Mobile one-time passwords: two-factor authentication using mobile phones
Security and Communication Networks
A Time and Location Information Assisted OTP Scheme
Wireless Personal Communications: An International Journal
Hi-index | 0.01 |
A new one time password system is described which is secure against eavesdropping and server database compromise at the same time. Traditionally, these properties have proven to be difficult to satisfy at the same time and only one previous scheme i.e. Lamport Hashes also called S/KEY one time password system has claimed to achieve that. Lamport hashes however have a limitation that they are computationally intensive for the client and the number of times a client may login before the system should be re-initialized is small. We address these limitations to come up with a new scheme called the N/R one time password system. The basic idea is have the server aid the client computation by inserting 'breakpoints' in the hash chains. Client computational requirements are dramatically reduced without any increase in the server computational requirements and the number of times a client may login before the system has to be reinitialized is also increased significantly. The system is particularly suited for mobile and constrained devices having limited computational power.