A One-Time Password System

Haller, N.; Metz, Craig; Nesser, Petter; Straw, M.

doi:10.17487/rfc1938

Cited by 147 publications

(71 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Our MRP shares some similarities with protocols based on hash chains (e.g., TESLA [HPJ02], OTP (S/Key) [HMNS98], Lamport authentication [Lam81]). These protocols can adapt to different data structures such as hash trees (see for example, Merkle signatures [Mer89] and Merkle tree traversal [Szy04]) and can be turned into dynamic ones (consult Naor and Yung [NY89]).…”

Section: Discussionmentioning

confidence: 98%

A Message Recognition Protocol Based on Standard Assumptions

Mashatan

Vaudenay

2010

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. We look at the problem of designing Message Recognition Protocols (MRP) and note that all proposals available in the literature have relied on security proofs which hold in the random oracle model or are based on non-standard assumptions. Incorporating random coins, we propose a new MRP using a pseudorandom function F and prove its security based on new assumptions. Then, we show that these new assumptions are equivalent to the standard notions of preimage resistance, second preimage resistance, and existential unforgeability given that F is a pseudorandom function.

show abstract

Section: Discussionmentioning

confidence: 98%

A Message Recognition Protocol Based on Standard Assumptions

Mashatan

Vaudenay

2010

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…Observe that c works as parameter for the choice of the seed to be used. Concerning the hash function H, we observe that the approaches followed in previous schemes [14,15,23,25] use cryptographic hash functions which satisfy the collision-resistant property, that is, it should be hard for an attacker to find a message such that its hash value equals a given value. In our scheme, this requirement is not necessary.…”

Section: The Dccn Generation Schemementioning

confidence: 99%

Implementing disposable credit card numbers by mobile phones

Buccafurri

Lax

2011

Electron Commer Res

View full text Add to dashboard Cite

Disposable credit card numbers are a recent approach to tackling the severe problem of credit card fraud, nowadays constantly growing, especially in the context of e-commerce payments. Whenever we cannot rely on a secure communication channel between cardholder and issuer, a possibility is to generate new numbers on the basis of some common scheme, starting from a shared secret information. However, in order to make the approach meaningful from a practical point of view, the solution should guarantee backward compatibility with the current system, absence of new investments in dedicated hardware, wide-spectrum usability, and adequate security level. In this paper, we propose a solution based on the use of standard mobile phones, fully meeting the above desiderata. Importantly, our solution does not require any cryptographic support and, as a consequence, the use of PADs or smart phones, opening then its usability to a wider potential market.Key words Credit card payments -credit card fraud -disposable credit card numbers -secure payments.

show abstract

“…Haller et al [20] implemented the aforementioned scheme as S/KEY authentication. The implementation relies on 64-bit numbers, but these are mapped to words of varying length to reduce the burden on the user.…”

Section: Introductionmentioning

confidence: 99%

ZeTA-Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology

Gutmann

Renaud

Maguire

et al. 2016

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Abstract-Reliable authentication requires the devices and channels involved in the process to be trustworthy; otherwise authentication secrets can easily be compromised. Given the unceasing efforts of attackers worldwide such trustworthiness is increasingly not a given. A variety of technical solutions, such as utilising multiple devices/channels and verification protocols, has the potential to mitigate the threat of untrusted communications to a certain extent. Yet such technical solutions make two assumptions: (1) users have access to multiple devices and (2) attackers will not resort to hacking the human, using social engineering techniques. In this paper, we propose and explore the potential of using human-based computation instead of solely technical solutions to mitigate the threat of untrusted devices and channels. ZeTA (Zero Trust Authentication on untrusted channels) has the potential to allow people to authenticate despite compromised channels or communications and easily observed usage. Our contributions are threefold: (1) We propose the ZeTA protocol with a formal definition and security analysis that utilises semantics and human-based computation to ameliorate the problem of untrusted devices and channels. (2) We outline a security analysis to assess the envisaged performance of the proposed authentication protocol. (3) We report on a usability study that explores the viability of relying on human computation in this context.

show abstract

A One-Time Password System

Cited by 147 publications

References 5 publications

A Message Recognition Protocol Based on Standard Assumptions

A Message Recognition Protocol Based on Standard Assumptions

Implementing disposable credit card numbers by mobile phones

ZeTA-Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology

Contact Info

Product

Resources

About