Value of SSL client certificates?

Value of SSL client certificates?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Value of SSL client certificates? Isak 10-19-2007
Posted by Isak on October 19, 2007, 10:18 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I'm looking for input on authentication mechanisms for a financial
service.

We don't think that username+password login across a https connection
sounds secure enough by itself, and are looking for ways to increase
security.

One-time passwords over e.g. SMS as a second step after successful
login sounds very good, but we have concerns about the associated
costs.

Client side certificates were brought up as a cheaper option. It's one
more technical hurdle for our users, but if they make up for it in
security, and we save more than our support cost goes up, I guess they
could be worth it.

A client cert does prevent brute-forcing random accounts; you'd have
to gain access to the certificate first. And if you do gain access to
a certificate, intercepting a one-time password as it's being
submitted probably isn't a lot harder..


Thoughts? Any suggestions appreciated,
Isak


Posted by David Wagner on October 19, 2007, 1:25 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Client certs seem like an effective way to authenticate the
browser. One thing that's nice about them is that hopefully
they are not as susceptible to phishing: the user cannot disclose
a credential that the user does not know (e.g., the private key).

I've always heard concerns raised about (a) browser support for
client certs, and (b) help desk calls. I'd be curious to hear
your views on whether those concerns are still relevant today.

Also one issue with client certs is that they only authenticate
the machine or the browser. If the user uses a different machine
to log in, that other machine won't have their client cert, so
they will have to "register" that other machine (by generating a
new client cert for that machine). Same if they re-install the
OS or possibly even if they change browsers. One question is,
how cheap and easy can you make that? Another question is, is
that acceptable?

I'd be interested to hear your take on these concerns. If client
certs are practically feasible, it seems to me like they have some
good security properties -- but I don't know enough about the
practicalities of using them.

You might also want to ask on Perry Metzger's cryptography mailing
list.

Posted by Isak on October 23, 2007, 8:50 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Oct 19, 7:25 pm, d...@taverner.cs.berkeley.edu (David Wagner)
wrote:
> Client certs seem like an effective way to authenticate the
> browser. One thing that's nice about them is that hopefully
> they are not as susceptible to phishing: the user cannot disclose
> a credential that the user does not know (e.g., the private key).
>

We'd have to automate the cert generation process, using some stronger
form of authentication (one-time passwords / SMS), which would again
make us susceptible to phishing. Protecting people from themselves is
hard.


> I've always heard concerns raised about (a) browser support for
> client certs, and (b) help desk calls. I'd be curious to hear
> your views on whether those concerns are still relevant today.
>

I assume (a) is "solved" these days. I've seen mention of issues with
key sizes larger then 1kbit, but not sure how recent that was.

I think (b) is still a major issue, no matter how streamlined and
simple we/the browser developers make the process..


> Also one issue with client certs is that they only authenticate
> the machine or the browser. If the user uses a different machine
> to log in, that other machine won't have their client cert, so
> they will have to "register" that other machine (by generating a
> new client cert for that machine). Same if they re-install the
> OS or possibly even if they change browsers. One question is,
> how cheap and easy can you make that? Another question is, is
> that acceptable?
>

Yup, that's the question. As we'll need some additional auth mechanism
for cert generation, I'm not sure what we could gain.

As far as I can see, it all boils down to cost / complexity of sending
out more text messages vs. cost / increased complexity of doing both
sms & client certs.


Regards,
Isak

> I'd be interested to hear your take on these concerns. If client
> certs are practically feasible, it seems to me like they have some
> good security properties -- but I don't know enough about the
> practicalities of using them.
>
> You might also want to ask on Perry Metzger's cryptography mailing
> list.



Posted by David Wagner on October 23, 2007, 11:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Isak wrote:
>We'd have to automate the cert generation process, using some stronger
>form of authentication (one-time passwords / SMS), which would again
>make us susceptible to phishing. Protecting people from themselves is
>hard.

? I thought web browsers had the capability to generate the
private/public keypair on the client side. I would think that
would be preferable to having the server generate the user's
private key for them. That's all you need, isn't it?

Perhaps what you mean is that you need a way for users to register
their public key. There are many ways you could potentially do that.
You could do whatever you do today if a user claims to have forgotten
their password. You could ask them a few challenge questions. You could
have them call a telephone number with automated voice response system.
You could snail-mail or text them a one-use password. You're absolutely
right that the bootstrap problem is a challenge. But: How do you handle
the bootstrap problem today? That might give you some ideas about how
you could solve the bootstrap problem, as the bootstrap problem is not
unique to public-key authentication.

>> I've always heard concerns raised about (a) browser support for
>> client certs, and (b) help desk calls. I'd be curious to hear
>> your views on whether those concerns are still relevant today.
>
>I assume (a) is "solved" these days. I've seen mention of issues with
>key sizes larger then 1kbit, but not sure how recent that was.
>
>I think (b) is still a major issue, no matter how streamlined and
>simple we/the browser developers make the process..

Okay.

Posted by Isak on October 24, 2007, 5:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Oct 23, 5:59 pm, d...@taverner.cs.berkeley.edu (David Wagner)
wrote:
> Isak wrote:
> >We'd have to automate the cert generation process, using some stronger
> >form of authentication (one-time passwords / SMS), which would again
> >make us susceptible to phishing. Protecting people from themselves is
> >hard.
>
> ? I thought web browsers had the capability to generate the
> private/public keypair on the client side. I would think that
> would be preferable to having the server generate the user's
> private key for them. That's all you need, isn't it?
>
> Perhaps what you mean is that you need a way for users to register
> their public key.

Yes. The user would create a key pair and hand us their public key,
which we sign or whatever to issue a client certificate.


> >> I've always heard concerns raised about (a) browser support for
> >> client certs, and (b) help desk calls. I'd be curious to hear
> >> your views on whether those concerns are still relevant today.
>
> >I assume (a) is "solved" these days. I've seen mention of issues with
> >key sizes larger then 1kbit, but not sure how recent that was.
>
> >I think (b) is still a major issue, no matter how streamlined and
> >simple we/the browser developers make the process..
>
> Okay.

We haven't done any real research on this, though. Would be
interesting to see some real data if there's anything out there.


Regards,
Isak


Similar ThreadsPosted
VPN vs SSL client side certificates September 6, 2005, 12:48 pm
how to purge my local client-certificates from my pc? February 26, 2006, 5:00 am
VPN Client Software July 6, 2004, 7:48 am
Second Life Client - Security? May 17, 2007, 10:11 pm
用了F-Secure AntiVirus Client Security的掃瞄結果 November 16, 2004, 8:02 pm
Windows 98 client authentication failure November 27, 2006, 7:04 am
X.509 Digital Certificates March 7, 2005, 8:56 pm
Chaining x.509 certificates April 27, 2005, 3:46 pm
Chaining x.509 certificates April 27, 2005, 3:48 pm
What are the differences between the certificates *.pfx *.p12 *.cer *.crt *.spc *.p7b ?? July 19, 2005, 2:02 pm

The site map in XML format XML site map

Contact Us | Privacy Policy