Publication Details

Chow, Y., Susilo, W., Au, M. Ho. & Barmawi, A. Moesriami. (2015). A visual one-time password authentication scheme using mobile devices. In L. C. K. Hui, S. H. Qing, E. Shi & S. M. Yiu (Eds.), Proceedings of the 16th International Conference on Information and Communications Security (ICICS 2014) (pp. 243-257). Switzerland: Springer International Publishing.


The use of passwords for user authentication has become ubiquitous in our everyday lives. However, password theft is becoming a common occurrence due to a variety of security problems associated with passwords. As such, many organizations are moving towards adopting alternative solutions like one-time passwords, which are only valid for a single session. Nevertheless, various one-time password schemes also suffer from a number of drawbacks in terms of their method of generation or delivery. This paper presents the design of a challenge-response visual one-time password authentication scheme that is to be used in conjunction with the camera on a mobile device. The main purpose of the proposed scheme is to be able to send a challenge over a public channel for a user to obtain a session key, while safeguarding the user's long-term secret key. In this paper, we present the authentication protocol, the various design considerations and the advantages provided by the scheme.



Link to publisher version (DOI)