Biblio

Nowadays one-time passwords are used in a lot of areas of information technologies including e-commerce. A few vulnerabilities in authentication protocols based on one-time passwords are widely known. In current work, we analyze authentication protocols based on one-time passwords and their vulnerabilities. Both simple and complicated protocols which are implementing cryptographic algorithms are reviewed. For example, an analysis of relatively old Lamport's hash-chain protocol is provided. At the same time, we examine HOTP and TOTP protocols which are actively used nowadays. The main result of the work are conclusions about the security of reviewed protocols based on one-time passwords.

With the recent advances in information and communication technology, Web and Mobile Internet applications have become a part of our daily lives. These developments have also emerged Information Security concept due to the necessity of protecting information of institutions from Internet attackers. There are many security approaches to provide information security in Enterprise applications. However, using only one of these approaches may not be efficient enough to obtain security. This paper describes a Multi-Layered Framework of implementing two-factor and single sign-on authentication together. The proposed framework generates unique one-time passwords (OTP), which are used to authenticate application data. Nevertheless, using only OTP mechanism does not meet security requirements. Therefore, implementing a separate authentication application which has single sign-on capability is necessary.