Attack on the GridCode one-time password
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Mobile Networks and Applications
Data-minimizing authentication goes mobile
CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
User authentication is one of the fundamental procedures to ensure secure communications and share system resources over an insecure public network channel. Especially, the purpose of the one-time password is to make it more difficult to gain unauthorized access to restricted resources. Instead of using the password file as conventional authentication systems, many researchers have devoted to implement various one-time password schemes using smart cards, time-synchronized token or short message service in order to reduce the risk of tampering and maintenance cost. However, these schemes are impractical because of the far from ubiquitous hardware devices or the infrastructure requirements. To remedy these weaknesses, the attraction of the QR code technique can be introduced into our one-time password authentication protocol. Not the same as before, the proposed scheme based on QR code not only eliminates the usage of the password verification table, but also is a cost effective solution since most internet users already have mobile phones.