Page 1 of 2

Hardware Authentication

Posted: Tue Apr 07, 2009 4:06 am
by swekey
Hi,

We are a startup that just developed a revolutionary authentication USB key that can be used in any PHP site to secure the login/password authentication.

The swekey is the very first low cost authentication solution that is highly secure and user friendly.

It has already been integrated in the most famous PHP open source projects: Drupal, Joomla, PhpMyAdmin, phpBB, SMF, CopperMine, Magento, SugarCRM...

We are very interested about the PHP community feedback, and we are looking for independent reviewers.

If you are interested in writing a swekey review, just contact us at support@swekey.com we will send a free sample for evaluation.
If you need more information fill free to browse our web sites http://www.swekey.com http://developer.swekey.com and don't hesitate to ask me directly if you have any question.

Thanks,

Luc

Re: Hardware Authentication

Posted: Tue Apr 07, 2009 6:04 am
by kaisellgren
I would love to try that out. I sent you a PM.

Re: Hardware Authentication

Posted: Tue Apr 07, 2009 3:32 pm
by Hannes2k
Hi,
if I got it right, I see there a big security issue:

The user opens the login page, a JavaScript calls the API of Swekey and gets the id of the Swekey. After (or before) that, my server gets a random token from your authentication server and send this to Swekey. The Swekey responde with a One Time Password (OTP) based on id and the random token. The JavaScripts send the Id, Random Token and the OTP back to my server, the server verifies these data by calling your authentication server (and this response OK or ERROR).

Is this right?


The problem is, a proxy attack is very simple:
Lets say Ebay uses Swekey for authentication of their users. Now I upload evilSite.com and the user visit my site. My server calls Ebay to get the random token and send this to Swekey to get the OTP for this random token. After that I can call Ebay and authenticate me with the ID of the users Swekey, the random token and the OTP I got from the users Swekey. Now, the shopping can start :)



To perform a secure authentication with JavaScript and hardware is a bit more complicated than it looks in the first moment. The OTP have to base on the name (or something else) of the website and an authentication of the website is necessary. To do so, the website can for example send also a public key. The Swekey calculates than the OTP based on the token and on the public key, encrypts this with the public key.
Because only the person who have the private key can decrypt the result. And because evilSite.com do not have the private key of Ebay, I'm not able to get a valid OTP from the users Swekey.



A word of advice:
If you have to use another authentication server to verify an OTP, no webmaster will use your system, because it is to dangerous. What if the server goes down, someone hacks you server or a malicious webmaster uses his power or someone gets to know how to create a OTP with given token and SweKey Id...
I do not see any profite (for a webmaster) to use another authentication server. The whole authentication can run on my own server, there are just some simple operations are necessary.
The Swekey e.g. can sign the random token plus the public key of the website, encipher the result with the public key of the website and send this back.
My server just needs a CSPRNG for the random token, RSA decryption to decrypt the OTP and verifying a digital signature.

Re: Hardware Authentication

Posted: Tue Apr 07, 2009 4:20 pm
by kaisellgren
I agree with Hannes2k. You should tie the whole thing more on the specific server. This cannot be generalized.
Hannes2k wrote:My server just needs a CSPRNG
A hardware RNG that implements timing radioactive decay events? :P

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 4:01 am
by swekey
Hannes2k wrote:Hi,
if I got it right, I see there a big security issue:

The user opens the login page, a JavaScript calls the API of Swekey and gets the id of the Swekey. After (or before) that, my server gets a random token from your authentication server and send this to Swekey. The Swekey responde with a One Time Password (OTP) based on id and the random token. The JavaScripts send the Id, Random Token and the OTP back to my server, the server verifies these data by calling your authentication server (and this response OK or ERROR).

Is this right?
Yes
Hannes2k wrote:The problem is, a proxy attack is very simple:
Lets say Ebay uses Swekey for authentication of their users. Now I upload evilSite.com and the user visit my site. My server calls Ebay to get the random token and send this to Swekey to get the OTP for this random token. After that I can call Ebay and authenticate me with the ID of the users Swekey, the random token and the OTP I got from the users Swekey. Now, the shopping can start :)
No because the web site host name (http://www.ebay.com) is also used to calculate the OTP (https feature only).

