A security token (simply: token ) is a hardware component used to identify and authenticate users. Sometimes it is also used to refer to software tokens. They are usually part of an access control system with two-factor authentication .
A token is also referred to using the terms electronic key or chip key .
If necessary, further features are to be used for authentication against misuse. a. knowledge of a password or PIN or biometric characteristics of the user. Security tokens can be personalized; they are then clearly assigned to a specific user.
Designs and technologies
The technical umbrella term token describes all technologies used equally and does not depend on a specific appearance of the hardware. This includes all objects that can store and transmit information for the purpose of identification and authentication.
Contactless tokens are also used, see RFID . These so-called transponders can be integrated in key fobs (so-called fobs ), chip cards and any other product, as long as their properties do not interfere with the function. The respective product thus becomes a token itself. The other station must activate the token and also be able to read it.
- Vehicle and building keys
- Clothing, watches and jewelry
- Implants in animals ( chipping )
There are also token generators that display a constantly changing and time-limited combination of numbers as a security token using the one-time password (OTP) method . The generator and the server calculate this pseudo-random number at the same time. This enables a clear authentication . If necessary, this number is also generated with a smart card in a portable reader. A PIN and / or a request code must often be entered into the device as additional security features. An example of this is the Sm @ rt TAN procedure.
Trusted Platform Modules (TPM) are chips that store secret keys similar to a smart card. In this case, the chip is built into a device, e.g. B. soldered onto a computer mainboard. The whole device becomes a token. It is now possible to assign a device that can be clearly identified via the TPM to a user. The TPM also offers the possibility of access protection to the device ( pre-boot authentication ). In this way, the user can be authenticated (indirectly).
There are also commercially available devices that work as tokens and transmit an authentication factor. For this, communication between the device and the test device or workstation must be possible. In addition, bidirectional transmission, for example, must be possible for secure authentication.
Well-known examples are:
- Mobile phones or smartphones etc. with pin cards according to 3GPP standards
- USB , NFC and Bluetooth tokens based on the open U2F standard of the FIDO alliance
- active UHF transponders (RFID UHF active 868 MHz, all proprietary, no international standard) or (RFID UHF active 433 MHz ISO / IEC 18000-7 or proprietary, RFID microwave active 2.45 GHz ISO / IEC 18000-4 or proprietary)
- active LF transponders (RFID LF active 128 kHz, 134 kHz, all proprietary, no international standard)
- active HF transponder (RFID HF active 13.56 MHz, all proprietary, no international standard)
- galvanically coupled tokens (1-Wire, chips are no longer recommended for new developments)
- conventional chip cards according to ISO standards ISO / IEC 10536 , ISO / IEC 14443 (proximity card), ISO / IEC 15693 (vicinity card),
- RFID NFC ( Near Field Communication according to ISO 18092, ISO 21481 etc.)
A special test device (RFID standard or proprietary solution) or an interface (1-Wire) must be connected to each individual workstation.
On the other hand, when using Bluetooth V4.0, the necessary infrastructure is included in all modern PCs, PDAs and smartphones (expected from 2011Q2). The smartphone then works as a smart agent through an autonomous test process that does not require any operator action for simple authentication.
Well-known examples are:
- Mobile phones or smartphones etc. with Bluetooth interface IEEE 802.15.1 (function Bluetooth V4.0 standard protocols 2.45 GHz with various standard profiles)
- Special Bluetooth tokens (function Bluetooth V4.0 protocol "Stack Low Energy" 2.45 GHz)
Security tokens are mostly used as (user) credentials to secure transactions:
- for logging on to workstation computers, (company or authority) networks , e.g. B. a Windows domain
- to use internet services , especially as an HBCI card for online banking
- as a key container for data and email encryption as well as digital signatures
- as access authorization and ID (e.g. company ID, e-passport , car key)
- for personnel time recording
- as a SIM card in mobile phones
- As a means of payment and / or customer card at machines and customer terminals (e.g. telephone booth )
- as an access card to pay TV offers
- as a bank card, usually in one unit with the cash card , for the use of ATMs and payment terminals
- as a health insurance card ; the (future) electronic health card will also be used as a token for access to a data network
- as tickets and admission tickets
- as a security module for unique identification e.g. B. Trusted Platform Module
- in digital rights management ; here the right to use data (software, music, e-books, ...) may be linked to the hardware
In general, decentralized systems in which data was stored on the token itself are increasingly being replaced by networked systems in which the token is only used as identification.
