Re: Circle Bank plays with two-factor authentication
| Have you seen the technique used at http://www.griddatasecurity.com ? Sounds | a lot like your original idea. Nah - more clever than what I had (which was meant for an age when you couldn't carry any computation with you, and things you interacted with on a day by day basis didn't have displays). GridCode's idea is quite clever, but the fact that it's ultimately a simple substitution - a varying simple substitution, but of a fixed value - seems dangerous. No obvious (to me!) attacks, though -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
Here in the Netherlands, we have a bank (Rabobank) which sends the required code by SMS to your (registered) cellular phone as soon as you want to log in. So the codes are always fresh and random and only available to whoever knows the password ánd has the phone. At my own bank, the bank-card is also a smartcard. When trying to log in, the bank issues a random six-digit challenge. With the use of a seperate cardreader, the bank-/smartcard can compute an (8-digit) response to the challenge. This response is computed with a private key stored in the card. The card can only be used after entering the correct PIN. Three wrong PINs block the smartcard. These two systems also obviously have their pro's and cons, but they both seem much more secure than the other schemes i have seen here. Peter 2006/9/28, pat hache [EMAIL PROTECTED]: Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a card you need to have at hand to access your account after login and username... the system asks you one of those 24 numbers to allow each session - entry. supposed to be effective. donno if there is a similar system elsewhere. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
snip The question is what the threat model is. We all know that email can be intercepted over the wire. We also know that that's not very common or very easy, except for wireless hotspots. I assert that *most* email does not flow over such links, and that the probability of a successful interception by someone who's staked out a hotspot is quite low. Residential wireless? Sure, there's a lot of it, mostly unencrypted. If you're a bad guy, is there any reason you should be watching for that particular piece of email? You don't even know who the customers of that bank are. (Sure, there can be targeted attacks aimed at a given individual. Unless you're a member of the HP board of directors or a prominent technology journalist, that risk is low, too) Again -- the scheme isn't foolproof, but it's probably *good enough*. What is their threat? There are two obvious answers: phishing and keystroke loggers. /snip The threat model that does not get enough attention (especially by purported anti-phishing security mechanisms) is that if a phisher can obtain your password, and most people use the same password all over the place, then the adversary can simply log into your email and read any sensitive information directly. They don't need to eavesdrop. They don't need to put spyware on your box to busy-poll your email inbox. Traditional phishing attacks _still work_, just with a level of indirection. Ultimately, these kinds of anti-phishing schemes that require sending secret information to your email inbox are no more secure than your email password. Presumably, the reason that these schemes are required is to combat password theft (phishing) and password guessing so at the end of the day, how much do they really buy you? One level of indirection? One minor change in tactics? -Jason - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
Have you seen the technique used at http://www.griddatasecurity.com ? Sounds a lot like your original idea. Screen shot here: http://blogs.zdnet.com/threatchaos/?p=374 -Richard Stiennon At 02:40 PM 9/28/2006, Leichter, Jerry wrote: | Circle Bank is using a coordinate matrix to let | users pick three letters according to a grid, to be | entered together with their username and password. | | The matrix is sent by email, with the user's account | sign on ID in plaintext. | | Worse, the matrix is pretty useless for the majority of users, | with less usability than anything else I saw in a long time. | This is what the email says: | | The following is your Two Factor code for Online Banking for | username (sign on ID changed here for privacy reasons). You will be | required to enter the grid values associated with the three | Two Factor boxes presented with each sign-on to Online Banking. | Please save and store this Matrix in a safe yet accessible place. | The required entries will be different each time you sign-on. | | | Two Factor Matrix | | ABCDEFGH | ________ | | 108421175 | | 274992420 | | 336069906 | | 464514684 | | 517686592 | ... Wow. A variation of an idea I suggested back in the '70's The problem then was with telephone calling cards. As those of us old enough will remember, at one time you didn't have a cell phone with you at all times (or at any times). You had to use these things called pay phones. Long distance calls were expensive, and you had to dump a whole bunch of change in to make them work. Very annoying. So you got a calling card, which often charged to your home phone number. Calling cards had a fixed PIN on them. Shoulder surfers would hang around heavily used phones - commuter train stations were a good spot - watch as you entered your account number/PIN, memorize