SMS messages are the most popular two-factor authentication (2FA) method. It is used by banks, electronic and crypto wallets, mailboxes and all kinds of services; .
This alignment of events causes indignation in me, because this method is unsafe. Reassigning a number from one SIM card to another began at the beginning of the mobile era - this is how the number is restored when a SIM card is lost. The “specialists in taking digital money” realized that the “rewrite SIM card” option can be used in fraudulent schemes. After all, the one who controls the SIM card can manage someone else's online banking, and electronic wallets, and even cryptocurrency. And you can take possession of the number of another person through bribing a telecom employee, using deception or fake documents.
Thousands of episodes of SIM swapping have been uncovered - this is how this fraud scheme was called. The scale of the disaster suggests that the world will soon abandon 2FA over SMS. But this is not happening - they say that it is not users who choose the 2FA method, but service owners.
We propose to use a secure 2FA method with the delivery of one-time codes via the blockchain, and we will tell you how to enable it for the owner of the service.
The account goes into the millions
In 2019, SIM swapping fraud has increased by 63% according to the London police, and the “average check” of the attacker is 4,000 GBP. I did not find statistics in Russia, but I assume that it is even worse.
SIM swapping is used to steal popular Twitter, Instagram, Facebook, VK accounts, bank accounts, and recently got to cryptocurrencies - According to bitcoin entrepreneur Joby Wicks. High-profile cases of stealing cryptocurrencies using SIM swapping have been popping up in the press since 2016; 2019 was a real peak.
In May, the U.S. Attorney's Office for the Eastern District of Michigan nine young people between the ages of 19 and 26: they are allegedly members of a hacker gang called “The Community” (“Community”). The gang is charged with seven swapping attacks, as a result of which hackers appropriated over $2,4 million worth of cryptocurrency. And in April, California student Joel Ortiz was sentenced to 10 years in prison for SIM swapping; his mining was $7.5 million in cryptocurrencies.
Photo by Joel Ortiz at a press conference at the university. Two years later, he will be detained for cyberfraud.
How SIM swap works
"Swap" means exchange. In all such schemes, the criminals steal the victim's phone number, usually by reissuing a SIM card, and use it to reset the password. A typical SIM swap in theory looks like this:
- Intelligence service. Fraudsters learn the victim's personal data: name and phone number. They can be found in open sources (social networks, friends) or received from an accomplice - an employee of a mobile operator.
- Blocking. The victim's SIM card is deactivated; to do this, just call the provider's technical support, tell the number and say that the phone was lost.
- Capture, transferring the number to your SIM card. Usually this is also done through an accomplice in a telecom company or by forging documents.
In real life, it's even more severe. Attackers choose a victim, and then track the location of the phone daily - one request to receive information that the subscriber has switched to roaming costs 1-2 cents. As soon as the owner of the SIM card has gone abroad, they agree with the manager in the communication salon to issue a new SIM card. It costs about $50 (I found information - in different countries and from different operators from $20 to $100), while the manager will be fired in the worst case - there is no responsibility for this.
Now all SMS will be received by attackers, and the owner of the phone will not be able to do anything about it - he is abroad. And then the villains get access to all the accounts of the victim and, if desired, change passwords.
Chances of recovering what was stolen
Banks sometimes go to meet victims and withdraw transfers from their accounts. Therefore, it is possible to return fiat money even if the offender is not found. But with cryptocurrency wallets, everything is more complicated - and technically, and by law. So far, no exchange/wallet has compensated swap victims.
If the victims want to defend their money in court, then they blame the operator: he created the conditions for stealing money from the account. That's exactly what he did , who lost $224 million due to swapping. Now he is suing the telecommunications company AT&T.
So far, no state has working schemes to legally protect the owners of cryptocurrencies. It is impossible to insure your capital or receive compensation for its loss. Therefore, preventing a swap attack is easier than dealing with its consequences. The most obvious way is to use a more reliable "second factor" for 2FA.
