Portal de Periódicos da CAPES

Recent attacks on alleged SecurID and their practical implications

2005; Elsevier BV; Volume: 24; Issue: 5 Linguagem: Inglês

10.1016/j.cose.2005.04.006

1872-6208

Alex Biryukov, Joseph Lano, Bart Preneel,

Advanced Malware Detection Techniques

SecurID tokens are developed by SDTI/RSA Security to authenticate users to a corporate computer infrastructure. In this paper we show the results of our analysis of the function contained in these tokens. The block cipher at the heart of the function can be broken in milliseconds. We present two attack scenarios on the full function: if one can observe the output of the device during some time period, one can predict with high probability future output values and one can recover the secret key significantly faster than by exhaustive search.