White paper. Common attacks and counter measures. How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks

Transcription

1 White paper Common attacks and counter measures How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks KeyTalk.com

2 General Security Claims 2 Content 1 Introduction About KeyTalk KeyTalk software and platform 3 2 KeyTalk & the financial services industry 4 3 Important Terminology 5 4 KeyTalk architecture KeyTalk server KeyTalk-client End-user authentication using KeyTalk First stage details 8 5 KeyTalk implementation 9 6 Common Cyber Attacks Sniffing attack (definition) Sniffing attack (consequences) Sniffing attack (conclusion) Man-in-the-middle (definition) Man-in-the-middle (consequences) Man-in-the-middle (conclusion) Phishing attack (definition) Phishing attack (consequences) Phishing attack (conclusion) Trojan attack (definition) Trojan attack (consequences) Trojan attack (conclusion) Summary of vulnerabilities The KeyTalk protocol matrix 15 7 Conclusion 16

3 General Security Claims 3 1 Introduction The variety and sophistication of cyber attacks increases by the day. Both companies and government institutions are threatened with sniffing, man-in-the-middle, phishing and trojan attacks. In this document we examine and define the threats, how KeyTalk addresses them and we describe: How the KeyTalk platform derives benefits from X.509 compliant digital end-user certificates without implementing a full scale PKI How Internet connected machines can be exposed to various types of attacks and The vulnerabilities of technologies used in their environment (clear text, 1SSL, 2SSL and KeyTalk). The definitions in chapter 3 are an integral part of the document. They are referenced in order to define the exact boundaries of each type of attack. 1.1 About KeyTalk KeyTalk specialises in the development of easy to use and highly reliable security solutions for organisations. KeyTalk does this by providing services to users with a number of critical (high-value) transactional business processes and information. One of our many goals at KeyTalk is to improve and secure e-business and machine-2- machine communications by using our next generation end-user certificate technology. Our unique, successful and patented KeyTalk platform has made this a reality. KeyTalk is the only security technology manufacturer in the world, capable of seamlessly distributing hundreds of millions of short-lived digital certificates and corresponding encryption key-pairs per day. KeyTalk focuses on delivering identity and access security solutions to protect employees, end-users, vendors and shareholders against digital threats. 1.2 KeyTalk software and platform KeyTalk was initially developed with the goal of protecting transactional e-banking against Man-in-the-Middle attacks and to provide end-users with short-lived digital certificates on devices such as laptop or desktop computers. The KeyTalk platform use the technical components of a high level PKI security solution to secure Internet communication. This results in a solution that provides all the benefits of standard PKI but without the administrative downsides. It also of course adheres to standard RFC s. As a result of continuous development, KeyTalk has grown into a solution which does far more than protect against Man-in-the-Middle attacks.

4 General Security Claims 4 2 KeyTalk & the financial services industry Governance, legal and regulatory pressures are solid business cases for providing transparency and accountability. Governments, banks, insurance firms and other corporate enterprises are required to get things in control for these specific pressures. Competition among banks and new entrants, as well as continued technological innovation, has allowed for a much wider array of banking products and services to become accessible. They are delivered to customers through common electronic distribution channels and collectively referred to as e-banking. However, the rapid development of e-banking capabilities carries benefits as well as huge risks. The Internet is ubiquitous and global by nature. It is an open network accessible anywhere in the world by various unknown and potentially dangerous parties. The routing of messages travels through unknown locations and via rapidly evolving variety of wireless devices. As a result of this openness, digital attacks are increasingly becoming a concern for banks. Not only due to the possibility of massive financial losses but also from a compliance and reputation point of view. This results in highly compelling reasons to standardise security controls, customer and device authentication techniques, data protection, and customer privacy standards. A unified identity is essential in achieving this. How does the KeyTalk solution help the financial services industry with such challenges? KeyTalk does this by: Defending banks from hazardous phishing and Man-in-the-Middle attacks; thereby decreasing reputational risk and financial losses while increasing the care-duty responsibility towards your customers. Utilising the highest level of security for all payment, ATM and (mobile) banking transactions where a unified identity and a non-repudiation of online transactions are a necessity. Increasing MiFID, SOX and Basel II compliancy without compromising on security and enabling compliancy policy enforcement. Introducing a comprehensive federated unified identity management which prevents identity theft and enabling user/device identity based access & control. In this document we will focus on the most common electronic attacks and what KeyTalk does to prevent them. The most common electronic attacks described in this document are: Sniffing Man-in-the-Middle Phishing Trojans When evaluating the use of KeyTalk, all these types of attacks can be successfully protected against except for some forms of trojans. In this last case, anti-virus and anti-spyware programs provide sufficient protection. However, making use of an enterprise level anti-malware solution combined with our KeyTalk solutions will provide full end-to-end protection for Man-in-the-Browser and Man-in-the-Middle attacks.

