Sms based otp
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Sms based otp

on

  • 593 views

 

Statistics

Views

Total Views
593
Views on SlideShare
593
Embed Views
0

Actions

Likes
0
Downloads
10
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Sms based otp Document Transcript

  • 1. SMS-based Two-FactorAuthenticationSMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 1 of 11Risk analysis
  • 2. DisclaimerDisclaimer of Warranties and Limitation of LiabilitiesAll information contained in this document is provided as is; VASCO Data Securityassumes no responsibility for its accuracy and/or completeness.In no event will VASCO Data Security be liable for damages arising directly orindirectly from any use of the information contained in this document.Copyright© VASCO Data Security 2005. All rights reserved.TrademarksDIGIPASS and VACMAN are trademarks of VASCO Data Security.All other trademarks are trademarks of their respective owners.SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 2 of 11
  • 3. Table of ContentsDisclaimer ...................................................................................................... 2Table of Contents............................................................................................ 3Reference guide....................................................... Error! Bookmark not defined.1 Introduction.............................................................................................. 52 SMS-based two-factor authentication ....................................................... 52.1 SMS-based user authentication ............................................................. 62.2 SMS-based transaction authentication.................................................... 73 Threats ..................................................................................................... 83.1 Security............................................................................................. 83.1.1 Security of SMS-based user authentication .......................................... 83.1.2 Security of SMS-based transaction authentication................................. 93.2 Reliability......................................................................................... 113.3 Cost ................................................................................................ 114 Conclusion .............................................................................................. 11SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 3 of 11
  • 4. Document historyVersion Author Comments Date1.0 Frederik Mennes Creation of document October 17, 2005SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 4 of 11
  • 5. 1 IntroductionThis document analyses the risk associated with deploying SMS-based two-factorauthentication.Section 2 presents the concept. Section 3 outlines a number of threats. We draw ourconclusions in Section 4.2 SMS-based two-factor authenticationIn this section, we shortly describe the concept of SMS-based two-factorauthentication.SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 5 of 11
  • 6. 2.1 SMS-based user authenticationWhen a user wants to authenticate himself to the Internet banking application of abank, the process goes as follows (see Figure 1):• The user surfs to the Internet banking application and provides his usernameand static password to the application. The application sends username andpassword to the banking server. The banking server verifies theusername/password combination. (Steps 1, 2)• If the combination is valid, it generates a one-time password. The bankingserver sends this one-time password to the user via an SMS-message. (Steps3, 4, 5)• Upon receipt of the SMS-message, the user provides the Internet bankingapplication with the one-time password. The application sends this one-timepassword to the banking server. (Steps 6, 7)• The banking server verifies whether or not the one-time password provided bythe user matches the password it has sent out. If this is the case, the user hassuccessfully been authenticated. (Step 8)Figure 1: SMS-based user authenticationSMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 6 of 11
  • 7. 2.2 SMS-based transaction authenticationWe assume here that the user has successfully logged into the Internet bankingapplication. When a user subsequently wants to sign the data of a financialtransaction, the process goes as follows (see also Figure 2 below).• The user enters the data of the financial transaction (e.g. amount, account)into the Internet banking application. The application sends this data to thebanking server. (Steps 1, 2)• The banking server generates a signature and sends this signature, togetherwith the transaction data, to the user via an SMS-message. (Steps 3, 4)• Upon receipt of the SMS-message, the user verifies whether or not the data inthe SMS-message match his transaction data. If they match, the user providesthe Internet banking application with the signature and transaction data. Theapplication sends this signature to the banking server. (Steps 5, 6, 7)The banking server verifies whether or not the signature provided by the user matchesthe signature it has sent out. If this is the case, the financial transaction is conducted.Figure 2: SMS-based transaction authenticationSMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 7 of 11
