|
Development of an authentication scheme based on qr code and totp
|
bet | 1/3 | Sana | 22.05.2024 | Hajmi | 16,81 Kb. | | #250481 |
Bog'liq Документ Microsoft Word
Development of an authentication scheme based on QR code and TOTP
1. Introduction
Nothing in this world is fully secured. Same is the case with computer networks. Over the past few years, a number of authentication systems have been developed in order to keep a check on the resources being accessed by any intruder. The most commonly used form of authentication is a textual username and a PIN/password. This method is simple but is not highly secure because the username can be easily guessed and passwords can be cracked using a number of hacking tools readily available on the internet. After this, more advanced forms of authentication come into play, such as graphical passwords, OTP (one-time passwords), and biometrics. But none is totally secure. There are limitations with every method in use today. Either it is the cost of implementation or the complexity for a user. OTP again is a password which has a fixed algorithm to generate by giving an input. So, it can be tracked back to the original password. Also, it is cumbersome for a user to carry a device always which generates OTP for him. Coming to biometrics, it is an expensive technology and is still not much reliable. Moreover, it may involve the personal attribute of a user. If compromised, the attribute will never change for a person. For example, a fingerprint, once lost to an intruder, can never be changed by the owner. So, there is always a threat of stolen identity.
The first section of this paper would give the reader a brief overview of the rest of the paper. It would be explaining the scope of the project and the purposes for a new authentication model. This introduction section provides a kick start to the paper developing an understanding with the current problem of security in authentication systems and moving towards a solution approach in the near future.
1.1. Background
This concept has inspired the development of a new authentication mechanism that combines token-based authentication with QR codes. QR code, short for Quick Response Code, is a two-dimensional barcode matrix that can be easily read by electronic image scanners and smartphones. The information on a QR code is represented by a pattern of black squares arranged on a white background. A QR code can store a maximum of 7,089 numeric characters. The large storage capacity and easy readability of QR codes make them ideal for securely storing data. QR codes can be displayed on any device, such as monitors, mobile phones, or printed on paper, eliminating the need for separate and secure storage.
With the advent of the internet, the number of users accessing websites has increased exponentially. However, storing the client information of such a large user base is always a challenge. It involves the complexity of protecting user identity and data from unauthorized access and security attacks. To address this issue, several token-based authentication mechanisms have emerged. These approaches overcome the complexity of password-based systems and enhance system security. However, the deployment of these systems can be expensive as it requires the use of trusted third-party servers and a secure channel to transfer the token between the client and the server.
|
| |