Slashdot Mirror
One-Time Pads To Protect Electronic Bank Access
dummkopf writes "CNN reports how Scandinavian banks issue one-time passwords to protect customers' accounts when these use the same password for other, i.e., more insecure email accounts. Having a bank account in the U.S. (with a trusted and well known Bank OF nAtional reach) I always wondered why the security was soooo poor: while it has changed slightly now (better usernames/passwords) it used to be the case that your username was your SSN and your password a number code (!). I am sure most of you will agree with me that this is scary... I live now in Switzerland where one-time passwords for online banking are a must and where my current bank is one of the 'crappy' ones with a little card with one-time passwords like mentioned in the CNN Story. The nicer ones even give you credit-card-size RSA password generator which is combined with a calculator you can keep in your pocket. Hence my question: are others also worried about poor security of online banking in the U.S.? Are there banks which are better than the ones mentioned above?"
I'm poor.
Banks in Germany always required you to have:
Login & Password.
And then for EACH transaction an TAN (TransActionNumber) which was a one time password that they mailed to you in a batch of I think 25.
So in order to complete a transaction you not only needed the username and Password but also a TAN.
More secure than they do it here, where you just log in and then it's a free for all.
If you want to e-mail me, use my PGP Key.
Combining something you have (the scratch-0ff bit, an ATM card, or an RSA token) with something you know (a password) will soon become the standard for most everything. I for one can't wait.
dmiessler.com -- grep understanding knowledge
My local bank simply has us use our name to sign in, and a password we choose. Because I choose passwords, and I don't have much money, i never thought of this as very scary. I guess that in the event that somone tried to steal my money though, I would be quite vulnerable. One better technique that I've learned is to spread your money through multiple accounts. No one will want to waste much time breaking into a few accouns with small soums of money when someone out their has lots in one account.
Help Fight SPAM today!
Single-use passwords are not the same thing as a one-time pad, which is a form of encryption. However, one-time passwords do sound like a good idea. Given reasonably good encryption like in SSL, then password management becomes a weak point - which this scheme addresses. (Just parroting Schneier, and wondering if this scheme will get mention in the next Crypto-gram newsletter.)
I have the same thing in the netherlands with ABN, a 'pin pad' that I pop my card into. I type in my PIN to authenticate, then the challenge the bank website gives me, then the pin pad returns a result I type in to perform a log in or a payment/transfer. .. don't let your kids play with it.. you'll find yourself locked out of your bank card haha
I do my banking with a local bank here in Saudi Arabia which has recently upgraded all its ATM machines with biometrics. I need only to register my fingerprint with the bank and then swipe it at the ATM to do my banking. Years ahead of its time.
I always save my last mod point to mod up a good troll. You people are too serious.
The article in question is describing a one-time password, but not a one-time pad. A one-time pad must be as long as the message being encrypted.
One caveat I had about this article was this....
"Outfitting 1 million customers with such devices could cost $20 million, while Internet fraud for those customers amounts to "tens of thousands at most," said Tony Chew, director of technology risk supervision at the Monetary Authority of Singapore. Singapore banks thus limit dynamic passwords to fund transfers, he said."
This is a pretty bold statement coming from the director of technology risk at eBay. eBay has pretty much become the breeding ground for scams and frauds. With millions of items up for auction at any one time this doesn't make any sense. I believe I read an article several months back that eBay estimated that at any one time about 3% of their auctions are fradulent. A small number in comparison to the number of auctions that are ongoing. Doing a totally unscientific experiment, I averaged about 3,000,000 ongoing auctions at eBay, and took the 3% of fraud auctions = 90,000 auctions. I would imagine atleast an average of $100 per auction completion. That puts it at $9,000,000 at any one time and that's only from eBay. This also doesn't acocunt for auctions that were performed outside of eBay as the P-P-P-powerbook one was so performed. Also, imagine the thousands of other financial banks and credit card companies doing business online. And let's not even get started on Paypal.
*Notice.. this was a totally unscientific experient performed by myself.
I think that when putting these numbers all together would make a strong case for such two-factor authentication. I don't mind a second step if it's going to save me money if someone really wants into my banks, eBay acocunts, etc...
Hmmm.
I know it's cliche, but I still get stuck in line behind people who don't understand the basics of the ATM machine interface. Inserting (or swiping) the card throws them off. Grocery store POS systems, never consistent between chains, present even more hurdles. I've seen "Pay at the Pump" customers drive off because they just don't understand the instructions.
You want to give these folks RSA dongles? They don't even see the security implications of putting their entire credit line on their keychain with not even a PIN for validation.
The two problems are simple: People here won't understand it, and they won't care.
Why this works in Europe is beyond me, but I'm sure there are plenty of cliche anti-American rants to help explain it.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
To log in you need to enter:
- A 12 chacacter alphanumeric code as your username (given to you on a card when you sign up)
- Your date of birth
- Three digits from your security number, and it's different digits on each subsequent visit. For example on one visit you'll be asked for the 1st, 2nd, & 3rd digit. The next visit you might be asked for the 4th, 6th & last.
I have a lot of respect for the HSBC. Their customer service is also second to none - with my US bank I frequently find myself getting passed around between different customer service reps and having to tell my story from the beginning each time. Not so with the HSBC, they know my name before I've even spoken, and they never lose track of me no matter how many people I get passed along to.Drill baby drill - on Mars
There really isn't a lot of damage that someone could do with my online banking account.
I can't transfer funds to an account that is not mine.
The information that is available online about me and my account is less than what is available on a check. I guess I should be more concerned about that, but I have no control of my checks once I have used them to pay for something.
My Debit card information is not available online.
About the best someone can do with my account is see my balance.
A scratch-off password list is a password scheme.
a One-time pad is an encryption algorithm.
The two have basically nothing to do with each other.
A one time pad:
Generate a random pattern of bits of the same length as the plaintext. XOR the two. The resulting ciphertext and the random field are now both requried to re-generate the plaintext (to call one the ciphertext and one the key is wrong too. they are both statistically equivalent).
Both are also completely useless by themselves, and truly totally, provably, unbreakable.
This is the only form of unbreakable encryption.
The moment you use a pad more than once, though, it ceases to be a one-time pad, and is breakable.
A few months ago, most (AFAIK, all) portuguese banks updated their online banking auth systems.
... and so on.
There's no standard, and they seem to be having some dificulty balancing user-friendliness with security.
The current "hip" thing is to require a login/password pair, followed by things like:
- Enter the the sixth and second numbers of your ID card/passport (random positions)
- Enter your numeric PIN using the randomly placed JavaScript keypad
- Use the code-matrix card (provided by the bank) and enter the value in square 4C
- Confirm every money-moving operation with digits in random positions from a fixed (long) code given to you by the bank. Said code is regenerated every month.
I don't thinks there's any bank here using plain login/password auth. There were attempts to use personal x509 certs, but most users had trouble installing them or using them.
Many banks now have bill pay services, and some of the more poorly constructed ones (I won't mention names because I have an account with one of em :P), actually display your social security number when you log into the bill pay section. Most banks aren't that stupid, but you still run the risk of someone "paying" a bill that you didn't authorize, or cleaning out your bank account by transferring funds into your credit card, and then spending that dry.
Keep in mind folks, that in the US, electronic funds transfers just require your account number, and bank routing number. Someone armed with those two numbers, and a cooperative banking service, can drain your accounts dry, just as if someone got a hold of a blank check and forged your signature. In either case, you're in trouble unless someone at your bank puts up a red flag and stops it.
When the costs of fraudulent use of accounts exceeds the cost of implementing more secure access methods, the banks will then implement more secure methods.
Besides, what can you do from most US online bank systems? Check balances, transfer funds from one type of account to anther (savings to checking), or maybe even transfer to another member of the same bank? These are all very traceable and means that really stupid criminals will get caught.
It's probably much easier to just steal credit card numbers.
...why are we still using a system that relies on you trusting every single person you give your credit card details to? It would be perfectly possible to generate a one-time authorisation code for each transaction...
A "one-time password" means a password that is used once and discarded. This password is typically used only for authentication purposes. By contrast, a "one-time pad" is used for encryption purposes.
