Improved look-ahead re-synchronization window for HMAC-based one-time password

Beikverdi, Alireza; Tan, Ian K. T.

doi:10.1049/cp.2012.2111

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The counter is incremented separately than by both parties. As HOTP does not have the time-based constraint, it is somewhat easier to use yet might be more susceptible to brute force attacks that is because of the long window in which HOTP is valid (Beikverdi and Tan, 2012; Mathews and Panchami, 2017; HMAC-based One-Time Password-Wikipedia, 2020).…”

Section: Background and Related Workmentioning

confidence: 99%

A novel OTP based tripartite authentication scheme

Lone

Mir

2021

IJPCC

View full text Add to dashboard Cite

Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

show abstract

Section: Background and Related Workmentioning

confidence: 99%