The issuer of the token preferably integrates several functions into one token in order to achieve " added value " through the use of the token and to create comprehensive usage and movement profiles.
Authentication process (schematic)
- The user initiates the data exchange between the token and the test system by z. B. holds the token in front of a reader.
- The reader identifies the token via its unique identification number (s), such as its type number, a media serial number, a carrier registration number and / or a user class number.
- The data record read from the token is compared by the test system with corresponding local reference data according to a well-defined test procedure: the token is authenticated using challenge-response authentication ; further test data may be requested from the token carrier as additional security features, such as a PIN.
- To be on the safe side, the local reference data is compared with further reference data from a database on a remote server (e.g. via a dedicated line or a protected dial-up line ).
- If the token is invalid or additional reference data is invalid, the test system rejects further accesses.
- To trace the authentication, event data from the test process is sent back to the server.
- The test system releases the use permitted for the carrier of the token, such as functions and / or data.
Security, forgery, manipulation
For security-critical applications, a security token must be a unique item that is specially protected against manipulation and duplication or forgery .
The security token must generate one-time session key from a fixed secret stored in the token, the so-called primary key. For this purpose, a crypto processor is used, which are specially equipped microcontrollers which are equipped with additional security functions. These safety functions primarily protect against unintentional readout and reverse engineering , for example by completely missing development interfaces such as JTAG on the circuit . There are also cryptographic methods are used. The cryptographic processes then take place within the chip.
Methods that only allow identification but not authentication are also used in practice for authentication. A code of such a token is not forgery-proof, since the identification feature can be freely read and reproduced. These methods include a. Solutions with passive RFID chips that have a unique serial number and have been developed in accordance with various ISO standards for use in electronic labels (tags).
An attack can also take place on the communication between an (otherwise secure) token and the reader, in the simplest case via a replay attack . Freely accessible (USB) connecting cables allow data loggers to be connected easily . In particular, if there is no mechanical and / or optical control of the token by the reader or operating personnel, devices that do not need to be similar to the original token in type and size can also be used to overcome the system. Radio transmissions can often still be recorded at a great distance and thus offer a large target area for manipulation.
Hindrance from manipulation
There will never be an absolutely secure solution with a single authentication factor; every security method can be overcome. The design of the token and the type of (mechanical, electrical, magnetic, optical, ...) data transmission have a major influence on the protection against manipulation. For example, a chip card can be drawn in completely by a reader and shielded. The implementation of a reader or customer terminal as a compact unit protected against theft, exchange and other manipulation also makes a significant contribution to security.
Discussion about solutions
The differentiation of the use cases is a prerequisite for a meaningful evaluation of the security, for example for:
- Access control from public spaces
- Access control in public spaces
- Access control in a well-secured room
- Access control with good separation from the environment
All applications in public space are inevitably at risk from unauthorized third parties. Contrary claims rely on restrictions that are usually not mentioned explicitly, for example the maximum usable reading distance. The convenience of handling always goes hand in hand with hazards. Generalizations are not helpful.
advantages and disadvantages
- The use of tokens offers maximum security against unauthorized use under the following conditions:
- at least one further authentication feature is used, e.g. B. PIN.
- the token is actually unique and cannot be copied or manipulated, see skimming with EC cards and credit cards
- the token can be blocked in the system in the event of theft or loss to prevent unauthorized use
- Tokens can be used covertly with radio procedures
- A token as the sole authentication feature without a second independent authentication feature does not offer reliable protection against manipulation, loss or attacks;
- Like any technical solution, the use of tokens causes costs for the production, registration and / or personalization, distribution and provision of infrastructure in the form of testing or reading devices and software;
- the token can be destroyed or lost and then temporarily exclude the user from important functions of daily life or work;
- the token, and therefore its user, is always clearly identifiable: access for anonymous users is not intended due to a lack of security.
- Electronic money
- copy protection
- Near Field Communication
- Locking system
- UAF (FIDO)
- Access control (IT)
- Access control
- Two-factor authentication