Design And Implementation Of A Two Factor Authentication Login System Using One Time Password (OTP) With SMS

The Design And Implementation Of A Two Factor Authentication Login System Using One Time Password (OTP) With SMS (PDF/DOC)

Abstract

The paper examined the design and implementation of a two-factor authentication login system using OTP with SMS. The quest for the application of tighter security measures to web, desktop and mobile applications developed has been a major concern to a lot of people. Faced with the challenges of poor security and vulnerability of users, resulting to applications being hacked by unauthorized people, the researcher delved into developing a more secured login application that sends a secret passcode to the registered phone number of a user for identification purpose. The aim of the application is basically to ensure that users are safe, and all logins are authorized. The application was developed with PHP, MYSQL, CSS, BOOTSTRAP AND HTML technologies.

Chapter One

Introduction

1.1 Background Of The Study

With the development of science and technology and means of storage and exchange of information in different ways, or so-called transfer of data across the network from one site to another site, became to look at the security of data and information is important; we need to provide protection for the information of the dangers that threaten them or attack them through the use of tools to protect information from internal or external threats. In addition to the procedures adopted to prevent access information into the hands of unauthorized persons through communications and to ensure the authenticity of these communications.

Today security concerns are on the ascent in all areas. Most systems today rely on static passwords to verify the user’s identity. Users have a propensity to use obvious passwords, simple password, easily guessable password and same password for multiple accounts, and even write their passwords, store them on their system or asking the websites for remembering their password etc. Utilization of static passwords in this expanded dependence on access to IT systems progressively presents themselves to Hackers, ID Thieves and Fraudsters. In addition, hackers have the preference of using numerous techniques / attacks such as guessing attack, shoulder surfing attack, dictionary attack, brute force attack, snooping attack, social engineering attack etc. to steal passwords so as to gain access to their login accounts. Quite a few techniques, strategies for using passwords have been proposed but some of which are especially not easy to use and practice. To solve the password problem in banking sectors and also for online transaction two factor authentications using OTP and ATM pin / cards have been implemented.

1.2 Objective Of The Study

The project aims and objectives that will be achieved after completion of this project are discussed in this subchapter. The aims and objectives are as follows:

Avoid the risks related to the use password.

Limit the unauthorized access to accounts.

Verification of the person requesting access to the system.

Building authentication process with low cost.

To take advantage of users smartphone’s

 

1.3 Statement Of The Problems

In recent years, increased interest institutions and organizations in the security aspects of their networks and systems, and among these aspects to verify that the person requesting access to the system that he is the person who claims that he/she is, this process called Authentication, in most systems are using a password only to access the system for login process. Below are some problems and risks for the use of password in the user authentication process:

Recently it became Breakthroughs systems, websites and personal accounts are a large and different ways, because of weak protection of those systems methods so it was necessary to find ways more secure to protect those systems.

Passwords become easier to guess.

Short passwords are easy to guess and crack.

Equipment and software often has standard pre-configured passwords (default passwords).

Most people they have many account use same password for all these accounts.

 

1.4 Significance Of The Study

With the development of computer science progressed accordingly ways to hack, and different ways plus sensitivity of data; as a result, the greater the need to find solutions to overcome the weaknesses those hackers exploits it, we will give a proposal for two level user authentications to access the system.

1.5 Scope Of The Study

The two way mobile authentication system is an innovative technology used to solve the existing problems of the present one factor authentication which is a simple username and a password. The two way mobile authentication solves this problem by using a strong authentication with the combination of ―something you know‖, ―something you have‖ and ―something you are‖. When compared the above three methods individually, all the methods have some vulnerabilities. Something you know—may be shared, something you have –may be stolen and something you are stronger but it is expensive to use in all the cases. So the combination provides a stronger authentication.

The project is aimed towards the realization of a strong two factor authentication using mobile device to

Provides with a cost effective and user friendly authentication.

Avoids the use of a simple username and password system which is not secure anymore.

Using the mobile as your authentication token.

Ease to use any existing applications on web.

No additional use of hardware.

Easy to deploy.

 

1.6 Definition Of Terms

1. Authentication:

The process or action of proving or showing something to be true, genuine, or valid.

2. System:

Physical component of a computer that is used to perform certain task.

