Sciweavers

WISTP
2010
Springer

Security Analysis of Mobile Phones Used as OTP Generators

14 years 6 months ago
Security Analysis of Mobile Phones Used as OTP Generators
Abstract. The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encap’s solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual’s bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.
Håvard Raddum, Lars Hopland Nestås, Kj
Added 14 May 2010
Updated 14 May 2010
Type Conference
Year 2010
Where WISTP
Authors Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole
Comments (0)