Security Attack Safe Mobile and Cloud-based One-time Password Tokens Using Rubbing Encryption Algorithm

One-time Password (OTP) Token has become one of the main stream security products during the past few years. OTP Token can automatically generate a random password. It is especially popular to be used with the Two-factor Authentication (2FA) system. OTP Token has proliferated into many different form factors such as standalone token, PC, PDA, cellular phone and Cloud-based token. But most of the implementation has their short comings with high token cost, not easy to carry and high supporting or deployment cost. Certain implementations may also compromise the network security when the token is lost or stolen. Moreover, most of the tokens can be broken-in by Man-in-the-Middle Seed-tracing and Shoulder-surfing security attacks. To overcome such aforementioned issues, we propose a secure encryption algorithm – Rubbing Encryption Algorithm (REAL). We use REAL to implement a Mobile-based and a Cloud-based OTP Token as design examples. Both of them are of high security level, lower total token cost and can resist the aforementioned security attacks as well.