Skip to Main content Skip to Navigation
Conference papers

Security Analysis of Mobile Phones Used as OTP Generators

Abstract : The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap's solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual's bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.
Document type :
Conference papers
Complete list of metadata

Cited literature [4 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 14, 2014 - 6:02:58 PM
Last modification on : Friday, November 20, 2020 - 4:22:03 PM
Long-term archiving on: : Thursday, November 27, 2014 - 1:35:16 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole. Security Analysis of Mobile Phones Used as OTP Generators. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.324-331, ⟨10.1007/978-3-642-12368-9_26⟩. ⟨hal-01056074⟩



Record views


Files downloads