Using the HMAC-Based One-Time Password Algorithm for TLS Authentication


Transport Layer Security (TLS) constitutes the main protocol used to secure the exchanges in the Internet. Indeed, this protocol assures the server authentication based generally on public key certificates but the client authentication is rarely required and if it is assured, its identity is sent in clear text. In this paper, we propose TLS-HOTP protocol, an extension to TLS to provide client authentication based on pre-shared keys (PSK) using the HMAC-Based One-Time Password (HOTP) algorithm. These pre-shared keys are symmetric keys, but the client's key is stored in a secure token, ensuring its mobility. The extension also provides client identity protection to ensure the protection of client credentials. In order to analyze the security of TLS-HOTP, we provide a formal validation of the protocols security goal achievement.

15 Figures and Tables

Cite this paper

@article{Hamdane2011UsingTH, title={Using the HMAC-Based One-Time Password Algorithm for TLS Authentication}, author={Balkis Hamdane and Ahmed Serhrouchni and Adrien Montfaucon and Sihem Guemara}, journal={2011 Conference on Network and Information Systems Security}, year={2011}, pages={1-8} }