So I've been thinking about systems like this for a bit.
How is this different than Client-side certs, except it requires an addon?
How do you sync keys between machines?
If I'm going to have to deal with syncing and installing a plugin, why not just install 1Password, and have it automatically generate unique-passwords for each site..?
1. One difference is that a different key pair is used for every domain so you don't have to worry about your public key being used to uniquely identify you. Also, I think this is easier for novice users than creating a cert.
2. I plan on adding in an import/export feature for the next release.
3. This should be more secure than passwords because the only information that the server gets is your public key, which of course is assumed to be public knowledge. No more wondering if the website you're using is properly storing passwords.
Do browser-generated SSL client certs really share keypairs between unrelated domains?
AFAIK, each one asks the browser to generate a new keypair. Unless of course they've chosen to be federated with someone who has already issues you a cert.
Yes, browsers can be a bit promiscuous with who they hand your client cert to.
It depends on the browser, who issued the cert, and what websites the user has agreed to supply their client cert for. If a specific website issued the cert, it won't be terribly useful to another site, but it could leak some personal info. If a well-known CA (e.g. DigiNotar) issued the cert, it might be valid across a wide range of sites (e.g. Dutch government and other sites).
The TLS protocol is a bit lacking in this regard. A man-in-the-middle type attacker can impersonate a server to a browser and get the "public" client cert.
This is a great idea, and hopefully browsers will adopt it directly one day. In the mean time, this plugin is a nice way to test the concept.
I have a massive collection of passwords in my LastPass plugin, and managing them is a real mess. Sites are always changing their login URLs or doing other things to break the experience. Most of my family just uses the same password for all their logins, rather than deal with LastPass. With this new mechanism, you only need to store the private key, which is far simpler.
If a hacker steals your password from the server, they can log in as you. If a hacker steals your public key from the server, though, they still can't do anything. They need the private key to actually log in. So, besides being simpler, this new approach is actually more secure.
I’m not sure; would you consider that a good thing or a bad thing for this purpose?
If you consider it a bad and a security risk, then I would answer that the RSA private key would still be protected by a master password on the client side. You essentially end up with a solution like LastPass or 1Password with a different password for each service, with the added benefit that the server only has the public key so users aren’t affected if attackers obtain a copy of the server database.
If a good thing, well, it’s not clear to me that Foamicate syncs across browsers either.
Right now it does not. I can't think of a way to sync across browsers without syncing first to a remote server and I'd prefer not to require people trust my server anymore than they have to. I plan on adding in import/export of the database soon. Here's the roadmap for the addon https://github.com/romaimperator/Foamicator/wiki/Roadmap.
Foamicate looks much more decentralized - while it's possible to run your own BrowserID server, the recommended production setup is to authenticate users against the central browserid.org federated sign-on service.
At any rate, I think we learned from OAuth 1 that 18-step, cryptographically involved sign-in processes aren't going to be widely adopted by developers.
I'll be surprised if a widely adopted single sign-on solution emerges from a standards body. Standards should be formed from working code, not the other way around.
Mozilla's contribution to this space is obviously going to carry more weight than foamicate, but I say let the best solution win and let's see what else we can come up with. Don't shoot this down by saying it's not a standard.
I agree, name isn't great, and I think the description of what it is/how it works needs work if this is going to take off. If you don't know what RSA/public key cryptography is already, you're going to have a hard time digesting the text on this site.
At this point, I just wish I could use my two-factor authentication on Google to sign in to any site on the internet, and disable all other methods of signing in.
Bonus points if I could do it anonymously. Meaning, the site never has any idea of who I am.
Most logins are just a way of showing that you are the same person that logged in previously. Gmail is an often public identifier that could link to you IRL.
Interesting concept with an unfortunate name. Foarnicate? Foarnicator? With just the right font and kerning, "m" becomes indistinguishable from "rn".
Also, a common problem with all browser-based authentication systems seems to be what happens when the user loses the browser. (Hard drive failure, theft, etc.)
With LastPass, I can retrieve my passwords by reinstalling the add-on and entering my master password, because all the data is kept on their servers. With browser-based authentication schemes without a central server, once you lose your browser, it's gone. It's also virtually impossible to remember a randomly generated private key, unlike even a 10-word passphrase. So I'll only ever be able to use this with unimportant sites, not e-mail or banking. I see that this problem is mentioned in the "technical limitations" section, but any good idea to fix this without asking users to trust a central server?
