Editing RSA SecurID

{{Short description|Multi-factor authentication hardware token}}
{{infobox brand
| logo           = [[File:RSA SecurID logo.gif|RSA SecurID logo]]
| name           = RSA SecurID
| image          = 
| type           = 
| currentowner   = 
| origin         = 
| introduced     = 
| discontinued   = 
| related        = 
| markets        = 
| previousowners = 
| trademarkregistrations = 
| ambassador     = 
| tagline        =
| website        = https://www.rsa.com/en-us/products/rsa-securid-suite
}}

'''RSA SecurID''', formerly referred to as '''SecurID''', is a mechanism developed by [[RSA Security|RSA]] for performing [[two-factor authentication]] for a user to a network resource.

== Description ==
[[File:RSA SecurID Token Old.jpg|thumbnail|RSA SecurID token (older style, model SD600)]]
[[File:SecureID token new.JPG|thumbnail|RSA SecurID token (model SID700)]]
[[File:RSA SecurID SID800.jpg|thumbnail|RSA SecurID (new style, SID800 model with smartcard functionality)]]

The RSA SecurID authentication mechanism consists of a "[[security token|token]]"—either hardware (e.g. a [[key fob]]) or software (a [[software token|soft token]])—which is assigned to a computer user and which creates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded almost random [[Key (cryptography)|key]] (known as the "seed"). The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server<ref>
   {{cite web
     | url = http://docs.oracle.com/cd/E12530_01/oam.1014/e10356.pdf
     | title = Oracle® Access Manager Integration Guide
     | publisher = [[Oracle Corporation]]
     | date = August 2007
     | quote = [...] the RSA ACE/Server®, which has been renamed to the Authentication Manager.
   }}
</ref>) as the tokens are purchased.<ref name="totp">{{Cite news|url=http://tools.ietf.org/html/draft-mraihi-totp-timebased-00|title=RFC ft-mraihi-totp-timebased: TOTP: Time-Based One-Time Password Algorithm|newspaper=Ietf Datatracker|date=May 13, 2011|archive-date=November 25, 2012|access-date=September 30, 2011|archive-url=https://web.archive.org/web/20121125073714/http://tools.ietf.org/html/draft-mraihi-totp-timebased-00|url-status=live}}</ref> On-demand tokens are also available, which provide a tokencode via email or SMS delivery, eliminating the need to provision a token to the user.

The token hardware is designed to be [[tamper resistance|tamper-resistant]] to deter [[reverse engineering]]. When software implementations of the same algorithm ("software tokens") appeared on the market, public code had been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original 64-bit RSA SecurID seed file introduced to the server.<ref>{{Cite web|url=https://seclists.org/bugtraq/2000/Dec/459|title=Bugtraq: Sample SecurID Token Emulator with Token Secret Import|website=seclists.org}}</ref> Later, the 128-bit RSA SecurID algorithm was published as part of an open source library.<ref>{{Cite web|url=https://sourceforge.net/p/stoken/wiki/Home/|title=stoken / Wiki / Home|website=sourceforge.net}}</ref> In the RSA SecurID authentication scheme, the seed record is the secret key used to generate [[one-time password]]s. <!-- Previously this article has OTP capitalized (using a piped Wikilink), for no good reason. That would make "OTP" a proper noun, which in this context it is not. Just because something has an acronym does not mean its expansion should be capitalized. --> Newer versions also feature a USB connector, which allows the token to be used as a [[smart card]]-like device for securely storing [[Public key certificate|certificates]].<ref>{{Cite web|url=https://www.rsa.com/resources/datasheets/|archiveurl=https://web.archive.org/web/20081113005859/http://www.rsa.com/products/securid/datasheets/9651_SID800_DS_0908-lowres.pdf|url-status=dead|title=Data Sheets|archivedate=November 13, 2008}}</ref>

A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a [[personal identification number]] and the number being displayed ''at that moment'' on their RSA SecurID token. Though increasingly rare, some systems using RSA SecurID disregard PIN implementation altogether, and rely on password/RSA SecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered.

On older versions of SecurID, a "duress PIN" may be used—an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication.<ref>{{Cite web |url=http://www.process.com/tcpip/tcpware57docs/User_Guide/ch14.htm#E53E27 |title=TCPware V5.7 User's Guide ch14.HTM |access-date=2013-03-20 |archive-url=https://web.archive.org/web/20120301071802/http://www.process.com/tcpip/tcpware57docs/User_Guide/ch14.htm#E53E27 |archive-date=2012-03-01 |url-status=dead }}</ref> Using the duress PIN would allow one successful authentication, after which the token will automatically be disabled. The "duress PIN" feature has been deprecated and is not available on currently supported versions.

