One-time password authentication based on QR code and hash chain

One-time password authentication based on QR code and hash chain

연구 분야: Analysis

학회: Iran Journal of Computer Science

Static authentication methods are increasingly vulnerable to sophisticated attacks, necessitating more robust solutions. This paper introduces a novel one-time password (OTP) authentication system that combines quick response (QR) codes with a multidimensional hash chain to enhance security and usability. In our approach, the server generates a dynamic challenge encoded in a QR code. This challenge is a random path within an n-dimensional hypercube, where each dimension is associated with a distinct cryptographic hash function. The client then computes the OTP by sequentially applying the specified hash functions to an initial seed. Furthermore, based on hash computation, the hypercube moves along the x-axis of the coordinate system to create ample space for possible challenges. Security analysis and threat modeling show that the proposed authentication scheme effectively enhances a secure system’s security level. It does not require a system re-initialization and is more secure and computationally efficient than some of the other similar authentication schemes. Performance evaluations indicate that the challenge generation and OTP computation algorithms operate in the microsecond range on low-end devices.