SMS-based One-Time Passwords: Attacks and Defense

dc.contributor.authorMulliner, Collin
dc.contributor.authorBorgaonkar, Ravishankar
dc.contributor.authorStewin, Patrick
dc.contributor.authorSeifert, Jean-Pierre
dc.date.accessioned2020-06-11T06:40:24Z
dc.date.available2020-06-11T06:40:24Z
dc.date.issued2014
dc.description.abstractSMS-based One-Time Passwords (SMS OTP) were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone trojans. In this paper, we analyze the security architecture of SMS OTP systems and study attacks that pose a threat to Internet-based authentication and authorization services. We determined that the two foundations SMS OTP is built on, cellular networks and mobile handsets, were completely different at the time when SMS OTP was designed and introduced. Throughout this work, we show why SMS OTP systems cannot be considered secure anymore. Based on our findings, we propose mechanisms to secure SMS OTPs against common attacks and specifically against smartphone trojans.en
dc.identifier.issn1436-9915
dc.identifier.urihttps://depositonce.tu-berlin.de/handle/11303/11303
dc.identifier.urihttp://dx.doi.org/10.14279/depositonce-10188
dc.language.isoen
dc.relation.hasversion10.1007/978-3-642-39235-1_9
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/
dc.subject.ddc004 Datenverarbeitung; Informatik
dc.subject.othermobile phoneen
dc.subject.othersmartphoneen
dc.subject.otherbankingen
dc.subject.otherOTPen
dc.subject.otherSMSen
dc.subject.othermTANen
dc.subject.othermalwareen
dc.subject.othermulti-factoren
dc.titleSMS-based One-Time Passwords: Attacks and Defenseen
dc.typeResearch Paper
dc.type.versionsubmittedVersionen
tub.accessrights.dnbfree
tub.affiliationFak. 4 Elektrotechnik und Informatikde
tub.affiliation.facultyFak. 4 Elektrotechnik und Informatikde
tub.publisher.universityorinstitutionTechnische Universität Berlin
tub.series.issuenumber2014-02
tub.series.nameForschungsberichte der Fakultät IV - Elektrotechnik und Informatik / Technische Universität Berlin

Files

Original bundle
Now showing 1 - 1 of 1
Loading…
Thumbnail Image
Name:
tr_2014-02.pdf
Size:
285.14 KB
Format:
Adobe Portable Document Format

Collections