Improved look-ahead re-synchronization window for HMAC-Based One-Time Password

Alireza Beikverdi, Ian K. T. Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


With the abundance of mobile wireless devices ranging from notebooks to smart phones, it has become convenient for One-Time Passwords (OTP) mechanism to be used for authentication. OTP are generated for single use purposes only and are generally generated on demand and have a limited usable shelf life. Upon usage, the password will be invalidated on both the client and the server side of the authentication system. A popular and standardized OTP system is the Hashed Message Authentication Code (HMAC) Based OTP (HOTP). In the HOTP system, the OTP is generated on the client side by firstly generating an encryption key that is derived from a shared secret key and incrementing a counter value. The final value generated is then truncated to the number of digits as per required by the OTP. On the server side, the same computation is generated and the OTP generated are compared for authentication. Signal interruptions in wireless environments may cause the need to regenerate a new OTP on the client side and hence causes the dynamic counter value to be desynchronized with the server. In the event that a mismatch occurs during the authentication process, the server increases the counter value within a look-ahead window for s times. This resynchronization parameter, s, determines the tolerance level of being desynchronized. However, larger s values (better tolerance) come with a trade-off of higher computational needs and can be a source of malicious attacks. This paper introduces an improved method to the HOTP standard in order to increase the computational efficiency for a larger s window. The introduced method doubles the s window size through negligible computational overheads. Furthermore, the method described in this paper can be easily implemented in the current standard implementation of the HOTP standards.

Original languageEnglish
Title of host publicationIET International Conference on Wireless Communications and Applications 2012
PublisherInstitution of Engineering and Technology
ISBN (Print)9781849195508
Publication statusPublished - 2012
EventIET International Conference on Wireless Communications and Applications 2012 - Kuala Lumpur, Malaysia
Duration: 8 Oct 201210 Oct 2012


ConferenceIET International Conference on Wireless Communications and Applications 2012
Abbreviated titleICWCA 2012
CityKuala Lumpur


  • De-synchronization
  • Efficient
  • HOTP
  • One Time Password
  • Re-synchronization parameter

ASJC Scopus subject areas

  • Electrical and Electronic Engineering


Dive into the research topics of 'Improved look-ahead re-synchronization window for HMAC-Based One-Time Password'. Together they form a unique fingerprint.

Cite this