Password alternatives

FEATURE

Password alternatives Steve Gold, freelance journalist

Steve Gold

˜Ê̅iÊ«ÀiۈœÕÃʈÃÃÕiʜvÊNetwork Security, we looked at some of the problems ̅>ÌÊVœ˜Ûi˜Ìˆœ˜>Ê«>ÃÃܜÀ`ÊÌiV…˜œœ}ÞÊv>ViÃʈ˜Ê>˜Ê/ÊܜÀ`Ê܅iÀiÊÀ>«ˆ`Ê decryption processes have become the norm. Here we will look at some alternatives to passwords. But first, it’s important to understand the structural probi“ÃÊ̅>ÌÊ̅iʘÌiÀ˜iÌÊv>ViÃÊ>˜`Ê܅Þ]ÊiÛi˜Ê܈̅Ê̅iÊLiÃÌÊ>Õ̅i˜ÌˆV>̈œ˜ÊÃÞÃÌi“ÃÊ currently in place, online ‘security’ is inherently insecure.

Structural flaw Peter Wood and his team at First Base Technologies, a penetration-testing specialist, first identified the Internet structural flaw in the spring of 2009. Wood, the firm’s chief of operations – who is also a member of the Information Systems Audit and Control Association (ISACA) conference committee – says that the flaw centres on the security flag of session cookies on popular websites and means that, as sites move users between HTTP and HTTPS (secure) IP sessions, the cookie can be intercepted by an online eavesdropper. It is, says Wood, a relatively easy task for hackers and man-in-the-middle attackers to use the session cookie and so masquerade as the original Internet user in parallel (piggybacking) with the legitimate online session. Many sites, he adds, do not set the secure text flag on their site’s session cookie, so allowing hackers to gain access to an online session. The problem is compounded because HTTP sessions have far less data and IT

resource overheads than HTTPS sessions, meaning that major websites often only use HTTPS when requiring users to enter personal data, such as credit card details, on specific pages. And if hackers use the cookie to take over an Internet session – on a wireless or cellular connection, or even in an Internet cafe – they can then intercept this personal data. Under certain circumstances, says Wood, it is even possible for a hacker to seize control of a supposed secure – and authenticated – IP session just as the user has entered payment card data and other personal information. What makes matters worse is the fact that, if a site were to use the HTTPS protocol for an entire web session – the only way, says Wood, of preventing a hacker exploiting this flaw – then the data overheads of the site would soar. “This isn’t a software or an Internet browser problem,” he says. “It can’t easily be solved unless website operators invest in the required IT resources and bandwidth to support HTTPS sessions for the entire length of the user access session.” Because of these issues, it can be seen that two-factor authentication – such as the popular SecurID system and its variants – that are favoured by a growing number of banks, can be compromised by a hacker operating a ‘piggyback’ online session.

One-time PINs Peter Wood, First Base Technologies.

16

Network Security

The only solution to the problem of piggyback hacking – using credentials extracted by the ‘man-in-the-middle’

attack vector – is to use one-time PINs for each online transaction. Known as Transaction Authentication Numbers (TANs), it’s worth noting that, while a number of Austrian and German banks are using them for e-banking, the system has yet to catch on elsewhere in Europe or in North America. However, as we shall see later on in this feature, Visa and MasterCard are piloting on-card numeric TAN generation systems. The only good news about piggyback session hacking is that the hacker session – which runs in parallel with an e-banking user’s online session – must operate in real time. Most cybercriminals, perhaps fortunately for e-banking users, do not, since they prefer to collate the data for later use or to sell.

The GrIDsure alternative GrIDsure, a UK-based technology company, has developed a pictorial alternative to numeric passwords that it claims gives a level of security that far exceeds that of traditional four-digit PINs such as those seen on payment cards. According to a research paper by Professor Richard Weber of the Department of Mathematics at the University of Cambridge, the main advantage of the GrIDsure system is that the user enters a different PIN on the keypad every time he or she makes a transaction.1 The system is implemented by displaying to a customer a 5x5 rectangular grid, each cell of which is filled with a numeric digit of 0 to 9. The customer has memorised an ordered sequence of four cell positions within the grid – known as the user’s Personal Identification Pattern (PIP). By seeing which numbers fall within the four cells of this pattern, the user obtains a four-digit PIN.

