Much of the concern around the security of OTP tokens stems from their underlying reliance on a symmetric key model. What that means in practical terms is that you need to load into the authentication server an exact copy of the key that’s injected into the OTP token. These keys, often referred to as ‘seeds’ therefore need to be managed. And the processes and systems that manage those keys/seeds are great places for attackers to go after. This is what appears to have happened in the recent breaches.
When determining whether OTP tokens are secure enough, enterprises should take a look at how the keys are being managed. In many cases the process is as follows. The token vendor injects a key into the token during manufacturing. In parallel a seed file is created containing all the keys for a batch of tokens. The tokens are shipped to the customer along with the seed file. An administrator at the customer site loads the seed file into the authentication server.
Do you see, there’s actually 6 potential points of compromise in the chain?
1. The manufacturing process that generates the seed file
2. The transport of that seed file to the customer site
3. The management of that seed file on site, prior to being loaded into the authentication server
4. The secure storage of the seed file within the authentication server
5. The retention by the customer of that seed file (often on a CD) subsequent to its being loaded into the authentication server
6. The retention of that seed file by the OTP token vendor
To quote Mark Diodati from Gartner ‘I have seen many seed record CDs (OK, floppies back in the day) on the desks of system administrators or sitting on top of the server.‘
A far more secure model is one in which customers can initialize OTP tokens themselves from the admin console of the authentication server. In this model those pesky seed files are removed from the process because the key is simultaneously injected into the token and authentication server database. This eliminates 5 of the 6 potential points of compromise that attackers can go after.
Going forward RSA will no doubt take extraordinary steps to ensure that seed files can’t be stolen from their internal systems. But, if you have six unlocked doors in your house, then just locking the one the burglars came through last time doesn’t necessarily make for a secure home.
Of course there is a way to avoid all six points of compromise, which is to deploy smart cards, since these rely on an asymmetric key model. But that’s a blog for another day.