Example personalized conversion table
Although not a very pressing matter because the introduction Dutch national electronic health record is delayed due to privacy concern in the Dutch Senate (Eerste Kamer), there is now a change of mind with respect to how citizens have to authenticate themselves to access their own health record. The responsible ministry VWS asked PWC and Radboud University to re-assess if their assessment from December 2008 on using SMS one-time-password is still valid. In Decmeber 2008 they assessed a two-factor user/password is secure enough (although with an added face-2-face registration step compared to the ‘normal’ DigiD level 2). The reason why VWS asked for this only a year and halve after the previous assessment is that a practical attack on the encryption algorithm A5/1 used in GSM seems increasingly likely. I guess most if not all experts agree that within a couple of years GSM SMSes are simply not a valid authentication means for any service that requires high security, see e.g. Govert.nl’s opinion. Certainly not as a single factor, but also not when combined a not-so-secure second factor like username/password.
To increase safety PWC/RU propose a third factor. This is a personalized conversion table that is, typically, send by snail mail to the user’s home address. Users have to use this conversion table to char-by-char replace the one-time-password with another character (see above for an example picture of conversion table). This may be an easy solution/work-around to implement, but I think is a usability nightmare since it basically means that users are required to become crypto algorithms! Without some user research showing otherwise I wouldn’t dare to recommend it. My colleague Martijn Oostdijk proposed today in a blog post to implement the conversion table as a SIM application on a mobile phone, that may help here. This of course requires the corporation of all three mobile operators in the Netherlands, this may not be trivial, quick or cheap to get.
The reason that this is all so complicated is because the Dutch citizen-2-government authentication solution DigiD is not really that secure. This may not have been needed so far, but with increasing likelihood of practical attacks of the SMS one-time-password, and government services needing higher levels of assurance, the current DigiD level 2 is simply not “good enough security” anymore. A likely candidate to make DigiD more secure is a smart card solution called eNIK, which adds a electronic authentication function to the new Dutch ID card. Plans for this exist already for quite some years, but hopefully they will be able to speed up this process, or find another solution in the near term. Since actual attacks to read SMSes are not here yet, I think we should use this time to come up with a better solution to make DigiD safer than a work-around which requires users to become crypto algorithms!!
Together with my colleague Martijn Oostdijk (see also his post) we did a project on Mobile PKI technology. We did a technology assessment, focusing on security and also usability, and consulted our client SURFNet on its application for higher education and research.
It proved to be a very interesting project, not only because of the interesting and promising technology, but also because we are advocating what we call mobile centric identity, and Mobile PKI is a good example of “use your mobile phone as an authentication device”. We concluded that Mobile PKI is both a secure and usable technology, and that the main issue is the business model (since the SIM is owned by the mobile operator).
The report that came out of the project is publicly available: in Dutch and in English. Among others, SURFnet employees Roland Rijswijk and Joost van Dijk also provided input and feedback on this report. Below I’ve copied the management summary.
A GSM/UMTS telephone has a SIM card. This is a standardised smartcard that is issued to the user by the telecom operator and is primarily used to authenticate the user on the mobile network. However, the SIM card has more potential uses. For instance, it allows for secure storage of digital keys that can be used for online authentication and digital signatures. This is referred to as Wireless PKI and Mobile PKI.
This report is an assessment of Mobile PKI technology and its potential application for authentication in education. This assessment focuses on its security and its application within the educational domain, with a specific emphasis on applications for SURFfederatie.
Mobile PKI employs encrypted SMS text messages that are used to represent authentication or a digital signature. The user has to express consent by entering a PIN code that secures the private key and which typically needs to be entered for each transaction separately. The relevant standards for this are well established and are supported on all mobile phones. This has advantages compared to other secure means of authentication. For instance, no additional authentication device is required, which also means that no software needs to be installed by the user on either the phone or on other client devices such as a PC. Neither is there a need to manually enter codes, as in the case of one-time passwords via SMS text messages. This improves user-friendliness. Malware such as viruses and key loggers that may have been installed on a PC cannot interfere with Mobile PKI.
This report considers the issue whether Mobile PKI is a secure means of authentication. The analysis identifies a “man in the middle” channel. However, the authors of this report deem Mobile PKI to be more than sufficiently secure compared to other means of authentication and considering the kind of applications in (higher) education.
