Independent One-Time Passwords
Aviel D. Rubin
rubin@bellcore.com
Bellcore
445 South St.
Morristown, NJ 07960
Abstract
Existing one-time password (OTP) schemes suffer several
drawbacks. Token-based systems are expensive, while software-based
schemes rely on one-time passwords that are dependent on each other.
There are disadvantages to authentication schemes that rely on
dependent OTP's. It is difficult to replicate the authentication
server without lowering security. Also, current authentication schemes
based on dependent OTP's only authenticate the initial connection; the
remainder of the session is assumed to be authenticated. Experience
shows that connections can be hijacked.
A new scheme for generating one-time passwords that are independent is
presented.
The independence property enables easy replication of the
authentication server, and authentication that is persistent for the
lifetime of a connection. This mechanism is also ideally suited for
smart card applications. Our implementation and several applications
are discussed.
Download the full text of this paper in
ASCII (27,569 bytes),
POSTSCRIPT (207,265 bytes),
and PDF (221,623 bytes) form.
To Become a USENIX Member, please see our
Membership Information.