Analysis of Vulnerabilities That Can Occur When Generating One-Time Password

Kim, Hyunki; Han, Juhong; Park, Chan-Il; Yi, Okyeon

doi:10.3390/app10082961

Cited by 6 publications

(14 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main challenge of non-based biometrics is explained in [77] where the impossibility of distinguishing the correlation between the ideal-random and pseudo-random sequences in the absence of unlimited computational capacity. While in some cases the clients may be unable to access the OTP codes offline or without a network (for example in an airplane during international journeys) [78].…”

Section: B In the Second Mfa Approach (Non-based Biometrics)mentioning

confidence: 99%

Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges

Mohammed¹,

Dziyauddin²,

Latiff³

2023

IJACSA

View full text Add to dashboard Cite

Now-a-days, with the rapid and broad emergence of local or remote access to services on the internet. Authentication represents an important security control requirement and the MFA is recommended to mitigate the weaknesses in the SFA. MFA techniques can be classified into two main approaches: based biometric and non-biometric approaches. However, there is a problem to maintain the tradeoff between security and accuracy. The studies that have been reviewed on both authentication mechanisms are found contradictory in the direction of others. In the direction of authentication-based biometrics the researchers tended to increase the recognition accuracy, while in the other direction, the researchers proposed to combine many authentication factors to increase the security layers. The main contribution of this survey is to review and spotlight on the current state of the arts in both authentication mechanisms to achieve a secure user identity. This paper provides a review of authentication protocols and security requirements. In addition to a detailed review with a comparison of secure one-time passcode generation and distribution. Furthermore, a comprehensive review of cancelable biometrics techniques, attacks, and requirements. Finally, providing a summary of key challenges and future research directions.

show abstract

Section: B In the Second Mfa Approach (Non-based Biometrics)mentioning

confidence: 99%

Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges

Mohammed¹,

Dziyauddin²,

Latiff³

2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…Figure 2 shows the extraction algorithms by type. It illustrates the operation of static, dynamic, and improved dynamic extraction algorithms in order, showing slight differences in their operations [1].…”

Section: Extraction Algorithmmentioning

confidence: 99%

“…This paper is a follow-up to a previous publication entitled "Analysis of Vulnerabilities That Can Occur When Generating One-Time Password" [1]; it includes multiple experimental data on vulnerability points that can occur in OTP systems. While the previous paper hypothesized and conducted experiments to derive OTP security, this follow-up paper establishes an oracle attack model and derives theoretical security from a cryptographic perspective, which is the biggest difference.…”

Section: Introductionmentioning

confidence: 99%

Analysis of Distinguishable Security between the One-Time Password Extraction Function Family and Random Function Family

Kim,

2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

A one-time password is a security system that uses a password that is only used once for authentication, and it is commonly used in multi-factor authentication systems. The process of generating an OTP is very similar to generating pseudorandom sequences in cryptography. However, since only a part of the bit string is used in OTP, an algorithm is needed to extract that part. In addition, the OTP process also includes converting the value of the bit string value into decimal form for human perception. This paper focuses on analyzing the extraction function, which is the step before the hexadecimal is reprocessed into the decimal form. We analyze a function family, which includes functions used in the process of extracting a bit string in terms of distinguishable security. As a result, we conclude that the OTP extraction function family is vulnerable in terms of distinguishable security compared to the random function family.

show abstract

“…SIM Swap attack is one more attack against SMS-based OTP, a social engineering attack in which SIM card replacement for victims’ mobile numbers is acquired. The SIM card is then linked to the mobile number of victims; thus all OTP SMS is then received by the attacker while initiating online transactions (Paper et al , 2013; Yoo, Kang and Kim, 2015; Gilsenan, 2018; Suker, 2019; Kim et al , 2020). As users travel outside of the coverage area for SMS-based two-factor authentication, they face the inconvenience they face accessing incoming SMS containing OTP (Mehraj et al , 2015).…”

Section: Open Issues and Challengesmentioning

confidence: 99%

Section: Open Issues and Challengesmentioning

confidence: 99%

A novel OTP based tripartite authentication scheme

Lone

Mir

2021

IJPCC

View full text Add to dashboard Cite

Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

show abstract

Analysis of Vulnerabilities That Can Occur When Generating One-Time Password

Cited by 6 publications

References 20 publications

Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges

Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges

Analysis of Distinguishable Security between the One-Time Password Extraction Function Family and Random Function Family

A novel OTP based tripartite authentication scheme

Contact Info

Product

Resources

About