WebApp Sec: Re: one-time password (OTP) authentication

[Andrew van der Stock <vanderaj () greebo net>]

OTP and other forms of "strong" authentication (time based key fobs,  
USB tokens, smart cards, certificates, etc) are all subject to MITM  
attacks as the token can be re-used for another unauthorized  
transaction within the validity window.
If the user gets a dialog that looks reasonable and says "yep, allow  
the cert to be used" or "yep, allow the USB token to issue a code",  
the attacker still has a valid token which they can use if they have  
the browser wired up or trojaned. Plus they have a user interface  
which could be copied (think XUL or XAML or the Apple "please type  
the admin password" dialog).
The only way around this is transaction signing where the user keys  
in something (say the transaction ID or balance or something) and  
that changes the OTP output making it relevant to only the  
application which needs that output.
I like the transaction signing token to be completely separate to the  
client machine as we can't trust the client machine. Not only is the  
client machine under the control of a user (who may or may not be our  
friend), there's spyware and other rubbish on there which compromise  
the trust base.
Connecting tokens via Irda, USB or bluetooth may seem like a cool  
idea, but honestly, it reduces the security of the solution in my  
opinion. Plus anything with local drivers is a support nightmare.
Andrew