Authentication over the phone?

Question

Are there any known good methods of performing authentication over the phone in a way that's not susceptible to replay attacks?

The specific scenario that comes to mind is having an automated call centre which verifies the identity through one or more questions. Since the phone line is not guaranteed to be secure (or the user may simply be in public), the calls can be eavesdropped.

One idea that came to mind would be something akin to CHAP - the user hears a challenge, mentally hashes it (per this CryptoSE Q&A, perhaps Blum's hash is a good candidate) and then speaks the solution out loud. Has something like this been attempted before and are there any known vulnerabilities?

You should maybe specify to what kind of public this is addressed: from general public (can Grandma do so too ?) to special forces and trained agents ? And can they use a device or not ? — entrop-x, Dec 13 '17 at 05:06
Why not just ask for the callee to enter something only they know, like date of birth, but with a specific number added/subtracted from year/month/day? This is easy to calculate for the callee and ensures a different answer every time. — c.fogelklou, Dec 14 '17 at 08:22

score -1 · Answer 1 · answered Jun 01 '19 at 20:39

-1

Take a look at the military's Dryad for authentication.

answered Jun 01 '19 at 20:39

Neo1009

220
1
8

1

Can you expand on what security properties this has, and what resources it takes to deploy and use? – Squeamish Ossifrage Jun 01 '19 at 21:34
1

To use the DRYAD, you must have your phone, the code sheet (you and any other recipients must have the same sheet) and that is it. If the authentication scheme is used twice, the "interceptor" has a one out of 656 chance of guessing the correct authentication. It isn't exactly "bulletproof" but for small sequences it can hold its own. – Neo1009 Jun 01 '19 at 21:40
1

You can hit the ‘edit’ link below the text of your answer to put new material in your answer! – Squeamish Ossifrage Jun 01 '19 at 21:42
What happens if Alice calls Mallory, hoping to reach Bob, and Mallory calls Bob at the same time, and holds the two phones up to their two ears to relay the authentication protocol in real time? – Squeamish Ossifrage Jun 01 '19 at 21:43
1

The best way to prevent Mallory from breaking through the authentication is to not use the same authentication all the time. Mallory would only catch two different authentications, but there are more possible authentications. Also, one could set up a system where they switch out sheets according to a daily key or some system such as the word "APPLE" stand for a certain sheet and "COBRA" stands for a different sheet. – Neo1009 Jun 01 '19 at 21:48
Mallory can do this once, when Alice and Bob both correctly use a single-use authentication sheet exactly once, by doing it in real time while Alice and Bob are both on the line. How do you prevent this? – Squeamish Ossifrage Jun 01 '19 at 21:50
Do you mean how to prevent Mallory from eavesdropping on Bob's and Alice's conversation? – Neo1009 Jun 01 '19 at 21:54
Not just eavesdropping, but impersonating Alice and Bob to one another! – Squeamish Ossifrage Jun 01 '19 at 22:13
Now that you have mentioned that, that is a serious flaw in DRYAD. DRYAD is meant to be used on radios, so one could prevent an interceptor by channel hopping. – Neo1009 Jun 01 '19 at 22:22
Please edit your answer to include an explanation or summary of the links contents. The link may expire at some point, which would leave this answer unhelpful. – Ella Rose Jun 01 '19 at 23:56

mentallurg · Answer 2 · 2019-06-03T02:35:08.213

-2

TAN - transaction authentication number. Since TAN is a one time password, it is not vulnerable to replay attacks.

Substantial difference between TAN and a permanent password: in one call the call center can ask customer "please tell me TAN number 79", next time "please tell me TAN number 28". Each TAN will be asked not more once. That's why the eavesdropping doesn't matter, the same TAN will not be requested any more. Also replay attack it no possible. Limitations: e.g. distribution of TANs to users has to be secure.

edited Jun 03 '19 at 02:35

answered Jun 02 '19 at 21:38

mentallurg

2,611
1
16
22

So when Alice calls Mallory—thinking she's calling Bob—and Mallory replays Alice's challenge to Bob and Bob's response to Alice, how do Alice and Bob detect that Mallory is sitting the middle eavesdropping and forging? – Squeamish Ossifrage Jun 03 '19 at 01:41
1

@Squeamish Ossifrage: What you describe is completely different case. I suppose you may misunderstood the question. There is no forging, only eavesdropping. – mentallurg Jun 03 '19 at 01:45
So, can you expand on exactly what the protocol is, and what threat model it defends against, and in what way it is substantively different from repeating a password over the phone, and what its limitations are? – Squeamish Ossifrage Jun 03 '19 at 01:58
1

@Squeamish Ossifrage: Read the OP. Protocol: voice communication.Threat: replay attack. Substantial difference: call center asks not for a permanent password, but for a specific password, e.g. in one call the call center can ask customer "please tell me TAN number 79", next time "please tell me TAN number 28". Each TAN will be asked not more once. That's why it eavesdropping doesn't matter, the same TAN will not be requested any more. Also replay attack it no possible. Limitations: e.g. distribution of TANs to users has to be secure. – mentallurg Jun 03 '19 at 02:13
1

You can hit the ‘edit’ button below your post to put this into your answer! – Squeamish Ossifrage Jun 03 '19 at 02:15

Authentication over the phone?

2 Answers2