Research Student Profile

Home People Profile...

Dr Hussain Alsaiari

Research Student

Brief biographical information

hussain.alsaiari@plymouth.ac.uk

  

Access thesis on-line

Graphical One-Time-Password Authentication

Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords appears difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. One-Time Passwords (OTPs) aim to overcome such problems; however, most implemented OTP techniques require special hardware, which not only adds costs, but also raises issues regarding availability. This type of authentication mechanism is mostly adopted by online banking systems to secure their clients’ accounts. However, carrying around authentication tokens was found to be an inconvenient experience for many customers. Not only the inconvenience, but if the token was unavailable, for any reason, this would prevent customers from accessing their accounts securely. In contrast, there is the potential to use graphical passwords as an alternative authentication mechanism designed to aid memorability and ease of use. The idea of this research is to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. A new multi-level user-authentication solution known as: Graphical One-Time Password (GOTPass) was proposed and empirically evaluated in terms of usability and security aspects. The usability experiment was conducted during three separate sessions, which took place over five weeks, to assess the efficiency, effectiveness, memorability and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Eighty-one participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5 seconds. With regard to the security evaluation, the research simulated three common types of graphical password attacks (guessing, intersection, and shoulder-surfing). The participants’ task was to act as attackers to try to break into the system. The GOTPass scheme showed a high resistance capability against the attacks, as only 3.3% of the 690 total attempts succeeded in compromising the system.

Dr Hussain Alsaiari

Director of studies: Dr Maria Papadaki
Other supervisors: Dr Paul S Haskell-Dowland, Prof. Steven M Furnell

Journal papers

Graphical One-Time Password (GOTPass): A usability evaluation
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Information Security Journal: a Global Perspective, ISSN: 1939-3547, Vol 25, Iss 1-3, pp94-108, 2016
More details | External link available

Secure Graphical One Time Password (GOTPass): An Empirical Study
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Information Security Journal: A Global Perspective, 24, pp207-220, 2015
More details | External link available

2 Journal papers

Conference papers

A Review of Graphical Authentication Utilising a Keypad Input Method
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Proceedings of The 8th Saudi Students Conference, January 31 - February 1, pp359-374, 2015
More details | External link available

Alternative Graphical Authentication for Online Banking Environments
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Proceedings of the Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014), Plymouth, UK, July 8-9, pp122-136, ISBN: 978-1-84102-375-5, 2014
Can be ordered on-line.
More details | Download PDF

2 Conference papers

4 publication(s) - all categories.