Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.5.377

QR Code Based Mobile Dual Transmission OTP System  

Seo, Se Hyeon (강원대학교 컴퓨터정보통신공학전공)
Choi, Chang Yeol (강원대학교 컴퓨터정보통신공학전공)
Lee, Goo Yeon (강원대학교 컴퓨터정보통신공학전공)
Choi, Hwang Kyu (강원대학교 컴퓨터정보통신공학전공)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.5, 2013 , pp. 377-384 More about this Journal
Abstract
In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.
Keywords
Dual Transmission; Mobile Device; QR code; Security; Two-Factor;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 W. H. Jung and Y. J. Chung, "A design of U-learning study support system using QR code," in Proc. 2010 Autumn Conf. KMMS, vol. 13, no. 2, pp. 607-610, Seoul, Korea, Nov. 2010.
2 C. H. Ko, S. H. Seo, S. A. Kim, and J. H. Seo, "Smart phone application for intelligent ID management," in Proc. 2010 Autumn Conf. KMMS, vol. 13, no. 2, pp. 641-643, Seoul, Korea, Nov. 2010.
3 J.-S. Lee, H.-N. You, C.-H. Cho, and M.-S. Jun, "A design secure QR-login user authentication protocol and assurance methods for the safety of critical data using smart," J. KICS, vol. 37, no. 10, pp. 949-964, Oct. 2012.   과학기술학회마을   DOI   ScienceOn
4 Y.-S. Jeong, S.-H. Han, and S.-S. Shin, "A study on mobile OTP generation model," J. Digital Policy Manage., vol. 10, no. 2, pp. 183-191, Mar. 2012.
5 T. I. Song and C. S. Hong, "Energy efficient password-based authenticated group key exchange protocol mechanism using trusted server," J. KIISE, vol. 39, no. 4, pp. 350-359, Aug. 2012.   과학기술학회마을
6 Y.-W. Kao, "Physical access control based on QR code," in Proc. Int. Conf. Cyber-Enabled Distributed Comput. Knowledge Discovery (CyberC 2011), pp. 285-288, Beijing, China, Oct. 2011.
7 TTA, Security Requirements for the OTP Token, Dec. 2010.
8 IETF, HOTP: An HMAC-Based One-Time Password Algorithm, RFC 4226, Dec. 2005.
9 D. H. Shin, Y. S. Choi, S. J. Park, S. J. Kim, and D. H. Won, "Cryptanalysis on the authentication mechanism of the NateOn messenger," J. KIISC, vol. 17, no. 1, pp. 67-80, Feb. 2007.   과학기술학회마을
10 Y. S. Lee, "Online banking authentication system using Mobile-OTP with QR-code," in Proc. 5th Int. Conf. Comput. Sci. Convergence Inform. Technol. (ICCIT), pp. 644-648, Dhaka, Bangladesh, Nov. 2010.
11 J.-H. Che, "A two-factor user authorization method and its implementation using TOTP and password," J. KIISC, vol. 20, no. 6, pp. 7-16, Dec. 2010.   과학기술학회마을
12 D. DeFigueiredo, "The case for mobile two-factor authentication," IEEE Security Privacy, vol. 9, no. 5, pp. 81-85, Sep. 2011.   DOI   ScienceOn
13 AIM, Uniform Symbology Specification: QR code, 1996.
14 Y.-W. Kwon, S.-H. Jung, and C.-B. Sim, "A implementation of gravestone management system based on smart phone using QR-Code," in Proc. 2011 Fall Conf. KIECS, vol. 5, no. 2, pp. 259-263, Gurye, Korea, Nov. 2011.
15 S. D. Park, Mobile authentication system and its application based on 2-dimensional barcode and OTP, M.S. thesis, Dept. Electron. Comput. Sci. Eng., Graduate School of Hanyang University, Seoul, Korea, Feb. 2009.