Skip to main content
SpringerLink
Log in
Book cover

Security Technology, Disaster Recovery and Business Continuity pp 161–170Cite as

One-Time Password System with Infinite Nested Hash Chains

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 122))

Abstract

Hash chains have been used as OTP generators. Lamport hashes have an intensive computation cost and a chain length restriction. A solution for signature chains addressed this by involving public key techniques, which increased the average computation cost. Although a later idea reduced the user computation by sharing it with the host, it couldn’t overcome the length limitation. The scheme proposed by Chefranov to eliminate the length restriction had a deficiency in the communication cost overhead. We here present an algorithm that overcomes all of these shortcomings by involving two different nested hash chains: one dedicated to seed updating and the other used for OTP production. Our algorithm provides forward and non-restricted OTP generation. We propose a random challenge–response operation mode. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kim, H., Lee, H., Lee, K., Jun, M.: A Design of One–Time Password Mechanism Using Public Key Infrastructure. In: Networked Computing and Advanced Information Management, vol. 1, pp. 18–24 (2008)

    Google Scholar 

  2. Lamport, L.: Password Authentication with Insecure Communication. Comm. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  3. Haller, N.: The S/KEY One–Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151–157 (1994)

    Google Scholar 

  4. RSA SecurID, http://www.rsa.com/node.aspx?id=1156 (Accessed: May 04, 2010)

  5. Rivest, R., Shamir, A.: Payword and micro–mint: Two simple micropayment schemes, pp. 7–11 (1996)

    Google Scholar 

  6. Chefranov, A.: One–Time Password Authentication with Infinite Hash Chains, Novel Algorithms and Techniques. In: Tele-Communications, Automation and Industrial Electronics, pp. 283–286 (2008)

    Google Scholar 

  7. Goyal, V., Abraham, A., Sanyal, S., Han, S.: The N/R one time password system. In: Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 733–738 (2005)

    Google Scholar 

  8. Bicakci, K., Baykal, N.: Infinite length hash chains and their applications. In: Proceedings of 1th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborating Enterprises (WETICE 2002), pp. 57–61 (2002)

    Google Scholar 

  9. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public–key cryptosystems. Communications of the ACM (1978)

    Google Scholar 

  10. Khan, M., Alghathbar, K.: Cryptanalysis and Security Improvements of Two–Factor User Authentication in Wireless Sensor Networks. In: Sensors, vol. 10(3), pp. 2450–2459 (2010)

    Google Scholar 

  11. Yeh, T., Shen, H., Hwang, J.: A secure one–time password authentication scheme using smart cards. IEICE Trans. in Commun. E85–B(11), 2515–2518 (2002)

    Google Scholar 

  12. Yum, D., Lee, P.: Cryptanalysis of Yeh–Shen–Hwang’s one–time password authentication scheme. IEICE Trans. Commun. E88–B(4), 1647–1648 (2005)

    Article  Google Scholar 

  13. Aloul, F., Zahidi, S., El–Hajj, W.: Two factor authentication using mobile phones. In: IEEE/ACS International Conference on Digital Object Identifier, pp. 641–644 (2009)

    Google Scholar 

  14. Raddum, H., Nestås, L., Hole, K.: Security Analysis of Mobile Phones Used as OTP Generators. In: IFIP International Federation for Information Processing, pp. 324–331 (2010)

    Google Scholar 

  15. Khan, M.K.: Fingerprint Biometric–based Self and Deniable Authentication Schemes for the Electronic World. IETE Technical Review 26(3), 191–195 (2009)

    Article  Google Scholar 

  16. Khan, M.K., Zhang, J.: Improving the Security of A Flexible Biometrics Remote User Authentication Scheme. In: Computer Standards and Interfaces (CSI), vol. 29(1), pp. 84–87. Elsevier Science, UK (2007)

    Google Scholar 

  17. Eldefrawy, M.H., Khan, M.K., Alghathbar, K., Cho, E.-S.: Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem. Sensors 10(9), 8683–8695 (2010)

    Article  Google Scholar 

  18. Mitchell, C., Chen, L.: Comments on the S/KEY user authentication scheme. ACM Operating System Review 30(4), 12–16 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance (CoEIA), King Saud University, Saudi Arabia

    Mohamed Hamdy Eldefrawy, Muhammad Khurram Khan & Khaled Alghathbar

  2. Information Systems Department, College of Computer and Information Sciences, King Saud University, Saudi Arabia

    Khaled Alghathbar

Authors
  1. Mohamed Hamdy Eldefrawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khaled Alghathbar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, Daejeon, South Korea

    Tai-hoon Kim

  2. National Chiao Tung University, Hsinchu, Taiwan

    Wai-chi Fang

  3. King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. Mississippi State University, Mississippi State, MS, USA

    Kirk P. Arnett

  5. Dept. of Computer Engineering, Mokwon University, 800, Doan-dong, Seo-gu, 302-729, Daejeon, Korea

    Heau-jo Kang

  6. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Eldefrawy, M.H., Khan, M.K., Alghathbar, K. (2010). One-Time Password System with Infinite Nested Hash Chains. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17610-4_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17609-8

  • Online ISBN: 978-3-642-17610-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation