Skip to Main Content
One-time password mechanism solves password problems like password conjecture and wiretapping that can occur by using the same password several times repeatedly. However, such one-time password mechanism also is exposed to various attacks, and is vulnerable in matters of confidentiality and security protection, the most important elements of security depending on mechanism. This paper solves user disguise problem by authenticating users with the use of public key infrastructure, and guarantees integrity by generating password by applying session identifier L and random value R to hash function in every applicable session. Additionally, to enhance security while transferring the generated password, the mechanism digital signature the password with user's private key, encode it again with service provider's public key, and guarantee denial prevention by requesting the server authentication while being able to verify the identity of user. Therefore in this paper proposes one-time password mechanism that has enhanced security using public key infrastructure to prevent integrity problem due to birthday attack and hash collision problem occurring from hash function. Comparison and analysis of existing one-time password mechanism will tell of the excellence of this paper.
Date of Conference: 2-4 Sept. 2008