dynalogin: Open source two-factor authentication
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Alternative Title |
| |
| Title of Series | ||
| Number of Parts | 64 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45896 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 201153 / 64
3
7
10
11
17
19
21
28
33
34
35
37
40
44
48
49
52
55
57
59
62
63
64
00:00
Physical systemComputer configurationPerturbation theorySoftwareFiber bundleComputer hardwareEnterprise architectureSocial classPasswordAlgorithmDifferent (Kate Ryan album)AuthenticationSpacetimeToken ringInternetworkingNeuroinformatikFamilyWebsitePlastikkarteData recoveryStandard deviationPay televisionInfinityAdditionComputer animation
02:50
Module (mathematics)Token ringAsynchronous Transfer ModeMobile WebSimilarity (geometry)Data storage deviceVirtual machineKey (cryptography)Process (computing)SummierbarkeitRadiusSystem administratorAlgorithmCuboidFront and back endsDatabaseSoftwareSystem administratorBounded variationDiagramMobile appServer (computing)Set (mathematics)Perturbation theoryKey (cryptography)Computer hardwareRadiusFlow separationModul <Datentyp>Integrated development environmentModule (mathematics)Computer fileFirewall (computing)Data managementProduct (business)Limit (category theory)Cartesian coordinate systemInteractive televisionTelecommunicationCommunications protocolInformation securityOffice suiteWeb 2.0Group actionPasswordClient (computing)QuicksortProjective planeRange (statistics)CASE <Informatik>Open setIdeal (ethics)Metropolitan area networkForm (programming)Maxima and minimaLevel (video gaming)Multiplication signSoftware frameworkStability theoryAndroid (robot)Web applicationDifferent (Kate Ryan album)Computer architectureMobile WebToken ringMoment (mathematics)Computer animation
08:04
System administratorModul <Datentyp>AlgorithmTotal S.A.Different (Kate Ryan album)Token ringFront and back endsLevel (video gaming)AlgorithmDiagramWebsiteMoment (mathematics)Multiplication signComputer configurationServer (computing)Dependent and independent variablesCodeSign (mathematics)NumberMereologySheaf (mathematics)Electronic signatureRight angleGame controllerVector potentialMessage passingCommunications protocolArmDirection (geometry)Client (computing)RadiusRange (statistics)QuicksortKey (cryptography)Cartesian coordinate systemModule (mathematics)File formatSession Initiation ProtocolType theoryDatabase transactionInformation securityRoutingCodeAdditionDistribution (mathematics)Data storage deviceProjective planeAndroid (robot)Slide rulePhysical systemDemo (music)System administratorIntegrated development environmentGroup actionAuthenticationOpen setGame theorySystem callComputer animation
13:18
MIDIDatabasePasswordFreewareProfil (magazine)Slide ruleMobile appComputer animation
13:53
PasswordProfil (magazine)Internet service providerCode
14:20
Maxima and minimaConvex hullInclusion mapHill differential equationOpen setInternet service providerUniform resource locatorComputer animation
14:45
Inclusion mapExecution unitOpen setInternet service providerCodeSource code
15:34
LoginComputer animationSource codeXML
15:57
LoginSuite (music)Open sourceInclusion mapLevel (video gaming)Server (computing)Range (statistics)AlgorithmMultiplication signCodeScripting languageCodeHTTP cookieInformation securityPermutationProfil (magazine)TelecommunicationNumbering schemeData managementInternetworkingConnected spaceMoment (mathematics)WebsiteMobile appOrder (biology)Right angleOcean currentSoftwareCartesian coordinate systemWeb browserImage registrationAndroid (robot)
18:52
PasswordHill differential equationChi-squared distributionMetropolitan area networkOpen sourceHacker (term)DatabaseServer (computing)CodeCodeCoefficient of determination2 (number)Message passingProcess (computing)Multiplication signElectronic mailing listComputer hardwareFlow separationTelecommunicationToken ringInternetworkingSequenceSynchronizationColor managementInformation securityPasswordData miningLecture/Conference
22:12
Wide area networkHill differential equationMessage passingMassCodierung <Programmierung>MathematicsLocal GroupEncryptionReading (process)Server (computing)Connected spaceUniform resource locatorCodeAlgorithmInformation securityEncryptionToken ringOffice suiteTelecommunicationDefault (computer science)RootWindowMultiplication signWebsitePublic-key cryptographyInformationPhysical systemCommunications protocolRight angleMaxima and minimaLatent heatService (economics)Dressing (medical)SynchronizationImage registrationRevision controlSystem administratorCentralizer and normalizerEvent horizonNeuroinformatikVirtual machinePasswordOperator (mathematics)Web pageCodeRemote procedure callBootingPoint cloudKey (cryptography)AuthenticationRoutingHard disk driveDatabaseSymmetric-key algorithmSource codeComputer animation
28:31
Server (computing)Spherical capComputer animation
Transcript: English(auto-generated)
00:11
So the talk today is about Dynalogend, which is intended to be an enterprise class two-factor
00:24
authentication solution based on one-time passwords. So why would we use one-time passwords instead of just regular passwords?
