Mobile one-time passwords: two-factor authentication using mobile phones

被引：21

作者：

Eldefrawy, Mohamed Hamdy ^{[1
,4
]}

Khan, Muhammad Khurram ^{[1
]}

Alghathbar, Khaled ^{[1
,2
]}

Kim, Tai-Hoon ^{[3
]}

Elkamchouchi, Hassan ^{[4
]}

机构：

[1] King Saud Univ, Ctr Excellence Informat Assurance CoEIA, Riyadh 11653, Saudi Arabia

[2] King Saud Univ, Dept Informat Syst, Coll Comp & Informat Sci, Riyadh 11653, Saudi Arabia

[3] Hannam Univ, Dept Multimedia, Taejon, South Korea

[4] Univ Alexandria, Dept Elect Engn, Fac Engn, Alexandria, Egypt

来源：

SECURITY AND COMMUNICATION NETWORKS | 2012年 / 5卷 / 05期

关键词：

one-time password; nested hashing chain; two-factor authentication;

D O I：

10.1002/sec.340

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Static password authentication has security drawbacks. In two-factor authentication (2FA,) each user carries a device, called token, to generate passwords that are valid only one time. 2FA based on one-time passwords (OTPs) provides improved protection because users are prompted to provide something they know (i.e., PIN) and something they have (i.e., token). Many systems have satisfied the 2FA requirements by sending an OTP through an SMS to the user's phone device. Unfortunately, international roaming, and SMS costs, delays, and security put restrictions on this system reliability. Also, time synchronous-based solutions are not applicable for mobile phones. In this paper, we present a novel 2FA scheme whereby multiple OTPs are being produced by utilizing an initial seed and two different nested hash chains: one dedicated to seed updating and the other used for OTP production. We overcome all the restrictions that come from other techniques. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms. Copyright (c) 2011 John Wiley & Sons, Ltd.

引用

页码：508 / 516

页数：9

共 18 条

[1] Two Factor Authentication Using Mobile Phones [J].

Aloul, Fadi ;

Zahidi, Syed ;

El-Hajj, Wassim .

2009 IEEE/ACS INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS, VOLS 1 AND 2, 2009, :641-+

[2]

[Anonymous], 2016, HDB APPL CRYPTOGRAPH

[3] Infinite length hash chains and their applications [J].

Bicakci, K ;

Baykal, N .

WET ICE 2002: ELEVENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2002, :57-61

[4] One-Time Password Authentication with Infinite Hash Chains [J].

Chefranov, Alexander G. .

NOVEL ALGORITHMS AND TECHNIQUES IN TELECOMMUNICATIONS, AUTOMATION AND INDUSTRIAL ELECTRONICS, 2008, :283-286

[5] Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem [J].

Eldefrawy, Mohamed Hamdy ;

Khan, Muhammad Khurram ;

Alghathbar, Khaled ;

Cho, Eun-Suk .

SENSORS, 2010, 10 (09) :8683-8695

[6] The N/R one time password system [J].

Goyal, V ;

Abraham, A ;

Sanyal, S ;

Han, SY .

ITCC 2005: International Conference on Information Technology: Coding and Computing, Vol 1, 2005, :733-738

[7]

Haller N. M., 1994, Proceedings Internet Society Symposium on Network and Distributed System Security 1994, P151

[8]

Hallsteinsen S, 2007, INT C SYST NETW COMM, P68

[9] Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World [J].

Khan, Muhammad Khurram .

IETE TECHNICAL REVIEW, 2009, 26 (03) :191-195

[10] PASSWORD AUTHENTICATION WITH INSECURE COMMUNICATION [J].

LAMPORT, L .

COMMUNICATIONS OF THE ACM, 1981, 24 (11) :770-772

← 1 2 →