This document provides an overview of one-time passwords (OTP), including a brief history, benefits and costs, categories, generation methods like HOTP and TOTP, delivery methods, relevant RFCs and standards, potential attacks, and development libraries. It defines an OTP as a single-use password or code used to authenticate over untrusted channels, complementing a user password for two-factor authentication. Common OTP types are event-based HOTP, which uses a HMAC to generate codes based on a key and counter, and time-based TOTP, which extends HOTP to generate codes based on time.
2. AGENDA
Introduction
Brief History of OTP systems
Benefits &Costs,
Categories of OTP
Methods of Generation
• HOTP & TOTP
Methods of delivery
RFCs and standards
Attacks
OTP Development Libraries
3. What is a One-time Password?
A single-use password or series of codes used
to authenticate a user over an untrusted
communication channel
• Complements a user password
Two-Factor Authentication
4. Brief & Probable History
Leslie Lamport wrote an article on chaining
hashes for authentication (CACM 1981)
Bellcore developed S/Key based on the
Lamport scheme (1994)
Hardware tokens are developed
OPIE was a more modern implementation and
compatible with S/Key
OTPW developed
6. Benefits of OTPs
Cost effective alternative for expensive digital
certificates
Cannot be reused
Avoids expensive Hardware tokens
Can be time-limited
Can be used over untrusted communication
paths
• Telnet, web-based, serial terminals
Can use with a compromised user password
Multiple generation/delivery mechanisms
7. Costs
Difficult for human beings to memorize and
require additional technology to work
Based on a shared secret
Software tools can be compromised
Attacks are still possible
8. Categories of OTPs
More often used two types of OTPs are
1. Event Based - HMAC-based One-time
Password (HOTP)
2. Time Based - Time-based One time Password
(TOTP)
Others include
1. Challenge-based - User enters a key sent from
server plus a password
2. Proprietary – RSA SecureID
9. Methods of Generation - HOTP
HOTP (HMAC-based)
• Computes a HMAC-SHA-1 and truncation to
compute the HOTP value
• HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))
Where the Key (K), the Counter (C),
10. HOTP
We can describe the operations in 3 distinct steps:
Step 1: Generate an HMAC-SHA-1 value
Let HS = HMAC-SHA-1(K, C) // HS is a 20-byte
string
Step 2: Generate a 4-byte string (Dynamic
Truncation)
Let Sbits = DT (HS) // DT, defined below, // returns
a 31-bit string
Step 3: Compute an HOTP value
Let Snum = StToNum (Sbits) // Convert S to a
number in 0...2^{31}-1
Return D = Snum mod 10^Digit // D is a number in
the range 0...10^ {Digit}-1
11. TOTP
TOTP (Time-based)
• An extension of HOTP to support time
• TOTP = HOTP (K, T),
• TOTP(K,C) = Truncate(HMAC-SHA-1(K,T))
• Where T = (Current Unix time - T0) / X, where
the default floor function is used in the
computation
• For example, with T0 = 0 and Time Step X =
30, T = 1 if the current UNIX time is 59 seconds,
and T = 2 if the current UNIX time is 60 seconds
12. Methods of Delivery
Software applications
• Command line OTP calculators
Text messaging
• Requests are made to send a code via SMS
• Requests from SMS itself or out-of-band
Phone call
• During the authentication process, you receive
a phone call and enter a PIN
13. More Methods of Delivery
Paper
• Lists of passwords or codes to use
• Some systems use paper codes as a backup
Hardware token
• Token has a rotating display of the current code
• May have buttons for challenges
Mobile applications
• The code is displayed exactly like a HW token
• OTP calculators can work with counter-based OTP
14. RFCs and Standards
RFC 1760, The S/KEY One-Time Password
System
RFC 2289, A One-time Password System
RFC 4226, HOTP: An HMAC-Based One-Time
Password Algorithm
RFC 6238, TOTP: Time-based One-time
Password Algorithm
15. Attacks on OTP
Man-in-the-Middle
• Attacker captures and resends authentication
data to legitimate server
Mobile based delivery for OTPs can be
attacked
Paper based delivery for OTPs - theft
16. OTP Development Libraries
Java: javaotp
Ruby: ropt, ruby-otp
Python: POTP
PHP: OTPHP, multiOTP
C/C++: OpenOTP
Many more available