September 2010

FEATURE Weber says there are 390,625 possible PIPs that a user might choose in a 5x5 grid. This is the number of ways of choosing four cells in the grid when repeated use of individual cells is allowed. If repeated use of cells is not allowed, there are still 303,600 possible PIPs. In contrast, with traditional PIN systems there are just 10,000 possible four-digit permutations.

“The most logical method by which a criminal could crack the GrIDsure system is to view a complete transaction – perhaps through the use of a pinhole camera” Put simply, this means that, if a thief were to obtain a user’s card and attempt to complete a transaction by using a random PIP, the fraudster’s probability of success is about 0.0002 – but only if the thief is very clever and chooses to guess a PIN that uses only those digits that appear most frequently in the grid – otherwise the probability reduces to 0.0001. According to Weber, the most logical method by which a criminal could crack the GrIDsure system is to view a complete transaction – perhaps through the use of a pinhole camera – and then use the information to reverse engineer the customer’s PIP.

Getting the PIP Consider, says Weber, a 5×5 grid in which five digits appear twice and five digits appear three times. If repeated use of cells is allowed, then the worst case occurs when the customer’s PIN is something like 1111, where 1 is a digit that appears only twice in the grid. There are 2^4 = 16 PIPs that can produce this PIN. The best case, he adds, is when the PIN turns out to be something like 5678, where this is made of digits that appear three times in the grid. The number of PIPs that could give this PIN is now 3^4 = 81. The number of possible PINs is 10,000 and the number of PIPs that match a PIN, on average, is 390625/10000 = 39.0625.

September 2010

However, says Weber, PINs that occur with more copies are more likely to be chosen by a random PIP. There are 20 different ‘templates’ in total. Suppose, he explained, the digits 0-4 appear twice in the grid and 5-9 appear three times. The templates are: {0011, 0015, 0055, 0056, 0555, 0556, 0567, 5678, 5566, 5567, 5556, 0012, 0123, 0125, 0155, 0156, 0000, 0001, 0005, 5555} each of which is associated with x = {60, 1200, 150, 600, 100, 1200, 1200, 120, 60, 360, 80, 360, 120, 1200, 600, 2400, 4, 80, 100, 4} PINs respectively, with each PIN occurring y = {16, 24, 36, 36, 54, 54, 54, 81, 81, 81, 81, 16, 16, 24, 36, 36, 16, 16, 24, 81} times respectively in the grid. For example, there are 60 PINs with templates like 0011, 1010, 1221, etc (ie, ones that use twice two numbers that appear twice in the grid). Each of these occurs in the grid 16 times. Thus the number of PINs matching the PIN associated with one of the 390,625 randomly chosen PIPs is:

If repeated use of cells is not allowed then the worst case is when the PIN is something like 1122, where 1 and 2 are digits that appear only twice. There are 2×2 = 4 possible PIPs in the grid that could produce this PIN. The best case is where the PIN turns out to be something like 5678, where this is made of digits that appear three times in the grid. The number of PIPs that could give this PIN is also 3^4 = 81. The number of possible PINs is 9810 (since not all PINs are possible) and the number of PIPs that match a PIN, on average is 303600/9810 = 30.948. Now, says Weber, there are 16 different templates – 0011, 0015, 0055, 0056, 0555, 0556, 0567, 5678, 5566, 5567, 5556, 0012, 0123, 0125, 0155, 0156 – each of which is associated with x = {60, 1200, 150, 600, 100, 1200, 1200, 120, 60, 360, 80, 360, 120, 1200, 600, 2400} PINs respectively, each PIN occurring y = {4, 12, 12, 18, 12, 36, 54,

81, 36, 54, 18, 8, 16, 24, 24, 36} times respectively in the grid. Using this methodology, the professor notes that the number of PINs matching the PIN associated with one of the 303,600 randomly chosen PIPs is:

An interesting compromise, he says, might be to use a 6×6 grid in which the numbers 1 to 9 each appear exactly four times. In the worst case, a PIN such as 1111 occurs in just 24 PIPs. By guessing a PIN such as 1234, the thief has a probability of success of 0.000181083. Yet another possibility would be to use a 10×10 grid. This grid can be viewed as four 5×5 subgrids (northwest, northeast, southwest, southeast) and these can be marked out from one another by the use of bold lines. Users then choose PIPs on four distinct cells all within the same sub-grid. This makes it easy for the users to spot their own PIPs since they only have to look at one of the 5×5 sub-grids. But the thief ’s job is substantially harder, Weber notes, since he has the additional problem of guessing which of the four sub-grids the user is using. The grid design can be balanced so that the probability that a thief can guess the correct PIN is 0.0001, and there are now about 120 PIPs that generate each PIN, which makes reverse engineering very difficult.

