Multifactor authentication systems Jiří Sobotka, Radek Doležel

Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: xdolez35@stud.feec.vutbr.cz Abstract - In this article are described methods of deploying systems of multifactor authentication. For two factor authentication were used two technologies from different industry area leading companies. Each system has different approach to the secure authentication issue. In the last part are described benefits of fourth factor of authentication. 1 Introduction A S the computer networks spread to almost all parts of human life became more vulnerable thanks to the enormous number of access points and connections between terminals. Classical method of authentication by user name and password is not anymore sufficient enough for credible user identification. The user password system has two main disadvantages: the passwords are either simple and easily guessable or very difficult and most of the users are going to write them somewhere and jeopardize the security of password. Even if a system administrators force the users to periodically change the passwords, the risk that an attacker will obtain the password by guessing or by brute force attack are still a threat. Still many companies are using this system as the only way of protecting their data. Furthermore authentication by password is for system operator very expensive, financial burden of for example password recovery service represent a considerable amount of the help desk time. Nevertheless breaking of the system security and loss of the data can be much more expensive for the company. 2 Authentication Authentication is a process of verifying the identity of a person requiring access to the system. To prove that I am really the person I claim is possible by following factors: Knowledge of an information password or PIN Possession of a thing token or card (two factor authentication) By a personal characteristic biometry, fingerprint for example (three factor authentication) Nowadays when identity theft problems are becoming a serious issue is a confidence in digital identity very important. More factors can be required for identification at system login to higher the authentication credibility. In the terms of secure access to the system it is necessary to distinguish between authentication and authorization, when authentication provides user identification and authorization define area of user activity in the system. 2.1 Authentication by password Authentication by password is the most used but also the most vulnerable form of authentication. Considerable effort has been used to develop system of password administration with different levels of password complexity; still obtaining the password by an attacker is only a matter of used tools and time. Propriety of using password authentication system has to be considered in comparison with value of assets secured by the system. In most of the cases higher level of security is required. 2.2 Two factor authentication Use of the two factor authentication considerably increases the system security level by forcing users to identify themselves by two identification factors. In most of the cases it is password (something the user knows), and a token (something the user has). These devices are very small and suitable for carrying them in pockets or together with keys. They usually contain keys for the cryptographic algorithms, user s digital ID, user s digital signature. The user s data are secured from compromising, because they all are stored in the token instead of hard drive. These devices are protected from tampering and thanks to the hard shell are quite durable. For successful login to the system, the token has to be plugged in to the USB port and correct PIN has to be entered by keyboard. The computer then carries out communication with authentication server for verifying user identity. 2.3 Thirth factor Thirth factor, which can be used for user identification and authentication, is a biometrical feature of the person requiring access to the system. Detailed description of biometrical methods is beyond scope of this article. 3 Applications of two factor authentication 30

Application of more methods of authentication is called multifactor authentication, or strong authentication. In our work we are focusing on two factor authentication. Classical example of two factor authentication is a credit card issued by a bank. To access your account by ATM you need to insert a card (something you have) and enter a PIN (something you know). As the organizations are improving security of their information systems, multifactor authentication is becoming popular. The organizations usually already have databases of user and user passwords and thus implementation of USB tokens is a convenient way how to improve security of entire system. Price, easy application and usage contribute to expansion of tokens. 