MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents

Transcription

1 MobilePASS SOFTWARE AUTHENTICATION SOLUTIONS Security Features Contents Introduction... 2 Technical Features... 2 Security Features... 3 PIN Protection... 3 Seed Protection... 3 Security Mechanisms per Operating System... 5 Summary About SafeNet Authentication Solutions List of Tables Table 1 MobilePASS Security Mechanisms for Apple ios... 5 Table 2 MobilePASS Security Mechanisms for Android... 6 Table 3 MobilePASS Security Mechanisms for Microsoft Windows Desktop... 7 Table 4 MobilePASS Security Mechanisms for BlackBerry OS Table 5 MobilePASS Security Mechanisms for BlackBerry OS Table 6 MobilePASS Security Mechanisms for Microsoft Windows Phone Table 7 MobilePASS Security Mechanisms for Mac OS X Page 1 of 12

2 Introduction SafeNet s MobilePASS family of one-time password (OTP) software authentication solutions combines the security of proven two-factor strong authentication with the convenience, simplicity, and ease of use of OTPs generated on personal mobile devices or PCs. By turning a mobile phone into a two-factor authentication device, organizations save significantly on hardware and deployment costs, while users benefit by not having to carry an additional hardware token around with them. MobilePASS is available for all leading mobile devices, including BlackBerry, iphone, Android, Windows Phone7, Mac OS and Windows desktop. The purpose of this document is to review the various security mechanisms that are designed to protect the MobilePASS application, OTP seeds and other MobilePASS functionalities from malicious activity or in the event that a user s mobile device is misplaced, stolen or lost. Technical Features Over-the-Air Automatic Activation: MobilePASS enables automatic activation over the mobile device data connection link. The automated activation is easy to use by the end user, and at the same time enforces enterprise policies for the token settings. During MobilePASS automatic activation, users provide an activation credential that is delivered to the user out of band. The one time activation credentials ensure that the token is indeed activated by the authorized user. The MobilePASS application establishes a secure communication channel with the Authentication server s activation service and sets the OTP secret that is used to generate one OTP. Policy Driven Activation: MobilePASS tokens are activated in accordance with policy settings configured in the authentication server. The policy settings managed in the server control which users are authorized to activate MobilePASS tokens as well as the appropriate security settings of the application, such as PIN quality, device qualification and lockout policy. The activation policy setting enables flexible and effective policy management, enforcing the appropriate level of security. Comprehensive OTP Algorithm Support: MobilePASS tokens support industry standard OTP generated algorithms, from the OATH initiative ( The solution enables OTP tokens to be used with Time synchronous Algorithm (TOTP), Event Synchronous (HOTP) or Challenge-Response (OCRA) algorithms. The OTP algorithm used is determined by policy settings in the SafeNet token management server along with any additional security settings. o The use of standards based algorithms that have gone through public scrutiny and the ability to match the proper algorithm and policy setting to the different user communities enables a conscious implementation that lets organizations mitigate risks with security mechanisms. MobilePASS SDK: In addition to the mobile applications, MobilePASS ships with an SDK that allows the embedding of MobilePASS security functionality within other mobile applications. The availability of the SDK enables the creation of customized apps and software tokens that are compatible with the SafeNet authentication solutions and enjoy the same level of security and functionality. Enhanced PIN complexity: Support for numeric and alphanumeric PINs as well as the ability to set a token policy disallowing trivial PINs Page 2 of 12

