基于ECC密钥交换的OTP系统

2022 International Conference on Communication, Computing and Internet of Things (IC3IoT) Pub Date : 2022-03-10 DOI:10.1109/IC3IOT53935.2022.9768019

Eldo P. Elias, A. Santhanavijayan, B. Janet, Kumar R Joshua Arul

{"title":"基于ECC密钥交换的OTP系统","authors":"Eldo P. Elias, A. Santhanavijayan, B. Janet, Kumar R Joshua Arul","doi":"10.1109/IC3IOT53935.2022.9768019","DOIUrl":null,"url":null,"abstract":"The user id and corresponding passwords are generally used for identifying a user in cyberspace. However, this information is not enough to prove that the right person has provided these details. This is where authentication has a role to play. Authentication is the process of proving the identity of a user on a computer system. Identification is used to recognize a person or thing's identity, while authentication is the procedure for verifying that identity. The system can ensure that the right person accesses its resources through authentication. The user has to give some credentials that no one else possesses. It is sometimes called multifactor authentication. One form of multifactor authentication is the one time password (OTP). While using critical services like e-commerce, the user is authenticated using OTP before making the actual payment. Upon receiving the OTP, the user enters it on the client site, which is sent to the server for validation. Submitting OTP to the server through the open network makes it prone to all sorts of attacks that can happen on the open network. An OTP system based on Elliptic Curve Cryptography (ECC) is proposed to avoid sending OTP through an open network. Through the ECC key exchange mechanism, OTP can be generated simultaneously at the server-side and client-side. Hence it is not required to send OTP back to the server for verification. The client itself can verify the OTP without sending it to the server. Not only that, OTP can be used as a session key for all the transactions in the session.","PeriodicalId":430809,"journal":{"name":"2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"OTP System Based on ECC Key Exchange\",\"authors\":\"Eldo P. Elias, A. Santhanavijayan, B. Janet, Kumar R Joshua Arul\",\"doi\":\"10.1109/IC3IOT53935.2022.9768019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The user id and corresponding passwords are generally used for identifying a user in cyberspace. However, this information is not enough to prove that the right person has provided these details. This is where authentication has a role to play. Authentication is the process of proving the identity of a user on a computer system. Identification is used to recognize a person or thing's identity, while authentication is the procedure for verifying that identity. The system can ensure that the right person accesses its resources through authentication. The user has to give some credentials that no one else possesses. It is sometimes called multifactor authentication. One form of multifactor authentication is the one time password (OTP). While using critical services like e-commerce, the user is authenticated using OTP before making the actual payment. Upon receiving the OTP, the user enters it on the client site, which is sent to the server for validation. Submitting OTP to the server through the open network makes it prone to all sorts of attacks that can happen on the open network. An OTP system based on Elliptic Curve Cryptography (ECC) is proposed to avoid sending OTP through an open network. Through the ECC key exchange mechanism, OTP can be generated simultaneously at the server-side and client-side. Hence it is not required to send OTP back to the server for verification. The client itself can verify the OTP without sending it to the server. Not only that, OTP can be used as a session key for all the transactions in the session.\",\"PeriodicalId\":430809,\"journal\":{\"name\":\"2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-03-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC3IOT53935.2022.9768019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC3IOT53935.2022.9768019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

在网络空间中，通常使用用户id和对应的密码来识别用户。然而，这些信息并不足以证明是正确的人提供了这些细节。这就是身份验证要发挥作用的地方。身份验证是在计算机系统上证明用户身份的过程。识别是用来识别一个人或事物的身份，而认证是验证该身份的过程。系统可以通过认证确保正确的人访问其资源。用户必须提供其他人没有的凭据。它有时被称为多因素身份验证。多因素身份验证的一种形式是一次性密码(OTP)。在使用电子商务等关键服务时，用户在进行实际支付之前使用OTP进行身份验证。接收到OTP后，用户将其输入到客户端站点，然后将其发送到服务器进行验证。通过开放网络向服务器提交OTP使其容易受到开放网络上可能发生的各种攻击。为了避免通过开放网络发送OTP，提出了一种基于椭圆曲线加密(ECC)的OTP系统。通过ECC密钥交换机制，可以在服务器端和客户端同时生成OTP。因此，不需要将OTP发送回服务器进行验证。客户机本身可以验证OTP，而无需将其发送到服务器。不仅如此，OTP还可以用作会话中所有事务的会话密钥。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

OTP System Based on ECC Key Exchange

The user id and corresponding passwords are generally used for identifying a user in cyberspace. However, this information is not enough to prove that the right person has provided these details. This is where authentication has a role to play. Authentication is the process of proving the identity of a user on a computer system. Identification is used to recognize a person or thing's identity, while authentication is the procedure for verifying that identity. The system can ensure that the right person accesses its resources through authentication. The user has to give some credentials that no one else possesses. It is sometimes called multifactor authentication. One form of multifactor authentication is the one time password (OTP). While using critical services like e-commerce, the user is authenticated using OTP before making the actual payment. Upon receiving the OTP, the user enters it on the client site, which is sent to the server for validation. Submitting OTP to the server through the open network makes it prone to all sorts of attacks that can happen on the open network. An OTP system based on Elliptic Curve Cryptography (ECC) is proposed to avoid sending OTP through an open network. Through the ECC key exchange mechanism, OTP can be generated simultaneously at the server-side and client-side. Hence it is not required to send OTP back to the server for verification. The client itself can verify the OTP without sending it to the server. Not only that, OTP can be used as a session key for all the transactions in the session.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)

自引率

0.00%

发文量