CMSC 426 — Spring 2018

One-Tme Passwords

Objective

Implement and test a HMAC-Based or Time-Based One-Time Password (OTP) scheme as described in two RFCs. Analyze the security of the scheme.

Scenario

From RFC 4226:

One-Time Password is certainly one of the simplest and most popular forms of two-factor authentication for securing network access. For example, in large enterprises, Virtual Private Network access often requires the use of One-Time Password tokens for remote user authentication. One-Time Passwords are often preferred to stronger forms of authentication such as Public-Key Infrastructure (PKI) or biometrics because an air-gap device does not require the installation of any client desktop software on the user machine, therefore allowing them to roam across multiple machines including home computers, kiosks, and personal digital assistants.

RFC 4226 describes an OTP scheme based on the HMAC-SHA-1 algorithm in which the user's secret key and a counter value are combined using the HMAC to produce a OTP value. RFC 6238 extends RFC 4226 and describes an OTP algorithm in which the counter is replaced with the time in seconds since some initial time T0. We refer to the method in RFC 4226 as an HMAC-Based OTP or HOTP scheme; the method in RFC 6238 is called a Time-Based OTP or TOTP scheme.

Procedure

Review both RFCs and choose one of the two methods to implement. Develop and test your implementation. Lastly, analyze the security of the selected scheme.

• Implement the core computation of the OTP method in conformance with the appropriate RFC. You may not use code from the “Reference Implementation” in either RFC.
• Verify that your implementation produces the same values as those provided in the sample output (“Test Values” in RFC 4226; “Test Vectors” in RFC 6238).
• Demonstrate the use of the OTP system for client login in a client-server system:
  1. Implement separate client and server code, simulating network communication with file-based communication.
  2. Demonstrate successful client login. That is, the server should accept the login request when the client is in possession of the correct key and counter/time.
  3. Demonstrate unsuccessful client login. That is, the server should reject the login request when the client is not in possession of the correct secret key or counter/time.
• Analyze the security of your selected scheme. Is there an attack that could defeat the OTP system? You may refer to published journal articles or conference proceedings.