Skip to Main content Skip to Navigation
Conference papers

Security Analysis of Mobile Phones Used as OTP Generators

Håvard Raddum 1 Lars Hopland Nestås 1 Kjell Jørgen Hole 1 
1 UiB - Department of Informatics [Bergen]
Abstract : The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap's solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual's bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.
Document type :
Conference papers
Complete list of metadata

Cited literature [4 references]  Display  Hide  Download
https://hal.inria.fr/hal-01056074
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 14, 2014 - 6:02:58 PM
Last modification on : Friday, November 20, 2020 - 4:22:03 PM
Long-term archiving on: : Thursday, November 27, 2014 - 1:35:16 AM

File

Vignette du document
60330327.pdf
Files produced by the author(s)

Licence

Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

IFIP-LNCS | IFIP | IFIP-LNCS-6033 | IFIP-TC | IFIP-TC11 | IFIP-WISTP | IFIP-WG11-2

Citation

Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole. Security Analysis of Mobile Phones Used as OTP Generators. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.324-331, ⟨10.1007/978-3-642-12368-9_26⟩. ⟨hal-01056074⟩

Export

BibTeX TEI DC DCterms EndNote Datacite

Share

Metrics

Record views

135

Files downloads

301

 

Contact                    Legal Notice                    Personal Data