Blog – Page 5

Cryptographic Authentication Is Not That Easy After All

See also the cryptographic authentication page.

Updated as shown below.

At the last Internet Identity Workshop (IIW) we gave a demo of a sample web app that featured cryptographic authentication, and argued that implementing cryptographic authentication is easy. Later, in the blog post Easy, Password-Free, Cryptographic Authentication for Web Applications I discussed the code of the sample web app and said that cryptographic authentication provides a “simple alternative” to authentication with a password. The issues discussed in the post, however, were not simple! Since then we have had to revise the code of the demo several times to fix bugs and, in the process, we have come to realize that cryptographic authentication is not that easy after all. It does not take much code, but it requires a lot of attention to detail to avoid a variety of pitfalls.

In this post I recapitulate the pitfalls that we have encountered (some of which were already discussed in the earlier post) and explain how we avoid them in the latest version of the demo code.

Pomcor Granted Patent on Multifactor Cryptographic Authentication

Pomcor has recently been granted US Patent 9,887,989 on a multifactor cryptographic authentication technique that uses a cryptographic key pair in conjunction with a password and/or a biometric key while protecting the password and biometric data against back-end security breaches. All our patents are available for licensing.

At the last Internet Identity Workshop we demonstrated single factor cryptographic authentication, not covered by the patent, where a key pair stored in browser local storage is used instead of a password for authentication to a web application. (A proof-of-concept implementation of a simple web app is available in the PJCL web page and described in the previous post.) Cryptographic authentication has huge advantages over password authentication, as passwords are vulnerable to back-end database breaches, phishing attacks, and password reuse at malicious or insecure sites. But when used in multifactor authentication, a password provides the unique benefit of being something that the user knows, independent of something that the user has (a device that contains a private key or is able to generate or receive one-time codes) and something that the user is (a biometric feature). Our latest patent discloses a novel multifactor authentication technique where a password can provide this benefit while being immune to the vulnerabilities of conventionally used passwords.

Easy, Password-Free, Cryptographic Authentication for Web Applications

See also the cryptographic authentication page.

Update. The demo code mentioned below has been updated to fix bugs. If you find any additional bugs please report them through the contact form ~~or by posting to the PJCL forum~~. (The PJCL user forum has been discontinued as of May 27, 2018.) The date of the latest update will be shown in the PJCL page. Please see also the blog post Cryptographic Authentication Is Not That Easy After All.

For years there has been consensus that passwords have to go. To the many reasons for not using password authentication, the European GDPR will add, when it goes into effect on May 25, stringent requirements to notify users and regulators when passwords are compromised, backed by substantial fines. And yet, passwords are still the dominant authentication technology for web applications. This is because the alternatives that have been proposed and tried so far are complicated and expensive to implement. But there is a simple alternative that you can implement yourself, if you are a web application developer: cryptographic authentication with a digital-signature key pair stored in the browser.

At last week’s Internet Identity Workshop (IIW) we showed how easy it is to implement this alternative. We gave a demo of a sample web application, exercising the user interface and looking at the code. The sample application was implemented in Node.js and used the Pomcor JavaScript cryptographic library (PJCL) on the client and server sides. The code of the sample application, which we will refer to as the demo code, can be found in the PJCL page of the Pomcor site (subsequently modified as explained below to accommodate Internet Explorer).

PJCL Can Now Be Used in Node.js Server-Side Code Exactly as in the Browser

We have just released Revision 1 of Version 0.9.1 of the Pomcor JavaScript Cryptographic library (PJCL), which changes the way in which library functions are defined, making it easier to use PJCL in Node.js. In this post I describe the change and explain why it is important for full stack web application development.

Second Release of PJCL Expands Functionality Following NIST Cryptographic Specifications

Today we have released version 0.9.1 of the Pomcor JavaScript Crytpographic Library (PJCL). The initial public release provided digital signature functionality, which we had been using internally for our own research on authentication and identity proofing. This release adds key agreement and key derivation functionality. The next release will provide symmetric and asymmetric encryption primitives, including AES and RSA. To be notified of future releases you may ~~sign up for the user forum~~, subscribe to the feed of this blog, or follow me on Twitter (@fcorella). (Update: The PJCL user forum has been discontinued as of May 27, 2018.)

PJCL can be used in any JavaScript environment, both client-side (e.g. in a browser) and server-side (e.g. under Node.js). It comes with extensive documentation on the functionality that it provides, which includes:

Pomcor Releases JavaScript Cryptographic and Big Integer Library

We have just released a beta version of a JavaScript cryptographic library usable in any JavaScript environment and based on very fast big integer arithmetic functionality that may be of interest in its own right.