Mathematically proven Although GrIDsure’s technology is mathematically proven to be more secure than password authentication systems – and with suitable encryption of the data stream, secure against an online piggyback hacker session identified by Wood and his team – the technology has yet to be adopted by mainstream banks in the UK and US. That may change in the near future, as GrIDsure has just signed a high-profile deal with a French bank. The UK firm will supply its pictorial authentication technology for use by the 3,000-odd members of the Fédération Nationale

Network Security

17

FEATURE

Stephen Howes, GrIDsure.

du Crédit Agricole (FNCA) as a means of securely identifying them online and when using remote access. Stephen Howes, GrIDsure’s CEO, says that the firm’s technology is ideal for distributed organisations such as the FNCA where large numbers of users need secure, yet convenient access, from a variety of locations and devices. “We are delighted that the first word-ofmouth feedback from the FNCA has been very positive: the authentication process is extremely simple, and it takes users very little time to understand the concept and learn the procedure in a fun way,” he says.

On-card passcode platforms Another interesting development in the payment card authentication stakes is that Visa and MasterCard have developed an enhanced card manufacturing technology to build a simple keypad plus LCD screen into the back of their payment cards. MasterCard says that two European financial institutions are commercially piloting the technology, in which customers will be issued a smartcard with integrated keypads plus displays to authenticate themselves and provide them with secure access to their accounts. The firms – the Newcastle Building Society in the UK and BNP Paribas subsidiary TEB in Turkey – are using enhanced smartcards manufactured by NagraID Security of Switzerland. TEB launched its Maestro Display Payment Cards in July 2010, with the Newcastle Building Society expected to follow suit soon. 18

Network Security

The cards look and feel like a normal credit or debit card but have a small display and an optional keypad that enables cardholders to use the same card for standard banking payment functions and to generate second-factor, one-time passwords to provide strong authentication. According to NagraID CEO Cyril Lalo, volume distribution by MasterCard – planned for 2011/2012 – will reduce the price of the cards and help accelerate the move to secure cashless online financial transactions. Visa is following MasterCard down the second-factor TAN path with a similar technology – CodeSure – that will be used for both e-banking and online purchases. Visa says that users can also offer the password generated by the card when calling customer services for telephone banking, rather than having to go through the current series of questions and answers, such as date of birth, postcode and address. Visa has developed the card with Emue Technologies and claims to have conducted small-scale trials in the UK, Italy, Israel, Turkey, Switzerland and Germany. According to Sandra Alzetta, Visa Europe’s head of innovation, CodeSure is a highly convenient way to bring a similar level of security to payments online, as seen in conventional retail. “The solution goes beyond just online and remote shopping, it also allows organisations to use the card in place of other online login systems to access,” she says.

will, then it becomes possible to securely authenticate each online action, whether it’s making a purchase or managing your finances. However, there remains the problem of online eavesdropping and, with parallel processing rapidly becoming the norm, conventional encryption technology clearly has a finite lifespan. Just as Russia’s Elcomsoft has changed the password cracking – or, if you prefer, retrieval – process with its hardware decryption acceleration software, so Intel has taken an opposite path and developed a hardware encryption accelerator.2 Still at the prototype stage, the integrated chipset can encrypt or decrypt data content using 128-, 192- and 256-bit Advanced Encryption Standard (AES) algorithms at a speed of 2.4Gbps in the real world. This speed is even sufficient to cope with multiplexed satellite TV transmissions and, thanks to the 45nm high-K/ Metal-gate CMOS technology, can run at room temperatures. Intel has high hopes for its as-yet unnamed crypto technology, but the game plan includes the idea of incorporating the chip on PC motherboards for on-system encryption as a native facility.

