Security Analysis of Mobile Phones Used as OTP Generators - Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices
Conference Papers Year : 2010

Security Analysis of Mobile Phones Used as OTP Generators

Abstract

The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap's solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual's bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.
Fichier principal
Vignette du fichier
60330327.pdf (82.89 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01056074 , version 1 (14-08-2014)

Licence

Identifiers

Cite

Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole. Security Analysis of Mobile Phones Used as OTP Generators. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.324-331, ⟨10.1007/978-3-642-12368-9_26⟩. ⟨hal-01056074⟩
199 View
332 Download

Altmetric

Share

More