One time password

1
One time password
???? ?"? ???? ??????
?????? ???? ????? 034080408 ???
???'? 031374697
2
?? ?? ???? ?

• ????????

• ???? ?????? ????????

• ??????? ??????? ???????

• ???????? ?- s/key

• ????? ???????? ?- s/key

• OPIE

• RFC 2289

• ????? ??????? ?????? ?? cyota

3
????????

• ???????? ???? ???????? ???????? ???????.
• 95 ??????????? ??????? ?"? ????? ?????? ?????
  ?????? ????? ?????, ?? ????? ?????? ?????? ??????
  ???? 28.
• ????? ?????? ??????? ????? ???????? (?? ????? ???
  ????) ???? ??? ?????.

• ?????? ?????? ?????? ??????? ??????? ?????.

4
?????? ????? ?????
?????? ????????
?????? ?????
?????? ?????
5
?? ???? ??? ?????????? ?????? ?
????? (??? ????? ??????)
?????
?????? ??????
6
??????? ?????

• ????? ???? ???? ???? ?????? ????? ?? ?????, ???
  ????? ???? ?????? ????, ???? ?????? ????? ???
  ?????.
• ???? ?????????? - ??? ???? ??????, ??? ????
  ?????.
• ????? ????? ??? ??????, ???? ??????? ?????.

7
??????? ??????? ????????

• ????? ?????? ???? ??????? ?????? ???? ???????
  ????.
• ????? ??????? - ?????? ??????? ?????? ???? ????
  ?????? ???? ?????? ??????? ????????.
• ????? ?????? ????? ?????? ?????? ?????? ?????
  ???????? ?? ?????? ??? ????.

8
???? ??????
2 ?????
???????
????????
???? ?????? ?? ???? ?? ?????? ???????
???? ???????? ??"? ?? ???? ?? ????? ??????.
????? ????, "?????" ??????? ?? ?? ???? ???? ???
??? ?????? ????? ????? ????.
9
??? ??????? ?? ?????? ??????? ?

• ????? ?????? ???? ???? ??? ??????.
• ?? ?????? ?????? ????? ???? ????? ?????.

One time password
10
One time password- ?????

• ????? ?? ????? (OTP).
• ??? ????? ????? ????? ????, ??? ????? ??????
  ????? ????? ????? ?????? ?"? ????? ????? ?/??
  ????? ??????? ?????? ??? ?????.
• ??? ???????? ????? ?? ?????? ????? ????? ?? ?????
  ????.

11
????? ????? ??????

• ?????? ????? ??????? ?????? ????? ????? ??????.
• ????? ?????????? ?????? ?????? ??????.
• something you know (your secret)
• ????? ?????? ?????? (?????? ????? ???) ??????
  ???? ??????? ????? ???? ????? ?? ????????.
• something you have (physical device )

12
??? ????????...

• S/key ???? ????????? ?????? ????? ?"? .Bellcore
• ???? 1994 ????? Bellcore ???? ???? ????? ??????
  ?? S/key .
• ?????????? ?????? ??????? ????????
• OPIE (1998)
• RFC 2289 (1998)

13
?????????? - ??????

• User-id - ?????? ????? ??? ?????? ?????? ?- UNIX
  ?? ????? (login name).
• Sequence number ???? ????? ?"? ??????, ???
  ?????? ??????? ???? ?? ??? ???? (N).
• seed ?????? ?????? ?"? ????, ???? ????? 2
  ?????? ?-4 ?????? (?????? (ab1234
• challenge ????????? ?? ?- seed ??- Sequence
  number
• Response ??? ?????? ?-6 ????? ?????? ???
  ?????.
• Pass phrase ?????? ??????? ????? ??? ?????
  ??????, ???? ????? ???? ???.

14
???????? s/key

• ???????? ????? ??????? ?? ?????? ???? ??? ??
  ?????? ???? ?????? ???????.

• ???? ?????? ???? (?? ????) ??? ????? unix
• ??? ???? ????? ????.

• ?????? ?????? ?? ????? ??????? ??????? hash

15
??? ???????? hash?

• ??????? ???? ?????? ?????? ???? ?? ??? ??????
  ?????? ????.
• ?????? yf(x)
• ????? ???? y ?????? ???? x ????? ??????, ????
  ????? ???? x ?????? y ????? ?????.
• ????????? s/key ???????? hash ?? 2 ?????
  ???????.
• ????????? ???? ?????? ??? MD4 ????? ???? ?????
  ?????? ????? ????? ?????? 16 ???? ???? .
• ????????? s/key ???????? ????? 8 ???? ????
  ??????? 8 ???? ???? .

64
16
?????? ?????? ?????????

• ???? (client) ????? ?? ?- pass phrase .
• ??? (server)- ???? challenge ????? ?? ????????
  ???????? ??????, ???? ?? ?- OTP ?????? ?????? ??
  ???? ?-OTP ?????? ??????.
• ????? (generator)- ????? ?? ?-OTP ?????? ??- pass
  phrase ???- challenge ????? ?????.

17
????? ?????? ?????????

• ??? ?????? ((initial step
• ????? ?????? ???????? ?? ???? ??? ?????, ????
  ??? ?? ???? S.
• ??? ?????? (computation step)
• ????? ??????? hash ?????? ?????? ?"? ????, ?????
  ??? ?? ???? ?-OTP.

18
initial step
???? 10 ?? 63 ?????
?????
?????
Pass phrase
MD4
S

Challenge Pass phrase
challenge
???

• Seed ???? ????? ?????
• ??????????? ??? ???????
• ????? ??? ??? 1 ?-16 ?????