Future encryption technologies

Other man-in-the-middle defeating technologies are also coming down the turnpike. In July of this year, Dell’s KACE security operation took the wraps off a free virtualised edition of the Mozilla Firefox browser designed to run on almost any PC, with a similarly secure version of Internet Explorer promised for later this year.3 The secure browser is a customised version of Firefox 3.6 with integral plug-ins for Adobe Flash and Reader, and with a ‘virtual container’ designed to create the virtual environment that buffers the browser code from the host PC’s memory. According to Dell KACE’s president, Rob Meinhardt, the secure browser

Assuming that one-time TANs – using on-card technologies – take off, as Visa and MasterCard clearly are hoping they

Visa CodeSure card with built-in keypad and display.

“Eventually, it will be possible to authenticate yourself to a device, locally or remotely, on a one-time TAN basis, using the highest possible levels of encryption”

September 2010

FEATURE creates a memory-isolated instance of Firefox and, when the browser is closed, all traces of it are erased from the computer’s memory. With technologies like this, passwords are likely to have a finite life. Eventually it will be possible to authenticate yourself to a device, locally or remotely, on a one-time TAN basis, using the highest possible levels of encryption.

About the author

References

Steve Gold has been a business journalist and technology writer for 26 years. A qualified accountant and former auditor, he has specialised in IT s ecurity, business matters, the Internet and communications for most of that time. He is technical editor of Infosecurity and lectures regularly on criminal psychology and cybercrime.

1. Weber, Richard. ‘The Statistical Security of GrIDsure’. University of Cambridge, June 2006. . 2. ElcomSoft. 2010. . 3. Dell KACE secure browser. .

...Continued from page 2

available to anyone. It has become one of the world’s largest botnets – within four months of initial testing Damballa saw a peak of 25,000 machines attempting to resolve the IP address of the botnet’s C&C servers. The majority of the infected machines that comprise the botnet are in China, but it also includes machines around the world, including a number of major corporate networks. “The commercial nature of this botnet and the rapid growth and ultimate size are what make this discovery interesting,” said Gunter Ollmann, vice president of research for Damballa. “The public website hosting the DDoS service offering, with various ‘plans’ and attack options, speaks to the ease with which anyone can leverage criminal infrastructure. The malware used is simplistic, yet it was successful in spreading rapidly. And while it appears to be primarily a DDoS delivery platform, the size of the botnet reached impressive proportions, certainly large enough to wreak major havoc on any victim organisation should it be pointed in the right direction.” Damballa has published an analysis here: . Meanwhile, the Mexico-based Mehika botnet is the latest to use Twitter as its C&C channel, a technique first detected in summer 2009 but still

pretty rare. Using this method means that the botnet operators don’t need to establish a dedicated C&C server that could be taken down or require the use of sophisticated protection techniques. The control messages themselves are difficult to spot in the high volumes of traffic on Twitter. Mehika went silent the same day it was spotted. It is one of four botnets analysed in a new report by Trend Micro – ‘Discerning Relationships: The Mexican Botnet Connection’ (PDF):

February 2010, Microsoft had obtained a court order allowing VeriSign, as the registry for the domains, to deactivate 277 domains (one was subsequently claimed by a legitimate owner whose site had been compromised). This effectively shut down the botnet, which has since failed to reappear. This means Microsoft’s legal approach has proved to be one of the most successful takedowns to date and may be a model for future action. In spite of these setbacks, the malware and botnet industries seem to be doing good business. EMC’s RSA security division has issued its latest fraud report – ‘Prices of Goods and Services offered in the Cybercriminal Underground’ – which puts price tags on various elements of this underground activity. Bulletproof hosting, it says, can be had for $87-179 a month. The SpyEye trojan kit will cost you $1,000 and the Zeus trojan kit three times that. The report is here (PDF): There are new botnets on the scene, too. Security specialist Damballa recently unearthed the IMDDOS botnet, based in China, which is offering Distributed Denial of Service (DDoS) attacks as a pay-for-delivery service

September 2010

Corporate attacks focus on web

M

ore than 80% of attacks against corporate networks target web systems, claims a new report by HP TippingPoint’s Digital Vaccine Labs (DVLabs). And the number of attacks is rising rapidly.

The ‘Cyber Security Risks Report’ covers the first half of 2010 and, says DVLabs, is based on real security event data. Attacks on web servers, using SQL injection, PHP File Include or other techniques, have doubled in the past six months, says the report. Those using browser-based flaws, such as QuickTime and Flash vulnerabilities, have tripled and now constitute the main entry point for hackers into corporate networks. Continued on page 20...

Network Security

19