• Title/Summary/Keyword: One-Time Password

Search Result 221, Processing Time 0.025 seconds

Improved Multi-layer Authentication Scheme by Merging One-time Password with Voice Biometric Factor

  • ALRUWAILI, Amal;Hendaoui, Saloua
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.346-353
    • /
    • 2021
  • In this proposal, we aim to enhance the security of systems accounts by improving the authentication techniques. We mainly intend to enhance the accuracy of the one-time passwords via including voice biometric and recognition techniques. The recognition will be performed on the server to avoid redirecting voice signatures by hackers. Further, to enhance the privacy of data and to ensure that the active user is legitimate, we propose to periodically update the activated sessions using a user-selected biometric factor. Finally, we recommend adding a pre-transaction re-authentication which will guarantee enhanced security for sensitive operations. The main novelty of this proposal is the use of the voice factor in the verification of the one-time password and the various levels of authentications for a full-security guarantee. The improvement provided by this proposal is mainly designed for sensitive applications. From conducted simulations, findings prove the efficiency of the proposed scheme in reducing the probability of hacking users' sessions.

Design and Implementation of Voice One-Time Password(V-OTP) based User Authentication Mechanism on Smart Phone (스마트폰에서 음성 정보를 이용한 일회용 패스워드(V-OTP) 기반 사용자 인증 메커니즘 설계 및 구현)

  • Cho, Sik-Wan;Lee, Hyung-Woo
    • The KIPS Transactions:PartC
    • /
    • v.18C no.2
    • /
    • pp.79-88
    • /
    • 2011
  • It is necessary for us to enhance the security service on smart phone by using voice data on authentication procedure. In this study, a voice data based one-time password generation mechanism is designed and implemented for enhancing user authentication on smart phone. After receiving a PIN value from the server, a user inputs his/her own voice biometric data using mike device on smart phone. And then this captured a voice biometric data will be used to generate one-time token on server side after verification procedures. Based on those mutual authentication steps, a voice data based one-time password(V-OTP) will be generated by client module after receiving the one-time token from the server finally. Using proposed voice one-time password mechanism, it is possible for us to provide more secure user authentication service on smart phone.

Design and Implementation of Facial Biometric Data based User Authentication System using One-Time Password Generation Mechanism (얼굴 정보 기반 일회용 패스워드 생성 메커니즘을 이용한 사용자 인증 시스템 설계 및 구현)

  • Jang, Won-Jun;Lee, Hyung-Woo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.4
    • /
    • pp.1911-1918
    • /
    • 2011
  • Internet banking, electronic financial services and internet telephony service can be available on smart phone recently. In this case, more robust authentication mechanisms should be provided for enhancing security on it. In this study, a facial biometric ID based one-time password generation mechanism is designed and implemented for enhancing user authentication on smart phone. After capturing a facial biometric data using camera module on smart phone, it is sent to server to generate one-time biometric ID. Finally one-time password will be generated by client module after receiving the one time biometric ID based challenge token from the server. Using proposed biometric ID based one-time password mechanism, it is possible for us to provide more secure user authentication service on smart phone for SIP protocol.

OTP Authentication Protocol Using Stream Cipher with Clock-Counter (클럭 카운트를 이용한 스트림 암호의 OTP 인증 프로토콜)

  • Cho, Sang-Il;Lee, Hoon-Jae;Lee, Sang-Gon;Lim, Hyo-Taek
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.10
    • /
    • pp.2113-2120
    • /
    • 2009
  • User authentication has been one of the most important part of the network system. OTP(One-Time Password) has been developed and applied to the existing authentication system. OTP makes a different password and abrogates used password each time when user is authenticated by the server. Those systems prevent stolen-key-problems which is caused by using the same key every log-in trial. Yet, OTP still has vulnerabilities. In this paper, an advanced protocol which is using clock-count method to apply a stream cipher algorithm to OTP protocols and to solve problems of existing OTP protocols is proposed.