5 General Security Claims 5 3 Important terminology Threats come and go. Technologies evolve. But definitions tend to remain the same. KeyTalk recommends reviewing the following definitions used throughout this document: Clear text Plain text protocol without encryption. Neither the server nor the KeyTalk-client makes use of a X.509 certificate. 1SSL Only the server uses a X.509 certificate. This enables the end-user to verify the server name but the server can not verify the end-user. 2SSL Both client and server use a X.509 certificate. Allowing both the end-user and server to establish which one is remote. Client The requesting program or API in a client/server relationship. Customer The owner of the KeyTalk server. (ie the bank, insurance company or enterprise). End-user The person (or even automated system) directly interfacing with the KeyTalk-client on a device. Short-life-certificates: A preferred validity lifetime of 1 second up to 12 hours. HardwareID This is a hash of an automatically calculated number derived from several device specific identifiers. A user can be bound to one or several devices. The HardwareID is commonly referred to as device authenticator. KeyTalk-client The KeyTalk software application running on the end-user device. Man-in-the-Middle A Man-in-the-Middle attack (MitM or MiM) is an attack in which an attacker is able to read, insert and modify messages between two parties without either party knowing that the connection between them has been compromised. (The attacker is able to observe and intercept messages going between the two victims.) Packet sniffer An application that captures TCP/IP data packets that can be maliciously used to capture passwords and other data while it is in transit within the computer or over a network. Phishing In computing, phishing is a criminal activity using social engineering techniques. Phishers (identity thefts) attempt to fraudulently acquire sensitive information such as usernames, passwords and credit card details. Phishers masquerade as a trustworthy entity usually in electronic communications. Phishing is typically carried out by or instant messaging but are not uncommon via telephone conversations.

6 General Security Claims 6 Security exploit A prepared application that takes advantage of a known weakness. Short-life A preferred validity lifetime of 1 second up to 12 hours. (And one of KeyTalk s unique selling points.) Social engineering Convincing other people to provide some form of information about a system, often under false premises. A blatant example would be asking someone for their password or account possibly over a beer or by posing as someone else. A more subtle example would be asking for promotional material or technical references about a company's systems, possibly posing as a journalist. SSL/TLS Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.[1] Several versions of the protocols are in widespread use in applications such as web browsing, , Internet faxing, instant messaging, and voice-over-ip (VoIP). Trojan horse A Trojan horse, or Trojan, in computing is any malicious computer program which misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves. Virus A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Thus a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. X.509 In cryptography, X.509 is a standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

7 General Security Claims 7 4 KeyTalk architecture This chapter describes the architecture of the KeyTalk platform, which is build around 2 main components: the KeyTalk server and the KeyTalk-client. Optionally a DEVID server is used in conjunction with the KeyTalk server as an administrative module for trusted devices. KeyTalk DEVID Server RADIUS Components in a KeyTalk secured environment. KeyTalk Main Server LDAPAD User Directory X509 Certificate & Key 4.1 KeyTalk server The KeyTalk server waits for incoming connections from KeyTalk-clients. When the identity of the end-user has been validated, the KeyTalk server creates a private key and a X.509 end-user certificate which is subsequently sent to the KeyTalk-client. An optional KeyTalk DEVID server is used to store trusted user-device characteristic hashes and bind them to a user. Up to 10 devices can be bound to 1 user. When the KeyTalk server requires it, a per user directory configuration is used to provide verification of a user to a trusted device. 4.2 KeyTalk client The KeyTalk-client is a small application. Once installed on a users device, you can control the user interface and contain the logic in order to establish secure channels with the central KeyTalk Server. This KeyTalk client application initiates the connection with the KeyTalk server. After a successful connection with the KeyTalk server, it retrieves a X.509 end-user certificate and corresponding private key from that KeyTalk server. Following the retrieval, the KeyTalk client stores the certificate and the private key into the appropriate end-users device certificate store. The KeyTalk-client is available as: API Desktop application (.exe) Command prompt application (.exe) Add-on / Browser Helper Object (BHO)

