Authentication

Easy, Password-Free, Cryptographic Authentication for Web Applications

For years there has been consensus that passwords have to go. To the many reasons for not using password authentication, the European GDPR will add, when it goes into effect on May 25, stringent requirements to notify users and regulators when passwords are compromised, backed by substantial fines. And yet, passwords are still the dominant authentication technology for web applications. This is because the alternatives that have been proposed and tried so far are complicated and expensive to implement. But there is a simple alternative that you can implement yourself, if you are a web application developer: cryptographic authentication with a digital-signature key pair stored in the browser.

At last week’s Internet Identity Workshop (IIW) we showed how easy it is to implement this alternative. We gave a demo of a sample web application, exercising the user interface and looking at the code. The sample application was implemented in Node.js and used the Pomcor JavaScript cryptographic library (PJCL) on the client and server sides. The code of the sample application, which we will refer to as the demo code, can be found in the PJCL page of the Pomcor site (subsequently modified as explained below to accommodate Internet Explorer).

Second Release of PJCL Expands Functionality Following NIST Cryptographic Specifications

Today we have released version 0.9.1 of the Pomcor JavaScript Crytpographic Library (PJCL). The initial public release provided digital signature functionality, which we had been using internally for our own research on authentication and identity proofing. This release adds key agreement and key derivation functionality. The next release will provide symmetric and asymmetric encryption primitives, including AES and RSA. To be notified of future releases you may sign up for the user forum, subscribe to this blog, or follow me on Twitter (@fcorella).

PJCL can be used in any JavaScript environment, both client-side (e.g. in a browser) and server-side (e.g. under Node.js). It comes with extensive documentation on the functionality that it provides, which includes:

Pomcor Releases JavaScript Cryptographic and Big Integer Library

We have just released a beta version of a JavaScript cryptographic library usable in any JavaScript environment and based on very fast big integer arithmetic functionality that may be of interest in its own right.

The Pomcor JavaScript Cryptographic Library (PJCL) is available free of charge for any kind of use, but not under a traditional open source license. The traditional open source paradigm encourages contributions by the developer community at large, but we believe that this paradigm is not well suited to cryptography. To protect the integrity of the cryptographic code, the license prohibits modification of the cryptographic functions.

We have been using the library internally for our own research on authentication and identity proofing, and this first release includes symmetric and asymmetric digital signature functionality, including HMAC, DSA, and ECDSA with NIST curves. Future releases will provide broader cryptographic functionality, including encryption and key exchange. We believe that the library provides the only available JavaScript implementation of DSA, which is important to those wary of the opportunities for hiding backdoors that might be provided by elliptic curve technology.

The underlying big integer functionality includes Karatsuba multiplication. Continue reading “Pomcor Releases JavaScript Cryptographic and Big Integer Library”

Storing Cryptographic Keys in Persistent Browser Storage

This blog post is a companion to a presentation made at the 2017 International Cryptographic Module Conference and refers to the presentation slides, revised after the conference. Karen Lewison is a co-author of the presentation and of this blog post.

Slide 2: Key storage in web clients

Most Web applications today use TLS, thus relying on cryptography to provide a secure channel between client and server, and to authenticate the server to the client by means of a cryptographic credential, consisting of a TLS server certificate and its associated private key. But other uses of cryptography by Web applications are still rare. Client authentication still relies primarily on traditional username-and-password, one-time passwords, proof of possession of a mobile phone, biometrics, or combinations of two or more of such authentication factors. Web payments still rely on a credit card number being considered a secret. Encrypted messaging is on the rise, but is not Web-based.

A major obstacle to broader use of cryptography by Web applications is the problem of where to store cryptographic keys on the client side. Continue reading “Storing Cryptographic Keys in Persistent Browser Storage”

Comments on the Recommended Use of Biometrics in the New Digital Identity Guidelines, NIST SP 800-63-3

NIST is working on the third revision of SP 800-63, which used to be called the Electronic Authentication Guideline and has now been renamed the Digital Identity Guidelines. An important change in the current draft of the third revision is a much expanded scope for biometrics. The following are comments by Pomcor on that aspect of the new guidelines, and more specifically on Section 5.2.3 of Part B, which we have sent to NIST in response to a call for public comments.

The draft is right in recommending the use of presentation attack detection (PAD). We think it should go farther and make PAD a mandatory requirement right away, without waiting for a future edition as stated in a note.