it on the spot and then sell it. These could move remarkably quickly - my wife's PIN was stolen this way, and in use within seconds after she hung up. Over the next hour or so, until the fraud people picked it up, it was used to make several hundred dollars worth of calls from several locations in New York. Anyhow ... my suggestion was that a similar table be printed on the back of the card. (I would have put a multi-digit number at each intersection point and only ask for one value. All told, I'm not sure which approach is better - but with good printing technology you can use much smaller fonts than when you rely on people printing things out themselves.) I also suggested that the numbers be printed in a color - light blue, red against a grey background - that would make it hard to photocopy. No one ever did anything like this with phone cards. Interesting to see the idea re-invented for a different purpose. (Hmm, if I'd patented it, the patent would be running out soon, even assuming I went for the renewal.) Now if only they hadn't done the actual implementation so stupidly -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] Richard Stiennon The blog: http://www.threatchaos.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
* Steven M. Bellovin: Again -- the scheme isn't foolproof, but it's probably *good enough*. I agree that if you consider this scheme in isolation, it's better than plain user names and passwords. But I wonder if it significantly increases customer confusion because banks told their customer that they won't *ask* for credentials via email, but now a bank is *sending* them by email. As for keystroke loggers -- the bad guy would have to capture enough table entries that they'd have a reasonable probability of seeing challenges they'd already received. If this technology enters the attacker's radar screen, the keystroke logger would be changed to scan mail folders for the message sent by the bank. Or it would alter the login page to display an empty matrix, without any further explanations. 8-/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
On Thu, 28 Sep 2006 12:34:24 -0700, Ed Gerck [EMAIL PROTECTED] wrote: Circle Bank is using a coordinate matrix to let users pick three letters according to a grid, to be entered together with their username and password. The matrix is sent by email, with the user's account sign on ID in plaintext. Worse, the matrix is pretty useless for the majority of users, with less usability than anything else I saw in a long time. This is what the email says: ... This illustrates that playing with two-factor authentication can make the system less secure than just username/password, while considerably reducing usability. A lose-lose for users. I'd like to hear why you think the scheme isn't that usable. I disagree with you about its security. The question is what the threat model is. We all know that email can be intercepted over the wire. We also know that that's not very common or very easy, except for wireless hotspots. I assert that *most* email does not flow over such links, and that the probability of a successful interception by someone who's staked out a hotspot is quite low. Residential wireless? Sure, there's a lot of it, mostly unencrypted. If you're a bad guy, is there any reason you should be watching for that particular piece of email? You don't even know who the customers of that bank are. (Sure, there can be targeted attacks aimed at a given individual. Unless you're a member of the HP board of directors or a prominent technology journalist, that risk is low, too) Again -- the scheme isn't foolproof, but it's probably *good enough*. What is their threat? There are two obvious answers: phishing and keystroke loggers. It works very well against the first, and tolerably well against the second, at least until the scheme catches on. A phisher has no knowledge of what challenges will appear, so that won't do much. (OTOH, an active attacker -- one who waits for you to connect to the site, then connects to the real bank and echoes the real challenge -- will succeed, but an active attacker will succeed against any scheme that doesn't involve bilateral authentication.) As for keystroke loggers -- the bad guy would have to capture enough table entries that they'd have a reasonable probability of seeing challenges they'd already received. The bad guy's strategy might be to try a lot of logins, until the hit a lucky set, but the bank's obvious defense is to lock people out after too many failed attempts. Yes, that's denial of service, but that's not the bad guy's goal here. In short -- I think that the scheme is well-matched to the threat. The one thing they should have done differently is not put the username in the same email -- you're told to safeguard the matrix, so you don't want to send the two in the same message, where someone who has compromised the file will get both. I agree that a matrix you need to look at is harder to use than, say, a password, but most two-factor schemes are going to be somewhat difficult. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
Steven M. Bellovin wrote: I'd like to hear why you think the scheme isn't that usable. I disagree with you about its security. The first condition for security is usability. I consider this to be self-evident. Users have difficulty already with something as simple as username/pwd. Here, the user is additionally requested to find three numbers that match (for example) G5:H1:D3, out of 40 matrix positions in 8 columns and 5 rows. Anyone who has played battleship knows that matrix searching takes time and mistakes happen. The screen is likely to time out while the user is looking for the 3 numbers, so that the user has to start again, possibly with another new time out. The user may also make a parallax mistake, getting a wrong number. After the user logs in the session times out after a while, requiring the same procedure anew. Users will have a hard time using this. But I don't think there is so much of a need to advocate for the users here -- they will just go back to phone service (which costs much more for the bank). Eventually, because of cost, something with higher usability will have to be used. The introduction of a USB interface for SecurID was caused by user rejection of a much simpler procedure -- the user just had to read the two-factor code off a display. The question is what the threat model is. We agree they should not have included the sign on ID. It is not such a quick fix, however, to delete it from the message because different accounts may share the same email address and the user would not know what matrix to use for what account. But such a simple, clear mistake is actually a harbinger -- there are other clear mistakes there. But which cannot be solved. For example, the scheme (contrary to SecurID) has no protection against an insider threat (the highest risk). The matrix combinations are fully known in advance from the bank side (and there are only 999 of them [*]). Further, it does not allow the usual bank security policy of separating development (inside knowledge) from operations (the bank's servers). Watching a couple authentication events for a user should be enough to find which matrix the user was assigned to, allowing the next authentication event to be fully predictable without any cooperation from or attack on the user. After the severe usability burden of this scheme, one would think that the threat model would be more robust -- to pay for your troubles. There are, of course, also the outside threats. Contrary to what people think, it's very common and very easy to intercept email. ISPs can do it without trace. Companies do it all the time for their employees. Of course, ISPs and employers already show trusted functionality to the user but the use of insecure email here multiplies the inside threat opportunity against the user. There's also the question of plausible deniability. If the user's username/pwd is compromised today, it's easy to argue it was not safe to begin with. With this scheme, people (and the user) might think the user is more protected -- when the user may actually be more exposed. Shifting the burden to the user is tempting. But, contrary to risks, shifting the usability burden is less tolerable to users. As technologists we cannot just do the math and say -- it works! This was the same mistake of email encryption. That the system can actually be used turns out to be more important than any security promise. Cheers, Ed Gerck (*) Apparently, at most. Their 3-digit matrix counter, also included in the message (!), can index at most 999 pages. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Circle Bank plays with two-factor authentication
Circle Bank is using a coordinate matrix to let users pick three letters according to a grid, to be entered together with their username and password. The matrix is sent by email, with the user's account sign on ID in plaintext. Worse, the matrix is pretty useless for the majority of users, with less usability than anything else I saw in a long time. This is what the email says: The following is your Two Factor code for Online Banking for username (sign on ID changed here for privacy reasons). You will be required to enter the grid values associated with the three Two Factor boxes presented with each sign-on to Online Banking. Please save and store this Matrix in a safe yet accessible place. The required entries will be different each time you sign-on. Two Factor Matrix ABCDEFGH ________ 108421175 274992420 336069906 464514684 517686592 These are the additional instructions in the site: Check your e-mail for receipt of the Two Factor Matrix which should be delivered within 2-3 minutes of activation. You can save the e-mail to your desktop for easy access or print the matrix. However, do not write your sign on ID and password on this matrix – treat it securely as you do with a Debit or ATM card. Go back to the online banking sign on page and type in your sign on ID, password, and the three coordinates from your Two Factor Matrix. These three coordinates are randomly selected each time you sign on, so remember to keep your matrix secure and easily accessible. Well, the bank itself already compromised both the sign on ID and the matrix by sending them in an email. All that's left now is a password, which a nice phishing email giving the correct sign on ID might easily get. When questioned about this, the bank's response is that this scheme was designed by the people that design their web site and had passed their auditing. Of course, a compromise now would be entirely the user's fault -- another example of shifting the burden to the user while reducing the user's capacity to prevent a compromise. This illustrates that playing with two-factor authentication can make the system less secure than just username/password, while considerably reducing usability. A lose-lose for users. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
