Use cryptography appropriately Use of cryptography is critical to providing authentication. Without the use of cryptography, it is not possible to protect a system from the weakest of adversaries. However, designing cryptographic systems is a difficult and subtle task. We offer some hints to help guide the prospective designer in using the cryptographic tools available.
Use the appropriate amount of security An important general design hint is to Keep It Simple, Stupid. The more complex the scheme, the harder it is to develop compelling arguments that it is secure. If you are designing or selecting a system, choose one that provides the right amount of security for your needs. For example, an online newspaper cares about receiving compensation for content. An online brokerage cares about confidentiality, integrity, and authentication of information. These security needs are very different and can be satisfied by different systems. There are usually tradeoffs between the user interface, usability, and performance. Choosing an overly complex or feature full system will make management more difficult; this can easily result in security breaches.
Do not be inventive It is a general rule in cryptography that secure systems should be designed by people with experience. Time has repeatedly shown that systems designed or implemented by amateurs are weak and easily broken. Thus, while we encourage research in developing authentication systems for the Web, it is very risky to design your own authentication system. This is closely related to our next hint. If you do choose to implement your own scheme, you should make your protocol publicly available for review.
Do not rely on the secrecy of a protocol A security system should not rely on the secrecy of its protocol. A protocol whose security relies on obscurity is vulnerable to an exposure of the protocol. If there are any flaws, such an exposure may reveal them. For example, a secret system can be probed by an interrogative adversary to determine its behavior to valid and invalid inputs. This technique allowed us to reverse engineer the WSJ.com client authentication protocol. By creating several valid accounts and comparing the authenticators returned by the system, we were able to determine that the authenticator was the output of crypt (salt, username + secret string) where + denotes concatenation. Once we understood the format of the authenticator, we were able to quickly recover the secret string, “March20”, by mounting an adaptive chosen message attack. Each query takes 1 second, this program finishes in 17 minutes instead of the intended years. This information constitutes a total break, allowing us to mint valid authenticators for all users. On the other hand, Open Market published their design and implementation. Instead of relying on the secrecy of the scheme, rely on the secrecy of a well-selected set of keys. Ensure that the protocol is public so that it can be reviewed for flaws and improved. This will lead to a more secure system than a private protocol which appears undefeatable but may in practice be fairly easy to break. If you are hesitant to reveal the details of an authentication scheme, then you likely fear that it is vulnerable to an attack by an interrogative adversary.
1 comment, (758 reads) All Articles by, GentleGiant
If you want to improve security have to delve into the study of processes accompanying security. Do not get on the old baggage of knowledge to provide protection at the right level. Often, other than news, now we need to read the specific information. That is a given, it becomes more difficult ...