SIM swapping isn't the only problem with 2FA via SMS
SMS confirmation codes are not secure from a technical point of view. Messages can be intercepted due to fatal vulnerabilities in the Signaling System 7 (SS7) signaling system. 2FA over SMS is officially recognized as insecure (US National Institute of Standards and Technology says this in their ).
At the same time, the presence of 2FA often gives the user a sense of false security, and he chooses a simpler password. Therefore, such authentication does not make it difficult, but facilitates an attacker's access to the account.
And often SMS arrive with a long delay or do not arrive at all.
Other ways to 2FA
Of course, on smartphones and SMS, the world did not converge like a wedge. There are other ways to 2FA. For example, one-time TAN codes: a primitive method, but a working one - it is still used in some banks. There are systems using biometric data: fingerprints, retinal scans. Another option that seems to be a reasonable compromise in terms of convenience, reliability and price is dedicated applications for 2FA: RSA Token, Google Authenticator. And then there are physical keys and other methods.
In theory, everything looks logical and reliable. But in practice, modern 2FA solutions have problems, and because of them, reality differs from expectations.
According to , the use of 2FA is an inconvenience in principle, and the popularity of 2FA via SMS is explained by “less inconvenience compared to other methods” - obtaining one-time codes is clear to the user.
Many 2FA methods are associated with the fear that access will be lost. The physical key or list of TAN passwords can be lost or stolen. I personally have a negative experience with Google Authenticator. My first smartphone with this application broke down - appreciate my work on restoring access to accounts. Another problem is switching to a new device. Google Authenticator is not exportable due to security reasons (if keys can be exported, what's the security?). Once I transferred the keys manually, and then I decided that it was easier to leave the old smartphone in a box on a shelf.
The 2FA method should be:
- Safe - only you, not intruders, should gain access to your account
- Reliable - you get access to your account whenever you need it
- Convenient and affordable - using 2FA is clear and takes a minimum of time
- cheap
We believe blockchain is the right solution.
Use 2FA on the blockchain
For a user, 2FA on the blockchain looks the same as receiving one-time codes via SMS. The only difference is in the delivery channel. The way to get a 2FA code depends on what the blockchain offers. In our project (information is in my profile), this is a Web application, Tor, iOS, Android, Linux, Windows, MacOS.
The service generates a one-time code and sends it to the messenger on the blockchain. Further - according to the classics: the user enters the received code in the service interface and logs in.
Article I wrote that the blockchain ensures the security and privacy of messaging. On the issue of sending 2FA codes, I will highlight:
- One click to create an account - no phones or emails.
- All messages with 2FA codes are encrypted with End-to-End curve25519xsalsa20poly1305.
- A MITM attack is ruled out - each message with the 2FA code is a transaction on the blockchain and is signed by Ed25519 EdDSA.
- The message with the 2FA code gets into its own block. The sequence and timestamp of blocks cannot be corrected, and hence the order of messages.
- There is no central structure that makes checks for the "authenticity" of the message. This is done by a distributed system of nodes based on consensus, and it is owned by users.
- Unable to disable - accounts cannot be blocked, and messages can not be deleted.
- Access 2FA codes from any device at any time.
- Confirmation of message delivery with 2FA code. The service that sends the one-time password knows for sure that it has been delivered. No "Submit Again" buttons.
For comparison with some other 2FA methods, I have compiled a table:
The user receives an account in the blockchain messenger for receiving codes in a second - only a passphrase is used to enter. Therefore, the methods of application can be different: you can use one account to receive codes for all services, or you can create a separate account for each service.
There is also an inconvenience - the account must have at least one transaction. In order for the user to receive an encrypted message with a code, you need to know his public key, and it appears in the blockchain only with the first transaction. We got out like this: we made it possible to get free tokens in the wallet. However, a more correct solution is to name the account a public key. (For comparison, we have an account number U1467838112172792705 is a derivative of the public key cc1ca549413b942029c4742a6e6ed69767c325f8d989f7e4b71ad82a164c2ada. For the messenger, this is more convenient and readable, but for the system for sending 2FA codes, this is a limitation). I think in the future someone will make such a decision and move “Convenience and Accessibility” into the green zone.
