Time-based One-time Password Research Articles

Testing the limits of SPDM: Authentication of intermittently connected devices

The Security Protocol and Data Model (SPDM) is an open standard for authentication, attestation, and key exchange among hardware units, such as CPUs and peripheral components. In principle, SPDM was designed to operate over a somewhat stable communication channel, meaning that connection losses usually require the re-execution of the entire protocol. This puts into question SPDM’s suitability for battery-powered devices, which may keep only intermittent communications aiming to save energy. To address this question, we evaluate different authentication approaches that build upon and extend SPDM’s native key bootstrapping capabilities to handle intermittent authentication. In particular, we show that the combination of SPDM and a Time-based One-Time Password (TOTP) protocol is a promising solution for this scenario. We analyze the performance of the proposed authentication schemes using a proof-of-concept virtual device. The TOTP-based scheme was shown to be the fastest, the reconnection step being at least twice and up to 900× faster than possible straightforward applications of SPDM. Also, our scheme requires less memory to operate. Finally, we discuss the possibility of integrating intermittent authentication capabilities into the SPDM standard itself.

Internship management system with passwordless authentication for university stakeholders

Conventional account credentials that include a password are becoming obsolete due to their limitations and susceptibility to cyber threats. This demands using alternative authentication methods that eliminate the risks of breaches and phishing. This paper discusses the integration of passwordless authentication into an electronic document management system (EDMS). The authentication method used in the system utilizes a Time-Based One-Time Password (TOTP), which operates security keys in the form of one-time passwords (OTP) that are sent to the users via email, short message service (SMS), or mobile application. The TOTP algorithm is used in the system, allowing time value as a moving factor. The Rapid Application Development (RAD) model was used in the system development and ISO 25010 was used in the evaluation. The sample size of the respondents for the acceptance testing was determined using Krejcie and Morgan’s formula. The research sample involves 10 information technology experts, one on-the-job training (OJT) coordinator, three OJT advisers, and 244 OJT students. Based on the results, the system was rated outstanding (system evaluation=4.66; acceptance evaluation=4.34), implying that the system met its requirements and that passwordless authentication was proven to increase the security of the developed system. This outcome serves as the basis for integrating passwordless authentication into various systems.

2F-Authsys: A hyperlocal two-factor authentication system using Near Sound Data Transfer

Two-Factor Authentication (2FA) is a new buzzword in the Information Security world. Big companies that used passwords as an authentication mechanism now have started transitioning to 2FA. One form of two factor authentication is known as One-Time Password (OTP). In today’s time, there is a lack of a secure multi-factor authentication platform which is also user friendly. In all the major 2FA platforms that exist today, the user has to manually enter the OTP from their phone or email. This problem is further amplified by delays in transmission of OTP via email or SMS. There has also been an increase in the number of botnets that scan large networks and try to an open and vulnerable ports on cloud hosting networks. An easy-to-use port security solution is not available. This research work aims to create a secure, proof-of-concept implementation of a modern and opinionated two factor authentication system based on Near Sound Data Transfer (NSDT) technology enabling contactless secure transmission of Time-Based One-Time Password (TOTP).

Towards Building a Faster and Incentive Enabled Privacy-Preserving Proof of Location Scheme from GTOTP

In recent years, there has been significant growth in location-based services (LBSs) and applications. These services empower users to transmit their location data to location service providers, thereby facilitating the provisioning of pertinent resources and services. However, in order to prevent malicious users from sending fake location data, users must attest to their location for service providers, namely, through a proof of location (PoL). Such a proof should additionally prevent attackers from being able to obtain users’ identity and location information through it. In this paper, we propose an efficient privacy-preserving proof of location (PPPoL) scheme. The scheme is based on the standard cryptographic primitives, including Group Time-based One-Time Password (GTOTP) and public key encryption, which achieves entity privacy, location privacy, and traceability. Unlike the previous GTOTP-based PPPoL scheme, our scheme enables instant location verification with additional hash operations. To encourage the active participation of witnesses in location proofs, we propose an incentive mechanism based on smart contracts. Additionally, we implement a proof of concept of our PPPoL scheme on an Android device. Our experimental results show that proof generation and verification time are on the order of milliseconds. Meanwhile, the total overhead for the incentive mechanism amounts to 0.0011 ETH. This result is practical for mobile device-based LBSs.