Well, the problem is that ordinary people don't take regular backups, right? I don't think it can be solved by bugging people to back up more often. Next thing you know, people will be asking on forums how to disable those annoying backup notifications.
I have to assume the name is on purpose and Dan Fox (the author) thinks it is clever.
While the cleverness of the name is debatable (likely depending partially on how old you are), the name basically guarantees that a large portion of the population won't take this project seriously. I'm very liberal and far from a prude and the name just makes me eye-roll/groan and assume the worst about the maturity of the project owner.
Save the clever names for bands. If you want your work to be taken seriously in a computer security context, come up with something less likely to make an 8th grader snicker.
Just as a counterpoint, i do consider myself a prude (esp. since I hit 30), and the cleverness of the name never even occurred to me. The name was much less interesting to me than the implementation. Speaking of which...
I realize the binary download is an issue, but it isn't much different from what I use now, which is a combination of GnuPG and KeePass (with encrypted offsite backup to S3 and a flash drive).
To be honest, I didn't think about the similarities between the words. I named it that as an homage to the project's birthplace, a coffee shop named Foam Coffee and Beer.
And yet, people are getting the impression that this has something to do with Rick Santorum's frothy mix of you-know-what. I hope you find a more serious-sounding name soon, before you take whatever the next major step in your project is. What about foamauth? You could argue that it makes the traditional login form disappear into foam, or something like that :)
- Server has no knowledge of password, and less knowledge than a hashed password.
- Master password based private key is possibly more secure than a cookie.
However, if the client machine is compromised a virus could get hold of the private key, and have access to numerous websites.
The best way to improve security is to have a third party login provider (openid, Google, Facebook etc), preferably with three factor authentication. This allows the client, and the server to be compromised, and still limit damage.
Third party logins really don't supply any enhanced security as such. But they do supply more "security theater" which is not actually what you want.
Three factor does provide more security but there's no reason to involve a third party - in fact, the more parties, the more likely someone is to fumble something.
You're right. It's the poor man's identity federation.
Before I start, let me make myself very clear - I think Dan did an awesome job with Foamicate. Seriously. One guy. The balls to put something out there that's innovative and seeks to solve a REAL problem. I'm impressed. And if I were in a position to, I'd ask Dan to work for me.
That said, it's worth (IMO) considering what an identity system should provide -
User Control and Consent: An identity system should only reveal information identifying a user with the user's consent. The Facebook/Google/OpenId model fails this one.
Minimal Disclosure for a Constrained Use: The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution. Again, OpenId falls short in that the identity provider knows where the user is going.
Justifiable Parties: Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship. Microsoft Passport is a great example of why this's a bad idea.
Directed Identity: A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. My Facebook identity is public, but I can't and shouldn't use that to access a private resource like a collaboration site on my company's extranet.
Pluralism of Operators and Technologies: A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers. The part where anything that's exclusively browser-based fails. The same system should work online, from a phone, and from a PC or server running any arbitrary OS.
Human Integration: The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks. UX. The usability problems with Foamicator have been discussed here already.
Consistent Experience Across Contexts: The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies. A smart card is a good example of this - I have a card for cash, a loyalty card for coffee, and an access card for work. Using them is consistent, event though their context is not.
The only technology I know of that meets all 7 laws is information cards (Higgins Project, and CardSpace). Information cards haven't taken off because adotpion by identity providers is, well, basically zero.
So after the user securely logs on the virus can transact with the site using properly authenticated credentials? Unfortunately, this is a very prevalent feature of modern malware.
This is seriously important question these days. It's where 'login authentication' ends and 'endpoint security' begins.
Authentication in general is the process of proving that something is 'true' or 'genuine', in this case an assertion of identity.
You say endpoint security is obvious, and I usually agree with you. But I can't count the number of times I've had to retrace this methodically with when talking about systems with very smart people. The distinction between authentication and authorization too.
Like you're saying, classical risk management says the $10 asset isn't worth $20 of security. Sony learned the fallacy of that reasoning the hard way. If you have a database of 100K usernames, passwords, and email addresses of folks who entered a contest to win free movie tickets, you might not value that asset particularly highly. But if you don't secure, it properly could cost you $M to clean up later.
