Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mobile Wireless Middleware, Operating Systems, and Applications

MOBILWARE 2010: Mobile Wireless Middleware, Operating Systems, and Applications pp 3–16Cite as

A Secure Mobile OTP Token

  • Conference paper

Abstract

Implementing a mobile One-time Password (OTP) Token on a cellular phone is a hot topic since the past few years. The proposed solutions had made certain improvements on network security. But none of them can fully prevent the OTP seed (K) tracing from MIMT OTP code interception or Shoulder-surfing security attacks while also meet the following criteria – fully compliant with existing authentication systems, inter-operable with other token and easy to deploy or support. This paper presents a cipher called Rubbing Encryption Algorithm (REAL) and the implementation of a Mobile OTP Token using this algorithm. The newly designed REAL Mobile OTP Token addresses and improves the aforementioned issues successfully.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. RSA.: RSA SecureID, Software Authenticator, http://www.rsa.com/node.aspx?id=1313

  2. Mizuno, S., Yamada, K., Takahashi, K.: Authentication Using Multiple Communication Channels. In: DIM 2005, November 11 (2005)

    Google Scholar 

  3. Kostiainen, K., Ekberg, J.E., Asokan, N.: On-board Credentials with Open Provisioning. In: ASIACCS 2009 (March 2009)

    Google Scholar 

  4. Wikipedia.: Two-factor Authentication – Challenges, http://en.wikipidia.org/wiki/two-factor_authentication

  5. M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D. Ranen, O.: HOTP: An HMAC-Based One-time Password Algorithm, The Internet Society, Network Working Group. RFC4226 (December 2005)

    Google Scholar 

  6. Initiative for Open AuTHentication.: Oath Vision, http://www.openauthentication.org/about

  7. Verisign.: Authentication for Business Partners and the Mobile Workforce, http://www.verisign.com/authentication/enterprise-authentication/enterprise-otp/

  8. Deepnet Security: MobileID - A Mbile, To-way and To-factor Athentication, http://www.deepnetsecurity.com/products2/MobileID.asp

  9. Aloul, F., Zahidi, S., El-Hajj, W.: Two Factor Authentication Using Mobile Phones. In: 2009 IEEE/ACS International Conference on Computer Systems and Applications (2009)

    Google Scholar 

  10. Liao, K., Sung, M., Lee, W., Lin, T.: A One-Time Password Scheme with QR-Code Based on Mobile Phone, doi: 10.1109/NCM.2009.324

    Google Scholar 

  11. Liberty Aliance Project: Liberty Alliance, http://www.projectliberty.org/

  12. FreeAuthProject.: The FreeAuth Project, http://www.freeauth.org/site

  13. Abe, T., Itosh, H., Takahashi, K.: Implementing Identity Provider on Mobile Phone. In: DIM 2007, November 2 (2007)

    Google Scholar 

  14. Haverinen, H., Asokan, N., Maattanen, T.: Authentication and Key Generation for Mobile IP Using GSM Authentication and Roaming. In: ICC 2001 (2001)

    Google Scholar 

  15. Hallsteinsen, S., Jorstad, I., Thanh, D.: Using the Mobile Phone as s Security Token for Unified Authentication. In: ICSNC 2007. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  16. Thanh, D., Jonvik, T., Feng, B., Thuan, D., Jorstad, I.: Simple Strong Authentication for Internet Applications Using Mobile Phones. IEEE GLOBECOM (2008)

    Google Scholar 

  17. Wangensteen, A., Lunde, L., Jorstad, I., Thanh, D.: A Generic Authentication System Based on SIM. In: The International Conference on Internet Surveillance and Protection, ICISP 2006 (2006)

    Google Scholar 

  18. Thanh, D., Jonvik, T., Thuan, D., Jorstad, I.: Enhancing Internet Service Security Using GSM SIM Authentication. In: IEEE GLOBECOM (2006)

    Google Scholar 

  19. Stinson, D.: Cryptography – Theory and Practice, pp. 44–67. CRC Press, Boca Raton (1995)

    MATH  Google Scholar 

  20. Shastri, A., Govil, R.: Optimal Discrete Entropy. Applied Mathematics E-Notes 1, 73–76 (2001)

    MathSciNet  MATH  Google Scholar 

  21. International Organization for Standardization.: ISO/IEC 7810:2003. November 17 (2009)

    Google Scholar 

  22. Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  23. Wikipedia.: Man-in-the-middle Attack (April 15, 2010), http://en.wikipedia.org/wiki/Man_in_the_middle_attack

  24. Wikipedia.: Shoulder Surfing (Computer Security) (April 15, 2010), http://en.wikipedia.org/wiki/Shoulder_surfing_computer_security

  25. Schneier, B.: The Failure of Two-factor Authentication. Communications of the ACM (April 2005)

    Google Scholar 

  26. Cheng, F.: A Novel Rubbing Encryption Algorithm and The Implementation of the Web-based One-time Password Token. In: COMPSAC 2010, July 19 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. International Technological University and FPC Consultancy, Los Altos Hills, California, USA

    Fred Cheng

Authors
  1. Fred Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Iowa State University, 50011, Ames, IA, USA

    Ying Cai

  2. Institute for Telecommunications Systems, Chair for Next Generations Networks, Technische Universität Berlin, Franklinstr. 28/29, 10587, Berlin, Germany

    Thomas Magedanz

  3. Department of Computer Science and Engineering, Shanghai JiaoTong University, 1954 Huashan Road, Shanghai, China

    Minglu Li

  4. Department of Computer Engineering, San Jose State Univesity, 95192, San Jose, CA, USA

    Jinchun Xia

  5. Dipartimento di Informatica, Elettronica e Sistemistica, University of Bologna, 40136, Bologna, Italy

    Carlo Giannelli

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Cheng, F. (2010). A Secure Mobile OTP Token. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds) Mobile Wireless Middleware, Operating Systems, and Applications. MOBILWARE 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 48. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17758-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17758-3_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17757-6

  • Online ISBN: 978-3-642-17758-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation