I'm no Bruce Schneier, so I welcome the comments of any more informed and/or more intelligent readers (which shouldn't be too hard ;-)).
Two factor authentication is the buzz these days, it's the silver bullet of the security industry. To provide a short explanation (which will almost certainly leave out essential facts and get others wrong :-p):
To prove your identity to the other party you can use several
factors. Usually factors are categorized in three groups:
- Something you know (and hopefully only you know :)) - like a password, date of birth, SSN, etc
- Something you have - like and RSA token, smart card, etc
- Something you are, also known as biometrics - fingerprint readers, iris scanner, etc.
The basic premise of two factor authentication is that providing two factors from different groups (so an user name and password is not two factor!) increases the trust.
The thing I want to discuss is the way the authentication data goes from the user to the server, the
channel through which the information
flows. Why is this important? Because communication channels have their own weaknesses like replay attack (where the attacker captures the data - without necessarily being able to interpret it - and resends the exact sequence later) or man-in-the-middle attack. The most frequently used communication channel (HTTP over TCP/IP) is very vulnerable and even protocols which deal with data in transit (HTTPS) can not (and are not designed to) deal with endpoint security. To give a possible attack scenario:
- The user goes to a website (lets say over HTTPS)
- She enters her username and password
- She uses her finger with a fingerprint reader to create a hash that uniquely identifies her finger
- She sends all the data to the server for authentication
- However, there is an information collecting software (trojan) running on her computer, which captures and relays all the data before it enters the HTTPS tunnel
- Now all the attacker has to do is to
replayall the data, including the fingerprint hash, without even needing a fingerprint reader (the existence of which the remote server can not check, it can only check that it was supplied the correct hash)
One of the problems in this scenario was that the channel (or more precisely one of its ends) got compromised. PC's (and Macs too :-)) are relatively easy to compromise because they were built as general purpose computers. However if one of the factors was transported over an other channel, it would mean that the attacker would need to
listen in on two channels. This is what I would call
Two factor / Two channel authentication.
What attributes would such a channel need? It should be as widely accessible as possible and should be safe (to the extent possible) against spoofing. The (cell) phone network is something that comes close to this. So here is a possible implementation of such a system using the cell phone network:
- When the user registers on a site, she gives her cell phone number
- When she needs to log-in, she supplies her username and password
- After a very short time her cellphone rings, she picks it up and presses #
- Now she authenticated using two factors (something she knows - the username and password - and something she has - her cellphone) and two chennels!
Something like this already exists can be used for free by everyone in need to add a second factor to the authentication: PhoneFactor. (Disclaimer: I have no relations with PhoneFactor or anyone involved with it, I just think that it is a very cool idea).
Some issues with this method:
Can't the attacker just specify an other phone number and authenticate using that? - No, if the system is built properly. That is, the user supplies the phone number at the registration phase (which is supposed to be done in a safe environment) and it can later be changed only after logging in. If there is no safe environment when the user registers for the first time with the website, all bets are off anyway.
But phone numbers can be spoofed! - Yes, but to fool this system, the attacker would have to be able to (a) know the phone number where the call will be placed and (b) compromise the (cell) phone network to re-route calls. While both of these are possible, they are (hopefully) much more difficult than installing a trojan on the users machine
Isn't it a privacy concern that my phone number is stored in a database? - Yes it is, but if the database gets compromised, there are probably more valuable information than your phone number. Unfortunately it's not possible to store your phone number as a one-way hash, because (a) the system needs to able to call it and (b) phone numbers are relatively short (10 numeric characters), so a brute-force is very feasible. This can be mitigated if PhoneFactor would offer a service to store the phone numbers, which could work as follows (I don't know if they have such a system):
- When a new user register, the site asks PhoneFactor for a UID (Unique Identifier) to be associated with that user
- The user gives her phone number to the site, which in turn forwards it to PhoneFactor together with the UID and doesn't store it.
- From here on, the website only needs to send the UID whenever it wants to ask PhoneFactor to verify the user, and it will know which number to call
- When the user wants to change her phone number, the website would send the UID and the new phone number to be associated with it, without actually storing the phone number
In this case the information would be split up between two places (the website and PhoneFactor) and unless both are compromised, the complete identity-phone number can not be reconstructed.
What if I'm at a place where there is no coverage for my phone or I'm unable to use it for other reasons (battery died, etc)? - then you are SOL, pardon my language. But then again, what if you are in a place where there is no internet access? Or no fingerprint reader?
PS. I argue that the RSA-style one-time pad generators also fall in this category because one could say that there is a
virtual channel between the RSA-token and the authentication server, through the clock built into both of them and the serial number of the token.