Banks Begin To Use RSA Keys

jnguy writes "According to the New York Times (free bacon required), banks are begining to look into using RSA keys for security. AOL has already begun offering its customers RSA keys at a premium price. Is this the future of security, and is it secure enough? How long before everyone needs to carry around 5 different RSA keys just to perform daily task?"

Heh? This is old news

[zxSpectrum]

I'm rather surprised: Several Norwegian banks have been using these RSA Hardware Tokens for a couple of years.

Article not about "RSA Keys" -- Hardware tokens

[Steven Reddie]

The article is really talking about using hardware tokens for extra security since the private data is stored on an external token and can't be stolen by viruses, trojans, or phishing scams. I don't even see RSA mentioned in the article -- there is an inset picture of an RSA SecurID but that's as close as it gets.

This is news?

[Nehle]

My bank (SEB, www.seb.se) has been using a hardware token system for years. I click the sign in button, enter my birthdate, receive two four-digit numbers, start the little device, enter my password and the two numbers and get a six-digit number that I enter in the login page and then I get logged in.
Is this somehow different?

Oh, and by the way, works like a charm and I feel a lot more secure than I do with static passwords

Old News

[Ann Elk]

Banks in Poland have been using physical security tokens for online access for a few years. Yawn...

Re:Thumb drives

[jdhutchins]

That's what I initally thought, but the article talks about a different kind of RSA "key". The article is about the hardware things that show a number that changes every 15sec or so, and you need that number to log in. The summary title is misleading (suprise suprise)

This is new?

[wfberg]

I've been using physical tokens to log on to e-banking for years. Not only that, but tokens that are significantly more secure than securID fobs, in that they support challenge/response and using a PIN to unlock it (two-factor security, and the PIN is only used with the token so it needn't be known at all to the bank).

In fact, most banks are now switching to keypads that you plug your existing bankcard in, so they can piggyback on the tamper-resistant chipcard that's already on there (although it's slightly less advanced than some tokens, since chipcards don't support a clock that's permanently ticking).

Most devices are from Vasco [vasco.com] who provide a wide range of tokens (some more secure than others). They even have challenge/response tokens that don't require you to copy the challenge; they have optical sensors that can read out a code that's blipped out by flashing blocks on your screen. Way cooler devices than those RSA securIDs.

Re:Article not about "RSA Keys" -- Hardware tokens

[HotNeedleOfInquiry]

Wells Fargo issues the RSA SecurID devices for security. Not a test, not a trial, My wife and I each have one.

Argh... please make the distinction

[kaedemichi255]

The distinction really should be made between RSA encryption keys used for crytopgrahic algorithms, and RSA SecureID Tokens, which are what this news item is referring to, but are different from the public/private encryption keys!

Re:We should be careful of this....

[bobbuck]

Just one problem. As computers get bigger they can check more keys. But a MUCH smaller match in computer power can make the keys so much bigger. Compare a 40bit key vs 80bit key. Bob and Alice's computer has to do twice as much work at 80bits. Eve-the-evesdropper's computer has to do 2^40 times as much work. (I know this is not techincally correct but it's the same idea.)

People have been trying to factor large numbers for a long time, and it's a difficult problem.

Merry Christmas! (or as they say at the NSA: qp93eywufaldksvnh)

Re:Sweeden uses a similar token system

[pekkak]

It's the same in Finland. I have a card with about 100 disposable passwords and when I have used most of the passes the bank sends me a new card. In my opinion this is a lot more secure method than the permanent password scheme employed by many American banks. No offense, but as can be seen from the many comments posted here already, the US banking system is not exactly the state of the art. I mean, US still uses paper checks which I find astonishing. There must be incredible amounts of work and thus expenses involved in handling all those checks.

Re:Banks are the problem

[Obiwan Kenobi]

I call FUD. I've worked in banks (and credit unions) as a network admin for over six years, and that is some bullshit.

Now, understand that banks will use your information any way they can in-house, manipulate numbers and deposit totals and anything else analytical so they can sell a credit card or a loan (its called cross-selling). But what they cannot do is give your information to other 3rd parties without your direct consent unless its under federal mandate and/or decree (read: court order and/or the Patriot act).