While the RSA SecurID system adds a layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built into the authentication tokens. Normal token clock drift is accounted for automatically by the server by adjusting a stored "drift" value over time. If the out of sync condition is not a result of normal hardware token clock drift, correcting the synchronization of the Authentication Manager server clock with the out of sync token (or tokens) can be accomplished in several different ways. If the server clock had drifted and the administrator made a change to the system clock, the tokens can either be resynchronized one-by-one, or the stored drift values adjusted manually. The drift can be done on individual tokens or in bulk using a command line utility.

RSA Security has pushed forth an initiative called "Ubiquitous Authentication", partnering with device manufacturers such as [[IronKey]], [[SanDisk]], [[Motorola]], [[Freescale Semiconductor]], Redcannon, [[Broadcom]], and [[BlackBerry]] to embed the SecurID software into everyday devices such as USB flash drives and cell phones, to reduce cost and the number of objects that the user must carry.<ref> RSA Security to enable ubiquitous authentication as RSA SecurID(r) technology reaches everyday devices and software – M2 Presswire </ref>

== Theoretical vulnerabilities ==

Token codes are easily stolen, because no mutual-authentication exists (anything that can steal a password can also steal a token code).  This is significant, since it is the principal threat most users believe they are solving with this technology.

The simplest practical vulnerability with any password container is losing the special key device or the activated smart phone with the integrated key function. Such vulnerability cannot be healed with any single token container device within the preset time span of activation. All further consideration presumes loss prevention, e.g. by additional electronic leash or body sensor and alarm.

While RSA SecurID tokens offer a level of protection against password [[replay attack]]s, they are not designed to offer protection against [[Man-in-the-middle attack|man in the middle]] type attacks when used alone.  If the attacker manages to block the authorized user from authenticating to the server until the next token code will be valid, they will be able to log into the server. Risk-based analytics (RBA), a new feature in the latest version (8.0) provides significant protection against this type of attack if the user is enabled and authenticating on an agent enabled for RBA. RSA SecurID does not prevent [[Man in the Browser|man in the browser]] (MitB) based attacks.

SecurID authentication server tries to prevent password sniffing and simultaneous login by declining both authentication requests, if two valid credentials are presented within a given time frame. This has been documented in an unverified post by John G. Brainard.<ref>{{Cite web |title=Untitled |url=http://malpaso.ru/securid/brainard.htm |archive-url=https://web.archive.org/web/20070928205205/http://malpaso.ru/securid/brainard.htm |archive-date=28 September 2007 |website=malpaso.ru}}</ref> If the attacker removes from the user the ability to authenticate however, the SecurID server will assume that it is the user who is actually authenticating and hence will allow the attacker's authentication through. Under this attack model, the system security can be improved using encryption/authentication mechanisms such as [[Secure Sockets Layer|SSL]].

Although soft tokens may be more convenient, critics indicate that the [[tamper resistance|tamper-resistant]] property of hard tokens is unmatched in soft token implementations,<ref>{{Cite web|url=http://securology.blogspot.com/2007/11/soft-tokens-arent-tokens-at-all.html|title=Securology: Soft tokens aren't tokens at all|date=20 November 2007}}</ref> which could allow seed record secret keys to be duplicated and user impersonation to occur.

Hard tokens, on the other hand, can be physically stolen (or acquired via [[Social engineering (security)|social engineering]]) from end users. The small form factor makes hard token theft much more viable than laptop/desktop scanning. A user will typically wait more than one day before reporting the device as missing, giving the attacker plenty of time to breach the unprotected system. This could only occur, however, if the user's UserID and PIN are also known. Risk-based analytics can provide additional protection against the use of lost or stolen tokens, even if the user's UserID and PIN are known by the attackers.

Batteries go flat periodically, requiring complicated replacement and re-enrollment procedures.

