Cryptography Reference
In-Depth Information
subvalues mentioned above will differ in many bits so that such 'differential
cryptanalyses' can be prevented.
And the PIN? In tokens with keypads, it is simply XORed with the hash value
computed. That's secure. As Mallory listens in on the data channel, he has no
chance to get hold of the PIN. Doubtlessly, transmitting the PIN in plaintext
ahead of the password is much more risky. But to use such a wiretapped PIN,
Mallory first has to steal the token. And if Mallory steals the token, he first has
to have listened in on the PIN. So this variant is more secure, even in plaintext.
There is another problem we haven't considered yet: how does the server learn
the password currently created on Alice's token? Clocks tend to be either fast
or slow, as we know, particularly when a token is exposed to blazing sun or
sharp frost. The solution is relatively simple: the server stores the current 'time
shift' for each token and additionally works with a time window for the token,
i.e., it also accepts passwords, for example, that would have been valid two
minutes earlier, or which should have come up three minutes later. Based on
these deviations, the server can correct the time shift, if needed. Only when the
deviation grows too large will it request the next password, which introduces
additional security. Experience has shown that this case occurs very seldom.
How Secure Are SecurID Tokens?
There are two attacks against all types of tokens: the first is the man-in-the-
middle attack — Mallory intercepts Alice's password and talks to the server
alone from that moment onwards (this includes mainly phishing attacks ). This
sort of attack is not up for discussion here, because one-time passwords can't
protect you from them either. The other attack is somewhat more subtle: Mal-
lory cannot interfere in the connection between Alice and the server, but he
monitors the first five places of the six-digit password. He then sends all ten pos-
sible last digits over ten parallel channels faster than Alice can, thus obtaining
a connection on one channel. This is only possible if Alice uses a badly config-
ured telnet program that sends each character individually. The server can make
this attack harder, for example, by permitting not more than two or three faulty
attempts before it requests the next password (it may even use an 'out time').
Things get easier for Mallory if Alice uses a token without a keypad. Mallory
listens in on the PIN at the network, and then steals the token. However, theft
is 'manual work' and is normally soon discovered. I think a scenario where
Alice forgets her token somewhere and Mallory finds it is more realistic. This
is the reason why tokens are never distributed with the vendor's corporate logo
Search WWH ::




Custom Search