So here I am, googling my brain on the possibilities of impersonation attempts by a MITM attacker on Lamport's one-time password scheme.
Here's my scenario:
Say we have a client and server setup. Given a nonce $n$, and a hash function $h()$, a client computes the hash of $n$ several times (say $100$) and sends at first instance $H^{(100)}$ where $H^{(100)}=h^{(100)}(n)$. First, how does the server authenticate the identity of the client for the first client-provided value, $H^{(100)}$? Digital signatures/certificates?
For a subsequent authentication, the client sends $H^{(99)}$ and the server computes $h(H^{(100)})$ and if the computation matches the value held by the server (i.e, $H^{(100)}$), the server authenticates the client.
Now assuming there is an attacker in the middle of the communication, can't the attacker simply intercept $H^{(99)}$ from the client and send $H^{(99)}$ to the server, thus impersonating the client only for this particular session where $i$ is $99$. This would mean that the server instead authenticates the attacker instead of the client. Isn't this impersonation possible? And if so, how does Lamport's OTP protect against this.
Using digital signatures or public-key encryption for every session of authentication doesn't seem to be Lamport's idea for the use of his OTP scheme. My understanding of Lamport's OTP is that it makes use of ONLY hash functions.