| Circle Bank is using a coordinate matrix to let | users pick three letters according to a grid, to be | entered together with their username and password. | | The matrix is sent by email, with the user's account | sign on ID in plaintext. | | Worse, the matrix is pretty useless for the majority of users, | with less usability than anything else I saw in a long time. | This is what the email says: | | The following is your Two Factor code for Online Banking for | username (sign on ID changed here for privacy reasons). You will be | required to enter the grid values associated with the three | Two Factor boxes presented with each sign-on to Online Banking. | Please save and store this Matrix in a safe yet accessible place. | The required entries will be different each time you sign-on. | | | Two Factor Matrix | | ABCDEFGH | ________ | | 108421175 | | 274992420 | | 336069906 | | 464514684 | | 517686592 | ... Wow. A variation of an idea I suggested back in the '70's The problem then was with telephone calling cards. As those of us old enough will remember, at one time you didn't have a cell phone with you at all times (or at any times). You had to use these things called pay phones. Long distance calls were expensive, and you had to dump a whole bunch of change in to make them work. Very annoying. So you got a calling card, which often charged to your home phone number. Calling cards had a fixed PIN on them. Shoulder surfers would hang around heavily used phones - commuter train stations were a good spot - watch as you entered your account number/PIN, memorize it on the spot and then sell it. These could move remarkably quickly - my wife's PIN was stolen this way, and in use within seconds after she hung up. Over the next hour or so, until the fraud people picked it up, it was used to make several hundred dollars worth of calls from several locations in New York. Anyhow ... my suggestion was that a similar table be printed on the back of the card. (I would have put a multi-digit number at each intersection point and only ask for one value. All told, I'm not sure which approach is better - but with good printing technology you can use much smaller fonts than when you rely on people printing things out themselves.) I also suggested that the numbers be printed in a color - light blue, red against a grey background - that would make it hard to photocopy. No one ever did anything like this with phone cards. Interesting to see the idea re-invented for a different purpose. (Hmm, if I'd patented it, the patent would be running out soon, even assuming I went for the renewal.) Now if only they hadn't done the actual implementation so stupidly -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a card you need to have at hand to access your account after login and username... the system asks you one of those 24 numbers to allow each session - entry. supposed to be effective. donno if there is a similar system elsewhere. On 28 sept. 06, at 14:34, Ed Gerck wrote: Circle Bank is using a coordinate matrix to let users pick three letters according to a grid, to be entered together with their username and password. The matrix is sent by email, with the user's account sign on ID in plaintext. Worse, the matrix is pretty useless for the majority of users, with less usability than anything else I saw in a long time. This is what the email says: The following is your Two Factor code for Online Banking for username (sign on ID changed here for privacy reasons). You will be required to enter the grid values associated with the three Two Factor boxes presented with each sign-on to Online Banking. Please save and store this Matrix in a safe yet accessible place. The required entries will be different each time you sign-on. Two Factor Matrix ABCDEFGH ________ 108421175 274992420 336069906 464514684 517686592 These are the additional instructions in the site: Check your e-mail for receipt of the Two Factor Matrix which should be delivered within 2-3 minutes of activation. You can save the e-mail to your desktop for easy access or print the matrix. However, do not write your sign on ID and password on this matrix – treat it securely as you do with a Debit or ATM card. Go back to the online banking sign on page and type in your sign on ID, password, and the three coordinates from your Two Factor Matrix. These three coordinates are randomly selected each time you sign on, so remember to keep your matrix secure and easily accessible. Well, the bank itself already compromised both the sign on ID and the matrix by sending them in an email. All that's left now is a password, which a nice phishing email giving the correct sign on ID might easily get. When questioned about this, the bank's response is that this scheme was designed by the people that design their web site and had passed their auditing. Of course, a compromise now would be entirely the user's fault -- another example of shifting the burden to the user while reducing the user's capacity to prevent a compromise. This illustrates that playing with two-factor authentication can make the system less secure than just username/password, while considerably reducing usability. A lose-lose for users. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