Personal information doesn't always behave like an typical 'asset'. Sometimes it's more like having a surplus of toxic waste.
Google and identity is a bad idea regardless of the problem you're trying to solve (http://www.identityblog.com/?p=1204). It's the worst of the three.
OTP is good, but challenge-response is better. Is your OTP from a second factor?
Card Space is my personal favourite, but the [card] portability issue hasn't been solved. U-Prove holds promise. CardSpace, with U-Prove and second-factor challenge/response would be awesome :-)
So as I said, neither of those is ideal.
But then I have solved exactly that problem (securely login to websites from virus infested machine in an internet cafe) before, for the UK MoD.
I used identity federation (WS-*), and opted for Chip & PIN authentication on the identity provider side, thereby cutting out replay attacks. The solution is complex, and costs a lot more money than the average web site would be willing to pay. Unless someone credible like the Passport Office or DVLA volunteers as an identity provider.
So its an argument about which third party you trust? Google or the DVLA? perhaps people trust google because they have to already. If you are running chrome and using gmail you are implicitly trusting them with your data. I agree that this is a bad way of picking a tehnology.
I like the chip and pin approach; its a good solution. Perhaps banks should provide federated login. Do you trust them ? :)
It's about context. I trust my bank for banking. I would trust the DVLA to assert my identity where a directed assertion is required, and where I agree to it. I don't trust Google at all because an ad company has no business looking at my email, let alone asserting my identity to third parties.
So technically I don't trust any third party. I trust some of them in varying degrees based on what I'm trying to do.
Thank you for the compliments. With this I was hoping to spark conversation because I've been wondering why something similar hasn't been done yet. We use public key crypto to authenticate with SSH so why not also use it for websites especially with the recent leaks of information like what happened with youporn.
With federated login you only have one provider that ever stores your password. There are fewer password hashes (or plain text) floating around in random databases. You can change your password once, and change it for numerous passwords. It is just easier to maintain good security with one login instead of many. It may not be more secure than a perfectly set-up browser and server; but surely it is in typical circumstances.
In the case of key fob style three factor authentication a shared secret usually needs to exist. If the password hash, and the shared secret are stored on the same database; a hacker could get access by only needing to compromise that one server. By offloading the three-factor to a third party you are reducing that risk. Even with SMS style authentication a temporary shared secret exists (the contents of the text message). Of course if you are using federated login, it does present a single point of failure.
You could argue that a private key is cryptographically better than a shared secret. But if the client machine is compromised the additional security is useless; and just gives you a false sense of security.
There have been several security systems over the years with this same problem. The issue is basically here:
Step 1: Require users to install a binary plug-in.
(OK, the website doesn't exactly say it that way.)
But web security begins and ends at the user. All of the security depends on the user noticing security warnings and then refusing to continue. Look at it from the user's perspective. "In order to create an account on this website you must turn off your malware blockers, click here, then click 'OK' to the next 3 warning screens that are going to tell you that what is about to happen is a really bad idea. Trust us, we're legit."
I would wager any site that places selection pressure on their userbase to favor those who agree to install random binary stuff from the web is going to have more issues with user credentials than those which do not.
Disclosure: I work for an authentication company (PhoneFactor) that has replaced these plugin-based systems in the past.
Not to mention the other problems with using key based authentication with an unsophisticated client.
- User A at client company X is the one usually using the system
- User A goes on Vacation
- User B needs something from teh system, they forgot to plan this before A left. They call A to ask the password...
56 comments
[ 3.5 ms ] story [ 56.8 ms ] threadHow is this different than Client-side certs, except it requires an addon?
How do you sync keys between machines?
If I'm going to have to deal with syncing and installing a plugin, why not just install 1Password, and have it automatically generate unique-passwords for each site..?
2. I plan on adding in an import/export feature for the next release.
3. This should be more secure than passwords because the only information that the server gets is your public key, which of course is assumed to be public knowledge. No more wondering if the website you're using is properly storing passwords.
Thanks for the questions.
AFAIK, each one asks the browser to generate a new keypair. Unless of course they've chosen to be federated with someone who has already issues you a cert.