One-time pads are almost never useful for typical internet situations because they are very easy to misuse and very insecure when misused. They also don't solve any problem worth solving -- conventional encryption is already strong enough that the added security of a one-time pad has no value in typical internet situations.
One-time passwords, on the other hand, do potentially have some value, because the currently available password authentication systems are quite weak compared to the strength of the corresponding encryption systems.
I've always wondered what keeps someone from simply taking a check you've written (to them possibly) and then using the account information at the bottom with your personal information at the top to drain your account.
Stronger security should only be provided if the cost of implementing that security (money, time, convenience) is less than the costs of not implementing it.
From my perspective, if someone breaks into my account, it's a hassle, but not a huge deal: My account is insured, and I get my money back. I'd rather deal with the inconvenince of this happening once or twice in my lifetime than having to deal with carrying and using a password generator for my entire life.
From the bank's perspective, it is probably cheaper to lose some money to accounts being compramised than to implement better security across the board. That translates to lower costs (or better interest) for me the customer, which is also nice. I'm fairly confident this is true, because were it better (cheaper, more convenient) to have stronger security, my commercial bank (always wanting to make a buck) would be doing that instead.
Your house would be more secure if you had bullet-resistent windows, steel-reinforced cross-bar doors, one-time pad electronic access, and 24/7 security guards, but most people the find much "weaker" deadbolt/key combination to be the BETTER solution.
paintball
If people wanted to pay the additional costs for more secure banking, people would pay them.
The fact that nobody is paying for more security in the free market is a pretty good indication that people don't really want it in the first place.
paintball
Not anymore.
AMEX dropped this service last month.
Dave Barnes 9 breweries within walking distance of my house
For example, I dredge up the number 42 (the answer to Life, the Universe and Everything) and some nonsense word. Let's say it's "snert". Pump it through the construction process and I come up with "first47snertt". Not exactly intuitive, but I'm just adding the number of letters in "first" (5) to my number and the last letter ("t") to the end of the nonsense word.
The result is a pretty strong password. No cracking program is going to have the word in it's dictionary and knowing my password to First National isn't going to tell you that my password to Discover is "discover50snertr". Since "snert" is nonsense anyway, there's no way to tell where the letters come from; you could be sticking the third letter in "Discover" onto the beginning and your nonsense word could be "nertr". There are no rules to how to construct the password, but you want to have an obscure way for the base password to modify the gibberish in the rest so knowing one password will not give you the rest. It saves me the trouble of remembering a lot of strong passwords. Of course, if someone got ahold of several of my passwords and spent enough time on them, they could probably figure out the routine, but that's not as dangerous as using the same password.
And yes, that's just an example. It's not the process I use to construct my own passwords. Trust me, you don't want to know.
===== Murphy's Law is recursive. =====
Just plain sucks when it comes to security. Got to http://www.bankofamerica.com. Notice that its http and not https. Also, now go to https://www.bankofamerica.com, and notice that it kindly redirects you back to the insecure link.
I use this bank, and I always put in my wrong userid and passwd so that I can enter them on a secure page. If someone is interested in thousands of bank accounts go ahead and register www.bankfoamerica.com or something similar, and mass mail people to make sure their account is correct or whatever. People will follow the link. You can simply grab their info and redirect them to the proper server with little hastle from anyone.
I've called and told them about this, and they told me that "We are a bank, we take security very seriously, thank you very much". This was when I called them to find out the real balance of my credit card. I had 2 balances with $1,200 difference between them. They told me it was a cache problem in my browser, even thought I used 3 different browsers, under 2 different usernames on my system. They didn't seem to understand that a) https data is not cached between browsers, nor b) https data is not cached between different users. Oh yeah, this is also after they started talking to me about my last purchases on my cc without confirming _any_ form of identification besides my cc number.
I feel as though I have an OK workaround by putting in the wrong info the 1st time, but if anyone else uses Bank Of America, I would suggest a call to them.
