One-Time-Password-Authenticated Key Exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. The authors give a formal security treatment of this important practical problem. They consider the use of onetime passwords in the context of Password-Authenticated Key Exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks.