Access Control using One Time Password

Access Control using One Time Password

Author Name : Dr Shabeen Taj G A, Noor Fathima, Shalini S

ABSTRACT

The system provides authentication [1] for system access (login) and other applications requiring authentication [1] that is secure against passive attacks based on replaying captured reusable passwords [7]. One-time passwords (OTP s) were developed specifically to deal with the limitations and security issues of static and aging passwords [7]. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that, if a potential intruder manages to record an OTP [3] that was already used to log into a service or to conduct a transaction; he will not be able to abuse it since it will be no longer valid. A password-generator program is used to generate a list of passwords [7], which uses a suitable hash function, generating the list. This process typically is accomplished through a password calculator program in which the user enters a secret key [3] or phrase into the program. The program then generates a file containing a list of valid OTP [3]s. The passwords [7] can be used for authentication [1] purposes for resources that require limited access.

Keywords- Access control , authentication , authorization, One- time password, seed