Patent application 2015/MUM/2011 : Securing Transactions Using Secure Multi-factor Authentication And Synchronized Symmetric Key Generation

Patent documents are enlisted below :

  1. IP Docket dated 18 July 2011
  2. PCT – Introduction and Filing
  3. PCT- List of Member Countries
  4. Prov_IN_Drawings
  5. Prov_IN_Filing_receipt
  6. Prov_IN_Specification

Security system for secure authentication, key generation, key distribution and session maintenance to prevent active/passive phishing, man in the middle, cross side scripting and other network based as well as browser-based attacks  on-line banking transactions.

Problem Definition: The text-book definition of security involves three aspects, authentication, secure transmission and data integrity.  Conventionally much stress was laid on the last two factors, and enormous amount of work has been done concerning encryption schemes, hashing etc. With role of internet becoming more and more profound in social and economic life of common man, authentication has become equally important of an issue.
During the last decade, online financial frauds most importantly Phishing sites have become much of a concern for online banking, credit card transaction  and other online financial services. With the advent of sophisticated tools for phishing, data sniffing, man in the middle attacks, it has become possible to impersonate as a legitimate user and perform online financial frauds. Last few years have seen a steep rise in phishing attacks aimed at collecting user sensitive information, majority of which were targeted on online banking customers. Banks and their customers are losing lots of money in these fraudulent practices.
Research Data:
The recent attacks on Facebook, Twitter, PayPal and various other banks, resulting in the leak of client sensitive information, and shows the level of complexity and sophistication involving their execution. Monthly report (May 09) of Symantec Security Response Anti-Fraud Team, shows that nearly 79% of online attacks were targeted on banks. According to, there were 3.6 million adults who lost nearly 3.2 billion US dollars in the time period between September 1, 2006 and August 31, 2007. The Guardian shows that online banking losses totaled almost £60m in 2009 compared to £52.5m in 2008 and £23.2m in 2005. Gartner Group estimates that data theft through phishing activities costs US banks and credit card issuers an estimated $2.8 billion annually. Mcafee’s 2009 Q3 report shows that number of malware detected in that particular quarter has reached nearly 5,000,000. Symantec Securities 2010 Q3 report highlights that 82% of reported phishing attacks were targeted on financial sector.

1. a. The number of “phishing” attacks in UK, where fraudsters lead customers to fake bank websites via an email that purports to come from their bank, increased by 16% from 2008 to 51,000. This compares to just 1,700 such attacks five years ago. As a result, online banking losses totaled almost £60m in 2009 compared to £52.5m in 2008 and £23.2m in 2005.

b. Phone banking losses, which were recorded for the first time in 2009, totaled £12.1m, with most losses involving customers being duped into disclosing security details through cold calling.

2.     Theft via online banking increased by 14 per cent to £60 million ($95 million) while plastic card losses amounted to £440 million ($700 million). (UK National Fraud Authority)
3.     Institute/Guardian Analytics study finds 40 percent of small and medium businesses change banks after a fraud incident.
4.       Annual Phishing Related Losses Estimated to be as High as $9.4M per Million Customers.
The above reports justifies the gravity of  situation concerning the rapid increase in phishing attacks directed specifically on financial institutions and payment portals like pay pal etc.

Currently employed authentication schemes for online banking
Various methods have been proposed to deal with the issue of phishing and ensuring secure authentication. Some have a two-page login in which the second page shows a picture and phrase selected by the user, which a fake site wouldn’t have. Some show a picture of a keyboard, on which one “type” a second password with a mouse, to defeat intrusions that record the stream of keystrokes. Some show the keyboard, but just ask for three randomly chosen characters, to defeat attacks that steal credentials and reuse it to set up another session later. But none is safe against Man in the middle attacks like active phishing, Trojans and malware which store the username password or other secret the user is having, and use it later. Even authenticating user with cell phone has its drawbacks. With phones becoming more and more computer like the risk of malware and Trojans is increasing.
The only tried and trusted option left is Keyfob (random number tokenizer) provided by RSA, VeriSign etc. It’s been widely used by various firms to log in their network and by other corporate users.
In 2007 a highly sophisticated phishing attack was launched on ABN Amro. Though ABN Amro uses the key fob multifactor authentication mechanism, the attackers were able to install malware on client side and proceed with what is now known as “In Session – Phishing “attack.  Various security researchers have shown that it is nearly impossible to stop that kind of attack using the key fob.

1.     ICICI bank uses static numbers on debit cards back as a second factor for authentication.
2.     After user login into his account, HDFC bank shows a picture to the user, this picture is previously selected by user while creating online account. Now this ensures the legitimacy of the site since only hdfc bank’s server knows the client credential. But this picture is a static credential, also its probable that user  will most select picture from first page, and via social engineering we can sort out that from the few pics on first page of selections users mainly selects pics from a much smaller set of famous icons that can be remembered later like Taj Mahal.
3.     CITI, SBI etc sends text messages to user containing One time password(OTP) that’s used as a second factor to authenticate.