8 General Security Claims End-user authentication using KeyTalk There are two separate stages in the authentication process. These stages are performed serially and are independent of each other: The first stage is controlled by KeyTalk. The authenticated end-user receives a private key and a certificate which are both stored in the appropriate user device certificate store. The second stage is handled by an application such as a web-browser. The security of the second stage relies on the private key and end-user certificate produced during the first stage. But depends on standard SSL/TLS functionality and is not controlled by KeyTalk. Since only the first stage is actually controlled by KeyTalk, only the first stage details of this process are described below First stage authentication details Remarks: *1: The KeyTalk-client sends this hardware-id hashed. Further authentication only continues when the hardware-id matches the user device list on the server side. *2: The server should use the hardware-id for a higher level of security. This check is not mandatory. So the process can continue without the use of the Hardware-ID. *3: It is possible to use a local server based file instead of DNS for security reasons or when DNS is not available to the KeyTalk server. 1. A secure connection is established between the KeyTalk-client and the KeyTalk server. When this handshake fails no information is exchanged and the process stops. (For specific details on the secure handshake protocol of KeyTalk, please contact us. This is made available only under strict NDA.) 2. Identification parameters are sent over the established secure channel. Relevant parameters for this document are: User ID / Account-number / Card-number etc. Password / Challenge-Response / One-Time-Password. A device hardware-id. This is a hash of an automatically calculated number derived from several device specific identifiers. (Note: multiple identifiers need to be used to gain a unique enough hash. This way a user can be bound to one or several devices.) *1 *2 3. Environmental parameters are sent over the secure channel. Relevant for this document is the resolved IP address of the destination server. 4. Additional authentication only occurs when the resolved IP address of the target application server/gateway is sent by the KeyTalk-client and matches verification by the KeyTalk server. *3 5. The KeyTalk server forwards the authentication details to the appropriate authentication server (user directory) for verification. This makes use of standard communication channels such as LDAPS. 6. A positive return by the authentication server will trigger the KeyTalk server to create the X.509 client certificate and the private key ( bit RSA). 7. The X.509 client certificate and the private key are transferred to the client device. 8. The connection with the KeyTalk server is terminated before the second stage is invoked. 9. After having received the X.509 end-user certificate and the private key, the KeyTalkclient will store this material into the appropriate certificate store(s) on the user device.

9 General Security Claims 9 5 KeyTalk implementation This chapter describes the implementation of KeyTalk in an enterprise network environment. In an e-business environment a digital service, such as an online document application server, is added. 2-SSL User directory KeyTalk Server Access portal, X.509 Enabled Server, Application Gateway Corporate LAN, Applications, Webservices The e-business application server waits for incoming 2SSL connections. In the process of setting up the 2SSL connection, the web server demands a valid end-user certificate, provided by a trusted CA, from the KeyTalk-client.. KeyTalk in an e-business environment. Most e-business applications are provided by major manufacturers such as Google, IBM, Microsoft, Oracle and SAP. There are also network equipment manufacturers such as Juniper, CISCO, Fortinet, F5, SonicWall, Barracuda, Checkpoint. Finally, there are open projects such as OpenVPN which support client device side X.509 certificate based authentication. In order to provide the best defence against online attacks to your e-business application and/or network, it is best to only allow users and/or devices access when they have a valid X.509 certificate. You may also choose to configure your application/network to optionally accept X.509 certificates for authentication purposes. This will leave your application/network open to potentially anonymous hacking attempts (such as brute-force attacks and Man-in-the- Middle attacks.).

