End To End Encryption by Authentication

VIEWS: 309 PAGES: 10

More Info
									   End-to-end Security to meet MAS IBTRM




                              Technical Proposal



                                       Version 1.1
                                        4 May 2010

                             Prepared by : Tan Teik Guan




                  Copyright © 2010 Data Security Systems Solutions Pte Ltd
                                 Commercial-in-confidence
                                    All rights reserved




e-Security Peace of Mind
                                           Confidential




                                     Table of Contents

1  End-to-End Solution..................................................................................3
 1.1    Solution Overview..............................................................................3
 1.2    DS3 Authentication Server End-to-end Security Offering ..................4
   1.2.1    End-to-end Security with Java Applets .......................................4
   1.2.2    End-to-end Security with Java Script..........................................5
   1.2.3    Backend ClientAPI......................................................................6
   1.2.4    Strong protection of static password...........................................6
   1.2.5    Cryptographic Operations...........................................................7
 1.3    Project Services Scope......................................................................8
 1.4    Proven Use Case ..............................................................................9
DS3 Authentication Server Specifications (DSX-50S) ................................... 10
 2 Factor Security Server Appliance (DSX-50S)...................................... 10
 Security Package...................................................................................... 10




Bank – E2E v1.1                                 Page 2 of 10                    e-Security Peace of Mind
                                        Confidential




1 End-to-End Security Solution

1.1 Solution Overview

                                    Internet Banking              Application
                  User logs into                                  Server
                  Bank systems




                                                                                Sync of data to
                               DS3 Authentication                               DR server
                               Servers in HA

                         SMS
                         OTP



                                                                                       DR server




                                   SMS Gateway
                                                            Pin Mailer


The proposed solution will deploy a common cryptographic and authentication
infrastructure to cater to the end-to-end encryption of Passwords:
    o   End-to-end encryption of Passwords & Transactions for Internet Banking
        The solution will provide a Java applet or JavaScript for the browser to
        perform strong end-to-end encryption of user identity credentials during the
        login process as well as transaction information during transaction
        authorization. Full key strength RSA-1024 bit asymmetric encryption with 16-
        byte 3DES symmetric key encryption will be used to protect the information
        from the browser to the HSM (Hardware Security Module) within the DS3
        Authentication Server.
        The sample login protocol can be as follows. Modifications to the Pin block
        formatting to adapt to Customer’s Pin Block format will be carried out as part
        of DS3 professional services.
        1. HSM will generate 128-bit random string, RD1, to transmit to Browser.
        2. User enters PIN (6 to 16 alphanumeric characters).
        3. End-to-end Javascript performs the following packaging:
           a) Hash PIN with SHA-1 to obtain HPIN (160 bits)
           b) XOR HPIN with RD1 to obtain [HPIN ⊕ RD1]
           c) Encrypt [HPIN ⊕ RD1] using RSA Pub key to obtain PKCS#1 block
               {[PKCS#1 Padding] [HPIN ⊕ RD1]}RSA
        4. The DS3 Authentication Server, upon receiving the encrypted RSA block,
           is expected to perform the RSA-decrypt & 3DES encrypt (if needed) within
           the HSM for backend HOST verification.




Bank – E2E v1.1                              Page 3 of 10                   e-Security Peace of Mind
                                        Confidential




    o   PIN Generation and Verification.
        Application Server calls DS3 Authentication Server API to perform PIN
        Generation. DS3 Authentication Server will generate PIN for the user and
        store the PIN internally for subsequent verification. Alternatively, the
        encrypted PIN can be returned through the API for HOST verification.
        PINs can be sent to the user via SMS. For SMS, the DS3 Authentication
        Server will connect to SMS gateway to transmit the PIN.
    o   Further enhancements to the proposed solution include:
            o     The DS3 Authentication Server can function as a centralized server
                  for other applications that require end-to-end encryption. The multi-
                  domain support within the DS3 Authentication Server allows the
                  separation of cryptographic keys for different applications, as well as
                  different administrators managing their own domains. Up to 31
                  domains are supported.

