JOURNAL BROWSE
Search
Advanced SearchSearch Tips
OTP-Based Transaction Verification Protocol Using PUFs
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
OTP-Based Transaction Verification Protocol Using PUFs
Lee, Jonghoon; Park, Minho; Jung, Souhwan;
  PDF(new window)
 Abstract
The One-Time Password(OTP) Generator is used as a multi-factor authentication method to ensure secure transaction during e-Financial transaction in the bank and securities company. The OTP based e-Financial Transaction Verification Protocol ensures secure e-financial transaction through confirming the user's identity using OTP authentication information and counters not only Man-in-the-Browser(MITB) attacks but also memory hacking attacks. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing, pharming, social engineering attacks. Therefore, it needs another scheme to prevent from above threats, and this paper proposes advanced scheme using Physical Unclonable Functions(PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the hysically unclonable features of PUFs. In addition, it is impossible to clone OTP generator with hardware techniques. Consequently, the proposed protocol provides stronger and more robust authentication protocol than existing one by adding PUFs in the OTP generator.
 Keywords
OTP;Authentication;PUFs;HMAC;CRPs;
 Language
Korean
 Cited by
1.
PUF 기반의 보안 USB 인증 및 키 관리 기법,이종훈;박정수;정승욱;정수환;

한국통신학회논문지, 2013. vol.38B. 12, pp.944-953 crossref(new window)
2.
전자금융사기 예방서비스의 개선방안에 관한 연구: 2013년 전자금융사기 피해사례분석을 중심으로,정대용;이경복;박태형;

정보보호학회논문지, 2014. vol.24. 6, pp.1243-1261 crossref(new window)
3.
개인정보 보안취약성과 지각된 유용성이 지속적인 은행이용의도에 미치는 영향,서동진;김태성;

한국통신학회논문지, 2015. vol.40. 8, pp.1577-1587 crossref(new window)
 References
1.
S. Cho, H.-J. Lee, H.-T. Lim, and S.-G. Lee, "OTP authentication protocol for stream cipher using clock-counter," in Proc. KICS Int. Conf. Commun. 2008 (KICS ICC 2012), pp. 245-248, Jeju Island, Korea, July 2008.

2.
S. Kim, J. Seo, H. Song, S. Lee, S. Kim, and D. Won, "A secure OTP system using key input devices for financial service," in Proc. KICS Int. Conf. Commun. 2008 (KICS ICC 2012), pp. 353-357, Seoul, Korea, Nov. 2008.

3.
N. Haller, C. Metz, P. Nesser, and M. Straw, "A one-time password system," IETF RFC 2289, Feb. 1998.

4.
D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen, "HOTP: An HMAC-based one-time password algorithm," IETF RFC 4226, Dec. 2005.

5.
H. W. Sim, W. J. Kang, and H. Y. Park, "An one time password based e-financial transaction verification protocol," TTAK.KO-12.0167, Dec. 2011.

6.
G. Edward Suh and Srinivas Devadas, "Physical unclonable functions for device authentication and secret key generation," in Proc. 44th ACM Annu. Design Automation Conf. 2007, pp. 9-14, San Diego, U.S.A., June 2007.

7.
J. Lee, P. Choi, and D. Kim, "The password-based authentication paradigm on M2M(번역)," Review of KIISC, vol. 22, no. 1, pp. 39-46, Feb. 2012.

8.
L. Kulseng, Z. Yu, Y. Wei, and Y. Guan, "Lightweight mutual authentication and ownership transfer for RFID systems," in Proc. IEEE INFOCOM 2010, pp. 1-5, San Diego, U.S.A., Mar. 2010.

9.
M. Akgün, M. S. Kiraz, and H. Demirci, "Cryptanalysis of lightweight mutual authentication and ownership Transfer for RFID System," in Proc. IEEE Lightweight Security & Privacy: Devices, Protocols and Applicat. (LightSec), pp. 20-25, Istanbul, Turkey, Mar. 2011.

10.
S. W. Jung and S. Jung, "HRP: a HMAC-based RFID mutual authentication protocol using PUF," in Proc. IEEE Int. Conf. Inform Networking 2013, Bangkok, Thailand, Jan. 2013.

11.
J. Shin, J. Lee, C. Jeong, and K. Ahn, "Symmetric key-based RFID mutual authentication protocol utilizing PUF," in Proc. KICS Int. Conf. Commun. 2012 (KICS ICC 2012), pp. 790-791, Jeju Island, Korea, June 2012.