3.1 Principle of the USB tokens USB tokens serves as a convenient storage of certificates for authentication, identification a digital signature. Every organization can create own token deployment strategy as well as system rules. Tokens can be easily distributed among large group of users in a short time period, even for large geographic distances. USB token is used to verify user identity and then allows access to required resources in the area of user authorization. USB tokens were used for storage of private keys and certificates in PKI and VPN technologies. Cryptographic USB tokens are perfect supplement of VPN for enterprises requiring secure distant access to company network. Nevertheless, USB tokens have many applications allowing strong and simple solution and offers additional benefits [1]: Security Cryptographic keys, certificates and personal information are safely stored in hardware device secured from extracting information. Portability Small size of devices allow carrying them in the pocket and having all personal information always accessible. Universality USB token can be used for save all kinds of information. Provides functions as cryptographic calculations, storage of authorization data, physical and logical access control. Simple and convenient usage Simple plug in to the USB port make all security functions accessible Modernization USB tokens can be easily modernized for support of biometry, PKI and other functions without change of current devices. Companies working with sensitive user data, financial systems, etc. are subject of controls executed by governmental institutions. Proper security from compromising, unpermitted access, wiretapping or tampering is being verified. 3.2 Technology SafeNet ikey USB Token USB tokens SafeNet are devices for secure authentication, can contain user s authorization data as passwords, keys, certificates or biometrical data and all of that in a very secured way. The device has operational system (DKCCOS), which provide secure access to the stored data. The tokens can be used in PKI systems as well as in different systems. SafeNet ikey USB Token is a portable PKI device of a small size, so it can by carried in a pocket. It generates and store digital data as private keys, digital certificates, user names and passwords and biometric templates. SafeNet USB Tokens provides easy application of advanced authentication without need for install additional devices. ikey represent hardware device, resistant to copying stored information, conformational by FIPS 140-1 (Federal Informational Processing Standard), Level 2 and FIPS 140-2, Level 3 [ 1 ], providing high level of security for valuable digital property. SafeNet Inc. Company developed four basic kinds of tokens ikey: ikey 1000, ikey 2032, ikey 3000 and ikey 4000. Each kind has different amount of internal memory and supports different number of functions. Token ikey 1000 provides basically only safe storage of data, the other three types facilitates operations with stored data and other cryptographic operations as generating and verifying passwords, implementation of digital signature etc. Basic algorithms of symmetric and asymmetric cryptography are used. 3.3 Technology RSA SecurID Other approach to the problem of two factor authentication is technology developed by RSA Company. RSA SecurID system is based on periodical changes of the authentication key. Each SecurID authenticator contains unique symmetric key, which is combined by certain algorithm to generate a code, so-called one-time password (OTP). New OTP is being generated every 60 seconds. Every generated code is then by AES (Advanced Encryption Standard) algorithm encrypted and displayed on integrated screen. Each authenticator is by patented technology synchronized with authentication server, thus high level of security is ensured. During login to the system is the user asked to enter one-time password, by which he proves the possession of a token and he also needs to enter persona identification number PIN knowledge of information is proved. Combination of a PIN and one-time password is very difficult to guess for an attacker and even if he manage to find the right combination, after 60 seconds it is useless. For companies, dependent on wide token distribution to provide secure access for all employments is reliability of the tokens very important. RSA authenticators offer high level of reliability. SecurID Tokens are designed for the worst environmental conditions. They are able to resist quick temperature changes, mechanical exertion or submerge to the water. Before installation is each token subject to extensive tests. 31

Every user gets assigned one token, each of them generates different one-time password. System SecurID offers not only classical hardware tokens, but also software and on-demand tokens, which enable to use devices the use already has, as device for generating the code notebooks, cell phones, PDA. working with all kinds of platforms. Agent sends authentication requests of users to RSA Authentication Manager, where user authentication is performed. After verifying user identity, access to the system is allowed. 