DOI QR코드

DOI QR Code

Secure One-Time Password Authentication in Mobile Environments

모바일 환경에서 안전한 일회용 패스워드 인증

  • Kim, Dong-Ryool (Dept. of Mechatronics Engineering, Tongmyong University)
  • 김동률 (동명대학교 메카트로닉스공학과)
  • Received : 2013.12.01
  • Accepted : 2013.12.20
  • Published : 2013.12.28

Abstract

With the active Internet e-commerce and the financial sector, mutual authentication between users and service providers has become very important. Because ID- and password-based authentication is of low security, one-time password authentication methods are widely used. The existing one-time password authentication scheme of S/Key authentication method is fraught with a number of issues in addition to plain text transmission, and the method of Kim Gong-ki et al. does not offer suggestions for session key generation and distribution method. Proposed in this paper is a protocol that solves these problems.

인터넷을 이용한 전자상거래 및 금융 분야가 활성화되어 사용자와 서비스 제공자들 간의 상호 인증이 매우 중요해졌다. ID와 패스워드 기반의 인증은 보안성이 낮기 때문에 일회용 패스워드 인증방식이 많이 사용되고 있다. 기존의 일회용 패스워드 인증방식인 S/Key 인증방식은 평문 전송 외에 여러 문제점이 있고, 김홍기 등의 방식은 세션 키의 생성 및 분배 방법에 관한 제시가 없다는 문제점이 있다. 본 논문에서는 이러한 문제점을 해결하기 위한 프로토콜을 제안하였다.

Keywords

References

  1. Yeon-Ho, Ryu, Cross Authentication Model for Client-Server by used OTP Concept, The Korean Institute of Information Scientists and Engineers, Vol.30, No.2I, pp.652-654, 2003.
  2. S. D. Park, J. C. Na, Y. H. Kim, and D. K. Kim, Efficient OTP(One Time Password) Generation using AES-based MAC, Journal of Korea Multimedia Society, Vol.11, No.6, pp.845-851, 2008.
  3. Dong-hyun Choi, Seung-joo Kim, Dong-ho Won, One-Time Password Technique Analysis and Standardization Trends, Journal of Korea Institute of Information Security And Cryptology, Vol.17, No.3, pp.12-17, 2007.
  4. Hong Gi Kim, Im Yeong Lee, A Study on One-Time Password Authentication Scheme in Mobile Environment, Journal of Korea Multimedia Society, Vol.14, No.6, pp.785-793, 2011. https://doi.org/10.9717/kmms.2011.14.6.785
  5. Neil M. Haller, The S/KEY One-Time Password System, RFC 1760, 1995.
  6. N. M. Haller, C. Metz, P. Nesser, and M. Straw, A One-Time Password System, RFC 2289, 1998.
  7. J. Archer Harris, OPA : A One-Time Password System, 10.1109/ICPPW,2002,1039708, 2002.
  8. Soo-Yong Kang, Im-Yeong Lee, A Study on Secure and Efficient OTP Authentication Scheme using Improved S/Key Scheme, Journal of Korea Multimedia Society, pp.109-112, 2007.

Cited by

  1. Technology Trends, Research and Design of AIM Framework for Authentication Information Management vol.14, pp.7, 2016, https://doi.org/10.14400/JDC.2016.14.7.373