Programmable hardware TOTP keys with the ability to synchronize time
We are pleased to announce a new line of programmable hardware TOTP keys from TOKEN2. The main innovation is the ability to synchronize the system clock hardware keys via the NFC API using special applications - at the moment is preparing a release for Android and Windows 10.There are no applications for iOS yet: despite the fact that NFC chips are physically present on the latest iPhone models, Apple does not yet provide a public API for their use.
What is it for?
Unlike mobile TOTP applications, hardware keys do not have the ability to synchronize time over NTP, over a cellular network or radio signal: the device hardware keys are completely isolated and autonomous, and use a clock on their board as a source of accurate time. In 1933-1934 physicists Scheibe and Adelsberger of the Imperial Physics and Technology Institute in Berlin took up the possibilities of using the piezoelectric effect to measure time. It is this effect that underlies the system clock of the hardware keys. The accuracy of such hours varies from Β± 0.3 to Β± 1.1 s / day, depending on the quality. If this accuracy is sufficient for ordinary wristwatches, in hardware keys, the time difference more than a certain limit may lead to a failure in activation and / or authentication. This limit depends on the specific system (for example, Microsoft Azure MFA allows up to 600 seconds bias to both sides) when it comes to first registering a hardware key. Further, the process of synchronizing the bias during the use of the key for entry is already clearly described inRFC 6238
server, we RECOMMEND that the validator be set with a specific limit
to the number of time steps a prover can be Β«out of synchΒ» before
being rejected.
This limit can be set both forward and backward from the calculated
time step on receipt of the OTP value. If the time step is
30 seconds as recommended, and the validator is set to only accept
two time steps backward, then the maximum elapsed time drift would be
around 89 seconds, i.e., 29 seconds in the calculated time step and
60 seconds for two backward time steps.
This would mean the validator could perform a validation against the
current time and then two further validations for each backward step
(for a total of 3 validations). Upon successful validation, the
validation server can record the detected clock drift for the token
in terms of the number of time steps. When a new OTP is received
after this step, the validator can validate the OTP with the current
timestamp adjusted with the recorded number of time-step clock drifts
for the token.
Also, it is important to note that the longer a prover has not sent
an OTP to a validation system, the longer (potentially) the
accumulated clock drift between the prover and the verifier. In such
cases, the automatic resynchronization described above may not work
if the drift exceeds the allowed threshold. Additional
authentication measures should be used to safely authenticate the
prover and explicitly resynchronize the clock drift between the
prover and the validator.
That is, if the authentication server complies with all RFC prescriptions, and if the key is used for authentication is not too rare, for example, at least a couple of times a year (the exact number can be calculated using the accuracy of the oscillator and the time offset allowed by the server), then time offsets will be taken into account on the server side and problems should arise. When using keys in such conditions, the time synchronization function is basically not needed.
However, the time synchronization function can be useful in the following cases:
- If the server implementation of TOTP does not follow RFC6238 recommendation # 6. One example of such an implementation is DUO :
TOTP token drift and resynchronization are not supported. It is not necessary to work with the author, but may not have to
- If a batch of hardware keys was purchased a long time ago, but they had to be activated only after some time - in this case there is simply no synchronization mechanism in many systems.
- If the hardware key is used to log in less frequently than is needed for synchronization. For example, if a user wants to βcopyβ the same TOTP profile (more precisely, the secret secret key) to two devices: a) to a mobile application on the phone for everyday use and b) to a programmable hardware key as a backup for a rainy day . Thus, if this rainy day comes in 3-4 years, the hardware token will no longer be used precisely because of the time difference. And the battery on the token, which has not been turned on for a long time, almost does not lose capacity. Consequently, in this case, it is enough just to βsetβ the clock on them in order to return them to the system.
- ΠΠΎΠ»ΡΡΠΈΡΡ ΠΏΠ΅ΡΠ²ΡΠΉ ΡΠ°ΠΊΡΠΎΡ (ΠΏΠ°ΡΠΎΠ»Ρ).
- ΠΠΌΠ΅ΡΡ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠΉ Π΄ΠΎΡΡΡΠΏ ΠΊ Π°ΠΏΠΏΠ°ΡΠ°ΡΠ½ΠΎΠΌΡ ΠΊΠ»ΡΡΡ Π±Π΅Π· Π²Π΅Π΄ΠΎΠΌΠ° Π²Π»Π°Π΄Π΅Π»ΡΡΠ° Π½Π° ΠΏΡΠΎΡΡΠΆΠ΅Π½ΠΈΠΈ Π΄ΠΎΡΡΠ°ΡΠΎΡΠ½ΠΎ Π΄ΠΎΠ»Π³ΠΎΠ³ΠΎ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ (ΡΠΌ ΡΡΠ°ΠΏ 3.).
