{"id":"https://openalex.org/W7110933741","doi":"https://doi.org/10.1109/tdsc.2025.3641892","title":"HP-OTP: One-Time Password Scheme Based on Hardened Password","display_name":"HP-OTP: One-Time Password Scheme Based on Hardened Password","publication_year":2025,"publication_date":"2025-12-09","ids":{"openalex":"https://openalex.org/W7110933741","doi":"https://doi.org/10.1109/tdsc.2025.3641892"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2025.3641892","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3641892","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Zixuan Ding","orcid":"https://orcid.org/0000-0002-0103-3782"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zixuan Ding","raw_affiliation_strings":["College of Cryptology and Cyber Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0002-0103-3782","affiliations":[{"raw_affiliation_string":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yihe Duan","orcid":"https://orcid.org/0000-0001-7908-6860"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yihe Duan","raw_affiliation_strings":["College of Cryptology and Cyber Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0001-7908-6860","affiliations":[{"raw_affiliation_string":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"last","author":{"id":null,"display_name":"Ding Wang","orcid":"https://orcid.org/0000-0002-1667-2237"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ding Wang","raw_affiliation_strings":["College of Cryptology and Cyber Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0002-1667-2237","affiliations":[{"raw_affiliation_string":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I205237279"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.60055276,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"2","first_page":"3962","last_page":"3978"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.3919999897480011,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.3919999897480011,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.275299996137619,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.15539999306201935,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.8917999863624573},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.5120999813079834},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4713999927043915},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.4560999870300293},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.40709999203681946},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.38359999656677246},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.3587000072002411}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.8917999863624573},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.843999981880188},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.619700014591217},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.5120999813079834},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4713999927043915},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.4560999870300293},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4456000030040741},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.40709999203681946},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.38359999656677246},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.3587000072002411},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.31690001487731934},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3156999945640564},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.30219998955726624},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.29179999232292175},{"id":"https://openalex.org/C113328881","wikidata":"https://www.wikidata.org/wiki/Q599809","display_name":"Dictionary attack","level":3,"score":0.287200003862381},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2761000096797943},{"id":"https://openalex.org/C110406131","wikidata":"https://www.wikidata.org/wiki/Q41349","display_name":"Smart card","level":2,"score":0.2694000005722046},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.26820001006126404},{"id":"https://openalex.org/C14414571","wikidata":"https://www.wikidata.org/wiki/Q519081","display_name":"Server-side","level":2,"score":0.25270000100135803}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3641892","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3641892","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.680789053440094,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G6401220598","display_name":null,"funder_award_id":"62222208","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6729749064","display_name":null,"funder_award_id":"63253229","funder_id":"https://openalex.org/F4320323021","funder_display_name":"Nankai University"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320323021","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75"},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W1527409487","https://openalex.org/W1656678770","https://openalex.org/W2020936921","https://openalex.org/W2029693536","https://openalex.org/W2072069407","https://openalex.org/W2083898440","https://openalex.org/W2088097115","https://openalex.org/W2093397575","https://openalex.org/W2113446256","https://openalex.org/W2132303913","https://openalex.org/W2156186849","https://openalex.org/W2254700249","https://openalex.org/W2351133878","https://openalex.org/W2514873781","https://openalex.org/W2536625930","https://openalex.org/W2680793898","https://openalex.org/W2752178278","https://openalex.org/W2795336163","https://openalex.org/W2885623102","https://openalex.org/W2915352631","https://openalex.org/W2990618836","https://openalex.org/W3004712539","https://openalex.org/W3006945404","https://openalex.org/W3087984272","https://openalex.org/W3097337108","https://openalex.org/W3135794351","https://openalex.org/W3135988818","https://openalex.org/W3210952007","https://openalex.org/W4200626615","https://openalex.org/W4212851301","https://openalex.org/W4281388923","https://openalex.org/W4288057720","https://openalex.org/W4313451681","https://openalex.org/W4388853642","https://openalex.org/W4394585962","https://openalex.org/W4408324685"],"related_works":[],"abstract_inverted_index":{"Mobile":[0],"devices":[1],"enable":[2],"the":[3,66,69,112,116,134,145,154,160,163,170,178,181,189],"widespread":[4],"adoption":[5],"of":[6,14,20,147,176,191],"One-Time":[7],"Passwords":[8],"(OTPs)":[9],"as":[10,35],"a":[11,96,121,140],"crucial":[12],"component":[13],"Two-Factor":[15],"Authentication":[16],"(2FA).":[17],"The":[18,129],"impact":[19],"OTP":[21,32,76,98,132],"leakage":[22],"is":[23,71],"relatively":[24],"manageable":[25],"compared":[26],"to":[27,42,56,118,126,156],"static":[28],"passwords.":[29],"However,":[30],"existing":[31],"standards,":[33],"such":[34],"S/key,":[36],"HOTP,":[37],"and":[38,48,82,139,162,185],"TOTP":[39],"are":[40],"vulnerable":[41],"key-compromise":[43],"impersonation":[44],"attacks,":[45,47],"desynchronization":[46],"\u201csmall":[49],"n\u201d":[50],"attacks.":[51],"These":[52],"vulnerabilities":[53],"allow":[54],"adversaries":[55,167],"bypass":[57],"2FA":[58,150],"by":[59],"exploiting":[60,174],"pre-shared":[61],"symmetric":[62],"keys":[63],"once":[64],"either":[65,177],"device":[67,113,155,179],"or":[68,173,180],"server":[70,117],"compromised.":[72],"Furthermore,":[73],"asymmetric":[74],"(chain-based)":[75],"schemes":[77],"incur":[78],"high":[79],"computational":[80],"overhead":[81],"require":[83],"periodic":[84],"initialization,":[85],"which":[86],"limits":[87],"their":[88],"usability.":[89],"In":[90],"this":[91],"work,":[92],"we":[93],"propose":[94],"HP-OTP,":[95,192],"challenge-response":[97],"scheme":[99],"that":[100],"achieves":[101],"password":[102,161],"hardening":[103,110],"without":[104],"modifying":[105],"password-OTP":[106],"implementation":[107],"architectures.":[108],"Password":[109],"on":[111],"side":[114],"allows":[115],"store":[119],"only":[120,153],"non-reversible":[122],"verification":[123,194],"credential":[124],"used":[125],"generate":[127],"challenges.":[128],"device's":[130],"response":[131],"integrates":[133],"candidate":[135],"password,":[136],"possession":[137,171],"factor,":[138],"random":[141],"salt.":[142],"By":[143],"redefining":[144],"role":[146],"OTPs":[148],"in":[149],"from":[151,168],"representing":[152,158],"jointly":[157],"both":[159],"device,":[164],"HP-OTP":[165],"prevents":[166],"bypassing":[169],"factor":[172],"compromises":[175],"server.":[182],"Comprehensive":[183],"security":[184,190],"performance":[186],"evaluation":[187],"demonstrate":[188],"with":[193],"taking":[195],"less":[196],"than":[197],"5":[198],"milliseconds.":[199]},"counts_by_year":[],"updated_date":"2026-03-17T06:59:57.516163","created_date":"2025-12-10T00:00:00"}