Abstract : The Norwegian company Encap has developed protocols
enabling individuals to use their mobile phones as one-time password
(OTP) generators. An initial analysis of the protocols reveals minor
security flaws. System-level testing of an online bank utilizing Encap's
solution then shows that several attacks allow a malicious individual to
turn his own mobile phone into an OTP generator for another individual's
bank account. Some of the suggested countermeasures to thwart the
attacks are already incorporated in an updated version of the online
banking system.
Type de document :
Communication dans un congrès
Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.324-331, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_26〉
https://hal.inria.fr/hal-01056074
Contributeur : Hal Ifip
<>
Soumis le : jeudi 14 août 2014 - 18:02:58
Dernière modification le : vendredi 11 août 2017 - 15:12:55
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 01:35:16
Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole. Security Analysis of Mobile Phones Used as OTP
Generators. Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.324-331, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_26〉. 〈hal-01056074〉
