Token Threats

An Attacker who can gain control of a token will be able to masquerade as the token’s owner. Threats to tokens can be categorized based on attacks on the types of authentication factors that comprise the token:

 Something you have may be lost, damaged, stolen from the owner, or cloned by the Attacker. For example, an Attacker who gains access to the owner’s computer might copy a software token. A hardware token might be stolen, tampered with, or duplicated.

 Something you know may be disclosed to an Attacker. The Attacker might guess a password or PIN. Where the token is a shared secret, the Attacker could gain access to the CSP or Verifier and obtain the secret value. An Attacker may install malicious software (e.g., a keyboard logger) to capture the secret. Additionally, an Attacker may determine the secret through offline attacks on network traffic from an authentication attempt. Finally, an Attacker may be able to gain information about a Subscriber’s Pre-registered Knowledge researching the subscriber or through other social engineering techniques. (For example, the subscriber might refer to his or her first pet in a conversation or blog.)

 Something you are may be replicated. An Attacker may obtain a copy of the token owner’s fingerprint and construct a replica.

This document assumes that the Subscriber is not colluding with the Attacker who is attempting to falsely authenticate to the Verifier. With this assumption in mind, the threats to the token(s) used for e-authentication are listed in Table 10, along with some examples.

Table 10 Token Threats

Token Threats/

Attacks Description Examples

Theft A physical token is stolen by an

Attacker.

A hardware cryptographic device is stolen. A one-time password is stolen.

A look-up secret token is stolen. A cell phone is stolen.

Discovery The responses to token prompts are

easily discovered through searching various data sources.

The question “What high school did you attend?” is asked as a Preregistered Knowledge Token, when the answer is commonly found on social media websites. Duplication The Subscriber’s token has been

copied with or without his or her knowledge.

Passwords written on paper are disclosed. Passwords stored in an electronic file are copied.

April 17, 2014 - Version 1.3 (FINAL) 49 Token Threats/

Attacks Description Examples

Look-up token copied. Eavesdropping The token secret or authenticator is

revealed to the Attacker as the Subscriber is submitting the token to send over the network.

Passwords are learned by watching keyboard entry.

Passwords are learned by keystroke logging software.

A PIN is captured from PIN pad device. Offline cracking The token is exposed using analytical

methods outside the authentication mechanism.

A key is extracted by differential power analysis on stolen hardware cryptographic token.

A software PKI token is subjected to dictionary attack to identify the correct password to use to decrypt the private key. Phishing or

pharming

The token secret or authenticator is captured by fooling the Subscriber into thinking the Attacker is a Verifier or RP.

A password is revealed by Subscriber to a website impersonating the Verifier. A password is revealed by a bank

Subscriber in response to an email inquiry from a Phisher pretending to represent the bank.

A password is revealed by the Subscriber at a bogus Verifier website reached through DNS re-routing.

Social engineering

The Attacker establishes a level of trust with a Subscriber in order to convince the Subscriber to reveal his or her token or token secret.

A password is revealed by the Subscriber to an officemate asking for the password on behalf of the Subscriber’s boss.

A password is revealed by a Subscriber in a telephone inquiry from an Attacker

masquerading as a system administrator. Online guessing The Attacker connects to the Verifier

online and attempts to guess a valid token authenticator in the context of that Verifier.

Online dictionary attacks are used to guess passwords.

Online guessing is used to guess token authenticators for a onetime password token registered to a legitimate Claimant.

3.2.7

THREAT MITIGATION STRATEGIES

Token related mechanisms that assist in mitigating the threats identified above are summarized in Table 11.

Table 11 Mitigating Token Threats

Token Threats/

Attack Threat Mitigation Mechanisms

Theft  Use multi-factor tokens that need to be activated through a PIN or biometric. Duplication  Use tokens that are difficult to duplicate, such as hardware cryptographic

50 April 17, 2014 - Version 1.3 (FINAL) Token Threats/

Attack Threat Mitigation Mechanisms

Discovery  Use methods in which the responses to prompts cannot be easily discovered. Eavesdropping  Use tokens with dynamic authenticators where knowledge of one authenticator

does not assist in deriving a subsequent authenticator.

 Use tokens that generate authenticators based on a token input value.

 Establish tokens through a separate channel. Offline cracking  Use a token with a high entropy token secret

 Use a token that locks up after a number of repeated failed activation attempts. Phishing or

pharming

 Use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator.

Social engineering  Use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator.

Online guessing  Use tokens that generate high entropy authenticators.

There are several other strategies that may be applied to mitigate the threats described in Table 11:

 Multiple factors raise the threshold for successful attacks. If an Attacker needs to steal a cryptographic token and guess a password, then the work to discover both factors may be too high.

 Physical security mechanisms may be employed to protect a stolen token from duplication. Physical security mechanisms can provide tamper evidence, detection, and response.  Imposing password complexity rules may reduce the likelihood of a successful guessing

attack. Requiring the use of long passwords that do not appear in common dictionaries may force Attackers to try every possible password.

 System and network security controls may be employed to prevent an Attacker from gaining access to a system or installing malicious software.

 Periodic training may be performed to ensure the Subscriber understands when and how to report compromise (or suspicion of compromise) or otherwise recognize patterns of behavior that may signify an Attacker attempting to compromise the token.

 Out of band techniques may be employed to verify proof of possession of registered devices (e.g., cell phones).