A secure user authentication protocol based on One-Time-Password for home network

Abstract

One-Time Password (OTP) authentication protocol can be used for authenticating a user by a server. It increases security by using a new password for each authentication while the previous password scheme iteratively uses a same password. In this paper we propose a secure user authentication protocol using a similar approach as S/Key, Lamport, Revised SAS and SAS-2 protocol but more secure than them. It employs a three-way challenge-response handshake technique to provide mutual authentication. Also, computation in the user device is reduced, resulting in less power consumption in the mobile devices. Compared with the S/KEY and Lamport protocol, the proposed protocol solves the problem of storing authentication data and limitation in the usage count. Moreover, the proposed scheme is practical to be used with Smart Card, and administration of authentication information is easy. © Springer-Verlag Berlin Heidelberg 2005.