On Thu, Sep 14, 2006 at 02:48:54PM -0400, Leichter, Jerry wrote: > | The problem is that _because there is an interface to poll the token for > | a code across the USB bus_, malicious software can *repeatedly* steal new > | token codes *any time it wants to*. This means that it can steal codes > | when the user is not even attempting to authenticate.... > > I think this summarizes things nicely.
Me too. While less emphatic, my reaction to Vin's post was similar to Thor's.. that it seemed to at least miss, if not bury, this point. But let's not also forget that these criticisms apply approximately equally to smart card deployments with readers that lack a dedicated pinpad and signing display. For better or worse, people use those to unlock the token with a pin entered on the host keyboard, and allow any authentication by any application during a 'session', too. > Pressing the button supplies exactly the confirmation of intent that > was lost. And further, a token that includes more buttons (specifically, a pinpad for secure entry of the 'know' factor) is vulnerable to fewer attacks, and one that permits a challenge-response factor for specific transaction approval is vulnerable to fewer again (both at a cost). Several vendors have useful offerings of these types. The worst cost for these more advanced methods may be in user acceptance: having to type one or more things into the token, and then the response into the computer. A USB connected token could improve on this by transporting the challenge and response, displaying the challenge while leaving the pinpad for authentication and approval. But the best attribute of tokens is they neither use nor need *any* interface other than a user interface. Therefore: * it works anywhere with any client device, like my phone. I choose my token model and balance user overhead according to my needs. * it is simple to analyse. How would you ensure the above ideal hypothetical USB token really couldn't be subverted over the bus? By the time you've given up that benefit, and done all that analysis, and dealt with platform issues, perhaps you might as well get the proper pinpad smartcard it's starting to sound like, and get proper signatures as well, rather than using a shared-key with the server. -- Dan.
pgpotlLAwVOtZ.pgp
Description: PGP signature