Current page:  Layout / Security Architecture

Security - Useage of Security Tokens

Cryptographic Operations of Security Tokens

Hardware security modules (also known as security token) are physical devices, which provide cryptographic operations. These include various algorithms for symmetric and asymmetric encryption, key exchange, digital signatures, cryptographic hash functions and random number generators. The implemented standards (e.g. AES, RSA, Diffie-Hellmann, ECDSA, SHA-256, etc.) are state-of-the-art and are currently not broken (i.e. no efficient attack known so far).

These tokens are build in a way, that they can also resist physsical attacks and side channel attacks. This means, that it is impossible to extract its secrets with physical intrusion or measurement of the tokens emissions or response times.

The security token used in this project is a dongle, which usually is designed as a USB stick (other variants are e.g. SD cards and MicroSD cards), which are examined and certified accordingly for usage in security-critical applications.

Usage for Authentication

Although the usage for authentication is not a native functionality of security tokens, which only cover cryptographic primitives, but protocols for secure authentication are build from those.

A typical problem for authentication is the man-in-the-middle attack, where the attacker is located between the parties involved and connects to all parties on secure channels, while being able to read and modify messages unnoticed.

Security tokens are able to prevent this attack, because server and security token both hold a verification key of the other and can use digital signatures for mutual authentication. This way they can build a secure connection and there is no possible way for the attacker to evesdrop or manipulate the messages unnoticed.