Emanuele Cisbani |
Electronic Signature and Multifactor Authentication
We are entering a new digital world in which the way we perceive and protect identity is rapidly shifting. As a result , the risk of identity theft is increasing. So how can today’s technology meet challenges such as these?
Our experience of the world used to rely on information that, while supplementary, was also crucial. When someone rings our doorbell, for example, the question “who is it?” is generally followed by the answer “it’s me”. It’s the vocal timbre that provides us with a recognizable identity to accompany the message.
In the digital world, it is easy to reproduce a message. When it comes to digital identity, however, the aspects of a message that unequivocally identify who I am, such as the tone of my voice, cannot be transmitted alongside the message itself. Whoever gets hold of these aspects may have the opportunity to act digitally on my behalf.
We can overcome this by sending variable and “derivative” data that allows us to verify the identity of the message’s sender, without revealing it. This is the two-factor authentication solution based on One Time Passwords (OTP) - disposable passwords generated through a “seed” which is solely associated with the user (in this case, the digital identity), and then combined with the value of the current time period which changes every 30 seconds.
We also use documents’ electronic signatures, generated by a “private key” exclusively associated with the user (in this case, the digital identity), and combined with a footprint (hash) to uniquely identify a document. In both cases the information we are transmitting – the OTP as well as the electronic signature – is made of bits derived from the digital identity. They verify it, but they do not reveal it.
Safely maintaining those precious bits which represent our digital identity while preventing others from getting hold of them, remains a problem. This is why we need to guarantee the security process in all its components: algorithms, devices and transmission channels.
When choosing the appropriate algorithms, the golden rule is that long-standing and open standards are the safest. Algorithms like that used for Password Based Encryption (PBE), or the Secure Hash Algorithm (SHA-2) group - up and running for more than 15 years now - have been adequately tested in the market, and can therefore be relied upon.
On the server side, today’s most widespread device for electronic signatures is the Hardware Security Module (HSM). Its competitive edge is that users do not need any further devices (smartcards) and do not have to bother about connecting it to a PC or a mobile phone. Bits that specify an identity can remain safely on the server, protected by an HSM, and will be used exclusively by their proprietors through secure authentication on a device which is always at hand – the smartphone.
On the client side, current smartphone devices are objectively safer at both the hardware and software levels than PCs. By way of illustration, one need only think of current digital fingerprint readers responsible for verifying access, or the fact that PC users cannot run applications with administrative charges, and that each application is executed in a certain degree of isolation.
The final aspect we need to secure is message transmission. The basic technique for encrypting the channel by using TSL/SSL standard protocols is not sufficient, as communication is unencrypted when it resides inside applications using this technique. This is why we need to apply end-to-end cryptography to authenticate messages - from the client application to the secure server verifying the identity. In this way we can prevent access to data pertaining to digital identity (albeit derivative) and encourage reliance entirely on those systems responsible for identity management and security.
An additional method for increasing security in the transmission of identity bits involves separating the transmission of the authentication message from the communication method used by the application. This technique is called Out-Of-Band and can be easily implemented because the smartphone, when used as a client device for authentication, communicates directly with security systems via an exclusive authorization channel, separate from the application channel.
A potential lawbreaker aiming to carry out a man-in-the-middle type of attack would, therefore, have to simultaneously control and manipulate two separate communication channels of which one – the authorization channel – would also be end-to-end encrypted. Indeed, recent smartphone Out-Of-Band solutions are far more effective in defending against these types of attacks than traditional authentication solutions based on token hardware.
We live in a complex digital world where enthusiasm should be tempered by caution. In recent decades new technologies have made it possible to use digital identity with a reasonable degree of reliability; it is important, however, to choose providers of state-of-the-art technology who are able to adopt all the precautions currently available and employ them in accurate and innovative ways.
Guest blog from Emanuele Cisbani (@emanuelecisbani); Intesi Group (@intesigroup)