Password authentication with insecure communication
Communications of the ACM
Cryptography: Theory and Practice
Cryptography: Theory and Practice
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Authentication using multiple communication channels
Proceedings of the 2005 workshop on Digital identity management
A Generic Authentication System based on SIM
ICISP '06 Proceedings of the International Conference on Internet Surveillance and Protection
KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Using the mobile phone as a security token for unified authentication
ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
Implementing identity provider on mobile phone
Proceedings of the 2007 ACM workshop on Digital identity management
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Accessing Password-Protected Resources without the Password
CSIE '09 Proceedings of the 2009 WRI World Congress on Computer Science and Information Engineering - Volume 04
A One-Time Password Scheme with QR-Code Based on Mobile Phone
NCM '09 Proceedings of the 2009 Fifth International Joint Conference on INC, IMS and IDC
A Novel Rubbing Encryption Algorithm and the Implementation of a Web Based One-Time Password Token
COMPSAC '10 Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference
| Hi-index | 0.00 |
One-time Password (OTP) Token has become one of the main stream security products during the past few years. OTP Token can automatically generate a random password. It is especially popular to be used with the Two-factor Authentication (2FA) system. OTP Token has proliferated into many different form factors such as standalone token, PC, PDA, cellular phone and Cloud-based token. But most of the implementation has their short comings with high token cost, not easy to carry and high supporting or deployment cost. Certain implementations may also compromise the network security when the token is lost or stolen. Moreover, most of the tokens can be broken-in by Man-in-the-Middle Seed-tracing and Shoulder-surfing security attacks. To overcome such aforementioned issues, we propose a secure encryption algorithm --- Rubbing Encryption Algorithm (REAL). We use REAL to implement a Mobile-based and a Cloud-based OTP Token as design examples. Both of them are of high security level, lower total token cost and can resist the aforementioned security attacks as well.