- Π‘ ΠΏΠΎΠΌΠΎΡΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ, ΡΠ΅ΡΠ΅Π· NFC ΠΏΠ΅ΡΠ΅Π²Π΅ΡΡΠΈ Π²ΡΠ΅ΠΌΡ Π½Π° ΠΊΠ»ΡΡΠ΅ Π²ΠΏΠ΅ΡΠ΅Π΄ Π½Π° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΡΡ Π΄Π°ΡΡ, ΠΈ Π·Π°ΠΏΠΈΡΠ°ΡΡ Π΄ΠΎΡΡΠ°ΡΠΎΡΠ½ΠΎΠ΅ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎ ΡΠ³Π΅Π½Π΅ΡΠΈΡΠΎΠ²Π°Π½Π½ΡΡ ΠΊΠΎΠ΄ΠΎΠ². Π‘ΠΊΡΠΈΠΏΡΠΎΠΌ ΡΡΠΎ ΡΠ΅Π°Π»ΠΈΠ·ΠΎΠ²Π°ΡΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠΈΡΡΡ, ΡΠ°ΠΊ ΠΊΠ°ΠΊ Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΊΠΎΠ΄ΠΎΠ² Π½ΡΠΆΠ½ΠΎ Π½Π°ΠΆΠ°ΡΡ Π½Π° ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΡΡ ΠΊΠ½ΠΎΠΏΠΊΡ, Π° ΡΠ΅ΠΊΡΡΠΈΠΉ ΠΊΠΎΠ΄ ΡΠΎΠ»ΡΠΊΠΎ ΠΏΠΎΠ΄ΡΠΌΠΎΡΡΠ΅ΡΡ Π½Π° ΡΠΊΡΠ°Π½Π΅ (ΠΏΠΎ NFC ΠΎΠ½ Π½Π΅ ΠΏΠ΅ΡΠ΅Π΄Π°Π΅ΡΡΡ).
- ΠΠ΅ΡΠ½ΡΡΡ Π²ΡΠ΅ΠΌΡ ΠΎΠ±ΡΠ°ΡΠ½ΠΎ (ΡΡΠΎΠ±Ρ Π²Π»Π°Π΄Π΅Π»Π΅Ρ Π½ΠΈ ΠΎ ΡΠ΅ΠΌ Π½Π΅ Π΄ΠΎΠ³Π°Π΄Π°Π»ΡΡ).
- Π, Π½Π°ΠΊΠΎΠ½Π΅Ρ, Π²ΡΠΏΠΎΠ»Π½ΠΈΡΡ Π²Ρ ΠΎΠ΄ Π² ΡΠΈΡΡΠ΅ΠΌΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ ΠΏΠ°ΡΠΎΠ»Ρ (ΡΡΠ°ΠΏ 1) ΠΈ ΠΎΠ΄ΠΈΠ½ ΠΈΠ· ΠΊΠΎΠ΄ΠΎΠ² ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΡ Π½Π° ΡΡΠ°ΠΏΠ΅ 3.
ΠΠ°Π½Π½ΡΠΉ ΡΠΈΡΠΊ, ΠΊΠ°ΠΊ Π²ΠΈΠ΄ΠΈΠΌ, ΠΌΠΎΠΆΠ΅Ρ Π²ΠΎΠ·Π½ΠΈΠΊΠ½ΡΡΡ Π»ΠΈΡΡ ΠΏΡΠΈ ΡΡΠ»ΠΎΠ²ΠΈΠΈ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΡΡΡΡΠΎΠΉΡΡΠ²Ρ, Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, Π°ΡΠ°ΠΊΡ ΡΠΌΠΎΠΆΠ΅Ρ ΠΎΡΡΡΠ΅ΡΡΠ²ΠΈΡΡ ΠΊΠΎΠ»Π»Π΅Π³Π° ΡΠΈΠ΄ΡΡΠΈΠΉ ΡΡΠ΄ΠΎΠΌ ΠΈ ΠΏΠΎ ΠΊΠ°ΠΊΠΎΠΉ-ΡΠΎ ΠΏΡΠΈΡΠΈΠ½Π΅ Π΅ΡΠ΅ ΠΈ Π·Π½Π°ΡΡΠΈΠΉ ΠΏΠ°ΡΠΎΠ»Ρ. ΠΠΎ ΠΏΡΠΈ ΡΠ°ΠΊΠΈΡ ΡΡΠ»ΠΎΠ²ΠΈΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΊΠ»Π°ΡΡΠΈΡΠ΅ΡΠΊΠΈΡ TOTP ΡΠΎΠΊΠ΅Π½ΠΎΠ² ΠΏΡΠΈΠ²Π΅Π΄Π΅Ρ ΠΊ ΡΠ°ΠΊΠΎΠΌΡ ΠΆΠ΅ ΡΠΈΡΠΊΡ. Π ΡΠ»ΠΎΠ²Ρ ΡΠΊΠ°Π·Π°ΡΡ, ΡΠΈΡΠΊ ΠΊΠΎΠΌΠΏΡΠΎΠΌΠ΅ΡΠ°ΡΠΈΠΈ ΡΠΎΠΊΠ΅Π½ΠΎΠ² Ρ ΡΡΠ½ΠΊΡΠΈΠ΅ΠΉ ΡΠΈΠ½Ρ ΡΠΎΠ½ΠΈΠ·Π°ΡΠΈΠΈ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ ΡΡΠ°Π²Π½ΠΈΠΌ Ρ ΡΠΈΡΠΊΠΎΠΌ fido u2f Π΄Π΅Π²Π°ΠΉΡΠΎΠ² β Π΅ΡΠ»ΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊ Π²ΡΠ΅ΠΌΠ΅Π½Π½ΠΎ ΠΈ Π½Π΅Π·Π°ΠΌΠ΅ΡΠ½ΠΎ ΠΏΠΎΠ»ΡΡΠΈΠ» Π΄ΠΎΡΡΡΠΏ ΠΊ u2f ΠΊΠ»ΡΡΡ ΠΎΠ±Π»Π°Π΄Π°Ρ ΠΏΡΠΈ ΡΡΠΎΠΌ ΠΏΠ°ΡΠΎΠ»Π΅ΠΌ, ΠΎΠ½ ΠΌΠΎΠΆΠ΅Ρ Π²ΠΎΠΉΡΠΈ Π² ΡΠΈΡΡΠ΅ΠΌΡ Ρ ΡΡΠΈΠΌ ΠΊΠ»ΡΡΠΎΠΌ, ΠΈ Π΄ΠΎΠ±Π°Π²ΠΈΡΡ Π΄ΡΡΠ³ΠΎΠΉ (ΡΠ²ΠΎΠΉ) ΠΊΠ»ΡΡ ΠΈ Π·Π°ΡΠ΅ΠΌ ΡΠ°ΠΊ ΠΆΠ΅ Π½Π΅Π·Π°ΠΌΠ΅ΡΠ½ΠΎ Π²Π΅ΡΠ½ΡΡΡ ΠΈΡ ΠΎΠ΄Π½ΡΠΉ ΠΊΠ»ΡΡ Π²Π»Π°Π΄Π΅Π»ΡΡΡ- ΠΏΠΎ ΡΠΏΠ΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ Ρ ΠΎΠ΄Π½ΠΎΠ³ΠΎ Π°ΠΊΠ°ΡΠ½ΡΠ° ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ Π±ΠΎΠ»Π΅Π΅ ΠΎΠ΄Π½ΠΎΠ³ΠΎ u2f ΠΊΠ»ΡΡΠ°, ΠΈ Π»ΡΠ±ΠΎΠΉ ΠΌΠΎΠΆΠ½ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π΄Π»Ρ ΠΏΠ°ΡΠ°Π»Π»Π΅Π»ΡΠ½ΠΎΠ³ΠΎ Π²Ρ ΠΎΠ΄Π°. Π’Π°ΠΊΠΎΠΌΡ ΠΆΠ΅ ΡΠΈΡΠΊΡ ΠΏΠΎΠ΄Π²Π΅ΡΠΆΠ΅Π½Ρ ΠΈ ΡΠ°ΠΊΡΠΎΡΡ ΠΏΠΎΠ΄ΠΎΠ±Π½ΡΠ΅ Perfect paper passwords.
ΠΠ°ΠΊ Π²ΠΈΠ΄ΠΈΡΠ΅, Π°ΡΠ°ΠΊΠ° Π΄ΠΎΠ²ΠΎΠ»ΡΠ½ΠΎ ΡΠ»ΠΎΠΆΠ½Π°Ρ ΠΈ ΠΌΠ°Π»ΠΎΠ²Π΅ΡΠΎΡΡΠ½Π°, ΠΈ Π² ΡΠ΅Π»ΠΎΠΌ ΡΡΠΎΠ²Π΅Π½Ρ ΡΠΈΡΠΊΠ° ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΡΠ°ΠΊΠΈΡ ΡΠΎΠΊΠ΅Π½ΠΎΠ² ΠΌΠΎΠΆΠ½ΠΎ ΡΡΠ°Π²Π½ΠΈΡΡ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ ΡΠΈΠΏΠ° Google Authenticator Π½Π° ΡΠΌΠ°ΡΡΡΠΎΠ½Π΅ Π±Π΅Π· ΠΏΠΈΠ½-ΠΊΠΎΠ΄Π°, Π½Π΅ ΠΈΠΌΠ΅ΡΡΠΈΠΌ Π΄ΠΎΡΡΡΠΏΠ° Π² ΡΠ΅ΡΡ ΠΈ ΠΊΠΎΡΠΎΡΡΠΉ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π²ΡΠ΅Π³Π΄Π° Π½ΠΎΡΠΈΡ Ρ ΡΠΎΠ±ΠΎΠΉ.
