Extended OTP Mechanism Based on Graphical Password Method
OTP (One Time Password), a financial security authentication mechanism mainly used nowadays, is possible to cope with session attacks but has an weakness that it is difficult to apply differentiated mechanisms. This study intends to propose an extended OTP mechanism utilizing Graphical password method in order to solve such problem of the existing method. The proposed method is a Graphical password mechanism in story method based on user’s memory and can cope with various financial hackings and attack techniques. The existing authentication mechanisms have also a weakness in reliability to be used in mobile devices. In order to complement such weakness, GOTP (Graphical One Time Password) method was introduced so that users may use it in the Smartphone environment more easily and safely. Lastly, the effectiveness and validity were confirmed through an user study.
KeywordsAuthentication Graphical password OTP SSA (Shoulder surfing attack) Smudge attack Smartphone GOTP User study
This research was supported by the MKE (Ministry of Knowledge Economy), Korea, under the “Employment Contract based Master’s Degree Program for Information Security” supervised by the KISA (Korea Internet Security Agency).
- 1.Jakob, N.: Usability Engineering. Academic Press, San Francisco (1993)Google Scholar
- 3.Standing, L., Conezio, J., Haber, R.N.: Perception and memory for pictures: single-trial learning of 2500 visual stimuli. Psychon. Sci. 19, 73–74 (1970)Google Scholar
- 4.Robert, B., Sonia, C., P.C. van, O.: Graphical passwords: learning from the first generation. Technical report TR-09-09, School of Computer Science, Carleton University (2009)Google Scholar
- 5.Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: 13th USENIX Security Symposium (2004)Google Scholar
- 6.Soohyun, S., Taekyung, K.: A survey of HCI technologies considering privacy preservation. J. KIISE 27(12), 68–77 (2009)Google Scholar
- 7.Jaehyun, P., Sungho, H., Hyunkyung, K., Seunghwan, O.: Developing and validating evaluation methods for user value. Daehan Human Engineering Association 2010 Fall Academic Seminar, pp. 124–127 (2010)Google Scholar