Security Tokens
37
Secure communications and tokens Tonimir Kišasondi, dipl.inf, EUCIP DORS/CLUC 2010
description
Transcript of Security Tokens
Secure communications and tokens
Tonimir Kišasondi, dipl.inf, EUCIP
DORS/CLUC 2010
$ finger tkisason
• Junior researcher/ teaching assistant @ Fakultet organizacije i informatike in Varaždinu www.foi.hr
• Security, Crypto, Linux…
• Mail: [email protected]• GPG: 0x00C68442
Summary
• Authentication as a basis for good communications security
• Tokens and other methods for secure communications
Authentication goals:
• We authenticate ourselves every day…
• We want to determine validity of an entity to whom we offer a service 1:n
• Identification goes a step further 1:1
• Relationship with secure communications?
Authentication goals:
• We authenticate ourselves with the help of some factors:
Something you know: Password, Passphrase
Something you have: KeyFob, SmartCard, USB Token
Something you are: Biometrics (behaviour or physiological)
Authentication problem:
• Not all, but some methods are static…• Passwords
They stay the same for a long time… Longer attack window
Password reuse New analysis methods (GPGPU, Cuda, FPGA) Disk space is getting cheaper We can replay a known password Passwords don’t really identify no one.
Pyrit (http://code.google.com/p/pyrit/)
Authentication problem:
Regarding the security of passwords:
Size matters: Use long passphrases- Unknown author
Passwords:
• If passwords are bad, why are we using them?! Simplicity?
How many passwords do you need to remember?
Reliability
Provisioning in big organizations
Scaling
They are cheap compared to any other method!
Passwords:
And why should I dislike passwords?Remember Aurora?
Password sniffing?
Read Apache teams post mortem…
Backdoored sshd?
Passwords:
The main vulnerability of each of those systems is that they repeatedly use the same credential
The other main vulnerability is that the implementation mostly gets bypassed… Same story as with crypto..
Lets see some other methods:
Biometrics:
• Excellent method for authentication and identification
• Unfortunately it can only be done with specialized hardware Portability and commonness of such HW?
• Most popular: fingerprint, handprint, keystroke dynamics
• Biometrics cannot be revoked. You can revoke a password!
• For a motivational example:
Machete: Biometric password sniffer
Biometrics:
• Biometrics would be used far more if we could send the characteristic over long ranges and authenticate ourselves remotely!
• Example: radius-fingerprint Radius auth that unlocked passwords based
on fingerprints: #fail
• Academic works: Reconstructing an characteristic based on a template
Smart Cards:
• Memory card only
• Secure (encrypted) memory with PIN access Remember MIFARE crypto-1? Remember FedEx Kinko’s smartcard? PIN-s are really a deterrent if you have the right
equipment
• Cryptographic smart cards
Smart Cards:
• Linux framework/stack for smart cards Libccid / OpenCS / pcscd OpenSC esc (Centos/RedHat)
Reader driver Card driver Application PKCS#11 / PKCS#15 support
Smart Cards:
• OpenSSH, OpenVPN, GnuPG support OpenSSH 5.4p1 has support for PKCS#11 Prior versions need OpenSSH-pkcs11 patches
Not in mainline!• A PAM module is available (pam_p11)
Authentication with autorized ssh key Authentication with authorized x509
• Why do we really have 3 representations for keys? (Openssh, gnupg, x509)
Smart Cards:
• GnuPG support? Gnupg-pkcs11 patches. GnuPG is compatible OpenPGP cards
• OpenVPN Good support
• strongSWAN Some limitations
• openSWAN - ???
Tokens:
• Time based, Hash based
• Two main viable approaches in Linux (Old and tested) S/key (deprecated) OPIE
Packaged and simple! OTPW (prefix-suffix scheme)
Like TAN lists I don’t want to carry a list with
my suffixes!
OPIE
• One time passwords give a good security mostly because of their flexibility.
• You cannot reuse a onetime password
• Here i will concentrate on OPIE and OATH-HOTP, making them work with PAM/SSH
• Why are they better? Soft tokens as apps on your cellphone
OPIE
• OPIE (One time passwords in everything)• Opie-server and client
libpam_opie
• Useful for local su when you have multiple admins Apache team requires them on some hosts (read their
post mortem!)
