We’ve had the system running in beta or release for eight months now, and our customers love it - user training is almost automatic (everyone knows how to use an IVR), and deployment is a breeze, with no tokens, etc.

It also has the advantage of not requiring users to have working SMS service (lots of people don’t know how to work SMS), and unlike other phone-based two-factor authentication, it doesn’t require any software to be installed on the phone.

Check it out if you’re curious - it’s a free service (and enterprise add-ons are coming soon) - http://www.phonefactor.net.

This is in order to protect us all and provide a bit of rigour to the process.

Regards,

Peter M.

Going slightly OT - Today’s email from Zopa:
“…A new feature at Zopa. If you’re happy to receive personal information by email, we’ll send you your overall balance and other info about your account….”

Nice, Zopa want to put my financial information on a postcard and send it around the globe!

“how do we stop them from accessing the first time?”

Your question is both simple and awkward to answer (like all the good ones).

First an asumption which appears to be valid these days,

“the communications channel to the user is always untrusted”

That is what you see on your PC screen may or may not be true, and may lie to you at any point of an attackers chosing.

That is a MiTM atttack would acts transparently during setup phases and then subverts the channel for the financial transaction presenting you with false information on the screen etc.

A SSL Tunnel cannot prevent this attack if the MiTM agent is on the PC between the user and the point of encryption (or it has leaked the sesion keys down stream, etc etc).

You might ask “What about using a trusted operating system”?

Well no if the MiTM agent is on the video card and in the keyboard communicating via subliminal channels then most secure OSs (Including MS’s Ideas) just won’t be of any use (see later for reason). Is this possible well yes, any IO device that has a microcontroler on it and Flash memory can be subverted by an attacker, and a lot of hardware these days is designed to be “field upgradable” from your PC motherboard outwards (even some mobile phones can be upgraded through a PC this way).

So you have to include the user into the authentication process somehow, not just on communications setup but on all parts of the transaction that are relevant. And importantly the authentication has to be in both directions and both timely and dynamic in nature to prevent the MiTM agent being able to predict what it is going to be. So using the unaided human is out on this score.

This gives rise to the notion of a secondary communications channel for authentication, but as I pointed out earlier that also is an untrusted communications channel as well (for cost reasons). And as the complexity of phones increases it is more likley than not these days that the user will at somepoint connect the phone to the PC, at which point it is not unwise to asume that it is now potentialy infected with an MiTM agent as well (from an attackers point of view working for the phone operator would be good as you could force the MiTM agent down the air interface and the user could not stop it).

You could keep adding channels but unless you can trust one then the situation is not going to change….

So in reality a second communications channel that a user would have normall access to is not a solution to the problem at all.

This is where you realise that you have to start looking at things like dongles that the bank issues to the user. At present they are all but usless as they do not provide the required level of authentication, and in most cases are unidirectional as well.

The dongle has to be a real piece of hardware, a piece of software to go on a users phone or pda is just not going to work for the above reasons with the PC etc (Sorry Igor).

So the bank spends a little time and money designs or gets designed a neat little dongle and as it is cost sensitive and not a core business gets it made out of house.

As Apple found out not so long ago when a PC virus was put on iPods in a subcontractor factory, there is always going to be somebody in your supply chain who is going to be bad (even without financial inducment) if the chain is large enough.

So it is very possible that all hardware that you use will have an MiTM agent on it so Graphics cards etc might well have them put on during the design proccess and then be (unwitingly) crypto signed by the manufacturer so a trusted OS will accept it….

The cost of preventing this attack is way beyond anything a non government organisation is going to want or be able to spend. And the resulting product would just not sell as it would have priced it’s self out of the mass market.

So esentialy the answer is you cannot keep the bad guys out and online finacial transactions across untrusted communications cannot be made totaly secure.

But somebody will say “nothing is totaly secure” which is true and then asks “how secure does it have to be to make a workable system?”.

