Time-base One-time Password Eddy Kleinjan, Data Access Europe.

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Digital Signatures and Hash Functions. Digital Signatures.
Software Certification and Attestation Rajat Moona Director General, C-DAC.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Multi-Factor Authentication Added protection for a more secure you Presenter: Jeff Penn.
By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Authentication Approaches over Internet Jia Li
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Real Security InterSwyft Technical information's.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Overview and Applications
Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.
Kerberos Guilin Wang School of Computer Science 03 Dec
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Firewall firewalls Is a program on your computer to protect your computer from all types of threats and if you have a server and you wasn’t to protect.
Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Validation final steps Stopping gaps being entered in an input.
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
Adxstudio Portals Training
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Two-Factor Autentication myUTSA ID+ It takes two!.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
Technical Devices for Security Management Kathryn Hockman COSC 481.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
INTERNET APPLICATIONS CPIT405 Forms, Internal links, meta tags, search engine friendly websites.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
LAB#6 MAC & MASSAGE DIGEST CPIT 425. Message Authentication 2  Message authentication is a mechanism used to verify the integrity of a message.  Message.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.
CS520 Web Programming Declarative Security (I) Chengyu Sun California State University, Los Angeles.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
CLOUDENTIFY.
SAP Authentication 365 Run Simpler with SAP Digital Interconnect
Fear and Loathing of 2fa Igor Bulatenko.
Cryptographic Hash Function
PPP – Point to Point Protocol
APPLE TWO STEP VERIFICATION CHANGE PHONE NUMBER Please read the following presentation on any help on Apple two step verification change phone number.
Network Security – Kerberos
Agenda OAuth Concepts Programming OAuth.
Using Two Factor Authentication To Secure Users Alan P. Barber
Office 365 Development.
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
HR Portal: What’s New? What’s Next?
MyLion Registration Website | Mobile device
Operating Systems Concepts
Presentation transcript:

Time-base One-time Password Eddy Kleinjan, Data Access Europe

Authentication

Strong Security measures becomes standard Make sure you know who you are dealing with Identify the party Strong Security measures becomes standard Make sure you know who you are dealing with Identify the party

UserID and Password Password should be kept a secret What if … Someone gets access to the password? The users uses the same passwords in multiple places? Password should be kept a secret What if … Someone gets access to the password? The users uses the same passwords in multiple places?

Use 2 Factor Authentication (2FA) Something you know, something you have.. Enter User ID, Password and a Dynamically Generated Code Something you know, something you have.. Enter User ID, Password and a Dynamically Generated Code

Where to use 2 Factor Authentication?

Time-based One-Time Password (TOTP) Internet Engineering Task Force standard RFC 6238 TOTP hash-based message authentication code (HMAC)hash-based message authentication code Basic Implementation Takes a secret byte array as input; known by client and server Takes the current time in a 30 second windows Calculates a 6-digit code Internet Engineering Task Force standard RFC 6238 TOTP hash-based message authentication code (HMAC)hash-based message authentication code Basic Implementation Takes a secret byte array as input; known by client and server Takes the current time in a 30 second windows Calculates a 6-digit code

Message Authentication Code

TOTP Generators SMS Text Message Token Generator Device Authenticator Mobile App SMS Text Message Token Generator Device Authenticator Mobile App

Client Side Authenticator Apps Google Authenticator Microsoft Authenticator Authy Google Authenticator Microsoft Authenticator Authy

Client Side

Server Side

Let’s see…

cOneTimePassword.pkg Implements cOneTimePassword class Uses DLL for encryption and encoding logic Implements cOneTimePassword class Uses DLL for encryption and encoding logic

cOneTimePassword Properties Property Integer piSecretCodeType otpDecodeNone Default None; options otpDecodeBase16, otpDecodeBase32 or otpDecodeBase64 Property Integer piDigitCount 6 Default = 6 bit; options 6, 7 or 8 Property Integer piHmacType otpHmacSha1 Default = otpHmacSha1; options otpHmacSha1, otpHmacSha256, otpHmacSha512 Property BigInt piEpoch Default = 0; options 0 or 1 Property BigInt piTime Default = 0 (now); otherwise number of seconds since unix time Property BigInt piStep 30 Default = 30 sec; step size for factor Property Integer piStepGraceCount 2 Default = 2; Defines maximum number piSteps code may fall outside current time when validating Property Integer piSecretCodeType otpDecodeNone Default None; options otpDecodeBase16, otpDecodeBase32 or otpDecodeBase64 Property Integer piDigitCount 6 Default = 6 bit; options 6, 7 or 8 Property Integer piHmacType otpHmacSha1 Default = otpHmacSha1; options otpHmacSha1, otpHmacSha256, otpHmacSha512 Property BigInt piEpoch Default = 0; options 0 or 1 Property BigInt piTime Default = 0 (now); otherwise number of seconds since unix time Property BigInt piStep 30 Default = 30 sec; step size for factor Property Integer piStepGraceCount 2 Default = 2; Defines maximum number piSteps code may fall outside current time when validating

cOneTimePassword Methods // To get current TOTP value based on passed secret Function TOTP String sSecret Returns current TOTP Code // To test entered Code; may be off by piStepGraceCount * piStep seconds Function IsValidTimeBasedOneTimePassword ; String sSecret String sCode Returns True/False // To get current TOTP value based on passed secret Function TOTP String sSecret Returns current TOTP Code // To test entered Code; may be off by piStepGraceCount * piStep seconds Function IsValidTimeBasedOneTimePassword ; String sSecret String sCode Returns True/False

Issue TOTP Details to User using URI Define the length of the code; 6, 7 or 8 digits Define the encryption algorithm: SHA-1; SHA-256; SHA-512 Define the time-window in seconds; default 30 seconds Share Secret Byte; base32 encoded URI: 3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV====&iss uer=DataFlex&algorithm=SHA256&digits=6&period=30 Define the length of the code; 6, 7 or 8 digits Define the encryption algorithm: SHA-1; SHA-256; SHA-512 Define the time-window in seconds; default 30 seconds Share Secret Byte; base32 encoded URI: 3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV====&iss uer=DataFlex&algorithm=SHA256&digits=6&period=30

Issue TOTP Details to User using URI 7K7I7JYE3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV==== Generate QR Code for Ease of use Scan using Authenticator App 7K7I7JYE3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV==== Generate QR Code for Ease of use Scan using Authenticator App

Implement procedures How to Issue Secrets? Re-Issue Secrets? Password Reset? How to Issue Secrets? Re-Issue Secrets? Password Reset?

Questions?

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.