DESIGN AND IMPLEMENTATION OF A TWO FACTOR AUTHENTICATION LOGIN SYSTEM USING ONE TIME PASSWORD (OTP) WITH SMS


DESIGN AND IMPLEMENTATION OF A TWO FACTOR AUTHENTICATION LOGIN SYSTEM USING ONE TIME PASSWORD (OTP) WITH SMS

ABSTRACT

The paper examined the design and implementation of a two-factor authentication login system using OTP with SMS. The quest for the application of tighter security measures to web, desktop and mobile applications developed has been a major concern to a lot of people. Faced with the challenges of poor security and vulnerability of users, resulting to applications being hacked by unauthorized people, the researcher delved into developing a more secured login application that sends a secret passcode to the registered phone number of a user for identification purpose. The aim of the application is basically to ensure that users are safe, and all logins are authorized. The application was developed with PHP, MYSQL, CSS, BOOTSTRAP, AND HTML technologies.

SCREENSHOTS OF THE APPLICATION

 

 CHAPTER ONE

INTRODUCTION

INTRODUCTION

With the development of science and technology and means of storage and exchange of information in different ways, or so-called transfer of data across the network from one site to another site, became to look at the security of data and information is important; we need to provide protection for the information of the dangers that threaten them or attack them through the use of tools to protect information from internal or external threats. In addition to the procedures adopted to prevent access information into the hands of unauthorized persons through communications and to ensure the authenticity of these communications.

Today security concerns are on the ascent in all areas. Most systems today rely on static passwords to verify the user’s identity. Users have a propensity to use obvious passwords, simple password, easily guessable password and same password for multiple accounts, and even write their passwords, store them on their system or asking the websites for remembering their password etc. Utilization of static passwords in this expanded dependence on access to IT systems progressively presents themselves to Hackers, ID Thieves and Fraudsters. In addition, hackers have the preference of using numerous techniques / attacks such as guessing attack, shoulder surfing attack, dictionary attack, brute force attack, snooping attack, social engineering attack etc. to steal passwords so as to gain access to their login accounts. Quite a few techniques, strategies for using passwords have been proposed but some of which are especially not easy to use and practice. To solve the password problem in banking sectors and also for online transaction two factor authentications using OTP and ATM pin / cards have been implemented.

OBJECTIVE OF THE STUDY

The project aims and objectives that will be achieved after completion of this project are discussed in this subchapter. The aims and objectives are as follows:

1. Avoid the risks related to the use password.

2. Limit the unauthorized access to accounts.

3. Verification of the person requesting access to the system.

4. Building authentication process with low cost.

5. To take advantage of users smartphone’s

STATEMENT OF THE PROBLEMS

In recent years, increased interest institutions and organizations in the security aspects of their networks and systems, and among these aspects to verify that the person requesting access to the system that he is the person who claims that he/she is, this process called Authentication, in most systems are using a password only to access the system for login process. Below are some problems and risks for the use of password in the user authentication process:

1. Recently it became Breakthroughs systems, websites and personal accounts are a large and different ways, because of weak protection of those systems methods so it was necessary to find ways more secure to protect those systems.

2. Passwords become easier to guess.

3. Short passwords are easy to guess and crack.

4. Equipment and software often has standard pre-configured passwords (default passwords).

5. Most people they have many account use same password for all these accounts.

SIGNIFICANCE OF THE STUDY

With the development of computer science progressed accordingly ways to hack, and different ways plus sensitivity of data; as a result, the greater the need to find solutions to overcome the weaknesses those hackers exploits it, we will give a proposal for two level user authentications to access the system.

SCOPE OF THE STUDY

The two way mobile authentication system is an innovative technology used to solve the existing problems of the present one factor authentication which is a simple username and a password. The two way mobile authentication solves this problem by using a strong authentication with the combination of ―something you know‖, ―something you have‖ and ―something you are‖. When compared the above three methods individually, all the methods have some vulnerabilities. Something you know—may be shared, something you have –may be stolen and something you are stronger but it is expensive to use in all the cases. So the combination provides a stronger authentication. 

