Using OTP with PAKE: An Optimized Implementation of a Synchronization Window
Résumé
Authentication has been a cornerstone of computer security for decades. A considerable number of authentication protocols have been specified and implemented. This paper compares most common families of client-server authentication protocols and shows the benefits of the combined use of One Time Password (OTP) with Password Authenticated Key Exchange (PAKE) protocols. Then, the paper addresses a particular issue inherited from this combination which consists in the synchronization between the client and the server. We propose an optimized implementation for a synchronization mechanism based on the use of a synchronization window. The optimized synchronization has been implemented and the simulation results show that our proposal significantly reduces the computations needed at the client side to select the current password.