Two Way Mobile Authentication System

Abstract: The ever increasing use of internet around the world has without doubt increased the usage of internet based services, e-business models, easier ways of communication and information sharing. Such drastic increase in usage of network based systems has made the current cyber security systems old dated as the hackers and attackers of networked systems is on the rise with new and modern attack methodologies. This has necessitated the need of more secure ways of communications. The issues of Confidentiality, Integrity and the Availability of systems are of prime importance and more research towards these issues has been called for around the world. One of the major areas of security improvement is the way in which authentication of users is carried out. Even though many organizations still rely on static ID and password authentication system, this method is getting old and there is a requirement for a better way of authentication which is required. One of the solutions for this issue is the two factor authentication technique as a fundamental security function. Our thesis proposal explores the two factor authentication technique and implementation issues which can be used for the two factor authentication technique. Two-factor authentication method is implemented in two main phases. In the first phase, the authenticator gets a request generated by the application to authenticate a specified user. When the request is received, it generates a one-time password and sends it through a SMS to a GSM cell phone registered for that specified user. The one-time password has a default timeout 5 minutes which is configurable. In the second phase of the authentication, a request is sent with the user id and a hash of the one-time password. If both the one-time and user specified password is valid then the user will be authenticated. [1] It proposes a secure, convenient and user friendly two factor authentication scheme and discusses its applications to online banking.