## [Crypto] Two factor auth, RSA tokens

My bank gave me this:

To login to my bank's website I should supply my contract's number, password and the number on token's display, which changes every minute. This is also a bar (like network strength bar on cellular phone) that shows, when the next change will happen.

I kept it on my desk all the time, using it for fortune-telling purposes. Instead of crystall ball, magic 8-ball, tarot cards, etc.

It's interesting that it can be implemented easily.

There is a counter in the token, counting minutes. At each moment, it shows how many minutes lasted from the 'startup' or 'boot'.

There is also a key. Let's say, a 128-bit key. The key is known only to bank. It's also contained in token's ROM. Ideally, it's not shared with anyone else.

A token runs AES encryption function with this secret key. Using minutes counter as a input data to encrypt. (This is close to CTR encryption mode.)

On the other hand, this is very close to CPRNG.

The result is used partially. Take first 6 digits, for example. Of course, this number can't be very long -- user have to input it no more than in 10 seconds.

The number is sent to your bank via Internet. Bank has a secret key. It also knows, when your token was 'started' or 'booted'. It can calculate precise number of minutes lasted until that moment. It does the same encryption operation and gets the 6-digit number. And compare them both.

This is why it's required for cryptoalgorithms to be simple and efficient -- so they can run on a cheap low-power circuits. My token worked for several years before the battery died.

Probably, its power consumption is comparable to a cheap digital watch, I believe. (Ideally it's curcuit shouldn't be more complex than the one of digital watch.)

### Attacks

• Brute force. Collect as many 6-digit numbers as possible. Enumerate all 128-bits for key and find the one... Unreal, of course. But feasible if an old-school cipher is used, like DES.
• Side-channel attack. Measure power consumption during work. But it may be required to disconnect the battery.
• Decapsulation. Expensive, but possible. (Read Ken Shirriff's blog.)
• Stealing your token. But blocking it at the server is also quick and easy.
• Breaking into the bank server and stealing everything, including these keys.

Of course, token manufacturers trying to protect tokens from side-channel attacks and decapsulations.

### Using hash function

Like SHA2, SHA3...

$hash(Secret\_key + counter) \mod 10^6$

$hash(Secret\_key \oplus counter) \mod 10^6$

$hash(Secret\_key || counter) \mod 10^6$

(Two pipes '||' are used in cryptographical (text)books for concatenation.)

Yes, I know about these lousy Disqus ads. Please use adblocker. I would consider to subscribe to 'pro' version of Disqus if the signal/noise ratio in comments would be good enough.