Slashdot Mirror
Ask Slashdot: Open Hardware/Software-Based Security Token?
Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?
www.yubico.com ... not quite FOSS but its your ticket....
You can set up 2nd factor using SMS pretty easily, and have it text you a second password that's good for five minutes.
Definitely the cheapest option.
If you make your own token with an arduino and an LCD and a real time clock and a battery you've already paid for the RSA tokens.
=Rich
Yubikey is a USB OTP generator, it can be integrated quite easily and it has ssh and a little fast dig up I found this link about yubikey and openvpn..
http://www.yubico.com/applicat...
http://forum.yubico.com/viewto...
Â_Â
My organization uses 2FA with a standard that's compatible with Google Authenticator and a Yubikey (OATH: http://en.wikipedia.org/wiki/I... and http://www.nongnu.org/oath-too...). People with smartphones could use Google Authenticator to obtain auth tokens; an inexpensive ($25 per person) yubikey provides a very easy way to enter tokens without much hassle; and the open-source oathtool can generate tokens for other uses (i.e. add a "paper" authentication device with a long list of sequential tokens).
SSH keys on read only SD Card?
- http://www.milkme.co.uk
A self-selling token...
For software tokens, Google Authenticator has apps for Android, iOS, and BlackBerry. They implement the TOTP standard, so any compatible code-generating software (such as the J2ME app I have on my non-smartphone) will work with it.
They also have a PAM module that works with SSH (or anything else that uses PAM). I've used it before, and it works great.
For reference, neither the apps nor the PAM module depend in any way on Google services, they don't send any data to Google, and will work perfectly happily in a totally offline environment (assuming all the servers and client apps have synchronized clocks).
A secnod for Yubikeys. We love them. You can load your own key onto them so there is no worries when a third party (like RSA) gets hacked. There are open souce tools to configure them and run authentication servers. Integrated with PAM, and can be used with radius servers. And they are about $25 each, with no expiry date.
I'd include links - but there are a lot of them depending on what you want (Linux, PAM, Apache, Andoird, iOS, etc) - So, "Just Google it!"
FreeOTP and/or Google Authenticator may be exactly what you want from the client side.
I made a server-side implemention to get started with a little while ago:
https://github.com/adsllc/PHPO...
I'd like something like this for a mixed Windows/Mac/Linux network but the costs are just prohibitive.
Yubikeys are $25 each for the hardware, and $45 PER USER. That's just ridiculous when you scale up, and there's an awful lot of manually faffing about to get to the point that it works.
To be honest, in my scenario (primary/secondary schools), I'm not looking for 2-factor as much as "I don't have to remember my password" login. If someone has the key, they have access (but only to another pupils account, which is nothing), and leave 2-factor as only a consideration for the staff (so then you could buy Yubi just for the staff, etc.). But anything software-licensed per-user is just ludicrously expensive when you start adding it up, on top of the "per-user" device costs to start with.
To be honest, I'd pay £10 each for a set of USB tokens that - when you press the button - just types in a username/password for you. Yubikey doesn't solve that problem on Windows, it just makes existing logins much more complicated (and, as pointed out in their manuals, when you get into mobile access they are useless anyway).
If someone could come up with a £10 USB keyboard-emulating device that types in a given string (I can code it so it presses tab / Return in all the right places, etc.), I'd probably buy it.
But on Windows, Yubikey is just too expensive for the software. I can't believe, given how little it does and how "third-party" it still feels after you've installed, that it costs that much to develop the Windows side of the software.
https://github.com/stolendata/...
I have had a smart card setup for a little while. I use it for both OpenVPN and SSH access. I created the card by making my own CA and then using OpenSC to write to the card itself. There are some other cool things you can do like us it for PGP signing. I got a whole kit for about $100 bucks that came with a reader/writer, 2 cards and one USB thing. https://www.opensc-project.org...
If you only want a semipublic file share, just stand up a free AWS Linux instance and lock it down to SSH/SFTP. You get a few GB of free cloud storage (I don't actually know the limit, but I have 8 online now and have never paid a dime), and can sleep well knowing that a breach just means standing up a new instance rather than the end of your career.
You only really need to let people get onto your corporate network if you want to set up "real" remote access such as VPN or, as you mention, one of those crazy-expensive RSA Citrix gateways. And no offense, but the very fact that you have asked Slashdot how to do this on the cheap suggests that you really shouldn't do it at all (aside from my "safe" suggestion above).
> For fans of software scheme: you must tell how your soft tokens resist attack by malware.
A solution doesn't have to be a panacea for all attacks. A soft token could be on your phone, assuming you do not also use the phone to directly access the service, that is pretty decent protection. I would consider needing to also find and gain access to your phone, in addition to whatever access they may otherwise be able to get, as a pretty decent addition to the resistence.
