ONE TIME PASSWORD

BySwetha Kogatam

SJSU ID: 009439339

AGENDA

Introduction Brief History of OTP systems Benefits &Costs, Categories of OTP Methods of Generation• HOTP & TOTP Methods of delivery RFCs and standards Attacks OTP Development Libraries

What is a One-time Password? A single-use password or series of codes

used to authenticate a user over an untrusted communication channel

• Complements a user password

Two-Factor Authentication

Brief & Probable History

Leslie Lamport wrote an article on chaining hashes for authentication (CACM 1981)

Bellcore developed S/Key based on the Lamport scheme (1994)

Hardware tokens are developed OPIE was a more modern implementation

and compatible with S/Key OTPW developed

Modern day examples for OTP

Benefits of OTPs

Cost effective alternative for expensive digital certificates

Cannot be reused Avoids expensive Hardware tokens Can be time-limited Can be used over untrusted communication

paths • Telnet, web-based, serial terminals Can use with a compromised user password Multiple generation/delivery mechanisms

Costs

Difficult for human beings to memorize and require additional technology to work

Based on a shared secret Software tools can be compromised Attacks are still possible

Categories of OTPs

More often used two types of OTPs are1. Event Based - HMAC-based One-time

Password (HOTP)2. Time Based - Time-based One time

Password (TOTP) Others include1. Challenge-based - User enters a key sent

from server plus a password2. Proprietary – RSA SecureID

Methods of Generation - HOTP HOTP (HMAC-based)• Computes a HMAC-SHA-1 and truncation to compute the HOTP value• HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))Where the Key (K), the Counter (C),

HOTP

We can describe the operations in 3 distinct steps: Step 1: Generate an HMAC-SHA-1 value Let HS = HMAC-SHA-1(K, C) // HS is a 20-byte string Step 2: Generate a 4-byte string (Dynamic

Truncation) Let Sbits = DT (HS) // DT, defined below, // returns a 31-bit string Step 3: Compute an HOTP valueLet Snum = StToNum (Sbits) // Convert S to a number in 0...2^{31}-1Return D = Snum mod 10^Digit // D is a number in the range 0...10^ {Digit}-1

TOTP

TOTP (Time-based)• An extension of HOTP to support time• TOTP = HOTP (K, T), • TOTP(K,C) = Truncate(HMAC-SHA-1(K,T))• Where T = (Current Unix time - T0) / X, where the default floor function is used in the computation• For example, with T0 = 0 and Time Step X = 30, T = 1 if the current UNIX time is 59 seconds, and T = 2 if the current UNIX time is 60 seconds

Methods of Delivery

Software applications• Command line OTP calculators Text messaging• Requests are made to send a code via SMS• Requests from SMS itself or out-of-band Phone call• During the authentication process, you receive a phone call and enter a PIN

More Methods of Delivery

Paper• Lists of passwords or codes to use• Some systems use paper codes as a backup Hardware token• Token has a rotating display of the current code• May have buttons for challenges Mobile applications• The code is displayed exactly like a HW token• OTP calculators can work with counter-based OTP

RFCs and Standards

RFC 1760, The S/KEY One-Time Password System

RFC 2289, A One-time Password System RFC 4226, HOTP: An HMAC-Based One-

Time Password Algorithm RFC 6238, TOTP: Time-based One-time

Password Algorithm

Attacks on OTP

Man-in-the-Middle• Attacker captures and resends authentication data to legitimate server Mobile based delivery for OTPs can be

attacked Paper based delivery for OTPs - theft

OTP Development Libraries

Java: javaotp Ruby: ropt, ruby-otp Python: POTP PHP: OTPHP, multiOTP C/C++: OpenOTP Many more available

Questions