10 General Security Claims 10 6 Common Cyber Attacks This section outlines how internet connect machines and devices are exposed to various types of attacks. It describes the vulnerabilities of these systems related to the technologies used in their environment (clear text, 1SSL, 2SSL and KeyTalk). It provides you detail into how the KeyTalk platform makes use of the benefits of X.509 end-user certificates. Most importantly, it helps you to understand how KeyTalk can provide protection. Each attack is described in the following manner: Definition of the type of attack The consequences of such an attack for clear text, SSL and KeyTalk The KeyTalk conclusion Sniffing attack (definition) When an attacker is electronically eavesdropping on private communications, it is referred to as sniffing or snooping Sniffing attack (consequences) During a sniffing attack it is possible to view network traffic that passes by. This occurs because the traffic passes the attacker or the attacker has used a technique to divert the traffic: Unencrypted data stream (hereafter clear text) can be read without additional difficulty. It is possible to read 1SSL data but not by using sniffing techniques. (The way to do that is described in the Man-in-the-Middle attack vulnerability.) Security experts agree on the fact that an attacker is not able to sniff data transmitted using two way SSL (2SSL) where both sides must authenticate using X.509 certificates Sniffing attack (conclusion) Clear text gives no protection against sniffing. 1SSL will protect against sniffing attacks. 2SSL protects against sniffing attacks. KeyTalk protects against sniffing attacks. Attacker Workstation Website

11 General Security Claims Man-in-the-Middle (definition) Man-in-the-middle attacks, hereby abbreviated as MitM" is an attack in which an attacker is able to read, insert and modify messages between two parties without either party knowing that the link between them has been compromised. The attacker is able to observe and intercept messages between the two victims Man-in-the-Middle (consequences) An attacker is able to act as a proxy-server. He receives the data from the end user device and passes it to the real server. This is easy to do for clear text data streams. It is also possible to create an evil server that terminates 1SSL protocol. The attacker buys a private key and server certificate (for example, from Verisign). This leaves a money trail potentially identifying an attacker. The attacker can easily create a private key and server certificate. Strictly speaking the end users operating system and/or the browser will warn the user when an untrusted (self created) certificate is used. But in most of the cases the end user will accept this fraudulent session due to lack of knowledge of knowing whether it is legitimate or not. This way the evil machine can now build a connection (also 1SSL) to the real server. It is not possible for a MitM attack to occur with a 2SSL connection because both sides (client and server) require X.509 certificates to mutually establish the authenticity of the proclaimed identity. The client can indeed be fooled but the server will not accept connections based on invalid end-user certificates Man-in-the-Middle (conclusion) Clear text gives no protection against MitM attacks. 1SSL will protect against MitM. (However, an attacker can lure the user in to believing that the server is genuine.) 2SSL protects against MitM. KeyTalk protects further against MitM. Man in the Middle Client Server Client Server

12 General Security Claims Phishing attack (definition) In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in electronic communications. Phishing is typically performed via or instant messaging. Phishing is also commonly referred to as a form of identity theft. Social Engineering username & password Web Server Bank Phishing attack (consequences) It is very hard to protect against phishing attacks since they are in fact a form of social engineering. Phishers often cleverly trick a user to reveal a secret. Once the phisher knows the secret, it is easy to successfully authenticate against the real server. The authentication method is important. Static passwords are relatively weak. The account can be abused numerous times using the same static password. One Time Password (OTP) is a better solution as long as it can not be sniffed. X509 technology is even better as long as the phisher can t obtain the private key. Simply put, a phisher is able to obtain information from an (unaware) user as long as the user doesn t have the knowledge that their security has been compromised. 2SSL protects against Phishing quite well. The phisher must obtain the user certificate, private key and the pin in order to be able to use the key material. When KeyTalk is used without any hardware-id configuration, a specific phishing attack against KeyTalk-client invoked from the browser (BHO, Browser Extension and/or ActiveX KeyTalk-client) is possible. The user is tricked into connecting to the evil server without using the KeyTalk-client. This connection is not based on 2SSL and probably not on 1SSL. The evil server then displays a KeyTalk look-a-like login screen and uses KeyTalk client on the evil machine to login. There are at least two possibilities to prevent this type of attack: Option 1: Using KeyTalk without HardwareID When using KeyTalk without hardware-id configuration, the user should only use the standalone.exe KeyTalk-client. This way the KeyTalk protocol is always invoked and the authentication is done against the real KeyTalk server. The a phishing attack described above will fail.

