Experimental Study of Digipass Go3 and the Security of Authentication

Igor Semaev

Abstract


Based on the analysis of 6-digit one-time passwords (OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronization system of the token, the OTP generating algorithm and the verification protocol in details necessary for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is much higher than it may be expected if all the digits are independently and uniformly distributed. The implications for the security of authentication are discussed and open questions are formulated.

Keywords


security of authentication, DIGIPASS, attack success probability

References


DIGIPASS GO3-Ultra-portable, strong Authentication for highest convenience and user acceptability. URL: www.vasco.com/images/DIGIPASS-GO3-DS201007-v1_tcm42-47200.pdf Cited: September 24, 2017.

D. M’Raihi, M. Bellare,F. Hoornaert,D. Naccache, and O. Ranen, “HOTP: An HMAC-Based One-Time Password Algorithm”. URL:www.ietf.org/rfc/rfc4226.txt Cited: September 24, 2017.

D. M'Raihi, S. Machani, M. Pei, J. Rydell, “TOTP: Time-Based OneTime Password Algorithm”. URL: www.ietf.org/rfc/rfc6238.txt Cited:September 24, 2017.

M. Adham, A. Azodi, Y. Desmedt and I. Karaolis, “How to Attack TwoFactor Authentication Internet Banking”. in FC 2013, LNCS 7859, Berlin: Springer, 2013, pp. 322-328.

Security 1:1 – Part 2 – Trojans and other security threat. URL: www.symantec.com/connect/articles/security-11-part-2-trojans-andother-threats Cited: September 24, 2017.

I. Semaev, “Experimental Study of DIGIPASS GO3 and the Security of Authentication”, Cryptology ePrint Archive, 2015/609.


Full Text: PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry @ http://www.it-in-industry.com . ISSN (Online): 2203-1731; ISSN (Print): 2204-0595