Fast Software-Based Attacks on SecurID
نویسندگان
چکیده
SecurID is a widely used hardware token for strengthening authentication in a corporate environment. Recently, Biryukov, Lano, and Preneel presented an attack on the alleged SecurID hash function [1]. They showed that vanishing differentials – collisions of the hash function – occur quite frequently, and that such differentials allow an attacker to recover the secret key in the token much faster than exhaustive search. Based on simulation results, they estimated that the running time of their attack would be about 2 full hash operations when using only a single 2-bit vanishing differential. In this paper, we present techniques to improve the [1] attack. Our theoretical analysis and implementation experiments show that the running time of our improved attack is about 2 hash operations. We then investigate into the use of extra information that an attacker would typically have: multiple vanishing differentials or knowledge that other vanishing differentials do not occur in a nearby time period. When using the extra information, we believe that key recovery can always be accomplished within about 2 hash operations.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملResponse: Independent One-Time Passwords
It is understandable that Security Dynamics is sensitive to any article that is critical of their SecurID card. After all, their success is based on their cus-tomers' confidence that their one-time password scheme is unbreakable. Thus, it appears to me that they read my article in Computing Systems with an overþ-sensitive eye and misunderstood some of it. In this response, I will try to clarify...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملControversy: Rejoinder: Independent One-Time Passwords
Security Dynamics In order for Computing Systems to remain a "Quarterly dedicated to the analysis and understanding of advanced computing systems," it is necessary to make the following clarification regarding an article in the V/inter 1996 issue (Volume 9, Number 1). The article in question was entitled "Independent One-Time Passwords," and authored by Aviel D. Rubin of Bellcore. In this artic...
متن کاملImproved Cryptanalysis of SecurID
SecurID is a widely used hardware token for strengthening authentication in a corporate environment. Recently, Biryukov, Lano, and Preneel presented an attack on the alleged SecurID hash function [1]. They showed that vanishing differentials – collisions of the hash function – occur quite frequently, and that such differentials allow an attacker to recover the secret key in the token much faste...
متن کامل