TODO
Mark Shuttleworth has likened
ACPI to
trojan horses.
gets_s()
rather than
gets()
etc. in
c.
LOLBAS: Living Off The Land Binaries and Scripts
2FA and/or MFA (Multi-factor or two-factor authentication)
With multi-factor authentication, a user is granted access to a service only after presenting two or more factors (pieces of evidence).
Such factors include
Factor | Examples |
Something the user has | Security token (for example on a USB stick), bank card (which is inserted into an ATM) |
Something the user knows | Pasword, PIN, PUK (personal unblocking key) |
Biological or other characteristics of the user | Figerpint, eye iris, voice, typing speed/keystroke dynamics, pattern in key press intervals. |
U2F Universal 2nd Factor
U2F simplifies MFA (2FA) using specialized USB or NFC (near field communication) devices.
U2F is an open standard.
U2F is suceeded by the FIDO2 project
FIDO - Fast IDentity Online
The stated mission of the
FIDO Alliance is to
develop and promote authentication standards that «help reduce the world’s over-reliance on passwords».
The primary result of the FIDO2 project (a joint effort between the FIDO alliance and W3C) are WebAuthn and CTAP.
Authentication technologies supported by FIDO include
- Biometrics (fingerprints, iris scanners, voice and face recognition etc.)
- Trusted platform modules (TSP)
- USB security tokens
- Embedded Secure Elements (eSE)
- Smart cards
- Near-field communication (NFC)
FIDO2 project
The goal of the FIDO2 project is toe create strong authentication for the web.
Two important results of the FIDO2 project are:
- The W3C Web Authentication (WebAuthn) standard
- The FIDO Client to Authenticator Protocol 2 (CTAP2)
FIDO2 is a joint effert between the FIDO Alliance and the W3C.
CTAP - Client to Authenticator Protocol
CTAP (or X.1278) is complementary to the Web Authentication (WebAuthn) standard and enables a roaming, user-controlled cryptographic authenticator (such as a smartphone or a hardware security key) to interoperate with a client platform such as a laptop.
YubiKey
The YubiKey is a hardware authentication device to protect access to resources such as computers, networks, and online services.
YubiKey is manufactured by Yubico.
Security token
A security token is a set of information that facilitates the sharing of identity and security informatin in heterogeneous environments or across security domains.
Sometimes, a security token is also referred to as assertion (for example in RFC 7521)
Examples of security tokens include
- JSON Web Tokens (JWT)
- Security Assertion markup Language (SAML)
Hardware Security Module (HSM)
A HSM is a (generally very expensive) product which is specifically designed to make key extraction impossible, even with physical access to the server.
A HSMs not only generates and stores keys, but also performs all necessary operations such as signature generation.