Home // INTERNET 2013, The Fifth International Conference on Evolving Internet // View article

Advanced OTP Authentication Protocol using PUFs

Authors:
Jonghoon Lee
Jungsoo Park
Seungwook Jung
Souhwan Jung

Keywords: OTP; authentication; PUF; HMAC

Abstract:
The One-Time Password (OTP) is an ephemeral password that can be used as a multi-factor authentication method when secure authentication is needed. This OTP is used to counter not only Man-in-the-Browser (MITB) attacks, but also memory hacking attacks. Alternatively, the financial systems use time synchronous OTP using Hash Message Authentication Code (HMAC)-based protocol to support secure authentication. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing attacks. Therefore, it needs another scheme to prevent from generating the same OTPs. This paper proposes a new scheme using Physical Unclonable Functions (PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the physically unclonable features of PUFs. Moreover, sensitive information encrypted by hash and encryption function is exchanged through communication channel. Hence, the proposed protocol provides stronger OTP and robust authentication protocol by adding PUFs in the OTP generator.

Pages: 48 to 51

Copyright: Copyright (c) IARIA, 2013

Publication date: July 21, 2013

Published in: conference

ISSN: 2308-443X

ISBN: 978-1-61208-285-1

Location: Nice, France

Dates: from July 21, 2013 to July 26, 2013