Dansk English

Black boxes for security

Black bokse til sikkerhed

What are authenticators?

Hvad er authenticators?

Picture a black box with a limited API. It gives you access to generate a key pair inside the black box, to read the public key, and to sign data using the private key. But not in any way to read what the private key is. If you break the box open to see what it is, its memory self-destructs. There are, by design, no way that you, or anyone else, can see what the key is.

Forestil dig en black box med et begrænset API. Det giver dig mulighed for at generere et nøglepar inde i black boksen, at læse den offentlige nøgle, og at signere data med den private nøgle. Men ikke på nogen måde at læse hvad den private nøgle er. Hvis du bryder boksen op for at se hvad den er, selvdestruerer dens memory. Der er, i kraft af designet, ingen måde hvorpå du, eller nogen anden, kan se se hvad den nøgle er.

An authenticator is essentially such a black box.

En authenticator er essentielt set sådan en black boks.

In the real world theres of course a lot more to it. But for now, lets just take a look at the ways that authenticators are implemented.

I virkeligheden er det selvfølgelig meget mere broget. Men lad os her nøjes med at se på de måder authenticators er implementeret.

Roaming authenticators

Roaming authenticators

roaming authenticator

A roaming authenticator is a hardware key that interfaces with the users device through USB, NFC or some other short-range communication channel. It can have a sensor, to be able to register presence when the user touches it. Some roaming authenticators are multi-protocol. Be careful as they are easy to use incorrectly, and consequently not provide the security you think they do.

En roaming authenticator er en hardware nøgle som kommunikerer med brugerens enhed gennem USB, NFC eller en anden kort-rækkende kanal. Den kan have en sensor, for at kunne registrere presence når brugeren rører den. Nogle roaming authenticators er multi-protokol. Vær forsigtig med dem, for det er nemt at bruge dem forkert, og dermed ikke få den sikkerhed som man tror de giver.

The most popular roaming authenticators are UbiKeys.

De mest populære roaming authenticators er UbiKeys.

Platform authenticators

Platform authenticators

platform authenticator

A platform authenticator is a hardware key built into the users device. That means that a private key will be bound to that device. If the device is lost, the user should get another device and use that to generate a new key and onboard that.

En platform authenticator er en hardware nøgle bygget ind i brugerens enhed. Det betyder at en privat nøgle vil være bundet til den enhed. Hvis enheden bliver væk, bør brugeren få sig en anden enhed og bruge den til at generere en ny nøgle og onboarde den.

In a PC the platform authenticator is typically a small module, that follows the TPM standard. Colloquially known as a TPM chip. PCs has been sold with TPM chips since the mid 00s.

I en PC er platform authenticatoren typisk et lille modul, som følger TPM standarden. I daglig tale kaldet en TPM chip. PCer er blevet solgt med TPM chips siden midt 00erne.

In a mobile device the platform authenticator is a so-called Secure Element, or SE for short. Really the same type of chip used in smartcards. The coding of Secure Elements is not standardized. Mobile phones has been sold with Secure Elements since the mid 10s.

I en mobil enhed er platform authenticatoren et såkaldt Secure Element, eller bare SE. Egentlig samme slags chip som bruges i smartcards. Firmwaren på Secure Elementer er ikke standardiseret. Mobiltelefoner er blevet solgt med Secure Elementer siden midt 10erne.

Virtual authenticators

Virtuelle authenticators

virtual authenticator

A virtual authenticator is a key that is only implemented in software. Such a key can be practical in a virtualized environment, if you dont care too much about the security. It also allows a backdoor so that private keys can be synchronized. This is not possible with the other authenticator types.

En virtuel authenticator er en nøgle der kun er implementeret i software. Sådan en nøgle kan være praktisk i et virtuelt miljø, hvis ikke man tager sikkerheden alt for tungt. Den tillader desuden en bagdør så de private nøgler kan synkroniseres. Dette er ikke muligt med de andre authenticator typer.

Passkeys, in the sense of the Google and Apple products introduced 2022, are virtual authenticators.

Passkeys, forstået som de Google og Apple produkter der blev lanceret 2022, er virtuelle authenticators.

Other terms

Andre begreber

The term hardware authenticator applies to both roaming and platform authenticators.

Begrebet hardware authenticator gælder både roaming og platform authenticators.

The term cross-platform authenticator is just another way to say virtual authenticator.

Begrebet cross-platform authenticator er bare et andet navn for en virtuel authenticator.

The term passkey is quite confused. Some use it for any FIDO2 authenticators in general, some people use it as a synonym for virtual authenticators, and some use it specifically for the Google and Apple products.