The Pomcor JavaScript Cryptographic Library (PJCL) is available free of charge for any kind of use, but not under a traditional open source license. The traditional open source paradigm encourages contributions by the developer community at large, but we believe that this paradigm is not well suited to cryptography. To protect the integrity of the cryptographic code, the license prohibits modification of the cryptographic functions.

We have been using the library internally for our own research on authentication and identity proofing, and this first release includes symmetric and asymmetric digital signature functionality, including HMAC, DSA, and ECDSA with NIST curves. Future releases will provide broader cryptographic functionality, including encryption and key exchange. We believe that the library provides the only available JavaScript implementation of DSA, which is important to those wary of the opportunities for hiding backdoors that might be provided by elliptic curve technology.

The underlying big integer functionality includes Karatsuba multiplication. Continue reading “Pomcor Releases JavaScript Cryptographic and Big Integer Library”

Storing Cryptographic Keys in Persistent Browser Storage

This blog post is a companion to a presentation made at the 2017 International Cryptographic Module Conference and refers to the presentation slides, revised after the conference. Karen Lewison is a co-author of the presentation and of this blog post.

Slide 2: Key storage in web clients

Most Web applications today use TLS, thus relying on cryptography to provide a secure channel between client and server, and to authenticate the server to the client by means of a cryptographic credential, consisting of a TLS server certificate and its associated private key. But other uses of cryptography by Web applications are still rare. Client authentication still relies primarily on traditional username-and-password, one-time passwords, proof of possession of a mobile phone, biometrics, or combinations of two or more of such authentication factors. Web payments still rely on a credit card number being considered a secret. Encrypted messaging is on the rise, but is not Web-based.

A major obstacle to broader use of cryptography by Web applications is the problem of where to store cryptographic keys on the client side. Continue reading “Storing Cryptographic Keys in Persistent Browser Storage”

What kind of “encrypted fingerprint template” is used by MasterCard?

In a press release, MasterCard announced yesterday an EMV payment card that features a fingerprint reader. The release said that two trials have been recently concluded in South Africa and, after additional trials, a full roll out is expected this year.

In the United States, EMV chip cards are used without a PIN. The fingerprint reader is no doubt intended to fill that security gap. But any use of biometrics raises privacy concerns. Perhaps to address such concerns, the press release stated that a fingerprint template stored in the card is “encrypted”.

That’s puzzling. If the template is encrypted, what key is used to decrypt it before use?

Comments on the Recommended Use of Biometrics in the New Digital Identity Guidelines, NIST SP 800-63-3

NIST is working on the third revision of SP 800-63, which used to be called the Electronic Authentication Guideline and has now been renamed the Digital Identity Guidelines. An important change in the current draft of the third revision is a much expanded scope for biometrics. The following are comments by Pomcor on that aspect of the new guidelines, and more specifically on Section 5.2.3 of Part B, which we have sent to NIST in response to a call for public comments.

The draft is right in recommending the use of presentation attack detection (PAD). We think it should go farther and make PAD a mandatory requirement right away, without waiting for a future edition as stated in a note.

But the draft only considers PAD performed at the sensor. Continue reading “Comments on the Recommended Use of Biometrics in the New Digital Identity Guidelines, NIST SP 800-63-3”

Using Near-Field Communication for Remote Identity Proofing

This is the last of a four-part series of posts presenting results of a project sponsored by an SBIR Phase I grant from the US Department of Homeland Security. These posts do not necessarily reflect the position or the policy of the US Government.

We have just published a paper presenting the last three of the five solutions that we have identified in the research project on remote identity proofing that we are now finalizing. Solutions 3–5 use Near-Field Communication (NFC) technology for remote identity proofing. Each of the solutions uses a preexisting NFC-enabled hardware token designed for some other purpose as a credential in remote identity proofing. A native app running on an NFC-enabled mobile device serves as a relay between the NFC token and the remote verifier.

In Solution 3 the token is a contactless EMV payment card. In Solution 4, the token is a medical identification smart card containing a private key and a certificate that binds the associated public key to attributes and a facial image. In Solution 5, the token is an e-Passport with an embedded RFID chip that contains signed data comprising biographic data and a facial image.

In solutions 4 and 5 a native app submits to the verifier an audio-visual stream of the subject reading prompted text. The verifier matches the face in the video to the facial image in the NFC token, uses speech recognition technology to verify that the subject is reading the text that was prompted, and verifies that the audio and video channels of the stream are in synchrony by matching distinguishable visemes in the video channel to phonemes in the audio channel.

See also:

The Remote Identity Proofing page, with links to other materials related to the project.