Mobile One Time PasswordsMobile-OTPstrong, two-factor authentication with mobile phonesStandard phone and BlackBerry (J2ME) iPhone Google Android Windows Phone 7 PalmOS webOS Maemo Openmoko Universal Web App Windows Linux MacOS |
last update of this site: December 16th, 2024
Mobile-OTP is a free "strong authentication" solution for java capable mobile devices like phones or PDAs. The solution is based on time synchronous one time passwords.
It consists of a client component (a J2ME MIDlet) and a server component (a unix shell script). The server component can easily be plugged into free RADIUS servers like XTRadius to authenticate users at routers, firewalls, web servers, access points, unix machines, etc.
Mobile-OTP was introduced in 2003. As of 2012 there are more than 40 independent implementations of the Mobile-OTP algorithm making it a de facto standard for strong mobile authentication. See Add-Ons and Links for various contributions to the project.
On the server side you will need the shell script:
You should also download the RADIUS server found at XTRadius (FreeRADIUS is also possible, see below).
There are also token clients for iPhone, Android, PalmOS and Openmoko in the Add-Ons and Links sections.
The MIDlet is also available for direct download at www.getjar.com.
To install and configure your authentication server, take the following steps:
Important security information for the use with FreeRADIUS:
To find out the offset between a token and the server, do the following:
Full blown RADIUS server specifically for Mobile-OTP. Features include:
Download it at github.
Potato is an authentication server integrated with Freeradius and Active Directory.
Sebastian Korff wrote a PAM module for Linux and Solaris that can be used for login authentication locally without a RADIUS server. You do not even need otpverify.sh. The package includes the complete server components.
You can download it here. Use this PAM module to authenticate users for Unix shell access (typically via SSH).
Thanks go to Per Dalgas Jakobsen for contributing to version 0.4 and to Adrian Huryn for 0.5 (see CHANGELOG for details).
To simplify server integration, Vaidas Jablonskis provided us with RPMs (source, i386, x86_64) for the pam_mobile_otp module, including "motp-manager", a shell script to simplify user management.
As an alternative to a compiled PAM module you can also use PAM-script instead.
He also wrote a rlm_perl script to use with RADIUS.
Mobile-OTP is also available as a pre-compiled PAM-module for Nokia's IPSO operating system. Download the Nokia package here motp-0.2.tgz. It can be installed with 'newpkg' as any other Nokia package. Configuration can be done through the IPSO web interface Voyager!
Ralf Neumann donated a php function to authenticate Mobile-OTP tokens on web servers with PHP.
Mind everyone that the Perl and php versions are not complete, as they do not verify if a password has already been used ...
André Liechti supplied us with an even more extended version, that plugs easily into FreeRADIUS (see description as well as security information for FreeRADIUS in section Installation).
Anthony E provided us with a Mobile-OTP token client for PalmOS (new version 1.1).
You can download and install an alternative J2ME midlet by Adam Kulagowski: jad jar src.
After getting quite a lot of requests on this, I just had to write a native version for Android. It is not on the market but you can download it from here (point your phone's browser to http://motp.sf.net/Mobile-OTP.apk)
You will also find two more Mobile-OTP for Android on the market, supporting multiple profiles (see Links).
To quickly test your server installations you can use this simple token emulator in javascript by Sebastian Korff.
This is a Mobile-OTP token client that will run as a Web App on any device with a Javascript enabled browser and an Internet connection.
It can be used to run on currently unsupported client devices (like phones with Windows Mobile/CE).
News
(2024-12-16): Ivan published a CLI Mobile-OTP implementation (see Links)
(2024-04-17): Tingfeng ported Mobile-OTP to Dart (see Links)
(2024-01-03): Adrian published a GUI for Moblie-OTP in Python on Github (see Links)
(2022-10-01): André from multiOTP released genOTP, a useful npm package to generate OTP codes (see Links)
(2020-02-11): pfSense supports Mobile-OTP (see Links)
(2020-02-09): python-mOTP - Command-line client for generating Mobile-OTP / mOTP codes (see Links)
(2018-09-29): WaWision by Xentral ERP supports Mobile-OTP (see Links)
(2018-09-29): MobileOTP for Indeed-ID (see Links)
(2018-01-06): bOTP - new Mobile-OTP app for iPhone (see Links)
(2017-11-21): imOTP - DroidOTP for iPhone (see Links)
(2015-01-24): OTPme - auth system that aims for usability (see Links)
(2014-12-27): New Android and iOS tokens by Swiss SafeLab (see Links)
(2014-12-20): Andreas Albang ported the verify function to C# (see Add-Ons section)
(2014-08-12): Mac OS token by Tom Early (see Links)
(2014-08-09): TOKEN2 - simple 2-factor authentication for web sites with Mobile-OTP support (see Links)
(2014-07-05): privacyIDEA - new authentication server with Mobile-OTP support (see Links)
(2014-05-17): mysql-motp - authentication function for MySQL (see Links)
(2014-04-27): QR code based provisioning - URI format and sample Android token app at Emin's site (see Links)
(2014-02-02): openvpn-otp - an OpenVPN plugin with Mobile-OTP support (see Links)
Click for older news
Index
Introduction
Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, forgotten, written down and stolen, eavesdropped or deliberately being told to other people.
A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords. Instead of authenticating with a simple password, each user carries a device ("token") to generate passwords that are valid only one time. Commercially available tokens look like pocket calculators or key fobs with a display and a keypad.
To generate a one time password, the user has to enter his personal PIN into the device. So the authentication is based on two factors: the token device and a PIN ("something you have and something you know").
This is obviously more secure than just a password, as an attacker needs to get hold of both the PIN as well as the token device. In addition, eavesdropping on a password that is valid only one time, is of no use to the attacker.
On the other hand, the drawback of strong authentication is, that every user has to be provided with a token device. This can be quite expensive.
Fortunately mobile phones that are capable of running java applets are becoming more and more widely spread. It stands to reason to use your mobile phone as an authentication token ...
The shell script should run without modification on any BSD-Unix or Linux. The java MIDlet should be compatible to any java enabled mobile phone (Nokia, Siemens, Motorola, Sony, BlackBerry, etc.).
The MIDlet, server-script and RADIUS server are freely available under the terms of GPL.How it's done
The MIDlet generates one time passwords by hashing the following data with MD5:
When entering a PIN, the MIDlet displays the first 6 digits of the MD5-hash. This is the one time password. The password can be verified by the server, as the server also knows the current time, Init-Secret and PIN of the user.
To compensate time differences, the server will accept passwords from 3 minutes in the past to 3 minutes in the future. In addition, different time offsets can be specified for each user on the token and/or the server. Each password will be accepted only once. After 8 successive failed authentication attempts a user gets locked out.
Authentication is based on two factors: a PIN known by the user and the Init-Secret stored on the mobile device.
Downloads
On the client side you will need the java MIDlet:OTA install
Just open http://motp.sf.net/MobileOTP.jad in your phone's WAP-browser.
Just enter 2990 at their WAP-Download-Page.Source
You can also compile the java MIDlet yourself. Here is the source: MobileOTP.java. You will also need the MD5 implementation in java by Santeri Paavolainen MD5.java.
Installation
This section describes the installation and configuration of the MIDlet and the server. Installation of the MIDlet is straight forward. Installation of the server takes a little bit more time but can be done in under an hour.
Client-Installation (token)
Load the MIDlet on the devices you plan to use. Installation of the .jar and .jad file is vendor specific. Usually java enabled phones come with some kind of application installer for PCs that allows to install MIDlets over IrDA or serial cable.
When the MIDlet is installed, run it. You can enter PINs to generate one time passwords, but to use them you will need to initialize the device first and write the Init-Secret into the appropriate user-record on the authentication server.
To initialize the token, press 0000. Enter an arbitrary sequence of 25 keys as a random seed. The Init-Secret that will be shown is not to be written down anywhere else but the server itself. You cannot display it again. If you press 0000 any time later, the initialization string will change, i.e. the device will be re-initialized. The initialization of a device should always be done by the administrator of the authentication server, not the user himself. A user does not need to know the Init-Secret.
