Jump to content

One-time password

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 65.198.207.11 (talk) at 15:17, 8 July 2009 (Specific OTP technologies). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources, like a computer account. Traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced.

There are basically five types of one-time passwords:

  • Using a mathematical algorithm to generate a new password based on the previous password
  • Based on time-synchronization between the authentication server and the client providing the password
  • Using a mathematical algorithm, but the new password is based on a challenge (e.g., a random number chosen by the authentication server or transaction details) and a counter instead of being based on the previous password.
  • Using a list of passwords printed on paper.
  • Using portable electronic devices (e.g., mobile phones) as an out-of-band method for transmitting one-time passwords.

Implementations

Mathematical algorithm

Main article: Hash chain

One approach, credited to Leslie Lamport, uses a one-way function (call it f). The one-time password system works by starting with an initial seed s, then generating passwords

f(s), f(f(s)), f(f(f(s))), ...

as many times as necessary. If an indefinite series of passwords is wanted, a new seed value can be chosen after the set for s is exhausted. Each password is then dispensed in reverse, with f(f(...f(s))...) first, to f(s).

If an intruder happens to see a one-time password, he may have access for one time period or login, but it becomes useless once that period expires. To get the next password in the series from the previous passwords, one needs to find a way of calculating the inverse function f-1. Since f was chosen to be one-way, this is extremely difficult to do. If f is a cryptographic hash function, which is generally the case, it is (so far as is known) a computationally infeasible task.

Time-synchronized

RSA SecurID tokens.

The time-synchronized one-time passwords are usually related to physical hardware tokens (e.g., each user is given a personal token that generates a one-time password). Inside the token is an accurate clock that has been synchronized with the clock on the authentication server. On these OTP systems, time is an important part of the password algorithm since the generation of new passwords is based on the current time rather than the previous password or a secret key.

Mobile phones and PDAs can also be used to generate a time-synchronised one-time password. This approach could be a more cost effective alternative since most Internet users already have mobile phones. Additionally, this approach could be more convenient since the user would not need to carry around a separate hardware token for each security domain to which he or she requires access.

File:EntrustToken1.jpg
Entrust IdentityGuard Mini Token

Challenge

The use of challenge one-time passwords (OTP) require a user to provide a time-synchronized challenge to be properly authenticated. This can be done by inputting the value into the token itself. To avoid duplicates, an additional counter is usually involved, so if one happens to get the same challenge twice, this still results in different one-time passwords. However, the computation does not usually involve the previous one-time password as this would lead to synchronization problems. EMV is starting to use such a system (called "Chip Authentication Program") for credit cards in Europe.

Transaction authentication number

Main article: transaction authentication number

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords to authorize financial transactions.

In a typical TAN system, a customer goes to his bank, identifies himself. The bank prints out, on paper, a numbered list of 50 unique randomly generated passwords (e.g. 6-digit numbers), and gives it to the customer. Once home, the customer "signs" an online banking transaction with the password (TAN) belonging to the requested list number, and crosses it out. The bank verifies the TAN submitted against the list of TANs they issued to the user. If it is a match, the transaction is processed. If it is not a match, the transaction is rejected. The submitted TAN has now been consumed and will not be recognized for any further transactions.

OTP over SMS

A common technology used for the delivery of OTPs is short message service (SMS). Because SMS is a ubiquitous communication channel, being available in all handsets and with a large customer-base, SMS messaging has the greatest potential to reach all consumers with a low total cost of ownership. Tokens, smart cards and other traditional authentication methods are more costly to implement, pricey to maintain and frequently resisted by consumers. They are also vulnerable to man-in-the-middle attacks, in which phishers hijack online sessions by tricking customers into providing one-time-PINs generated by tokens or smart cards. Also tokens can be lost, and integrating OTPs into mobile might be[who?] more secure and simpler, because consumers do not have to carry an extra portable device.

