Paper 2009/430

One-time-password-authenticated key exchange

Kenneth G. Paterson and Douglas Stebila

Abstract

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
one-time passwordskey exchangeprotocolspublic-key cryptography
Contact author(s)
douglas @ stebila ca
History
2009-09-04: received
Short URL
https://ia.cr/2009/430
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/430,
      author = {Kenneth G.  Paterson and Douglas Stebila},
      title = {One-time-password-authenticated key exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2009/430},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/430}},
      url = {https://eprint.iacr.org/2009/430}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.