This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

Monday, 7 March 2011

The key to another world

Having recently stumbled upon the World of Warcraft authenticator device I became intrigued at exactly how these work.  For those of you who haven't seen one:

The authenticator provides a special code upon a pressing a button which the user needs when logging into their WoW account.  The device itself is completely standalone, the code changes every few seconds and you cannot log-in without one. Surely this has got to be kind of magic?  Well, no - its pretty simple really...

The devices are manufactured with a serial number known to the device that is hard coded. In addition to this it also contains a real time clock which is set during manufacture.  Hence the device has two pieces of information at its disposal; the hard coded serial no, and the current time.  Note how there's no connection whatsoever to anything else.

The serial number printed on the back of the Authenticator

When you first receive your device you must "synchronise" your online account with the serial no (which is reproduced on a sticker on the back).  Since time is universal and the serial no never changes, the WoW server and the device both have access to the same two variables.

The server and authenticator both generate a code based on the current time and serial number. These are then concatenated together to come up with one long sequence of numbers, like so:
Sum of know values = [Current Time] + [Authenticator Serial No] 
which could be: 
Sum of known values = 12:37 + 1412668222
so you would end up with a number like 12371412668222 which both the authenticator and the server could generate given a specific time.

The problem with this is that this number can be captured by anyone through a variety of methods: looking at your screen, installing a keylogger, phishing, or any number of other attack.

To mitigate this the number is encrypted  using either DES, 3DES or AES as supported by the device which will turn it into something meaningless, such as: 63634545.

Because both devices (the server and authenticator) generate these numbers separately, at the same time, and encrypt using the same algorithm, both will calculate the same result. This makes full use of the powerful combination of something you know - your username and password, which something you have - your authenticator.  A step similarly introduced into google accounts 2-step verification.

To mitigate the user taking a while to submit their code it's likely the WoW server will accept a range of numbers, from a couple of minutes prior to the actual time.

This provides the following advantages:
  • The serial number is never sent over the wire in plain text so cannot be captured
  • The key changes with the time and whether it has been used, so being captured over the wire is useless as it must be used straight away and cannot be used again
  • Unless the attacker can collect a lot of keys - the serial no cannot be reverse engineered
I hope I've explained how these devices work, and shown how it's possible to manufacture these devices for pennies while thwarting a range of attack vectors.

Some sources used for this article: