PalmPilot SecurID security.

Trei, Peter (ptrei@securitydynamics.com)
Wed, 7 Apr 1999 12:20:01 -0400

• Next message: Daniel J. Frasnelli: "False sense of security (re: Snake oil...)"
• Previous message: Mok-Kong Shen: "Re: Vernam Cipher"

Ok, to calm concerns, here's what we do.

The data to be protected is a 64 bit seed.
This is 3DES encrypted (using 3 different
keys, naturally). The keys are derived from
an MD5 hash of certain data.

That data hashed to obtain the keys are:

1. If the user has not selected a passphrase,
a collection of machine specific data is thrown
into the hash. I'll remain a little vague about
what is actually used, since it can vary.

2. If the user sets up a passphrase (highly
reccomended), that is thrown into the hash
as well.

3. Before the seed is initially downloaded to
the user, the admin program which produces the
seeds 3DES encrypts it using an administrator
supplied passphrase, which must be communicated
via a secure channel to the end user.

To break the encryption, the attacker would
need reverse engineer the app, and then...

EITHER

Get the encrypted seed file, extract the
machine specific data from that particular
PP (some of it is data which is
not available through any of the standard
applications), and perform a dictionary
attack on the passphrase.

OR

Steal the seed file and crack 3DES.

[The encrypted seed file is NOT backed up
on the users PC.]

OR

steal a PP on which the foolish user
has failed to use a passphrase (this is
exactly equivalent to stealing a hardware
token)

AND

Obtain or brute force the user's PIN
(n wrong guesses (n = small integer)
and the SecurID is turned off in the
server)

People will generally notice that their
PP has gone missing a lot faster than they
would notice a missing hardware token, since
the PP is in constant use. They would then
inform their admin, who would turn off that
token in the server.

(and yes, the decrypted seed is wiped after use)

Comments are welcome.

Peter Trei
ptrei@securitydynamics.com

> ----------
> From: Michael Bauer[SMTP:mick@tiny.net]
> Sent: Wednesday, April 07, 1999 11:23 AM
> To: vin@shore.net; CodherPlunks@toad.com
> Cc: ptrei@securitydynamics.com
>
> Since, as Vin implies, the SecurID cat is apparently out of the bag (to
> some extent or another), wouldn't this mean that a SoftID on a PC or
> PalmPilot is at least theoretically quite vulnerable if a system on which
> a SoftID resides is stolen? E.g., savvy thief steals PalmPilot and copies
> SoftID files onto PC and brute-forces secret-key, or uploads SoftID
> cracker onto stolen PalmPilot and cracks SoftID files locally (although
> the latter seems like a stretch -- how many AAA-battery-years would it
> take to brute-force even a small key on a 68000-based Palm system? :-).
>
> Having said all that, I think it's very cool that SDTI is developing for
> Palm...
>
I think so too! :-)

> Cheers,
> Mick Bauer
> EXi Corp.
>
>

• Next message: Daniel J. Frasnelli: "False sense of security (re: Snake oil...)"
• Previous message: Mok-Kong Shen: "Re: Vernam Cipher"