In our view the most important issues regarding Mobile PKI technology are not related to security or technology but have to do with the costs and the business model. In the Netherlands, Mobile PKI technology has only been deployed for limited pilots and it is therefore difficult to estimate the costs. These could turn out to be too high for many applications in the educational domain if there are no other large-scale deployments of Mobile PKI. A related aspect is the business model. Use of this technology requires the cooperation of the mobile operator, who is the owner of the SIM card. This means that the cooperation of all mobile operators is required for a large-scale deployment.
The final conclusion of this report is that Mobile PKI provides a secure means of authentication that in time will find wide application within the educational domain in the Netherlands. For the near future Mobile PKI will only be employed for services that require a high standard of security and that are used by a limited group of employees due to a) the expected costs, b) insufficient insight into the business model, and c) limited support from the mobile operators. It seems too early for a deployment for students or for general authentication for SURFfederatie or any other large-scale application for SURFnet, Kennisnet or other service. In the meantime it may be useful to consider one-time passwords via SMS text messages as step-up authentication or for password reset because this is cheaper and prepares users for Mobile PKI.
I gave two presentation recently that I’ll share in this post. They were for quite different audiences, and in different countries, but both in the area of identity federation, user centric identity and mobile centric identity.
The first presentation was at the Dutch Identity 2009 event, which was co-located with ISSE 2009 this year. This took place in Schevingen (The Hague), on 6-7 October 2009. I presented my views on trend in identity federation, and user centric identity. Among others, I argued that SAML is just as user centric than OpenID, or at least, can and should be…
Highlights on Identity/ISSE 2009 for me were the presentations by Don Schmidt (Microsoft), who talked about claim-based identity, and a presentation on the Norwegian BankID, which discussed the status of the Norwegian collaboration between banks to provide identity services to public and private sector.
The second presentation was at the National eID & ePassport conference, which is taking place as I type this (22-23 October 2009), in Lisbon. It was organized by among others Multicert, who invited me to talk about and discuss mobile centric identity. It was an audience not very familiar with user centric identity, so I first introduced this. I then argued that this implies mobile centric identity, and that using the mobile phone is only the first step towards mobile centric identity.
There are three things I believe will continue to gain importance in the coming years: identity federation, user centric identity and mobile applications. I can combine them in what we refer to as mobile centric identity. When considering mobile centric identity, we do not only refer to an identity solution that works for mobile applications, but also consider the mobile phone to be a good (or best) way to control your identity when using ‘old fashioned’ PC-like applications (including web browsers). I’ll focus in this post on a specific way to implement mobile centric identity: using InfoCards on a mobile phone. I’ll leave the more general mobile centric identity subject, including how to use mobile phones for authentication (Mobile PKI etc), for another time.
With all its promise, InfoCard has so far been mostly a desktop-only way to implement user centric identity. I looked around for a student to work with me on the subject of making InfoCards mobile, and found Florian van Keulen. He also found the subject interesting, and did his BSc Telematics graduation assignment with me (and Marten van Sinderen). He dived into the status of the different implementations, and analyzed what the issues are to make InfoCard mobile. The good news is that we did not find any reason why InfoCard could not become mobile, and that there are even some first implementations coming. The main issue when porting the InfoCard identity selector appears to be that then needed libraries are not there, making it a lot of work. Making InfoCard mobile is however more than porting the identity selector, the more challenging part is how to (securely) roam once’s identities between the different fixed and mobile devices. This means that a user can use the same identities on his or her mobile phone, as on other (fixed or mobile) devices the user may be using. Of course without having to manually import/export InfoCards… The main contribution of Florian’s work is comparing the different architectures to do this. One way to do this is to store the cards ‘in the cloud’, as Azigo seems to be doing (but they do not have a mobile identity selector as far as I’m aware). The architecture we decided to detail is however a different one: we put the InfoCards and the identity selector in the mobile phone’s SIM card, and connect this via BlueTooth to a fixed PC. It’s more complicated to implement, but we believe it is also more secure. I’ve put Florian’s thesis online so you can read it for yourself: http://www.novay.nl/okb/publicaties/mobile-user-centric-identity-through-information-cards/7248 (titled: “Mobile User Centric Identity through Information Cards, Architectures to use same identities on mobile phones and computers”). Unfortunately, implementing it was too much work for a BSc assignment, but I may find another student or some project to continue working on making InfoCards mobile.