Thursday, September 2, 2010

Two Factor Authentication without the Overhead of Traditional OTP

My colleagues and I published a paper where we discussed our design of a two-factor authentication taylored to lower the cost without compromising the security.

Here is the abtract: "This paper describes a simple security architecture that supports two factor authentication for accessing Internet resources. Instead of utilizing the complex traditional OTP frameworks, which can be cumbersome to both deploy and use, we present a software architecture based on a shared knowledge between a token and a remote Internet resource; such as a web server. The confidentiality of this shared knowledge is protected by the smart card embedded in the token. The approach is explained in the context of initial token setup and a practical use-case for two factor online authentication. Despite its simplicity, this software optimization provides a comparable level of security for asserting the identity of users."

We presented it at the 13th IASTED International Conference on Software Engineering and Applications 2009 in Cambridge, MA. The full paper is also available on, but it is not free :/

No comments: