Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Challenge/Response Mechanisms

An illustration of the application of challenge / response techniques to website authentication is provided by examining the work of the initiative for open authentication (OATH).[48] OATH is built around-the Industry Roadmap for Open Strong Authentication.

OATH has created a one-time password technology called HOTP to facilitate two-factor authentication. HOTP is based on the HMAC-SHA-1 cryptographic standard. A client can generate a one-time password using the HOTP algorithm when it is combined with a secret key (shared by both the server and client) and a counter value which increments every time a password is required. The server can verify the password is correct by applying the HOTP algorithm to its own copy of the key and counter value. One of the key advantages of this approach is that HOTP is not a proprietary model but an attempt to establish an industry standard for authentication. It also potentially avoids the expense of rollouts associated with hardware-based technology, although several vendors still employ OATH’s HOTP algorithm in hardware tokens.

The Mutual OATH: HOTP Extensions for mutual authentication[49] discusses possible ways in which the HOTP algorithm can be adapted for mutual-authentication (see in particular section 4.3). One way the document suggests this could be achieved is by replacing the incrementing counter value with a challenge / response mechanism. For example, a financial institution’s server could issue a challenge to the client. The client uses the challenge, in combination with the shared secret key, to generate a response via the HOTP algorithm. If the server is satisfied with the response, the client can then issue its own challenge to the server.

Another method which could be used to achieve mutual authentication would involve the creation of two keys, K1 and K2. K1 is used by Party A to check responses and K2 is used to produce responses to a challenge. Party B uses the keys for the reciprocal purpose. Party A can then issue a challenge to Party B, and B computes the response using K1 and the HOTP algorithm. Party A checks the validity of the response using K1 and then is issued its own challenge by Party B using K2.

OATH has been subjected to claims that the security of its HOTP technology is questionable because the SHA-1 algorithm upon which it is based has been compromised.[50] These claims are however debatable primarily because the computing resources required to mount an attack on SHA-1 are exorbitant.[51] HOTP could also be modified to use more complex algorithms which would be even more difficult to crack.

[48] Open Authentication Initiative, OATH Reference Architecture Release 1.0, 2005, <>.

[49] Open Authentication Initiative, Mutual OATH: HOTP Extensions for mutual authentication, December 2005, <>.

[50] Merritt R, Crack in SHA-1 code 'stuns' security gurus, EETimes, February 2005, <>.

[51] Bellare M, Attacks on SHA-1, OATH, March 2005, < on SHA-1.pdf>.