E-AUTHENTICATION SYSTEM USING A COMBINATION OF QR CODE AND OTP FOR ENHANCED SECURITY

Abstract
In the proposed scheme, the user can easily and efficiently login into the system. We analyze the security and usability of the proposed scheme, and show the resistance of the proposed scheme to hacking of login credentials, shoulder surfing and accidental login. The shoulder surfing attack can be performed by the adversary to obtain the user’s password by watching over the user’s shoulder as he enters his password. Since, we have come up with a secure system schemes with different degrees of resistance to shoulder surfing have been proposed. In order to use this authentication system, user need to first register himself into this system by filing up the basic registration details. After a successful registration, user can access the login module where he/she need to first authenticate the account by entering the email id and password which was entered while registration. Once the email id and password is authenticated, the user may proceed with next authentication section where he/she need to select the type of authentication as QR (Quick Response) Code or OTP (One Time Password). Once the user selects the authentication type as QR Code, then system will generate a QR Code and send it to user’s mail id over internet. If user select’s OTP, then SMS will be sent on his/her registered mobile number. If the user passes the authentication, then system will redirect to the main page. The QR Code and OTP are randomly generated by the system at the time of login.

CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
When using services in a web environment, security is of great importance especially for both the user and the provider. The information in use must be handled in a way that does not compromise its security. Passwords are only secured as long as the user keeps them secret. Not everyone is aware of the risk that comes with compromised passwords and other security leaks (Nilsson, 2012).

Lately, client side attacks on online banking and electronic commerce are on the rise due to inadequate security awareness amongst end users. As a result, end user would not be aware if there is vulnerability on their machine or platform that might lead to client side attack. The password remains the most popular authentication mechanism in use today. In order to complete any web-based transaction exchange, the online user will be required to enter his/her password into an online system.

As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases.

In order to mitigate these security issues, this proposed dissertation proffers a solution to the problem by integrating different authentications and methods to provide an improved and secure online transaction between the client and the server. The thesis introduces an anti-form grabbing technique which disallows the attacker from “grabbing” sensitive information and modifying it when they are being sent to the server by the client and also protects the web contents. rough The system also minimizes the risk of online attacks by using One Time Password (OTP), a password that is valid for only one login session or transaction within a limited time along with the use of Email as a different verification channel.

This thesis therefore intends to develop an E AUTHENTICATION SYSTEM USING QR CODE & OTP.

1.2 RESEARCH MOTIVATION
Cyber criminals are using newer and more advanced methods to target online users. What makes some online attacks difficult to detect from the client side is that any activity performed seems as though it is originating from the legitimate user’s web browser and with this, it silently changes the information of the user’s account details to the attacker’s account details which is most worrying. The losses attributed to financial fraud are alarming. The financial services industry has become a primary target of cyber-attacks on a global scale and, in 2009 alone, suffered losses totalling $54 billion – an increase from $48 billion in 2008 (SafeNet, 2010).

In 2010, there has been an exponential increase in the number of online attacks against financial institutions including the European consumer banking and U.S. corporate banking markets (RSA, 2011). The hackers target the most sensitive information such as the account number and the amount and alter it for their own benefit. One must be able to trust the data that is transmitted to the bank server which is why an enhanced web security application will be developed to tackle the online security threat.

According to the Data Breach Investigation Report by Verizon Communications Inc., New York, 63,000 security incidents have been reported in the year 2014 from 95 countries all over the world and authentication attacks are the highest threat to organizations (http://www.verizonenterprise.com/DBIR/). The use of single factor knowledge based authentication system such as username and password is inadequate for protecting against authentication attacks. The various methods documented in the literature do not indicate unique or generic solutions for providing accurate and secure authentication system. Nevertheless, these techniques have certain limitations such as less accuracy and higher time consumption. There are multiple factors for authentication using biometric traits and two dimensional barcodes.

Authentication based on possession is generally based on smart cards. The wide deployment of mobile phones and smart devices has motivated the need for an authentication system based on mobile phone and Quick Response code. The biometric template can be embedded in the Quick response code for authentication. Authentication systems have to be equipped with smart devices to enable faster and efficient authentication. One of the main disadvantages of biometric system is the associated time taken for registration and identification. Extracting the biometric features from a group of users is time consuming and inconvenient. Automatic authentication systems perform the task without the knowledge of the user and hence more effective.

The increasing cyber attacks during online financial transactions have necessarily initiated a need for secure and efficient means of authentication. Encrypted QR codes can be used for that purpose. Several multimodal biometric systems have been reported in the literature. The modalities chosen in them are vulnerable to spoofing attacks and hence, irrespective of the type of fusion, spoofing is possible. There is a need for efficient fusion of vein based modalities as they are less vulnerable.

Current research in the area of authentication focuses largely on the various methods of extracting biometric traits from the user. The increase in number of internet users has also led to the subsequent increase in various methods of authentication attacks. Thus, enhancing the security of authentication systems emerges as an important issue to be addressed and this motivated the author to explore different types of authentication systems. Emerging trends in the computationally demanding application necessitate more effective algorithms for securing authentication.

1.3 RESEARCH AIM AND OBJECTIVES
The aim of this dissertation is to develop an E authentication system using QR code & OTP. The research objectives of this proposed dissertation are to:

1. Develop anti-form grabbing technique to encode the user inputs as they are being entered.

2. Implement an authentication mechanism using One Time Password (OTP).

3. Develop a medium that make use of Email from the server for identity Verification.

1.4 RESEARCH METHODOLOGY
The following are methods that were adopted for this research:

1. Develop the anti-form grabbing algorithm to encode user inputs.

2. Develop the OTP algorithm to authenticate the user.

3. Develop a medium that make use of Email from the server for identity verification.

4. Design the proposed system architecture to mitigate MitB attack.

5. Implement the proposed system.

6. Assess performance of the proposed system.

1.5 Significance of The Study
It is believed that at the completion of the study, the findings will be of great importance to researcher who intends to carry out study in similar topic as the study will serve as a reference point. Finally, the study will be of significance to academia, students, lecturers and the general public as the findings will also contribute to the pool of knowledge.

1.6 Scope and Limitation of the Study
The scope of the study covers the impact of ICT and print media business in Nigeria but in the course of the study there were some factors which militated against the scope of the study;

a) Availability of Research Material: The research material available to the researcher is insufficient, thereby limiting the study.

b) Time:The time frame allocated to the study does not enhance wider coverage as the researcher has to combine other academic activities and examinations with the study.

c) Finance: The finance available for the research work does not allow for wider coverage as resources are very limited as the researcher has other academic bills to cover.

For more Computer Science Projects click here
================================================================
Item Type: Project Material  |  Size: 59 pages  |  Chapters: 1-5
Format: MS Word   Delivery: Within 30Mins.
================================================================

Share:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Search for your topic here

See full list of Project Topics under your Department Here!

Featured Post

HOW TO WRITE A RESEARCH HYPOTHESIS

A hypothesis is a description of a pattern in nature or an explanation about some real-world phenomenon that can be tested through observ...

Popular Posts