projects techreports press lab location staff
citi top.2 top.3
citi mid.3
bot.1 bot.2 bot.3
star

Projects : Smart Cards : Skey OTP Calculator

Description

Skey OTP Calculator for Palm Pilot. The UI of this application runs on Palm Pilot, all crypto operations are performed by smartcard.

In the current version, only one combination of password/seed are cached; the only supported card is Schlumberger's Cyberflex Access; crypto operations are restricted to SHA1.

Details

S/key is a procedure for using one time passwords (OTP's) to authenticate access to computer systems. Skey OTP Calculator is an application that generates OTP's. It runs on Palm OS platform and uses smartcard assistance for the cyptographic calculations.
The procedure of calculations is as follows:

  1. user enters challenge number and seed into the corresponding fields on Palm Pilot
  2. the entered data is sent to smartcard
  3. smartcard extracts previously saved secret password from "pw" file in its root directory and runs Sha1 algorithm "number" of times on given secret password and seed (sent from Palm)
  4. smartcard sends the resulting hash to the Palm Pilot
  5. Palm Pilot generates password phrase (OTP) from the resulting hash and outputs it in "Reply" and Hex" fields

This procedure involves no information caching and its performance is described in the table below. Generally, it's a straight line with slope of .6.

Performance measurements for Password Calculator (no caching):

 number | calculation time
 (#)    | (sec)
--------+-----------------
 0      |  7
 1      |  7
 2      |  8
 3      |  8
 4      |  9
 5      | 10
10      | 12
15      | 15
20      | 19
25      | 22
30      | 25
40      | 31
50      | 38
60      | 44
70      | 50
80      | 56
90      | 61
99      | 67
		  
Performance measurements graph for Password Calculator(no caching)

Assuming that the user would be continually using OTP Calculator, a caching mechanism has been added to the process. Knowing that the next challenge number the user would be prompted with is ("current number" - 1), additions have been made to step 3 of password caculation. Now, the resulting hash of "number-1" calculations is saved on the card in "pw" file. When a user calls the card withought changing secret password and host name, the card checks for cached data. If new OTP has been saved, it's returned immediately, and the response time becomes constant: 3 sec. After that, the card performs calculation of the next OTP and caches it. As a result:
+ the responce time of OTP calculation becomes constant
- time for the new password calculation doesn't change, so Palm Pilot stays busy for the same amount of time, as it would be in case of usual computations.

Download

Installation

Download pswd_calculator.prc onto your Palm Pilot.
Load and run SK.bin on your smartcard.

Usage

To use Password Calculator you must run SK applet (SK.bin) on your smartcard and pswd_calculator (pswd_calculator.prc) on your Palm Pilot.
To save your new secret password:

  • write your secret password in the "Password" field on your Palm Pilot
  • assure your card is inserted into the card reader and attached to the Palm Pilot

When the prompt "Password saved" appears on the Palm Pilot's screen, you may erase it from the screen (by pressing "Clear" button or erasing it manually).
To calculate your new OTP:

  • write challenge number in the "Number" field
  • write challenge host name in "Host Name" field
  • assure your card is inserted into the card reader and attached to the Palm Pilot
  • hit "Calculate button

The new OTP will appear in "Reply" and "Hex" fields.

Dependencies

Comments, etc

Send them to smartcards@umich.edu.

blank.space
b.star projects | techreports | press | lab | location | staff Email address
or call +1 734 763 2929
Copyright © 1996-2013
The Regents of the University of Michigan
bottom.line
citi