Enhancing Authentication Security: Analyzing Time-Based One-Time  Password Systems

Asyura Binti Sofian; Ayu Fitri Alafiah Binti Peradus; Fidel Yong; Irvine Shearer; Nurrul Nazwa Binti Ismail; Yugendran A/L Mahendran; Muhammad Faisal

doi:10.62951/ijcts.v1i3.25

Authors

Asyura Binti Sofian Universiti Malaysia Sarawak, Kuching, Sarawak
Ayu Fitri Alafiah Binti Peradus Universiti Malaysia Sarawak, Kuching, Sarawak
Fidel Yong Universiti Malaysia Sarawak, Kuching, Sarawak
Irvine Shearer Universiti Malaysia Sarawak, Kuching, Sarawak
Nurrul Nazwa Binti Ismail Universiti Malaysia Sarawak, Kuching, Sarawak
Yugendran A/L Mahendran Universiti Malaysia Sarawak, Kuching, Sarawak
Muhammad Faisal Director HRIMS, Ministry of Human Rights

DOI:

https://doi.org/10.62951/ijcts.v1i3.25

Keywords:

OTP, TOTP, Lightweight Algorithm

Abstract

This paper explores the Time-Based One-Time Password (TOTP) authentication mechanism enhanced with lightweight cryptographic algorithms, presenting it as an advanced solution to the limitations of traditional OTP systems. There are a lot of applications and systems where this mechanism is applied. For example, bank applications, e-commerce websites, access control system, healthcare system, etc. TOTP generates dynamic, time-sensitive passwords using the current time and a secret key processed through a cryptographic hash function, significantly improving security by reducing vulnerabilities to code reused and interception. The adoption of lightweight algorithms ensures that TOTP can be efficiently implemented on resource-constrained devices, such as those on the Internet of Things (IoT) ecosystem. Despite its benefits, TOTP faces challenges including synchronization issues between client devices and servers, and a trade-off between computational efficiency and security strength. This paper discusses the implications of these challenges and evaluates how TOTP, with appropriate design considerations, can provide a robust, secure, and efficient authentication method suitable for various applications, from digital banking to IoT environments.

References

Aggarwal, N., Kumari, S., Bahl, S., Jain, U., Rathore, N., & Saini, D. Secure One-Time Password Generation Using Shamir’s Secret Sharing. Retrieved from www.ijfmr.com

Aparicio, A., Martínez-González, M. M., & Cardeñoso-Payo, V. (2023). App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector. Wireless Networks. https://doi.org/10.1007/s11276-023-03455-w

Buccafurri, F., & Romolo, C. (2019). A Blockchain-Based OTP-Authentication Scheme for Constrained IoT Devices Using MQTT. In ACM International Conference Proceeding Series. Association for Computing Machinery. https://doi.org/10.1145/3386164.3389095

Catalfamo, A., Ruggeri, A., Celesti, A., Fazio, M., & Villari, M. (2021). A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication. In Proceedings - IEEE Symposium on Computers and Communications. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ISCC53001.2021.9631479

Iqbal, A. M. (2012). Evaluation of Research Collaboration Between University and Industry.

Iqbal, A. M., Khan, A. S., & Senin, A. A. (2012). Determination of High Impact Evaluation Metrics for Evaluating the University-Industry Technological Linkage.

Jadhav, P., Gaul, S., Madhwai, A., Nikam, V., Mhalaskar, K., & Deshmukh, M. (2023). A Cutting-Edge Security Solution: OTP-Based Smart Wireless Locking System. In 2023 4th International Conference on Computation, Automation and Knowledge Management, ICCAKM 2023. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICCAKM58659.2023.10449610

Kamilah, S., Shahid, A., Fisal, N., Rozeha, A. R., & Abbas, M. (2011).

Khan, A. S. (2012). Medium Access Control Security Mechanism for Mobile Multihop Relay WiMAX Networks.

Khan, A. S., et al. (2010). An Improved Authentication Key Management Scheme for Multihop Relay in IEEE 802.16m Networks.

Khan, R. H., & Miah, J. (2022). Performance Evaluation of a new One-Time Password (OTP) Scheme Using Stochastic Petri Net (SPN). In 2022 IEEE World AI IoT Congress, AIIoT 2022 (pp. 407–412). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/AIIoT54504.2022.9817203

Krishna, S. P., Tejasri, D., Soumya, B., Madhuri, M., & Lubna. (2022). Bank Application: One-Time Password Generation. In Proceedings - International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2022 (pp. 855–859). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICAAIC53929.2022.9792823

Li, P., Pan, L., Chen, F., Hoang, T., & Wang, R. (2023). TOTPAuth: A Time-based One Time Password Authentication Proof-of-Concept against Metaverse User Identity Theft. In Proceedings - 2023 IEEE International Conference on Metaverse Computing, Networking and Applications, MetaCom 2023 (pp. 662–665). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/MetaCom57706.2023.00117

Matelski, S. (2022). Human-Computable OTP Generator as an Alternative of the Two-Factor Authentication. In ACM International Conference Proceeding Series (pp. 64–71). Association for Computing Machinery. https://doi.org/10.1145/3528580.3532842

Nisa, N., Khan, A. S., Ahmad, Z., Aqeel, S., Asim, J., & Afzal, S. (2022). Conceptual Review of DoS Attacks in Software Defined Networks.

Saputra, L. K. P., Filiana, A., Rini, M. N. A., Tamtama, G. I. W., Kurniawan, L., & Surya, H. B. (2023). One Time Password Authentication for Machine Activation Monitoring System Based on Wireless Network. In Proceedings - IEIT 2023: 2023 International Conference on Electrical and Information Technology (pp. 252–257). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/IEIT59852.2023.10335513

Saqib, R. M., et al. (2022). Analysis and Intellectual Structure of the Multi-Factor Authentication in Information Security. Intelligent Automation & Soft Computing.

Shankar, T. N., Rakesh, P., Bhargawa Rao, T., Hari Bharadwaj, L., Rakesh, C., & Madhuri, M. L. (2021). Providing Security to Land Record with the Computation of Iris, Blockchain, and One Time Password. In Proceedings - IEEE 2021 International Conference on Computing, Communication, and Intelligent Systems, ICCCIS 2021 (pp. 226–231). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICCCIS51004.2021.9397176

Teffandi, N., Feryputri, N. A. Z., Hasanuddin, M. O., Syafalni, I., & Sutisna, N. (2023). GRAIN Algorithm Implementation for Lightweight Hardware-Based OTP Authentication. In Proceedings of the International Conference on Electrical Engineering and Informatics. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICEEI59426.2023.10346638

Xu, G., Qiao, Y., Wu, X., Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers. Beijing Section, & Zhongguo ke xue yuan. Shenzhen xian jin ji shu yan jiu yuan. (n.d.). Time-based OTP Authentication via Secure Tunnel (TOAST): A Mobile TOTP Scheme Using TLS Seed Exchange and Encrypted Offline Keystore.