It was fine when I submitted it to the Slashdot editors.
paintball
The way American banks make sure that your money is secure is to make the sure the online bank UI is too horrible to really be able to pull off a theft, or really make any use of the money at all.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Ever since a popular Dutch bank started allowing electronic access (initially through dial-up using a modem) some years ago, they have required a user-code, and two passcodes (one picked by the bank, one by the user) to log in.
Additionally, if you want to transfer any money, you have to input a number from a list they send you through the mail. This list is printed while it's in the envelope (like some US banks do for overdraft statements and such) so no people other than the recipient ever see it. When you get close to using the last number, they send you a new list automatically.
Since they moved the whole system to the Internet, things are pretty much the same. You can log in and check your balance wherever you are, but you can only transfer money if you have your transfer-code-list with you. To me, this feels like the perfect system; in-your-way security restrictions only on the stuff that really matters.
HBCI yet. HBCI is an open standard that's widely deployed throughout Europe (at least as far as I can tell). It incorporates encryption through OpenSSL and its source code is readily available on Sourceforge.
In my bank the online banking site allows me to check the balance and that's about it. Doesn't leave too much to the intruder.
My regular bank is a branchless bank in Canada, they're website offers quite a bit of functionality including transferring money to other accounts.
But what really concerns me is *physical* security. I have a small bank account with CIBC (another Canadian bank). I needed about a thousand bucks off my account, so rather than using the atm, i went inside, handed the teller my flimsy plastic access card (no photo id on it, faded signature on the back). He proceeded to tell me the balance of each of my accounts, and then handed me one thousand dollars in return for my signature on a piece of paper. He didn't ask for photo ID. He didn't ask for a pin number or account number. I don't think he even compared the signatures (but even if he did, that's easy enough to forge). I had a serious problem with this but when I asked the teller, he just sort of shrugged and didn't really understand my concern.
Am I the only one who finds this alarming???
I'll have something intelligent to add one of these days...
I hate to be a pain in the ass about semantics, but the article headline is a bit misleading. It states One-Time Pads To Protect Electronic Bank Access. The article is about one-time passwords. I'm no crypto expert, but I've done my fair share of reading. A one-time pad is the closest thing available to perfect, unbreakable encryption. The idea is that two pads are generated of completely randomly generated characters, one is used to encrypt the characters (via modulo divide/add/xor, whatever) and immediately destroyed. The other is used to decrypt the message. As long as the pads contain truly random numbers, and they are never reused or recovered, the encryption will never be broken (because the cyphertext is a completely random string of characters).
A one-time password, while usually a pretty good key, is just not the same -- especially if we're talking a 64-bit key with a known encryption scheme. It can be very good, but never even close to the former.
Anyway, like I said earlier I'm not a cryptographer, but a enthusiast (at one time)...but I found that the header in the article was misleading.
-Turkey
I finally got them to use a phrase using l33tspeek for a password: (IE l33tm0m)
Still not as good as your technique, but easy enough for them to remember and not as bad as what they were using.
Mom: (entering password) click, click
Me: "That's an awfully short password mom, what're you using?"
Mom: "My birthdate: 1217"
Me: "AAAUUUGGGHHH!"
Mom: "What's wrong with that? I don't give it out."
(Note: Birthdate changed to protect the innocent.)
Like the poster before me noted, what's to prevent someone from simply looking at your check and copying the data?
Nothing. (from a Treasury & Risk Management article.)
Businesses are not the only ones affected by this type of fraud. See this Federal Reserve case study for an example of how a bank customers can be defrauded by someone who has a presence within the banking system, and is able to initiate ACH (automated clearinghouse) transfers. Almost all checks are now processed electronically - there is no difference between a check and an ACH transfer from the point of view of the banking system. You can read more about how ACH fraud is replacing check fraud.
If you don't trust someone with your financial information, don't write them a personal check - use a money order.
What is the security impication of putting my entire credit line on my keychain? I've already got my entire credit line in my wallet....
:)
I guess you're right... it's not that much tougher to slide a stolen credit card (swipe a swiped card?) through the slot, than it is to wave a Speedpass over a sensor. Makes me think again about that wallet full of cards... thank goodness they're already maxxed out.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
You wouldn't want to knock her up because then you might later have to pay her 936 child support payments, which most likely will add up to far more than you could ever get from her account in the first place.
