Paper 2015/609

Experimental Study of DIGIPASS GO3 and the Security of Authentication

Igor Semaev

Abstract

Based on the analysis of 6-digit one-time passwords(OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronisation system of the token, the OTP generating algorithm and the verification protocol in details essential for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is 85. That is much higher than 106 which may be expected if all the digits are independent and uniformly distributed. Under natural assumptions even in a relatively small bank or company with 104 customers the number of compromised accounts during a year may be more than 100.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
authentication codes
Contact author(s)
igor @ ii uib no
History
2015-06-28: received
Short URL
https://ia.cr/2015/609
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/609,
      author = {Igor Semaev},
      title = {Experimental Study of {DIGIPASS} {GO3} and the Security of Authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/609},
      year = {2015},
      url = {https://eprint.iacr.org/2015/609}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.