One Time Passwords OTPs using CHALLENGERESPONSE In password

One Time Passwords (OTPs) using CHALLENGE-RESPONSE • In password authentication, the User (claimant) proves her identity by demonstrating that she knows a secret, the password. • In challenge-response authentication, the User (claimant) proves that she knows a secret without sending it.

One Time Passwords (OTPs) using CHALLENGE-RESPONSE • OTP will change every time it is used. • Intercepted passwords will be useless because they cannot be reused • The system assigns a static mathematical function to a user instead of a static password phrase

One Time Passwords (OTPs) using CHALLENGE-RESPONSE Alice (Claimant) Challenge (x) Bob (Verifier) Response f(x) Possible functions 1) f(x) = x+1 2) f(x) =sum of digits of in number x -- e. g. 123 sum = 1+2+3 = 6 3) f(x) = 3 x 2 – 9 x + 2 or any other 4) f(x) = px - where px is the xth prime number 5) For machine to machine authentication, an encryption algorithm such as DES or AES is more appropriate

One Time Passwords (OTPs) using CHALLENGE-RESPONSE

One Time Passwords (OTPs) using CHALLENGE-RESPONSE Alice (Claimant) Bob (Verifier) Challenge (x) Response f(x) Charlie (Claimant) ……. Table of User functions User Function Alice Sum of digits Charlie Reversed number Alex First Random number with seed x … ….