Cryptography Reference
In-Depth Information
(c) Where might you also deploy cryptographic mechanisms in the overall
implementation of such a scheme?
15
. There are several commercial technologies for implementing dynamic pass-
words based on security tokens that employ a clock-based mechanism. Find a
commercial product based on such a mechanism.
(a) What 'factors' does your chosen product rely on to provide authentication?
(b) In what ways is your chosen technology stronger than basic (static)
passwords?
(c) Explain how the underlying mechanism in your chosen technology
differs from the challenge-response mechanism that we looked at in
Section 8.5.
(d) Find out how your chosen technology manages the issues that were raised
in Section 8.2.1 concerning clock-based mechanisms.
16
. Explain how to implement a dynamic password scheme based on the use of
sequence numbers.
17
. A telephone banking service uses a dynamic password scheme that employs a
clock-based mechanism but does not use any authentication between the user
and the token.
(a) What is the potential impact if the token is stolen?
(b) How might the bank address this risk through token management controls
and authentication procedures?
18
. Explain why a stream cipher would be a poor choice for the encryption
mechanism used to compute responses to challenges in a dynamic password
scheme based on challenge-response.
19
. Some online banks implement the following dynamic password scheme:
• When a user wishes to log on they send a request for a 'one-time' password
in order to access the banking service.
• The bank generates a one-time password and sends this by SMS to the
user's mobile phone.
• The user reads the SMS and enters the one-time password in order to access
the service.
• If the presented one-time password is correct, the user is given access to the
service.
Compare this approachwith the dynamic password schemes that we discussed
in this chapter, from a:
(a) security perspective;
(b) efficiency perspective;
(c) business perspective (costs, processes, business relationships).
