Author Topic: OTP (Read 7767 times)

OTP · « **on:** January 27, 2013, 05:11:50 AM »

Hi,

First, thanks for all the great work. I am wondering, if rockbox devices could be used for two factor authentication. http://www.mattcutts.com/blog/google-two-step-authentication/ has introduced it and smartphones can double as (semisoft) tokens http://f-droid.org/repository/browse/?fdfilter=otp&fdid=com.google.android.apps.authenticator2. Hardtokens like yubikeys can also be implemented in https://github.com/Yubico/yubico-c software. Many serious sites accept for strong two factor authentication certificates and OTPs along with yubikeys https://login.cern.ch/. There is a long history of using OTPs with mobile devices, like mOTP http://f-droid.org/repository/browse/?fdfilter=otp&fdid=org.cry.otp.

Would it be possible to have rockbox plugins to emulate RFC TOTP and HOTP, along with the widespread mOTP and yubikeys?

Thanks,
Rob

saratoga · « **Reply #1 on:** January 27, 2013, 11:49:13 AM »

Provided you don't need network access for your authentication I don't see why not.

OTP · « **Reply #2 on:** January 27, 2013, 01:21:07 PM »

Hi,

No network access is needed. Only the seed needs to be copied (or entered) to the device once, when initializing an account. This is then used to generate one time passwords based on either a monotone increasing counter (HOTP, yubikey) or a timestamp (TOTP). The disposable passcodes can be read off the display and entered at the inputline on the PC/tablet. The server then evaluates and validates these each time (using the same seed and time/counter position)

MobileOTP can also take a PIN before generating a one time password, which is handy for crude server-client challenge response (the RFC OTP-s and yubikeys can be subject to a certain class of replay attacks, ie. token withholding mitm). mOTP may need a 4 digit input from the user (ie. up/down and left/right, like setting LCD watches -- could be also used to enter the Base32 seed when setting up an account).

more info: http://motp.sourceforge.net/

Perhaps rockbox project itself will find it handy.

torne · « **Reply #3 on:** January 27, 2013, 05:47:06 PM »

Using Rockbox as an OTP device isn't very secure as we don't have any way to store the seed that prevents it from being trivially copied. Software OTP tokens generally run on systems that can protect application data. Someone having access to your player for a few seconds would be enough to duplicate the seed without you knowing.

monoid · « **Reply #4 on:** January 27, 2013, 09:42:06 PM »

The seed could be stored encrypted. So, just copying the file with the seed would not harm anyone.

saratoga · « **Reply #5 on:** January 27, 2013, 10:44:33 PM »

Quote from: monoid on January 27, 2013, 09:42:06 PM

The seed could be stored encrypted. So, just copying the file with the seed would not harm anyone.

Then were do you store the decryption key? On a second MP3 player

I guess a pin number to decrypt the key is better then nothing, but it seems like a phone would be a lot more secure, since you can tie the key to the cell network and use the device's secure element/coprocessor.

monoid · « **Reply #6 on:** January 27, 2013, 11:12:30 PM »

That's right. On the oher side, the phone might be even much more insecure, if it is smartphone with internet connection. Viruses, troyans, worms... sooner or later.

It seems to me that mp3 player with no internet and whose seed is protected by encryption using a password or at least PIN is more secure than almost any smartphone which connects to internet at least from time to time...

Generaly it may be even more secure to have OTP in mp3 in software than normal physical token. I have physical token without PIN, so if I loose it or it is stolen, there is no problem to use it.

But, OK. I am not sure, if having OTP in mp3 player is that good idea.

[Saint] · « **Reply #7 on:** January 27, 2013, 11:24:49 PM »

Quote from: monoid on January 27, 2013, 11:12:30 PM

It seems to me that mp3 player with no internet and whose seed is protected by encryption using a password or at least PIN is more secure than almost any smartphone which connects to internet at least from time to time...

No. Seven different kinds of no. All kinds of no in fact. Or, if you prefer, just plain 'ol Vanilla No.

[Saint]

saratoga · « **Reply #8 on:** January 27, 2013, 11:26:44 PM »

Quote from: monoid on January 27, 2013, 11:12:30 PM

That's right. On the oher side, the phone might be even much more insecure, if it is smartphone with internet connection. Viruses, troyans, worms... sooner or later.

Unless there is some flaw in the phone, there is no way for something like that to access the key though.

OTP · « **Reply #9 on:** January 28, 2013, 03:19:32 AM »

Hi,

Quote from: torne on January 27, 2013, 05:47:06 PM

Using Rockbox as an OTP device isn't very secure as we don't have any way to store the seed that prevents it from being trivially copied. Software OTP tokens generally run on systems that can protect application data. Someone having access to your player for a few seconds would be enough to duplicate the seed without you knowing.