Now this is all fine and good, but when you do something substantial with your money and/or your financial outlook (say, investing or buying a home), you open up yourself to offers from 3rd parties. You sign a document saying so.

Now the easiest thing is, before you sign something, ask them which companies are going to be behind this new venture. Whether it be an investing house (a lot of banks will farm out investing to a subsidiary and get kickbacks on it) or mortgages (who owns this loan? Can they sell it to a 3rd party mortgage company at a later date?), you need to simply be aware.

Feel free to google "Bank Privacy" and read up on the hometown banks and the big boys: They all pretty much say the same thing. If they are under FDIC (for banks) or NCUA (for credit unions), they all fall under the same guidelines: Your information cannot be shared unless you say so. The federal privacy statements which are mandatory to be handed out upon opening an account, etc, say the same thing.

Offshore data management services is simply a scarier way of saying Disaster Recovery. You want your bank to keep running even if the home office (or data center) explodes, right? Then don't start bitching about them backing up data in different places.

Re:Heh? This is old news

[EvilIdler]

Not just a couple - I had it *eight years* ago with Storebrand..

SEB uses VASCO SecureID tokens

[hanssprudel]

Since this is already being moderated up, I want to note that poster is wrong.

The system that the grandparent describes is based on VASCO [vasco.com] "Digipass" devices, that work just like the RSA secureid tokens, only that they also support PINs and challenge/response authentication. That means that if everything is done correctly (which I can't swear to) these tokens, which SEB have been using for more than five years, are considerably more secure than the normal RSA SecureID.

Basically (very simplified) your normal SecureID will create a checksum from a secret and the current time, so the server can verify that person logging in is holding the token at this time. The Digipass, on the other hand, creates a checksum of the secret, the time, and the challenge from the server. This verifies that the person logging in has access to the token at this time, and created a checksum for this particular log in. And the fact that it also requires a personalized PIN to access the device means that stealing it will do you little good.

Re:Banks are the problem

[jasonditz]

The bank I used to use actually said the exact opposite: They can share with anybody unless you specifically tell them not to.

The thing is, every 3 months or so they send a new copy of the (slightly modified) privacy agreement and if you don't send them another letter saying don't share my info, they consider it acceptance of the 'new' policy.

Re:We should be careful of this....

[Spiked_Three]

"If banks are to adopt a universal crypto system, then perhaps AES or some form of elliptic curve crypto would be a better choice?"

AES was not written in the US - so it is highly unlikely that US banks would adopt it as a first solution. Keep in mind the only US organization (NSA) that can truly say whether or not it is breakable will not say.
Same goes for eliptical curves - they (NSA) will definetly say not all curves are secure - but they will not say which ones and why, but I doubt if you will see eliptical curves in any military applications in the future.

Neither of these are possible choices for US banks.
I have sat in these meetings between banks and NSA - and the banks are in quite a bind - they know they need to move past DES, but NSA won't tell them anything classified - so they have to put their foot out looking for the landmines on their own. Then NSA pipes up and shakes their head "no" when the do something wrong, which so far is everything. So what are the banks to do? My bet is they do eventually end up with AES, but after a couple of false starts.

Re:SecurID vs. Smart Cards

[Nonesuch]

writes:

"RSA keys" in the title is a bit misleading.. It makes it sounds like a full crypto implementation, using smart cards and all the capabilities that implies. Confusing the RSA crypto algorithm, with the SecurID card, a product made by the company RSA.

A common mistake. Most of the articles [com.com] I've seen lately on the subject have not mentioned either "RSA" or "SecurID", just talking about "devices" or "tokens" or perhaps "two factor authentication".

SecurID is just a clunky authentication system using a hardware token to display numbers used for the authentication (although, they do also offer software tokens. there is nothing magical about the hardware)

Why not go to a modern smart card system? It can store full certificates, and tie directly into really strong security/crypto. Tie the smart card / cert into the autentication of your system, and into IPSec, SSL, etc.

SecurID offers only the authentication piece, based on a completely closed algorithm.

