Thursday, March 24, 2011

RSA SecureID is now 1.5 factor not 2

Everyone is trying to figure out what really happened. One theory is that there was a government backdoor. That is possible since SecureID is a closed technology and it is unclear how it works. It has not been reviewed for strength of architecture/algorithm that could cause unintentional security breach or absence of intentional backdoors.

Network World reported the following:
In its "Incident Overview," which was part of the update, RSA stated, "To compromise any RSA SecurID deployment, an attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful direct attack, someone would need to have possession of all this information."

This indicates that an attacker can get access to a protected system without having physical possession of the SecureID token. If that is true, the other RSA quote (from Network World)
Many are, in fact, bewildered by the statement Coviello made on March 17: "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

would mean that the "reduction in effectiveness" is basically that the authentication is no longer based on two factors. It is based on one factor (and some phishable data) only.

How is this possible?
I don't know how SecureID works but this is how 2 factor authentication works and it must do something like this:
One factor is something that you have, in this case, a hardware token. This presumably would have a private key which would be shared by the authentication server (or the server will have a paired public key). Ideally, every token would have a completely random key but RSA may have taken a shortcut and used one that is somehow dependent on the serial number of the token(or some other insecure input like customer id etc). If the attacker was able to get information that can be used to guess this key from the serial number(or other info) then he or she can succeed in authenticating without having access to the token itself.
This theory is not incompatible with the government backdoor; indeed the government may have asked RSA to use introduce the above weakness. Or it could have figured it out a long time ago on its own.