I used to think biometrics were the ultimate form of authentication. Then I worked at a company which used fingerprint scans as a clock in / clock out device. After a few good years of use, the thing couldn't tell a fingerprint from a warm hot dog. I actually tried that once, it validated me. It would also validate on the back of the hand, the elbows, and a few other body parts that involved seriously cleaning the pad afterwards.
While the idea may be great, I've yet to be convinced of either the strength of implementation or the wisdom of making everyone in a company share germs immediately before lunch.
The ______ Agenda
Actually,
:)
If you use the swedish bank "Sparbanken" (one of the largest) you got your own RSA half-creditcard sized code generator. You enter your social security id (birthdate with 4 unique digits attached) to the bank to give the basic identification and the bank gives back a 9 digit code you enter into your RSA code generator (after entering a 4 digit access PIN code) and then get another 9 digit code that you enter into the browser to the bank.
It might sound like a lot of work, but it really goes in less than 30 seconds in most cases. Plus, you do the same procedure (get code enter code in rsa device, enter in browser to bank) everytime you want to pay a bill. Although you can stack up 20-30 payments or more and sign them just once, so it's not a procedure that really bothers anyone.
And of course all the communication is over https/ssl and all.
Just to give some more details on how it works
Yep, I'm a programmer for one of them.
First of all, your login to our on-line banking system is a randomly generated unique 8 digit number. It's on your ATM card and it's your user ID number for the bank. You also have to remember your 6 digit PIN. But what if you forget your PIN? Well we can't give it to you. Why, because we use one half of a public private key encryption to save only the encrypted version of your PIN. And just to be safe we throw away the private key so even WE can't see what your PIN is. If we ever get hacked (and people try but they've never gotten through. And yes, we've caught them and put them in jail) in any case, if we ever do get hacked they can only see the encrypted version of your PIN and the private key to decrypt them is nowhere to be found.
So you forget your PIN. How do you get a new one? You call us and verify who you are via at least 2 or 3 different ways (I won't tell you how). Then we mail you (yes, snail mail) a new temp PIN to the address your checking account goes to. You can log in ONCE with that temp pin and you are required to change your password after the first login. By the way, if you log in 3 times incorrectly then we lock your account and notify people in the bank that this may be a hack attempt. Good thing we also log the IP address each of those login attempts were coming from.
By the way, when you first signed up you gave us a secret question like "When dad bought that farm in Kentucky he also bought some cattle. What was the name of the first cow that he bought?" You wrote the question yourself which makes it even harder for a hacker to guess what that question is. And when you applied for on-line access you gave us the answer "Matilda". That answer is also encrypted with a one way public-but-no-private-key on our servers. So when you log in with your temp password we're going to ask you the question that only you know the answer to.
I havn't even gotten to physical security. Believe me, don't even try to physically get to our servers, or even to the printers that print your statements. That is, if you could even find the buildings (There are no signs on teh building that say who we are) Add to that triple redundent servers and databases that are located in physically different locations over 200 miles apart so even a terrorist attack on one city won't destroy your bank records. AND those records are backed up and stored in yet another physical location.
And I could talk about all the auditing that the SEC does on us to make sure that our systems are secure, our data is redundently backed up, failover systems work and so on.
So yes, most banks have far more security than you can imagine. You may feel safe again.
Two areas where the USA is just out in left field, cellular services and banking. The first one has stopped suprising me, the second one blew me away. I consider my country (Poland) to be backwards, especially when it comes to commercial services - like banking. It's not.
Not only does my bank use one time passwords, the card they're on is a scratch-off card. This gives me 2 additional levels of protection. Not only does it prevent someone from peeking at my card, but it let's me verify that I made each transaction. I don't need to keep track of the last number I used, it keeps track for me. And I don't need the card unless I'm actually moving money around - all I need is my login and password.
The web interface on my bank is incredible - I can check on all transactions since I opened the account.I can set up sub-accts on the fly, issue debit cards to each of them, and my debit card works great online - so I can keep track of those internet purchases. Between-bank money transfers take a max of 1 day, usually same-day if I make it before 17.30, transfers within my bank are instantaneous - really handy for lending my brother some money *fast*.
