Abstract
-
Authentication refers to the process of confirming the identity of the authenticating entity. The use of passwords for user authentication has become ubiquitous in our everyday lives. Despite its widespread usage, password-based authentication has numerous deficiencies. For instance, pass word theft is becoming a common occurrence due to a variety of security problems associated with passwords. As such, many organizations are moving toward adopting alternative solutions like one time passwords (OTPs), which are only valid for a single session. Nevertheless, various OTP schemes also suffer from a number of drawbacks in terms of their method of generation or delivery. In this chapter, we present a challenge-response visual OTP authentication scheme that is to be used in conjunction with the camera on a mobile device. The main feature of the proposed scheme is to allow the server to send a challenge over a public channel for a user to obtain a session key while safeguarding the user's long-term secret key. We present the authentication protocol, its security analysis, the various design considerations, and the advantages provided by our system