== Reception and competing products ==
As of 2003, RSA SecurID commanded over 70% of the two-factor authentication market<ref>{{cite web |url=http://www.rsa.com/press_release.aspx?id=5028 |title=RSA SecurID Solution Named Best Third-Party Authentication Device by Windows IT Pro Magazine Readers' Choice 2004 |work=RSA.com |date=2004-09-16 |access-date=2011-06-09 |url-status=dead |archive-url=https://web.archive.org/web/20100106232859/http://rsa.com/press_release.aspx?id=5028 |archive-date=2010-01-06 }}</ref> and 25 million devices have been produced to date.{{Citation needed|date=June 2011}} A number of competitors, such as [[VASCO Data Security International, Inc.|VASCO]], make similar [[security token]]s, mostly based on the open [[Initiative For Open Authentication|OATH HOTP]] standard. A study on OTP published by [[Gartner]] in 2010 mentions OATH and SecurID as the only competitors.<ref>{{cite web
 | work = Burton Group
 | year = 2010
 | first = Mark
 | last = Diodati
 | title = Road Map: Replacing Passwords with OTP Authentication
 | url = http://www.burtongroup.com/Research/PublicDocument.aspx?cid=2107
 | quote = [[Gartner]]'s expectation is that the hardware [[One-time password|OTP]] form factor will continue to enjoy modest growth while [[smartphone]] OTPs will grow and become the default hardware platform over time. ...  If the organization does not need the extensive platform support, then OATH-based technology is likely a more cost-effective choice.
 | access-date = 2011-03-30
 | archive-date = 2011-07-21
 | archive-url = https://web.archive.org/web/20110721060420/http://www.burtongroup.com/Research/PublicDocument.aspx?cid=2107
 | url-status = dead
 }}</ref>

Other network authentication systems, such as [[OPIE Authentication System|OPIE]] and [[S/Key]] (sometimes more generally known as [[One-time password|OTP]], as S/Key is a trademark of [[Telcordia Technologies]], formerly [[Bellcore]]) attempt to provide the "something you have" level of authentication without requiring a hardware token.{{Citation needed|date=January 2009}}

== March 2011 system compromise ==
On 17 March 2011, RSA announced that they had been victims of "an extremely sophisticated cyber attack".<ref>{{cite web | url=https://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm | title=Open Letter to RSA Customers | access-date=2020-04-15 | archive-date=2022-05-23 | archive-url=https://web.archive.org/web/20220523080319/https://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm | url-status=live }} Originally online at  [http://www.rsa.com/node.aspx?id=3872 RSA site] {{Webarchive|url=https://web.archive.org/web/20110319214522/http://www.rsa.com/node.aspx?id=3872 |date=2011-03-19 }}.</ref> Concerns were raised specifically in reference to the SecurID system, saying that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation". However, their formal [[Form 8-K]] submission<ref>{{cite web |url=https://www.sec.gov/Archives/edgar/data/790070/000119312511070159/d8k.htm |title=EMC / RSA 8K filing |publisher=The United States Securities and Exchange Commission |work=Form 8-K |date=17 March 2011 |access-date=10 September 2017 |archive-date=18 September 2016 |archive-url=https://web.archive.org/web/20160918110616/https://www.sec.gov/Archives/edgar/data/790070/000119312511070159/d8k.htm |url-status=live }}</ref> indicated that they did not believe the breach would have a "material impact on its financial results". The breach cost EMC, the parent company of RSA, $66.3 million, which was taken as a charge against second quarter earnings. It covered costs to investigate the attack, harden its IT systems and monitor transactions of corporate customers, according to EMC Executive Vice President and Chief Financial Officer David Goulden, in a conference call with analysts.<ref>{{cite web|url=http://www.govinfosecurity.com/articles.php?art_id=3913|title=RSA Breach Costs Parent EMC $66.3 Million|last=Chabrow|first=Eric|date=1 August 2011|work=GovInfoSecurity}}</ref>

The breach into RSA's network was carried out by hackers who sent [[phishing]] emails to two targeted, small groups of employees of RSA.<ref>{{cite web|last=Rivner|first=Uri|title=Anatomy of an Attack|url=http://blogs.rsa.com/rivner/anatomy-of-an-attack/|work=Speaking of Security - The RSA Blog and Podcast|date=1 April 2011|url-status=dead|archive-url=https://web.archive.org/web/20110720202026/http://blogs.rsa.com/rivner/anatomy-of-an-attack|archive-date=20 July 2011}}</ref>  Attached to the email was a [[Microsoft Excel]] file containing [[malware]]. When an RSA employee opened the Excel file, the malware exploited a vulnerability in [[Adobe Flash]]. The [[Exploit (computer security)|exploit]] allowed the hackers to use the [[PoisonIvy (Trojan)|Poison Ivy]] [[remote access trojan|RAT]] to gain control of machines and access servers in RSA's network.<ref>{{cite web|last=Mills|first=Elinor|date=5 April 2011|title=Attack on RSA used zero-day Flash exploit in Excel|url=http://news.cnet.com/8301-27080_3-20051071-245.html|work=CNET|url-status=dead|archive-url=https://web.archive.org/web/20110717172902/http://news.cnet.com/8301-27080_3-20051071-245.html|archive-date=17 July 2011}}</ref>

