2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec



Similar documents
Trends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona

White Paper: Multi-Factor Authentication Platform

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

A Security Survey of Strong Authentication Technologies

Economic and Social Council

Chapter 7 Transport-Level Security

User Authentication Guidance for IT Systems

SENSE Security overview 2014

Stop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd

Authentication Types. Password-based Authentication. Off-Line Password Guessing

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Swivel Multi-factor Authentication

True Identity solution

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Two Factor Zero Knowledge Proof Authentication System

Dashlane Security Whitepaper

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Two-Factor Authentication and Swivel

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Guide to Evaluating Multi-Factor Authentication Solutions

Mobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Chapter 17. Transport-Level Security

How Secure is your Authentication Technology?

Authenticity of Public Keys

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Compliance and Security Challenges with Remote Administration

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Entrust IdentityGuard

Network Security Essentials Chapter 5

Multi Factor Authentication API

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication

An Analysis of Twitter s App Based Two- Factor Authentication and Recovery System

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Remote Access Securing Your Employees Out of the Office

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Modern two-factor authentication: Easy. Affordable. Secure.

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

The Security Behind Sticky Password

Using Foundstone CookieDigger to Analyze Web Session Management

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Public Key Applications & Usage A Brief Insight

How To Understand And Understand The Security Of A Key Infrastructure

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobile multifactor security

OPENID AUTHENTICATION SECURITY

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

SECURING MOBILE APPLICATIONS

Dynamic Query Updation for User Authentication in cloud Environment

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Cryptography and Network Security

e-governance Password Management Guidelines Draft 0.1

An Enhanced Countermeasure Technique for Deceptive Phishing Attack

ViSolve Open Source Solutions

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Second Level Authentication Using QR Codes

Strong and Convenient Multi-Factor Authentication on Mobile Devices

Information Security Basic Concepts

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham

Security in Near Field Communication (NFC)

SAP Single Sign-On 2.0 Overview Presentation

2: Do not use vendor-supplied defaults for system passwords and other security parameters

Chapter 1: Introduction

CS 4803 Computer and Network Security

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Browser Enhancements to Support SSL/TLS Session-Aware User Authentication

CASQUE SNR Presentation 16 th April 2015

A Method of Risk Assessment for Multi-Factor Authentication

Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Copyright 2013, 3CX Ltd.

Entrust. Entrust IdentityGuard 8.1. Deployment Guide. Document issue: 2.0. Date of Issue: April 2007

Online banking and man in the browser attacks, survey of the belgian situation. 2 A man in the browser attack based on the signature of a transaction

User Manual. Finter E-Banking. Wherever you are and whenever you have time

BlackShield ID Agent for Remote Web Workplace

Neustar Intelligent Cloud Services

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Authentication Tokens

What the Future of Online Banking Authentication Could Be

Lync SHIELD Product Suite

Two-Factor Authentication

Secure Remote Password (SRP) Authentication

Is Your SSL Website and Mobile App Really Secure?

Research Article. Research of network payment system based on multi-factor authentication

eduroam wireless setup guide for Windows 7, XP and Vista

Sophos Mobile Control User guide for Apple ios. Product version: 4

Secure Password Reset in a Multiuser Web Application

Transcription:

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1

Motivation With the increasing desire also of private individuals to access their confidential data even from their mobile devices, the need for strong security controls for such application arises in the same way as it has years ago in the area of web applications. This paper covers one of the most important parts thereof: the login process that allows an application on a mobile device accessing data from a server using two-factor authentication. Introduction An increasing number of internet-based end-customer applications require two-factor authentication. Text message (SMS) based one-time code distribution (as second factor) is rapidly becoming the most popular choice when strong authentication is needed, for example in e-banking. Low acquisition, distribution and help-desk cost are the main drivers for these socalled mtan 1 based authentication methods. All of these properties are particularly important for applications that serve large number of users, possibly on a global scale. With multi-factor authentication, each token available for authenticating the user falls into one of the following three categories: Something the user knows (e.g. a password) Something the user has (e.g. a hardware token) Something the user is (e.g. a fingerprint) mtan-based strong authentication makes use of the two categories something the user knows (password) and something the user has (mobile device). During authentication, the user has to provide the password as well as a one-time secret received by SMS on his mobile phone. Proof of possession of the mobile phone (which is done by providing the received SMS code) is used as 2nd login factor. With increased capabilities of mobile devices, there s been a trend towards accessing web services 2 over the mobile channel 3 as well. Much like a regular web-user also users that access the service via a mobile application must be authenticated with a mechanism that sports the required strength against identified, relevant threats. However simply transferring the mtan-approach to mobile app development doesn t work well, mainly because it would be cumbersome or even impossible to be used on the mobile device as it requires the user to switch between applications 4. As a result, we have to come up with an authentication scheme that is better suited for mobile apps, which should provide security comparable to the two-factor authentication mechanism described above. In this paper, we propose a strong and practical two-factor authentication scheme for smart phones that does not negatively affect the user s experience or usability and that provides security comparable to classic two-factor authentication schemes. 1 mobile Transaction Authentication Number 2 Also such implementing two-factor authentication 3 E.g. as an iphone app 4 Mobile app and SMS inbox 2

