article

A secure one-time password authentication scheme with low-computation for mobile communications

Authors:

Min-Hui Lin,

Chin-Chen ChangAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 38, Issue 2

Pages 76 - 84

https://doi.org/10.1145/991130.991138

Published: 01 April 2004 Publication History

Get Access

Abstract

In recent years, m-commerce technology has been maturing. Various mobile devices are now designed to help users reach the servers of service providers and to process tasks such as stock trading, product purchasing, product information collecting, and so on. Once the services are only available to the members, authentication is applied to verify the identities of users. However, most current authentication methods used in m-commerce are designed for wired networks and require high computation costs, making them unsuitable for wireless environments.A one-time password authentication scheme that uses lighter computation and considers the limitations of mobile devices is proposed in this paper. Meanwhile, the proposed scheme is free from replay attacks, server spoofing attacks, off-line dictionary attacks, active attacks, and revelation of message contents.

References

[1]

C. J. Mitchell and L. Chen, "Comments on the S/KEY User Authentication Scheme, ACM Operating Systems Review," Vol. 30, No. 4, 1996, pp. 12--16.]]

Digital Library

Google Scholar

[2]

N. M. Haller, "On Internet Authentication," RFC 1704, October 1994.]]

Digital Library

Google Scholar

[3]

N. M. Haller, "The S/KEY One-Time Password System," RFC 1760, February 1995.]]

Digital Library

Google Scholar

[4]

N. M. Haller, "A One-Time Password System," RFC 1938, May 1996.]]

Digital Library

Google Scholar

[5]

P. Mackenzie and R. Swaminthan, "Secure Network Authentication with Password Identification," presented to the IEEE P1363 working group, 1999.]]

Google Scholar

[6]

S. M. Yen and K. H. Liao, "Shared Authentication Token Secure against Replay and Weak Key Attacks," Information Processing Letters, Vol. 62, No. 2, April 1997, pp. 77--80.]]

Digital Library

Google Scholar

[7]

Ronald L. Rivest and Adi Shamir, "PayWord and MicroMint: Two Simple Micropayment Schemes," CryptoBytes, Vol. 2, No. 1, Spring 1996, pp. 7--11.]]

Google Scholar

[8]

T. Wu, "The Secure Remote Password Protocol," in Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA, March 1998, pp. 97--111.]]

Google Scholar

[9]

T. C. Yeh, H. Y. Shen, J. J. Hwang, "A Secure One-Time Password Authentication Scheme Using Smart Cards," IEICE Transactions on Communications, Vol. E85, No. 11, 2002, pp. 2515--2518.]]

Google Scholar

Cited By

View all

De Santis AFerrara AFlores MMasucci B(2024)Provably-Secure One-Message Unilateral Entity Authentication SchemesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.328847321:4(1665-1679)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3288473
Kim HPark JLee JRyou J(2015)Biometric Authentication Technology Trends in Smart Device EnvironmentMobile and Wireless Technology 201510.1007/978-3-662-47669-7_23(199-206)Online publication date: 2015
https://doi.org/10.1007/978-3-662-47669-7_23
Castiglione ASantis ACastiglione APalmieri F(2014)An Efficient and Transparent One-Time Authentication Protocol with Non-interactive Key Scheduling and UpdateProceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications10.1109/AINA.2014.45(351-358)Online publication date: 13-May-2014
https://dl.acm.org/doi/10.1109/AINA.2014.45
Show More Cited By

Recommendations

Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems

In 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Cryptanalysis and the improvement of Kim et al.'s password authentication schemes
ICISS'07: Proceedings of the 3rd international conference on Information systems security

In 1999, Yang and Shieh proposed two authentication schemes with smart cards, one is timestamp-based password authentication scheme and other is nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out that Yang and Shieh's ...
An Identity-Based One-Time Password Scheme with Anonymous Authentication
NSWCTC '09: Proceedings of the 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 02

Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. One-time password authentication which uses dynamic password helps to enhance the security of password. In this paper, we suggest a ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 38, Issue 2

April 2004

92 pages

ISSN:0163-5980

DOI:10.1145/991130

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2004

Published in SIGOPS Volume 38, Issue 2

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
880
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

De Santis AFerrara AFlores MMasucci B(2024)Provably-Secure One-Message Unilateral Entity Authentication SchemesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.328847321:4(1665-1679)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3288473
Kim HPark JLee JRyou J(2015)Biometric Authentication Technology Trends in Smart Device EnvironmentMobile and Wireless Technology 201510.1007/978-3-662-47669-7_23(199-206)Online publication date: 2015
https://doi.org/10.1007/978-3-662-47669-7_23
Castiglione ASantis ACastiglione APalmieri F(2014)An Efficient and Transparent One-Time Authentication Protocol with Non-interactive Key Scheduling and UpdateProceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications10.1109/AINA.2014.45(351-358)Online publication date: 13-May-2014
https://dl.acm.org/doi/10.1109/AINA.2014.45
Lee YKim H(2013)Insider Attack-Resistant OTP (One-Time Password) Based on Bilinear MapsInternational Journal of Computer and Communication Engineering10.7763/IJCCE.2013.V2.193(304-308)Online publication date: 2013
https://doi.org/10.7763/IJCCE.2013.V2.193
Jang WCho SLee H(2011)User-Oriented Pseudo Biometric Image Based One-Time Password Mechanism on Smart PhoneAdvanced Communication and Networking10.1007/978-3-642-23312-8_7(49-58)Online publication date: 2011
https://doi.org/10.1007/978-3-642-23312-8_7
Jang WCho SLee H(2011)User-Oriented Pseudo Biometric Image Based One-Time Password Mechanism on Smart PhoneInformation Security and Assurance10.1007/978-3-642-23141-4_42(395-404)Online publication date: 2011
https://doi.org/10.1007/978-3-642-23141-4_42
Yang SChoi H(2010)Vulnerability analysis and the practical implications of a server‐challenge‐based one‐time password systemInformation Management & Computer Security10.1108/0968522101104833718:2(86-100)Online publication date: 8-Jun-2010
https://doi.org/10.1108/09685221011048337
Buccafurri FLax G(2010)A Lightweight Authentication Protocol for Web Applications in Mobile EnvironmentsEmergent Web Intelligence: Advanced Information Retrieval10.1007/978-1-84996-074-8_14(371-391)Online publication date: 17-Feb-2010
https://doi.org/10.1007/978-1-84996-074-8_14
Lee SSivalingam K(2009)An efficient One-Time Password authentication scheme using a smart cardInternational Journal of Security and Networks10.1504/IJSN.2009.0273404:3(145-152)Online publication date: 1-Jul-2009
https://dl.acm.org/doi/10.1504/IJSN.2009.027340
Aoyagi MAbe TTakahashi KBertino ETakahashi K(2008)Symmetric identity federation for fixed-mobile convergenceProceedings of the 4th ACM workshop on Digital identity management10.1145/1456424.1456431(33-40)Online publication date: 31-Oct-2008
https://dl.acm.org/doi/10.1145/1456424.1456431
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Recommendations

Secure remote user authentication scheme using bilinear pairings

Cryptanalysis and the improvement of Kim et al.'s password authentication schemes

An Identity-Based One-Time Password Scheme with Anonymous Authentication

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations