1 research outputs found
SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets
With the recent rise of cryptocurrencies' popularity, the security and
management of crypto-tokens have become critical. We have witnessed many
attacks on users and providers, which have resulted in significant financial
losses. To remedy these issues, several wallet solutions have been proposed.
However, these solutions often lack either essential security features,
usability, or do not allow users to customize their spending rules.
In this paper, we propose SmartOTPs, a smart-contract wallet framework that
gives a flexible, usable, and secure way of managing crypto-tokens in a
self-sovereign fashion. The proposed framework consists of four components
(i.e., an authenticator, a client, a hardware wallet, and a smart contract),
and it provides 2-factor authentication (2FA) performed in two stages of
interaction with the blockchain. To the best of our knowledge, our framework is
the first one that utilizes one-time passwords (OTPs) in the setting of the
public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and
hash chains whereby for each authentication only a short OTP (e.g., 16B-long)
is transferred from the authenticator to the client. Such a novel setting
enables us to make a fully air-gapped authenticator by utilizing small QR codes
or a few mnemonic words, while additionally offering resilience against quantum
cryptanalysis. We have made a proof-of-concept based on the Ethereum platform.
Our cost analysis shows that the average cost of a transfer operation is
comparable to existing 2FA solutions using smart contracts with
multi-signatures