Enhanced Cloud Computing Security Using Application-Based Multi-Factor Authentication (MFA) for Communication Systems

The objective of this study is to create an advanced cloud computing security system that addresses the security vulnerabilities inherent in existing authentication processes in communication systems. Specifically, the study developed an application-based multi-layer and multi-factor authentication (MFA) program that enhances cloud security measures. The system presented an improved approach to cloud computing security through the implementation of application-based multi-factor authentication (MFA). By leveraging encryption techniques, the system guarantees secure access based on user profiles. These profiles consist of valid usernames, passwords, and token numbers generated by the application. In addition, the system enhances security by integrating the Time-based One-Time Password (TOTP) algorithm (IETF RFC 6238) with location checks, augmenting the overall protection measures. A thorough testing procedure was carried out on the system, with a specific focus on a test web application hosted on the cloud server. The result validated the efficacy of all three authentication factors integrated within the application.

TOTP Generator App

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to` dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Timestamp Based OTP and Enhanced RSA Key Exchange Scheme with SIT Encryption to Secure IoT Devices

The Internet of Things (IoT) has become an emerging technology and is expected to connect billions of more devices to the internet in the near future. With time, more and more devices like wearables, intelligent home systems, and industrial automation devices are getting connected to the internet. IoT devices primarily transfer data using wireless communication networks, introducing more vulnerabilities like man-in-the-middle-attacks and eavesdropping. These security concerns are customary for any device communicating over the internet because of its intrinsic open nature. These problems are usually subdued by conventional cryptographic algorithms used in typical systems that are power-hungry and computationally intensive, making them infeasible to be used in IoT devices since they run on low-powered chips, limiting performance, memory, and bandwidth. Hence, there is a requirement to adopt lightweight cryptographic algorithms that can abate the security issues while using low computational resources, which is the constraint in the given scenario. Hence, we propose an end-to-end secured IoT system that ensures the system’s integrity is never compromised using lightweight cryptographic algorithms. We propose a three-module system, where the first module handles user authentication using a time-based one-time password, the second secures communication using lightweight enhanced RSA, and the third performs data encryption using Feistel-based enhanced SIT. This kind of system is designed to deal with security challenges in IoT devices, ensuring adequate data security while reducing the computational footprint using lightweight cryptography.

P/Key: PUF based second factor authentication.

One-time password (OTP) mechanisms are widely used to strengthen authentication processes. In time-based one-time password (TOTP) mechanisms, the client and server store common secrets. However, once the server is compromised, the client's secrets are easy to obtain. To solve this issue, hash-chain-based second-factor authentication protocols have been proposed. However, these protocols suffer from latency in the generation of OTPs on the client side because of the hash-chain traversal. Secondly, they can generate only a limited number of OTPs as it depends on the length of the hash-chain. In this paper, we propose a second-factor authentication protocol that utilizes Physically Unclonable Functions (PUFs) to overcome these problems. In the proposed protocol, PUFs are used to store the secrets of the clients securely on the server. In case of server compromise, the attacker cannot obtain the seeds of clients' secrets and can not generate valid OTPs to impersonate the clients. In the case of physical attacks, including side-channel attacks on the server side, our protocol has a mechanism that prevents attackers from learning the secrets of a client interacting with the server. Furthermore, our protocol does not incur any client-side delay in OTP generation.

System of two­factor authentication of the user of the corporate environment using a QR code

In today's world, technologies are developing at a rapid pace. It is very difficult to imagine a sphere of human life where digital data is not used, for example, banking operations, distance learning, utility payments, online messaging have become commonplace for us. However, on the other hand, the question arose of how to ensure the reliability and confidentiality of this data. One of the methods was authentication when entering the system, that is, entering a login and password to identify the user. To date, this method is not reliable and quite vulnerable, because most users have started using the same passwords for login, or simply ignore their reliability and use rather primitive ones. As a result of such actions, more and more confidential user data is at risk of being acquired by unauthorized criminals. The idea to develop a two-factor authentication system using a QR code arose as a result of the urgency of this problem and the imperfection of existing software products. The basis will be the generation of a unique code that will be available only for a short period of time, which will be enough for the user to enter the system. This technology will allow dynamically changing the set of numbers required for authentication. If an attacker takes possession of it, he will not be able to use it, because it will change in the system in a fairly quick period of time. The article discusses the implementation of the two-factor authentication algorithm using a QR code, which has a simple appearance, but can store a large amount of data. Also, regardless of how much information the QR code contains, the data is displayed immediately after reading it. This provides an increased level of protection when the user enters the system and prevents unauthorized access to confidential data by cybercriminals. An approach using TOTP (Time-based One-time password) is also proposed, which will generate a one-time code based on a secret key. The main feature is the use of time as one of the parameters to generate a dynamic 6-digit password required for logging into the system. Also, its generation will be carried out automatically every 30 seconds, thus creating conditions for making its theft and unauthorized use impossible.

Enhancement of Time-Based One-Time Password for 2-Factor Authentication

Enhancement of Time-Based One-Time Password for 2-Factor Authentication

AN IMPLEMENTATION OF TWO-FACTOR AUTHENTICATION TECHNOLOGY USING TIME-BASED ONE TIME PASSWORD (TOTP) METHOD ON PRIVATE CLOUD STORAGE WEBSITE FOR GUIDANCE AND COUNSELING TEACHER

Guidance and counseling teacher, as an assistant profession, provides counseling services for all students. In providing counseling services, the first activity to be performed is the collection of students’ data. The data collected are confidential. Technological advances in private cloud storage media and two-factor authentication can help the guidance and counseling teacher in the fulfillment of students’ data storage and protection. Cloud storage is one of the solutions in dealing with data management so that it is centralized and facilitates access for system users. It is also balanced with the security technology on an application to guarantee the data security in the application. The security technology of two-factor authentication can be combined with a password and time-based one-time password. A time-based one-time password is often used on an application that uses two-factor authentication with the combination of a secret key and current timestamp. This study aims to create a private cloud storage website for guidance and counseling teacher with two-factor authentication using the time-based one-time password method. This website has been tested with black-box testing and user testing. From the results of the tests, a private cloud storage website with two-factor authentication using the time-based one-time password method was well accepted by the users because it helps the guidance and counseling teacher in sharing data safely, and the results of the average percentage in all questions were 85%.

Применение метода идеальной точки для поиска наилучшего способа аутентификации в корпоративных информационных системах

Nowadays, various information systems, including enterprise ones, are becoming increasingly popular. Many of these systems store sensitive data of their users. Basically, this data is protected only by a login and a password, which today can no longer provide a high level of security and guarantee the safety of the data. Along with the development of information systems, methods and tools that attackers can use to get hold of confidential information are also evolving. It is not uncommon to hear news that some of the large companies have leaked its users' personal data. So, in order to minimize the risk of compromising user data, it is worth taking a more careful approach to selecting a method of authenticating users in the system. Aim. To determine the most appropriate method of authentication in enterprise information systems with the help of a mathematical approach and taking into account certain criteria. Materials and methods. The following types of authentication were considered: reusable password authentication, TOTP (Time-based one-time password authentication), SMS-based authentication, biometric authentication, OpenID, SAML (Security Assertion Markup Language). The Pareto set method and the ideal point method were used to determine the most preferable authentication method to implement. Results. In the article, the authors describe the authentication methods considered, the algorithm of their work, and diagrams of their interaction. Using the ideal point method, SAML was determined to be the most appropriate authentication method.

