J4

• Original Articles • Previous Articles     Next Articles

A one time password generation algorithm suitable for HOTP

LIU Jian-wei(1,2);LI Hui(2);MA Jian-feng(3)

  

  1. (1) School of Electronics and Information Engineering, BeiHang Univ., Beijing 100083, China
    (2) Ministry of Edu. Key Lab. of Computer Networks and Information Security, , Xidian Univ., Xi′an 710071, China
    (3) School of Computer Engineering, Xidian Univ., Xi′an 710071, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-08-20 Published:2006-08-20

PDF (PC)

1014

Like

Abstract: A one time password algorithm HTOPC is proposed based on HMAC SHA-1 and a dynamic truncating function. The algorithm has a fast computing speed and high security, and it is easy to implement by using Token or IC card hardware. Therefore, the algorithm is suitable for the HTOP authentication framework. Besides, three basic conditions are proposed for the token-based authentication protocol, and an authentication protocol based on counter synchronization is designed. At the server side, the protocol sets up a maximum trying number to prevent the brute-force attack, and a look-ahead parameter to realize counter resynchronization. Finally, the security of the protocol is analyzed. Results show that the protocol can resist normal attacks, such as brute-force attack and interception/replay attack effectively, and is highly secure.

Key words: one time password, hash function, authentication protocol

CLC Number: 

  • TP391.9

Copyright © 2018 Journal of Xidian University, All Rights Reserved.
Powered by Beijing Magtech Co. Ltd