OTPaaS—One Time Password as a Service

Erdem, Emir; Sandıkkaya, Mehmet Tahir

doi:10.1109/tifs.2018.2866025

Cited by 57 publications

(27 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Conventional password-based authentication is taken into account inadequate by users as many online services began to affect one another. Online credentials are wont to recover other credentials and sophisticated attacks are directed to the weakest one among many of those online credentials [1]. As researchers are trying to find new authentication techniques, just one occasion passwords, which may be a two-factor authentication scheme, seems like a natural enhancement over conventional username/password schemes.…”

Section: Related Work a Literature Surveymentioning

confidence: 99%

“…As researchers are trying to find new authentication techniques, just one occasion passwords, which may be a two-factor authentication scheme, seems like a natural enhancement over conventional username/password schemes. The manuscript places the OTP verifier to the cloud to ease adoption of its usage by cloud service providers [1]. When the OTP verifier is placed on the cloud as a service, other cloud service providers could outsource their OTP deployments also as cloud users could activate their respective account on the OTP provider on several cloud services [1].…”

Section: Related Work a Literature Surveymentioning

confidence: 99%

“…The manuscript places the OTP verifier to the cloud to ease adoption of its usage by cloud service providers [1]. When the OTP verifier is placed on the cloud as a service, other cloud service providers could outsource their OTP deployments also as cloud users could activate their respective account on the OTP provider on several cloud services [1]. This enables them to use several cloud services without the difficulty of managing several OTP accounts for every cloud service.…”

Section: Related Work a Literature Surveymentioning

confidence: 99%

“…On the opposite hand, OTP service provision saves inexperienced small to medium enterprises from spending extra costs for OTP provisioning hardware, software and employers. The paper outlines architecture to create a secure, privacy friendly and sound OTP provider within the cloud to outsource the second factor of authentication [1]. Cloud user registration to OTP provider, service provider activation and authentication phases are inspected.…”

Section: Related Work a Literature Surveymentioning

confidence: 99%

See 3 more Smart Citations

A Novel Bank Authentication for Secure Transaction

Baviskar¹

2020

IJRASET

View full text Add to dashboard Cite

Nowadays one-time passwords are used in a lot of areas of information technologies. A few vulnerabilities in authentication prоtоcоls based оn оne-time passwоrds are widely knоwn [1]. In current work, we analyze authentication prоtоcоls based оn оne-time passwоrds and their vulnerabilities with Security Access Code (SAC). Both simple and complicated prоtоcоls which are implementing cryptographic algorithms are reviewed. At the same time, we examine HОTP prоtоcоls, Random forest algorithm (RFA), MD5 algorithm, Blowfish algorithm, linear congruential generator (LCG) [2] which are actively used nowadays. Security is a major issue when using internet services. Double-factor authentication (2FA) is most used at this time to protect user's account. One example of double factor authentication is One Time Password (OTP) [1]. OTP is a password mechanism that is valid for only one login session. In this research. The main result оf the wоrk are cоnclusiоns about the security оf reviewed prоtоcоls based оn оne-time passwоrds.

show abstract

Section: Related Work a Literature Surveymentioning

confidence: 99%

Section: Related Work a Literature Surveymentioning

confidence: 99%

Section: Related Work a Literature Surveymentioning

confidence: 99%

Section: Related Work a Literature Surveymentioning

confidence: 99%

See 2 more Smart Citations

A Novel Bank Authentication for Secure Transaction

Baviskar¹

2020

IJRASET

View full text Add to dashboard Cite

show abstract

“…Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to the decoy-hole module [18,19]. In gMTD, the OTBS was designed inspired by the OTP mechanism [20,21] and refers to a bit sequence used to mutate the communication protocols between the user and the server system. The OTBS is generated separately for each user during user registration and is shared between the user and the server system.…”

Section: Introductionmentioning

confidence: 99%

Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems

et al. 2020

View full text Add to dashboard Cite

Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD (gMTD). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols.

show abstract