Analysis of Distinguishable Security between the One-Time Password Extraction Function Family and Random Function Family-Reference-Cited by-同舟云学术

Analysis of Distinguishable Security between the One-Time Password Extraction Function Family and Random Function Family

Published:2023-07-28 Issue:15 Volume:13 Page:8761
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Kim Hyunki¹^ORCID,Yi Okyeon²

Affiliation:

1. Hyundai Autoever Co., Ltd., Platform Element Technology Team, 12, Teheran-ro 113-gil, Gangnam-gu, Seoul 06171, Republic of Korea

2. Financial Information Security, Kookmin University, 77 Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea

Abstract

A one-time password is a security system that uses a password that is only used once for authentication, and it is commonly used in multi-factor authentication systems. The process of generating an OTP is very similar to generating pseudorandom sequences in cryptography. However, since only a part of the bit string is used in OTP, an algorithm is needed to extract that part. In addition, the OTP process also includes converting the value of the bit string value into decimal form for human perception. This paper focuses on analyzing the extraction function, which is the step before the hexadecimal is reprocessed into the decimal form. We analyze a function family, which includes functions used in the process of extracting a bit string in terms of distinguishable security. As a result, we conclude that the OTP extraction function family is vulnerable in terms of distinguishable security compared to the random function family.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/15/8761/pdf

Reference24 articles.

1. Kim, H.K., Han, J.H., Park, C.I., and Yi, O.Y. (2020). Analysis of Vulnerabilities That Can Occur When Generating One-Time Password. Appl. Sci., 10.

2. Kim, H.K., Kim, D.H., and Yi, O.Y. (2022). Wireless Communications and Mobile Computing, Hindawi.

3. Secure authentication-management human-centric scheme for trusting personal resource information on mobile cloud computing with blockchain;Kim;Hum.-Centric Comput. Inf. Sci.,2018

4. Cheng, F. (2010). International Conference on Mobile Wireless Middleware, Operating Systems, and Applications, Springer.

5. Menezes, A.J., Katz, J., Van Oorschot, P.C., and Vanstone, S.A. (1996). Handbook of Applied Cryptography, CRC Press.