And the icing on the cake, the thing that made me go to this bank - instant text-message updates on my current account. I get a transfer - I get an SMS, I buy something - I get an SMS. It's incredibly fast (I usually get the SMS before they hand me the reciept to sign) and incredibly useful. I know how much money I have, how much money I spent that day. It really helps to stem the spending sprees that plastic seems to lend itself to.
And all this, from my local, Polish bank.
That is only if the key is random and as long as the message and used only once via XPOR. One-time passwords are something entirely different end infinitely more insecure, given that one-time pads are the most secure possible encryption method.
Somebody (the createo od the title) is obviously shaky on crypto.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Providing trusted communication becomes a whole lot more difficult. Smart cards make it simple, of course, by providing a challenge-response style authentication that cannot be broken by swiping the card and storing it's contents as with a simple magnetic credit card, but what that comes down to is the cost. Not for me, but for the issuer.
Sure, I'd gladly punch in a PIN instead of signing. But the cost of rolling out readers would be millions, quite possibly more than the cost of a few stolen cards. Regardless, why should I care much about the security of my card, my account information, and so forth? If my card is stolen, I'm not responsible for a penny (and even with the crappiest credit card company I'm not responsible for more than $50), and if the bank is robbed, I'm not responsible for anything. Sure, it's a hassle to report a stolen credit card, and even more worrysome, some people may not even notice false bills at first, but the burden on any interested party is hardly great enough to make anyone care.
If I speculate about the causes of the differences (from country to country) of bank security, I think about the following:
It's just a US thing. Banks in the USA are for some reason stuck in the 80's.
All the banks I use in Poland provide one-time passwords for anything important. There are no checks in use, but you can use electronic money transfers to pay for just about anything (this is being introduced as "BillPay" in the US and advertised as big news).
I guess the US was first to develop a mature banking industry with credit cards and checks. This has worked so well (back in the 70's) that banks were not under pressure to innovate.
As I understand it, most of these 'phishing' type things rely on getting someone to log into a web site which looks like their online banking system but isn't. I'd immagine they often get around the SSL problems by just not using SSL - most people won't read the url or notice the little padlock icon or whatever not being there.
Say someone has created such a site - what prevents them from harvesting one time passwords or even challenge/response data this way and using them for fraud immediately? Say the user tries to perform a transfer on the fake interface, provides their transaction number or challenge/response token - the fraudster just uses these details straight away on the real site. The keys they've stolen are fully valid as far as I can see - even the timed challenge/response, if they use it quickly enough. The user would eventually notice that their transaction never happened, but by then they've been robbed. Am I missing something?
A one-time-pad is in no way the same as a one-time-password. The only thing common between the two is that they're both used only once.
A one-time-pad is a random string as long as the message you want to send, shared between sender and recipient. The sender encrypts the message by xoring with the one-time-pad and the recipient decrypts by doing xoring the ciphertext with his copy of the one-time-pad. The pads must then never be used again, and must be securely destructed to prevent people who have a copy of the ciphertext from getting hold of them. Unconditionally secure, but often impractical due to the key-handling issues.
A one-time-password, like those Banks here in Europe typically either issue to you on a sheet of 50, or in the form of a calculator-like device that generate them from the current time, a secret pin and a cryptographic hash serves a quite different purpose;
The idea is that if you force people to have long, complicated passwords, then they either write them down, use the same password on multiple sites, or both.
By using an additional one-time password, the bank makes sure that there's *two* things identifying the user logging in. One, the user knows the secret pin. (which is typically simple 4-digit or so.) and two, the user is in posession of the sheet-of-codes/calculator-thingie.
Increases security quite a bit, because it's no longer a threat if someone for example hacks the users computer and installs a keylogger or similar device. Sure that attacker will then learn the pin, but the attacker will then *also* need to break into the house of the victim or otherwise acquire the list of one-time-passwords. So at the very least you've eliminated the large group of attackers which have no physical proximity to the victim.