Concerns regarding current authentication procedures
1.      Although banks have started using multi factor authentication to authenticate user there is no way to authenticate whether a website is legitimate or phished or fake website.
2.      Authentication methods currently employed for online banking schemes either requires static credentials like username/password or one time password texted on cell phone as a second factor which has its own vulnerabilities. No current method except RSA key fob, that in turn too expensive to be issued to all banking customers, provides a mechanism to deliver one time password safely at client’s end.
3.      Even if OTP is used as a second factor all these authentication methods fail when under active phishing or man in the middle attacks.
4.      Digital certificate forgery leads to identity impersonation by forged site and users provides his credentials to phished website.
5.      No existing mechanism provides a mechanism to safely produce and deliver client credentials to legitimate bank’s server and provide dual authentication i.e. bank’s server authenticates user and user authenticates bank.
6.      There is no current technology that provides a full proof session security, saving client credentials from phished site, man in the middle attacks or when the network is compromised.
7.      There’s a sudden rise in various tools used for network sniffing, ARP poisoning, keys and digital certificate generation, and automated tool kits that makes it pretty easily to perform sophisticated attacks like man in the middle and active phishing.
8. Recently there were many malware/Trojan based attacks on mobile banking apps. Once the user log in via multifactor authentication mechanism and a secure channel is established, the malware inserts its own transaction packets in between the ongoing stream. Now instead of one, two transactions takes place. Instead of having secure multi factor authentication and ssl channel for data transfer mobile apps are prone to malware and Trojan based attacks that exploit the system level security.

Security weakness in existing authentication and session security techniques
All current existing authentication schemes are concentrating on providing the user with multi factor authentication schemes. Like OTP with key fobs and OTP sent to cell phones. But the adversary is focussing his efforts on hacking the channel and then the session via forging digital certificates, or via phishing. In the case of simple phishing, currently there is no scheme (except HDFC’s) where the user can authenticate the bank’s site i.e whether the website is legitimate or not. When the user logins in HDFC’s online banking portal, he is shown a picture that he selected when he registered for online banking. So HDFC responds to user’s password via a static picture. Now the problem concerning it is its static nature.  Even bank of America uses the same scheme. Maximum users don’t even know the use of this picture. By default this picture is taj mahal in many cases. Even by using social engineering, we can crack this scheme, since most users will only select picture available on the first page. The main concern is that even to get to the page showing the pic the client has to disclose his credentials, thereby becoming vulnerable to phishing. In case of active phishing the man in the middle with forward the client’s forwarded credentials to legitimate bank’s server and will forward the response to client’s browser, making him believe that he is connected to legitimate site.
State Bank of India sends a sms containing OTP to user, which has to be entered within 3 minutes otherwise the session expires. There has been a lot of criticism of this approach. Various security experts have spoken in detail that the main purpose of cell phone networks is forwarding the calls.SMS can be logged for 8 hrs. If the person shifts to different circle (the scope of a tower), he is not registered in the new circle until unless he makes a call, receives a call or restarts his cell phone, during this time all sms are logged in the previous tower infrastructure. The cell phone network is designed to be call centric, so it will not waste resources to locate the cell phone just for sms delivery once it has moved out of current circle. We did a little survey to collect response of SBI’s net banking customers. Many complained about late delivery of sms that led to expiry of involved session, resulting in loss of customer’s faith in the efficiency of online banking service.
Malware and Trojans installed on mobile or PC can exploit the system level vulnerabilities and can perform illegitimate financial transactions even though user is login with RSA secure ID as multi factor authentication mechanism and using SSL layer for network security.
Attacks like XSS – cross site scripting are exploiting vulnerabilities in browser and web applications. They steal session credentials like session ID , keys and cookies and establish another parallel session with the same session credentials.

Abstract: A pseudo random number generator, third party key distribution protocol, random number generators synchronization algorithm, multi session data delivery, mechanism to protect from malware/Trojan based attacks on installed banking app and two ways one time password authentication scheme are disclosed. The Pseudo random number generator is based on multiple curves Elliptic curve cryptography.  The authentication scheme is based on challenge – response strategy, in which client and server sends a challenge to each other. These fields are passed to authentication and key generation that authenticates the two ends and generates and forwards secure session credentials to end systems. The underlined  authentication, key distribution scheme and multi session communication mechanism helps to detect forged sites, phishing activities and most importantly man in the middle attack, thereby providing a secure multi factor authentication that not only authenticates the legitimacy of user but also provides safe session establishment and session security from cookie and session credential thefts like session fixation.
The whole system provides mechanism for authentication and securing online banking from phishing, man in the middle and other financial frauds. Once installed on client end (personal computer as well as mobile), it provides a two way secure authentication mechanism i.e. the client application authenticates server (bank’s server) and (bank’s) server authenticates client with one time password functionality. Before performing authentication, a handshake protocol generates and performs secure symmetric key exchange between client application and server via a third party authentication and key distribution server. Once a secure session is established and both ends are authenticated, client and server perform second level of handshake.  They synchronize their PRNG and thereby generate one time padding keys for further communication.

