Abstract
One-time password algorithms are widely used in digital services to improve security. However, many such solutions use a constant secret key to encrypt (process) one-time plaintexts. A paradigm shift from constant to one-time keys could introduce tangible benefits to the application security field. This paper analyzes a one-time password concept for the Rivest–Shamir–Adleman algorithm, in which each key element is hidden, and the value of the modulus is changed after each encryption attempt. The difference between successive moduli is exchanged between communication sides via an unsecure channel. Analysis shows that such an approach is not secure. Moreover, determining the one-time password element (Rivest–Shamir–Adleman modulus) can be straightforward. A countermeasure for the analyzed algorithm is proposed.
Highlights
Cryptography is the basis of modern secure communication
Used algorithms are often combined with an authentication process such as one-time password (OTP) to enhance communication security
The novel contributions of this paper are a small prime divisors attack against the RSA-OTP algorithm [8] and a countermeasure using XOR operation
Summary
Cryptography is the basis of modern secure communication. Cryptographic algorithms are very important for the security of data or information [1]. The algorithms are effectively one-way and so cannot be used directly to encrypt data This problem is not shared by AES-based OTP authentication algorithms (AES-OTP) [7]. Jabłonski and Wójtowicz [8] propose a novel use of the Rivest–Shamir–Adleman (RSA) [9] algorithm in the context of OTP (RSA-OTP): following each sign or encryption operation, the RSA modulus ni is replaced by a newly generated value ni+1 This approach ensures the secrecy of the initial key elements and their secure exchange between two communicating parties. This OTP-based approach no longer uses a public key, an important RSA attribute, it allows using shorter keys. The novel contributions of this paper are a small prime divisors attack against the RSA-OTP algorithm [8] and a countermeasure using XOR operation
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.