Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Adding Channel Binding for an Out-of-Band OTP Authentication Protocol in an Industrial Use-Case

 
: Plaga, S.; Niethammer, M.; Wiedermann, N.; Borisov, A.

:

Institute of Electrical and Electronics Engineers -IEEE-:
1st International Conference on Data Intelligence and Security, ICDIS 2018 : 8-10 April 2018, South Padre Island, USA
Piscataway, NJ: IEEE, 2018 (Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018)
ISBN: 978-1-5386-5762-1
ISBN: 978-1-5386-5763-8
S.250-257
International Conference on Data Intelligence and Security (ICDIS) <1, 2018,South Padre Island/Tex.>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
One Time Passwords (OTPs) are used to increase the security of the authentication process of networked applications. Smartphone based OTP schemes already brought usable and affordable multi-factor authentication to web applications. These schemes are also a promising approach for authentication in industrial applications. This paper introduces an industrial remote maintenance use-case that uses a smartphone based OTP authentication scheme using Quick-Response (QR) codes. In addition to a main communication and password authentication channel, the proposed scheme requires an out-of-band communication channel to transmit OTPs via smartphone. While baseline security for the channels can be achieved with Transport Layer Security (TLS), Out-of-Band Authentication (OOBA) remains vulnerable to Man-in-the-Middle (MitM) attacks in environments where the authenticity of a communicating party cannot be guaranteed. In order to mitigate this problem, it is crucial to establish a secure channel association. The enhancement proposed in this paper thus cryptographically binds successful out-of-band OTP authentications to the previously established data-channel with the help of TLS channel binding. Recommendations include common TLS libraries that support this feature as well as further considerations for a secure implementation.

: http://publica.fraunhofer.de/dokumente/N-520382.html