The project is aimed towards the realization of a strong two factor authentication using mobile device to 

1. Provides with a cost effective and user friendly authentication. 

2. Avoids the use of a simple username and password system which is not secure anymore. 

3. Using the mobile as your authentication token. 

4. Ease to use any existing applications on web.

5. No additional use of hardware.

6. Easy to deploy.

 DEFINITION OF TERMS

1. Authentication: the process or action of proving or showing something to be true, genuine, or valid.

2. System: Physical component of a computer that is used to perform certain task.

3. Data: Numbers, Text or image which is in the form suitable for Storage in or processing by a computer, or incomplete information. 

4. Information: A meaning full material derived from computer data by organizing it and interpreting it in a specified way.

5. Input: Data entered into a computer for storage or processing. 

6. Output: Information produced from a computer after processing. 

7. Information System: A set of interrelated components that collect (or retrieve), process, store and distribute information to support decision making and control in an organization. 

8. Computer: Computer is an electronic device that accepts data as Input, processes data and     gives out information as output to the user.

9. Software:-Software is set of related programs that are designed by the manufacturer to control the hardware and to enable the computer perform a given task.

10. Hardware: - Hardware is a physical part of a computer that can be touched, seen, feel which are been control by the software to perform a given task.

11. Database: - Database is the collection of related data in an organized form. 

12. Programming: - programming is a set of coded instruction which the computers understands and obey. 

13. Technology: -Technology is the branch of knowledge that deals with the creation and use technical and their interrelation with life, society and the environment, drawing upon such as industrial art, engineering, applied science and pure science.

14. Algorithm : A set of logic rules determined during the design phase of a data matching application. The ‘blueprint’ used to turn logic rules into computer instructions that detail what step to perform in what order.

15. Application:  The final combination of software and hardware which performs the data matching.

16. Data matching database: A structured collection of records or data that is stored in a computer system.

17. Data integrity : The quality of correctness, completeness and complain with the intention of the creators of the data i.e ‘fit for purpose’

18. Password: This is a secret code that a user must type into a computer to enable he/she access it or its applications. This is made up of numbers, letters, characters or contribution of any of the above categories.

19. PHP: Hypertext Preprocessor (the name is a recursive acronym) This is a Programming language known as a server-side scripting   language. It was used in the developing of this software.

20. Identification: The act of recognizing and naming someone or something.

21. Verification: Evidence that establishes or confirms the accuracy or truth of something.

22. Query language: A database query language and report writer allows users to interactively interrogate the database, analyze its data and update it according to the user’s privileges on data. It also controls the security of the database. 

23. API: a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service. 

REFERENCES

 1. Michael Pearce, Ray Hunt, Sherali Zeadally. Assessing and Improving Authentication Confidence Management, University of Canterbury, New Zealand and University of the District of Columbia. 

2.  Suzumura T, Trent S, Tatsubori M, Tozawa A, Onodera T. Performance comparison of Web Service Engines in PHP, Java and C,IEEE International Conference on Web Services 2008. 

3. Smartsmssolution SMS Gateway developer Api available at http//smartsmssolutioncom/developers/api_http.php 

4. George Schlossnagle, Advanced PHP programming. 

5. Naphtali Rishe, Khaled Naboulsi, Ouri Wolfson, Bryon Ehlmann. An Efficient Web-based Semantic SQL Query Generator .High Performance Database Research Center, Florida International University. 

6. Muhammad Saleem, Kyung-Goo Doh. Generic Information System Using SMS Gateway. Fourth International Conference on Computer Sciences and Convergence Information Technology 2009. 

7. A.medrano,Online Banking Security-Layers of protection available at http//ezinearticlescom/?Online-Banking-Security---Layers-of-Protection&id=1353184 

.

