Just a thought .... a couple of Banks have sent me a small gadget that I'm supposed to use to generate a OTP - One Time password - when I try to get involved with Internet Banking.

How do they work ?

I used one today to interrogate a bank account literally on the other side of the World ( a UK bank a/c from here in New Zealand ). I logged on to the site with my username and password, and after making some changes was then asked to press various buttons on the gadget, which then showed a 6 digit number that I had to enter on to my computer before my changes were authorised.

??? the gadget isn't transmitting to the bank, so that they can confirm that I'm entering a number that they have sent to me via the gadget, neither is the gadget interacting with my computer - or is it ? I can't see what the difference is to my haphazardly hitting a few keys on a nearby electronic calculator, or telephone pad, and then typing those random numbers on to the Bank site ?

All smoke and mirrors to me.

ExSp33db1rd,

You've correctly assumed the token is not transmitting to the bank.

Bushfiva started along the right lines with his response but it all came out a bit messy, so I'll try to clean it up. He, for example, is completely off-track with talk of random number generators.

Yes, there are broadly speaking two types. Challenge/Response and Event based.

Both have something in common, which is a shared secret or "seed". The bank stores it in its database, your token stores it hardcoded in its hardware.

There other common element is not between the mechanisms but between you and the bank. What that second element is depends on the mechanism used.

Challenge/Response is what Bushfiva said. Site gives you a code, your token derives a response in a cryptographic manner based on the code and the secret. The bank derives what it thinks the response should be. If what you submit what your bank is expecting it to be, then you're in.

Event based comes in two main flavours :

- Counter : i.e. each time you press a button the counter increments by one. Again, your token calculates a value in a cryptographic manner based on the counter and secret. The bank calculates a value based on what it reckons the counter value should be. If the value you submit is the same as what the bank calculates, you're in.

- Time based. Well, its not strictly time based, its moving factor. Your bank decides on two things (a) a time step (e.g. 30 seconds, 60 seconds) (b) How many steps it will verify. Your token contains a timer that increments in seconds (typically seconds since the UNIX epoch or 00:00:00 UTC on 1 January 1970 ... long story ). Every value you derive based upon the timer plus seed is the same within the same time step. Your bank derives a value based on the current time window plus the shared secret... if your value matches you're in. If it doesn't match, your bank might also check a couple of steps either side of the expected epoch depending on what it decided in (b).

In terms of how you get the 8 digits, the process is generally something like the following (this being an example of generating a HOTP style token response, which is counter event based) :

HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))
where Truncate represents the function that can convert an HMAC-SHA-1 value into an HOTP value.
HMAC-SHA-1 being the output of a cryptographic function of the same name.

Basically Truncate() converts something like "11f6ad8ec52a2984abaafd7c3b516503785c2072" (which would be an example output from HMAC-SHA-1(K,C)) into the 6 or 8 digit number you type into the bank's website.

Generating a time based token would be similar, you would typically replace "C" with "T", i.e. the time step value.

I know it all sounds very technical, but its actually a very simple method....

I have also wondered how these devices work. After reading Mixture's explanation, I am more mystified than ever. It's white mans' magic!

Nothing magic about it, and the explanation is readily available on the Web - even from the banks themselves.

https://www.google.com.au/webhp?sour...s+work&safe=on

It is magic if you want a UK bank replacement sent to you overseas!! Certainly Barclays find it impossible.

Tip for ExSB: Never leave the gadget just lying around. I used to borrow one to get into the heart of the live network of Australia's biggest telco monopoly. All I had to do was open the top draw of the prick sitting next to me.

For significant transactions my bank will SMS me a 6-digit code that I must submit within a few minutes (it becomes invalid after that and I must request a new one).

Seems fairly secure to me, particularly as their internet banking logon is not simple.

'Course if my cellphone is down I'm stuffed.

Not so sure about the fob gadget - anyone could have it.

Comments mix?

Mac



PS:What about collisions? There must be many HMAC-SHA-1 values that truncate to the same HOTP number.

Interesting question.

Starting from the obvious assumption they already know your username and password ...

You're right about the fob. If someone got it and somehow got to know your PIN, then you're right, impersonating you would not be difficult. So to a certain degree I guess you could say a fob is equivalent to the old fashioned signature. Having said which, you could report loss of the fob and they could then block it on their systems.

Assuming the bank makes it sufficient hassle for your registered mobile number to be changed, then I certainly can see how you could argue SMS to be the better option of the two.

SMS does have the downside of being reliant on your phone and the existence of a signal. I suppose you could also argue the risk of interception ?

I suppose the summary is that its six of one or half a dozen of the other. Both SMS and the Fob do a great deal more for your security than a system that relies soley on username and password.

There are also fancy systems I've seen that don't use either fob or SMS but play clever tricks on the website (e.g. they display a random selection of images in a random order, only one image is your pre-selected image).

I suspect there's a very high chance of the same number being (eventually) generated since you're truncating the length and removing the hex element.

The answer most likely lies in the context, in that a collision attack is not a likely vector for an authentication mechanism of this sort. No doubt somebody will try it one day though I suppose (if they haven't already !).

