A New Approach in T-FA Authentication with OTP Using Mobile Phone

Almazyad, Abdulaziz S.; Ahmad, Yasir

doi:10.1007/978-3-642-10847-1_2

A New Approach in T-FA Authentication with OTP Using Mobile Phone

Abdulaziz S. Almazyad⁵ &
Yasir Ahmad⁵

Conference paper

825 Accesses
1 Citations

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 58))

Abstract

Security will never go out of style. The most existing network applications authenticate users with an username/password system. Such systems using the reusable passwords are susceptible to attacks based on the theft of the password. To overcome the above susceptibility in the existing applications There exist an authentication mechanism known as Two factor Authentication (T-FA). Two factor authentication is a process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. It is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. With One-time password (OTP) a factor makes it more difficult to gain unauthorized access to restricted resources, like a computer account, bank account etc. In this paper, we propose a new approach in implementing the two factor authentication with one of the factor as one time password key generation using mobile phones.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

The Failure of Two-Factor Authentication (Bruce Schneier) (March 2005), http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
Haller, N.: The S/KEY One-Time Password System. In: Proceedings of the Symposium on Network and Distributed System Security (1994)
Google Scholar
Rubin, A.D.: Independent One-Time Passwords. In: Proc. 5th UNIX Security Symposium. USENIX Association (June 1995)
Google Scholar
Haller, N., Matz, C., Nesser, P., Straw, M.: A One-Time Password System. RFC 2289, IETF (1998)
Google Scholar
Tittel, Chapple, M., Stewart, J.M. (eds.): CISSP: Certified Information Systems Security Professional, Sybex (2003)
Google Scholar
Oppliger, R.: Security Technologies for the World Wide Web. Artech House (2000)
Google Scholar
Lamport, L.: Password Authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Article MathSciNet Google Scholar
Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading (2003)
Google Scholar
http://www.cryptocard.com/
http://www.securid.com
Kim, H.-C., Lee, H.-W., Lee, K.-S., Jun, M.-S.: Networked Computing and Advanced Information Management. In: Fourth International Conference on NCM 2008, September 2-4, vol. 1, pp. 18–24 (2008)
Google Scholar
White Papers on Simple and Secure Enterprise Single Sign-On, http://secude.com/htm/806/en/White_Paper_Section%3A_Single_Sign-On.htm
How to Improve Business Results by Reducing IT Help Desk Costs through Secure Single Sign-On, http://secude.com/htm/811/en/White_Paper%3A_Enterprise_SSO.htm
FreeAuthProject. The FreeAuth Project, http://www.freeauth.org/site (cited 2007 March)
Hallsteinsen, S.: Department of Telematics, Norwegian University of Science and.. Using the mobile phone as a security token for unified authentication., ieeexplore.ieee.org/
Whitman, M.E.: In defense of the realm: understanding the threats to information security. International Journal of Information Management 24(1), 43–57 (2004)
Article Google Scholar
Lee, N.-Y., Chen, J.-C.: Improvement of One-Time Password Authentication Scheme Using Smart Cards. Oxford Journals E88-B(9), 3765–3767
Google Scholar
Archer Harris, J.: OPA: A One-Time Password System. In: International Conference on Parallel Processing Workshops (ICPPW 2002), p. 25 (2002)
Google Scholar
Zhu, D.: Security control in inter-bank fund transfer. Journal of Electronic Commerce Research 3(1) (2002)
Google Scholar

Download references

Author information

Authors and Affiliations

Center of Excellence in Information Assurance College of Computer Engineering and Sciences, King Saud University, KSA
Abdulaziz S. Almazyad & Yasir Ahmad

Authors

Abdulaziz S. Almazyad
View author publications
You can also search for this author in PubMed Google Scholar
Yasir Ahmad
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of Warsaw & Infobright Inc.,, Poland
Dominik Ślęzak
Hannam University, 306-791, Daejeon, South Korea
Tai-hoon Kim
National Chiao Tung University, Hsinchu, Taiwan
Wai-Chi Fang
Mississippi State University, Mississippi State MS, USA
Kirk P. Arnett

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Almazyad, A.S., Ahmad, Y. (2009). A New Approach in T-FA Authentication with OTP Using Mobile Phone. In: Ślęzak, D., Kim, Th., Fang, WC., Arnett, K.P. (eds) Security Technology. SecTech 2009. Communications in Computer and Information Science, vol 58. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10847-1_2

Download citation

DOI: https://doi.org/10.1007/978-3-642-10847-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10846-4
Online ISBN: 978-3-642-10847-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics