User's Manual
13
5 Authentication
This chapter describes the authentication type that is carried out from WebOTP.
The WebOTP and WebCHR protocol authentication is based on the use of a symmetric cryptography algorithm and of a
secret shared among the hardware devices and the authentication server. The WebSMS protocol authentication is based
on the exchange of information via user’s telephone instead.
5.1 Security
In the WebOTP and WebCHR protocols the authentication is based on the use of the AES 256 bit symmetric
cryptography algorithm, as opposed to the common hash algorithm used by traditional OTP devices.
Using a symmetric cryptography algorithm is possible for WebOTP thanks to the USB connection which does not
prescribe any length limits in the authentication code. Symmetric cryptography requires operating with an
authentication code of at least 128 bits, many more bits than a traditional OTP display with few figures can display.
The advantages of using a symmetric cryptography algorithm during OTP authentication are manifold:
Identification – Besides authentication the user, it is also possible to identify him/her. It is therefore possible for the
user to avoid identification upon authentication. By comparison a traditional OTP always demands to know who the
user is in advance.
Security –
The authentication code contains 128 bit of security information. By comparison, the traditional display-
equipped OTP’s use maximum 40 bits, often fewer
1
.
Speed –
The authentication check is easy and quick. The authentication server will be submitted to a much reduced
workload
2
. By comparison a traditional OTP with hash function requires a process by attempts for guessing the time
values or the events used by the device.
Resistance to Brute Force Attack – Given the high security level of the authentication, it is not necessary to block
access to the users after a certain number of unsuccessful attempts. By comparison, a traditional OTP is obliged to use
block techniques for preventing brute force attacks.
Resistance to
DoS Attack
–
The authentication server is especially proof against Denial Of Service – type attacks,
which are programmed for requiring a high number of fictitious authentications in the attempt of blocking user access.
The authentication check is very quick also in case of failure. By comparison, with a traditional OTP based on hash
function a failed authentication case is always the worst possible event in terms of performance time.
Effective error management –
In case of authentication failure, it is possible to know the exact reason of the failure. In
particular it is possible to distinguish between errors due to faulty devices and errors due to attack attempts. For
instance, it is possible to continue to use a time-based device with a flat battery as if it was an event-based device. By
comparison, a traditional OTP with hash function has always got only one type of authentication failure and no further
information is possible to infer from the error.
In the WebSMS protocol, the authentication is based on the user sending a random code up to 64 bits via the user's
private telephone number. By using the received code, the user will be able to perform the authentication.
5.2 Keys
The identification and authentication process is based on sharing a secret between the WebOTP device and the
authentication server.
For that reason every device contains two secret 256 bit keys: the server-key and the device-key.
• The server-key is a key shared by all devices that will be used with a certain authentication server; it enables
the server to identify the user that owns the device. Only the server which knows the server-key will be able to
identify the user.
• The device-key is a key which differs for each device; it enables the server to authenticate the user. Only the
device that contains the correct device-key will be able to authenticate itself.
1
An 8-figure numerical display represents about 27 information bits.
2
With a Pentium Core Duo 2 workstation it is possible to perform about 200000 authentication checks per second.