Building a Robust Two Factor Authentication System
Design Methodologies for building a Robust Whitepaper Two Factor Authentication System During March 2011, market Leader in Authentication product announced that an Advanced Persistent Threat (APT) attack has happened ‘specifically related to their two-factor authentication product”. This led to loss of millions of dollars to the customers & vendor. It has also resulted inCommon Design Pitfalls in replacement of authentication products in multiple governmentbuilding Two Factor organizations and enterprises. This kind of APT attack can potentiallyAuthentication Systems: compromise the following elements of an Authentication System: 1. Records of seeds used in tokens- One of the factors in 2FA 2. Relationship of those seeds to specific token serial numberssystem typically “What User 3. Relationship of seeds or token serial numbers to specific clientsKnows” is not strong enough 4. Information regarding algorithm that could expose mathematical andand becomes the Weakest cryptographic weaknessesLink in case of potential 5. Information regarding specific implementations of the algorithm thatcompromise scenario. may reveal implementation weaknesses- No Strong coupling between Even if any one of the above happens, the whole authentication mechanismthe two factors of the 2FA can be circumvented and will help attackers to compromise the wholeSystem. system.- Storing of User Sensitive Design Guidelines to provide protection against APT attacksinformation with the productvendor at central location To avoid the kind of APT attack that happened recently, the authentication systems should be designed and developed to survive any compromises that- In case of future happen to Product Vendor itself in future. Following are the designcompromise of authentication considerations to be taken into account when designing an Authenticationsystem, inability to seamlessly System.transition to alternativemethods 1. Not storing records of seeds used in tokens at central location:- High dependency onAlgorithms which is used for Product Vendors should not hold/posses the seeds information of theauthentication. tokens/hardware device it delivers (the device which is supposed to act as one of the factors of Two Factor authentication System). The best way is to avoid the storage of User Specific Seeds totally at a central location that can be potentially compromised in future. Use of challenge-response based system (where the user provides the response to the challenge based on something he knows and something he has) instead of time synchronized system may avoid the need of storing user specific sensitive information at central location.
Designing a Robust Two Factor Authentication Product - Whitepaper 2. Not storing any relationship information between seeds and token serial numbers: Storing the mapping between the seeds and serial numbers of the tokensImpact of recent APT attacks should be avoided, as it leads to easily access the sensitive information of theon Vendor’s Two Factor token (which is something the user has as part of two factor authentication).Authentication Product: The information stored about hardware should be random and should not reveal the specific sensitive details about the hardware possessed by the- Attack on Lockheed Martin— user. And moreover the information stored should be encrypted usingthe largest U.S. military strongest encryption algorithms like “AES (Advanced Encryption Standard”)contractor and “Triple DES”.- L-3 Communications hasdiscovered a breach due to 3. Using multiple algorithms for added strength:cloned tokens Using a specific algorithm with the pre-set seed values for all the clients- Many contractors including could expose the mathematical and cryptographic weakness of the systemNorthrop Grumman, has once the algorithm is exposed and the seed value database is compromised. So, instead of having one algorithm it is better to have variant of algorithmsdisabled tokens as a that solve the same purpose and different customers should be given withprecautionary method in wake different algorithms. So the vulnerabilities in one algorithm may affect onlyof APT attack that happened small set of customers and the algorithms can be replaceable immediately ason product vendor an upgrade if the customer feels that his system has been compromised. 4. Leveraging multiple initialization vectors known only to Customer: The strength of the authentication system should not only come from the algorithm or the robust implementation of the system. It should also posses the capability of taking initialization vectors for the algorithm that’s been implemented. The customers should be given the authority to initialize the system with a set of random values of their wish and should not be known even to the authentication product vendor. In this way, even if the source code exposes the implementation weakness of the system, it does not create vulnerability, as each customer poses different initialization vectors which are proprietary to them. Page 2
Designing a Robust Two Factor Authentication Product - WhitepaperConclusionBy following above design methodologies, a two factor authenticationsystem can be made more robust against the kind of APT attacks that hasbeen witnessed recently. ArrayShield’s IDAS Two-factor Challenge-responsebased authentication product is developed by following the designmethodologies as explained above; which makes it one of the most secureAuthentication Systems available in the market. ABOUT ARRAYSHIELDArray Shield Technologies is the maker of software security products in thearea of Multi-Factor Authentication. The company’s mission is to providehighly secure, cost effective and easy to use software security solutionsglobally.For more information, visit us at www.arrayshield.com Page 3