19
initial step

• ?????? ????? ?? ?- pass phrase .
• ???? ????? ?????? challenge ????? ?? ?-seed ???
  ?- .sequence number
• ?- pass phrase ????? ??????? ?- seed ?"? ????????
  MD4 ?????? S.

???? ?- challenge
OTP ltalgorithmgt lt sequence numbergt lt seedgt
20
computation step

• Pi-????? ?? ????? ??????? ????????? ?- i.
• S- ????? ???? ???????.
• N- ? sequence number.

21
computation step

• ??? ?????? (????????? ??????? ???????)
• ???? ?? ?????? ????? ?-OTP ??????? ???? P0f
  (s)
• ???? ????? ?? P0
• ??? ?????? (????? ?- N-1 ?????????? ?????)
• (s) P1f

N
N-1
???? ????? ?? ?????? Pi?? ???? ???? ???
?????? ???? ???? ???? ??? S
. . .
(s) Pif
N-i
22
????? ????

• ??? ?????? ???? ???? ??????, ??? ????? ??????
  ?-OTP ??????? ?? ?-OTP ?????????? ???????.
• ???? ????? ?? ?- OTP ???? ?????? ??????? ?-64
  ????? ?????? ???? ?? ??????? ?-hash.
• ?? ?????? ??????? ?????? ?- OTP ??????? ?????
  ??????? ?????? ????? ??- OTP ???? ?????? ??????
  ???.

23
????? ???? - ?????
????? ???? ???? ????
?? ???? ?? ?????? ????, ???? ???? ????? ????
???? ???? ?? ???? ??
?????? ????, ???? ???? ??? ????... ????? ????
???? ???? ?? ???? ??
?????? ????, ???? ????
P0 f(P1)
P1
P1
P1 f(P2)
P2
P2
Pi f(Pi1)
Pi1
Pi1
???? i ????? ???? ????? ?? ?????? ????
24
??????? ?- s/key

• ?????? ???? ????? ???? ????? ??????? ????? (???
  ????? ?? ???? ????).

• ?? ??????- ?????? ????? ???? ???????? ??????.

• ???????? ?? ????- ????? ??? ????? ??? ????? ???,
  ????? ?????????? ???? ???? ???? ???? ??? ?? ?????.

25
??????? ?- s/key

• ?? ???? ?????? ????????.

• MD4 ????? ????????? ?? ???? ??????? ( ?????? ??
  MD5 ? SHA )

26
?????? ? s/key-

• OPIE - ??? ????????? s/key ?? ????? ?"?
  ???????? MD5
• - RFC 2289 ???? ??? ???? ????????? ????? ?-3
  ?????????? MD5 , MD4 ? SHA .

27
RFC- 2289

• ?"? ????? ?? ???? ??? ?????????, ??? ?? ???? ???
  ???????? ?????? ???? ??? ??????.
• ?????? ????? 64 ????? ??????? ?? ?????? ???
  ?????.
• ?- OTP ???? ?"? ?????? ???? ?? 6 ????? ?????
  ???????? ?????? ????.
• ?? ???? ????? ?????? ????? 2048 ?????, ?? ????
  ????? 11 ?????.
• ?????? ????? ?? ????? 6 ????? ,?? ???? ????? 11
  ?????, ??"? 66 ?????.

28
RFC- 2289

• ???? ??????? ?? ???? ????? 64 ?????,??? ??????
  ??????? ????? ?????? ?- check sum.
• 64 ?????? ???? ?????, ?-2 ?????? ???????? ??
  ????? ??????? ?-2 ?????? ???????? ?? ?-OTP (6
  ??????).
• ?? ????? ???? ???? ?? ?-check sum ??? ??? ????
  ???? ?? ?- check sum ?????? ???? ?????? ?????? ??
  ?- OTP .
• ??? ?? ????? ????? ???? ?? ??? ??????.

29
????? ??????? - ???????

• ???????, ????? ??????? ???? ??????? ???? 25 ???,
  ????? ?? ????? ?- SecureClick ?? ???? .cyota

• ????? ????? ????? ?? ???? ??????? ??? ?????
  "?????" ????? ????? ???????? ?"? ????? ?-OTP

• cyota ????? ??????? ?????? ??????? ???????
  ????????.

30
????? ??????? - ???????
cyota SecureSuite ???? ???????? ????? ???????
?????? ?????? ????? ???? ???? ?? ???? ??????
????? ???????? ????? ???? ????, ????????? ???'
31
Acquiring bank
merchant
6
11
7
12
5
10
2
1
8
3
9
4
Surrogate number server
Issuing bank
cardholder
32
???? ???? ?- cyota SecureClick ?

• ?????? ???? ?? ????? ?????.
• ?- SecureClick ???????? ????? ????? ???? ??????
  ?? ??????????.
• ?- SecureClick ????? ?????? ??? ???? ?????
  ???????.
• ???? ????? ?? ???? ??? ?????? ????? ???? ?????
  ?????? ???????? ?? ?????? ??????? ??.
• ?? ???? ????? ????? ??????? ???? ????? ?????.
• ????? ???? ?? ?????? ????? ????? ?????? ?? ?????
  ??????? ?- Acquiring bank .
• ????? ????? ???? ????? ??????? ???? ????????.

33
???? ???? ?- cyota SecureClick ?

• ?????? ?????? ???? ????? ???????, ?????? ?? ?????
  ??????? ????? ?????? ??????, ???? ?????? ???
  ?????.
• ???? ????? ????? ?????? ????? ???? ????? ???????.
• ????? ??????? ????? ?- Acquiring bank .
• ?- Acquiring bank ????? ?? ????? ?????.
• ????? ????? ???? ?????? ??????? ?????.

34
cyota SecureClick
35
The end