Skip to Main content Skip to Navigation
Conference papers

Security Analysis of Mobile Phones Used as OTP Generators

Abstract : The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap's solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual's bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.
Document type :
Conference papers
Complete list of metadata

Cited literature [4 references]  Display  Hide  Download

https://hal.inria.fr/hal-01056074
Contributor : Hal Ifip <>
Submitted on : Thursday, August 14, 2014 - 6:02:58 PM
Last modification on : Friday, November 20, 2020 - 4:22:03 PM
Long-term archiving on: : Thursday, November 27, 2014 - 1:35:16 AM

File

60330327.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole. Security Analysis of Mobile Phones Used as OTP Generators. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.324-331, ⟨10.1007/978-3-642-12368-9_26⟩. ⟨hal-01056074⟩

Share

Metrics

Record views

240

Files downloads

625