OTP on a mobile phone

Compared to hardware token solutions, which require each end-user to carry a physical token device, a mobile phone token reduces costs considerably, as well as offering an unprecedented level of convenience. This solution also reduces the logistical requirement in that it is not necessary to deliver devices to each end-user. One such mobile token, FireID additionally supports any number of tokens within one installation of the application, allowing a user the ability to authenticate to multiple resources from one device. This solution also provides model-specific applications to the user's mobile phone. A mobile phone token is also significantly more secure than SMS-based solutions, since SMS's are sent over the GSM network in plain text and subject to interception.

Comparison of technologies

There are some obvious cost-saving benefits to time-synchronized OTPs as users tend to generate a password and not use it or type it incorrectly. Doing so on an OTP system that is not time-synchronized will cause the client to become unsynchronized with the authentication server; the result of this is the added expense of re-issuing new clients. Alternatively, the server needs to take that issue into account (by ignoring bad passwords and by accepting any out of the next e.g. ten passwords, instead of just the next one, possibly also by adding a resynchronisation mechanism), so there is an extra effort in implementation, which might e.g. affect the price of the server system, but can avoid synchronization problems.

On the other hand, there are some obvious cost-saving benefits to non time-synchronized OTPS as the hardware token does not need a clock, so it especially does not need to be continually powered, so a battery should last much longer.

In sum, for a large installation, one would expect time-synchronized OTPs to be the more expensive choice, as any additional cost to the non-time-synchronized server should be outweighed by the more expensive and less durable individual tokens.

One-time passwords that are not time-synchronized are also vulnerable to phishing. In late 2005 customers of a Swedish bank were tricked into giving up their one-time passwords (The Register article). However, even time-synchronized one-time passwords are vulnerable to phishing, if the password is used quickly enough by the attacker. This could be seen in 2006 by the attack on customers of a US bank (Washington Post Security Blog). Basically, the user of such a system must be aware that he is vulnerable to man-in-the-middle attacks and should never give his one-time passwords to any third parties. Whether or not the one-time passwords are time-synchronized is basically irrelevant for the degree of vulnerability. This is also true for the challenge-based one-time passwords, although here you need to slightly expand the mentioned attack on time-synchronized passwords to a full man-in-the-middle attack, while the one observed for the time-synchronized passwords is a very slightly simplified attack of that type.

Standardization is a good thing.[citation needed] Most good time-synchronized OTP technologies are patented and are not available for sharing with the general public. Mathematical algorithm type OTPs are a good substitute though, especially since many security specialists frown upon the principle Security through obscurity which is often used for the time-synchronized one-time passwords, while the other two types of one-time passwords can and often do rely on cryptographic algorithms that are commonly accepted as secure.

More often than not, one-time passwords are an embodiment of a two-factor authentication solution. Some single sign-on solutions make use of one-time passwords. One-time password technology is often used with a security token.

Specific OTP technologies

  • FireID generates secure, OATH-compliant one-time-passwords instantaneously and completely offline using something that users always have with them: a mobile phone.
  • ZyXEL Communications Corp., provides an OTP solution for two-factor authentication with their line of Unified Service Gateway security appliances.
  • S/KEY is a seminal one-time password system developed at Bellcore (now Telcordia Technologies). S/KEY is described in RFC 1760.
  • RSA SecurID originally developed by SDI.
  • OTPW is a one-time password login package developed by Markus Kuhn at University of Cambridge
  • OTP is a system based on S/KEY, but renamed because of trademark issues associated with the S/KEY name. OTP is described in RFC 2289.
  • Mobile-OTP is an open source solution relying on mobile phones as hardware tokens.
  • mod_authn_otp is an authentication module for the Apache HTTP Server supporting HOTP/OATH one-time passwords generated according to RFC 4226.
  • SecureOTP, by SecureMetric Technology with series of SecureOTP Event, SecureOTP Time, SecureOTP Hybrid, and SecureOTP CR. Based on OATH alogrithm.
  • OTPauth is an open source library for using One-Time Passwords for web sites as a second authentication factor.
  • SAcct is an open source project using One-Time Passwords to prevent session replay attack.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=One-time_password&oldid=301003925"