For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
An Impersonation Attack on One-Time Password Authentication Protocol OSPA
Takasuke TSUJI Akihiro SHIMIZU
IEICE TRANSACTIONS on Communications
Publication Date: 2003/07/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
cryptography, hash function, password authentication, one-time password,
Full Text: PDF(144.3KB)>>
User authentication is necessary on the Internet and in mobile communications to protect the legal user's rights. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk impersonation attacks because those protocols use two verifiers every session. The OSPA (Optimal Strong-Password Authentication) method is a one-time password method which prevents stolen-verifier problems, replay attacks, and denial of service attacks. In this letter, we devise an impersonation attack on the OSPA method and discuss how to break down the OSPA method.