3.3.1 Hardware authenticator Advantage of hardware authenticators is no need for installing any other applications. Also no further initialization is necessary, the tokens are immediately ready. Only symmetric initialization key has to be uploaded to the authentication manager and synchronization follows. Five different RSA SecurID hardware authenticators exist. Basic version is RSA SecurID 700, which is designed as a key fob. This type contains only display with the one-time password. Every 60 seconds new password generated by AES algorithm is displayed. Extended version is RSA SecurID 800, where en USB connector and integrated smart chip are added. As supplement to one-time password generator it offers also storage for digital certificates for authentication, digital signature and file encryption applications. Device can store several combinations of user names and passwords for access to different applications. If the token is inserted to USB port, given application can automatically access the passwords, so the user does not have to log in to each application separately. Different physical elaborations of same authenticator are RSA SecurID 200 and RSA SecurID 520 models. These authenticators have size and shape of credit card and again very durable case. Both models have display with one-time password. Model SecurID 720 has in addition a keyboard where the user enter his PIN, final code on display is then hash of combination of actual one-time password and PIN. 3.3.2 Software authenticator Goal of software authenticator is to lower number of things the use has to carry to be able to securely access the system. Software authenticators offer same level of two factor authentication as hardware authenticators. Software tokens employs the same algorithms as hardware tokens, the symmetrical key is saved in users computer instead of in the token. RSA SecurID software tokens supports smartphones BlackBerry, iphone and smartphones with Java and with operational systems Windows Mobile and Symbian. From computer OS, MS Windows and Mac OSX are supported. 3.3.3 RSA Authentication Agent User requests for access are accepted by RSA Authentication Agent, either from local or distant stations (by VPN). RSA Authentication Agent is integrated in existing systems, applications and consoles, which serve as gate for remote access to the server, VPN networks firewalls, web servers etc. Many modifications exist for different applications, which are 3.3.4 RSA Authentication Manager Core of the RSA SecurID system is RSA Authentication Manager, which maintain used database, handle authentication requests and allows access to the system. RSA Authentication Manager offers possibility of centralized management of whole system, creation of hierarchical structure of users and administrators, and all of that with full support of secure remote access. Entire communication with Authentication Agents is secured, as well as all important aspects of system user names and passwords, server databases and remote administration. System also uses logical evaluation of attack attempts or use of stolen tokens. Because RSA Authentication Manager is centralized system, failure of one central server would take down whole system, the central database and Authentication Manager are installed on more servers, so-called replicas. Replicas provides backup of user database and enable user authentication on more servers. In comparison with SafeNet technology has RSA SecurID several advantages. Verification of possession of a token is proceed by copying one-time password from token display, so no reader is necessary. Second advantage is periodical password change, so even in a case of revealing of the password, the attacker has only 60 second to use it. Last advantage is in impossibility of copying the tokens. 4 Deployment of two factor authentication In our laboratory, both technologies were deployed for educational purposes. From SafeNet the ikey 3000 was chosen together with open source software. RSA SecurID is more complex technology and original software had to be used with RSA SecurID 200 and RSA SecurID 800 tokens. 4.1 Two-factor authentication with ikey 3000 The ikey 3000 tokens [7] were selected because they also support RSA standard PKCS #15 (Public-Key Cryptography Standards: Cryptographic Token Information Format Standard) [8]. PKCS #15 allows using an alternate cryptographic token interface for independence on the support from manufacturer. Tokens ikey 3000 are products of SafeNet, Inc. For working with the tokens an infrastructure is necessary to build. The infrastructure is based on Open Source Software. 32

4.1.1 Security infrastructure building The tokens are only medium, but for their fully usage the whole infrastructure is necessary to build. The security infrastructure is shown in Figure 1. Figure 1 consists of clientserver model on each side. In Figure 1 is also outlined the layers division by Reference model ISO/OSI. Figure 1: Security Infrastructure. In the infrastructure are used applications that represent the Open Source Software projects. As can be seen in Figure 1, most of the applications are running on Application layer of Reference model ISO/OSI. On a client side the complex of applications that supports operating system for working with tokens is involved on Application and other lower layers. This support is represented by the OpenSC project [9]. For the communication HTTPS is used, which establish connection on Application layer. A base of this protocol