00:41
A lot of spam is intended to go phishing people's passwords, so if people don't use passwords then there's no reason for people to send so much spam in the first place. Many keyloggers with hardware and software are freely available.
01:02
Network sniffing is trivial. System tap is another option to expose the passwords. Password recovery is easily abused, especially with social networking sites keeping people's
01:23
like family names and their date of birth and everything you need to recover their passwords from other websites. Smart cards are not necessarily for everyone and they require hardware on the computer
01:43
that the person is accessing, so it may not always be a solution for an internet cafe or when using a computer in a friend's house or something like that. So one-time passwords are viable solutions.
02:01
So I've been looking at this space for a while and I had another look at it last year and the RSA tokens are an obvious solution that many people have seen in banking and
02:20
large enterprises, but they're not cheap, they're not free of trade-ins and so on. So it's not something that everyone can access for home use or for small business. Hot fee, on the other hand, is a similar algorithm that is available and freely documented.
02:47
It's implemented in various different places, in software and in commodity hardware. So there's a few different software solutions available.
03:04
The hot fee toolkit, which is now the birth toolkit, there's another solution called Verada, which is basically a Palm module and an Android app, which provides the soft token.
03:20
There's another one kicking it out called Mobile OTP and that started off with another algorithm, although there are variations of the Android app that support both hot fee and the original algorithm. So there's a few different things out there now. What was missing from these solutions?
03:44
The database, many of them are based on flat files, they're very simple management of the data. Privileged separation, they're genuinely secure environments.
04:01
You have a hardware security module, you have the key data kept on a separate network device with firewalling in place and only a limited amount of traffic can interact with that device. So having a Palm module on every Unix box in a network,
04:20
having a copy of the secrets on every Unix box on the network is less than ideal. And that was the intention of modularizing things. Modular use cases, so enabling technologies like OpenID, Radius, J2E, web applications.
04:46
The existing solutions provide the PAM solution, which is good for Unix logging, but there's a range of other applications, many of them web-based, where people need this sort of security and they need to have it in a convenient form.
05:04
The provisioning and lifecycle management for the users and their keys, that's also something that's not addressed at the moment in any of the tools. Most of them are quite basic, they implement the algorithm and they can handle the keys,
05:22
but they don't provide a complete framework to the system administrator. So Dynalogging aims to fill the gaps identified in those other existing products,
05:41
to provide a stable foundation for further algorithms like time-based OTP. The existing solution is event-based, so you press a button to get a new password. The time-based solutions are revolving by themselves over time,
06:03
and they can be added into the infrastructure. Something that just works, that a sys admin can drop in, and that they can expect it to provide a minimum level of security on the box, or their network. So the current status of the project, the Unix ODBC support is there,
06:27
so it can be used with a range of databases. No tools are provided yet to manage the data, but nonetheless having the data access there enables that next set of work to commence.
06:42
It implements the HotP algorithm, but not the other algorithms like TopP. And it has OpenID, fully functional, using the PHP MyID solution.
07:03
And that's just been patched to integrate with the backend. This is a diagram of the whole architecture. So at the top of the diagram, this half is the server side. So in an ideal solution, that would be a separate box on the network with a firewall,
07:26
and these would be running on various client boxes. So this might be a web server in a DMZ, and this might be a more secure server that's further back from the DMZ.
07:41
You could run them on the same box if you wish to do so. TCP is used for communication. The protocol used between the applications and the server resembles the SMTP command set.
08:01
So this application will send a command, and this will send back some kind of a response code to indicate whether it was accepted or not. So it's very basic right now. Up at the top here, you've got various modules for storage, for storing the key data, which needs to be protected.
08:26
You've got a controller section that decides which modules to talk to, to get the keys and then to select an algorithm. And over on the right, you've got the different algorithms. There's only the first one being implemented so far.