It depends on the browser, who issued the cert, and what websites the user has agreed to supply their client cert for. If a specific website issued the cert, it won't be terribly useful to another site, but it could leak some personal info. If a well-known CA (e.g. DigiNotar) issued the cert, it might be valid across a wide range of sites (e.g. Dutch government and other sites).
The TLS protocol is a bit lacking in this regard. A man-in-the-middle type attacker can impersonate a server to a browser and get the "public" client cert.
I have a massive collection of passwords in my LastPass plugin, and managing them is a real mess. Sites are always changing their login URLs or doing other things to break the experience. Most of my family just uses the same password for all their logins, rather than deal with LastPass. With this new mechanism, you only need to store the private key, which is far simpler.
If a hacker steals your password from the server, they can log in as you. If a hacker steals your public key from the server, though, they still can't do anything. They need the private key to actually log in. So, besides being simpler, this new approach is actually more secure.
If you consider it a bad and a security risk, then I would answer that the RSA private key would still be protected by a master password on the client side. You essentially end up with a solution like LastPass or 1Password with a different password for each service, with the added benefit that the server only has the public key so users aren’t affected if attackers obtain a copy of the server database.
If a good thing, well, it’s not clear to me that Foamicate syncs across browsers either.
There's a feature request from a year ago:
http://code.google.com/p/chromium/issues/detail?id=84510
At any rate, I think we learned from OAuth 1 that 18-step, cryptographically involved sign-in processes aren't going to be widely adopted by developers.
Also, I'm not sure what standard you are talking about. They have a very nice spec here: https://wiki.mozilla.org/Identity/BrowserID But this is not a standard.
Mozilla's contribution to this space is obviously going to carry more weight than foamicate, but I say let the best solution win and let's see what else we can come up with. Don't shoot this down by saying it's not a standard.
Basically one letter change away from reading like "Fornicate"…
It's not the fact that it's a one-letter change, it's the fact that rn is m minus a pixel here and there.
Bonus points if I could do it anonymously. Meaning, the site never has any idea of who I am.
Usually the purpose of "signing in" is authenticating who you are.
Also, a common problem with all browser-based authentication systems seems to be what happens when the user loses the browser. (Hard drive failure, theft, etc.)
With LastPass, I can retrieve my passwords by reinstalling the add-on and entering my master password, because all the data is kept on their servers. With browser-based authentication schemes without a central server, once you lose your browser, it's gone. It's also virtually impossible to remember a randomly generated private key, unlike even a 10-word passphrase. So I'll only ever be able to use this with unimportant sites, not e-mail or banking. I see that this problem is mentioned in the "technical limitations" section, but any good idea to fix this without asking users to trust a central server?
For issue with losing the browser key, probably can be resoled by having a prominent backup/restore on USB drive feature.
While the cleverness of the name is debatable (likely depending partially on how old you are), the name basically guarantees that a large portion of the population won't take this project seriously. I'm very liberal and far from a prude and the name just makes me eye-roll/groan and assume the worst about the maturity of the project owner.
Save the clever names for bands. If you want your work to be taken seriously in a computer security context, come up with something less likely to make an 8th grader snicker.
I realize the binary download is an issue, but it isn't much different from what I use now, which is a combination of GnuPG and KeePass (with encrypted offsite backup to S3 and a flash drive).
- Server has no knowledge of password, and less knowledge than a hashed password.
- Master password based private key is possibly more secure than a cookie.
However, if the client machine is compromised a virus could get hold of the private key, and have access to numerous websites.
The best way to improve security is to have a third party login provider (openid, Google, Facebook etc), preferably with three factor authentication. This allows the client, and the server to be compromised, and still limit damage.
Three factor does provide more security but there's no reason to involve a third party - in fact, the more parties, the more likely someone is to fumble something.
Before I start, let me make myself very clear - I think Dan did an awesome job with Foamicate. Seriously. One guy. The balls to put something out there that's innovative and seeks to solve a REAL problem. I'm impressed. And if I were in a position to, I'd ask Dan to work for me.
That said, it's worth (IMO) considering what an identity system should provide -
User Control and Consent: An identity system should only reveal information identifying a user with the user's consent. The Facebook/Google/OpenId model fails this one.
Minimal Disclosure for a Constrained Use: The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution. Again, OpenId falls short in that the identity provider knows where the user is going.
