United States created as part of the 1982 Modification of Final Judgment that broke up American Telephone & Telegraph.- History :The company was...
, formerly Bellcore) attempt to provide the "something you have" level of authentication without requiring a hardware token.
Theoretical vulnerabilities
While RSA SecurID tokens offer a level of protection against password replay attacks, they might fail to provide adequate protection against
man in the middleIn cryptography, the man-in-the-middle attack , or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each...
type attacks. In the attack model where an attacker is able to manipulate the authentication data flow between a user and the server, the attacker will be able to then forward this authentication information on to the server themselves, effectively masquerading as the given user. If the attacker manages to block the legal user from authenticating to the server until the next token code will be valid, he will be able to log in to the server. RSA SecurID does not prevent
Man in the BrowserMan-in-the-Browser , a recent form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host...
(MitB) based attacks.
SecurID authentication server tries to prevent password sniffing and simultaneous login by declining both authentication requests, if two valid credentials are presented within a given time frame. See an unverified
John G. Brainard post for more information. If the attacker removes from the user the ability to authenticate however, the SecurID server will assume that it is the user who is actually authenticating and hence will allow the authentication through. Under this attack model, the system security can be improved using encryption/authentication mechanisms such as SSL.
Although soft tokens may be more convenient, critics indicate that the
tamper-resistantTamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
property of
hard tokens is unmatched in soft token implementations, which could potentially allow seed record secret keys to be duplicated and user impersonation to occur.
Hard tokens on the other hand can be physically stolen (or acquired via
social engineeringSocial engineering may refer to:* Social engineering , efforts to influence popular societies on a large scale.* Social engineering , the practice of obtaining confidential information by manipulating users....
) from end users. The small form factor makes hard token theft much more viable than laptop/desktop scanning. A user will typically wait more than one day before reporting the device as missing, giving the attacker plenty of time to breach the protected system.
Technical details
Published attacks against the SecurID hash function
- Cryptanalysis of the Alleged SecurID Hash Function (PDF) Alex Biryukov
Alex Biryukov is a cryptographer, currently an assistant professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he developed impossible differential cryptanalysis together...
, Joseph Lano, and Bart PreneelBart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group, president of the International Association for Cryptologic Research, and project manager of ECRYPT....
.
- Improved Cryptanalysis of SecurID (PDF) Scott Contini and Yiqun Lisa Yin.
- Fast Software-Based Attacks on SecurID (PDF) Scott Contini and Yiqun Lisa Yin.