If passwords are becoming redundant, what’s the solution? FIDO is an alternative approach, but comes with limitations. Using pairing-based cryptography to allow smart flexibility in the ‘secrets’ needed to enable authentication, MIRACL Trust ID takes security one step further.
In the final blog of this three part series, MIRACL’s leading crypto expert, Dr Michael Scott, explains how this MIRACL technology works and why it’s the future.
FIDO is a well-established industry solution to client authentication. It uses the tried and tested 50 year old technology of Public Key Cryptography.
Basically for the client it’s very like the hotel safe solution described in the first part of this three part blog series. A private key is stored inside of a hardware vault, which in turn is protected by a PIN number or a biometric. The associated public key is stored in a credentials database maintained by the server.
Authentication takes place when the server issues a random challenge to the client, who must access their private key to digitally sign the challenge and return it to the server. Finally, the server looks up the client in the credential database, retrieves their public key and uses it to verify the signature. Note that the successful signature requires possession of the private key but reveals nothing about it, so this does constitute a form of Zero-Knowledge proof.
The vault may exist inside of their mobile phone or it may be a physical token (U2F), sent out to the client as part of the enrolment process, which connects via USB to their laptop.
An attacker now has two problems to solve. They need to steal the mobile phone or the token, and they need to figure out the PIN, or provide the biometric.
Provided that you trust the hardware vault in either the mobile phone or the physical token – and we do day-to-day despite frequent accounts of the hardware being compromised - the front door certainly does appear to be protected. But that protection came at a price – secure hardware vaults are expensive and only high-end mobile phones support them. Also we must hope that the hardware manufacturer can be trusted. As you will recall, the hotel owner had immediate access to all of its vaults!
So far, so good. But that’s as far as the FIDO specification takes us – it’s only concerned with the front door. Meanwhile, what about the back door? Consider again the smash-and-grab raid on the server which claims the credentials database. You may be reassured by the fact that “only” public keys are stored there, but that would be a false sense of security. For example, these keys are not protected from a simple substitution attack, where the attacker installs his own public keys enabling him to take control of the system. Worryingly, how or if these keys are protected falls outside of the FIDO specification, although they do offer some advice - See https://fidoalliance.org/white-paper-fido-and-pki-integration-in-the-enterprise/.
MIRACL Trust® works very differently, based as it is on the newer technology of pairing-based cryptography. A major innovation is to separate out the enrolment process from the server function. Another innovation is the flexible form of the secrets which make it easy to divide them into many parts - parts as small as a 4-digit PIN number - and to recombine them.
When enrolling, clients are issued with individualised keys from a Distributed Trust Authority (DTA). Different pieces of the key are issued by each individual TA, and there will be at least two of them. The individual parts are then combined by the client to form their full secret. An attacker who wishes to capture this secret is faced with the problem of intercepting two communications.
Having constructed its full secret, the client then extracts a PIN component from it, creating the two factors needed to authenticate. The part remaining after PIN extraction is called the client token. An attacker would need to know both, as one is useless without the other. The token could be kept in secure storage if such were available, but it is not necessary in order to achieve true two factor authentication.
At the moment of authentication, the two parts are brought together to reconstitute the full secret, and a Zero-Knowledge proof deployed to convince the server of the legitimacy of the client.
On the server side, at the time of server establishment, the DTAs combine to issue the server with a single short verifier (stored in memory), which can be used to verify all of the individual clients. This has an important implication – there is no credential database file! The smash-and-grab attacker cannot succeed as there is nothing there.
The Achilles heel of all of MIRACL’s competitors such as FIDO is the credentials database. This represents a single point of failure which time and time again has proven to be impossible to defend. With M-PIN – as used in MIRACL Trust - we have removed it, and secured all of the doors and windows, not just the obvious front door.
A full white paper on FIDO will be published by Dr Michael Scott later this week and will delve deeper into the topics already discussed in this latest series of blogs. For more information on MIRACL Trust visit MIRACL.
Dr Michael Scott is Chief Crypto Officer at MIRACL, one of the pioneers of Pairing-based Cryptography and the “S” in the widely used BLS and KSS families of elliptic curves. Following a distinguished career of almost 30 years at Dublin City University and an active consultant to both public and private sector, his unmatched depth in knowledge is drawn not only from his academic expertise - he’s published over 100 highly cited papers – but his genuine love of cryptography and the science behind this.