Summary of the invention:
1. The invention addresses the limitations of existing authentication mechanisms to provide security from phishing and man in the middle attack, and using pseudo random number generator for one time padding scheme to provide secure data transfer by symmetric key encryption bypassing the vulnerabilities of PKI like digital certificate forgery.
2. The present invention provides a secure mechanism to authenticate users in an unsecure and untrustworthy environment via a unique multi factor authentication algorithm. It addresses the limitation of other multi factor authentication protocols that are unable to deal with active phishing and man in the middle attack. The protocol not only checks for the legitimacy of the user, but also the authenticity of the hosted website, in a way providing two way authentication.
3. Along with authentication the invention also provides a secure mechanism for key distribution via a third party server that not only authenticates both communicating ends i.e. user and bank’s server but also generates and securely delivers session key to both ends.
4. The algorithm does not use conventional Public key infrastructure to exchange key for symmetric key encryption scheme, on the contrary it uses third party server for session key distribution in a way that provides security from external, internal, classic replays and interleaving attacks thereby satisfying definition of probable security.
5. The protocol also provides “forward secrecy” i.e. even if long time key is compromised somehow in future yet previously communicated data and keys will not be recovered.
6. The efficiency of key distribution protocol is much more than Deffie Hellam key exchange protocol as it doesn’t involves large computations over a group to achieve forward secrecy.
7. The invention uses pseudo random numbers generated at both communicating ends to provide nounce as a token of key freshness as well as user identification credential thereby eliminating the need for costly third party digital certificate. Every time the users want to communicate their user ID will be unique known only to authentication server.
8. Once secure session keys get delivered to both ends, the communicating parties will exchange messages to reassure on the consistency of the session key received.
9. Once secure session is established the client and bank’s server will perform second handshake to synchronize their pre installed pseudo random number generators (PRNG).
10. This algorithm involves the exchange of credential parameters (state file of PRNG) in such a way that both ends agree on a consensus (a common a state file) without even disclosing their earlier states to each other. ( imagine a situation when two people are having secret numbers at their ends and they want to generate consensus on a single number without disclosing either the numbers at their ends or the finally reached consensus.
11. Once PRNGs reached the same state OTP keys are generated and semantically secure security is achieved by encrypting each message with same length key.
12. All communication takes place via sub session within the same session in multiple bursts making it computationally infeasible for attacker in the middle to capture the data and respond accordingly.
i. In one aspect, the present invention is directed at providing a two way multi factor One Time Token based authentication mechanism, for rendering authentication functionality for both communicating ends.
ii. In second aspect it removes the need for costly digital certificates needed by Bank’s server that are important aspect of public key infrastructure, replacing it by much better dynamic unique ID at both end thereby giving an extra credential even to client.
iii. In third aspect the invention is directed at providing a secure key distribution facility there by replacing the need for public key infrastructure, making it more preferable in terms of security as well as performance i.e. it is safe from all attacks encumbering PKI and is computationally faster since PKI mechanism is mainly based in complex computation that are computationally expensive and are not efficient especially in the case of battery operated devices.
iv. In fourth aspect the invention provides safety from phishing attacks, man in the middle attack, Cross site scripting and other session hijacking attacks on customers of online banking. The system comprises an installed application at client end communicating with the browser thereby eliminating threats caused by various scripts and other session credentials thefts cause of browser vulnerabilities.
v. In fifth aspect the invention is directed at providing One Time Padding facility without the need of pre shared keys. This becomes feasible by a handshake algorithm that is targeted to synchronize two elliptic curve based pseudo random number generators. In a Diffie Hellman like parameter exchange over elliptic curve, seed parameters are exchanged between the communicating parties and a consensus is reached without disclosing either the previously shared states or the newly generated consensus.
vi. The sixth aspect of the invention deals with multi elliptic curve based pseudo random number generator. The state of the curve consists of many curve seed states and numbers are generated randomly from any of the curves in the seed set. . Elliptic curves defined over prime fields, with different field sizes are used. The state of different curves keeps on changing throughout the life cycle of employed PRNG.
vii. The state file of the PRNG is much more dynamic and defined over much larger primes fields making it more uniformly distributed than PRNG defined over single curve.

