Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 04_ocred_fax_ocred.pdf

Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 Two-factor Authentication Techniques: OATH O Open Authentication (OATH) is a reference architecture designed by a group of companies with the aim of developing an open strong authentication technology that supports a wide variety of networks O Its main goal is to provide safe and secure online transactions for users based on two-factor authentication O 1t has introduced three algorithms, namely, HOTP, OCRA, and TOTP, for implementing OTP authentication d w HMAC-based One-time A Password (HOTP) Password (HOTP) ¥ AnAnHOTP HOTP is an event-based OTP, S(S@" y)p ﬁ b where the input seed is static, and the moving factor is based on a counter e s gessasesy. et Secret Koy Key o' | an. o ; ‘ il ol 4n Moving Factor (Counter) v" When an HOTP is requested, the moving factor is incremented based v v ‘3’ =5 B =- on a counter > § g 0|« O|AN - oTpP oTP Copyright© by Copyright EC-Council Al All Rights Reserved. Reserved, Reproduction is Strictly Prohibited Prohibited. ‘ Two-factor Authentication Techniques: OATH (Cont’d) |‘ OATH Challenge-Response Algorithm (OCRA) ‘1 * Time-based One-time Password (TOTP) O OCRA is challenge-response mode of authentication based on HOTP OQO TOTP s a time-based OTP, where the input seed is static, and the moving factor is time O OCRA is an extension to HOTP with a challenge mode for verifying HOTP tokens based on random questions QQO In TOTP, the time is incremented, and the increment is called the timestep —_— | Challenge - 203008 ' ! I = v— ¥ — l_:: ] OCRA et | 2 | ‘ vU Moving Factor (Counter) ‘ 3 B............ > eeeessssens > = B[7) 3 m 3 — oTP 9P9 ‘\ b } ------- R ; *....... ) :H Secret Key Key Secret B ". 0 Moving Factor Factor (Time) (Time) Moving v @ 1@ @ L.................... > k@ > X I ToTP TOTP Copyright © by = @ @ o| | ™ - ©o EC-{ EC-L L All Rights Reserved. g |8= m ots Reproduction Reproduction is Strictly Prohibited Open Authentication (OATH) The Open Authentication (OATH) is a reference architecture designed by a group of companies with the aim of developing an open strong authentication technology that supports a wide variety of networks. Its main goal is to provide safe and secure online transactions for users based on two-factor authentication. For implementing one-time password (OTP) authentication, OATH has introduced three algorithms, namely, hash- Module 04 Page 479 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization based message authentication code (HMAC)-based OTP response algorithm (OCRA), and time-based OTP (TOTP). o (HOTP), OATH challenge- HMAC-based one-time password (HOTP) An HOTP is an event-based OTP that depends on two inputs: one is a secret key called seed, and the other is the moving factor. In HOTP, the seed is static, and the moving factor in the OTP code is based on a counter that is stored in the token and on the server. When the HOTP receives a user request, after validation, the moving factor is incremented based on a counter. The authentication server validates the generated OTP, which is valid till the user requests for a new OTP. When the code validation process is performed, the OTP generator and server are synchronized, thereby providing access to the user. HOTP utilizes the SHA-1 hash function in the HMAC, and the token displays the generated 160-bit value, which is then reduced to 6 or 8 decimal digits. One example of an OTP generator that follows the HOTP technique is Yubiko’s Yubikey. graneses S112 Secret Key 18 12315 12 Moving Factor (Counter) (o] [ o > n O g H|Q — oTP Figure 4.12: HMAC-based one-time password (HOTP) o OATH challenge-response algorithm (OCRA) The OCRA is a challenge-response mode of authentication based on HOTP. OATH has introduced OCRA as an extension to HOTP with the challenge mode for verifying HOTP tokens based on random questions. The main intention in introducing OCRA is to enhance the security of e-commerce applications. Module 04 Page 480 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization seeetpoaeeeeel : Moving Factor (Counter) 1 =2 5...........> OCRA SE (o) 123456 Secret Key Challenge -> 203008 challenge 203008 |~ oTP ™ i Figure 4.13: OATH challenge-response algorithm (OCRA) o Time-based one-time password (TOTP) In a TOTP, the instead of a timestep. The be 30 or 60 s. the user must input seed is static, as in HOTP, but the input moving factor is time, counter. In TOTP, the time is incremented by a value called the timestep is the amount of time the password is valid for and tends to Once the timestep is exhausted, the password is no longer valid, and request for a new one to obtain access. o eee s\. ------ R v !/ ) \J Secret Key gesssssssssssssnnnns jessssssssssssasnans : : : :s 1§. Moving Factor (Time)................... >>................... TOTP AI< 1. < ™M (¢2] o i o Figure 4.14: Time-based one-time password (TOTP) Module 04 Page 481 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 04_ocred_fax_ocred.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue