Abstract

One-time password algorithms are widely used in digital services to improve security. However, many such solutions use a constant secret key to encrypt (process) one-time plaintexts. A paradigm shift from constant to one-time keys could introduce tangible benefits to the application security field. This paper analyzes a one-time password concept for the Rivest–Shamir–Adleman algorithm, in which each key element is hidden, and the value of the modulus is changed after each encryption attempt. The difference between successive moduli is exchanged between communication sides via an unsecure channel. Analysis shows that such an approach is not secure. Moreover, determining the one-time password element (Rivest–Shamir–Adleman modulus) can be straightforward. A countermeasure for the analyzed algorithm is proposed.

Highlights

  • Cryptography is the basis of modern secure communication

  • Used algorithms are often combined with an authentication process such as one-time password (OTP) to enhance communication security

  • The novel contributions of this paper are a small prime divisors attack against the RSA-OTP algorithm [8] and a countermeasure using XOR operation

Read more

Summary

Introduction

Cryptography is the basis of modern secure communication. Cryptographic algorithms are very important for the security of data or information [1]. The algorithms are effectively one-way and so cannot be used directly to encrypt data This problem is not shared by AES-based OTP authentication algorithms (AES-OTP) [7]. Jabłonski and Wójtowicz [8] propose a novel use of the Rivest–Shamir–Adleman (RSA) [9] algorithm in the context of OTP (RSA-OTP): following each sign or encryption operation, the RSA modulus ni is replaced by a newly generated value ni+1 This approach ensures the secrecy of the initial key elements and their secure exchange between two communicating parties. This OTP-based approach no longer uses a public key, an important RSA attribute, it allows using shorter keys. The novel contributions of this paper are a small prime divisors attack against the RSA-OTP algorithm [8] and a countermeasure using XOR operation

The RSA Algorithm
The RSA-OTP Concept
Small Prime Divisors Attack
Countermeasures
Conclusions

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.