A general introduction to multi-factor authentication with the emphasis on two-factor authentication and omitting biometrics...
A multi-factor authentication (MFA) is an authentication method, which confirms users' claimed identities by using a combination of the following factors:
- knowledge-based: something they know (a password),
- ownership-based: something they have (a certificate, security token), or
- inherence-based: something they are (typically biometrics, not this case).
A two-factor authentication (2FA) uses a combination of two. The MFA/2FA methods are more secure than a password protected certificate, as compared with a password hash, which is located on a server only, a stolen certificate (or a private key) can be attacked offline. Furthermore, a malicious memory dump performed on a client system can potentially reveal unencrypted key.
Therefore, employing a one-time password instead of the usual password and combining it with password protected certificate increases the complexity for potential attackers, as a result of which the security of the system improves.
A One-Time Password (OTP) system, as defined in RFC 2289, is an authentication mechanism for system access (login), which is secure against passive attacks based on replaying captured reusable passwords. OTP systems counter replay attacks, as they use passwords (usually automatically generated), which cannot be reused when captured. The OTP is delivered via SMS or e-mail, or displayed using a software/token to the user or machine.
The Initiative for Open Authentication (OATH) is an industry-wide collaboration to develop an open reference architecture using open standards to promote the adoption of strong authentication. Some of the cornerstones of the OATH are:
- HMAC-based one-time password algorithms
- Time-based one-time password algorithms
Message Authentication Code
A Message Authentication Code (MAC), sometimes referred to as a cryptographic checksum (or simply a tag), is a short piece of information used to authenticate a message. In other words, it provides
- integrity (message was not changed) and
- authenticity to the message (came from the claimed sender).
MACs are similar to cryptographic hash functions, while being resistant under chosen-plaintext attacks, and differ from digital signatures (s), as MAC values (m) are both generated and verified using the same secret key (K). The difference between digital signatures and MACs is as follows:
- Digital signature usage (signing and verification of text or file)
- MAC usage (signing and verification if m=m', where m' is called "prime")
MAC algorithms can be constructed from the following cryptographic primitives:
- cryptographic hash functions (e.g HMAC),
- block cipher algorithms (e.g. CBC-MAC, OMAC, PMAC),
- based on universal hashing (e.g. UMAC or VMAC), as they are very fast.
As a result, various standards exist that define MAC algorithms.
Hash-based Message Authentication Code
A Hash-based Message Authentication Code (HMAC), as defined in RFC 2104, is a specific type of message authentication code (MAC) involving a cryptographic hash function (h) and a secret cryptographic key (K), which can be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC.
Mixing the K and x values can be done in two ways:
- secret prefix (requires padding on input to prevent message modification)
- secret suffix (requires padding on output to prevent collisions -- even easier for an attacker)
General HMAC construction is as follows (using outer and inner hash, and '||' represents logical disjunction):
Taking care of padding of the keys (expanding keys denoted using the plus sign)
both ipad and opad of the size of the hash input length.
HMAC-based One-Time Password
The HMAC-based One-Time Password (HOTP) algorithm is an OTP algorithm based on hash-based message authentication codes (HMAC), it is defined in RFC 4226 and it is a freely available open standard.
- C is an 8-byte counter value, the moving factor. This counter MUST be synchronised between the HOTP generator (client) and the HOTP validator (server).
- K is a 128-bit shared secret key between client and server, unique for each HOTP generator.
- Truncate is a function that converts an HMAC-SHA-1 value into an HOTP value.
The disadvantage of the HOTP is that it requires users to carry around an extra token-generating device.
Time-based One-Time Password
The Time-based One-Time Password (TOTP) algorithm is an extension of the HOTP generating a one-time password by taking uniqueness from the current time, and defined in RFC 6238 and is used in a number of two-factor authentication systems.
After both HOTP parameters as well as the following TOTP parameters have been established between the authenticated and authenticator,
- T0 -- the Unix time from which to start counting time steps (the default value is 0),
- TX -- an interval which will be used to calculate the value of the counter CT (the default value is 30 seconds);
both parties can compute the TOTP value as follows:
where (T is the current Unix time)
When compared to the HOTP, the main benefit of the TOTP is that rather than using a counter to synchronise with clients, it uses time (an initialisation time and a time step).
- Steam (a TOTP with custom encoding).
- HOTP only in beta,
- but there are reasons to omit this one.
Google Authenticator is a software-based authenticator that supports
- but it is not opensource anymore since version 2.21,
- and only uses 80-bit secret key despite RFC 4226 requiring at least 128-bit, but recommending 160-bit key.