The price of sending a 2FA code is really low - 0.001 ADM, now it is 0.00001 USD. Again, you can raise your blockchain and make the price zero.
How to connect 2FA on the blockchain to your service
I hope I was able to get a few readers interested in adding blockchain authorization to their services.
I will tell you how to do this using the example of our messenger, and by analogy, you can use another blockchain. In the 2FA demo application, we are using postgresql10 to store account information.
Connection stages:
- Create an account on the blockchain from which you will send 2FA codes. You will receive a passphrase, which is used as a private key to encrypt messages with codes and to sign transactions.
- Add a script to your server to generate 2FA codes. If you are already using any other 2FA method with OTP delivery, you have already completed this step.
- Add a script to your server to send codes to the user in the blockchain messenger.
- Create a user interface for submitting and entering a 2FA code. If you are already using any other 2FA method with OTP delivery, you have already completed this step.
1 Create an account
Creating an account on the blockchain is the generation of a private key, a public key, and an account address derived from it.
First, a BIP39 passphrase is generated, and a SHA-256 hash is calculated from it. The hash is used to generate the private key ks and the public key kp. From the public key, we get the address in the blockchain using the same SHA-256 with inversion.
If you want to send 2FA codes every time from a new account, the code to create an account will need to be added to the server:
import Mnemonic from 'bitcore-mnemonic'
this.passphrase = new Mnemonic(Mnemonic.Words.ENGLISH).toString()
…
import * as bip39 from 'bip39'
import crypto from 'crypto'
adamant.createPassphraseHash = function (passphrase) {
const seedHex = bip39.mnemonicToSeedSync(passphrase).toString('hex')
return crypto.createHash('sha256').update(seedHex, 'hex').digest()
}
…
import sodium from 'sodium-browserify-tweetnacl'
adamant.makeKeypair = function (hash) {
var keypair = sodium.crypto_sign_seed_keypair(hash)
return {
publicKey: keypair.publicKey,
privateKey: keypair.secretKey
}
}
…
import crypto from 'crypto'
adamant.getAddressFromPublicKey = function (publicKey) {
const publicKeyHash = crypto.createHash('sha256').update(publicKey, 'hex').digest()
const temp = Buffer.alloc(8)
for (var i = 0; i < 8; i++) {
temp[i] = publicKeyHash[7 - i]
}
return 'U' + bignum.fromBuffer(temp).toString()
}In the demo application, we simplified it - we created one account in the web application, and we send codes from it. In most cases, this is also more convenient for the user: he knows that the service sends 2FA codes from a specific account, and can name it.
2 Generating 2FA codes
A 2FA code must be generated for each user login. We use the library , but you can choose any other.
const hotp = speakeasy.hotp({
counter,
secret: account.seSecretAscii,
});
Checking the validity of the 2FA code entered by the user:
se2faVerified = speakeasy.hotp.verify({
counter: this.seCounter,
secret: this.seSecretAscii,
token: hotp,
});
3 Submitting the 2FA code
You can use the blockchain node API, the JS API library, or the console to send the 2FA code. In this example, we use the console - this is the Command Line Interface, a utility that simplifies interaction with the blockchain. To send a message with a 2FA code, you need to use the command send message console.
const util = require('util');
const exec = util.promisify(require('child_process').exec);
…
const command = `adm send message ${adamantAddress} "2FA code: ${hotp}"`;
let { error, stdout, stderr } = await exec(command);
An alternative way to send messages is to use the method send in JS API library.
4 User interface
You need to allow the user to enter the 2FA code, this can be done in various ways depending on the platform of your application. In our example, this is Vue.
The source code for the blockchain two-factor authentication demo application can be viewed at . The Readme has a link to a Live demo to try.
Source: habr.com