[Cryptography] Clever physical 2nd-factor authentication

Jerry Leichter leichter at lrw.com
Thu Apr 3 05:21:12 EDT 2014 

On Apr 2, 2014, at 7:37 PM, Joseph Ashwood <ashwood at msn.com> wrote:
I have nothing to do with this system and am not in a position to defend it, but I don't like to see things dismissed without examination.

Consider the passive attack:  You assume that by matching up the data sent with the numbers the user sends back, you can figure out at least one segment on the card.  But if you read the description of the system (especially in the white paper), you'll see it's not quite that simple.  They send a bunch of random segments which produce nothing readable, then the actual digit, then more random segments, then another digit, etc.  Listening in, you have no way to know which of the data sent is deliberate noise, and which will produce a segment.  (That's not quite true:  The random noise cannot contain anything that encodes a digit, so it differs statistically from the actual digits.  This would actually provide an attack, though it would take many more samples than you count.)

They are also explicit that they only consider a card valid for some fixed number of challenges.  You count about 400 such challenges, using an attack that the random confounders prevent.  I haven't gone through the arithmetic to see what they mechanism could conceivably produce, but even if they get, say, a factor of 10, it would be realistic to replace a card after 2000 uses and have a large safety margin.  (In fact, the white paper indicates that the server itself effectively simulates such an attack, and will cause a new card to be issued when too much information has leaked.  The server, of course, is the perfect attacker in this scenario; a real MITM would likely miss some authentication events.)

An active attack would be much more powerful, but also much harder to carry out.  The user would notice if he validated and repeated failed to get connected to the appropriate site - and until you've actually figured out enough of his card pattern, you can't act as a MITM beyond the faked authentication prompts.

Anyway, it would probably be a good idea to read the white paper for some details of what the system does before announcing attacks against it.

                                                        -- Jerry

More information about the cryptography mailing list