SlideShare uma empresa Scribd logo

Google Authenticator, possible attacks and prevention

Boštjan Cigan
Boštjan Cigan

This presentation describes Google's Time Based One Time Password authentication scheme and its practical implementation Google Authenticator. It also presents possible attacks and their prevention.

Tecnologia
1 de 41
Baixar para ler offline
TOTP Possible attacks Conclusions References Google TOTP Two Factor Authentication Boˇtjan Cigan s 29. Januar 2013 Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, also uses RFC 4226 as a basis: HOTP(K, C) = Truncate(HMAC-SHA-1(K, C)) Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, also uses RFC 4226 as a basis: HOTP(K, C) = Truncate(HMAC-SHA-1(K, C)) Truncate is a function that can convert HMAC-SHA-1 into HOTP (HMAC-based One-Time password). K is the shared secret, C is the counter value (RFC 4226). In TOTP C is replaced by T (a time based value). Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) where T is defined as: T = (Current UNIX Time - T0 ) / X Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) where T is defined as: T = (Current UNIX Time - T0 ) / X where X is the time step (usually 30 seconds) and T0 the initial time. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, 3 scan the QR code using the Google Authenticator application, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, 3 scan the QR code using the Google Authenticator application, 4 use the password to login. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks TOTP basics Conclusions Practical implementation References Google Authenticator on Android Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, QR code stealing Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, QR code stealing To show the first two attacks, lets use Wordpress (a commonly used content management system) and expand the login security with the Google Authenticator plugin. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). using Wireshark, looking for POST requests, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). using Wireshark, looking for POST requests, we can expose the username, password and the google authenticator code Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, so in theory we have to send 1.000.000 requests in a timeframe of 30 seconds, assuming that we started from 0 seconds, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, so in theory we have to send 1.000.000 requests in a timeframe of 30 seconds, assuming that we started from 0 seconds, because Wordpress itself does not limit the number of login attempts, this attack is possible. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack A simple script running on multiple servers would theoretically suffice (the following is implemented in Python): Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases 3 select * from accounts Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases 3 select * from accounts The third column contains the secret we need. 1|test@gmail.com|HBGZ5SYGSVR3GBWO|0|0|0 Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, 2 from here search for the string chart?cht=qr, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, 2 from here search for the string chart?cht=qr, 3 if successfull, we have a full QR code URL Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing A working example, the URL that was used to display the QR code is still in the cache. We can easily extract the seed (marked orange) that is used to generate TOTP tokens. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, The presented Wordpress Google Authenticator plugin enables attacks because of improper implementation (it does not comply with the rules written in the RFC document). Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, The presented Wordpress Google Authenticator plugin enables attacks because of improper implementation (it does not comply with the rules written in the RFC document). The full article describing the methods of attack, its implementation and methods of prevention is available at http://zerocool.is-a-geek.net/?p=842. Boˇtjan Cigan s Google TOTP Two Factor Authentication
TOTP Possible attacks Conclusions References References Online: 1 Google TOTP Two Factor authentication 2 RFC 4226 3 RFC 6238 4 Stealing Google Authenticator credentials Boˇtjan Cigan s Google TOTP Two Factor Authentication

Recomendados

HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
Md. Budrul Hasan Bhuiyan
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security Internals
Opersys inc.
 
Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)
Angel Boy
 

Recomendados

HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
Md. Budrul Hasan Bhuiyan
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security Internals
Opersys inc.
 
Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)
Angel Boy
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
Muduo network library
Muduo network libraryMuduo network library
Muduo network library
Shuo Chen
 
The Deep Learning Compiler
The Deep Learning CompilerThe Deep Learning Compiler
The Deep Learning Compiler
Tae Young Lee
 
Virtual machine and javascript engine
Virtual machine and javascript engineVirtual machine and javascript engine
Virtual machine and javascript engine
Duoyi Wu
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편
Sam Kim
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
mukul bhardwaj
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
Joon Young Park
 
Linux kernel memory allocators
Linux kernel memory allocatorsLinux kernel memory allocators
Linux kernel memory allocators
Hao-Ran Liu
 
Heterogeneous computing
Heterogeneous computingHeterogeneous computing
Heterogeneous computing
Rashid Ansari
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
Linaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 
JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013
Vladimir Ivanov
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Device Tree Overlay implementation on AOSP 9.0
Device Tree Overlay implementation on AOSP 9.0Device Tree Overlay implementation on AOSP 9.0
Device Tree Overlay implementation on AOSP 9.0
Cheng Wig
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
비트코인 소스 구조분석
비트코인 소스 구조분석비트코인 소스 구조분석
비트코인 소스 구조분석
ryanhuh
 
Pci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentationPci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentation
jkcontee
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 

Mais conteúdo relacionado

Mais procurados

HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013
Vladimir Ivanov
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
Pci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentationPci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentation
jkcontee
 

Mais procurados (20)

Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
Muduo network library
Muduo network libraryMuduo network library
Muduo network library
 
The Deep Learning Compiler
The Deep Learning CompilerThe Deep Learning Compiler
The Deep Learning Compiler
 
Virtual machine and javascript engine
Virtual machine and javascript engineVirtual machine and javascript engine
Virtual machine and javascript engine
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
 
도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Linux kernel memory allocators
Linux kernel memory allocatorsLinux kernel memory allocators
Linux kernel memory allocators
 
Heterogeneous computing
Heterogeneous computingHeterogeneous computing
Heterogeneous computing
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013JVM JIT-compiler overview @ JavaOne Moscow 2013
JVM JIT-compiler overview @ JavaOne Moscow 2013
 