> Remember that to get pay-tv signals, folks were willing and able to design special ICs.
Remember that people were willing to pay for those ICs to decode signals they already otherwise had access to, meaning there was a rather large potential market for those ICs before they were produced, especially since it is decently hard to justify how you are doing anything wrong by simply recieving and manipulating a signal...you aren't even stealing a service, you are just, not using their descrabling service, just providing your own instead; for a signal you could already recieve.....
"I opened my eyes, and everything went dark again"
It's not a two factor authentication, it's actually a means of generating one time passwords. In a nutshell, you can have a local device calculate the password based upon a challenge sent from the system you wish to log onto, or you can preprint a list of passwords that you can use to log onto the system.
See http://en.wikipedia.org/wiki/O... for a general description of the method. You ought to be able to find out more using that page as a starting point.
I'm surprised no one has mentioned Mobile-OTP (http://motp.sourceforge.net/). Perhaps it's a bit older, but it's absolutely free assuming your users have a mobile phone. (It doesn't even necessarily have to be a smart phone). We use this to secure our SSH gateways and it's not bad to set up -- it uses PAM.
See:- https://www.grc.com/sqrl/sqrl....
Using a smartphone as your token, and if that is not secure enough for you, I am for my sins presently building an HSM that will interface over NFC with the smartphone to keep all the cryptography parts and master key outside of the potentially vulnerable computing platform. Further I promise as do many of us working on this project to make everything we can public domain or at the least open licensed.
Before making comment on this please do read and digest all the reference material, TL;DR; does not cut it in crypto.
Strictly speaking, a USB (or bluetooth, or whaver) device has the potential to be MORE secure... IF it meets the following criteria:
* Negotiates directly with the remote service requesting authentication credentials, and has robust logic to detect MITM situations. For the purposes of this example, the local operating system is merely a bucket-brigade dumb transport layer that facilitates the delivery of packets between the token and remote login service.
* Has its own onboard hardkeys under the exclusive control of the token, with some degree of logic to verify that the user is deliberately consenting to the login attempt... preferably, enough to implement some kind of secondary authentication. I'm totally not a fan of biometrics, but if there's anyplace where a fingerprint sensor might be appropriate as the equivalent of a residential keyed non-deadbolt lock that says 'no' to casual attackers, without even pretending it could survive a full-on attack from someone willing to do something drastic (like break the door down), it's probably HERE.
* Has its own display, under the exclusive control of the token, and logic to display an appropriate level of concern to alert the user to unusual situations. For example, being asked to authenticate to ${some-specific-server} for ${limited-purpose} might merit full-on warnings the first time you authenticate, but require little more than a finger swipe or button press for subsequent uses that don't exceed some user-defined threshold.
Unfortunately, I've never even SEEN a hardware token available to non-enterprise customers even REMOTELY in the same ballpark as the feature set I've listed. Manufacturers just can't resist the temptation to eliminate the cost of an expensive dedicated display, or multiple hardkeys, or some comparable dedicated input and output hardware that's sealed, self-contained, and has no dependencies upon the security of anything beyond the token itself. It also assumes at least minimally-savvy users who'll take the time to at least read the first-time/threshold-exceeded warnings, and won't just blindly swat them away without independently contemplating their possible implications.
Ideally, the token would also have some additional security layer that causes it to be disabled permanently if the person with whom it's associated ceases to be alive (to ensure that a robber couldn't force you to tell him your access code at gunpoint, then shoot you anyway. If he knows that his free fountain of money shuts down the moment you die, he'll have more incentive to employ heroic means to keep you alive even if he's the reason you're in danger of death to begin with.
Finally, you'll want to have the token itself be a delegate of some master token, with a reissue procedure for replacing it with a new token that has multiple layers of identity-authorization, since there's always a very real risk of loss. It's little comfort knowing a thief can't get at your money if, from your perspective, it's as gone as if it were in a concrete vault at some unknown spot on the floor of the Pacific Ocean.
There is "secure enough". A token on a smartphone is vulnerable to unknown backdoors... but for almost anything but some high profile target, it will do the job decently well.
I have an older HTC phone (HTC One X Plus) running CM whose job it is to act as a backup token. Since it has no SIM card, and the Wi-Fi antenna isn't on, it is good enough. Physically, it uses dm-crypt and encrypts the /data partition using a long passphrase that is separate from the screen lock password. I don't think access to my stuff will get someone wanting to make an ASIC mask, so for my stuff, this is good enough.
If I were worried, I'd probably go with a vendor and a hardware, tamper-resistant key fob, such as what Amazon, PayPal, or Amazon ship. Still not 100%, but good enough.
https://www.authy.com/
Its the easy button for 2FA
I'm reminded of the IBM ZTIC. Great device, because it only used the computer as a means of getting power and a means of getting data from the device, via the USB port, over the network, to the bank, via a secured channel (encrypted from the device itself, so a malware-laden computer could only deny access, not tamper with packets.) When doing a bank transaction, the ZTIC would show on its screen the transaction and one would confirm/deny it on the device.
