Cryptography Reference
In-Depth Information
at
www.openauthentication.org
. The core underlying this standard is the
HOTP
algorithm, which is described in RFC 4226; you can download the
PD/skey/OATH/rfc4226.txt
file from the Web site to this topic. The basic idea
is very simple: a counter is increased with every step (pushbutton at the token),
and SHA-1 is used to compute an HMAC. The key that is used to calculate the
HMAC assumes a role similar to the seed in an RSA token. Synchronizing the
counter between token and server is a separate problem (time could also assume
the role of the counter, similarly to the SecurID token). The major benefit of
such an open algorithm is that token vendors compete, being independent of
server software. Burt Kaliski, Chief Scientist at RSA Laboratories, expressed
doubts though: relying on one single algorithm like SHA-1 was unwise, because
nobody can anticipate future cryptanalyses. While this argument appears to be
reasonable, an SHA-1 - HMAC would be far from being at risk even when
SHA-1 collisions were easy to calculate. There certainly does not seem to be a
threat in the years to come. Kaliski would like to see a standard that includes
many algorithms and methods. It may evolve some day, but OATH represents
important progress.
OATH can solve another problem: if you have to token-authenticate yourself
at five different servers, you normally need five different tokens. This is cum-
bersome, and the probability of forgetting exactly which token you need at
the moment increases. This argument is not negligible: when asked who ever
forgot their tokens at the RSA Conference Europe 2006, a large number of
participants raised their hands.
It would be nice to have one single token for all vendors. In this context, we
speak of
federated ID
. On the other hand, such a concept can cause mistrust:
would the token cleanly separate the set of identities? What identity is actually
sent, and can the user control it? What can the vendors that the token serves
learn from one another? Does a different algorithm have to be implemented
for every vendor?
The answer to the last question is 'no', thanks to OATH. The other problems
can be solved by an approach of VeriSign, the most renowned and mighty
company that creates certificates and handles DNS requests for the two most
important Internet domains,
.com
and
.net
. Its concept is called
VIP
(VeriSign
Identity Protection) and is actually pretty simple.
•
VeriSign hosts the secret keys of independent vendors contained in the
tokens and the (non-secret) serial numbers (IDs) of the tokens.
•
The tokens are sold freely, independently of the user's merchants, such
as eBay.