08:46
Also, the PHP MyID is the only client-side solution at the moment. The next step is to implement this C client that can then be dropped into other code, such as a RADIUS module or a ARM module or some other client.
09:05
So the directions for the project are to finalize the network protocol. So the protocol at the moment is very basic. The potential is SMTP. One thought that I've had is to use a message format more like a SIP message or an HTTP request with headers,
09:27
so that additional data can be passed back and forth, maybe for logging purposes. So to generalize it to provide multiple algorithms is the single algorithm at the moment is hard coded.
09:43
And configurable routing. Over-authentication requests. So that you can, as an administrator, you can choose which users will get which algorithms and in which scenarios. So you might have one level of security for OpenID and you might have another level of security,
10:05
like selecting a challenge response scenario for doing e-commerce transactions. And logging. In an OpenID situation, the OpenID server will know every time that the credentials are used with a different website.
10:28
So the names of those other websites could be captured in a log. There's no such facility at the moment. But logging could be implemented to capture some of this data, so the user can then go back and see where their credentials were used.
10:46
And finally, the packaging and making it available in distributions. It's not quite at that stage yet. Just to go into more detail on the routing of the requests.
11:04
In the diagram we looked at before, you could see the different backend storage options and the different algorithms. With the challenge response algorithms, the challenge can be used to form a signature.
11:22
So the server can send some known data, such as an account number or the size of a transaction, as part of the challenge. And when the user enters their code, they start with that challenge, they put that into their token.
11:41
The token gives back the code that signs that transaction data, such as the amount of the transaction. So when that type of activity takes place, the dynlogging infrastructure could send some sort of a message out to another application on the server side.
12:02
And that could be done through a queue or through some sort of messaging protocol used in the backend. And there might be a range of systems that people already have that they want this to drop in with.
12:28
So we'll go on to a quick demo in a moment. So I'll just put a final slide in here and come back to my mouse here.
12:52
So this is the Android client that I prepared for the dynlogging. And you can find this in the market. Has anyone already downloaded it? Or does anyone have an Android phone?
13:08
You can find this in the Android market for dynlogging. So what we'll do, I've set up a user on a database down here.
13:31
So one of the drawbacks of passwords is if you put your password on a slide, everyone goes away with a copy of it.
13:42
Anyway, that's my user. So if you have the app on your phone, you can configure it with this password, FUBAR. And we'll do that now. Let me just go into profiles, the add profile.
14:10
So we've now got our profile set up on that password. So that's the first code for that user. So let's try accessing the OpenID provider using this user name.
14:28
I've already got a copy of the, that's the OpenID URL for this user.
14:50
What we'll do is add the OpenID there.
15:16
So we now associate this OpenID with this account.
15:24
We now get asked to authenticate. This is coming from the OpenID provider itself. And we just take our code, which is here, 734211.
15:49
And that's now authenticated. So if we log in again using the OpenID, that's the same OpenID there, the login.
16:21
And it just goes straight in because there's already a session cookie in this browser from when we entered the code. So we can now float around on different websites and using that session cookie. The PHP script would be modified to periodically prompt for the code again.
16:44
So the user would have to go back into their token and generate a new code from time to time. And that would increase the level of security. There's a range of permutations on that that can be implemented to achieve the level of security that a business company is comfortable with.
17:10
So at this stage, does anyone have any questions about the technology?
17:24
Just wait for the door to close. In the current setup, in order to function, the device you're using to send a request from the central server, it has to be connected in some way to the network, right?
17:43
To the internet, for example. Is there any kind of offline solution that can be created? Like the Macs are using the tokens? The soft token does not need to be online. When you run the Android app, it does not need an active internet connection.
18:06
When you install this application, it will give you a warning about network access. And that's because I'm implementing a registration scheme for user lifecycle management. That's not complete yet, so you won't see that anywhere in the UI.
18:22
At the moment, there is no network communication between the token on the phone. And the server. So the token on the phone is generating the codes using an algorithm based on the seed that was configured.
18:41
So when we configure the profile, we put in this secret. And the server has the same secret in the database.
19:03
And so they're both using the same secret to calculate the secrets of codes. So there is no communication between the server and the token. And it is possible to have the...
19:23
These are some of the hardware tokens that are available. Has anyone seen these? Pass them around. I can't pass mine because they were pressed several times so people don't press yours.
