Keylogging-resistant visual authentication protocols

Dae Hun Nyang, Aziz Mohaisen, Jeonil Kang

Research output: Contribution to journalArticlepeer-review

32 Scopus citations


The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in Personal Computers (PCs) to observe user's behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users' trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements.

Original languageEnglish
Article number6746187
Pages (from-to)2566-2579
Number of pages14
JournalIEEE Transactions on Mobile Computing
Issue number11
StatePublished - 1 Nov 2014

Bibliographical note

Publisher Copyright:
© 2002-2012 IEEE.


  • Authentication
  • keylogger
  • malicious code
  • smartphone


Dive into the research topics of 'Keylogging-resistant visual authentication protocols'. Together they form a unique fingerprint.

Cite this