Technical Approach mtan is based on a simple principle: Once a user has securely proven possession of his mobile phone 5, it can be used as the second login factor. While mtan uses a unique SMS code that is generated on the server and received during each login attempt, our approach makes use of the principle of key continuity (also called Baby Duck / Duckling -model) to negotiate a token that is used as the second login factor. This model was already successfully implemented in protocols such as SSH or products such as Phil Zimmerman s zfone. The idea behind this approach is that if we can securely authenticate one session (usually the first one) and derive a shared secret, this secret can be re-used to authenticate later sessions i.e. each secret S 6 n directly depends the previous secret S n-1. Assuming the shared secret S n-1 can be stored securely on the mobile device, the second login factor (i.e. the next shared secret, S n ) can only be generated by the mobile device itself. It is therefore dependent on something the user has. From a security point of view, this is very similar to mtan but offers much better usability when using a mobile app. More detailed, the approach works as follows: Before a new session n is initiated, the mobile device has stored a shared secret S n-1 from the previous session n-1. S n-1 is then used to compute the shared secret to authenticate the new session using the following formula: S n = f(<shared secret 7 >, S n-1 ). As long as the token S n-1 is adequately secured on the mobile device, proving knowledge of it is sufficient for a second login factor (which the client does by calculating and providing S n ). A normal login therefore works as follows: Client Server (looks up S n-1 ) (looks up S n-1 ) (computes S n = f(<shared secret>, S n-1 ) (computes S n = f(<shared secret>, S n-1 ) S n (checks S n == S n ) OK (stores S n ) (stores S n ) Missing in the above flow is the mobile device initialization, which also has to be done in a secure manner. In our reference implementation (see page 4), we have decided to use an mtan code once, to initialize the mobile device. The first secret S 1 is therefore referred to as S 1 = f(<shared secret>, mtan-code). A re-authentication with a one-time code that is distributed with an SMS can also be used as a fallback solution 8 at any time. To summarize, our approach uses the following messages to authenticate a user: Initialization: S 1 = f(<shared secret>, mtan-code) Normal login: S n = f(<shared secret>, S n-1 ) Re-synchronization: S n = f(<shared secret>, mtan-code) 5 In high-security applications, this is often made offline, i.e. using letter post or similar 6 Read: Secret S in session n 7 E.g. a hash of the password or a pre-established Diffie-Hellman secret 8 E.g. in case of de-synchronization where client and server store different S n-1 due to possible message loss or when the user has lost his mobile device 3

Reference Implementation: DoubleSec The approach described in the previous section has been successfully built and implemented in the iphone application of DataInherit 9, a data safe service where users can store their most important digital assets (i.e. documents and passwords, whereas the mobile app currently provides access to passwords only) in a highly secure manner. To access the service with a web browser on a standard computer, we use a two-factor authentication based on mtan. On the iphone app, we use a concrete version of the said approach and named it DoubleSec. For security reasons, we are using the Secure Remote Password Protocol (SRP, RFC2945) for the password authentication in DataInherit. SRP is a zero knowledge proof protocol and SPEKE 10 -protocol and as such provides, besides strong authentication, a strong shared secret 11 during each login. This shared secret has due to its random- and freshness optimal characteristics for the usage in our proposed scheme. The needed function to merge this shared secret and S n-1 has been chosen to be an HMAC. Putting it all together, computation of S n in DoubleSec finally works as follows: S n = HMAC(<SRP-derived shared secret>, S n-1 ) The figure depicted on the following page shows the login process including DoubleSec as it is implemented in the DataInherit mobile application 12. To achieve protection from Man-in-the-Middle attacks as mentioned above, we besides using HTTPS encrypt S n before transmitting it using the SRP-derived shared secret. This theoretically allows us to use said approach in a secure way even over insecure channels. 9 See http://www.datainherit.com for more information 10 Simple Password Exponential Key Exchange 11 This shared secret is session-specific and established in a secure manner during login, similar to a Diffie-Hellman key exchange. 12 Note that K(n) is referred to as SRP-derived shared secret K in session n 4

