Design and Implementation of a Two-Factor, One Time Password Authentication System

TokulaUmaha I.; EsiefarienrheBukohwo Michael

doi:https://doi.org/10.14445/22492593/IJCOT-V26P301

Research Article | Open Access | Download PDF

Volume 5 | Issue 6 | Year 2015 | Article Id. IJCOT-V26P301 | DOI : https://doi.org/10.14445/22492593/IJCOT-V26P301

Design and Implementation of a Two-Factor, One Time Password Authentication System

TokulaUmaha I., EsiefarienrheBukohwo Michael

Citation :

TokulaUmaha I., EsiefarienrheBukohwo Michael, "Design and Implementation of a Two-Factor, One Time Password Authentication System," International Journal of Computer & Organization Trends (IJCOT), vol. 5, no. 6, pp. 1-4, 2015. Crossref, https://doi.org/10.14445/22492593/IJCOT-V26P301

Abstract

Most people now access all the important areas of their life—banking, shopping, insurance, medical records, and so on—simply by sitting at their computer and typing a username and password into a website. Getting access to something this way is called one-factor authentication, because you need to know only one thing to get into the system: the combination of user name and password. In theory, this kind of protection should be reasonably secure; in practice, it`s less and less trustworthy. This paper presents an approach to further increase security using a two-factor authentication scheme. This approach required the user to login with a username and password and also generate a One Time Password which will be sent to his email. The One Time Password will be used for authentication any time the user wishes to access a restricted resource. The one time password as the name implies will expire after a single use and after a period of 60 seconds. The system uses the HMACSHA- 256 algorithm to develop a more secured two factor, one time password. Java Enterprise Edition (JEE) technology and MySQL was used and the frontend and backend respectively and was deployed on a single user computer using Java Bean Open Source Software (JBOSS) application server. The results from the system implementation show a more secured system difficult to compromise.

Keywords

One Time Password (OTP), HMACbased One Time Password (HOTP), Time-based One Time Password (TOPT), Cryptography, Email, Authentication.

References

[1] Ahmad Alamgir Khan.(2013). Preventing Phishing Attacks using One Time Password nd User Machine dentification.International. Journal of Computer Applications (0975 – 8887) Volume 68– No.3
[2] AnkitAggarwal, DarshilDoshi, Vijay Gore and JigneshSisodia. (2015). Three Level Security Using Cued Click Points in Image Based Authentication.International Journalof Innovative and Emerging Research in Engineeringe-ISSN: 2394 – 3343 p-ISSN: 2394 – 5494
[3] Ayushi. A (2010) Symmetric Key Cryptographic Algorithm. International Journal of Computer Applications (0975 - 8887) Volume 1 – No. 15
[4] Hongfeng Zhu, Yu Xia and Hui Li. (2015) An Ancient and Secure Biometrics-based One-Time Identity-Password Authenticated Scheme for E-coupon System towardsMobile Internet.Journal of Information Hiding and Multimedia Signal Processing Volume 6, Number 3.
[5] Humaira Dar, WajdiFawzi Mohammed Al-KhateebAnd Mohamed HadiHabaebi. (2013). Secure Scheme For User Authentication And Authorization In Android Environment. Int. Journal of Engineering Research and Applications. Vol. 3, Issue 5, pp.1874-1882
[6] Lamport L. ( 1981) Password Authentication with Insecure Communication. Communications of the ACM, vol. 24, no. 11, pp. 770-772.
[7] MansoorEbrahim, Shujaat Khan, Umer Bin Khalid. (2013). Symmetric Algorithm Survey: A Comparative Analysis. International Journal of Computer Applications.Volume 61 No.20.
[8] Niharika Gupta and Rama Rani.(2015). Implementing High Grade Security in Cloud Application using Multifactor Authentication and Cryptography.International Journal of Web & Semantic Technology (IJWesT) Vol.6, No.2
[9] NiveditaBisht, Sapna Singh. (2015). A Comparative Study of Some Symmetric and Asymmetric Key Cryptography Algorithms. International Journal of Innovative Research in Science, Engineering and Technology.Vol. 4, Issue 3.
[10] Prashant Kumar Arya, DrMahendra Singh Aswal, DrVinod Kumar. (2012). Comparative Study of Asymmetric Key Cryptographic Algorithms. International Journal of Computer Science & Communication Networks,Vol 5(1),17-21
[11] RanjeetMasram, VivekShahare, Jibi Abraham, RajniMoona. (2014). Analysis and comparison of symmetric key cryptographic algorithms based on various file features. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4.
[12] Y. Huang, Z. Huang, H.R. Zhao and X.J. Lai.(2013).A new onetime password method. Proceeding of the Informational Conference on Electronic Engineering and Computer Science, pp 32-37.