[LINK] Security tokens

Roger Clarke Roger.Clarke at xamax.com.au
Thu Nov 15 07:57:11 AEDT 2007

[Embarrassed that I didn't know as much about this as I should, I 
flicked David's RFI on to Steve Wilson.  Steve's a security 
consultant and sometime linker.  I found his answer even more useful 
than Steve Jenkin's pretty good one.]

>Date: Thu, 15 Nov 2007 07:23:12 +1100
>From: Stephen Wilson <swilson at lockstep.com.au>
>Organization: Lockstep
>G'Day Roger.
>>   From: David Lochrin <dlochrin at d2.net.au>
>>      Many banks are issuing tokens these days.  I have seen two, 
>>and both display a 6-digit number which must be entered on another 
>>screen after logging in with the usual userid and password. There's 
>>no challenge / response process, and the numbers are claimed to be 
>>      Does the Link Institute know the Principles of Operation?

>If I may recommend my own paper, for a table that compares all major 
>authentication methods, see 
>The six digit time based (30 sec rolling) OTP generates exactly 
>1,000,000 combinations.  All of the values are available to each 
>customer (not a subset).  The algorithm generates each pesudo random 
>number as a function of the preceding number AND a seed that is 
>unique to the token.  The sequence is mirrored at the server, which 
>knows the seed value for every device issued.  This is why you need 
>to provide user name & password (which maps to device serial number 
>and allows the server to predict the sequence) before you enter the 
>OTP value.
>Actually there are two varieties of OTP.  One is time based and 
>sequences every 30 sec or so; the other is event based, and 
>sequences when you press a button.  The latter is *precisely* the 
>same as simply automating a paper based one time password scratchy 
>card or "Transaction Authentication Number (TAN) card.
>So the probability of guessing a OTP value is really very small.
>But the real vulnerability of these devices is the Man In The Middle 
>(MITM) attack.  They do *nothing* to stop an interloper catching the 
>OTP and replaying it.
>Here's a true story: When the event based OTP was attacked by MITM 
>some years ago, a banking security manager told me that time based 
>OTP would be safe as they only provide an attacker with a 30 sec 
>window.  I asked him "How much time does a computer need to rob a 
>digital bank account?".
>[Actually, due to quartz clock skew drift, these devices have a lot 
>of slack built into them.  Someone once told me they might accept 
>OTP values both one step ahead and one step behind, opening up a 
>window of a minute and a half.  I use a OTP myself with my bank 
>(reluctantly); I've experimented and know I can enter a OTP value 
>successfully at least 20 secs after the value has rolled over on the 
>Experience shows the devices are very seriously flawed.  See:
>Oct 2005 Nordea Bank
>"TAN" Card attacked
>July 2006 Citibank
>Event based OTP Card attacked
>April 2007 ABN AMRO
>Time synchronised OTP Card attacked
>The legal issue in my mind might have to do with trade practices. 
>The banks must know by now the reality of the MITM attack, and yet 
>they still promote OTP devices as a huge improvement on username & 
>password. They're better than nothing but nowhere near as secure as 
>I think is implied.
>Hope that helps.  Cheers,
>Stephen Wilson
>Managing Director
>Phone +61 (0)414 488 851
>Lockstep Consulting provides independent specialist advice and analysis
>on identity management, PKI and smartcards.  Lockstep Technologies
>develops unique new smartcard technologies to address transaction
>privacy and web fraud.

Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list