Applied Sciences (Apr 2020)

Analysis of Vulnerabilities That Can Occur When Generating One-Time Password

  • Hyunki Kim,
  • Juhong Han,
  • Chanil Park,
  • Okyeon Yi

DOI
https://doi.org/10.3390/app10082961
Journal volume & issue
Vol. 10, no. 8
p. 2961

Abstract

Read online

A one-time password (OTP) is a password that is valid for only one login session or transaction, in IT systems or digital devices. This is one of the human-centered security services and is commonly used for multi-factor authentication. This is very similar to generating pseudo-random bit streams in cryptography. However, it is only part of what is used as OTP in the bit stream. Therefore, the OTP mechanism requires an algorithm to extract portions. It is also necessary to convert hexadecimal to decimal so that the values of the bit strings are familiar to human. In this paper, we classify three algorithms for extracting the final data from the pseudo random bit sequence. We also analyze the fact that a vulnerability occurs during the extraction process, resulting in a high frequency of certain numbers; even if cryptographically secure generation algorithms are used.

Keywords