nach oben

Mobile Networks and Applications

Erschienen in:

01.10.2013

Ubiquitous One-Time Password Service Using the Generic Authentication Architecture

verfasst von: Chunhua Chen, Chris J. Mitchell, Shaohua Tang

Erschienen in: Mobile Networks and Applications | Ausgabe 5/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Generic Authentication Architecture (GAA) is a standardised extension to the mobile authentication infrastructure that enables the provision of security services, such as key establishment, to network applications. In this paper we first show how Trusted Computing can be extended in a GAA-like framework to offer new security services. We then propose a general scheme that converts a simple static password authentication mechanism into a one-time password (OTP) system using the GAA key establishment service. The scheme employs a GAA-enabled user device and a GAA-aware server. Most importantly, unlike most OTP systems using a dedicated key-bearing token, the user device does not need to be user or server specific, and can be used in the protocol with no registration or configuration (except for the installation of the necessary application software). We also give two practical instantiations of the general scheme, building firstly on the mobile authentication infrastructure and secondly on Trusted Computing. The practical systems are secure, scalable, fit well to the multi-institution scenario, and enable the provision of ubiquitous and on-demand OTP services.

Vorheriger Artikel A Privacy Preserving Method Using Privacy Enhancing Techniques for Location Based Services

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

The 3rd Generation Partnership Project (3GPP).

The 3rd Generation Partnership Project 2 (3GPP2).

In the GAA specifications [5], the functionality of a GAA-aware application server is referred to as the Network Application Function (NAF).

3rd Generation Partnership Project (3GPP) (2009) 3G security: access secure for IP-based services. Technical Specification TS 33.203, version 9.3.0

3rd Generation Partnership Project (3GPP) (2009) Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details. Technical Specification TS 24.109, version 9.1.0

3rd Generation Partnership Project (3GPP) (2009) Generic authentication architecture (GAA); access to network application functions using hypertext transfer protocol over transport layer security (HTTPS). Technical Specification TS 33.222, version 9.1.0

3rd Generation Partnership Project (3GPP) (2009) Numbering, addressing and identification. Technical Specification TS 23.003, version 9.2.0

3rd Generation Partnership Project (3GPP) (2009) Technical specification group services and systems aspects, generic authentication architecture (GAA), generic bootstrapping architecture. Technical Specification TS 33.220, version 9.2.0

Alzomai M, Josang A (2010) The mobile phone as a multi OTP device using trusted computing. In: Proceedings of the 4th international conference on network and system security. IEEE Computer Society, Melbourne, Australia, pp 75–82

Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer

Chen C, Mitchell CJ, Tang S (2010) Extending Trusted Computing as a security service. In preparation. A poster of this paper is presented at the 21st Hewlett-Packard Colloquium on Information Security, Royal Holloway, University of London. Available at http://www.isg.rhul.ac.uk/cjm/Papers/etcaas.pdf. Accessed 20 Dec 2010

Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. Internet Engineering Task Force, RFC 2617

10.

Hardjono T, Kazmierczak G (2008) Overview of the TPM key management standard. TCG Presentations at the 1st IEEE Key Management Summit, Baltimore MD. Available at http://www.trustedcomputinggroup.org/resources/. 23–24 Sep 2008

11.

Holtmanns S, Niemi V, Ginzboorg P, Laitinen P, Asokan N (2008) Cellular authentication for mobile and internet services. John Wiley and Sons

12.

International Organization for Standardization (1998) ISO/IEC 9798-3:1998/Amd 1:2010, information technology—security techniques—entity authentication—part 3: mechanisms using digital signature techniques. Genève, Switzerland

13.

James L (2006) Phishing exposed. Syngress

14.

Krawczyk H, Bellare M, Canetti R (1997) HMAC: Keyed-hashing for message authentication. Internet Engineering Task Force, RFC 2104 (Informational)

15.

Molva R, Tsudik G (1993) Authentication method with impersonal token cards. In: Proceedings of the 1993 IEEE symposium on security and privacy. IEEE Computer Society, Oakland, California, USA, pp 56–65CrossRef

16.

M’Raihi D, Bellare M, Hoornaert F, Naccache D, Ranen O (2005) HOTP: an HMAC-based one-time password algorithm. Internet Engineering Task Force, RFC 4226 (Informational)

17.

Pearson S (2002) Trusted Computing Platforms, the next security solution. Technical Report HPL-2002-221, Hewlett-Packard Laboratories. Available at http://www.hpl.hp.com/techreports/2002/HPL-2002-221.pdf. Accessed Nov 2002

18.

Trusted Computing Group (2007) TCG mobile reference architecture, TCG Specification, Version 1.0, Revision 1

19.

Trusted Computing Group (2007) TPM main, part 1 design principles. TCG Specification, Version 1.2, Revision 103

20.

Trusted Computing Group (2007) TPM main, part 2 TPM data structures. TCG Specification, Version 1.2, Revision 103

21.

Trusted Computing Group (2007) TPM main, part 3 commands. TCG Specification, Version 1.2, Revision 103

22.

Trusted Computing Group (2010) TCG mobile trusted module specification. TCG Specification, Version 1.0, Revision 7.02

Titel: Ubiquitous One-Time Password Service Using the Generic Authentication Architecture
verfasst von: Chunhua Chen
Chris J. Mitchell
Shaohua Tang
Publikationsdatum: 01.10.2013
Verlag: Springer US
Erschienen in: Mobile Networks and Applications / Ausgabe 5/2013
Print ISSN: 1383-469X
Elektronische ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-011-0329-z

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Suresh Vittal/© Alteryx, Additiv gefertigte Teile/© Marina_Skoropadskaya | Getty Images | iStock, Warnschild "Land unter"/© Bluedesign / Fotolia, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Weitere Artikel der Ausgabe 5/2013

Adaptive and Flexible Smartphone Power Modeling

Editorial for Security and Privacy in Wireless Networks Special Issue

Performance of IEEE 802.11 under Jamming

Natural Disaster Monitoring with Wireless Sensor Networks: A Case Study of Data-intensive Applications upon Low-Cost Scalable Systems

“Security-Aware and Data Intensive Low-Cost Mobile Systems” Editorial

Non-Interactive Authenticated Key Agreement over the Mobile Communication Network

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.