Security token

USB token to keep a secret key safe

Matrix tokens, different sizes

A security token (simply: token ) is a hardware component used to identify and authenticate users. Sometimes it is also used to refer to software tokens. They are usually part of an access control system with two-factor authentication .

A token is also referred to using the terms electronic key or chip key .

If necessary, further features are to be used for authentication against misuse. a. knowledge of a password or PIN or biometric characteristics of the user. Security tokens can be personalized; they are then clearly assigned to a specific user.

Designs and technologies

The technical umbrella term token describes all technologies used equally and does not depend on a specific appearance of the hardware. This includes all objects that can store and transmit information for the purpose of identification and authentication.

Passive media

With smart cards , it also is token. USB tokens which are connected to a USB port have the advantages of a smart card without the need for a card reader .

Contactless tokens are also used, see RFID . These so-called transponders can be integrated in key fobs (so-called fobs ), chip cards and any other product, as long as their properties do not interfere with the function. The respective product thus becomes a token itself. The other station must activate the token and also be able to read it.

Common Uses:

Vehicle and building keys
Clothing, watches and jewelry
Implants in animals ( chipping )

SecurID token generator from RSA Security as a key fob

There are also token generators that display a constantly changing and time-limited combination of numbers as a security token using the one-time password (OTP) method . The generator and the server calculate this pseudo-random number at the same time. This enables a clear authentication . If necessary, this number is also generated with a smart card in a portable reader. A PIN and / or a request code must often be entered into the device as additional security features. An example of this is the Sm @ rt TAN procedure.

Trusted Platform Modules (TPM) are chips that store secret keys similar to a smart card. In this case, the chip is built into a device, e.g. B. soldered onto a computer mainboard. The whole device becomes a token. It is now possible to assign a device that can be clearly identified via the TPM to a user. The TPM also offers the possibility of access protection to the device ( pre-boot authentication ). In this way, the user can be authenticated (indirectly).

Active media

USB security token YubiKey

There are also commercially available devices that work as tokens and transmit an authentication factor. For this, communication between the device and the test device or workstation must be possible. In addition, bidirectional transmission, for example, must be possible for secure authentication.

Well-known examples are:

Mobile phones or smartphones etc. with pin cards according to 3GPP standards
USB , NFC and Bluetooth tokens based on the open U2F standard of the FIDO alliance
active UHF transponders (RFID UHF active 868 MHz, all proprietary, no international standard) or (RFID UHF active 433 MHz ISO / IEC 18000-7 or proprietary, RFID microwave active 2.45 GHz ISO / IEC 18000-4 or proprietary)
active LF transponders (RFID LF active 128 kHz, 134 kHz, all proprietary, no international standard)
active HF transponder (RFID HF active 13.56 MHz, all proprietary, no international standard)
galvanically coupled tokens (1-Wire, chips are no longer recommended for new developments)
conventional chip cards according to ISO standards ISO / IEC 10536 , ISO / IEC 14443 (proximity card), ISO / IEC 15693 (vicinity card),
RFID NFC ( Near Field Communication according to ISO 18092, ISO 21481 etc.)

A special test device (RFID standard or proprietary solution) or an interface (1-Wire) must be connected to each individual workstation.

On the other hand, when using Bluetooth V4.0, the necessary infrastructure is included in all modern PCs, PDAs and smartphones (expected from 2011Q2). The smartphone then works as a smart agent through an autonomous test process that does not require any operator action for simple authentication.

Well-known examples are:

Mobile phones or smartphones etc. with Bluetooth interface IEEE 802.15.1 (function Bluetooth V4.0 standard protocols 2.45 GHz with various standard profiles)
Special Bluetooth tokens (function Bluetooth V4.0 protocol "Stack Low Energy" 2.45 GHz)

Purposes

Security tokens are mostly used as (user) credentials to secure transactions:

for logging on to workstation computers, (company or authority) networks , e.g. B. a Windows domain
to use internet services , especially as an HBCI card for online banking
as a key container for data and email encryption as well as digital signatures
as access authorization and ID (e.g. company ID, e-passport , car key)
for personnel time recording
as a SIM card in mobile phones
As a means of payment and / or customer card at machines and customer terminals (e.g. telephone booth )
as an access card to pay TV offers
as a bank card, usually in one unit with the cash card , for the use of ATMs and payment terminals
as a health insurance card ; the (future) electronic health card will also be used as a token for access to a data network
as tickets and admission tickets
as a security module for unique identification e.g. B. Trusted Platform Module
in digital rights management ; here the right to use data (software, music, e-books, ...) may be linked to the hardware

In general, decentralized systems in which data was stored on the token itself are increasingly being replaced by networked systems in which the token is only used as identification.