However, in the real world, I read complaints about the USB driver, and the fact that it only worked under Windows.
Since 3G chips are so cheap, I wonder about a device that is pretty much the same as a ZTIC, except uses its own low bandwidth cellular connection to contact the bank and be used as a second confirm/deny channel.
For general computer use, this device could function as a 2FA token, but when someone did an action like change a password or attempt to view/modify some critical records, the device would prompt for confirmation.
As for biometrics, I wouldn't trust them completely. A fingerprint scanner similar to the one on the iPhone 5S might be "good enough", but definitely have the ability to enter a PIN if needed.
RSA did implement their scheme as an iPhone app. If you're willing to consider something that might work as a smart-phone app, think about S/Key. It's supported as a PAM module for the *nixes. (Of course, that assumes you're willing to trust the smart-phone apps.)
I recall using S/key ages ago (1990s) back in the days of Telnet (before ssh.) Back then, if you didn't have an S/key calculator, you could also use a paper list of one-time passwords. Ever so often, we had to re-seed our s/key (because we limited the number of passwords per. seeding.) S/key can be a bit annoying, but it ought to be cheap to implement.
If you want to go with a hand-held device, I'm sure you could implement an S/Key end-user calculator on an Arduino or Raspberry Pi - but how much can you afford to spend? I wouldn't be surprised if a Arduino-like solution cost more than RSA tokens.
S/Key is focused on a single server. If you require your users to connect through a bastion host, it might be workable - but the model breaks down if you want multiple servers, unless they share a filesystem.
Do you consider the TPM acceptable? I have sort-of-working but woefully incomplete code for this. There's also the work-in-progress OpenCryptoChip.
I print out a list of 100 passwords, fold it up, and keep it in my wallet. Each time I use one, I cross it out. It is small, flat, easy to carry, and always with me. :)
Just don't let your users write the name of the server and their username on it.
All true and yet, I don't see how any of that matters. The point of using the phone is it is something you have, and its not tied to the device you are connecting with. Yes, you may lose the phone more often, BUT...that just means you replace the phone and reload the software with a new key....BFD.
Stealing your phone doesn't reveal what systems you would connect to. Getting access to your laptop, doesn't provide the authentication token. Its about using two factors that are not tied to eachother in a way that a remote attacker can discern that improves the security of such a system.
which is why I strongly disagree that an app on the laptop is better.... because an app on the laptop is on the laptop, one device which connects to it all. Or another way to think of it...where is the safest place for the key to your safe.... in an unmarked envelope in your house....or in an unmarked envelope at your friend's house?
Even if your friend's house is less secure than your own, its still the better place because.... there is no way for the attacker to make the association needed to find it....even if it is your friend's house that he robs, even if he finds the key there!
Sure its not protection from specific kinds of attackers, but, if your security measures need to stand up to NSA levels of scrutiny, I have no problem declaring your requirements out of scope for this level of discussion, and far beyond most people who could benefit from simple tokens.
"I opened my eyes, and everything went dark again"
I'm inclined to agree. People rarely forget their smartphones
I've been looking at DuoSecurity. Rather than SMS they send a push notification to your phone before clearing your login. No screwing around typing codes, just a "was that you logging in from 1.2.3.4?" popup on the phone that I can use to authorize the connection.
Anyone actually used them? Is it as good as their demos?
TOTP (time-based one time keys), HOTP (hmac? one time keys), and RFC6238 are todays friendly search terms.
TOTP is what the traditional RSA tokens use, in which the time is a component of the encryption used so the code generated from the private key changes (usually every 30 or 60 seconds)
HOTP is the latest in one time pads, where each code generated is good until used but only once.
It differs from true OTPs in that the data is procedurally generated from a private key instead of all the keys/data being generated in bulk ahead of time. One hopes the private key is smaller than a crap-ton of bulk keys or binary data needed for a true OTP.
Google Authenticator is one pre-made generic solution, and you don't need to use Google to utilize it.
The encryption it uses is open and has an RFC, and their own software lets you input the private key via QR code for the user if you wish, and utilize multiple profiles/keys.
Google released an open source PAM module for all your Linux authentication needs, including SSH.
I use this myself for access to my home network (ssh + port forwards)
There are also tons of programs that run the identical encryption methods, lots being open source.
I've seen them available for every OS commonly used (and then some) plus every smartphone out there.
I've also recently purchased a Yubico key, which is a hardware version of the RSA token.
The basic model runs $25 each if you buy single keys, and they can be loaded with up to two profiles using various encryption methods and keys.