Justifiable Parties: Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship. Microsoft Passport is a great example of why this's a bad idea.
Directed Identity: A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. My Facebook identity is public, but I can't and shouldn't use that to access a private resource like a collaboration site on my company's extranet.
Pluralism of Operators and Technologies: A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers. The part where anything that's exclusively browser-based fails. The same system should work online, from a phone, and from a PC or server running any arbitrary OS.
Human Integration: The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks. UX. The usability problems with Foamicator have been discussed here already.
Consistent Experience Across Contexts: The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies. A smart card is a good example of this - I have a card for cash, a loyalty card for coffee, and an access card for work. Using them is consistent, event though their context is not.
The only technology I know of that meets all 7 laws is information cards (Higgins Project, and CardSpace). Information cards haven't taken off because adotpion by identity providers is, well, basically zero.
Which is a shame.
Anyway, if you're interested in this you can find more information at http://www.identityblog.com/.
Allow user to securely login to websites from virus infested machine in an internet cafe.
How do these various systems compare based on that law? Google one time password or card space?
This is seriously important question these days. It's where 'login authentication' ends and 'endpoint security' begins.
Defence in depth. Layer security like the layers in an onion.
That said, economics dictates that you wouldn't spend $20 protecting a $10 asset.
You say endpoint security is obvious, and I usually agree with you. But I can't count the number of times I've had to retrace this methodically with when talking about systems with very smart people. The distinction between authentication and authorization too.
Like you're saying, classical risk management says the $10 asset isn't worth $20 of security. Sony learned the fallacy of that reasoning the hard way. If you have a database of 100K usernames, passwords, and email addresses of folks who entered a contest to win free movie tickets, you might not value that asset particularly highly. But if you don't secure, it properly could cost you $M to clean up later.
Personal information doesn't always behave like an typical 'asset'. Sometimes it's more like having a surplus of toxic waste.
Shoot, I could talk about this stuff all day. :-)
Google and identity is a bad idea regardless of the problem you're trying to solve (http://www.identityblog.com/?p=1204). It's the worst of the three.
OTP is good, but challenge-response is better. Is your OTP from a second factor?
Card Space is my personal favourite, but the [card] portability issue hasn't been solved. U-Prove holds promise. CardSpace, with U-Prove and second-factor challenge/response would be awesome :-)
So as I said, neither of those is ideal.
But then I have solved exactly that problem (securely login to websites from virus infested machine in an internet cafe) before, for the UK MoD.
I used identity federation (WS-*), and opted for Chip & PIN authentication on the identity provider side, thereby cutting out replay attacks. The solution is complex, and costs a lot more money than the average web site would be willing to pay. Unless someone credible like the Passport Office or DVLA volunteers as an identity provider.
Here's the case study. http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?....
I like the chip and pin approach; its a good solution. Perhaps banks should provide federated login. Do you trust them ? :)
So technically I don't trust any third party. I trust some of them in varying degrees based on what I'm trying to do.
In the case of key fob style three factor authentication a shared secret usually needs to exist. If the password hash, and the shared secret are stored on the same database; a hacker could get access by only needing to compromise that one server. By offloading the three-factor to a third party you are reducing that risk. Even with SMS style authentication a temporary shared secret exists (the contents of the text message). Of course if you are using federated login, it does present a single point of failure.
You could argue that a private key is cryptographically better than a shared secret. But if the client machine is compromised the additional security is useless; and just gives you a false sense of security.
Step 1: Require users to install a binary plug-in.
(OK, the website doesn't exactly say it that way.)
But web security begins and ends at the user. All of the security depends on the user noticing security warnings and then refusing to continue. Look at it from the user's perspective. "In order to create an account on this website you must turn off your malware blockers, click here, then click 'OK' to the next 3 warning screens that are going to tell you that what is about to happen is a really bad idea. Trust us, we're legit."
I would wager any site that places selection pressure on their userbase to favor those who agree to install random binary stuff from the web is going to have more issues with user credentials than those which do not.
Disclosure: I work for an authentication company (PhoneFactor) that has replaced these plugin-based systems in the past.
Login authentication is working as designed. This is a feature, not a bug.
If User B needs access to something controlled by User A, they need to talk to their admin.