13 General Security Claims 13 Option 2: Using KeyTalk with default KeyTalk server settings The default KeyTalk server configuration offers protection against Phishing attacks. During the authentication phase the KeyTalk-client on the end-device will send a so called Hardware-ID. This way the user is bound to the device. The end-user has no knowledge what this device specific Hardware-ID; thereby making it unattainable through social engineering. After the KeyTalk authentication protocol has finished a standard 2SSL connection is created. The security level on this 2SSL channel is even more secure than the classic 2SSL connection. The certificate is valid for a short period of time and the key pair is used only once. Furthermore, it significantly reduces the window of opportunity Phishing attack (conclusion) To a certain extent, the protocol used is irrelevant when discussing Phishing as the weakness is not in the software but in the user. The phishing attack is unsuccessful when the user is unable to provide the information required for a login. In any case, we will try to illustrate the relationship between the network protocol used and the Phishing attack: Clear text gives no protection. 1SSL will not offer protection against Phishing attack. Even combined with One Time Password (OTP) 2SSL protects against Phishing quite well because the attacker doesnt have the client certificate private key KeyTalk without hardware-id configuration doesn't protect against Phishing. Some improvement can be obtained using the standalone KeyTalk-client. KeyTalk with hardware-id configuration offers protection against Phishing Attacks.

14 General Security Claims Trojan attack (definition) A Trojan horse, trojan, or Trojan attack, in computing is any malicious computer program which misrepresents itself to appear useful or interesting in order to persuade a victim to install it. Trojans are generally spread by some form of social engineering. Due to the popularity of botnets among hackers, Trojan attacks are becoming more common Trojan attack (consequences) A trojan attack refers to a device that has already been compromised. Therefore the security is de-facto compromised. KeyTalk protects against some trojans. The trojans that focus on spoofing the DNS possibly by modifying the hosts file will be unsuccessful in a KeyTalk environment. This is due to the fact that this specific Trojan acts as a DNS spoofer (ie network attack) Trojan attack (conclusion) A device compromised by a Trojan is by definition non-secure. A hacker can potentially gain full control. Anti virus and anti spyware tools, not provided by KeyTalk, should help to prevent this security risk. Clear text gives no protection. 1SSL gives no protection. 2SSL gives no protection KeyTalk is not designed to protect the (local) device. KeyTalk is designed to secure the network traffic. Due to this network security focus KeyTalk is effective in preventing trojans in locally manipulating the Domain Name Servers in most cases.

15 General Security Claims Summary of vulnerabilities A Trojan horse is a program that installs malicious software while under the guise of doing something else. Protocol Sniffing DNS MitM Spoof Phishing Trojan Clear text VULNERABLE VULNERABLE VULNERABLE VULNERABLE VULNERABLE 1SSL OK VULNERABLE VULNERABLE VULNERABLE VULNERABLE 2SSL OK OK OK A VULNERABLE KeyTalk OK OK OK B C A Possible but difficult to implement. The phisher must have the certificate and private key of the user. B Possible but difficult to implement. The phisher has to have the short life certificate and private key of the user. Additionally the attacker must have the hardware ID. C Trojan means that the device is compromised. Therefore the security is compromised. KeyTalk will however protect against some simple trojans that have been used successfully in the past. (Note: DNS spoofing, HOSTS file attack will not work when using KeyTalk, keyloggers that steal usernames/password will fail in successful abuse of the stolen credentials from another device when hardware-id is used.) D KeyTalk with hardware-id provides protection against phishing, where the phisher is unable to access the user device. 6.6 The KeyTalk-protocol matrix Protocol Sniffing DNS IP MitM Phishing Trojan KeyTalk OK OK OK D VULNERABLE

16 General Security Claims 16 7 Conclusion on common Internet attack vectors The unique combination of standard technology and techniques allow the KeyTalk solution, in default configuration (including HardwareID), to provide your company a highly secure method for providing authentication. This can be performed on an authentication server without worrying about sniffers, phishing or Man-in-the-middle attacks. It effectively allows users and stand-alone devices to connect safely over non-secure networks. Fully automated distribution and installation of short life certificates provided by KeyTalk, based on your existing authentication infrastructure, allow for ease of use and elimination of certificate revocation lists. KeyTalk does not protect against trojans which take full control of the user s device, nor does KeyTalk protect against successful social engineering techniques in combination with the actual theft of a user s device. Need more information? Interested in hearing more about our solutions? You can reach us at: info@keytalk.com

17 KeyTalk.com