An Impersonation Attack on One-Time Password Authentication Protocol OSPA

Takasuke TSUJI  Akihiro SHIMIZU  

IEICE TRANSACTIONS on Communications   Vol.E86-B    No.7    pp.2182-2185
Publication Date: 2003/07/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
cryptography,  hash function,  password authentication,  one-time password,  

Full Text: PDF>>
Buy this Article

User authentication is necessary on the Internet and in mobile communications to protect the legal user's rights. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk impersonation attacks because those protocols use two verifiers every session. The OSPA (Optimal Strong-Password Authentication) method is a one-time password method which prevents stolen-verifier problems, replay attacks, and denial of service attacks. In this letter, we devise an impersonation attack on the OSPA method and discuss how to break down the OSPA method.