19:44
You shouldn't care. After they are being pressed, it's not the same. The first one is event-based. It means that the code remains valid until you use it. If you press it in the morning, it's valid 10 days afterwards.
20:02
Until you use it, the second one is time-based. It's only valid during 60 seconds. So it's better to have a valid token during 60 seconds because you're less vulnerable to man-in-the-middle attack. Because the attacker only has 60 seconds to connect.
20:22
So where does it get time from? Does it get time off the radio? No, no. These tokens have very good synchronization. And they work for an average time of five years.
20:41
They can be pressed 100,000 times. And they cost around 10 euros, maybe less for some time. So it's a very nice solution. Please close the door. So just to finish it, we have some light entertainment, but also a very meaningful message about why this is important.
21:09
So in 2006, I had the pleasure of submitting evidence to the House of Lords in the UK.
21:28
And they were investigating the full gamut of security risks presented by the Internet. And everything it means for the individual consumer.
21:41
And I chose to focus on one simple topic, on why passwords are bad. And I gave them a very thorough briefing on that. How long ago did you say? 2006. They didn't read it.
22:06
They still didn't read it. And even in, they didn't tell their friends in Washington either. They obviously weren't reading it.
22:21
So, but there are some people who have been paying attention. This was in the news today. That biking gangs in Australia, that motorcycle gangs have been using blackberries to encrypt their communications. So we have a bizarre situation where potentially the next leader of the United States has been using Yahoo.
22:52
While you have motorcycle gangs in Australia using highly secure blackberries.
23:03
So that's it for today for long time passwords and tokens. Unless anyone has any questions. I have a question. Where can you get these kinds of tokens? 10 euros or less.
23:24
From gooz.eu this is my website. This is our website. So www.gooz.eu.
23:42
Do you have it? What if I generate 10 holes on my phone and I try to log in with cloud. You have a window.
24:00
The default window in the protocol is 20 codes. So if someone presses the button 19 times then that's okay. They can still use the next code. And if they press the button 50 times the system will not recognize the next code. Because otherwise you have a very high risk of someone generating a random code that happens to be the next code.
24:26
So it has this window of 20 presses of the button. If you lose synchronization because you advance your token far beyond the counter on the server side. There is a protocol for resynchronizing.
24:43
In the specification it suggests that would involve submitting two consecutive codes. And you may also choose to have some other security check when you do that resynchronization. And that would be up to the administrator to decide how the user could resynchronize their codes.
25:03
A similar algorithm could be used for the initial user registration as well. And if they receive a token by post. I wanted to ask a question. How do you plan to protect the seeds in future versions?
25:26
Because people consider that using this OTP password is great for users. But you have to consider that once in a while someone may connect to your computer or try to access the seeds.
25:43
Are you thinking of a way to encrypt the seeds or use an encrypted database like PostgreSQL? Ultimately if you encrypt the seeds, this is not like a public key solution. It would be symmetric encryption. So the problem you would have is the server still needs to decrypt the seeds before performing the algorithm.
26:07
So someone who has root access on the server or who walks away with the server hard disk will still be able to get the password and decrypt all the keys. Unless you had a situation where the operator has to manually put the password in when they boot the machine.
26:26
Would it be possible to use something like this Stanford remote protocol? SRP protocol? I'm not sure. Can you tell us more about the protocol?
26:43
As far as I know you can do a hashing operation on an encrypted value without having to encrypt it on the server.
27:00
That would not be the same as the HotP algorithm. To implement the HotP algorithm you need to have the unencrypted secret to perform the algorithm. So the principle of security in this system is that the machine that has those secrets should be kept in a secure location behind a firewall.
27:21
The only port that should be accessible is the port for performing authentication. When the authentication is done, the token code submitted by the user is sent in to the server over that TCP connection and the server sends back a yes or a no.
27:43
The secret is never released by the server. So the minimum amount of data is exchanged to perform authentication. Do we have other questions? Just one remark is that there is a secret seed on his server, but as a seller, as a producer of tokens, I also have the seeds.
28:07
Because when you buy the tokens, I ship them to you. So what we do is that we have security, a security room with a security server with no access to encrypted routes. And we ask you when you buy the seed how long, how long time you want us to keep the seeds.
28:27
So we can destroy the seeds right after shipping them to you. We can keep them three months because sometimes you'll lose the seeds or we can encrypt them using PGP. And they are kept, in this situation, they are kept on a server that is not connected to the internet.
28:45
Okay, thanks a lot.