• How does it work? Create a password seed• Make a hash-chain• h499(h498(h497(…h2(h1(S))…)))• Represent output as 6 words…• Start asking for otps from 499 to 0
OPIE
• You need to seed the OPIE for each user with opiepasswd You can create a random seed which can be secret
from the end user.
• If you want to use OpenSSH with opie, you need to enable ChallengeResponseAuthentication in your sshd config
• You need to add it to PAM.d (more on that later…)
OPIE
OPIE
• Challenge can be pre-set
• Don’t tempt yourself to install multiple hosts with the same challenge, you don’t have OTP then
• Before you reach seq 0, you will need to rekey the otp.
OPIE
OTP’s can be generated with opiekey or another token generator (java,android,iphone app)
tony@enigma:~$ opiekey 498 en1234Using the MD5 algorithm to compute response.Reminder: Don't use opiekey from telnet or
dial-in sessions.Enter secret pass phrase: NUDE JAN ATE BOGY FIEF NAPtony@enigma:~$
OPIE
You can precompute OTP’s and carry them with you or hand them out (single use method?)
tony@enigma:~$ opiekey -n 5 498 en1234…Enter secret pass phrase: 494: MOD SOIL DUMB OLDY ROOF RISE495: LIMA HIT BUSS DIVE OUR SPY496: CORK CORK MAN HOLM TURF MET497: MUSH SAGE SO WEIR EVEN AMRA498: NUDE JAN ATE BOGY FIEF NAP
OPIE
• Android: OpieKey• Java: J2Me-otp, jfreesafe• Iphone: 1key• Linux - opiekey• Paper...
• Google : Search for OPIE, OTP-MD5, S/Key MD5…
• If you need strong security – generate the OTP-s on a SEPARATE device than the one that you use for comms and use twofactor auth.
Configuring PAM to work with OTP-s
• tony@enigma:~$ ls /etc/pam.d/ atd chpasswd common-account common-
password common-session-noninteractive cups gdm-autologin login other polkit-1 samba su chfn chsh common-auth common-session cron gdm gnome-screensaver newusers passwd ppp sshd sudo
Su, sshd, sudo are safe to use with OPIE
Test any service which you want to OTP first in a VM.Try not to lock yourself out of your box
PAM configuration
• Sufficient and required statements in PAM• Depends if you want single or multiple mode
auth.
• Debug your OTP’s with the debug statement• Use sufficient at first until you know it’s working
• Most of the time you can never be to careful and add: auth required pam_deny.so at the end…
OATH – Initiative for open authentication
• Relatively new standard• www.openauthentication.org • Two methods: HOTP, TOTP
OATH-HOTP
• Currently no support for TOTP under linux Wrong: RCDevs-OpenOTP
RSA-SecurID is the proprietary exception
• HOTP support is provided in: HOTP toolkit (libpam_hotp)
(http://freshmeat.net/projects/hotp-toolkit) Barada (libpam_barada) (http://barada.sourceforge.net/
)
• Apache module mod-auth-otp
• RADIUS rlm_otp support.
OATH-HOTP
• My experience was buggy with hotp-toolkit,
• Go with barada, it’s packages are available for Debian Squeeze (not in lenny yet.)
• As always: YMMW
• mod_authn_otp
Yubikey
• Yubikey usb token Yubi OTP, HOTP, Static password mode OSS
• Pam modules, apache, radius
• Great community, bindings for everything.
• As far as I am concerned, the most promising token
• Now would be the good time to show some demos
Conclusion
• Passwords scale, you can’t beat that. Implement a strong password policy!
• Biometrics are great for local authentication Use them on fixed workstations Fingerprint scanners are relatively cheap
Check our fprint lib.
• SmartCards are good Watch out for reader/card/app compatability!
• HOTP-s are really great, but the support is terrible
• Yubikey – bright future (i hope…)
Conclusion
• The easiest way to ensure OTP is with OATH-HOTP or with yubikey
• Use multifactor authentication (OTP+Password)• Watch out for implementation errors
• OTPs won’t protect you against security bugs Did i mention? Patch your code!
• Principle of least privilege, service separation• Yes, you probably should implement ISMS!
End rant…
• Thank you!
