One-Time Password Authentication Scheme to Solve Stolen Verifier Problem

Secure authentication schemes between an authentication server and users are required to avoid many risks on the Internet. There are three authentication schemes: static password authentications like Basic and Digest Access Authentication[1], public-key certificate schemes, and one-time password schemes. In spite of using SSL/TLS, the static password authentications are known as being insecure because majority of people use short and simple passwords. An adversary can easily guess their passwords, for example by Library attack. Public-key certificate schemes provide the necessary security. However, it requires heavy computational costs and is not suitable for low spec mobile devices. In contrast, the computational costs of one-time password schemes are lower than that of public-key certificate schemes. They are generally based on a symmetric encryption function or a one-way hash function. In addition, since one-time password schemes generate a different password at every authentication session, they are more secure than the static password authentications. Thus, one-time password schemes is an important area of research. There are three types of one-time password scheme: 1) based on time-synchronization between the authentication server and the user[2], 2) using a mathematical algorithm where the new one-time password is based on a challenge[3, 4, 5] and 3) using a mathematical algorithm to generate a new one-time password based on the previous one-time password. We focus on the type 3 in this study, because it changes not only the one-time password but also the secret data stored by the server and the user at every authentication session. We can use our biometric information as the user’s first secret data without care. Most schemes[6, 7, 8, 9] are vulnerable to Hybrid Theft attack. An adversary can steal the secret data from an authentication server or can obtain the communication data in Hybrid Theft attack. The adversary tries to impersonate a legal user using the stolen data. Since the adversary can obtain the server’s secret data, the Hybrid Theft attack is very difficult to immunize. 2GR[10] is designed to immunize the Hybrid Theft attack, but it suffers from the Impersonation attack[11]. SAS-X(2)[12] is secure against the Hybrid Theft attack, but suffers from DoS attack. We classify one-time password schemes into two designs: 1) based on only a one-way hash function and 2) combining a symmetric encryption function and a one-way hash function. The former is superior in computational cost to the latter, because one-way hash functions can compute faster