Building a Robust Two Factor Authentication System
1. Design Methodologies for building a Robust
Whitepaper
Two Factor Authentication System
During March 2011, market Leader in Authentication product announced
that an Advanced Persistent Threat (APT) attack has happened ‘specifically
related to their two-factor authentication product”. This led to loss of
millions of dollars to the customers & vendor. It has also resulted in
Common Design Pitfalls in
replacement of authentication products in multiple government
building Two Factor organizations and enterprises. This kind of APT attack can potentially
Authentication Systems: compromise the following elements of an Authentication System:
1. Records of seeds used in tokens
- One of the factors in 2FA
2. Relationship of those seeds to specific token serial numbers
system typically “What User
3. Relationship of seeds or token serial numbers to specific clients
Knows” is not strong enough
4. Information regarding algorithm that could expose mathematical and
and becomes the Weakest cryptographic weaknesses
Link in case of potential 5. Information regarding specific implementations of the algorithm that
compromise scenario. may reveal implementation weaknesses
- No Strong coupling between
Even if any one of the above happens, the whole authentication mechanism
the two factors of the 2FA
can be circumvented and will help attackers to compromise the whole
System. system.
- Storing of User Sensitive
Design Guidelines to provide protection against APT attacks
information with the product
vendor at central location To avoid the kind of APT attack that happened recently, the authentication
systems should be designed and developed to survive any compromises that
- In case of future
happen to Product Vendor itself in future. Following are the design
compromise of authentication considerations to be taken into account when designing an Authentication
system, inability to seamlessly System.
transition to alternative
methods
1. Not storing records of seeds used in tokens at central location:
- High dependency on
Algorithms which is used for Product Vendors should not hold/posses the seeds information of the
authentication. tokens/hardware device it delivers (the device which is supposed to act as
one of the factors of Two Factor authentication System). The best way is to
avoid the storage of User Specific Seeds totally at a central location that can
be potentially compromised in future. Use of challenge-response based
system (where the user provides the response to the challenge based on
something he knows and something he has) instead of time synchronized
system may avoid the need of storing user specific sensitive information at
central location.
2. Designing a Robust Two Factor Authentication Product - Whitepaper
2. Not storing any relationship information between seeds and
token serial numbers:
Storing the mapping between the seeds and serial numbers of the tokens
Impact of recent APT attacks should be avoided, as it leads to easily access the sensitive information of the
on Vendor’s Two Factor token (which is something the user has as part of two factor authentication).
Authentication Product: The information stored about hardware should be random and should not
reveal the specific sensitive details about the hardware possessed by the
- Attack on Lockheed Martin—
user. And moreover the information stored should be encrypted using
the largest U.S. military strongest encryption algorithms like “AES (Advanced Encryption Standard”)
contractor and “Triple DES”.
- L-3 Communications has
discovered a breach due to 3. Using multiple algorithms for added strength:
cloned tokens
Using a specific algorithm with the pre-set seed values for all the clients
- Many contractors including could expose the mathematical and cryptographic weakness of the system
Northrop Grumman, has once the algorithm is exposed and the seed value database is compromised.
So, instead of having one algorithm it is better to have variant of algorithms
disabled tokens as a
that solve the same purpose and different customers should be given with
precautionary method in wake
different algorithms. So the vulnerabilities in one algorithm may affect only
of APT attack that happened
small set of customers and the algorithms can be replaceable immediately as
on product vendor an upgrade if the customer feels that his system has been compromised.
4. Leveraging multiple initialization vectors known only to
Customer:
The strength of the authentication system should not only come from the
algorithm or the robust implementation of the system. It should also posses
the capability of taking initialization vectors for the algorithm that’s been
implemented. The customers should be given the authority to initialize the
system with a set of random values of their wish and should not be known
even to the authentication product vendor. In this way, even if the source
code exposes the implementation weakness of the system, it does not create
vulnerability, as each customer poses different initialization vectors which
are proprietary to them.
Page 2
3. Designing a Robust Two Factor Authentication Product - Whitepaper
Conclusion
By following above design methodologies, a two factor authentication
system can be made more robust against the kind of APT attacks that has
been witnessed recently. ArrayShield’s IDAS Two-factor Challenge-response
based authentication product is developed by following the design
methodologies as explained above; which makes it one of the most secure
Authentication Systems available in the market.
ABOUT ARRAYSHIELD
Array Shield Technologies is the maker of software security products in the
area of Multi-Factor Authentication. The company’s mission is to provide
highly secure, cost effective and easy to use software security solutions
globally.
For more information, visit us at www.arrayshield.com
Page 3