Title :
OTP-Based Two-Factor Authentication Using Mobile Phones
Author :
Eldefrawy, Mohamed Hamdy ; Alghathbar, Khaled ; Khan, Muhammad Khurram
Author_Institution :
Center of Excellence in Inf. Assurance (CoEIA), King Saud Univ., Riyadh, Saudi Arabia
Abstract :
Two-factor authentication (2FA) provides improved protection, since users are prompted to provide something they know and something they have. This method delivers a higher-level of authentication assurance, which is essential for online banking security. Many banking systems have satisfied the2FA requirements by sending a One Time Password (OTP), something possessed, through an SMS to the user´s phone device. Unfortunately, international roaming and SMS costs and delays put restrictions on this system reliability. This paper presents a novel two-factor authentication scheme whereby a user´s device produces multiples OTPs from an initial seed using the proposed production scheme. The initial seed is produced by the communications partners´ unique parameters. Applying the many from one function to a certain seed removes the requirement of sending SMS-based OTPs to users, and reduces the restrictions caused by the SMS system.
Keywords :
banking; message authentication; mobile handsets; OTP-based two-factor authentication assurance; SMS-based OTP; mobile phones; one time password; online banking security; Authentication; Mobile communication; Mobile handsets; Production; Servers; Synchronization; nested hashing chain; one time password; online banking authentication; twofactor authentication;
Conference_Titel :
Information Technology: New Generations (ITNG), 2011 Eighth International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-61284-427-5
Electronic_ISBN :
978-0-7695-4367-3
DOI :
10.1109/ITNG.2011.64
