Time-based One-time Password Algorithm

TOTP ( Time-based One-Time Password Algorithm , RFC 6238 ^[1] ) - OATH - one-time password creation algorithm for secure authentication , which is an improvement of HOTP (HMAC-Based One-Time Password Algorithm) . It is a one-way authentication algorithm - the server authenticates itself to the client . The main difference between TOTP and HOTP is the generation of a password based on time, that is, time is a parameter ^[2] . In this case, not the exact time is usually used, but the current interval with pre-set boundaries (for example, 30 seconds).

Content

History

Since 2004, OATH ( ) has been working on a one-time password (OTP) project. The first result was HOTP (the Hash-based Message Authentication Code (HMAC) OTP algorithm), published in December 2005. It was presented as an IETF project (The Internet Engineering Task Force) ^[2] ^[3] .

Further work by OATH went on to improve HOTP and in 2008 TOTP was introduced ^[4] . This algorithm does not use a counter to synchronize the client and server, but generates a password depending on the time that is valid for a certain interval. The algorithm works like this: the client takes the current value of the timer and the secret key, hashes them using some hash function and sends it to the server, in turn, the server performs the same calculations, after which it only needs to compare these values ^[5] . It can be implemented not only on the SHA-1 hash function, unlike HOTP, therefore the hash function is also an input parameter ^[2] .

Later, a new algorithm was introduced that extends TOTP even further. It was introduced in September 2010 and named the OATH Challenge-Response Algorithms (OCRA) . The main difference from the previous algorithms is that the server also participates in authentication. So that the client can also be sure of its authenticity ^[2] .

Principle of Operation

In fact, TOTP is a variant of the HOTP algorithm, in which a value depending on the time is substituted for the counter value ^[1] . Denote:

$T$ ${\ displaystyle T}$ - discrete time value used as a parameter. (Measured in units $X$ ${\ displaystyle X}$ , 8 bytes)
$X$ ${\ displaystyle X}$ - time interval during which the password is valid. (Default 30 sec.)
$T_{0}$ ${\ displaystyle T_ {0}}$ - The initial time required to synchronize the parties. (The default is the time from the start of the UNIX era )
$K$ ${\ displaystyle K}$ - shared secret.
$C u r r e n t T i m e$ ${\ displaystyle CurrentTime}$ - current time.

Then ^[1] ^[6]

T=(CurrentTime-T_{0})/X

{\ displaystyle T = (CurrentTime-T_ {0}) / X}

\operatorname {HOTP} (K,T)=Truncate(\operatorname {HMAC-SHA-1} (K,T))

{\ displaystyle \ operatorname {HOTP} (K, T) = Truncate (\ operatorname {HMAC-SHA-1} (K, T))}

\operatorname {TOTP} =\operatorname {HOTP} (K,T)

{\ displaystyle \ operatorname {TOTP} = \ operatorname {HOTP} (K, T)}

Where

HMAC-SHA-1 (K, T) - generation of 20 bytes based on the secret key and time using the SHA-1 hash function.
Truncate - a function to select 4 bytes in a certain way:

Let String be the result of HMAC-SHA-1 (K, T); OffsetBits - low 4 bits of a string String ; Offset = StringToNumber (OffsetBits) and the result of Truncate will be a string of four characters - String [Offset] ... String [Offset + 3] ^[6]

It is also worth noting that, unlike HOTP, which is based only on SHA-1 , TOTP can also use HMAC-SHA-256 , HMAC-SHA-512 and other HMAC hash functions:

$\operatorname {TOTP} (K,T)=Truncate(\operatorname {HMAC-SHA-256} (K,T))$ ${\ displaystyle \ operatorname {TOTP} (K, T) = Truncate (\ operatorname {HMAC-SHA-256} (K, T))}$
$\operatorname {TOTP} (K,T)=Truncate(\operatorname {HMAC-SHA-512} (K,T))$ ${\ displaystyle \ operatorname {TOTP} (K, T) = Truncate (\ operatorname {HMAC-SHA-512} (K, T))}$

etc. ^[1]

Algorithm Reliability

The concept of one-time passwords, coupled with modern cryptographic methods, can be used to implement reliable remote authentication systems ^[5] . TOTP is quite resistant to cryptographic attacks, but there is a chance of hacking, for example, such a “man in the middle” attack is possible:

By listening to client traffic, an attacker can intercept the sent login and one-time password (or hash from it). Then it is enough for him to block the computer of the “victim” and send authentication data on his own behalf. If he has time to do it in a period of time $X$ ${\ displaystyle X}$ then he will be able to access. That is why $X$ ${\ displaystyle X}$ worth doing small. But if the password expiration time is made too short, then in the case of a slight out of sync, the client will not be able to access ^[5] .

