Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Authentication Method with Impersonal Token Cards
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Cellular Authentication for Mobile and Internet Services
Cellular Authentication for Mobile and Internet Services
The Mobile Phone as a Multi OTP Device Using Trusted Computing
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Hi-index | 0.00 |
The Generic Authentication Architecture (GAA) is a standardised extension to the mobile authentication infrastructure that enables the provision of security services, such as key establishment, to network applications. In this paper we first show how Trusted Computing can be extended in a GAA-like framework to offer new security services. We then propose a general scheme that converts a simple static password authentication mechanism into a one-time password (OTP) system using the GAA key establishment service. The scheme employs a GAA-enabled user device and a GAA-aware server. Most importantly, unlike most OTP systems using a dedicated key-bearing token, the user device does not need to be user or server specific, and can be used in the protocol with no registration or configuration (except for the installation of the necessary application software). We also give two practical instantiations of the general scheme, building firstly on the mobile authentication infrastructure and secondly on Trusted Computing. The practical systems are secure, scalable, fit well to the multi-institution scenario, and enable the provision of ubiquitous and on-demand OTP services.