Security Analysis of Mobile Phones Used as OTP Generators

13 years 11 months ago

Download www.nowires.org

Abstract. The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security ﬂaws. System-level testing of an online bank utilizing Encap’s solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individual’s bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.

Håvard Raddum, Lars Hopland Nestås, Kj

Real-time Traffic

Bank Utilizing Encap | Mobile Phone | Norwegian Company Encap | Security Privacy | WISTP 2010 |

claim paper

» Software security aspects of Javabased mobile phones

» Vulnerability Analysis and Attacks on NFCEnabled Mobile Phones

» Detecting physical shock by a mobile phone and its applications in security and emergency

» User Survey on Phone Security and Usage

» Proposed secure mechanism for identification of ownership of undressed photographs or movi...

» How Do Mobile Phones Fail A Failure Data Analysis of Symbian OS Smart Phones

» IdentityBased Cryptography for Securing Mobile Phone Calls

» On lightweight mobile phone application certification

Post Info
More Details (n/a)

Added	14 May 2010
Updated	14 May 2010
Type	Conference
Year	2010
Where	WISTP
Authors	Håvard Raddum, Lars Hopland Nestås, Kjell Jørgen Hole

Comments (0)

Sciweavers

Security Analysis of Mobile Phones Used as OTP Generators

Bank Utilizing Encap | Mobile Phone | Norwegian Company Encap | Security Privacy | WISTP 2010 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers