Abstract
Hash chains have been used as OTP generators. Lamport hashes have an intensive computation cost and a chain length restriction. A solution for signature chains addressed this by involving public key techniques, which increased the average computation cost. Although a later idea reduced the user computation by sharing it with the host, it couldn’t overcome the length limitation. The scheme proposed by Chefranov to eliminate the length restriction had a deficiency in the communication cost overhead. We here present an algorithm that overcomes all of these shortcomings by involving two different nested hash chains: one dedicated to seed updating and the other used for OTP production. Our algorithm provides forward and non-restricted OTP generation. We propose a random challenge–response operation mode. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Kim, H., Lee, H., Lee, K., Jun, M.: A Design of One–Time Password Mechanism Using Public Key Infrastructure. In: Networked Computing and Advanced Information Management, vol. 1, pp. 18–24 (2008)
Lamport, L.: Password Authentication with Insecure Communication. Comm. ACM 24(11), 770–772 (1981)
Haller, N.: The S/KEY One–Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151–157 (1994)
RSA SecurID, http://www.rsa.com/node.aspx?id=1156 (Accessed: May 04, 2010)
Rivest, R., Shamir, A.: Payword and micro–mint: Two simple micropayment schemes, pp. 7–11 (1996)
Chefranov, A.: One–Time Password Authentication with Infinite Hash Chains, Novel Algorithms and Techniques. In: Tele-Communications, Automation and Industrial Electronics, pp. 283–286 (2008)
Goyal, V., Abraham, A., Sanyal, S., Han, S.: The N/R one time password system. In: Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 733–738 (2005)
Bicakci, K., Baykal, N.: Infinite length hash chains and their applications. In: Proceedings of 1th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborating Enterprises (WETICE 2002), pp. 57–61 (2002)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public–key cryptosystems. Communications of the ACM (1978)
Khan, M., Alghathbar, K.: Cryptanalysis and Security Improvements of Two–Factor User Authentication in Wireless Sensor Networks. In: Sensors, vol. 10(3), pp. 2450–2459 (2010)
Yeh, T., Shen, H., Hwang, J.: A secure one–time password authentication scheme using smart cards. IEICE Trans. in Commun. E85–B(11), 2515–2518 (2002)
Yum, D., Lee, P.: Cryptanalysis of Yeh–Shen–Hwang’s one–time password authentication scheme. IEICE Trans. Commun. E88–B(4), 1647–1648 (2005)
Aloul, F., Zahidi, S., El–Hajj, W.: Two factor authentication using mobile phones. In: IEEE/ACS International Conference on Digital Object Identifier, pp. 641–644 (2009)
Raddum, H., Nestås, L., Hole, K.: Security Analysis of Mobile Phones Used as OTP Generators. In: IFIP International Federation for Information Processing, pp. 324–331 (2010)
Khan, M.K.: Fingerprint Biometric–based Self and Deniable Authentication Schemes for the Electronic World. IETE Technical Review 26(3), 191–195 (2009)
Khan, M.K., Zhang, J.: Improving the Security of A Flexible Biometrics Remote User Authentication Scheme. In: Computer Standards and Interfaces (CSI), vol. 29(1), pp. 84–87. Elsevier Science, UK (2007)
Eldefrawy, M.H., Khan, M.K., Alghathbar, K., Cho, E.-S.: Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem. Sensors 10(9), 8683–8695 (2010)
Mitchell, C., Chen, L.: Comments on the S/KEY user authentication scheme. ACM Operating System Review 30(4), 12–16 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eldefrawy, M.H., Khan, M.K., Alghathbar, K. (2010). One-Time Password System with Infinite Nested Hash Chains. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)