DESIGN AND IMPLEMENTATION OF A TWO FACTOR AUTHENTICATION LOGIN SYSTEM USING ONE TIME PASSWORD (OTP) WITH SMS



TYPE IN YOUR TOPIC AND CLICK SEARCH.




TESTIMONIES FROM OUR CLIENTS


Please feel free to carefully review some written and captured responses from our satisfied clients.

  • "Exceptionally outstanding. Highly recommend for all who wish to have effective and excellent project defence. Easily Accessable, Affordable, Effective and effective."

    Debby Henry George, Massachusetts Institute of Technology (MIT), Cambridge, USA.
  • "I saw this website on facebook page and I did not even bother since I was in a hurry to complete my project. But I am totally amazed that when I visited the website and saw the topic I was looking for and I decided to give a try and now I have received it within an hour after ordering the material. Am grateful guys!"

    Hilary Yusuf, United States International University Africa, Nairobi, Kenya.
  • "Researchwap.com is a website I recommend to all student and researchers within and outside the country. The web owners are doing great job and I appreciate them for that. Once again, thank you very much "researchwap.com" and God bless you and your business! ."

    Debby Henry George, Massachusetts Institute of Technology (MIT), Cambridge, USA.
  • "I love what you guys are doing, your material guided me well through my research. Thank you for helping me achieve academic success."

    Sampson, University of Nigeria, Nsukka.
  • "researchwap.com is God-sent! I got good grades in my seminar and project with the help of your service, thank you soooooo much."

    Cynthia, Akwa Ibom State University .
  • "Great User Experience, Nice flows and Superb functionalities.The app is indeed a great tech innovation for greasing the wheels of final year, research and other pedagogical related project works. A trial would definitely convince you."

    Lamilare Valentine, Kwame Nkrumah University, Kumasi, Ghana.
  • "Sorry, it was in my spam folder all along, I should have looked it up properly first. Please keep up the good work, your team is quite commited. Am grateful...I will certainly refer my friends too."

    Elizabeth, Obafemi Awolowo University
  • "Am happy the defense went well, thanks to your articles. I may not be able to express how grateful I am for all your assistance, but on my honour, I owe you guys a good number of referrals. Thank you once again."

    Ali Olanrewaju, Lagos State University.
  • "My Dear Researchwap, initially I never believed one can actually do honest business transactions with Nigerians online until i stumbled into your website. You have broken a new legacy of record as far as am concerned. Keep up the good work!"

    Willie Ekereobong, University of Port Harcourt.
  • "WOW, SO IT'S TRUE??!! I can't believe I got this quality work for just 3k...I thought it was scam ooo. I wouldn't mind if it goes for over 5k, its worth it. Thank you!"

    Theressa, Igbinedion University.
  • "I did not see my project topic on your website so I decided to call your customer care number, the attention I got was epic! I got help from the beginning to the end of my project in just 3 days, they even taught me how to defend my project and I got a 'B' at the end. Thank you so much researchwap.com, infact, I owe my graduating well today to you guys...."

    Joseph, Abia state Polytechnic.
  • "My friend told me about ResearchWap website, I doubted her until I saw her receive her full project in less than 15 miniutes, I tried mine too and got it same, right now, am telling everyone in my school about researchwap.com, no one has to suffer any more writing their project. Thank you for making life easy for me and my fellow students... Keep up the good work"

    Christiana, Landmark University .
  • "I wish I knew you guys when I wrote my first degree project, it took so much time and effort then. Now, with just a click of a button, I got my complete project in less than 15 minutes. You guys are too amazing!."

    Musa, Federal University of Technology Minna
  • "I was scared at first when I saw your website but I decided to risk my last 3k and surprisingly I got my complete project in my email box instantly. This is so nice!!!."

    Ali Obafemi, Ibrahim Badamasi Babangida University, Niger State.
  • To contribute to our success story, send us a feedback or please kindly call 2348037664978.
    Then your comment and contact will be published here also with your consent.

    Thank you for choosing researchwap.com.