A One-Time Password Authentication Method for Low Spec Machines and on Internet Protocols

Takasuke TSUJI  Akihiro SHIMIZU  

IEICE TRANSACTIONS on Communications   Vol.E87-B    No.6    pp.1594-1600
Publication Date: 2004/06/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Internet
cryptography,  hash function,  password authentication,  one-time password,  

Full Text: PDF>>
Buy this Article

Applications for transforming money or personal information are increasingly common on the Internet and in mobile communications. These applications require user authentication for confirming legal users. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk attacks because those protocols use two verifiers every session. The SAS (Simple And Secure password authentication protocol) is a one-time password authentication method that the method uses a hash function five times, but it requires high overhead on low spec machines. In this paper, we propose a new method, SAS-2, which reduces overhead of hash function adaptation by 40%. This method has a mutual authentication phase, which maintains synchronous data communications in its authentication procedure. Moreover, SAS-2 can be applied to key-free systems.