is SSL/TLS that operates on lower layers. For the successful connection establishing a web server on a server side and a web browser on the client side are used. The web server is powered by Apache HTTP Server [10] and as the web browser can be used standard web browser compatible with certificates and tokens, Mozilla Firefox and Microsoft Internet Explorer etc. The connection is secured by certificates issued by a certification authority. The certification authority is created by the OpenSSL project [11]. The description of the Open Source Software projects used in the infrastructure is given in Table 1. Open Source Software project OpenSC Web browser Apache HTTP Server OpenSSL Description Operating system support for tokens Client's application compatible with certificates and tokens Web server that provides secure connection establishing Certification authority that issues certificates Table 1: Open Source Software projects description. Server As a basic system on the server the GNU/Linux operating system is used. Into this operating system Open Source Software projects as the appropriate services are installed. The server then provides services such as certification authority and web server. Certification authority is created by the OpenSSL project and issues server s and client s certificates with matching private keys. The web server is powered by Apache HTTP Server. Apache HTTP Server is set up for connection establishing via HTTP and HTTPS. With HTTPS connection is used a mutual authentication. During one session of the mutual authentication the client's certificate as well as server certificate is proved. Client In most cases is the client represented by a user computer. As an operating system on the user computer can be used GNU/Linux as well as Microsoft Windows. The aim of this solution is creating the client that could be independent on the platform of the operating system. On the user computer it is suitable to install standard web browser compatible with certificates and tokens. In our case we use Mozilla Firefox. Support for tokens is supplied by the OpenSC project. Project OpenSC consist of many parts, but two main are OpenCT and OpenSC. Project OpenSC is developed for the GNU/Linux operating system. The ported version for the Microsoft's operating systems is already available. 4.1.2 Working with tokens The clients' certificates can be stored in secured key storage of web browser (software) or into the tokens (hardware). We use tokens for our purpose. The OpenSC project serves for management of the tokens. The whole process of working with tokens can be divided into two parts. First part is a management of tokens by administrator and second one is an client usage of tokens. The items of token life cycle are listed with description in Table 2. User Description Formatting Erase of old items Initialization re- Storing quired content Administrator Handover Operating system and applications setup Associate with cryptographic interface used Storing client's certificate with matching private key and often setup of an access PIN (Personal Identification Number) The token with the access PIN is given to end user Installation of supported drivers and link applications with token interface Usage Common user usage of token Return to administrator If a content of the token is out of date Table 2: Life cycle of working with token 33

4.1.3 Establishing secure connection via HTTPS with tokens When the whole infrastructure is built, appropriate setup is done and tokens are ready then clients can work together with server. The process of secure connection establishing between the client and the server consists of several points. In these points are the two-factor and the mutual authentication used. The two-factor authentication is realised by tokens. In to the tokens are stored client's certificate and matching private key. The validation of the client's certificate and the server certificate represents the mutual authentication. The process of connection establishing is following: the client tries to establish secure connection via HTTPS to the server the server accept incoming connection and send back the server certificate the client validates the server certificate if the server certificate is approved then the client input the access PIN to the token if the access PIN is correct then the client can put and check-up the own client's certificate the server validates the client's certificate if the client's certificate is approved then the secure connection is successfully established To establish the secure connection is necessary to accomplish each point of this listing. If only one point is disturbed then the whole connection is disconnected and client has to try establish a new connection from beginning. 