Abstract
Implementing a mobile One-time Password (OTP) Token on a cellular phone is a hot topic since the past few years. The proposed solutions had made certain improvements on network security. But none of them can fully prevent the OTP seed (K) tracing from MIMT OTP code interception or Shoulder-surfing security attacks while also meet the following criteria – fully compliant with existing authentication systems, inter-operable with other token and easy to deploy or support. This paper presents a cipher called Rubbing Encryption Algorithm (REAL) and the implementation of a Mobile OTP Token using this algorithm. The newly designed REAL Mobile OTP Token addresses and improves the aforementioned issues successfully.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
RSA.: RSA SecureID, Software Authenticator, http://www.rsa.com/node.aspx?id=1313
Mizuno, S., Yamada, K., Takahashi, K.: Authentication Using Multiple Communication Channels. In: DIM 2005, November 11 (2005)
Kostiainen, K., Ekberg, J.E., Asokan, N.: On-board Credentials with Open Provisioning. In: ASIACCS 2009 (March 2009)
Wikipedia.: Two-factor Authentication – Challenges, http://en.wikipidia.org/wiki/two-factor_authentication
M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D. Ranen, O.: HOTP: An HMAC-Based One-time Password Algorithm, The Internet Society, Network Working Group. RFC4226 (December 2005)
Initiative for Open AuTHentication.: Oath Vision, http://www.openauthentication.org/about
Verisign.: Authentication for Business Partners and the Mobile Workforce, http://www.verisign.com/authentication/enterprise-authentication/enterprise-otp/
Deepnet Security: MobileID - A Mbile, To-way and To-factor Athentication, http://www.deepnetsecurity.com/products2/MobileID.asp
Aloul, F., Zahidi, S., El-Hajj, W.: Two Factor Authentication Using Mobile Phones. In: 2009 IEEE/ACS International Conference on Computer Systems and Applications (2009)
Liao, K., Sung, M., Lee, W., Lin, T.: A One-Time Password Scheme with QR-Code Based on Mobile Phone, doi: 10.1109/NCM.2009.324
Liberty Aliance Project: Liberty Alliance, http://www.projectliberty.org/
FreeAuthProject.: The FreeAuth Project, http://www.freeauth.org/site
Abe, T., Itosh, H., Takahashi, K.: Implementing Identity Provider on Mobile Phone. In: DIM 2007, November 2 (2007)
Haverinen, H., Asokan, N., Maattanen, T.: Authentication and Key Generation for Mobile IP Using GSM Authentication and Roaming. In: ICC 2001 (2001)
Hallsteinsen, S., Jorstad, I., Thanh, D.: Using the Mobile Phone as s Security Token for Unified Authentication. In: ICSNC 2007. IEEE Computer Society, Los Alamitos (2007)
Thanh, D., Jonvik, T., Feng, B., Thuan, D., Jorstad, I.: Simple Strong Authentication for Internet Applications Using Mobile Phones. IEEE GLOBECOM (2008)
Wangensteen, A., Lunde, L., Jorstad, I., Thanh, D.: A Generic Authentication System Based on SIM. In: The International Conference on Internet Surveillance and Protection, ICISP 2006 (2006)
Thanh, D., Jonvik, T., Thuan, D., Jorstad, I.: Enhancing Internet Service Security Using GSM SIM Authentication. In: IEEE GLOBECOM (2006)
Stinson, D.: Cryptography – Theory and Practice, pp. 44–67. CRC Press, Boca Raton (1995)
Shastri, A., Govil, R.: Optimal Discrete Entropy. Applied Mathematics E-Notes 1, 73–76 (2001)
International Organization for Standardization.: ISO/IEC 7810:2003. November 17 (2009)
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)
Wikipedia.: Man-in-the-middle Attack (April 15, 2010), http://en.wikipedia.org/wiki/Man_in_the_middle_attack
Wikipedia.: Shoulder Surfing (Computer Security) (April 15, 2010), http://en.wikipedia.org/wiki/Shoulder_surfing_computer_security
Schneier, B.: The Failure of Two-factor Authentication. Communications of the ACM (April 2005)
Cheng, F.: A Novel Rubbing Encryption Algorithm and The Implementation of the Web-based One-time Password Token. In: COMPSAC 2010, July 19 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cheng, F. (2010). A Secure Mobile OTP Token. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds) Mobile Wireless Middleware, Operating Systems, and Applications. MOBILWARE 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 48. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17758-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-17758-3_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17757-6
Online ISBN: 978-3-642-17758-3
eBook Packages: Computer ScienceComputer Science (R0)