For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
A Secure One-Time Password Authentication Scheme Using Smart Cards
Tzu-Chang YEH Hsiao-Yun SHEN Jing-Jang HWANG
IEICE TRANSACTIONS on Communications
Publication Date: 2002/11/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
authentication, one-time password, smart card, replay attack, off-line dictionary attack,
Full Text: PDF(122.7KB)>>
Using the great one-time password concept, the widely utilized one-way authentication scheme S/Key provides well protection against replay attacks. In this paper, S/key is enhanced to secure transactions in a critical environment. The proposed scheme is free from any of server spoofing attacks, preplay attacks, and off-line dictionary attacks. A session key here is also established to provide confidentiality. Moreover, simplicity and efficiency are taken into consideration from the user's point of view. A smart card is applied to simplify the user login process and only the hash function is used to keep its efficiency. Therefore, the scheme proposed hereinafter is able to build a safer shield for sensitive transactions like on-line banking or on-line trading in bonds and securities.