4.2 Two factor authentication with RSA SecurID Each RSA SecurID token is delivered from manufacturer with related XML file. XML file contains information about each token serial number, initial key for generating passwords seed, date of activation of the token, date of expiration of the token and physical address. This information is important for the server for synchronisation with token. For deploying the tokens, XML file is uploaded to the RSA server and synchronisation is performed. Following paragraph describes part of the XML source code, installed for each token in RSA Authentication manager. All informations are in plain text, except the most important line Seed. Usual lifetime of the token is 4 years. <SN>204423335</SN> <Seed>=nPjS+lF+Fv9ZXaBFok5aKA==</Seed> <Birth>2008/12/08</Birth> <Death>2012/03/31</Death> <TokenMAC>3tY44ro8dPXsYQK6Y6qdQ==</TokenMAC> The network structure consists of several parts. Heart of the system is server with installed RSA Authentication Manager, which administers all aspects of RSA Authentication System: user accounts, RSA SecurID tokens, policies, other support instances as replica servers and RADIUS server. Other part are user terminals, with installed instances of RSA Authentication Agent. User terminals can be desktop computers with Ethernet connection, wireless laptops or mobile devices. Each user has to use his own personal RSA SecurID token for successful log on to the system. User with the mobile device can use software RSA SecurID token in order to lower number of necessary things needed for authentication, since he carries the mobile device with him all the time. Brief structure is on Figure 2. Figure 2: Structure of RSA SecurID system Each user computer has RSA Authentication Agent installed for secure communication with RSA Authentication Manager. In the RSA Authentication Manager has been created a system of administration levels with hierarchical structure and with different policies for each level. The students were creating their own users profiles for each level and simulating a company network with main administrator and subordinate administrators. Important point of assigning rights to each administrator is correct set up of the policies at each level of administration structure. Only the main administrator has the rights to the whole system and for the all levels of the hierarchical structure. Subordinate administrators can administrate only part of the system and group of users assigned to them by main administrator. Subordinate administrators shall not have access to their own user account or to the accounts of others administrators. One of the other features of RSA SecurID system is RSA Authentication Client, a tool for secure log on to the system and for acces to the certificates stored within the token. RSA Authentication client supports only RSA SecurID 800 Authenticator, which is a universal device. For smart card use, it has a tiny smart card with an embedded chip and reader build into it. The smart chip is a microprocessor that can store and process data. For SecurID use, it has a panel that displays the SecurID tokencode. To use the SecurID 800 as a smart card, the user needs to insert it into the USB port of the computer. The user can then add a valid Windows account, digital certificate, or both to the smart card. For example, to configure Authentication Client to display the RSA logon prompts, the user sees fields to add a 34

Windows account (user name, password, and domain) to their smart card. This allows the user to log on to the computer by inserting the smart card and entering a PIN instead of manually entering a Windows account. While installing the full RSA Authentication Client product, a user interface RSA Control Center is also installed. The Control Center contains options that allow users to store certificates on the smart card and manage many other aspects of their authenticator. For example, the user can select options to change or unblock a smart card PIN, manage certificates and Windows accounts, copy the tokencode to log on to a SecurID application, and review authenticator details and logon requirements. You can also select a Group Policy Object setting to remove certain options from the Control Center. After synchronization the one-time passwords for each minute are calculated. Passwords can be saved in to the file and required time period can be chosen in the terms of minutes, hours, days, months or years. Figures 4 and 5 [12] shows a function of RSA SecurID Token Calculator and a way how an attacker can authenticate himself without physical possession of a token. For successful authentication, correct time synchronized with RSA server is necessary. But security of the RSA SecurID is not compromised, because for use of RSA SecurID Token Calculator the XML file is need. This file is delivered together with tokens, so only system administrator has access to this file. Also user password is still needed. Figure 4: Cain & Abel tool RSA SecurID Token Calculator [12] Figure 3: RSA Control Center One part of our work was to find a way of attacking this system. Only possible way how to break this system is to predict generated token numbers. One of the methods is described in following article. 4.2.1 Simulation of a hacker attack [12] Software Cain&Abel has a tool RSA SecurID Token Calculator to calculate generated one-time passwords in advance. For the reason of correct synchronization, it is necessary to have several one-time passwords for successful brake in to the system. To generate one-time passwords, Cain&Abel require XML file distributed with tokens, which contains information about token and initial key for password generating algorithms - seeds. After the import of XML file, serial number and seed of the token is displayed. Then the tool is synchronized with token by entering actual one-time password from the token. Figure 5: RSA SecurID token [12] 35

