Cryptography Reference
In-Depth Information
This does not sound like a big improvement on password-based entity
authentication, since we are essentially using a conventional password scheme
to authenticate the user to the token. However, there are several significant
improvements:
Local use of PIN
. With regard to security at the user end, the main difference
is that the user uses the PIN to authenticate themselves to a small portable
device that they have control over. The chances of the PIN being viewed by an
attacker while it is being entered are lower than for applications where a user
has to enter a PIN into a device not under their control, such as an ATM. Also,
the PIN is only transferred from the user's fingertips to the token and does not
then get transferred to any remote server.
Two factors
. Without access to the token, the PIN is useless. Thus another
improvement is that we have moved from
one-factor
authentication (some-
thing the claimant knows, namely the password) to
two-factor
authentication
(something the claimant knows, namely the PIN,
and
something the claimant
has, namely the token).
Dynamic responses
. The biggest security improvement is that every time an
authentication attempt is made, a different challenge is issued and therefore
a different response is needed. Of course, because the challenge is randomly
generated there is a
very small
chance that the same challenge is issued on two
separate occasions. But assuming that a good source of randomness is used (see
Section 8.1) then this chance is so low that we can dismiss it. Hence anyone
who succeeds in observing a challenge and its corresponding response cannot
use this to masquerade as the user at a later date.
DYNAMIC PASSWORD SCHEMES IN PRACTICE
The relative ease of use and low cost of dynamic password schemes has seen
their use increase significantly in recent years. They are now fairly popular entity
authentication mechanisms for applications such as online banking (for example,
EMV-CAP, discussed in Section 12.4.5). There is a great deal of variation in
the ways in which these schemes operate. As well as varying in the underlying
freshness mechanism, they also vary in the extent to which the user authenticates
to the token. Techniques include:
• the user authenticates directly to the token (as in our example);
• the user presents some authentication data, such as a PIN, to the server; this
could happen:
- directly, for example the user presents the PIN to the server using a separate
communication channel such as a telephone line;
- indirectly, for example, the PIN is also an input into the cryptographic computation
on the token, thus allowing it to be checked by the server when it conducts the
verification step;