But the draft only considers PAD performed at the sensor. Continue reading “Comments on the Recommended Use of Biometrics in the New Digital Identity Guidelines, NIST SP 800-63-3”

Remote Identity Proofing Discussed at the Internet Identity Workshop

This is Part 3 of a series of posts presenting results of a project sponsored by an SBIR Phase I grant from the US Department of Homeland Security. These posts do not necessarily reflect the position or the policy of the US Government.

To get community feedback on our remote identity proofing project we made a presentation two days ago at the 23rd Internet Identity Workshop in Mountain View. The slides can be found here. We were gratified that the feedback was positive and there were in-depth discussions with identity experts both during and after the presentation.

We started by explaining the goal of the project. Remote identity proofing has often relied on asking the subject multiple-choice “knowledge questions” (e.g. which of the following zip codes did you live in five years ago?). This method is terrible for privacy, since it relies on the identity proofing service gathering and using troves of personal information about people. Furthermore, due to the proliferation of personal data available online, it has now become ineffective. Continue reading “Remote Identity Proofing Discussed at the Internet Identity Workshop”

Implementing a PKI on a Blockchain

This is Part 2 of a series of posts presenting results of a project sponsored by an SBIR Phase I grant from the US Department of Homeland Security. These posts do not necessarily reflect the position or the policy of the US Government.

In the previous post I described the concept of a rich credential, and how a rich credential issued by an identity source can allow a subject to identify him/herself remotely to a verifier with a key pair, a password, and one or more biometric samples such as facial image, even if there is no prior relationship between the subject and the verifier. That was Solution 1, the first of five solutions that we have identified as possible alternatives to knowledge-based verification in the course of our research project on remote identity proofing.

We have now published a paper on Solution 2. In Solution 1 the identity source was a DMV. In Solution 2 the identity source is a bank.

Rich Credentials for Three-Factor Identity Verification without Prior Relationship

This is Part 1 of a series of posts presenting results of a project sponsored by an SBIR Phase I grant from the US Department of Homeland Security. These posts do not necessarily reflect the position or the policy of the US Government.

We have just published a paper on the first of five remote identity proofing solutions, which we have identified as possible alternatives to knowledge-based verification in the course of the research project mentioned in the previous post. The paper describes in detail a new type of credential, which we call a rich credential, that could be issued by an identity source such as a DMV and would enable multifactor identity verification by a remote verifier. In this post I will try to explain the motivations that led us to come up with the concept of a rich credential as the basis of Solution 1.

In-person identity proofing typically relies on the presentation of a picture ID, such as a driver’s license or a passport, as the primary evidence of identity, supplemented by secondary evidence from different identity sources, such as proof of ownership of utility, financial or mobile accounts and address verification. Remote presentation of the secondary evidence is not much of a problem, so in the project we have focused on replacing the picture ID with other kinds of primary evidence that can be presented remotely.

Revocable Biometrics Discussion at the Internet Identity Workshop

One thing I like about the Internet Identity Workshop (IIW) is its unconference format, which allows for impromptu sessions. A discussion during one session can raise an issue that deserves its own session, and an impromptu session can be called the same day or the following day to discuss it. A good example of this happened at the last IIW (IIW XXII), which was held on April 26-28, 2016 at the Computer History Museum in Mountain View, California.

During the second day of the workshop, a participant in a session drew attention to one of the dangers of using biometrics for authentication, viz. the fact that biometrics are not revocable. This is true in the sense that you cannot change at will the biometric features of the human body, and it is a strong reason for using biometrics sparingly; but I pointed out that there is something called “revocable biometrics”. Continue reading “Revocable Biometrics Discussion at the Internet Identity Workshop”

Faster Modular Exponentiation in JavaScript

Modular exponentiation is the algorithm whose performance determines the performance and practicality of many public key cryptosystems, including RSA, DH and DSA. We have recently achieved a manyfold improvement in the performance of modular exponentiation in JavaScript over the implementation of modular exponentiation in the Stanford JavaScript Crypto Library (SJCL). JavaScript was originally intended for performing simple tasks in web pages, but it has grown into a sophisticated general purpose programming language used for both client and server computing, which is arguably the most important programming language today. Good performance of public key cryptography is difficult to achieve in JavaScript, because JavaScript is an interpreted language inherently slower than a compiled language such as C, and provides floating point arithmetic but no integer arithmetic. But fast JavaScript public key cryptography is worth the effort, because it may radically change the way cryptography is used in web applications. Continue reading “Faster Modular Exponentiation in JavaScript”