There are some hints that the breach involved the theft of RSA's database mapping token serial numbers to the secret token "seeds" that were injected to make each one unique.<ref>{{cite web |title=RSA won't talk? Assume SecurID is broken |first=Dan |last=Goodin |publisher=The Register |date=24 May 2011 |url=https://www.theregister.co.uk/2011/03/24/rsa_securid_news_blackout/ |access-date=10 August 2017 |archive-date=10 August 2017 |archive-url=https://web.archive.org/web/20170810170755/https://www.theregister.co.uk/2011/03/24/rsa_securid_news_blackout/ |url-status=live }}</ref> Reports of RSA executives telling customers to "ensure that they protect the serial numbers on their tokens"<ref>{{cite web |title=Did hackers nab RSA SecurID's secret sauce? |first=Ellen |last=Messmer |publisher=Network World |date=18 March 2011 |url=http://www.networkworld.com/news/2011/031811-rsa-breach-reassure.html |url-status=dead |archive-url=https://web.archive.org/web/20121015005548/http://www.networkworld.com/news/2011/031811-rsa-breach-reassure.html |archive-date=15 October 2012 }}</ref> lend credibility to this hypothesis.

RSA stated it did not release details about the extent of the attack so as to not give potential attackers information they could use in figuring out how to attack the system.<ref>{{cite web |last=Bright |first=Peter |title=RSA finally comes clean: SecurID is compromised |publisher=Ars Technica |date=6 June 2011 |url=https://arstechnica.com/security/news/2011/06/rsa-finally-comes-clean-securid-is-compromised.ars |access-date=14 June 2017 |archive-date=8 May 2012 |archive-url=https://web.archive.org/web/20120508020926/http://arstechnica.com/security/news/2011/06/rsa-finally-comes-clean-securid-is-compromised.ars |url-status=live }}</ref>

On 6 June 2011, RSA offered token replacements or free security monitoring services to any of its more than 30,000 SecurID customers, following an attempted cyber breach on defense customer [[Lockheed Martin]] that appeared to be related to the SecurID information stolen from RSA.<ref>{{cite news |title=Security 'Tokens' Take Hit |publisher=Wall Street Journal |date=7 June 2011 |url=https://www.wsj.com/articles/SB10001424052702304906004576369990616694366 |first1=Siobhan |last1=Gorman |first2=Shara |last2=Tibken |archive-date=29 October 2017 |access-date=8 August 2017 |archive-url=https://web.archive.org/web/20171029170750/https://www.wsj.com/articles/SB10001424052702304906004576369990616694366 |url-status=live }}</ref> In spite of the resulting attack on one of its defense customers, company chairman Art Coviello said that "We believe and still believe that the customers are protected".<ref>{{cite news |title=RSA forced to replace nearly all of its millions of tokens after security breach |publisher=News Limited |date=7 June 2011 |url=http://www.theaustralian.com.au/business/rsa-forced-to-replace-nearly-all-of-its-millions-of-tokens-after-security-breach/story-e6frgak6-1226071087832 |first1=Siobhan |last1=Gorman |first2=Shara |last2=Tibken |archive-date=9 October 2016 |access-date=7 June 2011 |archive-url=https://web.archive.org/web/20161009013500/http://www.theaustralian.com.au/business/rsa-forced-to-replace-nearly-all-of-its-millions-of-tokens-after-security-breach/story-e6frgak6-1226071087832 |url-status=live }}</ref>

=== Resulting attacks ===
In April 2011, unconfirmed rumors cited [[L-3 Communications]] as having been attacked as a result of the RSA compromise.<ref>{{cite news |last=Mills |first=Elinor |title=China linked to new breaches tied to RSA |publisher=CNet |date=6 June 2011 |url=http://news.cnet.com/8301-27080_3-20068836-245/china-linked-to-new-breaches-tied-to-rsa/ |archive-date=6 June 2011 |access-date=7 June 2011 |archive-url=https://web.archive.org/web/20110606124241/http://news.cnet.com/8301-27080_3-20068836-245/china-linked-to-new-breaches-tied-to-rsa/ |url-status=live }}</ref>

