[Resource Topic] 2015/609: Experimental Study of DIGIPASS GO3 and the Security of Authentication

Welcome to the resource topic for 2015/609

Title:
Experimental Study of DIGIPASS GO3 and the Security of Authentication

Authors: Igor Semaev

Abstract:

Based on the analysis of 6-digit one-time passwords(OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronisation system of the token, the OTP generating algorithm and the verification protocol in details essential for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is 8^{-5}. That is much higher than 10^{-6} which may be expected if all the digits are independent and uniformly distributed. Under natural assumptions even in a relatively small bank or company with 10^4 customers the number of compromised accounts during a year may be more than 100.

ePrint: https://eprint.iacr.org/2015/609

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .