Improving the Security and Flexibility of One-Time Passwords by Signature Chains

Kemal Biçakci*, Nazife Baykal

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)

Abstract

While the classical attack of "monitor the network and intercept the password" can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentication since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposition improves the security because first, like other public-key authentication protocols, the server and the user do not share a secret, thereby eliminating attacks on the server side. Second, from any incorrectly revealed one-time password, unspent passwords cannot be calculated if a signature chain is preferred. Having an infinite length, the chain in our proposition is more flexible and facilitates using the protocol without the complexity of restarting. On the other hand, the disadvantage of signature chain is the longer verification time with respect to hash chain based approaches.

Original languageEnglish
Pages (from-to)223-236
Number of pages14
JournalTurkish Journal of Electrical Engineering and Computer Sciences
Volume11
Issue number3
Publication statusPublished - 2003
Externally publishedYes

Keywords

  • Authentication
  • Hash chain
  • Network security
  • One-time password
  • Public-key authentication protocol
  • Signature chain

Fingerprint

Dive into the research topics of 'Improving the Security and Flexibility of One-Time Passwords by Signature Chains'. Together they form a unique fingerprint.

Cite this