120 likes | 225 Views
HOTP IETF Draft. David M’Raihi IETF Meeting - March 10, 2005. Agenda. OTP and Open Standards HOTP Algorithm Next Step and Conclusion. Static Vs. One-Time Passwords. Static Passwords are inadequate Identity theft and phishing are real threats Spyware, key loggers are common
E N D
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005
Agenda • OTP and Open Standards • HOTP Algorithm • Next Step and Conclusion 62nd IETF Meeting
Static Vs. One-Time Passwords • Static Passwords are inadequate • Identity theft and phishing are real threats • Spyware, key loggers are common • One Time Passwords: • Easy for users to understand & use anywhere • Moving target (more difficult to steal) • Two-factor authentication • What you know (your PIN, password, etc.) • What you have (a token that generates OTP) 62nd IETF Meeting
Need for open standard for OTP • Several algorithms exist but all private • Proprietary tokens are expensive • Standardization drives down costs for end users • Open standards foster innovation (e.g HTTP, TCP/IP) • No easy way for people to • Analyze security, integration and deployment cost • Get a free, easily available description • Get a reference implementation 62nd IETF Meeting
OTP Algorithm: Requirements • Usability • Easy to look up OTP value and enter in the application • User-friendly mechanisms to resynchronize the moving factor • Security (algorithm and protocol) • Implementation flexibility (SIM, tokens, software, etc.) • Economical to implement in hardware 62nd IETF Meeting
HOTP Algorithm • Based on known primitives • HMAC: RFC 2104 • SHA-1: FIPS 180-1, RFC 3174 • Open Standards • All basic blocks are public, free to use • HOTP is also public • anybody can implement it at no cost • a reference implementation in Java is in the draft • a detailed security analysis is also available 62nd IETF Meeting
HOTP Algorithm: Description HOTP (Counter, Key) = Truncate(HMAC-SHA-1 (Counter, Key)) • The Key is a shared secret between the prover (HOTP token) and the verifier (HOTP validation server) • The Counter is a moving factor that needs to be synchronized between the prover and the verifier 62nd IETF Meeting
SHA-1 Attacks: No impact • HOTP is based on HMAC • HMAC is not a hash function, it uses a hash function internally • A MAC depends on a secret key • The issues with MAC constructions is forgery, not collisions • Best example: MD5 is broken, though no attack on HMAC-MD5 62nd IETF Meeting
HOTP algorithm in the real world • Implemented in various flavors • Software Token to generate OTP values • On PC, PDAs, any mobile device • Hardware Tokens • OTP and hybrid tokens (with other functionalities) • SIM Cards • GSM phones turn into tokens to generate OTPs 62nd IETF Meeting
Next Step and Conclusion • HOTP as an RFC • Open Standard, Freely available • Reference implementations • Today java, tomorrow C, javacard, etc. • RFC status will drive adoption • Early adopters will innovate • Embedding algorithm in all devices • Improving security for internet users 62nd IETF Meeting