ΠΠ»Ρ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠ², Π²ΡΠ΅ ΠΆΠ΅ ΡΡΠΈΡΠ°ΡΡΠΈΡ Π΄Π°ΠΆΠ΅ ΡΡΠΎΡ ΡΠΈΡΠΊ Π΄ΠΎΡΡΠ°ΡΠΎΡΠ½ΠΎ Π±ΠΎΠ»ΡΡΠΈΠΌ Π½Π°ΡΠΈ ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°ΡΠΈΠΈ ΠΏΠΎ ΡΡΠΎΠΌΡ ΠΏΠΎΠ²ΠΎΠ΄Ρ ΡΠ°ΠΊΠΈΠ΅:
- ΠΠ³ΡΠ°Π½ΠΈΡΠΈΠ²Π°ΡΡ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠΉ Π΄ΠΎΡΡΡΠΏ ΠΊ ΡΠ°ΠΊΠΎΠ³ΠΎ ΡΠΈΠΏΠ° ΠΊΠ»ΡΡΠ°ΠΌ ΠΏΡΠΈΠ±Π»ΠΈΠ·ΠΈΡΠ΅Π»ΡΠ½ΠΎ ΡΠ°ΠΊ ΠΆΠ΅ ΠΊΠ°ΠΊ ΠΈ ΠΊ Π±Π°Π½ΠΊΠΎΠ²ΡΠΊΠΈΠΌ ΠΊΠ°ΡΡΠ°ΠΌ (ΠΊ ΡΠ»ΠΎΠ²Ρ ΡΠΊΠ°Π·Π°ΡΡ, Π½Π°ΡΠΈ ΠΊΠ»ΡΡΠΈ ΠΈΠΌΠ΅Π½Π½ΠΎ Π² ΡΠΎΡΠΌΠ°ΡΠ΅ Π±Π°Π½ΠΊΠΎΠ²ΡΠΊΠΈΡ ΠΊΠ°ΡΡ).
- ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΡΠ΅ΠΌΡΠ΅ ΠΊΠ»ΡΡΠΈ Π±Π΅Π· ΡΡΠ½ΠΊΡΠΈΠΈ ΡΠΈΠ½Ρ ΡΠΎΠ½ΠΈΠ·Π°ΡΠΈΠΈ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ (miniOTP-1)
- ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΡΠ΅ΠΌΡΠ΅ ΠΊΠ»ΡΡΠΈ c ΡΡΠ½ΠΊΡΠΈΠ΅ΠΉ ΡΠΈΠ½Ρ ΡΠΎΠ½ΠΈΠ·Π°ΡΠΈΠΈ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ, ΡΠΎΠ²ΠΌΠ΅ΡΠ΅Π½Π½ΠΎΠΉ Ρ ΡΠ΄Π°Π»Π΅Π½ΠΈΠ΅ΠΌ ΡΠ΅ΠΊΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΊΠ»ΡΡΠ°. Π’ΠΎ Π΅ΡΡΡ, ΠΏΡΠΈ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΈ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ ΡΠΎΠΊΠ΅Π½Π°, seed Π±ΡΠ΄Π΅Ρ ΠΎΠ±Π½ΡΠ»Π΅Π½ ΠΈ Π½Π°Π΄ΠΎ Π±ΡΠ΄Π΅Ρ Π·Π°Π½ΠΎΡΠΈΡΡ Π΅Π³ΠΎ Π·Π°Π½ΠΎΠ²ΠΎ (miniOTP-3, ΠΎ Π΄Π°ΡΠ΅ ΡΠ΅Π»ΠΈΠ·Π° ΠΌΠΎΠ΄Π΅Π»ΠΈ Π±ΡΠ΄Π΅Ρ ΠΎΠ±ΡΡΠ²Π»Π΅Π½ΠΎ Π΄ΠΎΠΏΠΎΠ»Π½ΠΈΡΠ΅Π»ΡΠ½ΠΎ)