Advertisement

Extended OTP Mechanism Based on Graphical Password Method

  • Yunlim Ku
  • Okkyung Choi
  • Kangseok Kim
  • Taeshik Shon
  • Manpyo Hong
  • Hongjin Yeh
  • Jai-Hoon Kim
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 164)

Abstract

OTP (One Time Password), a financial security authentication mechanism mainly used nowadays, is possible to cope with session attacks but has an weakness that it is difficult to apply differentiated mechanisms. This study intends to propose an extended OTP mechanism utilizing Graphical password method in order to solve such problem of the existing method. The proposed method is a Graphical password mechanism in story method based on user’s memory and can cope with various financial hackings and attack techniques. The existing authentication mechanisms have also a weakness in reliability to be used in mobile devices. In order to complement such weakness, GOTP (Graphical One Time Password) method was introduced so that users may use it in the Smartphone environment more easily and safely. Lastly, the effectiveness and validity were confirmed through an user study.

Keywords

Authentication Graphical password OTP SSA (Shoulder surfing attack) Smudge attack Smartphone GOTP User study 

Notes

Acknowledgments

This research was supported by the MKE (Ministry of Knowledge Economy), Korea, under the “Employment Contract based Master’s Degree Program for Information Security” supervised by the KISA (Korea Internet Security Agency).

References

  1. 1.
    Jakob, N.: Usability Engineering. Academic Press, San Francisco (1993)Google Scholar
  2. 2.
    Haber, R.N.: How we remember what we see. Sci. Am. 222(5), 104–112 (1970)CrossRefGoogle Scholar
  3. 3.
    Standing, L., Conezio, J., Haber, R.N.: Perception and memory for pictures: single-trial learning of 2500 visual stimuli. Psychon. Sci. 19, 73–74 (1970)Google Scholar
  4. 4.
    Robert, B., Sonia, C., P.C. van, O.: Graphical passwords: learning from the first generation. Technical report TR-09-09, School of Computer Science, Carleton University (2009)Google Scholar
  5. 5.
    Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: 13th USENIX Security Symposium (2004)Google Scholar
  6. 6.
    Soohyun, S., Taekyung, K.: A survey of HCI technologies considering privacy preservation. J. KIISE 27(12), 68–77 (2009)Google Scholar
  7. 7.
    Jaehyun, P., Sungho, H., Hyunkyung, K., Seunghwan, O.: Developing and validating evaluation methods for user value. Daehan Human Engineering Association 2010 Fall Academic Seminar, pp. 124–127 (2010)Google Scholar

Copyright information

© Springer Science+Business Media Dortdrecht 2012

Authors and Affiliations

  • Yunlim Ku
    • 1
  • Okkyung Choi
    • 1
  • Kangseok Kim
    • 1
  • Taeshik Shon
    • 1
  • Manpyo Hong
    • 1
  • Hongjin Yeh
    • 1
  • Jai-Hoon Kim
    • 1
  1. 1.Department of Knowledge Information SecurityGraduate School of Ajou UniversitySuwonKorea

Personalised recommendations