Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.6.492

OTP-Based Transaction Verification Protocol Using PUFs  

Lee, Jonghoon (숭실대학교 전자공학과 통신망보안 연구실)
Park, Minho (숭실대학교 정보통신전자공학부)
Jung, Souhwan (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.6, 2013 , pp. 492-500 More about this Journal
Abstract
The One-Time Password(OTP) Generator is used as a multi-factor authentication method to ensure secure transaction during e-Financial transaction in the bank and securities company. The OTP based e-Financial Transaction Verification Protocol ensures secure e-financial transaction through confirming the user's identity using OTP authentication information and counters not only Man-in-the-Browser(MITB) attacks but also memory hacking attacks. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing, pharming, social engineering attacks. Therefore, it needs another scheme to prevent from above threats, and this paper proposes advanced scheme using Physical Unclonable Functions(PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the hysically unclonable features of PUFs. In addition, it is impossible to clone OTP generator with hardware techniques. Consequently, the proposed protocol provides stronger and more robust authentication protocol than existing one by adding PUFs in the OTP generator.
Keywords
OTP; Authentication; PUFs; HMAC; CRPs;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. Kim, J. Seo, H. Song, S. Lee, S. Kim, and D. Won, "A secure OTP system using key input devices for financial service," in Proc. KICS Int. Conf. Commun. 2008 (KICS ICC 2012), pp. 353-357, Seoul, Korea, Nov. 2008.
2 N. Haller, C. Metz, P. Nesser, and M. Straw, "A one-time password system," IETF RFC 2289, Feb. 1998.
3 D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen, "HOTP: An HMAC-based one-time password algorithm," IETF RFC 4226, Dec. 2005.
4 H. W. Sim, W. J. Kang, and H. Y. Park, "An one time password based e-financial transaction verification protocol," TTAK.KO-12.0167, Dec. 2011.
5 G. Edward Suh and Srinivas Devadas, "Physical unclonable functions for device authentication and secret key generation," in Proc. 44th ACM Annu. Design Automation Conf. 2007, pp. 9-14, San Diego, U.S.A., June 2007.
6 J. Lee, P. Choi, and D. Kim, "The password-based authentication paradigm on M2M(번역)," Review of KIISC, vol. 22, no. 1, pp. 39-46, Feb. 2012.
7 L. Kulseng, Z. Yu, Y. Wei, and Y. Guan, "Lightweight mutual authentication and ownership transfer for RFID systems," in Proc. IEEE INFOCOM 2010, pp. 1-5, San Diego, U.S.A., Mar. 2010.
8 M. Akgün, M. S. Kiraz, and H. Demirci, "Cryptanalysis of lightweight mutual authentication and ownership Transfer for RFID System," in Proc. IEEE Lightweight Security & Privacy: Devices, Protocols and Applicat. (LightSec), pp. 20-25, Istanbul, Turkey, Mar. 2011.
9 S. W. Jung and S. Jung, "HRP: a HMAC-based RFID mutual authentication protocol using PUF," in Proc. IEEE Int. Conf. Inform Networking 2013, Bangkok, Thailand, Jan. 2013.
10 J. Shin, J. Lee, C. Jeong, and K. Ahn, "Symmetric key-based RFID mutual authentication protocol utilizing PUF," in Proc. KICS Int. Conf. Commun. 2012 (KICS ICC 2012), pp. 790-791, Jeju Island, Korea, June 2012.
11 S. Cho, H.-J. Lee, H.-T. Lim, and S.-G. Lee, "OTP authentication protocol for stream cipher using clock-counter," in Proc. KICS Int. Conf. Commun. 2008 (KICS ICC 2012), pp. 245-248, Jeju Island, Korea, July 2008.