3 Security Features SafeNet is committed to ensuring the security of the MobilePASS software authentication solution. Below are key security features that are built into the software token implementation to secure the operation and management of the MobilePASS solution. PIN Protection 1. Device PIN Protection: Most mobile device comes with a device PIN protection option that allows the mobile user to designate a secret PIN which is then required in order to unlock the device for use. Enabling this PIN protection mechanism provides users with the first layer of defense in preventing unauthorized users from gaining access to the MobilePASS application stored on the device and generating passwords. 2. Mobile Application PIN Protection: While the device PIN protection is a mobile device feature, MobilePASS also includes optional token PIN protection instead or on top of the device PIN. IT policy can be set to control and enforce PIN length and lockout policy 3. OTP PIN Protection: An additional OTP PIN may also be required by the authentication server policy in order to login to the protected application. By using the OTP PIN at the server layer, even if a token application is compromised, the unauthorized user would still need to know the OTP PIN in order to successfully login to the application. Such OTP PIN length and lockout policy are also configurable in the authentication server policy settings. Seed Protection Generating a One-time Password (OTP) in a secure fashion relies on a secret key that is shared between the OTP generator application (or device) and the OTP validation server. The secret key is referred to as the OTP seed. Ensuring the seed is not compromised is a key security aspect of OTP authentication. As such the OTP seed used by MobilePASS needs to be protected at: Enrollment to secure the OTP from leaking seed during the activation process Mobile Device to secure the OTP seed stored the mobile device Authentication Server to secure the OTP seed stored by the server to validate authentication requests Following are the key mechanisms used to protect the MobilePASS OTP seed: Secure activation protocol - While the automated activation process is performed over a Secure Socket Layers (SSL) transport, the activation process of MobilePASS tokens also uses the DSKPP protocol (RFC 6063 is available at ) to secure the OTP seed key exchange. The DSKPP protocol used is the four pass variant which ensures that there is a secure key exchange between the MobilePASS application and the MobilePASS activation service on the backend and that the OTP seed is never transmitted over the communication line. The DSKPP authentication data is transferred using the enrollment . The activation information is valid for one activation - and for a short period of time. When the activation process is started, the enrollment information is passed to the MobilePASS application including user authentication code. Page 3 of 12

4 1. Secure seed server storage once activated, MobilePASS s OTP seed is encrypted by the SafeNet Authentication server and can be further protected by using a Hardware Security Module (HSM). 2. Dynamic seed generation - with SafeNet MobilePASS, the OTP seed is not predefined on the server side and transmitted to each device. Instead it is randomly generated throughout the enrollment process of the MobilePASS authenticator and set on the client and server side during the activation process. This prevents multiple instances of the MobilePASS application using the same seed. 3. Secure device seed storage Once generated, the MobilePASS application stores an encrypted OTP seed in a protected storage using mobile device specific mechanisms. The goal is to protect the seed from being used by other applications or users, and from being copied to another device. Security of the stored data is affected by the following considerations: Key Store Access which applications and users can access the stored key Key Encryption how is the stored key protected from other user access Copy Protection how is the stored key protected from being duplicated to another device 4. Intruder Key Reset MobilePASS can be configured to resist incorrect PIN attacks using the token policy setting. When an incorrect PIN is entered for more than the predefined treshold the token gets reset as token data is erased. Page 4 of 12

5 Security Mechanisms per Operating System Tables 1 through 7 below provide platform specific implementation details on how each of the mechanisms detailed in the section above are implemented in each operating system. Mobile Platform Security Feature Mechanism Comment MobilePASS 8.4 for Apple ios Key store Access The OTP seed is stored in the ios KeyChain KeyChain enables sandboxed keys per application. This means that each application only has access to its own KeyChain elements. Therefore, no other applications are able to read the MobilePASS KeyChain data. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection MobilePASS KeyChain elements are non- migrate-able so that backup and restore are not supported IOS 6 or later. Certification MobilePASS relies on native ios FIPS validated crypto libraries. Details on Apple ios crypto libraries validation can be found here and here. Table 1 MobilePASS Security Mechanisms for Apple ios Page 5 of 12

6 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for Android Key store Access The encrypted OTP seed is stored on the Android OS in the MobilePASS application's private folder. Files saved to in an application private folder are only accessible by the application - no other application can access the folder. When the user uninstalls the application, these files are removed. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The MobilePASS application is marked with the allowbackup attribute set to false, to prevent it from being backed up from the device. The allowbackup attribute determines if an application's data can be backed up and restored. Code is run through obfuscation APK process to deter reveres engineering efforts Table 2 MobilePASS Security Mechanisms for Android Done over the entire installation package Page 6 of 12

7 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.4 for Microsoft Windows Desktop Key store Access Secure Key Storage The MobilePASS application uses Windows Data Protection (DPAPI) to secure the OTP seed. DPAPI ensures that for each user on a system, a different set of encryption keys is maintained and used to encrypt the key storage. File System Protection - The file is stored in %AppData% (typically points to C:\Documents and Settings\<user dir>\application Data) which provides another level of security from other users of the system. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token information and seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The file contents are encrypted using Windows Data Protection (DPAPI) which means it cannot be used by any other user on the same machine and any user on any other machine. Certification MobilePASS relies on Microsoft Windows validated crypto libraries Table 3 MobilePASS Security Mechanisms for Microsoft Windows Desktop Details on Windows crypto libraries validation can be found here. Page 7 of 12

