Yubico Forum
https://forum.yubico.com/

[PROJECT] - Challenge-Response PAM module using PC/SC
https://forum.yubico.com/viewtopic.php?f=8&t=1248
Page 1 of 1

Author:  crosser [ Wed Dec 04, 2013 5:59 pm ]
Post subject:  [PROJECT] - Challenge-Response PAM module using PC/SC

Project name: Challenge-Response PAM module using PC/SC
License: BSD two-clause (I guess...)
Description: PAM authentication module for Linux(/UNIX?) using HMAC-SHA1 challenge-response over PC/SC (including NFC)
Platforms: UNIX (only tested on Linux at the moment)
Webpage: http://www.average.org/chal-resp-auth/
Tutorial: Not really, but if you know how to set up PAM in general, this one is straightforward.

It is stable for me, but I had no chance to try it on any system but Linux.

I wanted a PAM module to login to my desktop/notebook machines that works without Internet connectivity, is more secure than a static password, and works over NFC. Yubico published an open source PAM module that has challenge-response mode of operation. I am not satisfied with it for two reasons: (1) it only works over USB, and (2) it uses stored expected response, pre-fetched from the token on previous interaction.

One can argue that the second reason is an advantage, because you do not need to keep the shared secret on the host. But on the other hand, if we want to use NFC, expected response for the next login session has to be transferred over the air in cleartext on the previous interaction. Adversary can eavesdrop and use it for replay attack.

My initial plan regarding NFC was to modify libykcore such that it could talk to the token over pcsclite API in addition to directly via USB HID. But it turned out that the library API is too tightly coupled with the underlying HID protocol, and substituting PC/SC protocol without changing the API would be too clumsy, if at all possible. On the other hand, if you have pcsclite up and running, you can communicate with the Neo over USB or over NFC without noticing any difference (well, almost). So I decided that my PAM module will talk directly to pcsclite, and not rely on any Yubico's libraries.

Shared secret needs to be loaded into the key with ykpersonalize, and into the file on the host with 'pam_cr_setup' command which is the part of this project. This secret is kept encrypted by the key which is the HMAC response, and is only present in the RAM in cleartext for a short time during authentication. Right now the protocol and crytpgraphic parts are faily complete (it can use either of openssl, gnutls or tomcrypto libraies for the crypto work). The PAM module itself "barely works" and needs more love.

My short-term plan is to bring the code to "production quality" and try to give it some exposure.
Tentative long-term plan, or, rather, personal wishlist is to (1) make lightdm login automatically when the token is placed on the NFC reader or plugged into a USB slot, and (2) support neard as an alternative to pcsclite.

I would appreciate suggestions and criticisms, especially about the crypto-engineering part of the project. I am not a crypto expert, and know that stance "don't do it", but I just had to for the reasons explained above.

Eugene Crosser <crosser@average.org>

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/