Security Attack Safe Mobile and Cloud-based One-time Password Tokens Using Rubbing Encryption Algorithm |
| |
Authors: | Email author" target="_blank">Fred?ChengEmail author |
| |
Affiliation: | (1) International Technological University & FPC Consultancy, Los Altos Hills, CA 94022, USA |
| |
Abstract: | One-time Password (OTP) Token has become one of the main stream security products during the past few years. OTP Token can
automatically generate a random password. It is especially popular to be used with the Two-factor Authentication (2FA) system.
OTP Token has proliferated into many different form factors such as standalone token, PC, PDA, cellular phone and Cloud-based
token. But most of the implementation has their short comings with high token cost, not easy to carry and high supporting
or deployment cost. Certain implementations may also compromise the network security when the token is lost or stolen. Moreover,
most of the tokens can be broken-in by Man-in-the-Middle Seed-tracing and Shoulder-surfing security attacks. To overcome such
aforementioned issues, we propose a secure encryption algorithm – Rubbing Encryption Algorithm (REAL). We use REAL to implement
a Mobile-based and a Cloud-based OTP Token as design examples. Both of them are of high security level, lower total token
cost and can resist the aforementioned security attacks as well. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|