Unfortunatly it depends on how you go about it. If you initialy raise the security bar to a point where it is not economicaly viable to attack the system then the system will not be attacked in a given time frame (as the cost of attacks halves about every 6 months due to the usual improvments in storage and computer technology).

However what happens if you only raise the bar a little (as has happened), then it is economicaly viable to attack the system and people will, and you get into an arms race with them (for the same reason children pester parents for sweets).

Therefore at each point the increase in security unless sufficient will alow the attackers back in (which is what we have seen with Sky Set Top Box cards in the past).

Worse the small increments actually drive the attackers into more and more sophisticated attacks much more quickly than would otherwise have happened, as they have the sorce of finance to drive it forwards and the motivation. Each small step only cuts of their money supply for a short period of time, and not long enough to put them out of business. However due to their past activities they have a sufficiently large financial buffer to be able to make very much more sophisticated attacks than would have been possible for them initialy.

So as you see I am not exactly optomistic that online finacial transactions across untrusted networks will ever be viable (except for brief pirods of time) via technological solutions…

Which makes me wonder how long before we either see High Street Bank Branches poping up again or worse draconian legislation to protect the banks (ie DMCA etc for entertainment IP agents)…

Perhaps the simple solution is to move the liability for any losses from the customer to the bank, then they might just do things properly to start off with…

I would be interested in any and all comments as hopefully the banks etc might just look and think.

Also, it is important to remember that OTP measures do not stop phishing all together, they help reduce repeated account access. With MiTM Phishing sites, the OTP can be captured, passed and the account accessed by the bad guy.

The “two channel” method is a reactive measure to the account already being accessed….how do we stop them from accessing the first time?

Thanks for your feedback. Sorry, didn’t make it clear but I am one of “them”

Email me at FirstName @ CompanyName.com if you’ve got any questions/comments.

The basic idea is the same which is good for both them and me (ie a bit of a sanity check

From a very quick look at the website the hardware looks like it might be a bit expensive for banks to issue to all account holders.

That asside it still does not remove the possibility of an automated attack that hopefully “human only” readable numbers on the checksums etc would prevent.

I need to look more at their system and give it some thinking time.

What about this as an alternative:

- take a picture of the computer screen => sign the transaction?

More details: http://www.cronto.com/technology.htm
Any feedback is welcome.

As only 1 of suggested 4 methods in the exam question provided transaction verification it is not surprising it attracted most votes of confidence.

This, however, should not be treated as the best option overall. Out-of-band is attractive, but has its limitations, otherwise, the simplest way to mitigate against phishing would’ve been to e.g. send payment instructions by fax or use telephone banking for transfers (leaving online access effectively read-only).

SMS is not the right, in my opinion, channel to use for secure transactions. It has not been designed for that! There is no guaranteed Quality of Service, hence the message can be lost/delivered late, the network coverage is also an issue (e.g. there is no reception for half of the UK mobile networks in the Gates building!).

SMS also doesn’t deliver mutual authentication. The customer will still have no clue if the message is from the genuine bank. It is very easy to send an sms to appear with a custom Sender’s ID, e.g. “Barclays Bank”, so how many times the user will call their bank up after a fake alert before giving up and ignoring the messages? This could also be exploited for “vishing” - send a false alarm, get the user to call the number, specified in it, which is then setup as an automated system to collect user’s secure credentials.

So, comparing CAP readers deployment and the SMS option, at least CAP readers could potentially be used for transaction signing (though no UK banks seems to be planning on using it so far), hence in theory they could mitigate against man-in-the-middle and therefore a better long-term option. The problem with CAP readers is that the user experience of trying to verify a transaction will leave a lot to be desired: the user will have to type at least 24 digits to confirm a transaction:

- 4 digits - customer’s PIN

- 8 digits - recipient’s account number

- e.g. 4 digits - the amount

- 8 digits authorisation code

Now, how many users find it easy to type e.g. a Windows License key (and it’s only 16 characters)? What if you had to do it every time you start your computer?