Instead of an LCD display with a rolling code, they are USB devices that show up as USB keyboard HIDs. You plug it in and once the OS has it powered and ready, there is a touch-sensitive "button" you touch and the dongle types in the code valid for that 30 second period.
It also takes into account how long it needs to type the codes (sha256 with serial can be 158 characters and takes ~3-4 seconds to type in at the default key rate)
It will always type the key that will be valid at the time its about to hit enter.
Yubico is RFC6238 compatible, and also can utilize OpenRADIUS which then makes it compatible with pretty much everything.
A third option, though more for Windows login / Active Directory, and definitely not open source, is EIDVirtual.
It basically lets you reformat a USB flash drive to contain a 4k private key and special header so along with its smartcard driver extension, the keys show up as smart cards and USB flash (technically you can still store data on the drive if you want)
The software is very cheap (7 euro if I recall), works flawlessly in AD setups (tested on XP, 7, and 8), and uses any old flash drive with 1mb of storage.
The downside of course is you don't get any of the fancy (or even required) hardware protection of the private key. I believe it uses the USB drives serial and model/make as part of its formula so blind copying isn't trivial, but the hardware exists to easily fake that info for anyone intent on doing so.
Not nearly as secure as the other options, but it is at least priced accordingly, and doesn't try to add 2-3 zeros to the pricetag for the "enterprise" label.
We use Duo at work and I use it personally (free for up to 10 users with unlimited integrations). Their app is TOTP compatible so it works well with Google Authenticator and the like. The service also supports hard tokens and 3rd party tokens like yubikey. The push works as advertised and is dead simple, and yes, it works just like the demos. Their integrations are generally easy to use. We've found their APIs to be decent as well having written our own user-registration portal as well as custom integrations for some apps.
There are smart cards at affordable price. The biggest problem is to find some that can run without a binary blob driver (would you trust it?).
I am sorry that the advice I give for free on slashdot doesn't live up to the impossibly high standard of being unassailable by major national governments with deeper pockets than the vicar of christ.
Every system has weaknesses; if you have to worry about directed attacks by dedicated actors with the resources (time and skills, or money to hire them) to focus on your systems.... then by all means, don't take the free advice you get on slashdot and feel free to raise the bar high.
However, for everyone else, raising the bar even a little bit is enough. You have to understand there is a gulf in threats between "at risk of having data casually scraped or stolen by a trojan" and "the target of a directed attack" and then again "targeted by a group with resources". Each step you can take away from the first category of risk is huge, whereas every step away from the others, really only helps a little bit....unless you have good reason to fear it.
"I opened my eyes, and everything went dark again"
Getting open hardware is not that easy. The only real open hardware I know is the crypto stick. http://shop.crypto-stick.com/e... Of course you can buy it but all plans are open. But it is relativle expensive. You can use this as a smartcard to do certificate/public-private-Keypair authentication. You could however use the Yubikey. Please note, that the Yubkey Neo (wich is about 50€) can also work as a smartcard. If you want to use one time passwords you can use the standard yubikey (~25€). Yubico is rather open but it is no open hardware! The good thing about the yubikey is that it can be initialized, i.e. your secret key, that is used to generated the OTP is not know to the hardware vendor. Recently I saw another authentication device, the "authentiKator" (http://www.authentikator.com), which similar to the yubikey but will cost only ~8€. Anyway, if you can not make up your mind at the moment, that is no problem. There is an open authentication service, which is derived from OTP authentication which supports HOTP tokens, TOTP tokens, smartphones apps, OTP via SMS or Email, the old mOTP token (which can be used on your old feature phone - maybe you want to use a crappy old nokia phone in Offline mode). You can also use cool smartdisplayer cards, in the form factor of a credit card with an eInk display! But also the yubikey can be enrolled. New token types can be added by writing a small new python module. Take a look at http://www.privacyidea.org/ which is also hosted at github. You receive a whole bunch of answers and I am curious for your decision. Kind regards Cornelius
I haven't done any admin or dev work with it, but as far as just logging in to the VPN at work Duo works very well. I initiate the VPN connection on my computer and get a pop-up on my phone almost instantly. Hit approve, and the VPN login on the computer completes. In my pre-smartphone days I used their SMS service. They'd send me 10 codes via SMS and the VPN login would say "enter code A", "enter code B", etc. Each code was used once, and a new batch sent whenever you'd used them up. (This is probably quite insecure if you use Google Voice or some similar service that redirects your texts so you can read them online.)
Plus, I used to work with Dug Song, one of the founders of Duo. Smart guy. I trust him to have done his homework.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
If your users are being equipped with 2FA client devices (or apps), an easy way to apply this security to a website is with the mod-authn-otp Apache module (disclaimer, I wrote it).
Check out LinOTP which works with just about any soft tokens like Google Authenticator and the Red Hat FreeOTP token app. Also works with the awesome Yubikey. I like how the tokens are user managed which drastically eases support.