For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
A One-Time Password Authentication Method for Low Spec Machines and on Internet Protocols
Takasuke TSUJI Akihiro SHIMIZU
IEICE TRANSACTIONS on Communications
Publication Date: 2004/06/01
Print ISSN: 0916-8516
Type of Manuscript: PAPER
cryptography, hash function, password authentication, one-time password,
Full Text: PDF>>
Applications for transforming money or personal information are increasingly common on the Internet and in mobile communications. These applications require user authentication for confirming legal users. One-time password authentication methods change the verifier every time by sending the present verifier along with the next verifier. However, such methods risk attacks because those protocols use two verifiers every session. The SAS (Simple And Secure password authentication protocol) is a one-time password authentication method that the method uses a hash function five times, but it requires high overhead on low spec machines. In this paper, we propose a new method, SAS-2, which reduces overhead of hash function adaptation by 40%. This method has a mutual authentication phase, which maintains synchronous data communications in its authentication procedure. Moreover, SAS-2 can be applied to key-free systems.