Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지

Lamport OTP Extension using Overlapped Infinite Hash Chains

중첩된 무한 해시체인을 이용한 Lamport OTP 확장

  • 신동진 (단국대학교/컴퓨터학과 소프트웨어 보안) ;
  • 박창섭 (단국대학교/소프트웨어학과)
  • Received : 2018.04.27
  • Accepted : 2018.06.29
  • Published : 2018.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Lamport's one-time password (OTP) was originally proposed to address the weaknesses of a simple password system: fixed password, pre-shared password. However, a main weakness of Lamport's OTP is that a root hash value of a new hash chain should be re-registered after consuming all the hash values since OTP generation is based on the finite hash chain. Several studies have been conducted to solve these drawbacks, but new drawbacks such as increased burden of proof for verifiers and verifiers have been exposed. In this paper, we propose and compare a novel OTP that overlaps several short hash chains instead of one long hash chain, which is the core of existing Lamport OTP, to solve the drawbacks while maintaining the advantages of Lamport.

Lamport 일회용 패스워드(OTP)는 고정된 패스워드 그리고 패스워드의 사전공유라는 단순 패스워드가 지니는 문제점을 해결하기 위해 해시체인에 기반을 두고 있다. 하지만 Lamport 방식은 길이가 유한한 해시체인의 해시값을 OTP로 사용하기 때문에 해시체인을 구성하는 해시값들을 모두 소진한 이후에는 새로운 해시체인의 루트 해시값을 재 등록해야 한다는 단점을 가지고 있다. 이 같은 단점을 해결하기 위해 여러 연구가 진행되었으나 증명자와 검증자에 대한 계산 부담이 증가하는 등 새로운 단점이 노출되었다. 따라서 본 논문에서는 Lamport 방식의 장점을 유지하면서 동시에 단점을 해결하기 위해 기존 Lamport 방식 OTP의 핵심인 하나의 긴 해시체인 대신에 여러 개의 짧은 해시체인을 중첩 구성하는 새로운 방식의 OTP를 제안하고 비교 분석한다.

Keywords

Acknowledgement

Supported by : 한국인터넷진흥원, 한국연구제단

References

  1. Leslie Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol. 24, pp. 770-772, Nov. 1981. https://doi.org/10.1145/358790.358797
  2. N. Haller, C. Metz. P Nesser, and M Straw, "One-Time Password System", RFC 2289, Feb. 1999.
  3. D.M. Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, Dec. 2005.
  4. D.M. Raihi, S. Machani, M. Pei, and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, May. 2011.
  5. D. Coppersmith, "Almost optimal hash sequence taversal", Proceedings of the 4th Conference on Financial Cryptography, pp. 102-119, Feb. 2002
  6. M. Jakobsson, "Fractal hash sequence representation and traversal", Proceedings of the 2002 IEEE Symposium on Information Theory, Jul. 2002.
  7. M. Fischlin, "Fast verification of hash chains", Proceedings of the RSA Security Cryptographer's Track, pp. 339-352, Feb. 2004.
  8. M.H. Elderfrawy, M.K. Khan, and K. alghathbar, "Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem", Sensors, vol. 10, no. 9, pp. 8683-8695, Sep. 2010. https://doi.org/10.3390/s100908683
  9. M.H. Elderfrawy, M.K. Khan, and K. alghathbar, "One-time password authentication with infinite nested hash chains", U.S. Patent Application Publication US20130191899 a1, 2013.
  10. S. Bittl, "Efficient construction of infinite length hash chains with perfect forward secrecy using two independent hash functions", Proceedings of the 11th International Conference on Security and Cryptography, Aug. 2014.
  11. K. Bicakci, N. Baykal, "Infinite length hash chains and their applications", Proceedings of the 11th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp 57-61, Jun. 2002.Naccache, and O. ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, Dec. 2005.