                                              DSSS Authentication Server
  Client logins       AppSvr1
                       AppSvr1
                        AppSvr1
                                                                             Admin01

                       AppSvr2                         Domain01              Admin02
                                                       Domain02
                  Application Servers                                      Separate
                  operated at                                              administrators
                  organization-end                                         for separate
                                                                           domains


            o     2-factor authentication for users or sensitive transactions (MAS
                  IBTRM v3 Clause 4.4). Additional user licenses can be purchased for
                  users requiring 2FA. The DS3 Authentication Server supports the
                  authentication of hardware OTP token used by customers for 2FA
                  logins.
            o     2-factor authentication for Intranet privileged administrator accounts
                  (MAS IBTRM v3 Clause 5.1.7).

1.2 DS3 Authentication Server End-to-end Security Offering
1.2.1 End-to-end Security with Java Applets
    •   A cryptographic java Applet (for both Firefox and IE) will be specially complied
        to perform the following functions:
                  o   RSA Encrypt (using public key of HSM or any 1024 RSA public
                      key specified by the bank)
                  o   3DES Encrypt/Decrypt
                  o   MD5 Hashing
    •   The Applet will be loaded as a faceless applet on the web-browser to perform
        any of the cryptographic functions listed above. The applet is accessible via
        Javascript function calls.



Bank – E2E v1.1                             Page 4 of 10             e-Security Peace of Mind
                                               Confidential




    •   For data that have to be encrypted, the data is contained in HTML fields, and
        passed to the Applet for encryption. The encrypted data will be returned via a
        separately-specified field.
    •   The Customer is assumed to use standard HTTPS provided by the browser
        for tunnel security.
    •   UserIDs can be multi-language.
    •   Static Passwords supported are alphanumeric, plus all ASCII characters.
    •   One-time passwords supported are numeric.

1.2.2 End-to-end Security with Java Script
    •   A collection of Javascript files (Javascript version 1.5 for IE, Firefox, Opera,
        Safari, Nokia S60 browser) will be specially packaged to perform the following
        functions:
                  o   RSA Encrypt (using public key of any 1024 RSA public key
                      specified by the bank, with exponent 3 or 65537)
                  o   3DES Encrypt / Decrypt
                  o   MD5/SHA1/SHA256 Hashing
    •   The Javascript can be included within the login page to perform any of the
        cryptographic functions listed above.
              <script language="JavaScript" type="text/javascript" src="js/DSSSCryptography.js"></script>
              <script language="JavaScript" type="text/javascript" src="js/jsbn_obfuscated.js"></script>
              <script language="JavaScript" type="text/javascript" src="js/rsa_obfuscated.js"></script>
              <script language="JavaScript" type="text/javascript" src="js/MD5_obfuscated.js"></script>

        The end-to-end encryption for login and change password will be customized
        for customer under DS3 professional services and accessible via Javascript
        function calls.
    •   Static Passwords supported are alphanumeric, plus all ASCII characters.
    •   The Javascript have been fully tested on the following browsers/phones:
        •   Browsers
                  o   Netscape communicator 4.0 and above
                  o   IE 4.0 and above
                  o   Google Chrome 1.0
                  o   Safari version 3
                  o   Opera 9.6 Web browser
                  o   Opera Mini 4.0
        •   Phones
                  o Nokia, Sony Ericsson, Motorola
                  o Windows Mobile, iPhone, Blackberry, Android




Bank – E2E v1.1                                      Page 5 of 10                          e-Security Peace of Mind
                                      Confidential




1.2.3 Backend ClientAPI
      The DS3 ClientAPI is a pure java-based library to allow applications to connect
      via 2-way SSL to the DS3 Authentication Server to carry out transactional,
      operational and administration activities.
              Authentication and Authorization
              With the ClientAPI, applications can control the level of authentication
              and authorization such as:
                  •   Authenticate only using 1st factor
                  •   Authenticate only using 2nd factor
                  •   Authenticate using both 1st and 2nd factor
                  •   Authenticate using challenge-response tokens
                  •   Authenticate using only a specific token type (e.g. hardware)
                  •   Authorize a transaction using OTP
                  •   Authorize a transaction computed using specific transaction
                      values
                  •   Authorize using digital certificates
              Integration with User and Token Provisioning Infrastructure
              The Authentication Server supports easy integration with the
              organization’s user provisioning infrastructure through the ClientAPI
              which allow users and tokens to be created / updated / deleted without
              manual intervention.
              Integration with Systems Management
              The Authentication Server allows operational-related functions such as
              backup / restore / log download and reset to be carried out via API.
              This allows a systems management service to perform regular and
              scheduled backups of the critical database as well as the daily
              maintenance of audit logs.