The issuer of the token preferably integrates several functions into one token in order to achieve " added value " through the use of the token and to create comprehensive usage and movement profiles.

Authentication process (schematic)

The user initiates the data exchange between the token and the test system by z. B. holds the token in front of a reader.
The reader identifies the token via its unique identification number (s), such as its type number, a media serial number, a carrier registration number and / or a user class number.
The data record read from the token is compared by the test system with corresponding local reference data according to a well-defined test procedure: the token is authenticated using challenge-response authentication ; further test data may be requested from the token carrier as additional security features, such as a PIN.
To be on the safe side, the local reference data is compared with further reference data from a database on a remote server (e.g. via a dedicated line or a protected dial-up line ).
If the token is invalid or additional reference data is invalid, the test system rejects further accesses.
To trace the authentication, event data from the test process is sent back to the server.
The test system releases the use permitted for the carrier of the token, such as functions and / or data.

Security, forgery, manipulation

For security-critical applications, a security token must be a unique item that is specially protected against manipulation and duplication or forgery .

High security

The security token must generate one-time session key from a fixed secret stored in the token, the so-called primary key. For this purpose, a crypto processor is used, which are specially equipped microcontrollers which are equipped with additional security functions. These safety functions primarily protect against unintentional readout and reverse engineering , for example by completely missing development interfaces such as JTAG on the circuit . There are also cryptographic methods are used. The cryptographic processes then take place within the chip.

Low security

Methods that only allow identification but not authentication are also used in practice for authentication. A code of such a token is not forgery-proof, since the identification feature can be freely read and reproduced. These methods include a. Solutions with passive RFID chips that have a unique serial number and have been developed in accordance with various ISO standards for use in electronic labels (tags).

Pure storage solutions with chip cards, magnetic stripe cards , barcodes , key files on data carriers such as USB sticks and the classic key are unsafe in the sense of copying .

Hazards

An attack can also take place on the communication between an (otherwise secure) token and the reader, in the simplest case via a replay attack . Freely accessible (USB) connecting cables allow data loggers to be connected easily . In particular, if there is no mechanical and / or optical control of the token by the reader or operating personnel, devices that do not need to be similar to the original token in type and size can also be used to overcome the system. Radio transmissions can often still be recorded at a great distance and thus offer a large target area for manipulation.

Hindrance from manipulation

There will never be an absolutely secure solution with a single authentication factor; every security method can be overcome. The design of the token and the type of (mechanical, electrical, magnetic, optical, ...) data transmission have a major influence on the protection against manipulation. For example, a chip card can be drawn in completely by a reader and shielded. The implementation of a reader or customer terminal as a compact unit protected against theft, exchange and other manipulation also makes a significant contribution to security.

Discussion about solutions

The differentiation of the use cases is a prerequisite for a meaningful evaluation of the security, for example for:

Access control from public spaces
Access control in public spaces
Access control in a well-secured room
Access control with good separation from the environment

All applications in public space are inevitably at risk from unauthorized third parties. Contrary claims rely on restrictions that are usually not mentioned explicitly, for example the maximum usable reading distance. The convenience of handling always goes hand in hand with hazards. Generalizations are not helpful.

advantages and disadvantages

advantages

The use of tokens offers maximum security against unauthorized use under the following conditions:

at least one further authentication feature is used, e.g. B. PIN.
the token is actually unique and cannot be copied or manipulated, see skimming with EC cards and credit cards
the token can be blocked in the system in the event of theft or loss to prevent unauthorized use
Tokens can be used covertly with radio procedures

disadvantage

A token as the sole authentication feature without a second independent authentication feature does not offer reliable protection against manipulation, loss or attacks;
Like any technical solution, the use of tokens causes costs for the production, registration and / or personalization, distribution and provision of infrastructure in the form of testing or reading devices and software;
the token can be destroyed or lost and then temporarily exclude the user from important functions of daily life or work;
the token, and therefore its user, is always clearly identifiable: access for anonymous users is not intended due to a lack of security.

Web links

Commons : Smart card tokens - collection of images, videos and audio files

Individual evidence

[1] NFC payment system

[2] Credit card details not secure