Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Adding Channel Binding for an Out-of-Band OTP Authentication Protocol in an Industrial Use-Case

: Plaga, S.; Niethammer, M.; Wiedermann, N.; Borisov, A.


Institute of Electrical and Electronics Engineers -IEEE-:
1st International Conference on Data Intelligence and Security, ICDIS 2018 : 8-10 April 2018, South Padre Island, USA
Piscataway, NJ: IEEE, 2018 (Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018)
ISBN: 978-1-5386-5762-1
ISBN: 978-1-5386-5763-8
International Conference on Data Intelligence and Security (ICDIS) <1, 2018, South Padre Island/Tex.>
Fraunhofer AISEC ()

One Time Passwords (OTPs) are used to increase the security of the authentication process of networked applications. Smartphone based OTP schemes already brought usable and affordable multi-factor authentication to web applications. These schemes are also a promising approach for authentication in industrial applications. This paper introduces an industrial remote maintenance use-case that uses a smartphone based OTP authentication scheme using Quick-Response (QR) codes. In addition to a main communication and password authentication channel, the proposed scheme requires an out-of-band communication channel to transmit OTPs via smartphone. While baseline security for the channels can be achieved with Transport Layer Security (TLS), Out-of-Band Authentication (OOBA) remains vulnerable to Man-in-the-Middle (MitM) attacks in environments where the authenticity of a communicating party cannot be guaranteed. In order to mitigate this problem, it is crucial to establish a secure channel association. The enhancement proposed in this paper thus cryptographically binds successful out-of-band OTP authentications to the previously established data-channel with the help of TLS channel binding. Recommendations include common TLS libraries that support this feature as well as further considerations for a secure implementation.