Abstract
Security will never go out of style. The most existing network applications authenticate users with an username/password system. Such systems using the reusable passwords are susceptible to attacks based on the theft of the password. To overcome the above susceptibility in the existing applications There exist an authentication mechanism known as Two factor Authentication (T-FA). Two factor authentication is a process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. It is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. With One-time password (OTP) a factor makes it more difficult to gain unauthorized access to restricted resources, like a computer account, bank account etc. In this paper, we propose a new approach in implementing the two factor authentication with one of the factor as one time password key generation using mobile phones.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Failure of Two-Factor Authentication (Bruce Schneier) (March 2005), http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
Haller, N.: The S/KEY One-Time Password System. In: Proceedings of the Symposium on Network and Distributed System Security (1994)
Rubin, A.D.: Independent One-Time Passwords. In: Proc. 5th UNIX Security Symposium. USENIX Association (June 1995)
Haller, N., Matz, C., Nesser, P., Straw, M.: A One-Time Password System. RFC 2289, IETF (1998)
Tittel, Chapple, M., Stewart, J.M. (eds.): CISSP: Certified Information Systems Security Professional, Sybex (2003)
Oppliger, R.: Security Technologies for the World Wide Web. Artech House (2000)
Lamport, L.: Password Authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading (2003)
Kim, H.-C., Lee, H.-W., Lee, K.-S., Jun, M.-S.: Networked Computing and Advanced Information Management. In: Fourth International Conference on NCM 2008, September 2-4, vol. 1, pp. 18–24 (2008)
White Papers on Simple and Secure Enterprise Single Sign-On, http://secude.com/htm/806/en/White_Paper_Section%3A_Single_Sign-On.htm
How to Improve Business Results by Reducing IT Help Desk Costs through Secure Single Sign-On, http://secude.com/htm/811/en/White_Paper%3A_Enterprise_SSO.htm
FreeAuthProject. The FreeAuth Project, http://www.freeauth.org/site (cited 2007 March)
Hallsteinsen, S.: Department of Telematics, Norwegian University of Science and.. Using the mobile phone as a security token for unified authentication., ieeexplore.ieee.org/
Whitman, M.E.: In defense of the realm: understanding the threats to information security. International Journal of Information Management 24(1), 43–57 (2004)
Lee, N.-Y., Chen, J.-C.: Improvement of One-Time Password Authentication Scheme Using Smart Cards. Oxford Journals E88-B(9), 3765–3767
Archer Harris, J.: OPA: A One-Time Password System. In: International Conference on Parallel Processing Workshops (ICPPW 2002), p. 25 (2002)
Zhu, D.: Security control in inter-bank fund transfer. Journal of Electronic Commerce Research 3(1) (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Almazyad, A.S., Ahmad, Y. (2009). A New Approach in T-FA Authentication with OTP Using Mobile Phone. In: Ślęzak, D., Kim, Th., Fang, WC., Arnett, K.P. (eds) Security Technology. SecTech 2009. Communications in Computer and Information Science, vol 58. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10847-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-10847-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10846-4
Online ISBN: 978-3-642-10847-1
eBook Packages: Computer ScienceComputer Science (R0)