IP Onetime-Password Authentication Scheme over Insecure Data Channel

Conference: PIMRC 2005 - 16th Annual IEEE International Symposium on Personal Indoor and Mobile Radio Communications
09/11/2005 - 09/14/2005 at Berlin, Germany

Proceedings: PIMRC 2005

Pages: 5Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Ma, Miao (Institute for Infocomm Research (I2R), 21 Heng Mui Keng Terrace, Singapore 119613)

In this paper, we propose an IP onetime-password authentication scheme over insecure data channel, for resource access control at an edge router. We assume a master secret key is pre-established between a legitimate end-host and an edge router. Prior to data transfer, a "four-message-handshake" scheme for setup is applied over insecure data channel, through which a legitimate end-host communicates the commitment of a one-way key chain (i.e., the first key) with the ISP edge router. The legitimate end-host then uses the keys of the key chain as the onetime-passwords in the order reverse to the generation of these keys. The edge router, knowing the correct sequence of the valid onetime-passwords, verifies the received onetime-passwords and denies undesirable traffic to access the reserved network. The authentication scheme of IP onetime-password is secure even if an attacker can temper with and eavesdrop on the communication between end-host and edge router.