Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

One-Time Password Authentication Techniques Survey


Affiliations
1 Department of Media Science Multimedia, International Academy for Engineering, Egypt
2 Department of Computer Science, Cairo University, Egypt
3 Department of Mathematical Statistics, The Institute of Statistical Studies and Research, Cairo University, Egypt
     

   Subscribe/Renew Journal


Personal computer or system security relies upon basic objectives, keeping unauthorized persons from accessing resources and guaranteeing that approved persons can get to the resources they require. The most fundamental type of client authentication, especially on the Web, is the password authentication protocol. This strategy constrains you to use username/password to get into client accounts or a resource on a private system, these methods have some disadvantages; password depends on user memory, and most people use default password which is vulnerable to attacks. Hence, security is totally based on confidentiality; i.e. the quality of the password utilized and this doesn't give a solid identity check. To overcome these problems, multi-factor authentication is used. A Method called OTP (One-Time password) is used for different authentication purposes and it works only for one login session on any computing device. The first system introduced to apply one-time password was the S/KEY system which was developed to authenticate the user to the UNIX-like operating system, in which users don't have to type a long password and at the same time accessing the system doesn't depend on a single username and password combination. Many systems have evolved to the S/KEY system as a development to the idea of One-time password technique, like HMAC-Based One-Time Password Algorithm (HOTP), Time-Based One-Time Password Algorithm (TOTP), OATH Challenge-Response Algorithm (OCRA) and Short Message Service (SMS) OTP. In this paper, we conducted a survey of these one-time password techniques and how OTP tokens are generated in each one.

This paper is divided into six sections; the first one is the introduction which presents simple password attack methodologies in the field of user authentication techniques and how OTP fits into this category, and classification of available used methods; section two is a literature review of OTP methods and algorithms; in section three, we list the possible OTP attacks that can face OTP methods on the internet; section four presents the history of OTP methods by priority of appearance in technology and usage; finally we end up the paper with the conclusion in section five, while section six contains the references of the articles used in this paper.


Keywords

HMAC-Based One-Time Password Algorithm (HOTP), Multi-Factor Authentication, Network Security, OATH Challenge-Response Algorithm (OCRA), One Time Password (OTP), S/KEY System, Short Message Service (SMS) OTP, Time-Based One-Time Password Algorithm (TOTP).
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 291

PDF Views: 2




  • One-Time Password Authentication Techniques Survey

Abstract Views: 291  |  PDF Views: 2

Authors

M. Ahmed Samy
Department of Media Science Multimedia, International Academy for Engineering, Egypt
B. Youssef
Department of Computer Science, Cairo University, Egypt
S. El Gamal
Department of Computer Science, Cairo University, Egypt
A. El Hadi Nabeeh
Department of Mathematical Statistics, The Institute of Statistical Studies and Research, Cairo University, Egypt

Abstract


Personal computer or system security relies upon basic objectives, keeping unauthorized persons from accessing resources and guaranteeing that approved persons can get to the resources they require. The most fundamental type of client authentication, especially on the Web, is the password authentication protocol. This strategy constrains you to use username/password to get into client accounts or a resource on a private system, these methods have some disadvantages; password depends on user memory, and most people use default password which is vulnerable to attacks. Hence, security is totally based on confidentiality; i.e. the quality of the password utilized and this doesn't give a solid identity check. To overcome these problems, multi-factor authentication is used. A Method called OTP (One-Time password) is used for different authentication purposes and it works only for one login session on any computing device. The first system introduced to apply one-time password was the S/KEY system which was developed to authenticate the user to the UNIX-like operating system, in which users don't have to type a long password and at the same time accessing the system doesn't depend on a single username and password combination. Many systems have evolved to the S/KEY system as a development to the idea of One-time password technique, like HMAC-Based One-Time Password Algorithm (HOTP), Time-Based One-Time Password Algorithm (TOTP), OATH Challenge-Response Algorithm (OCRA) and Short Message Service (SMS) OTP. In this paper, we conducted a survey of these one-time password techniques and how OTP tokens are generated in each one.

This paper is divided into six sections; the first one is the introduction which presents simple password attack methodologies in the field of user authentication techniques and how OTP fits into this category, and classification of available used methods; section two is a literature review of OTP methods and algorithms; in section three, we list the possible OTP attacks that can face OTP methods on the internet; section four presents the history of OTP methods by priority of appearance in technology and usage; finally we end up the paper with the conclusion in section five, while section six contains the references of the articles used in this paper.


Keywords


HMAC-Based One-Time Password Algorithm (HOTP), Multi-Factor Authentication, Network Security, OATH Challenge-Response Algorithm (OCRA), One Time Password (OTP), S/KEY System, Short Message Service (SMS) OTP, Time-Based One-Time Password Algorithm (TOTP).