Presentation is loading. Please wait.

Presentation is loading. Please wait.

Time-base One-time Password Eddy Kleinjan, Data Access Europe.

Published byLee Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Time-base One-time Password Eddy Kleinjan, Data Access Europe."— Presentation transcript:

1 Time-base One-time Password Eddy Kleinjan, Data Access Europe

2 Authentication

3 Strong Security measures becomes standard Make sure you know who you are dealing with Identify the party Strong Security measures becomes standard Make sure you know who you are dealing with Identify the party

4 UserID and Password Password should be kept a secret What if … Someone gets access to the password? The users uses the same passwords in multiple places? Password should be kept a secret What if … Someone gets access to the password? The users uses the same passwords in multiple places?

5 Use 2 Factor Authentication (2FA) Something you know, something you have.. Enter User ID, Password and a Dynamically Generated Code Something you know, something you have.. Enter User ID, Password and a Dynamically Generated Code

6 Where to use 2 Factor Authentication?

7 Time-based One-Time Password (TOTP) Internet Engineering Task Force standard RFC 6238 TOTP hash-based message authentication code (HMAC)hash-based message authentication code Basic Implementation Takes a secret byte array as input; known by client and server Takes the current time in a 30 second windows Calculates a 6-digit code Internet Engineering Task Force standard RFC 6238 TOTP hash-based message authentication code (HMAC)hash-based message authentication code Basic Implementation Takes a secret byte array as input; known by client and server Takes the current time in a 30 second windows Calculates a 6-digit code

8 Message Authentication Code

9 TOTP Generators SMS Text Message Token Generator Device Authenticator Mobile App SMS Text Message Token Generator Device Authenticator Mobile App

10 Client Side Authenticator Apps Google Authenticator Microsoft Authenticator Authy Google Authenticator Microsoft Authenticator Authy

11 Client Side 102352

12 Server Side

13 Let’s see…

14 cOneTimePassword.pkg Implements cOneTimePassword class Uses DLL for encryption and encoding logic Implements cOneTimePassword class Uses DLL for encryption and encoding logic

15 cOneTimePassword Properties Property Integer piSecretCodeType otpDecodeNone Default None; options otpDecodeBase16, otpDecodeBase32 or otpDecodeBase64 Property Integer piDigitCount 6 Default = 6 bit; options 6, 7 or 8 Property Integer piHmacType otpHmacSha1 Default = otpHmacSha1; options otpHmacSha1, otpHmacSha256, otpHmacSha512 Property BigInt piEpoch Default = 0; options 0 or 1 Property BigInt piTime Default = 0 (now); otherwise number of seconds since unix time Property BigInt piStep 30 Default = 30 sec; step size for factor Property Integer piStepGraceCount 2 Default = 2; Defines maximum number piSteps code may fall outside current time when validating Property Integer piSecretCodeType otpDecodeNone Default None; options otpDecodeBase16, otpDecodeBase32 or otpDecodeBase64 Property Integer piDigitCount 6 Default = 6 bit; options 6, 7 or 8 Property Integer piHmacType otpHmacSha1 Default = otpHmacSha1; options otpHmacSha1, otpHmacSha256, otpHmacSha512 Property BigInt piEpoch Default = 0; options 0 or 1 Property BigInt piTime Default = 0 (now); otherwise number of seconds since unix time Property BigInt piStep 30 Default = 30 sec; step size for factor Property Integer piStepGraceCount 2 Default = 2; Defines maximum number piSteps code may fall outside current time when validating

16 cOneTimePassword Methods // To get current TOTP value based on passed secret Function TOTP String sSecret Returns current TOTP Code // To test entered Code; may be off by piStepGraceCount * piStep seconds Function IsValidTimeBasedOneTimePassword ; String sSecret String sCode Returns True/False // To get current TOTP value based on passed secret Function TOTP String sSecret Returns current TOTP Code // To test entered Code; may be off by piStepGraceCount * piStep seconds Function IsValidTimeBasedOneTimePassword ; String sSecret String sCode Returns True/False

17 Issue TOTP Details to User using URI Define the length of the code; 6, 7 or 8 digits Define the encryption algorithm: SHA-1; SHA-256; SHA-512 Define the time-window in seconds; default 30 seconds Share Secret Byte; base32 encoded URI: otpauth://totp/DFAUTH:guest@dataflex?secret=7K7I7JYE 3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV====&iss uer=DataFlex&algorithm=SHA256&digits=6&period=30 Define the length of the code; 6, 7 or 8 digits Define the encryption algorithm: SHA-1; SHA-256; SHA-512 Define the time-window in seconds; default 30 seconds Share Secret Byte; base32 encoded URI: otpauth://totp/DFAUTH:guest@dataflex?secret=7K7I7JYE 3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV====&iss uer=DataFlex&algorithm=SHA256&digits=6&period=30

18 Issue TOTP Details to User using URI 7K7I7JYE3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV==== Generate QR Code for Ease of use Scan using Authenticator App 7K7I7JYE3QTAUZXRB3ZRK32J5RLJU4MSUZOQMBSXEUXQRCO5C5SV==== Generate QR Code for Ease of use Scan using Authenticator App

19 Implement procedures How to Issue Secrets? Re-Issue Secrets? Password Reset? How to Issue Secrets? Re-Issue Secrets? Password Reset?

20 Questions?

21 Thank you!

Download ppt "Time-base One-time Password Eddy Kleinjan, Data Access Europe."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Multi-Factor Authentication Added protection for a more secure you Presenter: Jeff Penn.

Multi-Factor Authentication Added protection for a more secure you Presenter: Jeff Penn.
By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.

By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Real Security InterSwyft Technical information's.

Real Security InterSwyft Technical information's.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,

System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Similar presentations

Ads by Google