Title: Improvement on OTP authentication and a possession-based authentication framework
Authors: Shushan Zhao; Wenhui Hu
Addresses: Division of Management and Education, University of Pittsburgh at Bradford, 300 Campus Dr., Bradford, PA 16701, USA ' Oracle Corporation, 1501 Fourth Avenue, Suite 1800, Seattle, WA 98101, USA
Abstract: Authentication plays a paramount role in online services. Today many online services are still using password as single authentication method, but this is not considered secure any more. There have been many attempts to introduce multifactor authentication mechanism, for example, counter-based one-time password, and time-based one-time password. In this paper, we first list some limitations and weaknesses of the existing multifactor authentication methods, then propose an improvement to one-time password algorithms, and finally apply it in a general-purpose possession-based authentication framework. The framework can be implemented in popularly used smartphones but does not rely on cellular network or wifi network. The purpose of the framework is for current password-authenticated online services to adopt multifactor authentication easily.
Keywords: mutifactor authentication; one time password; OTP.
DOI: 10.1504/IJMIS.2018.096406
International Journal of Multimedia Intelligence and Security, 2018 Vol.3 No.2, pp.187 - 203
Received: 30 May 2018
Accepted: 24 Sep 2018
Published online: 27 Nov 2018 *