One-Time Password System for Network based Services

Abstract

One Time Password Systems are quite interesting for Server/Client connections. As each authentication operation requires a new password. Therefor a Challenge/Response mechanism has to be implemented, with all it pro and cons.

A One Time Password System provides a means of secure user authentication and authorization for network based services. It has been described in RFC 2289. Over the years this RFC has been extended by a few Requests for Comments, like RFC 2444, The One Time Password SASL Mechanism, RFC 4226, HOTP HIMAC-based One Time Password and RFC 6238, a Time-Based One Time Password Algorithm. In his Blog describes Michael Schwartzkopff a TOTP implementation.

Technical specifications for network based services like SMTP, IMAP, POP3, and LDAP require authentication mechanisms as provided by a Simple Authentication and Security Layer. This paper discusses the use of the SASL Mechanism OTP in conjunction with OPIE One Time Passwords in Everything. In principle OPIE is a challenge response system with MD5 hashed passwords. Based on this hashed password, for every session a new challenge is generated. The package OPIE comes with its own tools

  • opiekey
  • opiepasswd
  • opieinfo
  • opielogin
  • opieaccess

In order to initiate an opie account, the tool opiepasswd is required.

$ opiepasswd -n 499 userName

This will ask for a password and generate a random seed.

The commandline tool opiekey expects hash method, sequence number, seed

$ opiekey otp-md5 492 pi6194

This will generate a 'six word' challenge, alternatively a hexadecimal challenge, if the flag -t hex is added.

To check the sequence number and seed, the tool opieinfo will check the file /etc/opiekeys.

$ opieinfo
 492 pi6194

A more comfortable Tool is the Android App Opiekey from Daniel Tryba.

Warning

The security of SASL OTP and OPIE today is disputable, as the plaintext file /etc/opiekeys contains hashed password values and sequence numbers of each user. And SASL OTP only supports MD5 and SHA1 hashing algorithms,

Although there are some clients that support SASL Authentication Mechanisms like DIGEST-MD5, PLAIN, LOGIN GSSAPI for network based services, there are no decent Client Tools yet that provide SASL OTP Authentication. I therefore will demonstrate the appropriate procedures, just as proof of concept.

Authentication Procedure with Postfix

In order to announce lists of SASL Mechanisms to use, the file /etc/sasl2/smtpd.conf has to be edited, or wherever your sasl library expects the service configuration file:

$ # pwcheck_method: saslauthd
  mech_list: plain otp

I will run opiekey on my android smartphone, as the app opiekey is installed. My private passphrase is stored within this application, the hash method otp-md5 and the seed are stored as well, so all I have to do is modifying the sequence number and run the calculation. The resulted challenge is a six-word character string.

CASK RODE BOLT NEWT SMOG DENT

Next a base64 hashed string of the authenticationID and autorizationID has to be created:

$ printf 'dieter\0dieter' | mmencode
  ZGlldGVyAGRpZXRlcg==

and a base64 hashed string of the generated challenge:

$ printf 'CASK RODE BOLT NEWT SMOG DENT' | mmencode
  Q0FTSyBST0RFIEJPTFQgTkVXVCBTTU9HIERFTlQ=

A telnet to localhost on port 25 opens a connection to postfix smtpd, the following shows the complete dialog with smtpd:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ telnet localhost 25
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  220 pink.avci.de ESMTP
  ehlo localhost
  250-pink.avci.de
  250-PIPELINING
  250-SIZE
  250-ETRN
  250-AUTH PLAIN OTP
  250-ENHANCEDSTATUSCODES
  250-8BITMIME
 250 DSN
 auth otp
 334
 ZGlldGVyAGRpZXRlcg==
 334 b3RwLW1kNSA0OTIgcGk2MTk0IGV4dA==
 Q0FTSyBST0RFIEJPTFQgTkVXVCBTTU9HIERFTlQ=
 235 2.7.0 Authentication successful
 quit
 221 2.0.0 Bye

I think this smtpd procedure is quite clear.

  1. line nr. 15: a 'auth otp' is requested
  2. line nr. 16: the answer is 334
  3. line nr. 17: the base64 string containing authID and authzID is via cut and paste inserted
  4. line nr. 18: the result is the valid hash method, sequence number and seed (otp-md5 492 pi6194 ext)
  5. line nr. 19: the generated 'six word' challenge.
$ mmencode -u
  b3RwLW1kNSA0OTIgcGk2MTk0IGV4dA==
  otp-md5 492 pi6194 ext
  1. last, the base64 hashed challenge is inserted
  2. the result is success!

I must admit, this procedure is quite cumbersome, but this is just a proof of concept.

Authentication Procedure with OpenLDAP

The authentication procedure with OpenLDAP is not so cumbersome as with Postfix. The available SASL Mechanisms have to be announced in the file /etc/sasl2/slapd.conf

$ mech_list: digest-md5 cram-md5 external otp
  auxprop_plugin: slapd

Again I run my android app, modify the sequence number and run the calculation, which results in a six-word challenge:

$ LEAN FED HOT BORE COCK SAM

In order to test SASL OTP I will run ldapwhoami:

$ ldapwhoami -Y OTP -U dieter -H ldapi:///
  SASL/OTP authentication started
  Challenge: otp-md5 491 pi6194 ext
  Please enter your one-time password: LEAN FED HOT BORE COCK SAM
  SASL username: dieter
  SASL SSF: 0
  dn:cn=dieter kluenter,ou=partner,o=avci,c=de

Q.E.D.

Although the idea of a One Time Password is quite interesting, there are still some security issues. All applications have to read the file /etc/opiekeys in order to get the correct sequence number and seed, and SASL OTP only supports MD5 and SHA1 algorithms.

Dieter Klünter, 15. April 2014