Path: utzoo!attcan!uunet!husc6!mailrus!wasatch!zeleznik From: zeleznik@wasatch.UUCP (Michael Zeleznik) Newsgroups: comp.protocols.tcp-ip Subject: Re: passwords Summary: one time passwords Message-ID: <559@wasatch.UUCP> Date: 15 Nov 88 20:37:30 GMT References: <8811090956.AA07706@LANAI.MCL.UNISYS.COM> <26010@bu-cs.BU.EDU> Organization: University of Utah CS Dept Lines: 95 In article <26010@bu-cs.BU.EDU>, kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: > > When I was at InterOp I stopped by the Sytek booth to look at > their telnet server. I was not impressed, except by a neat little > gizmo they had for their terminal server administrators. It looked > like a calculator. To use it you enter a PIN, like at your favorite > ATM machine. Then when you log onto a secure port to administer your > Sytek terminal server, the login program gives you a sequence of > numbers. You enter the numbers into the little gizmo and it gives you > a bunch of numbers back. You enter these into the login program and > you are in. Anyone catching this sequence over the net cannot > duplicate it, they don't have the little calculator gizmo and your > PIN. > There must be a name for this kind of security system. Anyone > know? > Is this kind of system available elsewhere? How secure is > this concept? I thought it sounded like it might be useful for system > administrators. > > Kent England, Boston University This is generally called a one-time-password approach (analogous to cryptographic one-time-pads), or a personal password generator. There are different flavors, but the bottom line (as you point out) is that each login authentication number is different (can't be reused), and thus there aren't any passwords to keep secret, and you needn't protect the passwords while they are in use, since they can't be reused. Racal-Guardata (Orange, CA) makes the Watchword (this previously was the Sytek 'Passport' that you saw); host system issues a challenge, you type it into the small calculator with your PIN which gives you a response, you type that back to the system, and you are authenticated. Each challenge from the system is different, along with each response, so any response can not be reused by anyone. In addition to your normal PIN, there is a duress PIN; the Watchword will generate different responses depending on the PIN, so the remote system can tell if you are being forced to login, for example. We prototyped a version of the Sytek Passport for an application system, and it worked very nicely. Only problem was having to have this small calculator around, which is kind of a pain. If they put it in a true credit card unit, it would be great. Security Dynamics (Cambridge, MA) makes one that is time based, called the SecurID. A number on a credit card sized calculator changes every so many seconds, in sync with software on the host. Thus, you just type in the current displayed number. Again, the numbers are not repeated, so there is no need to encrypt anything. They claim to handle clock drift and such, but the last time I thought about this, it seemed there may be a window of vulnerability if you need to quickly login across a number of remote hosts. Another variation on this approach is a hand held device which reads the challenge directly from the CRT screen (number is encoded by modulating the light output by sending characters at encoded rates) and gives you the response which you type in. One manufacturer of this type is Gordian Systems, Palo Alto, CA, and the device is called the Gordian Systems Access Key. These systems are also capable of providing REVERSE authentication, having the system provide a challenge response pair, which you can verify on your personal hardware. Depending on the approach used, this can either be provided in the product, or would have to be user implemented. Even a system like Kerberos could use this in place of the fixed user password, to eliminate that vulnerability (the time interval while the password is stored in the user node before it is destroyed; if a trojan horse grabs it only once...). All three of these systems are in the NSA's evaluated products list, under sub-systems, but I have only looked at the condensed versions (in the INFOSEC Products and Services Catalogue), which don't say much. Since the authentication values can be very long and very random, most of the conventional "password" attacks are obviated. However, conventional cryptanalytic attacks are possible, and the quality of the cryptographic algorithm which generates the responses is the key to the security. The Watchword uses DES; the SecurID used a proprietary scheme the last I looked at it; don't know about the others. The Watchword (if not the others also) is in a tamper resistant enclosure. I'm not a cryptographer/cryptanalyst, so I can't really comment on the relative security of the algorithms. Clearly, the database of user key data is a major vulnerability, which must be protected. The NSA explicitly points this out for the Gordian Systems product. From what I remember, the SecurID product had the authentication server run on a physically isolated PC for that reason. Michael Zeleznik Computer Science Dept. University of Utah zeleznik@cs.utah.edu Salt Lake City, UT 84112 (801) 581-5617