Enhancing Authentication Security: Analyzing Time-Based One-Time Password Systems
DOI:
https://doi.org/10.62951/ijcts.v1i3.25Keywords:
OTP, TOTP, Lightweight AlgorithmAbstract
This paper explores the Time-Based One-Time Password (TOTP) authentication mechanism enhanced with lightweight cryptographic algorithms, presenting it as an advanced solution to the limitations of traditional OTP systems. There are a lot of applications and systems where this mechanism is applied. For example, bank applications, e-commerce websites, access control system, healthcare system, etc. TOTP generates dynamic, time-sensitive passwords using the current time and a secret key processed through a cryptographic hash function, significantly improving security by reducing vulnerabilities to code reused and interception. The adoption of lightweight algorithms ensures that TOTP can be efficiently implemented on resource-constrained devices, such as those on the Internet of Things (IoT) ecosystem. Despite its benefits, TOTP faces challenges including synchronization issues between client devices and servers, and a trade-off between computational efficiency and security strength. This paper discusses the implications of these challenges and evaluates how TOTP, with appropriate design considerations, can provide a robust, secure, and efficient authentication method suitable for various applications, from digital banking to IoT environments.
References
Aggarwal, N., Kumari, S., Bahl, S., Jain, U., Rathore, N., & Saini, D. Secure One-Time Password Generation Using Shamir’s Secret Sharing. Retrieved from www.ijfmr.com
Aparicio, A., Martínez-González, M. M., & Cardeñoso-Payo, V. (2023). App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector. Wireless Networks. https://doi.org/10.1007/s11276-023-03455-w
Buccafurri, F., & Romolo, C. (2019). A Blockchain-Based OTP-Authentication Scheme for Constrained IoT Devices Using MQTT. In ACM International Conference Proceeding Series. Association for Computing Machinery. https://doi.org/10.1145/3386164.3389095
Catalfamo, A., Ruggeri, A., Celesti, A., Fazio, M., & Villari, M. (2021). A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication. In Proceedings - IEEE Symposium on Computers and Communications. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ISCC53001.2021.9631479
Iqbal, A. M. (2012). Evaluation of Research Collaboration Between University and Industry.
Iqbal, A. M., Khan, A. S., & Senin, A. A. (2012). Determination of High Impact Evaluation Metrics for Evaluating the University-Industry Technological Linkage.
Jadhav, P., Gaul, S., Madhwai, A., Nikam, V., Mhalaskar, K., & Deshmukh, M. (2023). A Cutting-Edge Security Solution: OTP-Based Smart Wireless Locking System. In 2023 4th International Conference on Computation, Automation and Knowledge Management, ICCAKM 2023. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICCAKM58659.2023.10449610
Kamilah, S., Shahid, A., Fisal, N., Rozeha, A. R., & Abbas, M. (2011).
Khan, A. S. (2012). Medium Access Control Security Mechanism for Mobile Multihop Relay WiMAX Networks.
Khan, A. S., et al. (2010). An Improved Authentication Key Management Scheme for Multihop Relay in IEEE 802.16m Networks.
Khan, R. H., & Miah, J. (2022). Performance Evaluation of a new One-Time Password (OTP) Scheme Using Stochastic Petri Net (SPN). In 2022 IEEE World AI IoT Congress, AIIoT 2022 (pp. 407–412). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/AIIoT54504.2022.9817203
Krishna, S. P., Tejasri, D., Soumya, B., Madhuri, M., & Lubna. (2022). Bank Application: One-Time Password Generation. In Proceedings - International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2022 (pp. 855–859). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICAAIC53929.2022.9792823
Li, P., Pan, L., Chen, F., Hoang, T., & Wang, R. (2023). TOTPAuth: A Time-based One Time Password Authentication Proof-of-Concept against Metaverse User Identity Theft. In Proceedings - 2023 IEEE International Conference on Metaverse Computing, Networking and Applications, MetaCom 2023 (pp. 662–665). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/MetaCom57706.2023.00117
Matelski, S. (2022). Human-Computable OTP Generator as an Alternative of the Two-Factor Authentication. In ACM International Conference Proceeding Series (pp. 64–71). Association for Computing Machinery. https://doi.org/10.1145/3528580.3532842
Nisa, N., Khan, A. S., Ahmad, Z., Aqeel, S., Asim, J., & Afzal, S. (2022). Conceptual Review of DoS Attacks in Software Defined Networks.
Saputra, L. K. P., Filiana, A., Rini, M. N. A., Tamtama, G. I. W., Kurniawan, L., & Surya, H. B. (2023). One Time Password Authentication for Machine Activation Monitoring System Based on Wireless Network. In Proceedings - IEIT 2023: 2023 International Conference on Electrical and Information Technology (pp. 252–257). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/IEIT59852.2023.10335513
Saqib, R. M., et al. (2022). Analysis and Intellectual Structure of the Multi-Factor Authentication in Information Security. Intelligent Automation & Soft Computing.
Shankar, T. N., Rakesh, P., Bhargawa Rao, T., Hari Bharadwaj, L., Rakesh, C., & Madhuri, M. L. (2021). Providing Security to Land Record with the Computation of Iris, Blockchain, and One Time Password. In Proceedings - IEEE 2021 International Conference on Computing, Communication, and Intelligent Systems, ICCCIS 2021 (pp. 226–231). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICCCIS51004.2021.9397176
Teffandi, N., Feryputri, N. A. Z., Hasanuddin, M. O., Syafalni, I., & Sutisna, N. (2023). GRAIN Algorithm Implementation for Lightweight Hardware-Based OTP Authentication. In Proceedings of the International Conference on Electrical Engineering and Informatics. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICEEI59426.2023.10346638
Xu, G., Qiao, Y., Wu, X., Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers. Beijing Section, & Zhongguo ke xue yuan. Shenzhen xian jin ji shu yan jiu yuan. (n.d.). Time-based OTP Authentication via Secure Tunnel (TOAST): A Mobile TOTP Scheme Using TLS Seed Exchange and Encrypted Offline Keystore.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 International Journal of Computer Technology and Science

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.