Ipsec
IpsecIpsec
Ipsec
 
Device Tree Overlay implementation on AOSP 9.0
Device Tree Overlay implementation on AOSP 9.0Device Tree Overlay implementation on AOSP 9.0
Device Tree Overlay implementation on AOSP 9.0
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
비트코인 소스 구조분석
비트코인 소스 구조분석비트코인 소스 구조분석
비트코인 소스 구조분석
 
Pci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentationPci express3-device-architecture-optimizations-idf2009-presentation
Pci express3-device-architecture-optimizations-idf2009-presentation
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Google Authenticator, possible attacks and prevention

  • 1. TOTP Possible attacks Conclusions References Google TOTP Two Factor Authentication Boˇtjan Cigan s 29. Januar 2013 Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 2. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 3. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, also uses RFC 4226 as a basis: HOTP(K, C) = Truncate(HMAC-SHA-1(K, C)) Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 4. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP - Time-Based One-Time Password algorithm. described in RFC 6238, also uses RFC 4226 as a basis: HOTP(K, C) = Truncate(HMAC-SHA-1(K, C)) Truncate is a function that can convert HMAC-SHA-1 into HOTP (HMAC-based One-Time password). K is the shared secret, C is the counter value (RFC 4226). In TOTP C is replaced by T (a time based value). Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 5. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 6. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) where T is defined as: T = (Current UNIX Time - T0 ) / X Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 7. TOTP Possible attacks TOTP basics Conclusions Practical implementation References TOTP TOTP is defined as: TOTP = HOTP(K, T) where T is defined as: T = (Current UNIX Time - T0 ) / X where X is the time step (usually 30 seconds) and T0 the initial time. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 8. TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 9. TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 10. TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, 3 scan the QR code using the Google Authenticator application, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 11. TOTP Possible attacks TOTP basics Conclusions Practical implementation References Practical implementation Google Authenticator is an open source practical implementation of TOTP. How it works: 1 generate the secret (minimum is 16 characters length), 2 create a QR code, 3 scan the QR code using the Google Authenticator application, 4 use the password to login. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 12. TOTP Possible attacks TOTP basics Conclusions Practical implementation References Google Authenticator on Android Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 13. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 14. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 15. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 16. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 17. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, QR code stealing Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 18. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Possible attacks Attacks are only possible, if incorrectly implemented. replay attack, brute force attack, (trivial) “phone stealing” attack, QR code stealing To show the first two attacks, lets use Wordpress (a commonly used content management system) and expand the login security with the Google Authenticator plugin. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 19. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 20. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). using Wireshark, looking for POST requests, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 21. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Replay attack Prerequisites: A countermeasure is not implemented (unique session keys, making a key invalid in the timeframe after using it). using Wireshark, looking for POST requests, we can expose the username, password and the google authenticator code Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 22. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 23. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 24. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, so in theory we have to send 1.000.000 requests in a timeframe of 30 seconds, assuming that we started from 0 seconds, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 25. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack Prerequisites: A countermeasure is not implemented (limit number of login attempts, lock IPs etc.). possible combinations of codes range between 000000 and 999999, so in theory we have to send 1.000.000 requests in a timeframe of 30 seconds, assuming that we started from 0 seconds, because Wordpress itself does not limit the number of login attempts, this attack is possible. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 26. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing Brute force attack A simple script running on multiple servers would theoretically suffice (the following is implemented in Python): Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 27. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 28. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 29. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 30. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases 3 select * from accounts Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 31. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing “Phone stealing” attack It may be trivial, but the keys that are used to generate the codes, are stored in plain text on the phone itself. With root access we can extract the database using the tool adbd Insecure. 1 adb pull /data/data/com.google.android.apps.authenticator2/databases/databases 2 sqlite3 ./databases 3 select * from accounts The third column contains the secret we need. 1|test@gmail.com|HBGZ5SYGSVR3GBWO|0|0|0 Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 32. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 33. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 34. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, 2 from here search for the string chart?cht=qr, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 35. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing Prerequisites: The attacker can access the computer where the user scanned his original QR from, the browsers cache was not cleared. Google Chrome and other browsers cache data in a predefined folder. For Chrome checking the cache is easy: 1 type in the URL chrome://cache, 2 from here search for the string chart?cht=qr, 3 if successfull, we have a full QR code URL Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 36. TOTP Replay attack Possible attacks Brute force attack Conclusions “Phone stealing” attack References QR code stealing QR code stealing A working example, the URL that was used to display the QR code is still in the cache. We can easily extract the seed (marked orange) that is used to generate TOTP tokens. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 37. TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 38. TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 39. TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, The presented Wordpress Google Authenticator plugin enables attacks because of improper implementation (it does not comply with the rules written in the RFC document). Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 40. TOTP Possible attacks Conclusions References Conclusions Google Authenticator is safe, but only if properly implemented, To properly implement it, programmers must read and understand the RFC documents before beginning development, The presented Wordpress Google Authenticator plugin enables attacks because of improper implementation (it does not comply with the rules written in the RFC document). The full article describing the methods of attack, its implementation and methods of prevention is available at http://zerocool.is-a-geek.net/?p=842. Boˇtjan Cigan s Google TOTP Two Factor Authentication
  • 41. TOTP Possible attacks Conclusions References References Online: 1 Google TOTP Two Factor authentication 2 RFC 4226 3 RFC 6238 4 Stealing Google Authenticator credentials Boˇtjan Cigan s Google TOTP Two Factor Authentication