8 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for BlackBerry OS 10 Key store Access The encrypted OTP seed is stored on the Blackberry Android runtime framework in the MobilePASS application s private folder. Files saved to the internal storage are private to the particular application and other applications cannot access them (nor can the user). When the user uninstalls the application, these files are removed. Note: The MobilePASS application is based on the Android runtime environment in Blackberry and the MobilePASS for Android application codebase. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The MobilePASS application is marked with the allowbackup attribute set to false, to prevent it from being backed up from the device. Table 4 MobilePASS Security Mechanisms for BlackBerry OS 10 The allowbackup attribute determines if an application's data can be backed up and restored. Page 8 of 12

9 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for BlackBerry OS 6 Key store Access MobilePASS is protected by the SafeNet private key. The SafeNet private key is part of the BlackBerry Access Protection (ControlledAccess API) system that prevents unauthorized applications from accessing the protected data. Key Encryption The OTP seed is encrypted using AES-128 before it is stored by the application. The encryption key is derived from the application PIN. Copy Protection MobilePASS application data is protected by the SafeNet private key, which prevents the data from being accessed by a backup application. The data therefore cannot be backed up. Table 5 MobilePASS Security Mechanisms for BlackBerry OS 6 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.2 for Microsoft Windows Phone 7 Key store Access The encrypted OTP seed is stored on the Windows Phone 7 using an isolated storage mechanism. Files saved to the isolated storage are private to the particular application and other applications cannot access them. When the user uninstalls the application, these files are removed Key Encryption The OTP seed is encrypted using AES-128 before it is stored by the application. The encryption key is derived from the application PIN. Table 6 MobilePASS Security Mechanisms for Microsoft Windows Phone 7 Page 9 of 12

10 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.2 for Apple Mac OS X Key store Access The OTP seed is stored in the MAC OS KeyChain store. The encryption key is derived from the application PIN. Key Encryption The OTP seed is encrypted using AES 256 before it is stored in the key chain. The encryption key is derived from the application PIN. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. Key to keychain is derived from non-migratable Copy Protection device parameters like serial ID/hardware UUID. Hence the application will not be able to access the keychain when OS backup is restored to a different machine. Table 7 MobilePASS Security Mechanisms for Mac OS X Page 10 of 12

11 Automation and Token Management 1. Dynamic re-seeding: if needed, MobilePASS can be easily re-enrolled which reseeds the application with new OTP seeds. 2. Immediate revocation option: in situations where a mobile device is stolen, lost or cracked, the MobilepPASS user notifies their IT administrator who can immediately revoke access for that specific MobilePASS authenticator by disabling it or deleting it from the Authentication Server. This ensures minimal security exposure to the corporate information system. Further, the user selfenrollment and over-the-air deployment capabilities enable quick and easy installation of a new MobilePASS authenticator on the user s replacement device. 3. Clock tamper detection: A known attack on Time-based passcodes is to change the device time ahead so that OTPs can be harvested for future use. MobilePASS can detect if the device time has been recently changed and will prompt the user to confirm whether the device time is currently accurate or not. If the user confirms that the current time is accurate, it means that the device clock has been tampered with. In this case the token will be revoked and the user will be asked to go enroll a new token. 4. Event-based passcode delay policy: In order to prevent generating a large number of passcodes in a short period of time, MobilePASS supports a delay policy between passcode generation events. The delay prohibits generation of a new passcode for the allotted time duration. Time delay duration can be configured to 10, 30 or 60 seconds. Page 11 of 12

12 Summary MobilePASS offers powerful protection and access control for remote and local network access. It is compatible with the broadest range of mobile clients, and provides secure and convenient access to remote systems, such as VPNs, Citrix applications, Cloud applications, Outlook Web Access, and Web portals. It also offers strong authentication for secure local network access. With the enhanced authentication capabilities and security mechanisms, organizations can be assured of multi-layered protection, including: Support for both device and software PINs Immediate license revocation and re-activation Protection from replication and duplication OTP seed encryption About SafeNet Authentication Solutions SafeNet s strong authentication solutions, delivered as-a-service or on-premise, offer fully-automated, highly secure authentication with the widest choice of authentication methods and form factors. Strong authentication is made easy through the flexibility and scalability of automated workflows, and with extensive self-service portals, contributes to significant reductions in total cost of ownership. With no infrastructure required, SafeNet authentication solutions enable a quick migration to cloud environments, and protect everything, from cloudbased and on-premise applications, to networks, users and devices. For more information regarding SafeNet s complete portfolio of authentication solutions, visit Page 12 of 12