Server-Installation (authentication server)
This section describes how to install XTRadius with otpverify.sh. The
result is a RADIUS server that supports strong authentication with
Mobile-OTP tokens.
Back in 2003 this was the original server implementation. As of today
there are many alternatives. You might want to look at the
Mobile-OTP Authentication Server (MOTP-AS) or the Mobile-OTP PAM
module. Both can be found in the Add-Ons section.
FreeRADIUS instead of XTRadius
it should return: FAIL
Thanks to a tip by Piotr Zazakowny it is also possibe to integrate the otpverify.sh-script with FreeRADIUS instead of the (old but working) XTRadius.
Please take a look at this example user record for the /etc/raddb/users file.
Jim Burrill provided us with a small How-To.
Please be aware that FreeRADIUS interprets the exit codes of otpverify.sh differently as intended:
otpverify.sh returns exit codes from "0" to "7". Exit codes other than "0" are failure codes. Exit code "3" signals that authentication failed because the user has been locked.
Unfortunately FreeRADIUS interprets "3" as "authentication accepted".
It is therefore necessary to change the exit codes in otpverify.sh to something not in conflict with FreeRADIUS. Exit code "0" is still good for a successful authentication. Codes above "10" are safe to use for all failures (so change "exit 3" to "exit 13" in otpverify.sh (and so on)).
FAQ
How to test if authentication works?
Before including the otpverify.sh-script into the RADIUS server, test it on the command-line:
How to synchronize server clock and token clock?
Both server and token base their time calculations on the unix epoch time (which is based on UTC), so theoretically any token should be always in sync with the server.
Unfortunately some mobile phone devices do not know which time zone they are in, so there might be in fact a difference of several hours between server and token clock.
How to trouble-shoot authentication on the RADIUS server?
After configuring the RADIUS server for external authentication through the otpverify.sh-script, you can start the RADIUS server in debug-mode by entering "radiusd -sxxy" and try to authenticate users. Use the "radtest" program for local debugging, that comes with the XTRadius distribution.
Limitations
The following limitations apply to Mobile-OTP. Not all of them are Mobile-OTP specific but are also inherent to commercial solutions.
Add-Ons
Server-Side
- authenticating users by RADIUS (and optionally PAM or Apache)
- SQL database for user/device configuration
- Administration Web Interface (for admins and users)
It comes with a user-friendly front-end allowing users to register their own tokens (while at the office).
Users enroll their tokens once while at the office and can automatically use them later for remote access.
Enrollment can be done entirely without involvement of an administrator. Potato is currently used in a productive environment with 500 users.
More information, documentation, and source code is available here: http://kelvin.nu/software/potato/
There is also a demo site here:Potato demo
Davidhai Gootvilig provided a script for Mobile-OTP.
If you have difficulties getting it to work, take a look at Gyuris Szabolcs's modular Python script for PAM.
Stanislav translated the php-version into Perl.
Edel provided us with a Python version.
Andreas Albang ported the code to C#.
And thanks to Brendon D Allen there is also a version as an MS-SQL stored procedure.
Marcus Kempe donated Mobile-OTP SQL code for PostgreSQL.
Thanks to K9Barry who modified the php-version to address this.
Client-Side
To compile it yourself, you will need this source file and the xml-layout.
To use it in a production environment, you should host the html-file on your own HTTPS based web server (as well as the file ./md5.js).
Bookmark it in the web browsers of your client devices.
The web app will store its personal secret in the cookie cache of the individual client device. This cookie will inevitably be sent to the web server, though (if not used offline). For this reason, the web server should be a trusted one and have HTTPS enabled.
The devices will be (re-)initialized by entering a 20 digit random PIN.
Links
iPhone token clients
Android token clients
Windows Phone 7 token clients
Palm token client
Maemo token client
Windows/Linux/Mac token clients
Tokens for other platforms
Other links
Email Contact
For comments and suggestions send email to mobile-otp @web.de