How does my online banking fob work?
September 24, 2008 4:48 PM Subscribe
How does my online banking fob work? Does it get numbers over-the-air or does it generate the according to some math I don't understand?
Background: to access my bank account on the web, I need to use the little electronic fob CitiBank sent me when I registered for online banking. The device generates a six-digit number every minute or so. But where does that number come from? Is the fob generating or receiving it?
I believe the way these work is they have a good clock, and encrypt the time with a private key. You type in the encrypted result, and CitiBank uses a public key to verify it. If your time is less than a few minutes ago it accepts you, so you don't need to hit enter before the number changes.
Does your fob have an RSA logo on it?
posted by aubilenon at 4:55 PM on September 24, 2008
Does your fob have an RSA logo on it?
posted by aubilenon at 4:55 PM on September 24, 2008
Best answer: These fobs are deterministic (which just means, it's not random but very much determined by way of a formula). The bank gives them a random seed to start off with, but from there on out, the numbers are generated according to a specific formula every x seconds. If you know the original seed and the formula, you just have to do the math to know what the fob will display at any given time.
The bank knows the seed and the formula, so when you enter your number, it just checks to see what it should be. If it matches, you have the fob. It's a very clever system.
posted by icebourg at 5:26 PM on September 24, 2008
The bank knows the seed and the formula, so when you enter your number, it just checks to see what it should be. If it matches, you have the fob. It's a very clever system.
posted by icebourg at 5:26 PM on September 24, 2008
You know what you need to listen to? The Security Now podcast on the TWiT network. Steve Gibson talks--at great length--about this exact topic. I'm sorry, I'm at work right now, so I don't have time to point you to the exact episodes (would have been earlier this year). But it is somewhere in here: http://twit.tv/sn
posted by wastelands at 5:40 PM on September 24, 2008 [1 favorite]
posted by wastelands at 5:40 PM on September 24, 2008 [1 favorite]
Best answer: The better wikipedia link might be this one.
posted by Netzapper at 7:39 PM on September 24, 2008
posted by Netzapper at 7:39 PM on September 24, 2008
Here is some more reading for you: Psuedorandom Number Generators. In particular the section on Periodicity discusses how the number generator can be initialized with a starting value called a "seed". From there the number generator will always generate the same sequence of numbers. The bank knows what number was seeded into your Fob. That coupled with the idea that the Fob and the bank's servers have precise and synchronized clocks allow them to know what number is on your Fob at any one point in time.
posted by mmascolino at 7:40 PM on September 24, 2008
posted by mmascolino at 7:40 PM on September 24, 2008
Best answer: 1. The bank orders a job lot of fobs from Security Company A, who also has software that can authenticate the fobs
2. The bank pulls a fob from the pile, and associates the serial number of the fob with your account, then sends the fob to you
3. You turn on the fob, and it uses an internal clock to generate a "passphrase" every minute
4. You type the passphrase into your web browser, which is sent from the webserver inside the bank to the fob security software.
5. The fob security software generates a set of possible responses for you (because the clock in the fob isn't perfect, and might run fast or slow a bit) and if your "passphrase" is one of those responses, accepts that it's you.
Now, some devices also do challenge/response authentication in which the fob software sends you a short "challenge" (usually a 4-digit number) and you have to type that into your fob and enter the result.
Some devices have to have a PIN entered before you can generate the time-synchronous passphrase, or the challenge-response passphrase.
Some devices work on the principal of the fob software accepting any of the next 4, 8, 16 or whatever responses that the fob might generate, and aren't time-linked at all.
It's all part of two-factor authentication which depends, usually, on "something you have" and "something you know".
posted by 5MeoCMP at 8:36 PM on September 24, 2008
2. The bank pulls a fob from the pile, and associates the serial number of the fob with your account, then sends the fob to you
3. You turn on the fob, and it uses an internal clock to generate a "passphrase" every minute
4. You type the passphrase into your web browser, which is sent from the webserver inside the bank to the fob security software.
5. The fob security software generates a set of possible responses for you (because the clock in the fob isn't perfect, and might run fast or slow a bit) and if your "passphrase" is one of those responses, accepts that it's you.
Now, some devices also do challenge/response authentication in which the fob software sends you a short "challenge" (usually a 4-digit number) and you have to type that into your fob and enter the result.
Some devices have to have a PIN entered before you can generate the time-synchronous passphrase, or the challenge-response passphrase.
Some devices work on the principal of the fob software accepting any of the next 4, 8, 16 or whatever responses that the fob might generate, and aren't time-linked at all.
It's all part of two-factor authentication which depends, usually, on "something you have" and "something you know".
posted by 5MeoCMP at 8:36 PM on September 24, 2008
There is a fairly good discussion of RSA SecurID's -- by far the most common security tokens in the U.S. outside the Government (which standardized on smart cards) -- here. Most of the ones in use today are of the type that uses AES, but older ones just used a proprietary hash algorithm. The older ones are easier to understand; once you grok how they work, understanding the newer ones is simple.
Basically it's just:
hash( currentTime + secretSeed ) => display
where currentTime comes from a clock, and secretSeed is stored in the device's ROM somewhere. On the server, it knows the seed, and also knows the time from its own clock, so it can compare the value and see if you have the token (or at least the token's seed!).
Where the system gets complex, and where RSA holds several key patents, is in correcting and compensating for clock drift. This is what lets the whole business work without having an atomic clock inside the key fob, or providing some channel for clock synchronization.
The weakness of this approach is that it's possible to attack it with Rainbow tables (or similar precomputation approaches), since there's only one random variable and it's only 64 bits long. As a result, the newer AES-based SecurIDs use a 128-bit seed and 32-bit salt. That creates a sufficiently large keyspace so as to make precomputation infeasible (at least, so goes the theory, I guess).
Except that they have to work around RSA's patents, I think most of the type-in-the-code fobs on the market are substantially similar to the SecurID.
posted by Kadin2048 at 8:53 PM on September 24, 2008
Basically it's just:
hash( currentTime + secretSeed ) => display
where currentTime comes from a clock, and secretSeed is stored in the device's ROM somewhere. On the server, it knows the seed, and also knows the time from its own clock, so it can compare the value and see if you have the token (or at least the token's seed!).
Where the system gets complex, and where RSA holds several key patents, is in correcting and compensating for clock drift. This is what lets the whole business work without having an atomic clock inside the key fob, or providing some channel for clock synchronization.
The weakness of this approach is that it's possible to attack it with Rainbow tables (or similar precomputation approaches), since there's only one random variable and it's only 64 bits long. As a result, the newer AES-based SecurIDs use a 128-bit seed and 32-bit salt. That creates a sufficiently large keyspace so as to make precomputation infeasible (at least, so goes the theory, I guess).
Except that they have to work around RSA's patents, I think most of the type-in-the-code fobs on the market are substantially similar to the SecurID.
posted by Kadin2048 at 8:53 PM on September 24, 2008
Some devices work on the principal of the fob software accepting any of the next 4, 8, 16 or whatever responses that the fob might generate, and aren't time-linked at all.
Radio garage door openers operate on this principle. Similar to what Kadin2048 says, they have an algorithm along the lines of:
Obviously you might press the button when you're out of radio range, so the receiver and transmitter might have different button press numbers. To deal with this, the receiver can work out the next 100 codes in the sequence, and will accept any of them - so if you press the button less than 100 times, the next press will still open the garage door. A combination lock with 100 different 'open' combinations might seem insecure, but when you consider the lock might have 2^128=several trillion trillion trillion possible combinations, it's no problem.
In case you accidentally press the button more than 100 times, if you send (say) the 200th code in the sequence the garage door won't open, but will note down the 200th code, and if you press the button again (to send the 201st code) it knows you have the right transmitter.
Obviously the weakness of this approach for bank security is if you leave your token unattended someone can copy down a number from it and that number is valid until you next log in with the token - unlike the time-synchronized versions where the number is only valid for a few minutes.
posted by Mike1024 at 1:25 AM on September 25, 2008 [1 favorite]
Radio garage door openers operate on this principle. Similar to what Kadin2048 says, they have an algorithm along the lines of:
hash( button press number + secretSeed ) => radio transmission- so every time you press the 'open door' button it transmits the next code in the sequence. The receiver remembers the last code, and hence the last button press number, so it knows the next code in the sequence to be looking for.
Obviously you might press the button when you're out of radio range, so the receiver and transmitter might have different button press numbers. To deal with this, the receiver can work out the next 100 codes in the sequence, and will accept any of them - so if you press the button less than 100 times, the next press will still open the garage door. A combination lock with 100 different 'open' combinations might seem insecure, but when you consider the lock might have 2^128=several trillion trillion trillion possible combinations, it's no problem.
In case you accidentally press the button more than 100 times, if you send (say) the 200th code in the sequence the garage door won't open, but will note down the 200th code, and if you press the button again (to send the 201st code) it knows you have the right transmitter.
Obviously the weakness of this approach for bank security is if you leave your token unattended someone can copy down a number from it and that number is valid until you next log in with the token - unlike the time-synchronized versions where the number is only valid for a few minutes.
posted by Mike1024 at 1:25 AM on September 25, 2008 [1 favorite]
A similar system to the fob, yet far simpler is what some european banks use. They send you a little piece of paper with a list of codes. Everytime you make a transaction online, you have to confirm it by entering one of these codes. Each code can only be used once, so you cross it off. When you have used up most of your codes, the bank automatically sends you a new code list.
In both systems, the bank generates a list of valid codes, and sends them to you via a secure channel in order to provide an additional obstacle to someone attempting to impersonate you.
posted by kamelhoecker at 7:20 AM on September 25, 2008
In both systems, the bank generates a list of valid codes, and sends them to you via a secure channel in order to provide an additional obstacle to someone attempting to impersonate you.
posted by kamelhoecker at 7:20 AM on September 25, 2008
In Switzerland, you have a device that takes your ATM card. You enter you pin to that, and log on to banking site. Then they provide a challenge number, you enter in to your device, which then gives the magic number. Then, as you press enter, you click your heels three times, chanting "I love my bank".
posted by Goofyy at 7:56 AM on September 25, 2008
posted by Goofyy at 7:56 AM on September 25, 2008
I've found with my key fob, I can just enter the same number it's given me over and over. Which really makes me hate this particular bit of security theater, but makes it easier for 1Password to automatically log me in.
posted by ewagoner at 8:15 AM on September 25, 2008
posted by ewagoner at 8:15 AM on September 25, 2008
I can just enter the same number it's given me over and over
You really need to report that to whoever issued you the fob. It means they've left their implementation in testing (deactivated) mode. The number should not be valid for more than 120 seconds.
posted by dmd at 9:26 AM on September 25, 2008
You really need to report that to whoever issued you the fob. It means they've left their implementation in testing (deactivated) mode. The number should not be valid for more than 120 seconds.
posted by dmd at 9:26 AM on September 25, 2008
This thread is closed to new comments.
posted by the dief at 4:55 PM on September 24, 2008