1.2.4 Strong protection of static password
      The static password of the user serves as the 1st factor (“Something you know”)
of authentication to an application. It is very important to protect the static password
as the same password is presented at each authentication request.
     The mechanisms provided by the DS3 Authentication Solution using the Java
Applet + DS3 ClientAPI achieve:
              End-to-end Encryption of passwords
              The solution includes the use of a Java applet, which is embedded in
              the user’s browser to hash + RSA-encrypt the static password. The
              output of the applet is an encrypted blob which is transmitted through
              the Application Server to the Authentication Server. The Authentication
              Server will make use of the internal HSM to decrypt the blob and verify
              the user’s static password.




Bank – E2E v1.1                           Page 6 of 10             e-Security Peace of Mind
                                    Confidential




              This ensures that the static password is adequately protected and never
              exposed when it leaves the user’s browser. It is never visible to the
              Application, and removes the ability for anyone, especially the
              organization’s personnel from having any possible access to the static
              password.
                  o   End-to-end Translation of passwords
                      Instead of verifying the RSA-encrypted static password in the
                      DS3 Authentication Server, the HSM can also be used to
                      cryptographically translate (i.e. RSA-decrypt + 3DES encrypt)
                      the static password securely for the backend to carry out the
                      authentication.
              Secure protocol to prevent replay attacks
              Besides RSA-encrypting the password, it is important to design the
              protocol such that a replay attack, using the encrypted blob, cannot
              work.
              This is done through the ingenious use of a random session value,
              XOR’ed with the hashed-password when it is RSA-encrypted at the
              browser. Since the random session value is used on a per-session
              basis, it is impossible for an attacker to re-create a new encrypted blob
              without knowing the actual static password.
              Enforced password policy
              For passwords authenticated within the Authentication Server, the
              additional mechanism used to protect the static password is the
              enforcement of strict password policies by the Server that can be set by
              the administrator. These policies include:
                  o   Number of password retries (before user account is suspended)
                  o   Maximum password lifetime (before user is forced to change the
                      static password)
                  o   Password History depth (This is the number of different
                      passwords that must be used, before the user can re-use a
                      static password)
                  o   Password History Age (The duration in which a static password
                      cannot be used after it has expired)
                  o   Maximum Password change in 24 hrs (The maximum number of
                      times the user is allowed to change the static password within a
                      24hr period)

1.2.5 Cryptographic Operations
    The DS3 Authentication Server can function like a regular network-connected
HSM to perform full key strength cryptographic operations. These include:
              RSA (1024 bit) Encrypt / Decrypt / Sign / Verify
              3DES (up to 192 bit) Encrypt / Decrypt / Sign (MAC) / Verify (MAC)
              ISO 9564 Pin block translation
              ANSI x9.9 MAC’ing




Bank – E2E v1.1                          Page 7 of 10            e-Security Peace of Mind
                                      Confidential




                RSA end-to-end security for secure end-to-end encryption of passwords
                and sensitive transaction data from the user’s browser to the backend.
                Key Management for secure transport of symmetric keys.
     The DS3 Authentication Server will include a PCI-based FIPS-certified HSM to
be embedded within the server for greater security assurance.

1.3 Project Services Scope
The scope of services work covered will include:
    •   Internet Banking Login processes
        The Internet Banking application would need to be updated to handle the end-
        to-end protection of passwords. The flows that need to be changed are:
            o     Login Page – Passwords are to be hashed + RSA encrypted by a
                  Java applet / Javascript in the browser.
            o     Change Password Page – Old and new passwords are to be hashed +
                  RSA encrypted by a Java applet / Java script in the browser
            o     Forced Password change – If user is logging in for the first time, user
                  should be forced to change password.
        In the backend, the JSPs have to be modified to communicate using DS3
        ClientAPI with the HSM within the DS3 Authentication server to RSA decrypt
        + 3DES re-encrypt the passwords, before verifying the passwords against the
        HOST. Alternatively, the DS3 Authentication Server can also be used to
        verify the passwords.
        DS3 will provide:
            o     Customization to Java Applet / Java script to handle Pin Block
            o     Sample changes to be done on the login pages and change password
                  pages to include the Javascript / Applet to perform the RSA
                  encryption.
            o     Sample codes and changes to JSPs to call the DS3 ClientAPI to
                  invoke the tamper-proof HSM in the DS3 Authentication Server to
                  perform the RSA decrypt + 3Des re-encrypt of passwords
    •   Internet Banking Transaction Authorization processes
        The Internet Banking application would need to be updated to handle the end-
        to-end protection of transactions. The flows that need to be changed are:
            o     Transaction Creation Page – A 3DES session key is to be generated
                  and used to encrypt Transaction data. 3DES session key is then RSA
                  encrypted by a Java applet / Javascript in the browser.
            o     Transaction Approval Page – A 3DES session key is to be generated
                  and used to encrypt Transaction data. 3DES session key is then RSA
                  encrypted by a Java applet / Javascript in the browser.
    •   User Creation, Pin Lost process
        The user creation and pin lost processes have to be enhanced to include the
        Pin generation step which will generate the user’s new password, encrypt the
        password for HOST storage and verification, and send the password via SMS
        to the user



