Skip to main content
Conference ProceedingsOPEN ACCESS

Security analysis of mobile phones used as OTP generators

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2010) 6033 LNCS 324-331
DOI: 10.1007/978-3-642-12368-9_26
16Citations
Citations of this article
19Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap's solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual's bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system. © IFIP International Federation for Information Processing 2010.

Cite

CITATION STYLE

APA

Raddum, H., Nestås, L. H., & Hole, K. J. (2010). Security analysis of mobile phones used as OTP generators. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6033 LNCS, pp. 324–331). https://doi.org/10.1007/978-3-642-12368-9_26

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free