In May 2011, this information was used to attack [[Lockheed Martin]] systems.<ref>{{cite news |last=Leyden |first=John |title=Lockheed Martin suspends remote access after network 'intrusion' |publisher=The Register |date=27 May 2011 |url=http://www.channelregister.co.uk/2011/05/27/lockheed_securid_hack_flap/ |archive-date=9 November 2011 |access-date=28 May 2011 |archive-url=https://web.archive.org/web/20111109101854/http://www.channelregister.co.uk/2011/05/27/lockheed_securid_hack_flap/ |url-status=live }}</ref><ref>{{cite news |title=Stolen Data Is Tracked to Hacking at Lockheed |work=New York Times |date=3 June 2011 |url=https://www.nytimes.com/2011/06/04/technology/04security.html |first=Christopher |last=Drew}}</ref> However Lockheed Martin claims that due to "aggressive actions" by the company's [[information security]] team, "No customer, program or employee personal data" was compromised by this "significant and tenacious attack".<ref>{{cite news |url=https://www.google.com/hostednews/afp/article/ALeqM5hO0TYWRsxt1CKUUEXKd04BQwsdGQ?docId=CNG.377fe057126251044306fe73e1e5ae83.401 |archive-url=https://archive.today/20120907074904/http://www.google.com/hostednews/afp/article/ALeqM5hO0TYWRsxt1CKUUEXKd04BQwsdGQ?docId=CNG.377fe057126251044306fe73e1e5ae83.401 |url-status=dead |archive-date=September 7, 2012 |title=Lockheed Martin confirms attack on its IT network |publisher=AFP |date=28 May 2011}}</ref> The [[Department of Homeland Security]] and the [[US Defense Department]] offered help to determine the scope of the attack.<ref>{{cite news |last=Wolf |first=Jim |url=http://uk.reuters.com/article/2011/05/28/us-usa-defense-hackers-idUKTRE74Q6VY20110528 |archive-url=https://web.archive.org/web/20120613194007/http://uk.reuters.com/article/2011/05/28/us-usa-defense-hackers-idUKTRE74Q6VY20110528 |url-status=dead |archive-date=13 June 2012 |title=Lockheed Martin hit by cyber incident, U.S. says |publisher=Reuters |date=28 May 2011}}</ref>

== References ==
{{Reflist|2}}

== External links ==
{{Commons category|RSA SecurID}}
* [https://www.rsa.com/en-us/products/rsa-securid-suite Official RSA SecurID website]
;Technical details
* [http://seclists.org/bugtraq/2000/Dec/459 Sample SecurID Token Emulator with token Secret Import] I.C.Wiener, Bugtraq post.
* [http://www.homeport.org/~adam/dimacs.html Apparent Weaknesses in the Security Dynamics Client/Server Protocol] Adam Shostack, 1996.
* [https://groups.google.com/group/comp.security.misc/browse_frm/thread/e00fa564dc6aba5a/1f8529e8df4e02dc?tvc=1&hl=en#1f8529e8df4e02dc Usenet thread discussing new SecurID details] Vin McLellan, et al., ''comp.security.misc''.
* [https://archive.today/20130105085534/http://tech.groups.yahoo.com/group/securid-users/ Unofficial SecurID information and some reverse-engineering attempts] Yahoo Groups ''securid-users''.
* [https://web.archive.org/web/20110322041959/http://intrepidusgroup.com/insight/2011/03/risk-posed-by-securid-hack/ Analysis of possible risks from 2011 compromise]

;Published attacks against the SecurID hash function
* [http://eprint.iacr.org/2003/162.pdf Cryptanalysis of the Alleged SecurID Hash Function] (PDF) [[Alex Biryukov]], [[Joseph Lano]], and [[Bart Preneel]].
* [http://eprint.iacr.org/2003/205.pdf Improved Cryptanalysis of SecurID] (PDF) Scott Contini and [[Yiqun Lisa Yin]].
* [http://palms.ee.princeton.edu/PALMSopen/contini04fast.pdf Fast Software-Based Attacks on SecurID] (PDF) Scott Contini and [[Yiqun Lisa Yin]].

{{Hacking in the 2010s}}

{{DEFAULTSORT:Securid}}
[[Category:Computer security hardware]]
[[Category:EMC Corporation]]
[[Category:Password authentication]]