Design and Implementation of a Two-Factor, One Time Password Authentication System
Citation
TokulaUmaha I., EsiefarienrheBukohwo Michael"Design and Implementation of a Two-Factor, One Time Password Authentication System", International Journal of Computer & organization Trends (IJCOT), V5(6):1-4 Nov - Dec 2015, ISSN:2249-2593, www.ijcotjournal.org. Published by Seventh Sense Research Group.
Abstract Most people now access all the important areas of their life—banking, shopping, insurance, medical records, and so on—simply by sitting at their computer and typing a username and password into a website. Getting access to something this way is called one-factor authentication, because you need to know only one thing to get into the system: the combination of user name and password. In theory, this kind of protection should be reasonably secure; in practice, it`s less and less trustworthy. This paper presents an approach to further increase security using a two-factor authentication scheme. This approach required the user to login with a username and password and also generate a One Time Password which will be sent to his email. The One Time Password will be used for authentication any time the user wishes to access a restricted resource. The one time password as the name implies will expire after a single use and after a period of 60 seconds. The system uses the HMACSHA- 256 algorithm to develop a more secured two factor, one time password. Java Enterprise Edition (JEE) technology and MySQL was used and the frontend and backend respectively and was deployed on a single user computer using Java Bean Open Source Software (JBOSS) application server. The results from the system implementation show a more secured system difficult to compromise.
References
[1] Ahmad Alamgir Khan.(2013). Preventing Phishing Attacks using One Time Password nd User Machine dentification.International. Journal of Computer Applications (0975 – 8887) Volume 68– No.3
[2] AnkitAggarwal, DarshilDoshi, Vijay Gore and JigneshSisodia. (2015). Three Level Security Using Cued Click Points in Image Based Authentication.International Journalof Innovative and Emerging Research in Engineeringe-ISSN: 2394 – 3343 p-ISSN: 2394 – 5494
[3] Ayushi. A (2010) Symmetric Key Cryptographic Algorithm. International Journal of Computer Applications (0975 - 8887) Volume 1 – No. 15
[4] Hongfeng Zhu, Yu Xia and Hui Li. (2015) An Ancient and Secure Biometrics-based One-Time Identity-Password Authenticated Scheme for E-coupon System towardsMobile Internet.Journal of Information Hiding and Multimedia Signal Processing Volume 6, Number 3.
[5] Humaira Dar, WajdiFawzi Mohammed Al-KhateebAnd Mohamed HadiHabaebi. (2013). Secure Scheme For User Authentication And Authorization In Android Environment. Int. Journal of Engineering Research and Applications. Vol. 3, Issue 5, pp.1874-1882
[6] Lamport L. ( 1981) Password Authentication with Insecure Communication. Communications of the ACM, vol. 24, no. 11, pp. 770-772.
[7] MansoorEbrahim, Shujaat Khan, Umer Bin Khalid. (2013). Symmetric Algorithm Survey: A Comparative Analysis. International Journal of Computer Applications.Volume 61 No.20.
[8] Niharika Gupta and Rama Rani.(2015). Implementing High Grade Security in Cloud Application using Multifactor Authentication and Cryptography.International Journal of Web & Semantic Technology (IJWesT) Vol.6, No.2
[9] NiveditaBisht, Sapna Singh. (2015). A Comparative Study of Some Symmetric and Asymmetric Key Cryptography Algorithms. International Journal of Innovative Research in Science, Engineering and Technology.Vol. 4, Issue 3.
[10] Prashant Kumar Arya, DrMahendra Singh Aswal, DrVinod Kumar. (2012). Comparative Study of Asymmetric Key Cryptographic Algorithms. International Journal of Computer Science & Communication Networks,Vol 5(1),17-21
[11] RanjeetMasram, VivekShahare, Jibi Abraham, RajniMoona. (2014). Analysis and comparison of symmetric key cryptographic algorithms based on various file features. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4.
[12] Y. Huang, Z. Huang, H.R. Zhao and X.J. Lai.(2013).A new onetime password method. Proceeding of the Informational Conference on Electronic Engineering and Computer Science, pp 32-37.
Keywords
One Time Password (OTP), HMACbased One Time Password (HOTP), Time-based One Time Password (TOPT), Cryptography, Email, Authentication.