AuthorsH. Raddum, L. H. Nestås and K. J. Hole
TitleSecurity Analysis of Mobile Phones Used as OTP Generators
Afilliation, Communication Systems
Project(s)Simula UiB
StatusPublished
Publication TypeProceedings, refereed
Year of Publication2010
Conference NameInternational Workshop on Security Theory and Practice, WISTP 2010
Volume6033
Pagination324-331
Date Published04/2010
PublisherLecture Notes in Computer Science, Springer Verlag
ISBN Number978-3-642-12367-2
ISSN Number0302-9743
Abstract

The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap’s solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual’s bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.

URLhttp://link.springer.com/chapter/10.1007/978-3-642-12368-9_26
DOI10.1007/978-3-642-12368-9_26
Citation Key24088

Contact person