This is true -- but as always, with physical access, it is game over on almost any device (evil maid and even hw tokens http://secgroup.ext.dsi.unive.it/projects/security-apis/tookan/).

I think the merits/application depend case-by-case according to the scenario; ie. in case of gmail, most of the threats will be from very remote continents, and anybody in your environment will also be able to sniff and log.

I have understood, that people wanted crypto support on rockbox and it has not been approved. Would it be possible to have a crypto plugin instead to protect the seed?

OTP · « **Reply #10 on:** January 28, 2013, 03:24:41 AM »

Quote from: saratoga on January 27, 2013, 11:26:44 PM

Quote from: monoid on January 27, 2013, 11:12:30 PM
That's right. On the oher side, the phone might be even much more insecure, if it is smartphone with internet connection. Viruses, troyans, worms... sooner or later.

Unless there is some flaw in the phone, there is no way for something like that to access the key though.

Most phones are online 24/7 and many indeed always have flaws (jailbreak, exynos etc. and those are just the high-profile -- OTA firmware updates and silent sms-es not even being mentioned: the possibilities are many, including bluecoat tools). Disconnected fobs do not seem too bad in comparison.

[Saint] · « **Reply #11 on:** January 28, 2013, 08:44:07 AM »

The fact that it may or may not be possible to compromise a secure platform (which, generally speaking, is only done by pen-testing experts as there is virtually no need to do so in the wild...there are plenty of users stupid enough to install an application without reviewing the permissions it requests) doesn't justify using insecure methods on an insecure platform.

[Saint]

monoid · « **Reply #12 on:** January 28, 2013, 09:50:48 AM »

Again, in my opinion OTP on mp3 player with secured seed (by password/PIN e.g. choosing certain song or combination of several songs) and secured access (again by password/PIN) is more secure than physical dongle without password or cellphone with internet access.

Of course it is not 100% secure, but nothing is. Even many smart cards (electronic vallet), door systems, garage door systems, car remote keys are very insecure.

Skilled person may breake in within minutes to days, depending on system and apriori knowledge. End it may be done even without direct physical access. It is sufficient to be "near by". For car/garage tens of meters, for smart cards close to card (which is possible in crowds of people like public transport, queue, etc.)

I do not say, it would be good idea to implement it (if it is possible) in RB, but on the other side it is not bad idea (IMO). It depends how it would be implemented to awoid user's disbehaviour.

But OK, I am not expert on security, so I may oversee something important.

torne · « **Reply #13 on:** January 28, 2013, 01:43:36 PM »

Hardware tokens cannot be *copied*, only stolen; this is a significant difference. There's no password to protect the token, but if someone steals it you know it's gone and you can get a new token associated with your account.

Having to protect the software token with a specific PIN/etc makes it significantly less convenient to use

There's no need to do this on a phone, because you can just lock the phone as you normally would, and modern phone OSes isolate apps from each other so they cannot steal data from each other.

Nobody is saying you can't do this, just pointing out that it's not particularly strong from a security POV. You'd be better off using your cellphone.

monoid · « **Reply #14 on:** January 28, 2013, 05:27:58 PM »

It was not my idea to implement OTP in RB. I have no need to get it implemented.

There are tokens, where PIN is needed. I had one. It was Citybank token.

Quite a lot of todays' smartphones have android. I do not know Linux, but I doubt applications are fully isolated. And if yes, than I do not understand why firewalls and virus-scanners are needed.

And I do not know anybody who locks telephone. But I know few cases that someone stole cellphone and before the owner managed to block it (within 2 hours or so), the telephone bill was equivalent of 500 US$ higher.

OK, if the token is implemented somewhere in SIM of telephone, then it would be almost equivalent to normal token. But SIM may by cloned, as far as I know. So, PIN for authorized access to application on SIM would be needed.

I do not see a security issue in using OTP on electronic device like mp3 player (if seed is encrypted and accessible only using proper password/PIN), but I doubt many people would use it.

Author Topic: OTP (Read 7767 times)

OTP

OTP

saratoga

Re: OTP

OTP

Re: OTP

torne

Re: OTP

monoid

Re: OTP

saratoga

Re: OTP

monoid

Re: OTP

[Saint]

Re: OTP

saratoga

Re: OTP

OTP

Re: OTP

OTP

Re: OTP

[Saint]

Re: OTP

monoid

Re: OTP

torne

Re: OTP

monoid

Re: OTP