The research on robustness and practicability of the one–time password authentication
碩士 === 樹德科技大學 === 資訊工程學系 === 96 === One-Time Password (OTP), which is a disposable password, is a technique of user authentication. In each login, the user must use different password to enter the system. Due to the dissimilar password, OTP technique possesses the benefit of preventing the system fr...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2008
|
Online Access: | http://ndltd.ncl.edu.tw/handle/31044438020510739315 |
id |
ndltd-TW-096STU00392023 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-096STU003920232015-11-30T04:02:54Z http://ndltd.ncl.edu.tw/handle/31044438020510739315 The research on robustness and practicability of the one–time password authentication 一次性通行碼認證機制之強健性與實用性研究 Ming-Her Cheng 鄭明和 碩士 樹德科技大學 資訊工程學系 96 One-Time Password (OTP), which is a disposable password, is a technique of user authentication. In each login, the user must use different password to enter the system. Due to the dissimilar password, OTP technique possesses the benefit of preventing the system from replaying attacks in the process of authentication transmission. Because the password for verifying is different in each authentication session, the user and the server must have an agreed mechanism to compute the variable password for authenticating each other. Moreover, the user and the server require storing some information so-called verifier to support the authentication process. To verify identity between the user and the server, the authentication protocol must be robust to against any attack method from attackers. In the present attack techniques, the most difficult to solve is the server side theft attack. When server’s secret key was stolen, the attacker can use those stolen information to impersonal the user and login the server, even obtain the improper benefit. This thesis proposes an OTP mutual authentication protocol by using reverse hash-chain against theft attack. We also use pre-computation technique to reduce the overhead of computing hash-chain. Recently, the Internet provides the user a convenient transaction way. For security, the network banks use the SSL protocol to protect user’s account number and password for authentication. Several banks even use specific off-line password generator (Off-Line Token) to against key loggers and Trojan horses attack. But those methods can not effectively prevent network phishing attacks. This thesis proposes a challenge-response OTP authentication protocol, which guarantees the password stolen by the phisher is invalid, and hence indirectly prevents phishing attacks. The proposed protocol also uses a popular mobile device (for example, cell phone, PDA etc.) to replace traditional Off-Line Token. Such replacement not only reduces the cost of the token cost, but also increases the practicability. This proposed protocol is very practical and can be used for the login system of network banks and on-line games. Chun-Li Lin 林峻立 2008 學位論文 ; thesis 44 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 樹德科技大學 === 資訊工程學系 === 96 === One-Time Password (OTP), which is a disposable password, is a technique of user authentication. In each login, the user must use different password to enter the system. Due to the dissimilar password, OTP technique possesses the benefit of preventing the system from replaying attacks in the process of authentication transmission. Because the password for verifying is different in each authentication session, the user and the server must have an agreed mechanism to compute the variable password for authenticating each other. Moreover, the user and the server require storing some information so-called verifier to support the authentication process.
To verify identity between the user and the server, the authentication protocol must be robust to against any attack method from attackers. In the present attack techniques, the most difficult to solve is the server side theft attack. When server’s secret key was stolen, the attacker can use those stolen information to impersonal the user and login the server, even obtain the improper benefit. This thesis proposes an OTP mutual authentication protocol by using reverse hash-chain against theft attack. We also use pre-computation technique to reduce the overhead of computing hash-chain.
Recently, the Internet provides the user a convenient transaction way. For security, the network banks use the SSL protocol to protect user’s account number and password for authentication. Several banks even use specific off-line password generator (Off-Line Token) to against key loggers and Trojan horses attack. But those methods can not effectively prevent network phishing attacks.
This thesis proposes a challenge-response OTP authentication protocol, which guarantees the password stolen by the phisher is invalid, and hence indirectly prevents phishing attacks. The proposed protocol also uses a popular mobile device (for example, cell phone, PDA etc.) to replace traditional Off-Line Token. Such replacement not only reduces the cost of the token cost, but also increases the practicability. This proposed protocol is very practical and can be used for the login system of network banks and on-line games.
|
author2 |
Chun-Li Lin |
author_facet |
Chun-Li Lin Ming-Her Cheng 鄭明和 |
author |
Ming-Her Cheng 鄭明和 |
spellingShingle |
Ming-Her Cheng 鄭明和 The research on robustness and practicability of the one–time password authentication |
author_sort |
Ming-Her Cheng |
title |
The research on robustness and practicability of the one–time password authentication |
title_short |
The research on robustness and practicability of the one–time password authentication |
title_full |
The research on robustness and practicability of the one–time password authentication |
title_fullStr |
The research on robustness and practicability of the one–time password authentication |
title_full_unstemmed |
The research on robustness and practicability of the one–time password authentication |
title_sort |
research on robustness and practicability of the one–time password authentication |
publishDate |
2008 |
url |
http://ndltd.ncl.edu.tw/handle/31044438020510739315 |
work_keys_str_mv |
AT minghercheng theresearchonrobustnessandpracticabilityoftheonetimepasswordauthentication AT zhèngmínghé theresearchonrobustnessandpracticabilityoftheonetimepasswordauthentication AT minghercheng yīcìxìngtōngxíngmǎrènzhèngjīzhìzhīqiángjiànxìngyǔshíyòngxìngyánjiū AT zhèngmínghé yīcìxìngtōngxíngmǎrènzhèngjīzhìzhīqiángjiànxìngyǔshíyòngxìngyánjiū AT minghercheng researchonrobustnessandpracticabilityoftheonetimepasswordauthentication AT zhèngmínghé researchonrobustnessandpracticabilityoftheonetimepasswordauthentication |
_version_ |
1718140104916074496 |