General security

One-time passwords with token

August 21, 2013 by Dawid Czagan

1. Introduction

One-time passwords are used to achieve higher security than traditional static passwords. They’re often generated by tokens. This article presents how tokens (synchronous and asynchronous) can be used to generate one-time passwords. Moreover, it describes a one-time password system that solves the scalability problem with tokens.

2. Identification and authentication

When the user wants to get access to the system, he typically enters a username (identification) and static password (authentication). The authentication can be related to something the user:

  • knows (e.g. static password)
  • has (e.g. token or mobile)
  • is (e.g. iris scan)

Single-factor authentication takes place when only one of the aforementioned things is taken into account while authenticating the user. The strongest authentication uses all of them and is called three-factor authentication.

A token based one-time password system is a transformation from something the user knows (static password) to something the user has (token). Consequently, the user doesn’t have to remember passwords, which are generated by the token.

3. User vs. static passwords

When the attacker gets the static password of the user, he can use it within its lifetime. Many people never change the password. Then, the attacker can impersonate the user for an unlimited time. It isn’t much better when an organization changes passwords every month. It still gives the attacker a lot of time to perform malicious actions.

People are advised to use strong passwords (a long mixture of lower and upper case letters, digits, special characters; the more random it is the better), which should be unique for every system. This is fine from a security point of view, but unusable from a user point of view. As a result, people write the passwords down, stick them on the monitor or hide under the keyboard. They also use the same password for different systems. When this is the case, the attacker can automatically impersonate the user in many places.

Let’s analyze the aforementioned problems when one-time passwords are used.

4. User vs. One-time passwords

One-time password (also called a dynamic password) should be randomly generated and is used only once. When this password has already been used, it is useless for the attacker (replay attack is prevented).

The user doesn’t have to manage/remember one-time passwords. The one-time password is generated by the token and presented to the user if he needs to authenticate. Then the passwords are not taken down or hidden under the keyboard. In addition to this the user doesn’t use the same password for many services. Consequently, the attacker cannot automatically impersonate the user in many places.

5. One-time passwords with synchronous token

Time or a counter is used to synchronize the token and the authentication server which share a secret key. Let’s assume that time based synchronization is used. Then the secret key and time are used to create the one-time password. The user enters username and the one-time password generated by token to get access to the system. The one-time password might have limited lifetime (for example 60 seconds). When this is the case, the attacker who has learnt the one-time password can use it only within this time range.

6. One-time passwords with asynchronous token

The challenge/response mechanism is used to generate one-time passwords. The authentication server and the user share a secret key. The challenge is sent to the user who enters it into the token. The challenge and the secret key are used to generate the one-time password (the response). Then the user enters username and this one-time password to get access to the system. The authentication server checks if the one-time password it has received matches the expected value.

7. Token and two factor authentication

The authentication with a token is based on what the user has (single factor authentication). The problem occurs, when the token is stolen (the attacker can impersonate the user). That’s why it’s recommended to enter the PIN before using the token. Then stronger authentication is achieved (two factor authentication – something the user has (token) and something the user knows (PIN)).

The another approach might be combining one-time passwords generated by a token with static password to achieve two factor authentication. Static password is something the user knows, token is something the user has. If the attacker learns the static password of the user, he can’t impersonate him, because he doesn’t control the user’s token.

8. Solving a scalability problem with tokens

The user doesn’t want to have N tokens to access N services (scalability problem). This section shows how a single private key stored on the smart card can be used to create one-time password system that is scalable.

The authentication server can generate a one-time password and encrypt it with the public key of the user. The user is the only one, who can decrypt it, because only he knows the corresponding private key. The user decrypts the one-time password and sends it to the authentication server. The authentication server checks whether the one-time password it has received matches the one previously generated. If they match, the user is authenticated. This is called zero knowledge proof – the user doesn’t have to show the private key in order to prove that he holds this key. Only the user knows the private key. That’s why the non-repudiation is satisfied. Only one private key can be used to get access to many systems. Thus the scalability problem is solved.

Once the private key is stolen, the security is broken. That’s why the private key should be securely stored. At first glance, modern smartphones seem to be a good choice for storing the private key – they are ubiquitous and no extra device would be needed for the purpose of authentication. But they are multifunctional devices and have the same security problems as personal computers. That’s why it’s proposed to use a dedicated device for user authentication.
When a dedicated device is used, the risk of stealing the private key is reduced as a consequence of complexity reduction. That’s why it’s recommended to store the private key on the smart card. The private key doesn’t leave the smart card while the one-time password is being decrypted.

9. Conclusions

One-time passwords (also called dynamic passwords) are more secure then static ones. Synchronous and asynchronous tokens can be used to generate one-time passwords. When tokens are used, it is recommended to use them together with PIN or static password to achieve two factor authentication. Zero knowledge proof can be used to create a one-time password system that solves the scalability problem with tokens. Then it is recommended to store the private key on the smart card to minimize the risk of stealing it.

Posted: August 21, 2013
Dawid Czagan
View Profile

Dawid Czagan (@dawidczagan) has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, BlackBerry and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing services with a results-driven approach. He also works as Security Architect at Future Processing. Dawid shares his bug hunting experience in his workshop entitled "Hacking web applications - case studies of award-winning bugs in Google, Yahoo, Mozilla and more". To find out about the latest in Dawid's work, you are invited to visit his blog ( and follow him on Twitter (@dawidczagan).