A New Secure One-Time Password Algorithm for Mobile Applications

The main goal of information security is to keep information out of unauthorized reach and modification. This can be achieved by developing policies, procedures, plans, and algorithms for achieving Confidentiality, Integrity and Authentication (CIA). Authentication assurance has become the most necessary target of information security as it is the first defense line in security systems, especially when Internet of Things (IoT) comes to the surface. IoT brings everything connected to the internet, this leads to more vulnerabilities and threats, such as authentication, integrity or authorization attacks. Traditional fixed passwords and keys make systems weaker than those use dynamically changing passwords and keys. In the past few months, Ransomware attackers exploited traditional authentication techniques on computer devices, as some attackers, first, had used some password cracking techniques to guess victim's password and then injected a trojan horse to encrypt victim's information. Without any doubt, using randomly changing strong passwords and authentication keys would make it much harder. One-time password generators that are fed with fixed data can be predictable as well. This paper introduces a new one-time password generator that is fed with randomly changing inputs. Then the proposed generator is implemented using Android-Based mobile device, after that, output is validated and assessed.