Comments on the S/KEY user authentication scheme
ACM SIGOPS Operating Systems Review
Password authentication with insecure communication
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Infinite Length Hash Chains and Their Applications
WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
The N/R One Time Password System
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
GSM Security Issues and Challenges
SNPD-SAWN '06 Proceedings of the Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Segmenting Bank Customers by Resistance to Mobile Banking
ICMB '07 Proceedings of the International Conference on the Management of Mobile Business
Using the mobile phone as a security token for unified authentication
ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
Security analysis of mobile phones used as OTP generators
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Hi-index | 0.00 |
Static password authentication has security drawbacks. In two-factor authentication (2FA,) each user carries a device, called token, to generate passwords that are valid only one time. 2FA based on one-time passwords (OTPs) provides improved protection because users are prompted to provide something they know (i.e., PIN) and something they have (i.e., token). Many systems have satisfied the 2FA requirements by sending an OTP through an SMS to the user's phone device. Unfortunately, international roaming, and SMS costs, delays, and security put restrictions on this system reliability. Also, time synchronous-based solutions are not applicable for mobile phones. In this paper, we present a novel 2FA scheme whereby multiple OTPs are being produced by utilizing an initial seed and two different nested hash chains: one dedicated to seed updating and the other used for OTP production. We overcome all the restrictions that come from other techniques. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms. Copyright © 2011 John Wiley & Sons, Ltd.