5 Fourth factor Last type of authentication can be system of knowledge of some person a factor somebody I know [13]. This principal of identification by an entrusted person is being used from the beginning of a mankind. In the electronic environment is this principal used to verify identity by e-mail or phone call. For practical implementation of this type of authentication is proposed a system of guarantees. Authentication is applied on a group of users, where one of the users with appropriate rights a guarantee, uses his authentication devices for emergency authentication of other user an applicant. This principle is fully applicable in RSA SecurID system. If a user lose or forget his authenticator, other user with appropriate rights his guarantee, can provide a temporary access by generating one time password, provided the user remembers his password. RSA Authentication Manager offers two versions of generating emergency token code a temporary fixed tokencode and a set of one time tokencodes. The former is a one tokencode with limited lifetime, while the latter is a set of tokencodes, each of them can be used only one time. RSA Authentication Manager also offers a possibility of denying authentication with the user hardware token for the case the token was stolen. Important part of this kind of authentication is user identity verification process. It is necessary to ensure that the guarantee correctly identifies a person he is guaranteeing for. If the user is identified by e-mail or phone, the authentication system is not sufficiently reliable. There are many methods of obtaining unauthorized access by so called social engineering, as described by Kevin Mitnick [14]. Some kind of a personal bond should be among guarantee and applicant. A proposal of fourth factor authentication is described in [13]. 6 Conclusion Two factor authentication provides secure and reliable way of identifying user during access to the system. Both technologies were successfully deployed in our laboratory and now help with education of computer security to students. The designed example is based on the secure infrastructure. For building whole infrastructure Open Source Software (GNU/Linux, OpenSC, Mozilla Firefox, Apache HTTP Server and OpenSSL) is used. In this solution the two-factor and the mutual authentication is realised. The two-factor authentication uses as the medium the ikey 3000 and RSA SecurID tokens. Into the tokens are stored the client's certificate and matching private key. When the user wants to use his token then he has to input access PIN because the token (first factor) is protected by the access PIN (second factor). The mutual authentication stands for proving certificates on both sides, i.e. on the client's computer and on the server. The work with tokens is divided into two parts, but if these parts would be joined together then the life cycle of the token usage is created. The first part is management by administrator and second one is common user usage. The whole communication model consists of several points when the certificates are validate on opposite side and on the client's computer is in addition used token with the access PIN. REFERENCES [1] SafeNet White Paper. Multi-Factor Authentication [online]. 2008. Available: <http://www.safenetinc.com/>. [2] RSA White Paper. RSA SecureID Authenticators [online]. 2009. Available: <http://www.rsa.com/>. [3] Security Reference Guide CDW. [online]. 2009. Available: <http://www.cdw.com/securityguide/>. [4] SafeNet The Foundation of Information Technology [online]. 2008. Available : <http:// www.safenet-inc.com />. [5] BRAINARD, John, JULES, Ari, RIVEST, Ronald. Fourth Factor Authentication: Somebody You Know [online]. 2006 Available: <http:// www.rsa.com />. [6] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley, 2002 [7] SafeNet (Rainbow) ikey 3000 Datasheet [online]. 2004 [cit. 2010-05-19]. Available: <http://www.cyprotectdl.de/safenet/ikey/ikey_3000_english_datasheet.pdf> [8] RSA Laboratories PKCS #15: Cryptographic Token Information Format Standard [online]. 2010. [cit. 2010-05-19]. Available: <http://www.rsa.com/rsalabs/node.asp?id=2141> [9] OpenSC [online]. [cit. 2010-05-19]. Available: <http://www.opensc-project.org/opensc> [10] Apache SSL/TLS Encryption Apache HTTP Server [online]. 2009, [cit. 2010-05-09]. Available: <http://httpd.apache.org/docs/2.0/ssl/> [11] OpenSSL: Documents, openssl(1). [online]. [cit. 2010-05-19]. Available: <http://www.openssl.org/docs/apps/openssl.html> [12] SMÉKAL, L. Útoky pomocí programu Cain & Abel. Brno: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií, 2010. XY s. Vedoucí diplomové práce Ing. Jiří Sobotka [13] BRAINARD, John, JULES, Ari, RIVEST, Ronald.Fourth Factor Authentication: Somebody You Know [online]. 2006. Dostupný z WWW: <http:// www.rsa.com />. [14] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley, 2002 36