| |||||||||
|
Description
Skey OTP Calculator for Palm Pilot. The UI of this application runs on Palm Pilot, all crypto operations are performed by smartcard.
In the current version, only one combination of password/seed are cached; the only supported card is Schlumberger's Cyberflex Access; crypto operations are restricted to SHA1.
Details
S/key is a procedure for using one time passwords (OTP's) to authenticate access to computer systems.
Skey OTP Calculator is an application that generates OTP's. It runs on Palm OS platform
and uses smartcard assistance for the cyptographic calculations.
The procedure of calculations is as follows:
- user enters challenge number and seed into the corresponding fields on Palm Pilot
- the entered data is sent to smartcard
- smartcard extracts previously saved secret password from "pw" file in its root directory and runs Sha1 algorithm "number" of times on given secret password and seed (sent from Palm)
- smartcard sends the resulting hash to the Palm Pilot
- Palm Pilot generates password phrase (OTP) from the resulting hash and outputs it in "Reply" and Hex" fields
This procedure involves no information caching and its performance is described in the table below. Generally, it's a straight line with slope of .6.
number | calculation time (#) | (sec) --------+----------------- 0 | 7 1 | 7 2 | 8 3 | 8 4 | 9 5 | 10 10 | 12 15 | 15 20 | 19 25 | 22 30 | 25 40 | 31 50 | 38 60 | 44 70 | 50 80 | 56 90 | 61 99 | 67 |
|
Assuming that the user would be continually using OTP Calculator, a caching mechanism has been added to the process.
Knowing that the next challenge number the user would be prompted with is ("current number" - 1), additions
have been made to step 3 of password caculation. Now, the resulting hash of "number-1" calculations is saved on the
card in "pw" file. When a user calls the card withought changing secret password and host name, the card checks
for cached data. If new OTP has been saved, it's returned immediately, and the response time becomes constant: 3 sec.
After that, the card performs calculation of the next OTP and caches it.
As a result:
+ the responce time of OTP calculation becomes constant
- time for the new password calculation doesn't change, so Palm Pilot stays busy for the same amount of time, as it would
be in case of usual computations.
Download
- smartcard source code and Palm Pilot source code: pswd_calculator.tar.gz
- smartcard binary: SK.bin
- Palm Pilot executable: pswd_calculator.prc
Installation
Download pswd_calculator.prc onto your Palm Pilot.
Load and run SK.bin on your smartcard.
Usage
To use Password Calculator you must run SK applet (SK.bin) on your smartcard and pswd_calculator (pswd_calculator.prc)
on your Palm Pilot.
To save your new secret password:
- write your secret password in the "Password" field on your Palm Pilot
- assure your card is inserted into the card reader and attached to the Palm Pilot
When the prompt "Password saved" appears on the Palm Pilot's screen, you may erase it from the screen
(by pressing "Clear" button or erasing it manually).
To calculate your new OTP:
- write challenge number in the "Number" field
- write challenge host name in "Host Name" field
- assure your card is inserted into the card reader and attached to the Palm Pilot
- hit "Calculate button
The new OTP will appear in "Reply" and "Hex" fields.
Dependencies
Comments, etc
Send them to smartcards@umich.edu.
 |
|
 |
