A Secure User Authentication Protocol Based on One-Time-Password for Home Network

One-Time Password (OTP) authentication protocol can be used for authenticating a user by a server. It increases security by using a new password for each authentication while the previous password scheme iteratively uses a same password. In this paper we propose a secure user authentication protocol using a similar approach as S/Key, Lamport, Revised SAS and SAS-2 protocol but more secure than them. It employs a three-way challenge-response handshake technique to provide mutual authentication. Also, computation in the user device is reduced, resulting in less power consumption in the mobile devices. Compared with the S/KEY and Lamport protocol, the proposed protocol solves the problem of storing authentication data and limitation in the usage count. Moreover, the proposed scheme is practical to be used with Smart Card, and administration of authentication information is easy.

[1]  Günter Schäfer,et al.  ISP-operated protection of home networks with FIDRAN , 2004, First IEEE Consumer Communications and Networking Conference, 2004. CCNC 2004..

[2]  Akihiro Shimizu,et al.  A One-Time Password Authentication Method , 2006 .

[3]  Prabir Bhattacharya,et al.  Remote access and networked appliance control using biometrics features , 2003, IEEE Trans. Consumer Electron..

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  Chin-Chen Chang,et al.  Using IC cards to remotely login passwords without verification tables , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[6]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[7]  Chun-Li Lin,et al.  A password authentication scheme with secure password updating , 2003, Comput. Secur..

[8]  Chin-Laung Lei,et al.  A remote control scheme for ubiquitous personal computing , 2004, IEEE International Conference on Networking, Sensing and Control, 2004.

[9]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[10]  Akihiro Shimizu,et al.  Simple And Secure password authentication protocol, ver.2(SAS-2) (メディア工学) , 2002 .