Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- glenn everhart
April 8, 2006, 5:51 am
rate this thread
given all the attention problems of authenticating folks remotely
have been getting.
Let us suppose to introduce the ideas that we have some token we give
folks such that it displays a number sequence (that may vary with time
or with uses, in the latter case being tracked) and such that an
authenticating agency can tell what it will display. Let us suppose
further that (seeing we don't want to be total fools) each such token
has an identifying number visible to users, but generates a different
number sequence from any other token. (This can be done easily by just
having an internal counter encrypted with a key, and using a different
key for every device. The authenticating agency needs to know the keys
but nobody else does.)
This is pretty common stuff. After all, SecureID has been around for
years, and ciphers - of - the - day have been around for centuries.
However it can be used for more than has been common.
If we want an authenticating agency to prove its identity to the token
holder, how about having the token holder report half the display and
have the agency then tell the holder the other half?
To prove that a known person is present, and not just that the token is
present, it has been customary to have the person transmit a PIN and
ALSO the display value. For people who like to type a lot this is ok,
but lots of systems only have room to send back 3 or 4 digits, and if a
PIN is entered in plaintext, webcams, keyloggers, or other agents can
then capture the PIN.
There's a better way.
Let's suppose your display looks like this (forgive ASCII art):
| 7 | 5 | 2 | 9 | 1 | 0 | 3 |
a b c d e f g
01 23 45 67 89
where the part in the boxes is the number. (I have drawn it with no
repeated digits for clarity.)
Now we can ask the person, ahead of time, to pick 3 positions of the
display (he can use 3 letters to remember if he likes). This is like
getting into your car door these days, but simpler. (Car doors often ask
for 5 numbers.)
Suppose the person's pattern is "feb". (Can be anything, but some will
choose to spell things. It'd be OK to print the whole alphabet, a few
letters to a digit, if we wanted a larger selection.)
Now to identify himself and his token, a person would get the token to
generate a number, then pick out the digits at the positions he
selected. In the above example that would be digits 0 1 5.
Note that because the display changes every time, the chosen digits
change every time, yet they authenticate the user and the token together
at a stroke, and are hard to capture because the token is not connected
to anything, and mostly won't be in range of a webcam or other spy
gadget. Notice too that giving this information is a conscious act, not
something a chip can be fooled into doing.
Finally, where a transaction is used, and it is desired to get a
person's OK to spend, say, $539 on something, he could be asked to
please pick the positions above the little digits corresponding to 539
on his display. In the picture above, that would be the "45", the "23",
and the "89" positions, and if the display read as shown the customer
could key in "251" to give his OK. (This would be most important for
large purchases and in internet type settings.)
Now this would give better authentication than we now get, without
changing payment networks. (Credit/debit card authentication codes are 3
digits long, for example. I'd rather use something like this than a
fixed PIN where a PIN was needed, too.)
However there's a cheaper way to use these same schemes. Instead of
sending out tokens (which would be considered "unproven"), if you are an
authenticating agency you can send out "bingo cards". These would be
printed with each one different and having again some serial number.
Suppose I try again to draw a crude one. There are more variants here,
since at each intersection can be long or short numbers. For
illustration let me presume that at each intersection there is another 7
digit number like the putative token display above. So the card might
a b c d e f g
1 3265891 5276903 4437921 0513277 7902168 3180245 7421056
2 6387009 8711244 5037837 9091234 1234567 0987654 7634216
... and so on.
A real card would have a lot of these printed.
Now when the authenticator wants to prove to you who he is, you send the
coordinates (row and column) and he can tell you the number there.
For you to authenticate yourself you can again pick a pattern to select
out of any display, and the authenticator can give you the coordinates
to use. You then pick out your pattern of 3 or 4 positions and report
the digits there, using the number on the bingo card. (If your pattern
were as above, the 6th, 5th, and 2nd digits, and you had to report using
the number on your card at d2 above (which is 9091234 above), you'd pick
3 2 0 and report "320".)
It is possible of course to scratch off a number and just use that,
reporting your pattern, if it is hard to transmit a coordinate to use.
The authenticator would be able to track what you used. This kind of
thing is most useful for network authentication though where some added
communication is easy.
If you were asked to approve an amount string or the like with a bingo
card, I would suspect it easiest if you got prompted first with a
picture of what digit positions to pick out and with a coordinate. You
would be able to see the digit pattern if you wanted to check that it
was reasonable but someone who did not have your card, and had not
authenticated himself with your pattern moments before, would not get
that far with the transaction.
Variants of using the number could be used to check payee names if the
need should arise.
The beauty of schemes like this, while they are a little more effort
than some, is they need only simple devices and rely on the fact that
the devices are not connected to any tappable things, and that people
are pretty good at remembering simple patterns. This would after all be
much easier than getting into your car, and would be used often enough
not to be a problem to recall. (If you have several of them, and use the
same position pattern for all of them, it's no big deal: the random
display kinda/sorta encrypts the transmission for you so it is really
hard to intercept.)
If people start stealing inputs because some sites don't authenticate to
the user or omit the "amount check", it will still be tough to fake a
site that does the above stuff. (Obviously the initial pattern needs to
be transmitted separately from the bingo card or token.)
An authentication scheme that people will use ought to be voluntary and
conscious like this, moreover. Fingerprints can be stolen in 10 seconds
with tape, and in general biometrics must be kept un-stolen for ~100
years...a long time once every 7-11 clerk can get to them. RFID might be
read without your knowledge (much less consent). This is a little more
like the old signet rings barons and kings used to use...you know you
are using it, and for what. Also it is possible to have several of them
pretty easily if you must, each authenticating your relationship to one
authenticator. In effect multiple such authenticators could act like a
"web of trust" where you show "I am a customer of x bank, y bank, z
company, and a member of r and s clubs" if you need to use more than
one, and that might very well be plenty to convince merchant W to grant
Glenn C. Everhart
- » HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access
- — Previous thread in » General Computer Security