Applied Cryptography and Network Security

Volume 7341 of the series Lecture Notes in Computer Science pp 30-47

Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens

  • Assaf Ben-DavidAffiliated withThe Hebrew University
  • , Omer BerkmanAffiliated withThe Academic College of Tel Aviv Jaffa
  • , Yossi MatiasAffiliated withGoogle Inc.
  • , Sarvar PatelAffiliated withGoogle Inc.
  • , Cem PayaAffiliated withGoogle Inc.
  • , Moti YungAffiliated withGoogle Inc.Columbia University

* Final gross prices may vary according to local VAT.

Get Access


OTP (One Time Password) devices are highly deployed trust enhancing (password entropy increasing) devices which are used to authenticate a user with a second factor (a pseudorandom sequence of digits produced by a device the user owns) and to cope with off-line phishing of password information. Wireless connection adds usability to OTP protocols in an obvious way: instead of the person copying the information between machines, the wireless (say, Bluetooth) mechanism can transfer the value directly. Indeed, OTP devices implemented in a smartphone and communicating with the browser over Bluetooth can act in usable fashion (and this extension was implemented in our organization and got very positive usability feedback). What we then noticed as a key observation is that this mode of OTP wireless transfer has turned the “man to machine” nature of the OTP tokens to a “(mobile) device to machine (the browser on the computer)” method, so we can now employ protocols between the two interacting computers. Thus, we asked what can this new mode contribute to security (rather than to usability only) and cope with increased set of attacks. Specifically, the question we are dealing with is whether wireless OTP devices (i.e., smartphones) can be hardened at a reasonable cost (i.e., without costly OTP infrastructural changes, public-key infrastructure/ operations, and with small modification to browsers) so as to be useful against one type of interesting and currently growing and highly publicized Man in the Middle (MITM) attacks. The work herein summarizes our study which is based on our proposed new notion of Contextual OTP (XOTP for short), which exploits session contexts to break the symmetry between the “user-MITM” and the “MITM-server” sessions.