Mobile one-time passwords: two-factor authentication using mobile phones

Authors:
Mohamed Hamdy Eldefrawy;Muhammad Khurram Khan;Khaled Alghathbar;Tai-Hoon Kim;Hassan Elkamchouchi
Affiliations:
Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi Arabia and Electrical Engineering Department, Faculty of Engineering, Alexandria University, Alexandria, ...;Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi Arabia;Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi Arabia and Information Systems Department, College of Computer and Information Sciences, King Saud Univer ...;Department of Multimedia, Hannam University, Daejeon, South Korea;Electrical Engineering Department, Faculty of Engineering, Alexandria University, Alexandria, Egypt
Venue:
Security and Communication Networks
Year:
2012

Citing 10
Cited 1

Comments on the S/KEY user authentication scheme

ACM SIGOPS Operating Systems Review
Password authentication with insecure communication

Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Infinite Length Hash Chains and Their Applications

WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
The N/R One Time Password System

ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
GSM Security Issues and Challenges

SNPD-SAWN '06 Proceedings of the Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Segmenting Bank Customers by Resistance to Mobile Banking

ICMB '07 Proceedings of the International Conference on the Management of Mobile Business
Using the mobile phone as a security token for unified authentication

ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
Security analysis of mobile phones used as OTP generators

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices

Smart Environment as a Service: Three Factor Cloud Based User Authentication for Telecare Medical Information System

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static password authentication has security drawbacks. In two-factor authentication (2FA,) each user carries a device, called token, to generate passwords that are valid only one time. 2FA based on one-time passwords (OTPs) provides improved protection because users are prompted to provide something they know (i.e., PIN) and something they have (i.e., token). Many systems have satisfied the 2FA requirements by sending an OTP through an SMS to the user's phone device. Unfortunately, international roaming, and SMS costs, delays, and security put restrictions on this system reliability. Also, time synchronous-based solutions are not applicable for mobile phones. In this paper, we present a novel 2FA scheme whereby multiple OTPs are being produced by utilizing an initial seed and two different nested hash chains: one dedicated to seed updating and the other used for OTP production. We overcome all the restrictions that come from other techniques. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms. Copyright © 2011 John Wiley & Sons, Ltd.