Check out the new USENIX Web site.

Independent One-Time Passwords

Aviel D. Rubin
445 South St.
Morristown, NJ 07960


Existing one-time password (OTP) schemes suffer several drawbacks. Token-based systems are expensive, while software-based schemes rely on one-time passwords that are dependent on each other. There are disadvantages to authentication schemes that rely on dependent OTP's. It is difficult to replicate the authentication server without lowering security. Also, current authentication schemes based on dependent OTP's only authenticate the initial connection; the remainder of the session is assumed to be authenticated. Experience shows that connections can be hijacked. A new scheme for generating one-time passwords that are independent is presented. The independence property enables easy replication of the authentication server, and authentication that is persistent for the lifetime of a connection. This mechanism is also ideally suited for smart card applications. Our implementation and several applications are discussed.

Download the full text of this paper in ASCII (27,569 bytes),
POSTSCRIPT (207,265 bytes),
and PDF (221,623 bytes) form.

To Become a USENIX Member, please see our Membership Information.