Remote Access

KoolSpan: Bridging The Secure Access Gap

Part 3: Under the Hood

In parts one and two of this review we looked at an innovative product and tested it. In this conclusion of our review of this novel product, we look under the hood to show how it works.

by Lisa Phifer VP Core Competence, Inc. [July 29, 2005]

Under the hood
SecurEdge uses two-factor authentication; someone who finds a Client Key cannot gain network access without the legitimate user's PIN. PIN values are 8 characters, known only to the Key's owner. Although each Key is shipped with a default PIN, one of the first things every user should do is choose a new PIN (shown below). Anyone that knows the Key's current PIN can change it at anytime using the Client GUI.

To avoid PIN guessing, each SecurEdge Key enforces the administrator-configurable retry limit. Unless the user has done something particularly risky—like keeping the default PIN or configuring a simple PIN like "11111111"—anyone trying to guess the PIN will most likely exceed this limit. Once that happens, the SmartCard disables itself, requiring a trip back to the Manager to be reset to default (shown above).

Each time the user enters an invalid PIN, an impending lockout warning is displayed, but there are no hints as to how many retries remain, and trying later doesn't restart the counter. This mechanism effectively prevents active guessing, even with an 8 character PIN. Strong RSA authentication and on-card crypto key storage prevent offline PIN cracking. In fact, SecurEdge crypto keys are generated inside each SmartCard, based on provisioned network send and receive keys, and are never passed out of the SmartCard.

In our view, unattended hosts pose risk to nearly every secure remote access product, including KoolSpan's. When the SecurEdge Client is first launched, it requests the user's PIN. If the user enters the correct PIN, it is reused for future authentications without prompting, as long as the Client Key remains inserted. For example, if a remote user briefly loses Internet connectivity, SecurEdge automatically reconnects the tunnel without re-prompting the user for her PIN. This is convenient, but risky if the user leaves her laptop unattended in a public place. Passworded screen savers with short timeouts can help reduce risk, as can pulling the Client Key whenever you leave your PC.

Every proprietary security protocol raises some degree of concern: proprietary measures can't be reviewed or vetted by the industry; on the other hand, they are less likely to draw attacker attention. Those interested in security protocol nuts-and-bolts should consult KoolSpan's Technology Overview and SecurEdge White Paper (available for download here). For a quick tech summary, we talked to KoolSpan's CEO, Tony Fascenda.

"Our session keys are independently calculated for each session, derived from the authentication process," explained Fascenda. SecurEdge never exchanges or downloads crypto keys—they are calculated from information stored on the SmartCard. "During authentication, [the Client and Lock] exchange encrypted random numbers. Both sides decrypt that number, based on the user's identity [Client Serial Number and provisioned Network Key]. If that works, each knows the other is legitimate, and those random numbers are used to derive session keys."

This brief exchange requires one half to one third of the packets needed to establish an IPsec tunnel, and a fraction of the packets required for 802.1X/EAP authentication. As Fascenda put it, "We wake up secure, while other technologies authenticate in the clear and then go secure." Even though the Client and Lock authenticate by digital signature, no back-end RADIUS server or CA is required.

The session key calculated by the Lock and Client during authentication is loaded into a hardware register. Arriving packets are mapped to a hardware register to find the session key. But the session key is never directly used to encrypt data. "Every packet has a different key for encryption. Each packet is encrypted using an offset, XOR'd with the session key," explained Fascenda. Like IPsec, every packet has a message integrity check to prevent tampering and replay. Unlike IPsec, SecurEdge encrypts not only unicast, but also broadcast and multicast packets. .