Hannes2k wrote:To perform a secure authentication with JavaScript and hardware is a bit more complicated than it looks in the first moment. The OTP have to base on the name (or something else) of the website and an authentication of the website is necessary. To do so, the website can for example send also a public key. The Swekey calculates than the OTP based on the token and on the public key, encrypts this with the public key.
Because only the person who have the private key can decrypt the result. And because evilSite.com do not have the private key of Ebay, I'm not able to get a valid OTP from the users Swekey.
If you choose do to that, this swekey will be usable only with ebay and we wanted the same swekey to be usable with ANY web site.
Hannes2k wrote:A word of advice:
If you have to use another authentication server to verify an OTP, no webmaster will use your system, because it is to dangerous. What if the server goes down, someone hacks you server or a malicious webmaster uses his power or someone gets to know how to create a OTP with given token and SweKey Id...
Our public authentication servers are located in different places worldwide.
If the server is down you can choose to allow user access without OTP verification.
If you are afraid of failure we can provide dedicated servers.
Hannes2k wrote:I do not see any profite (for a webmaster) to use another authentication server.
No need to setup or manage another server.
No need to take care of the server's security.
No need to flash the swekey with the server's key.
But once again we chose to make the swekey usable in ANY site...
Hannes2k wrote:The whole authentication can run on my own server, there are just some simple operations are necessary.
The Swekey e.g. can sign the random token plus the public key of the website, encipher the result with the public key of the website and send this back.
My server just needs a CSPRNG for the random token, RSA decryption to decrypt the OTP and verifying a digital signature.
For corporates, we can also ship a 'Private' authentication server and an application the let you flash the swekey.
The swekey will remain compatible with other site (It can generates 'Public OTPs' AND 'Private OTPs').
But of course the swekey can be used by only by one 'Private' server.

Thanks for your feedback,

Luc

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 7:07 am
by kaisellgren
I would like to analyze your random function. Could you provide me a sample of 5-10 MB in size generated by this random function of yours?

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 7:35 am
by swekey
kaisellgren wrote:I would like to analyze your random function. Could you provide me a sample of 5-10 MB in size generated by this random function of yours?
Do it yourself, access to our authentication servers is free :)

http://auth-rnd-gen.musbe.net/FULL-RND-TOKEN

but usually the web sites calls:

http://auth-rnd-gen.musbe.net/HALF-RND-TOKEN

Add fill the remaining zeros with its own generated random numbers... (see http://developer.swekey.com/index.php?s ... Y-002.html)

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 7:37 am
by kaisellgren
Is this PRNG, TRNG or TPRNG?

I'll reply back with my results.

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 7:53 am
by swekey
kaisellgren wrote:Is this PRNG, TRNG or TPRNG?

I'll reply back with my results.
Quite basic PRNG

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 8:57 am
by Hannes2k
Hi,
No because the web site host name (http://www.ebay.com) is also used to calculate the OTP (https feature only).
Okay the users Swekey uses also the web site host name. But how do you make sure that I cannot forge this with JavaScript? E.g. tell on evilSite.com that this site is ebay.com?
To perform a secure authentication with JavaScript and hardware is a bit more complicated than it looks in the first moment. The OTP have to base on the name (or something else) of the website and an authentication of the website is necessary. To do so, the website can for example send also a public key. The Swekey calculates than the OTP based on the token and on the public key, encrypts this with the public key.
Because only the person who have the private key can decrypt the result. And because evilSite.com do not have the private key of Ebay, I'm not able to get a valid OTP from the users Swekey.
If you choose do to that, this swekey will be usable only with ebay and we wanted the same swekey to be usable with ANY web site.
No you can use this with any site:

Swekey ID: Public Key of the Swekey
To authenticate a user I (the server) send to Swekey my public key and a random token. The Swekey signs the public key and the random token with his private key, encrypt this with the public key the Swekey got from the site.
I then decrypts the response and verifies the signature. If the signature is valid, the user can pass the login site.

This is not site specific, so everyone can use this methode to authenticate the user. But, because the Swekey signs the random token plus the public key of the server and encrypts everything with this public key, no can can get valid OTP for another site.

No need to setup or manage another server.
Setting up another server for this method is not needed. Everything can be done in PHP. For the setup just a public-private key pair have to be generated and stored.
If you are afraid of failure we can provide dedicated servers.
And what happens if your , not mine, server is manipulated? Or if there is a malicious webmaster?
This influence also the security of my website.


Can you publish the papers/docs how the OTP is generated? Is it based on a shared key with the auth. server, with public-key cryptography and digital signatures? Which algorithms are used to generate these OTP?