Begrebet passkey er forvirrende. Nogle bruger det generelt om alle FIDO2 authenticators, nogle bruger det som et synonym for virtuelle authenticators, og nogle bruger det specifikt om Googles og Apples produkter.

authenticator overview authenticator overblik

Trade-off

Afvejning

There is a trade-off between security and convenience for the three authenticator types.

Afvejningen mellem sikkerhed og bekvemmelighed er forskellig for de tre slags authenticators.

Roaming authenticators are most secure but least convenient, as you have to remember to bring your key with you and fiddle around with it.

Roaming authenticators er de sikreste men mindst bekvemmelige, da du skal huske at have din nøgle med dig og fumle rundt med den.

Platform authenticators are almost as secure as the roaming authenticators. They are hardware, but there is a software layer of operating system and application around it, that can be compromised. If this happened it could lead to malware authenticating on its own. But it would not lead to leaking of the private keys. On the convenience side, platform authenticators are better than roaming authenticators, as they are just there inside your device anyway.

Platform authenticators er næsten lige så sikre som roaming authenticators. De er hardware, men operastivsystem og applikation danner et softwarelag rundt om, som kan blive kompromitteret. Hvis det sker kan det betyde at malware vil kunne authentikere på egen hånd. Men det vil ikke betyde at de private nøgler kunne lækkes. På bekvemmelighedssiden er platform authenticators bedre end roaming authenticators, da de altid er inde i din device.

Virtual authenticators are the least secure because they do not encapsulate the private keys. In fact they often synchronize them, so that security becomes closer to that of a password manager. They are more secure than passwords though. Those virtual authenticators that synchronize private keys, can be more convenient than platform authenticators when you onboard a new device. Also running just raw WebAuthn using hardware authenticators, without some trust infrastructure, can make multi-device usage awkward. In this situation the synchronized keys of virtual authenticators can be convenient.

Virtuelle authenticators er de mindst sikre fordi de ikke indkapsler de private nøgler. Faktisk synkroniserer de dem ofte, så sikkerheden kommer mere til at være på password manager niveau. De er dog mere sikre end passwords. De virtuelle authenticators, som synkroniserer private nøgler, kan være mere bekvemme end platform authenticators når du onboarder en ny enhed. Desuden kan det være besværligt at bruge mange forskellige enheder hvis man kører rå WebAuthn uden nogen form for trust infrastruktur. Så i den situation kan de synkroniserede nøgler gøre at de virtuelle authenticators er mere bekvemme.

Authentication

Authentikering

When you want to use an authenticator, you have to unlock it by entering a password. Or, what is equivalent, by scanning a fingerprint, making gestures, or something like that.

Når du skal bruge en authenticator skal du først låse den op ved at indtaste et password. Eller, hvad der kommer ud på et, ved at skanne et fingeraftryk, ved at gestikulere, eller noget i den stil.

The data needed to check the password is in the authenticator and nowhere else (given that it is a hardware authenticator). So the users device is the only machine that sees the password. Authenticators require the authentication, or unlocking, to be local. So you have to enter your password directly to the device when you unlock the authenticator.

De data der bruges til at tjekke passwordet findes kun inde i authenticatoren (givet at det er en hardware authenticator). Så brugerens enhed er den eneste maskine der ser passwordet. Authenticators accepterer kun at authentikering, eller oplåsning, sker lokalt. Så du er nødt til at indtaste dit password direkte på din enhed når du låser authenticatoren op.

authenticator flow authenticator flow

That means that if only a users password was leaked, or only the users device was stolen, the security impact would be minimal. It would require both the password to be leaked and the device to be stolen for a bad actor to exploit it. Note also that exploitation now would require access to the device, limiting it to one bad actor at a time. Contrast that to classic password leaks, where the whole darknet can be exploiting it at the same time.

Dette betyder at hvis det kun er en brugers password der bliver lækket, eller kun brugerens enhed der bliver stjålet, så bliver sikkerheden ramt minimalt. Det vil kræve at både password og enhed kommer i hænderne på en bad actor for at det kan udnyttes. Bemærk desuden at udnyttelse kræver fysisk adgang til enheden, så det begrænser det til én bad actor ad gangen. I modsætning til læk af klassiske passwords, hvor hele darknet kan udnytte det på samme tid.

Because the authenticator password is so much less critical, requirements for password complexity and expiration can be much lower than for classical passwords. Through this authenticators can provide both a user experience and a security that is much better.

Da authenticator passwordet er så meget mindre kritisk, kan kompleksitets- og udløbskrav være mere lempelige end for klassiske passwords. Dermed kan authenticators give både en bedre brugeroplevelse og et meget bedre sikkerhedsniveau.

Related:
Authentication for generations
Password ponderings

Relateret:
Authentikering i generationer
Password tanker

Made by a human Licenses RSS feed
Made by a human Licenser RSS feed