Weaknesses and Improvements of a One-Time Password Authentication Scheme

Authentication of communicating entities and confidentiality of transmitted data are fundamental procedures to establish secure communications over public insecure networks. Recently, many researchers proposed a variety of authentication schemes to confirm legitimate users. Among the authentication schemes, a one-time password authentication scheme requires less computation and considers the limitations of mobile devices. The purpose of a one-time password authentication is to make it more difficult to gain unauthorized access to restricted resources. This paper discusses the security of Kuo-Lee's one-time password authentication scheme. Kuo-Lee proposed to solve the security problem based on Tsuji-Shimizu's one-time password authentication scheme.