One-time password
A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate
OTP generation algorithms typically make use of pseudorandomness or randomness to generate a shared key or seed, and cryptographic hash functions, which can be used to derive a value but are hard to reverse and therefore difficult for an attacker to obtain the data that was used for the hash. This is necessary because otherwise, it would be easy to predict future OTPs by observing previous ones.
OTPs have been discussed as a possible replacement for, as well as an enhancer to, traditional passwords. On the downside, OTPs can be intercepted or rerouted, and hard tokens can get lost, damaged, or stolen. Many systems that use OTPs do not securely implement them, and attackers can still learn the password through
Characteristics
The most important advantage addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to use it, since it will no longer be valid.[1] A second major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the previous session, thus reducing the attack surface further.
There are also different ways to make the user aware of the next OTP to use. Some systems use special electronic security tokens that the user carries and that generate OTPs and show them using a small display. Other systems consist of software that runs on the user's mobile phone. Yet other systems generate OTPs on the server-side and send them to the user using an out-of-band channel such as SMS messaging. Finally, in some systems, OTPs are printed on paper that the user is required to carry.
In some mathematical algorithm schemes, it is possible for the user to provide the server with a static key for use as an encryption key, by only sending a one-time password.[2]
Generation
Concrete OTP algorithms vary greatly in their details. Various approaches for the generation of OTPs include:
- Based on time-synchronization between the authentication server and the client providing the password (OTPs are valid only for a short period of time)
- Using a mathematical algorithm to generate a new password based on the previous password (OTPs are effectively a chain and must be used in a predefined order).
- Using a mathematical algorithm where the new password is based on a challenge (e.g., a random number chosen by the authentication server or transaction details) and/or a counter.
Time-synchronized
A time-synchronized OTP is usually related to a piece of hardware called a
Hash chains
Each new OTP may be created from the past OTPs used. An example of this type of algorithm, credited to Leslie Lamport, uses a one-way function (call it ). This one-time password system works as follows:
- A seed (starting value) is chosen.
- A hash function is applied repeatedly (for example, 1000 times) to the seed, giving a value of: . This value, which we will call is stored on the target system.
- The user's first login uses a password derived by applying 999 times to the seed, that is, . The target system can authenticate that this is the correct password, because is , which is the value stored. The value stored is then replaced by and the user is allowed to log in.
- The next login, must be accompanied by . Again, this can be validated because hashing it gives which is , the value stored after the previous login. Again, the new value replaces and the user is authenticated.
- This can be repeated another 997 times, each time the password will be applied one fewer time, and is validated by checking that when hashed, it gives the value stored during the previous login. Hash functions are designed to be extremely hard to reverse, therefore an attacker would need to know the initial seed to calculate the possible passwords, while the computer system can confirm the password on any given occasion is valid by checking that, when hashed, it gives the value previously used for login. If an indefinite series of passwords is wanted, a new seed value can be chosen after the set for is exhausted.
- Although the server's counter value is only incremented after a successful OTP authentication, the counter on the token is incremented every time a new password is requested by the user. Because of this, the counter values on the server and on the token might be out of synchronization. It is recommended to set a look-ahead parameter on the server, which defines the size of the look-ahead window. In case of an accidental password generation by the user, the server will still authenticate the client, because it can recalculate the next OTP-server values, and check them against the received password from the client.[3]
To get the next password in the series from the previous passwords, one needs to find a way of calculating the inverse function . Since was chosen to be one-way, this is extremely difficult to do. If is a
Challenge–response
The use of
Implementations
SMS
A common technology used for the delivery of OTPs is
Hardware tokens
Recently, it has become possible to take the electronic components associated with regular keyfob OTP tokens and embed them in a credit card form factor. However, the thinness of the cards, at 0.79mm to 0.84mm thick, prevents standard components or batteries from being used.
A new version of this technology has been developed that embeds a keypad into a payment card of standard size and thickness. The card has an embedded keypad, display, microprocessor and proximity chip.