5

Security Analysis Man-in-the-Middle Attacks The approach described in this document is susceptible to Man-in-the-Middle attacks unless additionally secured as in DoubleSec because an attacker managing to retrieve S n (which is referred to as S n-1 in the subsequent session) and also the user s password is able to authenticate further sessions. For increased security, S n should therefore not be transmitted in plain text. There might be several ways to circumvent this problem: Usage of some sort of challenge-response protocol to prove knowledge of S n Usage of SSL/TLS Usage of cryptography to secure S n, see reference implementation on page 4 Comparison to mtan As mentioned earlier in this document, this new approach can be used to offer services that already use some sort of two-factor authentication on the web-channel, e.g. mtan, on mobile devices. It is therefore necessary that it provides a security level comparable to mtan. In this section, we will discuss some important aspects of this new approach in comparison with mtan. Derived from the theory of two-factor authentication, the second login factor should be something the user has or is, assuming the first factor is a password, i.e. something the user knows. This requirement is achieved because it is impossible (under practical assumptions) for an attacker to calculate S n without having access to the mobile device, which would be necessary to access S n-1. The fact that the mobile app has direct access to the second login factor should not have any impact: The proposed approach (as well as all other two-factor authentication solutions) intends to secure the user s account and not the user s device. However, there exists a small difference with respect to the critical app on the mobile device 13 : With our approach, it is the mobile app itself; with mtan, it is the SMS app. With mtan, an attacker is able to log in only once if he manages to gain access to the second login factor (i.e. the SMS code), assuming he already knows the user s password. With this new approach, the attacker is able to log in multiple times because by gaining knowledge of S n-1, he will be able to compute S n as well as S n+1, S n+2, However the next time the legitimate user tries to log in, a loss of synchronization will be detected which leads to a re-initialization of the user s mobile and to a change of S n-1. Access control mechanisms provided by the operating system of the mobile device are important for the security of S n-1 to prevent other applications from reading this element. From a usability perspective, our approach though exceeds mtan on mobile devices because there is no need for the user to manually switch between different applications. Additionally, it has lower operational costs because there is no need to send an SMS to the customer for each login attempt. Finally, there is one shortcoming of our proposal in comparison to mtan: Transaction signing/confirmation, which is increasingly used in e-banking solutions, is not possible with this solution. To summarize, we conclude that the present proposal if implemented correctly and given the mobile device operating system serves adequate access control mechanisms to secure S n-1 provides a similar security level as mtan. It can be used to make services available on mobile devices without reducing the over-all security of that service. 13 Assuming we face a malware trying to gain access to the second login factor 6

Analysis of Alternative Methods During the research phase for DoubleSec, we have also performed some analyses of other approaches, in particular: Usage of itan 14 Usage of the device ID (in case of an iphone) Automatically insert SMS code 15 DoubleSec: Proposed and implemented solution Usage of mtan (including user interaction) All of them have been analyzed with respect to their strength to mitigate three abuse cases, their capabilities to meet four requirements as well as their usability: Abuse case 1: Passive phishing, e.g. by e-mail Abuse case 2: Weak credentials, i.e. weak passwords Abuse case 3: Password re-use, i.e. the user chooses the same password for multiple services Requirement 1: The second login factor (i.e. its value) should change regularly Requirement 2: The next value of the second login factor should be unpredictable Requirement 3: The approach should serve similar security than mtan Requirement 4: The second login factor should be something the user has Usage of itan Usage of device ID Automatically insert SMS code DoubleSec Usage of mtan AC1: Passive phishing AC2: Weak credentials AC3: Password reuse Req1: Value changes regularly Req2: Next value unpredictable Req3: No lowering of security Req4: Something the user has Usability Note that the approach automatically insert SMS code has the same rating as DoubleSec. However it could be depending on the mobile device impossible to implement it. Moreover, we strongly believe that the user s SMS messages should never be accessible by anything else than the user of the mobile device using the SMS app. Furthermore, Double- Sec has the advantage that it is not bound to GSM-networks and can therefore also be used over WLAN-networks or on devices not supporting GSM-networks (e.g. on an ipod or an ipad with WLAN-access only). 14 Indexed Transaction Authentication Number 15 I.e. usage of mtan, but without user interaction 7

Conclusion With the growth of the market for mobile apps, the need for strong authentication schemes on mobile apps will increase as well. With the approach described in this paper, we have demonstrated the feasibility of an authentication that is both strong and easily usable. With transport encryption and the usage of SPEKE-protocols such as SRP as shown in our reference implementation called DoubleSec it even works over otherwise insecure channels. 8

Contact Dipl. Ing. FH Michael Tschannen Zurich University of Applied Sciences 8401 Winterthur michael.tschannen@zhaw.ch Dr. Tobias Christen DSwiss Ltd 8003 Zürich tobias.christen@dwiss.com Prof. Dr. Marc Rennhard Zurich University of Applied Sciences 8401 Winterthur marc.rennhard@zhaw.ch 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information