3. Data:

Numbers, Text or image which is in the form suitable forStorage in or processing by a computer, or incomplete information.

4. Information:

A meaning full material derived from computer data by organizing it and interpreting it in a specified way.

5. Input:

Data entered into a computer for storage or processing.

6. Output:

Information produced from a computer after processing.

7. Information System:

A set of interrelated components that collect (or retrieve), process, store and distribute information to support decision making and control in an organization.

8. Computer:

Computer is an electronic device that accepts data as Input, processes data and gives out information as output to the user.

9. Software:

Software is set of related programs that are designed by the manufacturer to control the hardware and to enable the computer perform a given task.

10. Hardware:

Hardware is a physical part of a computer that can be touched, seen, feel which are been control by the software to perform a given task.

11. Database:

Database is the collection of related data in an organized form.

12. Programming:

programming is a set of coded instruction which the computers understands and obey.

13. Technology:

Technology is the branch of knowledge that deals with the creation and use technical and their interrelation with life, society and the environment, drawing upon such as industrial art, engineering, applied science and pure science.

14. Algorithm :

A set of logic rules determined during the design phase of a data matching application. The ‘blueprint’ used to turn logic rules into computer instructions that detail what step to perform in what order.

15. Application:

The final combination of software and hardware which performs the data matching.

16. Data matching database:

A structured collection of records or data that is stored in a computer system.

17. Data integrity:

The quality of correctness, completeness and complain with the intention of the creators of the data i.e ‘fit for purpose’

18. Password:

This is a secret code that a user must type into a computer to enable he/she access it or its applications. This is made up of numbers, letters, characters or contribution of any of the above categories.

19. PHP:

Hypertext Preprocessor (the name is a recursive acronym) This is aProgramming language known as a server-side scripting language. It was used in the developing of this software.

20. Identification:

The act of recognizing and naming someone or something.

21. Verification:

Evidence that establishes or confirms the accuracy or truth of something.

22. Query language:

A database query language and report writer allows users to interactively interrogate the database, analyze its data and update it according to the user’s privileges on data. It also controls the security of the database.

23. API:

A set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.

Chapter Five

Summary Conclusion And Recommendation

Summary

The research project focused on “A TWO WAY” A case study of Springlight University Uyo. After stating the objectives of the study, the researcher source for data using different techniques which includes interview method and observation method. Textbook journals and the internet provided a good source of information. This gave room to the detailed investigation and analysis of the various means of login/ password security and how to improve to a more secured way of saving our various logins and other means of accessing important pages with more security and more convenience.

Conclusion

Our thesis goal was to study and implement the two way authentication method and its advantages over the one way authentication system. Our first step was analysis where we studied the traditional authentication systems and how passwords are compromised in such systems and what can be done to negate the comprising factors. This was followed with the study of the limitations of the two way mobile authentication systems. Once the above were completed, the focus was shifted to the implementation of the two way authentication method. The algorithm selected is SHA-1 Algorithm, and then the implementation of the design for the password generation was carried out in PHP. This was followed by an application development of this software with a dashboard and testing our implementation of the two way authentication system with such an application. The One Time Password (OTP) was sent to the GSM user through Smart SMS solution, a SMS gateway provider. During the testing of the implementation, it was found that the system was working fine and that our implementation of the two way authentication system was working and had better security compared to the conventional one way authentication system. The OTP password generator ensured that the same password was not repeated and the OTP will be deleted from the database immediately after. Our thesis goal to study and implement a two way authentication method was successful and the functionality implemented by us was working satisfactorily.

Future Work

Probing deeper, the demo application in this thesis also provide a strong foundation for future work in Two Factor authentication for security applications. Future developments include a more user friendly GUI and extending the OTP algorithm so that password can be generated based on different cryptographic functions. In addition to that we can add features such as giving as choice to the user to choose from different ways to authenticate him to the system to which he was supposed to authenticate.

Click the button below to INSTANTLY subscribe and download the COMPLETE MATERIAL (PDF/DOC)!

Related Field(s):

This study on the Design And Implementation Of A Two Factor Authentication Login System Using One Time Password (OTP) With SMS is relevant to students and researchers in Computer Engineering
Computer Science and other related fields.