Definitions[edit | edit source]
|“||[s]omething that the claimant possesses and controls (typically a key or password) used to authenticate the claimant's identity.||”|
|“||[a] data structure that contains authorization information for a user or group. A system uses an access token to control access to securable objects and to control the ability of a user to perform various system-related operations on a local computer.||”|
|“||[a] small device with an embedded computer chip that can be used to store and transmit electronic information.||”|
Overview[edit | edit source]
Tokens are used to prove one's identity electronically (as in the case of a customer trying to access their bank account). The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.
Token threats[edit | edit source]
- Something you have may be stolen from the owner or cloned by the attacker. For example, an attacker who gains access to the owner’s computer might copy a software token. A hardware token might be stolen or duplicated.
- Something you know may be disclosed to an attacker. The attacker might guess a password or PIN. Where the token is a shared secret, the attacker could gain access to the CSP or verifier and obtain the secret value. An attacker may install malicious software (e.g., a keyboard logger) to capture this information. Finally, an attacker may determine the secret through off-line attacks on network traffic from an authentication attempt.
- Something you are may be replicated. An attacker may obtain a copy of the token owner's fingerprint and construct a replica.
Mitigating threats[edit | edit source]
There are several complementary strategies to mitigate these threats:
- Multiple factors raise the threshold for successful attacks. If an attacker needs to steal a cryptographic token and guess a password, the work factor may be too high.
- Physical security mechanisms may be employed to protect a stolen token from duplication. Physical security mechanisms can provide tamper evidence, detection, and response.
- Complex passwords may reduce the likelihood of a successful guessing attack. By requiring use of long passwords that do not appear in common dictionaries, attackers may be forced to try every possible password.
- System and network security controls may be employed to prevent an attacker from gaining access to a system or installing malicious software.