tag:blogger.com,1999:blog-1489897032337705045.post2996091963487144495..comments2025-04-08T02:32:21.301-05:00Tim MalcomVetterhttp://www.blogger.com/profile/13417236190528979780noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1489897032337705045.post-4077850718342957172007-12-13T09:17:00.000-06:002007-12-13T09:17:00.000-06:00Please note that I was careful to say 'network-based MITM attacks' :). I think given today's technology, combining mutual authentication with a defense-in-depth approach to malware (on the client and the gateway, basically) is the best you can do as a corporation. I think that is a reasonable trade-off of risk for the benefits of remote access.<BR/><BR/>The man-in-the-browser is a tough one for financial transactions (and this is very different from the corporate remote access scenario). The use-once rootkit might help. I also think that an out-of-band digital signing mechanism will be necessary in the long run. We've thought about extending our wireless token client to do that, but are really focusing on the corporate vpn market at this time (mostly due to the PCI requirements for two-factor authentication). <BR/><BR/>If you want some more whitepapers, you can email me at nowen at wikid systems .com. And don't worry, we don't have spamish marketing system.Nick Owenhttps://www.blogger.com/profile/14110140129040101523noreply@blogger.comtag:blogger.com,1999:blog-1489897032337705045.post-43932543729503080172007-12-12T23:34:00.000-06:002007-12-12T23:34:00.000-06:00Hi Nick,<BR/><BR/>Thanks for dropping by.<BR/><BR/>I am not familiar with your <A HREF="http://www.wikidsystems.com/" REL="nofollow">WikID </A>solution, but I found a <A HREF="http://downloads.sourceforge.net/wikid-twofactor/WiKID_White_Paper_v1.4.pdf" REL="nofollow">WikID Whitepaper Download</A> on Sourceforge, so I'll review it and your code and hopefully post a follow-up on how your solution is better (or not, whichever the case may be ;).<BR/><BR/>Your second point is dead on: malware is a show stopper. In that case, how can any organization make a trust decision regarding the trustworthiness of a remote user (whether employee, business partner, or customer), since all of the popular OSes upon which these critical software functions reside or so fundamentally flawed-- <A HREF="http://securology.blogspot.com/2007/09/separation-of-code-and-data.html" REL="nofollow">they all have separation of code and data problems</A>. I think that's what Dan Geer was getting at with his suggestion to <A HREF="http://securology.blogspot.com/2007/11/rootkitting-your-customers.html" REL="nofollow">rootkit your customers for secure transactions</A> (although I think there are some faulty assumptions in using one-time-use rootkits, such as rootkits trumping rootkits).<BR/><BR/>Third, I'm not convinced (at least not yet) that mutual auth can guarantee that a transaction is free from MITM attacks. If a MITM sits in the browser (ala <A HREF="http://securology.blogspot.com/2007/10/browser-rootkits.html" REL="nofollow">browser rootkits</A>) information can be stolen and transactions can be forged ... even with mutually authenticated public key crypto and a reasonably intelligent end-user.<BR/><BR/>I enjoy the conversation, so let's keep it going!Tim MalcomVetterhttps://www.blogger.com/profile/13417236190528979780noreply@blogger.comtag:blogger.com,1999:blog-1489897032337705045.post-79870748570491626462007-12-12T09:46:00.000-06:002007-12-12T09:46:00.000-06:00Greetings. I too have posted a response on my blog. It just points out that our software tokens use public key encryption and not a symmetric, seed-based system. This pushes the security to the initial validation/registration system where admins can make some choices about trade-offs. <BR/><BR/>Second, I submit that any device with malware on it that successfully connects to the network is bad. So you're better off saving money on tokens and spending it on anti-malware solutions, perhaps at the gateway, defense-in-depth and all. <BR/><BR/>Third, I point out that our PC tokens provide https mutual authentication, so if you are confident in your anti-malware systems, and are concerned about MITM attacks at the network, which are increasingly likely for a number of reasons, you should consider https mutual auth in your two-factor thinking. <BR/><BR/>Here's the whole thing:<BR/><A HREF="http://www.wikidsystems.com/WiKIDBlog/on-the-security-of-software-tokens-for-two-factor-authentication" REL="nofollow">On the security of software tokens for two-factor authentication</A><BR/>and thanks for stimulating some conversation!Nick Owenhttps://www.blogger.com/profile/14110140129040101523noreply@blogger.comtag:blogger.com,1999:blog-1489897032337705045.post-90498015742997294932007-12-11T17:51:00.000-06:002007-12-11T17:51:00.000-06:00Hi, <BR/><BR/>Great piece! I wanted to let you know that RSA's Sean Kline has published a response to this blog.<BR/><BR/><A HREF="http://www.rsa.com/blog/blog_entry.aspx?id=1249" REL="nofollow">Sean's blog entry</A>Anonymousnoreply@blogger.com