Soft tokens
On smartphones, one-time passwords can also be delivered directly through
Hard copies
In some countries' online banking, the bank sends to the user a numbered list of OTPs that is printed on paper. Other banks send plastic cards with actual OTPs obscured by a layer that the user has to scratch off to reveal a numbered OTP. For every online transaction, the user is required to enter a specific OTP from that list. Some systems ask for the numbered OTPs sequentially, others pseudorandomly choose an OTP to be entered.
Security
When correctly implemented, OTPs are no longer useful to an attacker within a short time of their initial use. This differs from passwords, which may remain useful to attackers years after the fact.
As with passwords, OTPs are vulnerable to
The fact that both passwords and OTP are vulnerable to similar kinds of attacks was a key motivation for Universal 2nd Factor, which is designed to be more resistant to phishing attacks.
OTPs which don't involve a time-synchronization or challenge–response component will necessarily have a longer window of vulnerability if compromised before their use. In late 2005 customers of a Swedish bank were tricked into giving up their pre-supplied one-time passwords.[17] In 2006 this type of attack was used on customers of a US bank.[18]
Standardization
Many OTP technologies are patented. This makes standardization in this area more difficult, as each company tries to push its own technology. Standards do, however, exist – for example, RFC 1760 (
Use
Mobile phone
A
SMS as a method of receiving OTACs is broadly used in our daily lives for purposes such as banking, credit/debit cards, and security.[21][22][23]
Telephone
There are two methods of using a telephone to verify a user’s authentication.
With the first method, a service provider shows an OTAC on the computer or smartphone screen and then makes an automatic telephone call to a number that has already been authenticated. Then the user enters the OTAC that appears on their screen into the telephone keypad.[24]
With the second method, which is used to authenticate and activate Microsoft Windows, the user call a number that is provided by the service provider and enters the OTAC that the phone system gives the user.[25]
Computer
In the field of
- An email is one of the common ways of using OTACs. There are two main methods used. With the first method, a service provider sends a personalised one time URL to an authenticated email address e.g. @ucl.ac.uk; when the user clicks the URL, the server authenticates the user.[26] With the second method, a service provider sends a personalised OTAC (e.g. an enciphered token) to an authenticated email address; when the user types the OTAC into the website, the server authenticates the user.[citation needed]
- A SAML. Instead, the client application can use the one-time authorization code (OTAC) to authenticate itself to the web application. In addition, it is possible to use the OAuth authorization framework when a third party application needs to obtain limited access to an HTTP service.[27]
Post
It is possible to send OTACs to a user via post or registered mail. When a user requests an OTAC, the service provider sends it via post or registered mail and then the user can use it for authentication. For example, in the UK, some banks send their OTAC for Internet banking authorization via post or registered mail.[28]
Expansion
Quantum cryptography, which is based on the uncertainty principle is one of the ideal methods to produce an OTAC.[29]
Moreover, it has been discussed and used not only using an enciphered code for authentication but also using graphical one time PIN authentication[30] such as QR code which provides decentralized access control technique with anonymous authentication.[31][32]
See also
- Google Authenticator
- FreeOTP
- Initiative For Open Authentication
- Key-agreement protocol
- KYPS
- One-time pad
- Code (cryptography) § One-time code
- OPIE Authentication System
- OTPW
- Personal identification number
- Public key infrastructure
- QR Code
- S/KEY
- Security token
- Time-based one-time password algorithm
- Two-factor authentication
References
- ^ ISBN 978-3-642-14081-5.
- ^ EOTP – Static Key Transfer. Defuse.ca (July 13, 2012). Retrieved on 2012-12-21.
- ^ IETF Tools. RFC 4226 - Section 7.4: Resynchronization of the Counter
- ^ Barkan, Elad; Eli Biham; Nathan Keller (2003). "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication": 600–16. Archived from the original on 7 October 2015. Retrieved 6 October 2015.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Barkan, Elad; Eli Biham; Nathan Keller. "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication by Barkan and Biham of Technion (Full Version)" (PDF).
- S2CID 8754598.
- ^ Nohl, Karsten; Chris Paget (27 December 2009). GSM: SRSLY?. 26th Chaos Communication Congress (26C3). Retrieved 30 December 2009.
- ^ Fontana, John. "NIST blog clarifies SMS deprecation in wake of media tailspin". ZDNet. Retrieved 14 July 2017.
- ^ Meyer, David. "Time Is Running Out For SMS-Based Login Security Codes". Fortune. Retrieved 14 July 2017.
- ^ a b Brandom, Russell (10 July 2017). "Two-factor authentication is a mess". The Verge. Retrieved 14 July 2017.
- ^ Brandom, Russell (31 August 2019). "The frighteningly simple technique that hijacked Jack Dorsey's Twitter account". The Verge. Retrieved 30 January 2020.
- ISSN 0261-3077. Retrieved 30 January 2020.
- PMID 19502233.
- ^ "Yubico AB". Bloomberg Businessweek. Archived from the original on 14 October 2012. Retrieved 13 July 2011.
- ^ Garun, Natt (17 June 2017). "How to set up two-factor authentication on all your online accounts". The Verge. Retrieved 14 July 2017.
- ^ McWhertor, Michael (15 April 2015). "Valve adds two-factor login authentication to Steam mobile app". Polygon. Retrieved 8 September 2015.
- ^ The Register article. The Register article (October 12, 2005). Retrieved on 2012-12-21.
- ^ Washington Post Security Blog. Blog.washingtonpost.com. Retrieved on December 21, 2012.
- ^ Wu, M., Garfinkel, S. and Miller, R. (2004). Secure web authentication with mobile phones. pp. 9–10.
- ^ Shu, M., Tan, C. and Wang, H. (2009). Mobile authentication scheme using SMS. Services Science, Management and Engineering, 2009. SSME '09. IITA International Conference on, pp. 161–164.
- ^ Axisbank.com, (n.d.). Axis Bank Mobile Application Registration. [online] Available at: http://www.axisbank.com/personal/speed-banking/how-to-download-and-register-java.aspx [Accessed 28 Oct. 2014].
- ^ Master Card Secure Code. (n.d.). [online] Available at: http://www.ingvysyabank.com/pdf's/What%20is%20MasterCard%20SecureCode.pdf [Accessed 28 Oct. 2014].
- ^ Inc., S. (n.d.). SMS Authentication: SafeNet Authentication Services. [online] Www2.safenet-inc.com. Available at: http://www2.safenet-inc.com/sas/sms-tokens.html [Accessed 28 Oct. 2014].
- ^ Lloydsbank.com, (n.d.). Lloyds Bank Online Authentication Procedure. [online] Available at: http://www.lloydsbank.com/help-guidance/security/authentication-procedure.asp?srnum=1 [Accessed 28 Oct. 2014].
- ^ windows.microsoft.com, (n.d.). Activate Windows 7. [online] Available at: http://windows.microsoft.com/en-us/windows/activate-windows#1TC=windows-7 [Accessed 28 Oct. 2014].
- ^ Adida, B. (2008). EmID: Web authentication by email address.
- ^ Hardt, D. (2012). The OAuth 2.0 authorization framework.
- ^ Lloydsbank.com, (n.d.). Lloyds Bank - Internet Banking - How to Register for Online Banking. [online] Available at: http://www.lloydsbank.com/online-banking/how-to-register.asp [Accessed 28 Oct. 2014].
- ^ Sobota,, M., Kapczy_ski, A. and Banasik, A. (2011). Application of Quantum Cryptography Protocols in Authentication Process. Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference on, 2, pp. 799–802.
- ^ Jhawar, R., Inglesant, P., Courtois, N. and Sasse, M. (2011). Make mine a quadruple: Strengthening the security of graphical one-time pin authentication. pp. 81–88.
- ^ Liao, K. and Lee, W. (2010). A novel user authentication scheme based on QR-code. Journal of Networks, 5(8), pp. 937–941.
- ^ Vijayalakshmi, A. and Arunapriya, R. (2014). AUTHENTICATION OF DATA STORAGE USING DECENTRALIZED ACCESS CONTROL IN CLOUDS. Journal of Global Research in Computer Science, 5(9), pp. 1–4.