DOI QR코드

DOI QR Code

The Development of a One-time Password Mechanism Improving on S/KEY

S/KEY를 개선한 일회용 패스워드 메커니즘 개발

  • 박중길 (충남대학교 컴퓨터과학과)
  • Published : 1999.06.01

Abstract

In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

이 논문에서는 S/KEY 메커니즘에서 사용 횟수 제한과 사전에 키를 만들어 저장해야 하는 중요한 문제점을 해결한 일회용 패스워드 메커니즘을 제안하다. 제안한 일회용 패스워드로부터 인증용키를 생성함으로써 인증용 키관리를 용이하게 하고, 인증과 더불어 클라이언트와 서버간의 통신 세션키의 분배도 가능하게 한다. 그리고 제안한 메커니즘은 스마트 카드를 이용함으로 인증 정보의 보호 및 관리가 용이하며, 서버의 challenge가 없는 클라이언트에서 서버로의 단방향 인증을 필요로 하는 시스템에 바로 적용된다. In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

Keywords

References

  1. GPS120 Application Programmer's Guide v.12 Gemplus
  2. GPS120 User's Guide Gemplus
  3. GPS120 Reference Guide Gemplus
  4. HYUNDAI COS(HYC 201/802) User's Guide 현대전자(주)
  5. 한국통신정보보호학회 종합학술발표회 논문집 v.5 no.1 스마트 카드 시스템의 보안 기능 분석 및 설계에 관한 고찰 신진원;권태경;송수적
  6. OnceID and Oasis
  7. One-Time Passcode Software for User Authentication
  8. SecurID Tokens Datasheet
  9. Description of The S/KEY One-Time Password System Neil M. Haller;Philip R. Karn
  10. 패스워드 누출방지 기술
  11. Computer Communication Security Warwick Ford
  12. 통신망 정보 보호(Network and Internetwork Security Principles and Practice) 최용락;소우영;이재광;이임영
  13. Applied Cryptography Bruce Schneier
  14. Network and Internetwork Security William Stallings