The Use of One-Time Password and RADIUS Authentication in a GSS-API Architecture

Abstract: The Generic Security Service Application Program Interface (GSS-API) is an architecture that facilitates applications using distributed security services in a mechanism-independent fashion. GSS-API is supported by various underlying mechanisms and technologies such as Kerberos version 5 and public-key technologies. However, no one-time password based GSS-API mechanism existed. This thesis focuses on an investigation using one-time passwords together with RADIUS authentication as a protection facility for a GSS-API mechanism. This thesis presents a security architecture using one-time passwords to establish a GSS-API security context between two communicating peers. The proposed one-time password based GSS-API mechanism could be used to enhance the security of user authentication. Moreover, the mechanism can greatly facilitate static-password based system’s transition to stronger authentication.