Origins of time-sync passwords
In “Who Watches the Watchman” there’s an interesting history of watchclocks:
An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent, and verifiable record of each night’s patrol.
The market for these devices was well established when
John Brainard Ken Weiss invented the SecurID token. In fact, either John or Vin McLellan told me that the reason Security Dynamics built a time-based system was so that it could play in the wandering guard market. The guard needed the SecurID to write a code in a book, and with that, you could determine when he was at a given watch station. Only later did they discover that their device had value for information security. [Update: Vin corrects some of my historical details in the comments.]
Security Dynamics did an impressively good job of building a complete system, and an ecosystem for their devices, but creating plug-in authentication modules for all sorts of things. Frankly, their security wasn’t really great in any theoretical sense. There were relatively obvious flaws like Mudge’s ‘listen and guess’ attack on the last digit being sent over a cleartext channel. His “Vulnerabilities in OTP’s – SecurID and S/key” was presented at DefCon IV, but I can’t find a copy of the paper. There were more difficult to find flaws as I pointed out in my “Apparent Weaknesses in the Security Dynamics Client Server Protocol“. Later Biryukov, Lano and Preneel presented “ Cryptanalysis of the Alleged SecurID Hash Function.”
What John, and later Art Covellio understood far better than Mudge or I understood at the time was that the security didn’t really matter all that much. The system and its components needed a baseline of security, and they invested in that, and beyond. They had their system reviewed by top outside experts. They needed to be able to handle the baseline questions about someone tampering with the card, and the algorithms and protocols were kept secret in accordance with practice at the time. (John told me that I settled a debate between their engineers and marketing when I published them. Had I known that, I would have included the hash function in my paper, but on advice of counsel I’d removed it. He called it “waving a red flag in front of Security Dynamics just because you can.”)
What did matter was that their customers were doing better than static passwords, and they mostly delivered, unless Bart Preneel or I was your adversary.
Security Dynamics also won on the usability of the system, relative to other tokens. Some alternatives, implemented challenge/response systems. To use them, you needed to enter a challenge, then press enter, your PIN and then enter, and then type in the response. All prompts and errors were in an 8 character LCD display. It was hard to deploy to real people.
Another advantage that Security Dynamics delivered was integration into everything. They had a server of their own. Clients to replace /bin/login on a dozen unixes, Netware and a GINA plugin for Windows. Radius and TACACS integration. They made themselves the easiest system to actually deploy. That’s important. A system with much greater security and double the cost of deployment would have been hard to justify.
Anyway, Security Dynamics was a good enough business that when they went to get an RSA license, it turned out to be “easier to buy the company than to get a license.” (As Art Covellio says in this Hearsay podcast with Dennis Fisher.)
And at the end of the day, developing products that people can actually understand and deploy for their protection and risk management is what it’s about. Knowing where to start innovating is a key part of that.