For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
One-Time Password Authentication Protocol against Theft Attacks
Takasuke TSUJI Akihiro SHIMIZU
IEICE TRANSACTIONS on Communications
Publication Date: 2004/03/01
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on Internet Technology IV)
password authentication, one-time password, stolen-verifier problem, Internet protocol,
Full Text: PDF(211.8KB)>>
Software applications for the transfer of money or personal information are increasingly common on the Internet. These applications require user authentication for confirming legitimate users. One-time password authentication methods risk a stolen-verifier problem or other steal attacks because the authentication on the Internet server stores the user's verifiers and secret keys. The SAS-2 (Simple And Secure password authentication protocol, ver.2) and the ROSI (RObust and SImple password authentication protocol) are secure password authentication protocols. However, we have found attacks on SAS-2 and ROSI. Here, we propose a new method which eliminates such problems without increasing the processing load and can perform high security level same as S/Key systems without resetting the verifier.