One-time-password-authenticated key exchange
Paterson, Kenneth G. & Stebila, Douglas (2010) One-time-password-authenticated key exchange. In Steinfeld, Ron & Hawkes, Philip (Eds.) Information Security and Privacy : Proceedings of the 15th Australasian Conference, ACISP 2010, Springer, Macquarie Graduate School of Management, Sydney.
![[img]](http://eprints.qut.edu.au/style/images/fileicons/application_pdf.png) | Full version (PDF 341Kb) Supplemental Material. |
| Camera Ready Version (PDF 355Kb) Accepted Version. |
Abstract
To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. ----------
We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.
Citations:
Citation countsare sourced monthly from Scopus and Web of Science citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads:
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
| ID Code: | 31900 |
|---|---|
| Item Type: | Conference Paper |
| Additional Information: | Springer Series: Lecture Notes in Computer Science |
| Additional URLs: | |
| Keywords: | one-time passwords, key exchange, protocols, cryptography |
| ISBN: | 9783642140808 |
| Subjects: | Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402) Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303) |
| Divisions: | Past > Institutes > Information Security Institute |
| Copyright Owner: | Copyright 2010 Springer |
| Copyright Statement: | This is the author-version of the work. Conference proceedings published, by Springer Verlag, will be available via Lecture Notes in Computer Science http://www.springer.de/comp/lncs/ |
| Deposited On: | 22 Apr 2010 08:06 |
| Last Modified: | 01 Mar 2012 00:18 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page