loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Jinying Yu and Philipp Brune

Affiliation: Hochschule Neu-Ulm - University of Applied Sciences, Germany

Keyword(s): IT-Security, Identity Management, Two Factor Authentication, Smart Cards.

Related Ontology Subjects/Areas/Topics: Applied Cryptography ; Critical Infrastructure Protection ; Cryptographic Techniques and Key Management ; Data and Application Security and Privacy ; Data Engineering ; Databases and Data Security ; Identity Management ; Information and Systems Security

Abstract: The recently reported security issue possibly compromising the security tokens sold by a major vendor of two factor authentication (2FA) solutions (Schneier, 2011) demonstrates the importance of the basic principle of using an open design for security solutions (Saltzer and Schroeder, 1974). In particular, the safety of such devices should not be based on the use of a secret algorithm or seed value to generate a sequence of one-time passwords (OTP) inside the security token. Instead, we argue in favour of using an open design using pre-generated sequences of OTP that are stored encrypted on the security token. Here, the safety of the solution only relies on the confidentiality of the decryption key and not the design of the solution itself. We illustrate our argumentation by describing a respective authentication scheme and a prototype based on an open design, the latter being used as the basis for the security analysis.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.91.176.3

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Yu, J. and Brune, P. (2011). NO SECURITY BY OBSCURITY – WHY TWO FACTOR AUTHENTICATION SHOULD BE BASED ON AN OPEN DESIGN. In Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT; ISBN 978-989-8425-71-3; ISSN 2184-3236, SciTePress, pages 418-421. DOI: 10.5220/0003610004180421

@conference{secrypt11,
author={Jinying Yu. and Philipp Brune.},
title={NO SECURITY BY OBSCURITY – WHY TWO FACTOR AUTHENTICATION SHOULD BE BASED ON AN OPEN DESIGN},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT},
year={2011},
pages={418-421},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003610004180421},
isbn={978-989-8425-71-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT
TI - NO SECURITY BY OBSCURITY – WHY TWO FACTOR AUTHENTICATION SHOULD BE BASED ON AN OPEN DESIGN
SN - 978-989-8425-71-3
IS - 2184-3236
AU - Yu, J.
AU - Brune, P.
PY - 2011
SP - 418
EP - 421
DO - 10.5220/0003610004180421
PB - SciTePress