Distributed Management Systems

Dr Basil Philipsz outlines vulnerabilities in current Authentication Technologies and explains how his company, Distributed Management Systems Ltd (DMS), has developed a new innovative solution, CASQUE SNR (CASQUE) that is immune from such flaws.
There are well known issues with passwords including the re-use of User chosen favourites- then susceptible to discovery by phishing. Of course, un- memorable phrases have the habit of being forgotten, requiring the overhead of resetting and potential hacking abuse. However, the most important disadvantage is that Users can deny access – “someone has looked over my shoulder/ guessed/hacked my password and I have been innocently and unknowingly compromised”. This repudiation defence provides the biggest handicap to getting a successful prosecution for illegal access or conspiracy with accomplices.

…Other Passive Solutions
Like passwords, this category of authentication relies on a fixed seed which could be a biometric signature template or a single embedded key that is used to generate response either from a program (soft) or an external token (hard) such as RSA SecurID. Any security authentication system that relies on its keys being kept secret is compromised when a penetration attack succeeds as witnessed in the RSA SecurID debacle in 2011 or when a corrupt insider has sufficient access (Insider Attack).

There has been recent attempts to improve Biometric based security by adding “dynamic extras” -eye blinks or pulses or indeed speed of typing but these remain fixed targets so clones can be made and can continue undetected. The complications that make Biometrics unsuitable for any serious authentication application include the requirement for “in person” enrolment and the restricted capability to recover from compromise- you normally run out of Irises after 2! The fact that any biometric is really personal data by any reasonable definition, means such techniques should be subject to data protection laws.

In NIST’s 800-63-1 Electronic Authentication Guideline 2011, the use of biometrics is deprecated for remote authentication as indeed is any “knowledge based” technique such as remembering the order of recognised images presented on the login display screen.

Static “client footprint” discovery such as the GPS client location or the characteristics of the client device also appear in this category. In these cases, additional complications arise when the User is required to be mobile or needs to use another client device.
In summary, the main disadvantages in the case of Passive technologies is the impossibility of denying the repudiation defence, the inability to detect “clones” and the difficulties in overhead, time and cost to recover from compromise.

Out of Band Message Authentication

Phone calls and SMS messages are commonly used as a means to safely authenticate out-of-band. However, cybercriminals have found ways of compromising these security controls. Malware attacks can change the Out-of-Band phone numbers or intercept and redirect SMS messages on the phone itself –see Trusteer web site (http://www.trusteer.com/resources/white-papers) for details.

The capability of Man-in-the-Browser malware (MitB) has allowed fraudulent financial transactions even if one time token generated password authentication or mobile out of band authentication has been used.

The main mobile operating systems- Android, IOS and Windows Phone, have been able to be infected by malware and the cheap availability of exploit kits such as Blackhole are primed, waiting for fraudsters to take advantage of new found zero-day mobile vulnerabilities. There is an infrastructure already established to help fraudsters and includes compromised servers and computers ready to receive User credentials and funds supported by a variety of means to infect smart phones by convincing social engineering dodges. It is of course plain silly to use a smartphone for the transaction and another mobile for the out of band message when both could be compromised.

Note also that mobile numbers are generally not secret so the capability for a successful phishing attack is always available.

The Universe of Attached Devices
There is a plethora of solutions that require direct attachment to the client computer usually via a USB. The actual authentication method maybe the generation of a password  as mentioned above or utilisation of stored private key via a PKI method usually via a smartcard. PKI solutions demand the maintenance of trusted authority chains, have cumbersome revocation procedures and since they conduct their transactions “under the bonnet” with the User is not involved, they are prime candidates for Phishing attacks.

Several Solutions use third party libraries especially for cryptographic routines. These need upgrading , may have licencing issues and of course inherit any weakness that exists in the underlying routine; in the case of PKCS#11, several attached devices have been shown to be compromisable –see the Tookan project.

The main issue with these types of solution is the weakness introduced by the requirement of USB attachment as an entry point of malware. There is no point employing a thin client or virtual workstation architecture and then weakening the overall integrity by requiring a local USB connection.

DMS has developed CASQUE SNR that provides mutual, multi-factor authentication:

Mutual – the User can authenticate the Host so deny phishing and the Host can authenticate the User; Multi-factor – you need your login credentials plus the CASQUE hand held Token to respond to a secondary challenge.

It is a new, disruptive technology that uses symmetric keys but has comprehensive key distribution and management capabilities and, after an extensive prior-art search, a patent was filed in March 2012 declaring the core innovation.

DMS hasn’t been working alone- CESG, the UK Government’s Information Assurance Authority has helped with the design and certification under the CAPS scheme. CASQUE SNR has no dependence on third party IP and does not use software libraries so full source code can be in escrow.

The Host delivers a unique challenge via a Browser screen and the Token’s optical sensors read the challenge independent of platform so Users can use Smartphones, Tablets, Workstations including locked-down thin clients. There is no physical attachment. The response to the challenge is then displayed on the Token’s screen for the User to enter.

When the CASQUE Token is switched on it displays its Token Identity on the Token’s own screen. In order to use the CASQUE Token, the User simply holds it onto the mobile screen to roughly align with the three flashing blocks that communicate the message to the Token’s internal microprocessors. After about 2 seconds the response is displayed on the Token’s own screen.

CASQUE’s original, proprietary Challenge/Response protocol allows Tokens’ Keys to be changed dynamically, preventing Token clones. Moreover, there is no single location that contains all the keys, so the system automatically recovers from Insider attack, e.g., when a privileged user can access the Authentication Server or the Key Population system.

In particular, the Token does not contain all the keys necessary to decrypt so it does not need to be handled as a cryptographic item. Tokens, when first populated, get a “virtual identity”; this is re-settable allowing Tokens to be recycled as fresh ones-ideal for use in a managed service setting.

The formal security target assumes attackers have complete knowledge of how CASQUE SNR works and have unlimited resources (e.g. a country). In this case, sophisticated attacks are expected and include replay of a recorded CASQUE message and its response in order to gain access (not possible because every message is guarantee d to be unique); replay of recorded message to place the Token in an indeterminate state (not possible because Token keeps increasing generation number so denying earlier messages from been acted on); invented messages designed to render the Token into an indeterminate or failed state (not possible because decryption reveals invalid commands so are not acted on).
The Token contains an EAL5+ rated secure chip that alerts its operating system when it detects irregular activities, for example abnormal voltage, frequency or temperature or has detected an invasive procedure, moreover, on catastrophic events the Token self-destructs. The Token’s program cannot be changed so denying malware infection.
CASQUE SNR’s can provide secondary authentication with “out-of-the-box” integration with Gateways such as Juniper SA and Microsoft Forefront or can augments logins to Linux PAM.

In addition, DMS have also developed a public API to enable Web Hosts to use the CASQUE Server’s Authentication Services. This API also enables the use of CASQUE‘s ability to send secure messages to be displayed on the Token’s screen as individual16 Text characters or 32 Hex.

It is this message facility that enables anti-phishing host authentication by allowing the User to have their ad-hoc phrase echoed onto the Token’s screen. This message capability can also be used to help decrypt a post transaction summary file so preventing a MitB hijack from escaping detection.

CASQUE Authentication Server can run on a dedicated Linux or Windows Server and even on the most modest hardware will easily process over 10,000 concurrent logins without degradation. The CASQUE Authentication Server has a real time backup capability to a securely connected remote server with an easy recovery procedure.