2020
DOI: 10.3390/app10082961
|View full text |Cite
|
Sign up to set email alerts
|

Analysis of Vulnerabilities That Can Occur When Generating One-Time Password

Abstract: A one-time password (OTP) is a password that is valid for only one login session or transaction, in IT systems or digital devices. This is one of the human-centered security services and is commonly used for multi-factor authentication. This is very similar to generating pseudo-random bit streams in cryptography. However, it is only part of what is used as OTP in the bit stream. Therefore, the OTP mechanism requires an algorithm to extract portions. It is also necessary to convert hexadecimal to decimal so tha… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
14
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
4
1

Relationship

1
4

Authors

Journals

citations
Cited by 6 publications
(14 citation statements)
references
References 20 publications
0
14
0
Order By: Relevance
“…The main challenge of non-based biometrics is explained in [77] where the impossibility of distinguishing the correlation between the ideal-random and pseudo-random sequences in the absence of unlimited computational capacity. While in some cases the clients may be unable to access the OTP codes offline or without a network (for example in an airplane during international journeys) [78].…”
Section: B In the Second Mfa Approach (Non-based Biometrics)mentioning
confidence: 99%
“…The main challenge of non-based biometrics is explained in [77] where the impossibility of distinguishing the correlation between the ideal-random and pseudo-random sequences in the absence of unlimited computational capacity. While in some cases the clients may be unable to access the OTP codes offline or without a network (for example in an airplane during international journeys) [78].…”
Section: B In the Second Mfa Approach (Non-based Biometrics)mentioning
confidence: 99%
“…Figure 2 shows the extraction algorithms by type. It illustrates the operation of static, dynamic, and improved dynamic extraction algorithms in order, showing slight differences in their operations [1].…”
Section: Extraction Algorithmmentioning
confidence: 99%
“…This paper is a follow-up to a previous publication entitled "Analysis of Vulnerabilities That Can Occur When Generating One-Time Password" [1]; it includes multiple experimental data on vulnerability points that can occur in OTP systems. While the previous paper hypothesized and conducted experiments to derive OTP security, this follow-up paper establishes an oracle attack model and derives theoretical security from a cryptographic perspective, which is the biggest difference.…”
Section: Introductionmentioning
confidence: 99%
“…SIM Swap attack is one more attack against SMS-based OTP, a social engineering attack in which SIM card replacement for victims’ mobile numbers is acquired. The SIM card is then linked to the mobile number of victims; thus all OTP SMS is then received by the attacker while initiating online transactions (Paper et al , 2013; Yoo, Kang and Kim, 2015; Gilsenan, 2018; Suker, 2019; Kim et al , 2020). As users travel outside of the coverage area for SMS-based two-factor authentication, they face the inconvenience they face accessing incoming SMS containing OTP (Mehraj et al , 2015).…”
Section: Open Issues and Challengesmentioning
confidence: 99%
“…SIM Swap attack is one more attack against SMS-based OTP, a social engineering attack in which SIM card replacement for victims’ mobile numbers is acquired. The SIM card is then linked to the mobile number of victims; thus all OTP SMS is then received by the attacker while initiating online transactions (Paper et al , 2013; Yoo, Kang and Kim, 2015; Gilsenan, 2018; Suker, 2019; Kim et al , 2020).…”
Section: Open Issues and Challengesmentioning
confidence: 99%