The SecurID hardware token has two primary advantages over smart cards, and most other authentication tokens:

• RSA has patents on time-based tokens [yahoo.com], this allows for a simple sealed hardware token without any buttons.
• No additional hardware or software or drivers are needed to authenticate. Just the token and (optionalyl) a user selected PIN.

While smart cards have their place, they are not so great for handing out to remote users. For example, does anybody actually use the card reader that was distributed in the American Express "Blue" promotion a few years back?

SecurID tokens use AES, not RSA algorithm

[Nonesuch]

How long before someone finds a fast way of factoring large numbers and we're all screwed?

There's no direct relationship between the SecurID tokens sold by RSA and the old RSA algorithm. Actually, the latest generation of SecurID tokens use AES, however RSA still ships backlogs of the older tokens which are built around a proprietary hash.

Like most other response-only tokens, the authentication is based not on large primes like public-key authentication but rather on a shared secret (one embedded in the token, the other stored on the authentication server.

Much work has been done towards cryptanalysis of response-only tokens, and a well-designed authentication system is very difficult to break blindly, just from observation of a few response pairs. There have been potentially successful attacks proposed against the old SecurID tokens due to a "vanishing differential" problem with certain seed values, but no proof of concept against that has succeeded, and the new AES tokens should not be vulnerable. More on this is available from the SecurID Users group [yahoo.com].

As a counter-example, the old X9.9 challenge-response authentication system was based on DES encryption, and was not well-designed, was fatally flawed. Observation of a handful of challenges and responses cojuld allow an attacker to determine the seed value and compromise the authenticator.

Open source securid-like tokens.

[Nonesuch]

Tracy Reed writes:

Around 5 years ago I was looking for a way to have a secure-id sort of solution without having to buy the proprietary software and hardware without any success.

The first "open" standard for authentication tokens was part of ANSI X9.9, and was broken (and subsequently retracted [webservertalk.com]) back in 1999. The old X9.9 algorithm is still available as an optional authentication method in several hardware tokens offered by competitors of RSA/SecurID.

Have you looked at GNU SASL [gnu.org] (Simple Authentication and Security Layer framework)?

I even looked into building my own (I know a little about microcontrollers for the hardware device portion) but was not able to come up with any suitable algorithm. It seems like the security of our Linux systems and other systems which require authentication could really benefit from something like this.

An open source implementation of the SecurID time-based authentication algorithm is not possible because RSA holds several patents covering their whole time-based authentication scheme. The closest solution in the open-source world might be OPIE (formerly S/Key). OpenBSD and other operating systems include S/Key support in the base OS.

There are OPIE calculators for MD4/MD5 in Java and for most handhelds, but it is tough to find a SHA-1 or RMD-160 implemention, and I have yet to run across any dedicated hardware device that does nothing but handle OPIE authentication. With the uncertainty about SHA-1, You might plan to implement only RMD-160 (160 bit Ripe Message Digest). Tokens would need a bit more CPU power to handle a few hundred rounds, but at least there is a good chance that RMD will still be a viable hash, long after SHA-1 falls.

HBCI and GnuCash

[Thorak]

German banks use DES and RSA keys on chipcards for years. Together, they developed the Homebanking Computer Interface (HBCI) and the FinTS - Financial Transaction Services: http://www.hbci-zka.de/english/index.htm/ [hbci-zka.de]

It works like a charm with http://www.gnucash.org/ [gnucash.org]. I just insert my chipcard into my reader and can do as many transactions as I want without the hassle of PIN/TAN crap and have a fully working financial solution for my everyday need.

Re:Heh? This is old news

[roady]

Most of Europe is actually using either RSA tokens or RSA smartcards already.

Re:Yes, it IS different...

[oliverthered]

If you read the GPP you would have found out that CR is less prone to man-in-the-middle attacks.

A CR system can take multiple inputs (one of which could be a hash of your transaction data)
making the response unique to the transaction.

SecurID uses a simple token that is not unique to the transaction and so is very vulnerable to man-in-the-middle attacks.

Broken as everyone knows

[Anonymous Coward]

The big players on the field have broken rsa years ago already. The small ones can crack only about 2048 bit keys at the moment. That stuff is really protecting you from the John Does and amateurs only.