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 9:28 am
by swekey
Hannes2k wrote: Okay the users Swekey uses also the web site host name. But how do you make sure that I cannot forge this with JavaScript? E.g. tell on evilSite.com that this site is ebay.com?
It is not done by the Java Script :-)
No you can use this with any site:

Swekey ID: Public Key of the Swekey
To authenticate a user I (the server) send to Swekey my public key and a random token. The Swekey signs the public key and the random token with his private key, encrypt this with the public key the Swekey got from the site.
I then decrypts the response and verifies the signature. If the signature is valid, the user can pass the login site.

This is not site specific, so everyone can use this methode to authenticate the user. But, because the Swekey signs the random token plus the public key of the server and encrypts everything with this public key, no can can get valid OTP for another site.
No need to setup or manage another server.
Setting up another server for this method is not needed. Everything can be done in PHP. For the setup just a public-private key pair have to be generated and stored.
Each swekey has it own private key, we need a central place where we can verify the OTP and that is able to verify each OTP indivudaly. This is the only way to get the 'backup', 'revoked', and 'disabled' features.
If you are afraid of failure we can provide dedicated servers.
And what happens if your , not mine, server is manipulated? Or if there is a malicious webmaster?
This influence also the security of my website.
This is the core of our business. We have to make sure that nobody can manipulate our servers.
In any way, we do not create a security breach in your website. All our integrations ADD the swekey verification to the login/password check. We never REPLACE it, it would be to risky if your swekey get stolen.

Can you publish the papers/docs how the OTP is generated? Is it based on a shared key with the auth. server, with public-key cryptography and digital signatures? Which algorithms are used to generate these OTP?
We chose not to disclose the OTP algorithm(s) (which varies per swekey brand and version).
The only thing I can say is that there is less information in the OTP than the Private Key. So it is impossible to find out what the Private Key is from OTPs since a swekey can return the same OPT from 2 differents Rnadom Tokens.

Re: Hardware Authentication

Posted: Wed Apr 08, 2009 11:30 am
by Hannes2k
Hi,
This is the only way to get the 'backup', 'revoked', and 'disabled' features.
A central authentication server is for the revoked and disabled features not needed. Perform the authentication on the own server and then just check a central list if the swekey is revoked.
We never REPLACE it, it would be to risky if your swekey get stolen.
So even if I have a Swekey, I have to enter a password? Which benefits do I, a costumer, have if I have also to enter a password?

And this undermines totaly the security of Swekey: An attacker needs only the password of the user, whether or not the user uses Swekey. You say Swekey should not replace the normal authentication, so how will Swekey increase the security for the user?
If an attacker gets the password of the user, he than just uses the normal login page. He do not need to steal the Swekey of the user, because you say, Swekey is not required for authentication.

We chose not to disclose the OTP algorithm(s)
Security based on obscurity is crap and so your whole system will be crap. It means that your system is very likely insecure and maybe for an attacker it easy to calculate the OTP by his own. Else, if you think your system is secure, you can also publish the algorithms you use to generate the OTP. The security of such a system should only depend on the private key safed on the Swekey. If it possible to calculate OTPs without this private key or to get the private key by sending tokens to the Swekey, than you can forget the whole system.


I would never add this blackbox to my sites, because I do not see any benefits to do so. It looks like an expensive gadget for the users, but because a normal login is possible, the whole security is based on the password. The Swekey just decreases the security, because the user will then uses weaker passwords.


Thats my opinion about Swekey.

Re: Hardware Authentication

Posted: Wed Sep 09, 2009 10:23 am
by autotv
Hello
I found now this solution and I have couple of questions
I have a site that is developed in php and mysql. This site is hosted on a dedicated server runing gentoo.
The site has different content like, text, video, pictures, audio...etc.
I want to secure and trial users acces on my site using this solution.
Do you think it is possible?

Thank you

Re: Hardware Authentication

Posted: Mon Sep 14, 2009 9:17 am
by swekey
autotv wrote:Hello
I found now this solution and I have couple of questions
I have a site that is developed in php and mysql. This site is hosted on a dedicated server runing gentoo.
The site has different content like, text, video, pictures, audio...etc.
I want to secure and trial users acces on my site using this solution.
Do you think it is possible?

Thank you

Yes,

A php intergration kit is already available.

Re: Hardware Authentication

Posted: Mon Sep 14, 2009 9:26 am
by autotv
Could you point me an url to an manual/specs please?
I found that site and so far I understend that it's use a third party server in this proces.
I am looking for a solution to work only on my server...

thank you for your answer