The same mechanism can be used to authenticate the client when he is using a computer or cell phone for secure login authentication needed by banks and financial institutions, mobile banking schemes, remote login into corporate network from personal computer or cell phone, one time padding symmetric encryption using PRNG installed at client end for transferring highly confidential data, authentication and data transfer in cloud, login authentication and data transfer for government network, secure remote desktop application for login authentication and data transfer, secure remote desktop application from cell phone to desktop, for providing security from phishing and man in the middle when authentication is done using voice recognition or biometrics, for authentication, remote desktop application in 3G networks, client end stock trading application that require authentication and secure data transfer( current SEBI guidelines makes 128 bit encryption mandatory for all trading related data transfer.), for providing bit by bit voice encryption facility for telephonic or 3G networks.
System configuration of client end system (desktop or mobile client or client’s (bank’s) server)
1. Client Server session initiation procedure
2. Multi factor, two way authentication protocol ( between client/bank’s server and third party authentication server)
3. Key exchange protocol (between client/bank’s server and third party authentication server)
4. Session creation procedure
5. PRNG synchronization algorithm – to synchronize client and bank’s server’s pre installed PRNG.
6. Session credential and key maintenance procedure
7. Encryption/Decryption algorithm
8. Data integrity and signature check procedures
9. Threat monitoring procedures
10. Token – output random triplet periodically
11. PRNG – pseudorandom number generator
Token will output three numbers periodically
1. UID
2. Token(password)
3. Authentication Server’s UID for this client
Client server session initiation protocol
Client Bank’s Server

Here client and server (Bank) initiates session via exchanging hello messages and then forwarding their hashed unique identification credentials. Now these credentials are random numbers generated by token program installed at their end. So the UIDs are dynamic. Once these exchanges are over they discard this session and initiates next protocol with authentication server respectively.
Authentication and Key exchange protocol
Here we are depicting Client via alias A and Banks Server via B.

represents signed message digest by A with pre shared long lived key with authentication server S.

represents encrypted message by A with pre shared long lived key with authentication serverS.

Client/Bank’s server Authentication Server

Same steps will occur between B and server S. Now They will exchange messages forwarded to them by authentication server, to concur on keys received by authentication server.

After secure key exchange and session, client server and server start communicating securely. After this step they start to synchronize their Pseudo Random Number Generators.

PRNG synchronization
All this communication takes place once a secure session is established between client and bank’s server. Both client and server have pre installed elliptic curve based pseudo random number generator installed at their end. Both PRNG have different state files containing group generators, prime field parameters, constants and point coordinates. The below explained communication relies on the hardness of discrete logarithm problem based on elliptic curves and helps both parties on consensus generation. Once these messages are exchanged both PRNG will have same state files and thereby outputting same numbers which can be used as one time padding keys.

The PRNG installed is elliptic curve based. It contains k curves with state parameters as generators G1, G2, …, Gk. Apart from generator each curve’s state consists of seed calculation point Pi and random number generation point Qi. So to synchronize the PRNG we need to generate same state files for both PRNG. This is similar to consensus generation problem where no party except the involved can guess the final state reached just by seeing the transferred messages. The security of the proposed scheme is based on Elliptic curve group Discrete Logarithm problem. After exchange of messages and without disclosing their initial state in any manner both parties reach a consensus on final state. There by both PRNG will output same numbers that can be further used as keys for one time padding mechanism.

Step 1.
Alice generates two sets of k numbers (depending on the numbers of curves being used in PRNG), {np1, np2, …,npk} and {nq1,nq2,…,nqk}. Then these numbers are multiplied with curve generator G1,G2 …Gk respectively. All multiplication takes place over respective elliptic curves and all computation follows elliptic group algebra. Once computed these parameters are sent to Bob (bank’s server).

Step 1: Alice sends pairs of k coordinates to Bob. It’s like Deffie Hellman key exchange system. All computation is done over elliptic curve via concerned group algebra defined over finite fields. Only Alice knows the multipliers (mp1,mq1),….(mpk,mqk). Even if the session key got compromised yet adversary will have access to the number n * G and G, it’s infeasible for him to find n due to the computational hardness of Discrete Logarithm problem.
Step 2: In a similar fashion Bob also computes two sets of coordinates, each in turn having k coordinates. Bob forwards be numbers to Alice.
Step 3: Alice does the following computation at his end for all i belonging to k.

Step 4: Bob too performs similar computations for all i belonging to k.

Now since all computation is performed over elliptic curve defined over prime field or Galois field, which are abelian(commutative) in nature , both Alice and Bob will generated same points at end of step 3 and step 4.

Posted in Uncategorized | Leave a comment