  • 8. 3 Threats3.1 Security3.1.1 Security of SMS-based user authenticationFollowing attacks are possible against SMS-based user authentication as describedabove :• Eavesdropping. SMS-based two-factor authentication systems arecharacterized by the fact that the end-user does not control the generation ofthe one-time password. On the contrary, it is the bank that provides the userwith the one-time password. This delivery process may give rise to a weak linkin the authentication system, because several entities can eavesdrop on thecommunication link between bank and end-user. The eavesdropper can thenuse the one-time password himself, effectively impersonating the genuine user.o Members of staff of the bank can learn the one-time password.o The link between bank and operator can be eavesdropped.o Members of staff of the telecom operator can learn the one-timepassword.o The link between operator and user can be eavesdropped (only the linkfrom the base station to the mobile phone is encrypted in case of GSM).• Man-in-the-middle attack. An adversary can lure a user to a fake web site,and have the user disclose its username/password/one-time password. Whenthe user authentication has been performed, the adversary hijacks the bankingsession, conducting transactions on behalf of the user. This is a real-timephishing/pharming attack, where the adversary monitors the traffic betweenbank and user.SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 8 of 11
  • 9. 3.1.2 Security of SMS-based transaction authenticationAn adversary can conduct man-in-the-middle attacks against SMS-based transactionauthentication. We differentiate between two types of man-in-the-middle attacks.A) Adversary controls traffic between user’s PC and bankA number of different man-in-the-middle attacks are possible, depending on thenature of the signature:• Signature is random number. Suppose that the signature is a randomnumber. The adversary watches the traffic between the banking server and theuser. When the user has entered the signature into the banking application, theadversary changes the transaction data (e.g. amount, account). If the bankingserver does not check the data again, the adversary’s transaction will beexecuted.• Signature is hash. Suppose that the signature is actually a hash of thetransaction data, computed using, for example, SHA-1, SHA-2, RIPEMD-160,etc. Suppose also that the adversary learns which hash function is used tocompute the hash values. When the user has entered the signature into thebanking application, the adversary changes the transaction data (e.g. amount,account) and hash. If the banking server only checks whether or not the dataand signature match, the adversary’s transaction will be executed.• Signature is Message Authentication Code (MAC). Suppose that thesignature is actually a MAC of the transaction data, computed using a secretkey. In this case, the adversary is not able to compute matching data/signaturepairs of his own, because he does not possess the secret key.Figure 3SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 9 of 11
  • 10. In order to protect against these attacks, we have following recommendations:• Do NOT use random numbers as signatures.• Do NOT use hash values as signatures.• Do use Message Authentication Codes (MAC’s) as signatures.• Do verify whether the submitted signature matches the received signature.• In Step 7, send only the signature, and not the transaction data, or verifywhether or not the transaction data are always the same.B) Adversary controls traffic between user’s PC and bank and between bankand mobile phoneIn this case, the adversary can launch very powerfull attacks. When a user submits atransaction, the adversary hijacks the session between user and bank. He thenchanges the transaction data at his will, and submits the new transaction. The bankgenerates a signature and sends an SMS-message to the genuine user. However, theadversary intercepts the SMS-message and conducts his transaction.This type of fraud can typically be conducted by members of staff of the telecomoperator, as they have full control over the SMS-messages. However, an adversarycan also conduct this type of attack if he intercepts the traffic between bank andoperator or between the operator and the mobile phone.Figure 4SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 10 of 11
  • 11. 3.2 ReliabilityFollowing factors influence the reliability of SMS-based two-factor authentication.• SMS delay and loss. According to a study of KeyNote Systems, Inc.(http://www.keynote.com), an average of 94.7 % of SMS-messages arrive attheir destination in an average of 11.8 seconds. This means that 5.3 % of themessages arrives late or does not arrive at all. As an example, if you have100,000 customers requesting one SMS-message per week, 5300 messageswill arrive late or get lost every week.• Coverage. In order to receive an SMS-message, one has to be in an area withcoverage for cellular phones. If this is not the case, it is not possible to conductan Internet banking session.• User acceptance. Not everyone has a cellular phone, and not everybodyknows how to read SMS-messages.3.3 Cost• Sending SMS-messages to customers comes with a certain cost. The cost perSMS-message is dependent on the local mobile phone operator, but $0.10might be a possible average.• Moreover, the cost of sending SMS-messages is ever-increasing, hence notfixed. For example, if a customer requests one SMS-message per week, thiswould cost already $5 per year if an SMS-message costs $0.10.Users might not be happy to pay for this cost.4 ConclusionIt is up to the bank to assess the potential impact of the threats presented above. Thebank then has to decide whether or not the risk is acceptable.SMS-based Two-Factor Authentication - Risk analysis© 2005 VASCO Data Security. All rights reserved. Page 11 of 11