IP Onetime-Password Authentication Scheme over Insecure Data Channel
Konferenz: PIMRC 2005 - 16th Annual IEEE International Symposium on Personal Indoor and Mobile Radio Communications
11.09.2005 - 14.09.2005 in Berlin, Germany
Tagungsband: PIMRC 2005
Seiten: 5Sprache: EnglischTyp: PDFPersönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt
Ma, Miao (Institute for Infocomm Research (I2R), 21 Heng Mui Keng Terrace, Singapore 119613)
In this paper, we propose an IP onetime-password authentication scheme over insecure data channel, for resource access control at an edge router. We assume a master secret key is pre-established between a legitimate end-host and an edge router. Prior to data transfer, a "four-message-handshake" scheme for setup is applied over insecure data channel, through which a legitimate end-host communicates the commitment of a one-way key chain (i.e., the first key) with the ISP edge router. The legitimate end-host then uses the keys of the key chain as the onetime-passwords in the order reverse to the generation of these keys. The edge router, knowing the correct sequence of the valid onetime-passwords, verifies the received onetime-passwords and denies undesirable traffic to access the reserved network. The authentication scheme of IP onetime-password is secure even if an attacker can temper with and eavesdrop on the communication between end-host and edge router.