Challenge-Response Application in E-banking

Question

Why is it important that Alice doesn't know K? What could happen if Alice knew K?

Answer 1

Thanks to comments from @Anders (thx!), I'm unsure if the password generator is a shared service or a personal authentication token like digipass or SecureID.

Password generator is a shared service

In this situation, Alice can only get the signed response H(R,K) by proving to the password generator that she is Alice by presenting her PIN. If Alice knew K, then she could calculate H(R,K) on her own. This would allow Alice to pose as any user to Bob. The communication would be:

1. Alice --> Bob: I'm Joe User
2. Bob --> Alice: R
3. Alice --> Bob: H(R,K) which Alice calculated on her own

Alice has now successfully spoofed Joe User.

Password generator is a personal authentication token

In this situation, the token is being used to implement 2FA. The something you know factor is Alice's PIN, and the something you have factor is the authentication token. If Alice knows the K that is stored on her token, then she can compute H(R,K) on her own. This would allow her to log into the system using only a single factor, namely something that she knows. While there are two somethings: her PIN and K, it is still only the something you know factor. As the whole point of the token is to implement 2FA, K must be kept secret from Alice.