Thursday, 22 June 2017

Hardware OTP Tokens

Swami Gulagulaananda said:
"Security by obscurity is an interesting notion - for we all fear what we don't understand"

A long time ago, I saw a friend of mine holding a small hand-held device. It hand a single button and a small screen. I asked him what it was. "Oh, I have an account with HSBC Bank. This is an OTP generator, it is for additional security", he replied. "How does it work?", I asked him. "I don't know man, they ask me to enter it while signing in. I press the button, some number comes up and I enter it", he replied

I tried it. Each time I pressed the button, a seemingly random number appeared on the screen. However, once a number appeared, it didn't change and remained on the screen. It didn't change even if I pressed it. It would remain for some time, perhaps a minute and then disappear. I pressed the button again and another number would appear.

This was pretty interesting. But I soon forgot about it. A few years later, I was signing up on some MongoDB website which required two-factor authentication. It required me to use an authenticator app - Google Authenticator (Although I distinctly remember using Microsoft Authenticator as I had a Windows phone). This also worked in a very similar manner. Apparently these new passwords are used to prevent problems due to key-loggers and man-in-the-middle attacks.

It turns out that both require some kind of registration with the server - A one time registration. Subsequently, there is no connection between the server and the device (app can be run without internet connection, and the small HSBC device is not a 'smart' device)

So now the question is - How does this work? The real thing probably works using either Time Based One time password algorithm or HMAC based one time password algorithm described here. But I was thinking if I could come up with a relatively simple mechanism.

I remembered Pseudo Random Numbers. The reason pseudo random numbers are "Pseudo" is because they are not really random numbers. In fact, these random numbers have a seed. A seed is a number that we provide to the PRN generator in the beginning. Subsequently, the function returns some numbers. The beauty is that this is repeatable. It means, if I started with a seed 10 and generated 5 random numbers and told you that my seed was 10, and you generated 5 random numbers using that seed, the 5 numbers that you have are exactly the 5 numbers that I have.

Here's a sample Python program for you to try out. Try running this in different terminals.
>>> import random
>>> random.seed(5)
>>> random.random()
>>> random.random()
Now obviously the question is - How do these PRN generator functions work? One of the ways could be to use a standard function like Sine or Log. For example, sin(x) will always be the same for the same value of x. So the seed is the first value of x. Each time you call the function, it will give you sin(x) and increment x. This is, of course, just an example.

So, now, these HSBC tokens have the 'x' value burned into it. The HSBC tokens also have a unique identifier. The security servers know the mapping between identifier and the seed value burned into it. Therefore, the two independent devices are capable of producing the same output. When you register the device, the server associates the token against you. Now, when you press the button, it probably uses the current time along with the seed (say concatenates or adds) and passes it into the function. It may use time till the minute level. Now whatever value is generated is typed by you. When you submit, the server looks at who submitted the value, gets the seed against him and the current time, and passes it into the same function - The result should be the same value if everything is okay. Otherwise there is something wrong...

Note that I have not used any fancy algorithms here - Do you think this is vulnerable? What problems do you see with this approach? Let me know in the comments.