One-Time Password Authentication Techniques Survey
Subscribe/Renew Journal
Personal computer or system security relies upon basic objectives, keeping unauthorized persons from accessing resources and guaranteeing that approved persons can get to the resources they require. The most fundamental type of client authentication, especially on the Web, is the password authentication protocol. This strategy constrains you to use username/password to get into client accounts or a resource on a private system, these methods have some disadvantages; password depends on user memory, and most people use default password which is vulnerable to attacks. Hence, security is totally based on confidentiality; i.e. the quality of the password utilized and this doesn't give a solid identity check. To overcome these problems, multi-factor authentication is used. A Method called OTP (One-Time password) is used for different authentication purposes and it works only for one login session on any computing device. The first system introduced to apply one-time password was the S/KEY system which was developed to authenticate the user to the UNIX-like operating system, in which users don't have to type a long password and at the same time accessing the system doesn't depend on a single username and password combination. Many systems have evolved to the S/KEY system as a development to the idea of One-time password technique, like HMAC-Based One-Time Password Algorithm (HOTP), Time-Based One-Time Password Algorithm (TOTP), OATH Challenge-Response Algorithm (OCRA) and Short Message Service (SMS) OTP. In this paper, we conducted a survey of these one-time password techniques and how OTP tokens are generated in each one.
This paper is divided into six sections; the first one is the introduction which presents simple password attack methodologies in the field of user authentication techniques and how OTP fits into this category, and classification of available used methods; section two is a literature review of OTP methods and algorithms; in section three, we list the possible OTP attacks that can face OTP methods on the internet; section four presents the history of OTP methods by priority of appearance in technology and usage; finally we end up the paper with the conclusion in section five, while section six contains the references of the articles used in this paper.
Keywords
Abstract Views: 304
PDF Views: 2