-
8/8/2019 EzIdentity WebToken Threat Analysis
1/4
EzIdentity Platform Next Generation Identity Protection
Stronger Authentication
EZMCOM offers 2 nd factor authentication with an
end-usertransparent Mutual Authentication layer for
organizationsseeking to protect the confidentiality and integrity
ofsensitive data, communications and transactions. Thesolution
guards against Man-In-The-Middle, Pharming,Man-In-The-Browser,
Script-In-The-Middle attacks thatrender One-Time Password based
token solutionsvulnerable.
The Problem:In 2006, regulators drove financialinstitutions to
add security byimplementing strongauthentication to prevent
fraudand identity theft. To comply withthe aggressive deadlines
issued byregulators, virtually all financialinstitution implemented
weakforms of authentication such ascookies, pictures,
devicefingerprinting, IP Geolocation orOne-Time password (OTP)
tokens.
In the meantime Phishing attackhave been upgraded to includeMan
in the Middle (MITM), Manin the Browser (MITB), Pharming,Trojan
Proxy Phishing attacks,which defeats virtually allprotections that
have been put inplace by financial institutions toprotect against
basic Phishing.MITM attacks, which have beenwell known in the
security andhacking community for years, arenow being integrated
into easy touse kits and with the availability ofMITM Phishing
kits.
Hardware solutions typically haveissues of distribution, cost
ofdeployment & maintenance forretail deployments and
manysoftware based solutions posingcumbersome and steep
learningcurve for users to the extent ofdisrupting business, a
seriouschallenge for a commerciallyviable, mass
deployableauthentication solution exists.
Man-In-The-Middle attacks :
This is a common and predictableattack. As an industry, we need
toaccept that solutions not incorporatingstrong client and server
authenticationcannot survive the Internet. Ten yearsago, this was
evident with the adventof key SSL mechanisms. Its time toput them
to work. Eric Greenberg, Former leader of Netscapes security group,
whichoriginally created SSL
All the kit-using criminal has to do isregister a phony domain
name, thenplug that and the URL of the real Website into the
softwares administrativecontrol panel. The kit thencommunicates in
real time with thetarget IP address and uses a proxy toredirect
content from the legitimatesite to the bogus URL; thus the
userinteracts with actual content from, say,his own bank, adding to
the deception.The fake URL squats between theconsumer and the
target -- thats
where the Man in the Middle phrasecomes from -- and captures all
datafrom user to bank or bank to user.Gregg Keizer,
InformationWeekNew Phishing Toolkit Poses Danger toConsumers
Two-factor authentication is notuseless. It works for local
log-in, and itworks within some corporatenetworks. But it won't
work for remoteauthentication over the Internet. Ipredict that
banks and other financialinstitutions will spend millionsoutfitting
their users with two-factorauthentication tokens. Early adoptersof
this technology may very wellexperience a significant drop in
fraudfor a while as attackers move to easiertargets, but in the end
there will be anegligible drop in the amount of fraudand identity
theftBruce Schneier, April issue of Communications of the ACM
The Solution:A commercially viable, roaming
friendly 2-way SSL (the way SSLwas designed to be used
ratherthan only the server having a SSLcertificate) implementation
thatdoes not rely on easily interceptedshared secrets,
One-TimePasswords or easily spoofedinformation such as timezone,
IPgeolocation. A software basedsolution that that obviates
theoverall cost & complexity ofimplementing a 2-way SSLsolution
that is easy to use and nodisruption in user behavior.
EzIdentity provides an easy to useand familiar username -
password authentication interface thatbalance our usability,
security &features. Ideal for massdeployments, EzIdentity
solutionprovides compliance to regulatoryrequirements of
strongauthentication using its patentalgorithms combining concepts
of2nd factor authentication and PKIbased digital signatures.
The EzIdentity software installsinvisibly and runs on a wide
rangeof platforms, making it easy toprotect customers, employees,
andpartners from identity theft andfraud. For the first
time,organizations can transparentlyprotect their users from
identitytheft and fraud, without changinguser behavior and or
requiringexpensive hardware.
-
8/8/2019 EzIdentity WebToken Threat Analysis
2/4
Threats and how EzIdentity defeats
themTHREATSTHREATSTHREATSTHREATS
DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION HOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREATHOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREAT
Brute ForceBrute ForceBrute ForceBrute Force The attacker copies
the profilefile that contains the key to hisown workstation and
attemptsmillions of passwords, whicheventually leads to
thedisclosure of the private key.
EzIdentitys patented Mutual Authentication Payload
technologyuses a combination of a PIN and a container fingerprint
(CF) as abasis for encrypting the private key. It uses standard
encryptionalgorithms and the patented process to protect the key.
The resultof this process is that any decryption attempt, with
either of the PINor CF incorrect, will fail to extract the private
key. The CF isgenerated at run-time by the software component of
EzIdentity andhence ensures that a copy of the profile file
containing the privatekey to another workstation (i.e. container)
does not compromisethe private key even if the PIN is
brute-forced.
A six-character password will anyways have approximately
56.8billion permutations (upper case, lower case, and numbers),
andonly of those permutations will unlock the private key within
thesame workstation (container).
If the key decryption fails because an incorrect PIN or CF
wasgenerated, the invalid password counter increases by one.
Theauthentication server can block user access after a
configurablenumber of invalid attempts (the default is five)
Therefore, theattacker can attempt very few passwords before being
locked out.
Challenge/ResponseChallenge/ResponseChallenge/ResponseChallenge/Response(Mutual(Mutual(Mutual(MutualAuthenticationAuthenticationAuthenticationAuthenticationPayload)Payload)Payload)Payload)
InterceptInterceptInterceptIntercept
The attacker intercepts theencrypted and signed challengeissued
by the authenticationserver and the response from
the client. The attacker thenuses every possible private keyto
recreate the signedchallenge or the response.
The authentication challenge/response is sent over a secure
SSLchannel. Even if an attacker were able to break the
channelsecurity, this attack still fails because the standard
encryption andsignature algorithm always ensure the uniqueness of
every
challenge/response. Only the authorized authentication server
orthe rightful client (user) can decrypt challenge/response and
verifythe signature.
Chosen PlaintextChosen PlaintextChosen PlaintextChosen Plaintext
The attacker tests everypossible key against a knownpiece of text
that has beenencrypted with the public keyand can tell when he
hasdiscovered the true private keyas it would correctly decryptthe
plaintext.
The attacker will not be able to mount this attack as neither
theplain public key of the user is accessible or is it
computationallyfeasible to generate private key in brute force that
may decrypt anencrypted chunk to a chosen plain text.
FraudulentFraudulentFraudulentFraudulentAdministratorAdministratorAdministratorAdministrator
The attacker is a fraudulentadministrator who gets accessto the
user key pair credentialson the server.
A fraudulent administrator may get access to the user
credentials,but the administrator cannot use it as it is stored in
a PKCS12container protected with a password that is encrypted with
theserver public key.
The server private key is stored in a security hardware device
(HSM)and is not exportable. It is initialized in run-time by
theauthentication server itself and used only by the
authenticationserver to extract the user private key from the
PKCS12 at timewhen the client is roaming to a new workstation
(container) and isinitializing the EzIdentity client software. The
approach offers non-
EzIdentityPlatform features and benefits
-
8/8/2019 EzIdentity WebToken Threat Analysis
3/4
THREATSTHREATSTHREATSTHREATS
DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION HOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREATHOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREAT
repudiation.
ManManManMan----inininin----thethethethe----MiddleMiddleMiddleMiddle
The attacker intercepts thecredentials and data while theyare in
transit. In this case, the
attacker appears as the targetserver to the user and as theuser
to the target server.
The most insidious phishing attack is the
Man-in-the-Middle.Protection from this type of attack is unique to
EzIdentity solution.Each Challenge (Mutual Authentication Protocol:
MAP payload) fromthe server contains information about the server
that issued it. TheEzIdentity client automatically verifies the MAP
payload to confirmthat it is connected to the correct server before
generating its ownencrypted and signed response. If the server
match is not found,the EzIdentity client will abort the session and
the attacker will notbe able to complete the authentication.
PharmingPharmingPharmingPharming The attacker poisons the
DNSserver and redirects users tothe fraudulent web site.Users do
not suspect anythingbecause the redirect happenseven when the user
selects theweb site from a saved favoriteor actually types in the
correctURL.
As mentioned above, each MAP Payload issued from the
servercontains information of the server and the domain that issued
thatChallenge (MAP Server Payload). The EzIdentity client
automaticallychecks to confirm that it is connected, via SSL, to
the right domainbefore accepting the challenge (MAP Server payload)
beforeencrypting and signing the response (MAP Client payload). If
thedomains do not match, the EzIdentity client will abort the
sessionand the attacker will not be able to complete the
authentication.
PhishingPhishingPhishingPhishing The attacker
targetsunsophisticated users and foolsthem into entering
theircredentials into a fake web site.This usually occurs when
acriminal sends an emailimpersonating a customerservice
organization from alegitimate business (such as abank or payment
site) and asksrecipients to click on a URL toperform account
maintenance
or verification.The link takes them to afraudulent site, which
promptsthem for their valid credentials.
One key advantage of the EzIdentity solution is the
implicitimplementation of two-factor authentication to protect
users fromphishing attacks. Assuming phishers can convince a user
todisclose their password/PIN, they are still unable to
impersonatethe user as they dont have the second factor (a trusted
andEzIdentity initialized workstation). The phisher needs both what
theuser has (the EzIdentity profile file on a trusted workstation)
andwhat the user knows (the Password/PIN).
