One-Time Password Authentication Protocol against Theft Attacks

Takasuke TSUJI  Akihiro SHIMIZU  

Publication
IEICE TRANSACTIONS on Communications   Vol.E87-B   No.3   pp.523-529
Publication Date: 2004/03/01
Online ISSN: 
DOI: 
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on Internet Technology IV)
Category: Security
Keyword: 
password authentication,  one-time password,  stolen-verifier problem,  Internet protocol,  

Full Text: PDF(211.8KB)>>
Buy this Article




Summary: 
Software applications for the transfer of money or personal information are increasingly common on the Internet. These applications require user authentication for confirming legitimate users. One-time password authentication methods risk a stolen-verifier problem or other steal attacks because the authentication on the Internet server stores the user's verifiers and secret keys. The SAS-2 (Simple And Secure password authentication protocol, ver.2) and the ROSI (RObust and SImple password authentication protocol) are secure password authentication protocols. However, we have found attacks on SAS-2 and ROSI. Here, we propose a new method which eliminates such problems without increasing the processing load and can perform high security level same as S/Key systems without resetting the verifier.