Tuesday, June 26, 2012

Security tokens busted in a matter of minutes

Jacob Aron, technology reporter

Some security tokens designed to protect computer systems, like RSA's SecurID 800 system, are now just plain old tokens - for now. Team Prosecco, a group of cryptographers based at the French National Institute for Research in Computer Science and Control, have figured out a way to extract the secret key from such tokens in just 13 minutes, effectively rendering them useless. The attack also works against older versions of the Estonian national ID card, allowing the team to forge a digital signature in around 48 hours.

The tokens are designed to provide more security than a fixed password alone can. They regularly generate a new six-digit number based on an initial starting number provided by RSA or another security firm, and users must input this number along with their password when logging in. Many tokens are stand-alone devices, but some like the SecurID 800 can be plugged into a computer via USB so that users don't have to enter the number themselves.

It is these USB tokens that have been cracked, using a technique called a "padding oracle attack", which essentially involves slightly modifying the encrypted text thousands of times. If the system views this extra padding as a valid encryption, the attacker can learn something about the original text until eventually they know the whole thing.

This kind of attack was first proposed in 1998 but until now was thought too slow to be practical, requiring 215,000 attempts to crack 1024-bit encryption. Now Team Prosecco have worked out a way to cut that number to just 9400, which takes about 13 minutes.

The researchers will present their attack at the CRYPTO 2012 conference in Santa Barbara, California, next month, but they have already informed the affected security token manufacturers, who are in the process of fixing the flaw. It is the latest in a series of troubles for RSA, which last year had to recall its tokens after hackers breached its internal network and stole secret information related to the system.

Subscribe to New Scientist Magazine

daylight savings time john mccain game changer selection sunday corned beef recipe time change daylight savings

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.