Recent attacks on alleged SecurID and their practical implications

SecurID tokens are developed by SDTI/RSA Security to authenticate users to a corporate computer infrastructure. In this paper we show the results of our analysis of the function contained in these tokens. The block cipher at the heart of the function can be broken in milliseconds. We present two att...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2005-08, Vol.24 (5), p.364-370
Main Authors: Biryukov, Alex, Lano, Joseph, Preneel, Bart
Format: Article
Language:English
Subjects:
Alleged SecurID hash function
Cryptanalysis
Cryptography
Cybersecurity
Identification systems
Internal collision
Public Key Infrastructure
Security analysis
Studies
Vanishing differential
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:SecurID tokens are developed by SDTI/RSA Security to authenticate users to a corporate computer infrastructure. In this paper we show the results of our analysis of the function contained in these tokens. The block cipher at the heart of the function can be broken in milliseconds. We present two attack scenarios on the full function: if one can observe the output of the device during some time period, one can predict with high probability future output values and one can recover the secret key significantly faster than by exhaustive search.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2005.04.006