An OTP(One Time Password) Generation Method Using the Features of Fingerprint (지문 특징을 이용한 일회용 암호키 생성기법)

  • Cha, Byung-Rae;Ko, Franz I.S.
    • The Journal of Society for e-Business Studies
    • /
    • v.13 no.1
    • /
    • pp.33-43
    • /
    • 2008
  • As the applications within Internet becoming more extensive, the security issues of those applications are appearing to be the most important concern. We have to be sure if all elements of the system are robust and perform well. Even if some small part of the system is vulnerable, it might cause the total system crash-down. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper, we propose new technique which uses the fingerprint features in order to generate one time passwords(OTPs). Fingerprint is considered to be one of the powerful personal authentication factors and it can be used for generating variable passwords for one time use. Also we performed a simulation for proposed password generation method.

  • PDF

Automatic Fortified Password Generator System Using Special Characters

  • Jeong, Junho;Kim, Jung-Sook
    • International Journal of Fuzzy Logic and Intelligent Systems
    • /
    • v.15 no.4
    • /
    • pp.295-299
    • /
    • 2015
  • The developed security scheme for user authentication, which uses both a password and the various devices, is always open by malicious user. In order to solve that problem, a keystroke dynamics is introduced. A person's keystroke has a unique pattern. That allows the use of keystroke dynamics to authenticate users. However, it has a problem to authenticate users because it has an accuracy problem. And many people use passwords, for which most of them use a simple word such as "password" or numbers such as "1234." Despite people already perceive that a simple password is not secure enough, they still use simple password because it is easy to use and to remember. And they have to use a secure password that includes special characters such as "#!($^*$)^". In this paper, we propose the automatic fortified password generator system which uses special characters and keystroke feature. At first, the keystroke feature is measured while user key in the password. After that, the feature of user's keystroke is classified. We measure the longest or the shortest interval time as user's keystroke feature. As that result, it is possible to change a simple password to a secure one simply by adding a special character to it according to the classified feature. This system is effective even when the cyber attacker knows the password.

HB+ protocol-based Smart OTP Authentication (HB+ 프로토콜 기반의 스마트 OTP 인증)

  • Shin, Ji Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.993-999
    • /
    • 2015
  • OTP(One time password) is widely used as an authentication method for financial and other security-sensitive transactions. OTP provides strong security since each password is used only one time while normal password-based authentications use passwords as long term secrets. However, OTP-based authentications relatively lack usability since they require users to hold an OTP card or generator. To overcome such a problem, smartphones start replacing OTP cards and such a method is called smart OTP. However, smart OTP inherits security vulnerabilities that smartphones have. In this paper, we propose a smart OTP authentication based on an extremely light authentication protocol called HB+. HB+ protocol is developed for low-cost devices and has small communication and computation costs. We present our solution and discuss its security, efficiency and practicality. Our contribution is providing a method to securely use smart OTP without losing its efficiency and usability.

Ad-hoc Security Authentication Technique based on Verifier (검증자 기반 Ad-hoc 보안 인증기법)

  • Lee, Cheol-Seung;Hong, Seong-Pyo;Lee, Ho-Young;Lee, Joon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.10a
    • /
    • pp.713-716
    • /
    • 2007
  • This paper suggests One-time Password key exchange authentication technique for a strong authentication based on Ad-hoc Networks and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier.

  • PDF

OTP Authentication Protocol using PingPong-128 (PingPong-128을 이용한 OTP 인증 프로토콜)

  • Lee, Jang-Chun;Lee, Hoon-Jae;Lim, Hyo-Taek;Lee, Sang-Gon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.4
    • /
    • pp.661-669
    • /
    • 2008
  • Nowadays, authentication is essential to identify the legal users in a network communication. Usually, there are few wars to achieve authentication over a publicly accessible network system in order to protect certain private data from the unauthorized users, ranging from simple ID/Password to Biometrics System. One of the most active areas in OTP(One Time Password) research today aims at exploiting OTP to provide authentication in the finance and security industry. OTP is usually discarded once it has been used. this prevents huge loophole of traditional authentication system which employs the same ID and Password every time. However this OTP system also has its weaknesses in surviving some attacks. this paper proposes an advanced OTP protocol using PingPong-128 without loop hole of pre-existing OTP.

The Development of a One-time Password Mechanism Improving on S/KEY (S/KEY를 개선한 일회용 패스워드 메커니즘 개발)

  • 박중길
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.2
    • /
    • pp.25-36
    • /
    • 1999
  • In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.