(The main purpose of this sort of authentication mechanism being to avoid replay attacks and similar vectors. So one assumes the risk of a series of identical truncated results from the same fob is unlikely).

As it is not JB, I suppose I am not allowed to say that I don't like being fobbed off with these gadgets.

IT folk just have different brains from the rest of us.

boom boom tishhhh...

Well, it's Friday, its been a long week.... I think you deserve praise for that one !

(assuming it was meant to be humour rather than a serious comment !)

So glad this thread was started. I got one sent to me and I had no idea what it was. Now I can find out to a new level of understanding.

American, or at least Texan cards require a signature over $10. It always seems to accept mine despite them being a tad different sometimes.

Rivets, I've got 5 of these at the moment - 3 for work (VPN access, secure client 1 and secure client 2) and 2 for banking (company and personal). I have to label the 3 work ones to tell them apart.

SD

Now here's the foxy bit - I can use my Barclay's Card Reader (with one of my Barclay's cards, of course) OR insert my Nationwide card in the same (Barclay's) machine and it works too. How is that seeded?

Thanks guys - and Mixture - I'm beginning to get my head around it, but it only reinforces my opinion that Banking Life was easier (and possibly more secure?) before computers - I blame Bill Gates !

A couple of years ago I received a letter from a local collection/credit agency saying that I had 24 hrs. to pay an overdue Council account, or risk my Worldwide credit being withdrawn.

Fortunately I'd paid by cheque, and had a receipt and paper bank statement to prove it and within 30 minutes was slapping these down on the desk of the Council Finance Manager, explaining that as I'd personally presented the cheque to a Council employee, they only way that it could have got to my bank for payment was via the - presumed- criminal Council employee, who had cashed my cheque and then embezzled my money and kept me in debt, hence the eventual report to the collection/credit agency.

I have a letter of apology - it was finger trouble, not criminal activity they said, but Then They Would, Wouldn't They ! - but I do wonder what I would have faced if I'd had to prove all that as a result of using one of these Space Age Gadget/Tokens via the Internet ?

I also wonder how I would have fared if I'd been out of the Country when the letter was delivered - 24 hrs to pay ? I could have been on the other side of the World and suddenly had no active credit cards. Not nice.

Gold coins in a washleather bag hung around ones waist had a lot going for it. (and a Smith and Wesson hanging on the other hip!)

Progress isn't always better.

Oooooo buggah! I've only got one, and I can't find it. It was in a padded envelope, of that I'm certain.


It was there before the wedding . . . perhaps I gave it away with the bride.

Ah, thanks to this thread, I found it. At least I think I've found it. Sony, with BBC I BBC II etc., etc. No wait, I've been looking for that all evening. Now I can watch telly.

This must be it, stored away with the letters from my father during WWII. Really, it was. Don't know why I put it with them, but there it was.

Since I manage to lock myself out of my visa every trip home, I'll wait until the vino wears off before powering it up. In 2011, I had a seizure while screaming at Barclaycard for not knowing when I paid my dentist. "one of the first people in the world (still living) to have a Visa card," I screamed. They didn't care. "If you don't know when you pay Denplan, you can starve." I knew they were thinking, "if he hasn't paid Denplan, he won't have any teeth to eat with anyway."

What the hell am I talking about? Another one to delete in the light of day.

The reader itself is dumb. Its just a user friendly interface to the processor on your card. Hence the reason you can use it with any card that meets the requirements....

The chip on your card is actually a microprocessor. It can contain multiple applications, one of which can be the Mastercard Chip Authentication Program or Visa Dynamic Passcode Authentication. Each application has its own set of cryptographic keys.

So when your card is inserted into the terminal, it makes sure the authentication program is available on the card.

You then enter your pin, the device sends it to the card for processing, which returns the cryptographically derived result using the private key held on the card. This is displayed on the screen on your device.

Your bank has your public key which it can use to validate the output.

The underlying method is probably along the lines of the incrementing counter method outlined above (i.e. the chip on your card holds the current counter value, and the bank has a record of what it reckons the current counter value should be).

Mac, I personally wouldn't trust SMS at all. The 3G air network has p!ss-weak encryption, and all that 4G hoo-haa about IPSec, if implemented (often it isnt), doesn't apply because SMS is often dispatched as GSM modem command string rather than an IP socket connection. SMS is unsecure and I've seen the telco toys that can easily intercept traffic in the air network.

Then there is the mystery of how your bank sends the SMS to you, even though it probably won't be via some free Nigerian internet to SMS service, it could suffer from similar vulnerabilities.

A more secure approach would be to use a banking app, but you need to invest in a smart phone. However even that is flawed, recently a colleague pointed out a dodgy certificate authority being used in the https internet connection to a big Australian bank's accounts. This occurred just after they had outsourced their internet banking systems to some third world country. He notified them of the serious risk - it took 3 months for them to fix it.

I also have one of those gadgets from Barclays and I have used it successfully to transfer money from our UK account to other
UK accounts. Was able to pay a UK company which wouldn't accept an NZ Visa credit card number. Snag is though that I was
also able to very easily and quickly transfer a "loan" to UK daughter in June , the snag being that she hasn't repaid it and doesn't
even mention it