Bank – E2E v1.1                           Page 8 of 10             e-Security Peace of Mind
                                    Confidential




        DS3 will provide
            o     Sample API call to DS3 clientAPI for user creation and pin lost
                  processes to generate new password
            o     Setup connectivity to SMS Gateway

1.4 Proven Use Case
The DS3 Authentication Server has already been used by the following leading
institutions to protect their authentication and security needs.




Bank – E2E v1.1                         Page 9 of 10          e-Security Peace of Mind
                                             Confidential




         DS3 Authentication Server Specifications (DSX-50S)
         The DS3 Authentication Server Solution is delivered with the following components:
               DS3 Authentication Server Appliance
               Token support for hardware, software, Messaging (SMTP/SMS).
               With Transaction Security Module
                  o DS3 ClientAPI for JAVA application servers
                  o Java Applets/Javascript for End-to-end Security
               Optional Upgrade with FIPS-certified Hardware Security Module



2 Factor Security Server Appliance (DSX-50S)

                  19” 2U EIA Rack-Mount Server
                  1 Intel XEON DualCore CPU
                  2 GB RAM
    DS3
                  2 x 73GB Harddisk in RAID-1
Authentication
                  Secure Client API
   Server
  Appliance       FIPS-certified HSM (Option)
 (DSX-50S)        Embedded Database                         The DSSS Authentication Server Solution is
                  10/100 Ethernet connectivity              the complete 2-factor authentication solution
                  Hardened OS with built in packet-         to provide end-to-end security for passwords
                  filtering Firewall                        & highly sensitive information to secure
                                                            electronic transactions. Applications such as
                                                            Internet/Phone Banking, Stock Trading and
                  50 end-to-end Auth/sec                    remote ASP services require this enhanced
                  Support up to 500,000 users               security for protection against cryptographic
Performance       5,000 Concurrent Login Sessions           and Trojan attacks. Solution features include:
                  500 OTP Generation/sec                    Java Applets, a powerful cryptographic
                  100 RSA-1024 decrypt/sec                  engine; GUI administration; digital signatures;
                                                            a full-fledged token management system for
                                                                                 nd
                                                            all combinations of 2 factor hardware tokens,
                  All RADIUS Compliant clients              SMTP/SMS and Software J2ME and PC
                  VPNs                                      tokens.
                  Microsoft IIS
Vendor Client
                  BEA WebLogic
 Supported
                  SunOne Application server
                  IBM WebSphere                                               Security Package
                  Apache Tomcat

                                                                               Soft Tokens Supported:
                                                                               - J2ME Midlet on MIDP 1.0
                                                                               - Windows EXE
                                                              Token            - Java Applet in JVM1.5
                                                             Supported         Other tokens include
                                                                               - OATH HOTP (RFC 4226)
                                                                               - TOTP, VASCO, RSA
For more information, please contact DS3 at:                                   - EMV CAP

URL:      http://www.ds3global.com
Email:    info@ds3global.com                                       E-to-E       RSA1024 E2E Security
Phone:    +65 64795688                                              Java        3DES Encryption
Fax:      +65 64795488                                            Applet /      Remote Digital Signature
                                                                 Javascript     Browsers:
                                                                                 Windows IE, Firefox, Safari



         Bank – E2E v1.1                         Page 10 of 10                   e-Security Peace of Mind

								
To top