TOTP Moving Target Defense for sensitive network services

Edge computing is crucial for many of the new 5G business vertical use-cases, such as Industry 4.0 robots, safety-critical communications, and highly-efficient smart grids. However, the tighter integration of such impactful businesses into previously core network operations raises significant security, trustworthiness, and reliability issues. A business vertical must not compromise the Edge platform to other business verticals. Likewise, the vertical Network Services (NSs) entrusted to the Edge should not be compromisable by adversary action. Inspired by the existing Internet Services Two-Factor Authentication (2FA) systems, we propose a Moving Target Defense (MTD) mechanism that protects sensitive NSs using a port mutation akin to a seamless Time-based One-Time Password (TOTP) authentication. Our architecture leverages Software-Defined Networking (SDN) to perform the mutations, having the option of working exclusively as a Virtual Network Function (VNF) that can be instantiated on-demand, or in conjunction with OpenFlow hardware-accelerated switches for smarter resource usage. The straightforward Proof-of-Concept implementation showed the approach was viable, with good forwarding plane performance (exceeding the current Network Interface Controllers capabilities), and effective at stopping the unauthorized interactions with the NS being protected. Because the TOTP approach depends on time and there is commonly occurring jitter (e.g., network), the Threat Detection must make a trade-off between minimizing false-positives (too many alarms) and having false-negatives (attempts that go unreported). We have struck a balance that reduces the probability of a rogue probe reaching the NS to nearly 0.0045%, while the probability of stopping an attack but not generating the alarm is approximately 2%. Future work, such as adaptive delay compensation or the use of AI/ML, may further improve the effectiveness of the solution.

An Authentication Scheme Based on Novel Construction of Hash Chains for Smart Mobile Devices

With the increasing number of smart mobile devices, applications based on mobile network take an indispensable role in the Internet of Things. Due to the limited computing power and restricted storage capacity of mobile devices, it is very necessary to design a secure and lightweight authentication scheme for mobile devices. As a lightweight cryptographic primitive, the hash chain is widely used in various cryptographic protocols and one-time password systems. However, most of the existing research work focuses on solving its inherent limitations and deficiencies, while ignoring its security issues. We propose a novel construction of hash chain that consists of multiple different hash functions of different output lengths and employ it in a time-based one-time password (TOTP) system for mobile device authentication. The security foundation of our construction is that the order of the hash functions is confidential and the security analysis demonstrates that it is more secure than other constructions. Moreover, we discuss the degeneration of our construction and implement the scheme in a mobile device. The simulation experiments show that the attacker cannot increase the probability of guessing the order by eavesdropping on the invalid passwords.

A Study on the Concept of Using Efficient Lightweight Hash Chain to Improve Authentication in VMF Military Standard

Authentication algorithms in the form of cryptographic schemes, such as the Secure Hash Algorithm 1 (SHA-1) and the digital signature algorithm (DSA), specified in the current variable message format (VMF) military standard have numerous reliability-related limitations when applied to tactical data link (TDL) and multi-TDL networks (MTN). This is because TDL and MTN require maximum tactical security, communication integrity, and low network overhead based on many protocol header bits for rapid communication with limited network resources. The application of such authentication algorithms to TDL and MTN in a rapidly changing battlefield environment without reinforcement measures will lead to functional weaknesses and vulnerabilities when high-level digital-covert activities and deception tactics are implemented. Consequently, the existing VMF authentication scheme must be improved to secure transmission integrity, lower network transaction, and receive authentication tactical information in VMF-based combat network radio (CNR) networks. Therefore, in this study, a tactical wireless ad hoc network topology, similar to that of the existing CNRs, is considered, and a lightweight multi-factor hash chain-based authentication scheme that includes a time-based one-time password (T-OTP) for network overhead reduction and terminal authentication is proposed, coupled with exception handling. The proposed method enhances the confidentiality of tactical message exchanges and reduces unnecessary network transactions and transmission bits for authentication flows between real-time military terminals owned by squads, while ensuring robustness in limited battlefields. Based on these approaches, in the future, we intend to increase the authentication reliability between wireless terminals in the Korean variable message format (KVMF)-based CNR networks based on the Korean Army Corps network scenarios.

An Efficient Two-Factor Authentication Scheme Based on the Merkle Tree.

The Time-based One-Time Password (TOTP) algorithm is commonly used for two-factor authentication. In this algorithm, a shared secret is used to derive a One-Time Password (OTP). However, in TOTP, the client and the server need to agree on a shared secret (i.e., a key). As a consequence, an adversary can construct an OTP through the compromised key if the server is hacked. To solve this problem, Kogan et al. proposed T/Key, an OTP algorithm based on a hash chain. However, the efficiency of OTP generation and verification is low in T/Key. In this article, we propose a novel and efficient Merkle tree-based One-Time Password (MOTP) algorithm to overcome such limitations. Compared to T/Key, this proposal reduces the number of hash operations to generate and verify the OTP, at the cost of small server storage and tolerable client storage. Experimental analysis and security evaluation show that MOTP can resist leakage attacks against the server and bring a tiny delay to two-factor authentication and verification time.

Securing the Website Login System with the SHA256 Generating Method and Time-based One-time Password (TOTP)

Security to enter a system has a very important role because as the main entrance to access data sources. But often lack the attention of the owners and managers of information systems. To reduce these weaknesses, one method that is widely used today is to use One-Time password, which is where the password we have becomes dynamic, meaning that at a certain time the password is always changing, the positive side is that it makes it difficult for others to steal our passwords because besides representative passwords that are difficult to understand and passwords are always changing. This study discusses One-Time Password installed on a mobile device where the password is randomized using a combination of two algorithms, namely SHA256 and Time-based One Time Password. The development of this login method can reduce the level of theft of passwords owned by users who are entitled to access information sources.

Offline Transaction System using TOTP

This paper proposes a new system which can be used to make short distance transactions Offline. The method discussed in this paper provides an in depth explanation of the project and how TOTP (Time-Based One Time Password) is used to carry out authentication which is completely offline. This idea is implemented since there is no current system which facilitates offline payments to occur. The project uses various functions such as Hashing (using SHA-1) and Audio QR to ensure security while it works offline. The project employs a QR code which encodes the user’s ID, TOTP token and the amount to be transferred to the receiver. The receiver then scans the QR code and decodes the contents, authenticates the user, checks the balance, if it is sufficient then the transaction occurs successfully. This system can be used in different scenarios such as shopping, travelling, restaurants etc.

TOTP Based Authentication Using QR Code For Gateway Entry System

In today’s scenario, there are various ways the attackers can gain access to secure information and use it for their own benefit. In this paper, we aim to improve the gateway entry system by providing more security. This system involves the use of TOTP (Time-Based One-Time Password) with QR (Quick Response) code. A QR code is a 2D matrix barcode where a large amount of information can be stored in a compact manner. TOTP is a temporary password that is active for a short duration of time. For every 30 seconds, an OTP is generated. A QR code is generated which contains the TOTP. The QR code is scanned and the server checks the TOTP generated on the server-side. If this TOTP matches with the TOTP in the QR code then the user is allowed to enter. This method increases the security of the system and prevents unauthorized access.

A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT)

Internet of Things (IoT) enables the interconnection of physical and virtual objects that are managed by various types of hardware, software, and communication technologies. The large-scale deployment of IoT is actually enabling smart cities, smart factories, smart health, and many other applications and initiatives all over the world. Indeed, according to a recent Gartner study, 50 billion connected objects will be deployed by 2020. IoT will make our cities and daily applications smart. However, IoT technologies also open up multiple risks and privacy issues. Due to hardware limitations of IoT objects, implementing and deploying robust and efficient security and privacy solutions for the IoT environment remains a significant challenge. One-time password (OTP) is an authentication scheme that represents a promising solution for IoT and smart cities environments. We extend the OTP principle and propose a novel approach of OTP generation that relies on elliptic curve cryptography and isogeny in order to ensure IoT security. We evaluate the efficacy of our approach with a real implementation and compared its performance with two other approaches namely, hash message authentication code-based OTP and time-based OTP. The performance results obtained demonstrate the efficiency and effectiveness of our approach in terms of security and performance.