There is also a vulnerability associated with the synchronization of server and client timers, since there is a risk of time information being out of sync on the server and in the user’s software and / or hardware. Since TOTP uses time as a parameter, if the values do not match, all user authentication attempts will fail. In this case, the false admission of someone else will also be impossible. It is worth noting that the probability of such a situation is extremely small ^[5] .

Notes

↑ ¹ ² ³ ⁴ M'Raïhi, Machani, Pei et al., 2011 .
↑ ¹ ² ³ ⁴ Nathan Willis, 2010 .
↑ Vaidya, Park, Rodrigue, 2009 .
↑ OATH Submits TOTP: Time-Based One Time Password Specification to IETF .
↑ ¹ ² ³ ⁴ Davletkhanov, 2006 .
↑ ¹ ² M'Raïhi, Bellare, Hoornaert et al., 2005 .

Sources

Nathan Willis. OATH: yesterday, today, and tomorrow (English) // LWN.net : electronic journal. - 2010.
Joann Killeen, Madison Alexander. OATH Submits TOTP: Time-Based One Time Password Specification to IETF . Archived January 23, 2013.
M'Raïhi D. , Bellare M. , Hoornaert F. et al. HOTP: An HMAC-Based One-Time Password Algorithm - Internet Engineering Task Force , 2005. - 37 p. - doi: 10.17487 / RFC4226
<a href=" https://wikidata.org/wiki/Track:Q27105682 "> </a> <a href=" https://wikidata.org/wiki/Track:Q22678443 "> </a> <a href = " https://wikidata.org/wiki/Track:Q1932841 "> </a> <a href=" https://wikidata.org/wiki/Track:Q217082 "> </a> <a href = " https://wikidata.org/wiki/Track:Q27105706 "> </a> <a href=" https://wikidata.org/wiki/Track:Q3018520 "> </a>
Davletkhanov M. The concept of one-time passwords in building an authentication system // Byte - 2006. - issue. 7-8 (95), July-August. - ISSN 0360-5280
<a href=" https://wikidata.org/wiki/Track:Q1018709 "> </a> <a href=" https://wikidata.org/wiki/Track:Q21694596 "> </a> <a href = " https://wikidata.org/wiki/Track:Q21694594 "> </a>
Vaidya B. , Park J. H. , Rodrigues J. J. P. C. HOTP-Based User Authentication Scheme in Home Networks // Advances in Information Security and Assurance : Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25-27, 2009. Proceedings - Springer Berlin Heidelberg . - P. 672–681. - ( Lecture Notes in Computer Science ; Vol. 5576) - ISBN 978-3-642-02616-4 , 978-3-642-02617-1 - ISSN 0302-9743
<a href=" https://wikidata.org/wiki/Track:Q21694586 "> </a> <a href=" https://wikidata.org/wiki/Track:Q21694587 "</a> <a href = " https://wikidata.org/wiki/Track:Q21694585 "> </a> <a href=" https://wikidata.org/wiki/Track:Q924044 "> </a> <a href = " https://wikidata.org/wiki/Track:Q21694588 "> </a> <a href=" https://wikidata.org/wiki/Track:Q21694589 "> </a> <a href = " https : //wikidata.org/wiki/Track: Q21587985 "> </a>
M'Raïhi D. , Machani S. , Pei M. et al. TOTP: Time-Based One-Time Password Algorithm - Internet Engineering Task Force , 2011 .-- 16 p. - doi: 10.17487 / RFC6238
<a href=" https://wikidata.org/wiki/Track:Q22678443 "> </a> <a href=" https://wikidata.org/wiki/Track:Q26882441 "> </a> <a href = " https://wikidata.org/wiki/Track:Q26882437 "> </a> <a href=" https://wikidata.org/wiki/Track:Q217082 "> </a> <a href = " https://wikidata.org/wiki/Track:Q26882439 "> </a> <a href=" https://wikidata.org/wiki/Track:Q26882440 "> </a>

Links

OTP Oath HOTP TOTP PSKS DSKPP ( unopened ) (link not available) . Archived January 24, 2013.

[_b02f4e6079a317ec-1] ¹ ² ³ ⁴ M'Raïhi, Machani, Pei et al., 2011 .

[_fcc1f93cb702ecdc-2] ¹ ² ³ ⁴ Nathan Willis, 2010 .

[_865a8eea8ff9cbb3-3] Vaidya, Park, Rodrigue, 2009 .

[_7a28f4a3ce8b1744-4] OATH Submits TOTP: Time-Based One Time Password Specification to IETF .

[_0b867f6613c8149f-5] ¹ ² ³ ⁴ Davletkhanov, 2006 .

[_cab016641e7b77af-6] ¹ ² M'Raïhi, Bellare, Hoornaert et al., 2005 .