Experimental Study of DIGIPASS GO3 and the Security of Authentication
Date: December 2015 Publication: 9th International Conference on Passwords (Passwords15 London) Source 1: https://eprint.iacr.org/2015/609.pdf Source 2: https://eprint.iacr.org/2015/609.pdf Abstract or Summary:
Based on the analysis of 6-digit combinations(OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronisation system of the token, the OTP generating algorithm and the verification protocol in details essential for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is 8^{-5}. That is much higher than 10^{-6} which may be expected if all the digits are independent and uniformly distributed. The implications for the security of authentication are discussed and open questions are formulated. PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=ugvqd1Dn00Y
Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |