A visual one-time password authentication scheme using mobile devices

Yang Wai Chow, Willy Susilo, Man Ho Allen Au, Ari Moesriami Barmawi

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

7 Citations (Scopus)

Abstract

The use of passwords for user authentication has become ubiquitous in our everyday lives. However, password theft is becoming a common occurrence due to a variety of security problems associated with passwords. As such, many organizations are moving towards adopting alternative solutions like one-time passwords, which are only valid for a single session. Nevertheless, various one-time password schemes also suffer from a number of drawbacks in terms of their method of generation or delivery. This paper presents the design of a challenge-response visual one-time password authentication scheme that is to be used in conjunction with the camera on a mobile device. The main purpose of the proposed scheme is to be able to send a challenge over a public channel for a user to obtain a session key, while safeguarding the user’s long-term secret key. In this paper, we present the authentication protocol, the various design considerations and the advantages provided by the scheme.
Original languageEnglish
Title of host publicationInformation and Communications Security - 16th International Conference, ICICS 2014, Revised Selected Papers
PublisherSpringer Verlag
Pages243-257
Number of pages15
ISBN (Print)9783319219653
DOIs
Publication statusPublished - 1 Jan 2015
Event16th International Conference on Information and Communications Security, ICICS 2014 - Hong Kong, Hong Kong
Duration: 16 Dec 201417 Dec 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8958
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th International Conference on Information and Communications Security, ICICS 2014
CountryHong Kong
CityHong Kong
Period16/12/1417/12/14

Keywords

  • Authentication
  • Mobile device
  • One-time password
  • Visual cryptography

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this