STATION ID - 7047/3.12 9x Datakit Network FOR OFFICIAL USE ONLY This is a 9x system, restricted to authorized persons and for official 9x business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and is advised that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement for prosecution. SecurID All Over By: KaTKiller 9x (cat@thepoint.com) SecurID SecurID is one of the two most popular authentication systems on the the earth today, Used in controlling network access via gateways, securing LANs and TCP/IP networks, protecting dial-up lines and securing hosts and/or applications (even used on Security Dynamics web site for god sake). Users of this include the majority of the Fortune 500 companies, multinational companies, and state, federal and foreign governments. Using one-time passwords as its means of authenticating of users, it's something to try every skill one has to get by it. Knowing what SecurID is and how to get around it is what this file is about. As you know SecurID is based on one-time passwords (OTPs), OTPs was invented to combat the problem of a reusable password that was vulnerable to eavesdropping on a network. Each user possesses a card that displays a six digit number through a glass display. The user also picks a PIN number. There are about three types of cards, 1st one displays just the number and about 3 millimeters thick, 2ed one is called key fob and is smaller in size than the 1st, and the last is a called PINPAD. PINPAD is like the 1st but the user enters his or her secret PIN directly into the Card not over the line, which generates an encrypted PASSCODE. This is for users in application who are concerned that a secret PIN might be compromised through electronic eavesdropping. The number on the card(s) changes every N seconds, Where N is a configurable quantity, usually 15 seconds. The algorithm used by the card is proprietietary, but it is known that each card contains a unique secret seed. A copy of each seed also exists at the authentication server. The seed is used to generate the next number that is in the card. There are several strategies for breaking SecurID. the product is sold on the premise that these are infeasible. One way to defeat it is to break the secret algorithm to predict the next number that will be. In addition, you must eavesdrop on a previous authentication to obtain the PIN if it is used (if thay used the PINPAD, well your out of luck :)), which is sent in the clear each time. Another attack is the "meet in the middle" attack. Here, you eavesdorp on an authentication session record the one time password, and prevent the message from reaching the authentication server. Then, you use it, within the time window allowed by the card, to authenticate yourself. If the authentication server is replicated, then even if the real authentication message is not blocked, preventing this attack requires significant overhead. Active play in the middle attacks are very difficult to prevent (Well, If the system is implemented properly, breaking it requires sophisticated, active attacks that are beyond the abilities of most attackers), and no authentication system in wide-spread use is immune to them. Any other Strategies I well not get in to at this time. If you have one you know or thank well work, I would like to hear about it, you know where to find me, any other junk mail will go by way of /dev/null. In the end SecurID is an expensive hardware solution that requires a secure authentication server (aka, a secure unix box(SunOS/Solaris,AIX,HP-UX)), and careful administration (aka, you got people who know what thay are doing). Websites to go see. www.securid.com - SecurID Homepage References 1. Unknown papers on security. 2. SecurID Homepage. 3. Unknown attacks. 4. Ace/Server software reviews by me. [ Part 3: "Attached Text" ] --=cat@thepoint.com=-------------------------------------------------------- kat@pulsar.cs.wku.edu/parricr@wkuvx1.wku.edu --------------------------------------------------------=Nss#34548/CRF JV=-- * this is for informational purposes only, dont blame 9x. * chill on #9x EFnet for real hp discussion only, no lamers.