The use of passwords for user authentication has become ubiquitous in our everyday lives. However, password theft is becoming a common occurrence due to a variety of security problems associated with passwords. As such, many organizations are moving towards adopting alternative solutions like one-time passwords, which are only valid for a single session. Nevertheless, various one-time password schemes also suffer from a number of drawbacks in terms of their method of generation or delivery. This paper presents the design of a challenge-response visual one-time password authentication scheme that is to be used in conjunction with the camera on a mobile device. The main purpose of the proposed scheme is to be able to send a challenge over a public channel for a user to obtain a session key, while safeguarding the user's long-term secret key. In this paper, we present the authentication protocol, the various design considerations and the advantages provided by the scheme.
History
Citation
Chow, Y., Susilo, W., Au, M. Ho. & Barmawi, A. Moesriami. (2015). A visual one-time password authentication scheme using mobile devices. In L. C. K. Hui, S. H. Qing, E. Shi & S. M. Yiu (Eds.), Proceedings of the 16th International Conference on Information and Communications Security (ICICS 2014) (pp. 243-257). Switzerland: Springer International Publishing.
Parent title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)