A secure OTP algorithm using a smartphone application

Recently, several authentication protocols are being used in mobile applications. OTP is one of the most powerful authentication methods among them. However, it has some security vulnerabilities, particularly to MITM(Man-in-the-Middle) attack and MITPC/Phone(Man-in-the-PC/Phone) attack.

An adversary could know a valid OTP value and be authenticated with this secret information in the presence of those attacks. To solve these problems, we propose a novel OTP algorithm and compare it with existing algorithms. The proposed scheme is secure against MITM attack and MITPC/Phone attack by using a captcha image, IMSI number embedded in SIM card and limiting available time of an attack.

Share this post