RSA SecurID

1
RSA SecurID Authentication

• Ellen Stuart
• CS265 Cryptography and Computer Security
• Fall 2004

2
Agenda

• Introduction
• Components
• Tokens
• Server
• Algorithm
• Weaknesses
• Comparison
• Conclusion

3
Introduction

• RSA SecurID Authentication
• History of the RSA and SecurID
• Two Factor Authentication
• Customer List
• NSA
• CIA
• White House

4
Components of the SecurID System

• Tokens
• Authentication Server
• Algorithm

5
Components of the SecurID System

• Tokens
• Issued to users
• Each token had a unique 64 bit seed value
• Something the user has

Hardware Token User required to login in with
PIN and displayed pass code
PINPAD User required to use PIN to access pass
code

• Software Token
• Does not require separate Device
• User required to use PIN to access pass code

Key Fob User required to login in with PIN and
displayed pass code
6
Components of the SecurID System

• Authentication Server
• Maintains database of user assigned tokens
• Generates pass code following the same algorithm
  as the token
• Seed similar to symmetric key

7
SecurID Login
Users issued tokens
RSA Authentication Server
Internet
8
Components of the SecurID System

• Algorithm
• Brainards Hashing Algorithm
• AES Hashing Algorithm

9
Components of the SecurID System

• Brainards Hashing Algorithm
• Secret key unique seed value
• Time 32 bit count of minutes since January 1,
  1986

10
Components of the SecurID System

• ASHF description of Brainards Hashing Algorithm
• Each round -gt 64 sub-rounds

11
Weaknesses of the SecurID System

• Violation of Kerckhoffs Principle
• Publication of the alleged hash algorithm
• Key Recovery Attack (Biryukov, 2003 Contini,
  2003)
• AES Implementation
• Human Factors

12
Comparison to Password Systems

• Password systems are built-in, no additional
  implementation cost?
• Administration Costs
• Security Costs
• SecurID
• No need to regularly change passwords
• No changes as long as tokens uncompromised (and
  hash function)

13
Conclusion

• Former implementation of SecurID supports
  Kerckhoffs principle
• RSA phasing out versions with Brainards Hash
  Function

14
References

• Mudge, Kingpin, Initial Cryptanalysis of the RSA
  SecurID Algorithm, January 2001
• www.atstake.com/research/reports/acrobat/initialse
  curidanalysis.pdf
• V. McLellan Firewall Wizards RE securid AES
  tokens, http//www.insecure.org, Apr 26 2004,
  retrieved November 2004F. Muhtar, Safer means to
  use passwords, Computimes, NSTP, Feb 13th 2003,
  retrieved November 2004 from http//www.transniaga
  .com/Default.htm
• S. Contini, Y.L. Yin, Improved Cryptanalysis of
  SecurID, Cryptology ePrintArchive, Report
  2003/205, http//eprint.iacr.org/2003/205,
  October 21, 2003.
• V. McLellan, Re SecurID Token Emulator, post to
  BugTraq, http//cert.uni-
• stuttgart.de/archive/bugtraq/2001/01/msg00090.html
  
• I.C. Wiener, Sample SecurID Token Emulator with
  Token Secret Import, post to
• BugTraq, http//www.securityfocus.com/archive/1/15
  2525
• The Authentication Scorecard, White Paper, RSA
  Security, Inc, http//www.rsasecurity.com,
  retrieved November 2004.
• Protecting Against Phishing by Implementing
  Strong Two-Factor Authentication, White Paper,
  RSA Security, Inc, http//www.rsasecurity.com,
  retrieved November 2004.
• Are passwords Really Free? A closer look at the
  hidden costs of password security, White Paper,
  RSA Security, Inc, http//www.rsasecurity.com,
  retrieved November 2004.
• RSA Laboritories, FAQ Version 4.1, May 2000 RSA
  Security, Inc, http//www.rsasecurity.com.
• G. Welsh Breaking the Code, Macquarie University
  News Feature, March 2004. Retrieved November
  2004, from http//www.pr.mq.edu.au/macnews.
• Biryukov, J. Lano, and B. Preneel Cryptanalysis
  of the Alleged SecurID Hash Function (extended
  version), Lecture Notes in Computer Science,
  Springer-Verlag, 2003.
• RSA security website, http//www.rsasecurity.com/c
  ompany