The initialization of the EzIdentity profile file on a
trustedworkstation is achieved by utilizing any out-of-band
authenticationto establish the identity of genuine user and the
workstation on
which EzIdentity is getting initialized.
Replay AttackReplay AttackReplay AttackReplay Attack The
attacker stores a copy of the user encrypted and signedresponse
(MAP Client payload)and replays it to the site.
The EzIdentity authentication involves a
PKI-basedchallenge/response model where the response sent to the
serverfor verification always contains a unique One-Time usable
code.The server decrypts and verifies the digital signature of
responseand accepts the particular response only if the One-Time
usablecode is verified. The uniqueness of the response defeats the
replayattacks.
KeyKeyKeyKey----LoggerLoggerLoggerLogger The attacker installs
key-logging malware that captures
every keystroke and mouseclick on the computer andperiodically
sends thatinformation over the internet tothe criminal who created
it.
EzIdentitys pointing device enabled PIN Pad thwarts
loggingmalware. The PIN-pad is a virtual keyboard that shows up on
the
screen; users enter their password by clicking with a mouse on
ascreen-based key pad. The user will not use the keyboard to
enterthe password and is hence protected completely from
keyboardloggers.
MalwareMalwareMalwareMalwareBrowserBrowserBrowserBrowserMemory
AttackMemory AttackMemory AttackMemory Attack
The attacker attempts to findthe private key in the memoryof a
system that has initializedthe EzIdentity in roaming modeon a
browser of public
EzIdentity private key is accessed only briefly in memory when
theuser provides the password and the encrypted and signed
responseis generated. EzIdentity leverages on a memory that
managedsecurely as a sandbox that has restricted file-system and
networkaccess , as well as access to browser internals.
-
8/8/2019 EzIdentity WebToken Threat Analysis
4/4
THREATSTHREATSTHREATSTHREATS
DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION HOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREATHOW EZIDENTITY DEFEATS
THE THREATHOW EZIDENTITY DEFEATS THE THREAT
Internet kiosk. Immediately after response generation, the
private key andpassword are cleared from memory; only the response
(encryptedand signed MAP Client payload) is sent back to the
authenticationserver.In public internet kiosks, EzIdentity
recommends the roaming user
to initialize EzIdentity for a single browser session. The
EzIdentityprofile file gets removed and unusable after a single
browsersession.
Comparison between EzIdentity and other authentication
technologiesMITMMITMMITMMITM PharmingPharmingPharmingPharming
PhishingPhishingPhishingPhishing Replay AttackReplay AttackReplay
AttackReplay Attack Key LoggerKey LoggerKey LoggerKey Logger
EzIdentityEzIdentityEzIdentityEzIdentity
OTP TokensOTP TokensOTP TokensOTP Tokens
Risk Based AnalysisRisk Based AnalysisRisk Based AnalysisRisk
Based Analysis
Personal AssurancePersonal AssurancePersonal AssurancePersonal
Assurance
Virtual KeyboardVirtual KeyboardVirtual KeyboardVirtual Keyboard
NA NA NA NA
Identifying QuestionsIdentifying QuestionsIdentifying
QuestionsIdentifying Questions
SMS/eSMS/eSMS/eSMS/e----mail/IVRmail/IVRmail/IVRmail/IVR
Scratch CardsScratch CardsScratch CardsScratch Cards
Comparison between EzIdentity and PKI authenticationBrute
ForceBrute ForceBrute ForceBrute Force
ScriptScriptScriptScript----InInInIn----
TheTheTheThe----Middle*Middle*Middle*Middle*MITMMITMMITMMITM
RoamingRoamingRoamingRoaming
convenienceconvenienceconvenienceconvenienceCost of Cost of Cost
of Cost of
deploymentdeploymentdeploymentdeployment
EzIdentityEzIdentityEzIdentityEzIdentity High Low
PKI Token (Hardware)PKI Token (Hardware)PKI Token (Hardware)PKI
Token (Hardware) High High
ClieClieClieClient SSL Certificatent SSL Certificatent SSL
Certificatent SSL Certificate Low Medium
ScriptScriptScriptScript----InInInIn----TheTheTheThe----Middle:Middle:Middle:Middle:
Malicious JS/VB Script in a Phishing website uses the PKI Token to
sign a fraudulent transaction.
Legend: = Full protection; = Partial protection; = No
protection
About UsEZMCOM designs, develops, markets and supports identity
protection products for the financial world,business and commerce
over converging wired and wireless data channels.
Copyright 2007-2008 EZMCOM, Inc. All rights reserved.
