An Efficient and Transparent One-Time Authentication Protocol with Non-interactive Key Scheduling and Update

Abstract

Authentication protocols prevent resources to be accessed by unauthorized users. Password authentication is one of the simplest and most convenient authentication mechanism over insecure networks and, in particular, the one-time authentication mechanism, in which the password is valid only for one login session or transaction are a good compromise between simplicity of use and security. Nowadays many of such protocols have been proposed to implement that type of authentication. However, most of them have several drawbacks because they are characterized by considerable overhead in the Key Setup, Key Scheduling and Key Update phases. In addition, they are often vulnerable to several known attacks and are not particularly suitable to be used by mobile terminals. Furthermore, they often rely on smart-card and other hardware tokens, thus requiring an active participation by the user. In this paper, we present a robust one-time authentication protocol, based on two cryptographically strong building blocks, namely, the Authenticated Key Exchange key exchange and the keyed Hash Message Authentication Code (HMAC), that provides several advantages with respect to most of the available solutions at the state of the art. First, it enables transparent mutual authentication between two endpoints. Moreover, Key Setup, Key Scheduling and Key Update operations are accomplished independently by both endpoints, without requiring any interaction among them, thus ensuring the fully independence by any Trusted Third Party. Finally, the proposed protocol is cryptographically secure, under standard assumptions against most of the already known OTP attacks.