TWO FACTOR AUTHENTICATION

INTRODUCTION

Many fields in the world requires authentication of the users We use authentication in day-today life Most authentications are protected only by Passwords. Eg : E mail, Face Book Passwords are known to be one of the easiest target of hackers. So the authentication is easily broken

SOLUTION: Two Factor Authentication

problems with passwords

Social engineering Finding written password Post-It Notes Guessing password / pin Dog/Kids name/ Birthday Shoulder surfing Keystroke logging Can be resolved with mouse based entry Screen scraping (with Keystroke logging) Brute force password crackers L0phtcrack

Two Factor Two Factor Authentication Authentication

Two Factor Authentication

TFA is the most commonly used authentication means It is based on the following factors:

Something you know (as a secret password). Something you have (as an unclonable secure device with a secret key). Something you are(E.g : Biometrics) Two Factor Authentication implements two of the above factors

Something you know Pin Password Mothers Maiden Name Something you own Keys Credit Card Token Phone Something you are Fingerprint DNA

Two Factor Authentication

Two Factor Authentication consists of Two of the three factors

Example: ATM Cash Machine Something you Know Pin Something you Own - Cash Card (Chip)
Stronger and more secure than the traditionally implemented one factor authentication system.

Two Factor Authentication

An approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. From a security perspective, the ideas is to use evidences which have separate range of attack vectors (e.g. logical, physical)leading to more complex attack scenario and consequently lower risk.

TFA

Two-factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requester is presenting false evidence of its identity.

TFA

TFA could drastically

Reduce the incidence of online identity theft, Reduce other online fraud

Because the victims password would no longer be enough to give a thief permanent access to their information.

FEASIBILITY Two Factor STUDY Authentication

TECHNICAL FEASIBILITYFEASIBILITY STUDY

Feasibility is a test of the proposed system according system according to workability, impact on the The project requires the system to be functional organization ability to meet user needs and as effectiveness multi-user use one. of resources. following are the feasibility study employed: It should be based on specified technology.

The system under study must be portable and Technical feasibility platform independent. Operational feasibility The software that is needed for the Economic feasibility development of the system is java script support socket programming, remote database, xml etc which is easily available.

OPERATIONAL FEASIBILITY FEASIBILITY STUDY

Feasibility is a test of the proposed system according system according to workability, impact on the The proposed system offers organization ability to meet user needs and User friendliness effectiveness use of resources. following are the feasibility study employed: Great understand ability

Less Restriction on companies Technical feasibility Simplicity Operational feasibility The operations of this application are absolutely simple. Handling this application does not need much training. so the system is operationally feasible.
Economic feasibility

ECONOMIC FEASIBILITYFEASIBILITY STUDY

Feasibility is a test of the proposed system according system according to workability, impact on the There is no need for much initial investment for organization ability to meet user needs and software or hardware. effectiveness use of resources. following are the feasibility study employed:to a maximum extend The total cost is reduced

because the cost that should be expended in gateway Technicalproviders feasibility is not presented here. of service Operational The system isfeasibility economically feasible because of the Economic feasibility reduced cost as compared to the existing system.

The Existing System

Most systems today rely on static passwords to verify the users identity which can affect security management. Passwords are known to be one of the easiest targets of hackers. The PP-TAKE protocol is based on the Decision Diffie-Hellman (DDH) problem.

The Proposed System

Juanget al.s protocols are modifications of the PPTAKE protocol. The protocols are based on the DDH protocols but they have fewer message exchanges than the PPTAKE protocol. This protocol provides identity privacy. This protocol also provides only half forward secrecy as it can ensure forward secrecy only at the client side and not at the server

SYSTEM REQUIREMENTS

Software requirements:

Front End : Java Back end : My SQL OS : Linux, Windows IDE : Net beans

Hardware requirements:

Processor : Pentium IV or above Primary Memory : 256 MB RAM Storage : 40 GB Hard Disk

SYSTEM DESIGN AND ANALYSIS

This phase is the first in moving from the problem domain to the solution domain. At the end of design phase is design document which is used for the later implement of the project. In system design, the specifications of client requirements are studied and we identified how client interacts with system. Based on this the input and output format, major modules in the system and desired result are identified. Accordingly, suitable software and hardware specifications required are chosen.

INPUT DESIGN GUI of software is created using java Applet.

It have option of giving remote machine address, port number, RSA key length. It have buttons data, which allows user to select connect, listen, send data, receive data, generate key and also to disconnect. There it have a text field for entering user message

OUTPUT DESIGN

Output are the most important and direct source in information to the consumer and administrator. Intelligent output design will improve the systems relationship with user and help in decision making. It has a conversation panel to display the connection information, remote messages and information for user.

DATABASE DESIGN

FIGURE: SYSTEM STRUCTURE

USERS

CLIENT

SERVER

DATABASE

DATABASE DESIGN

The database design gives us a description about how data is stored and retrieved from storage area i.e ; the database. The design phase is comprised of 4 phases. The entities and their design criterias are described in the following slide.

DATABASE DESIGN

Phase 1:
The user is referred to the person having the smartcard. User can get the smartcard by registering into the system via client.

Phase 2:
Client is the interface between the user and the system. The client authenticates the user by verifying the smartcard and the details provided by the user.

Phase 3:
Server: Authenticates the user by comparing the

MODULES Two Factor Authentication

1. Registration stage The user should be registered to be an authenticated user. An unregistered user should not be allowed to enter the corresponding site. Here, the user registers with the server.

2. Username and Password selection The User who registers to the site should contains a username and a password. Only the recognised user could creates his own user username and password.
3. Symmetric Key Generation This is the first stage of authentication. The symmetric key is generated for further security purposes. Symmetric Key, t, is generated as per the formula .

4. Static Private Key Generation Private key is to be produced in order to authenticate using public key authentication. The server generates a random number b and set it as static private key 5. Public Key Generation The server generates static public key based on the static private key. The public key is generated based on the equation y s = g b mod p y s = public key b = static private key

6. Pre-computation stage
This module deals with the generation of values and some computations required in the authentication. The user selects a random value x in Zq and computes yu = gx mod p

7. Reducing computational overhead

This module deals with the generation of values that reduces computational overhead in authentication and key exchange stage. The user computes c = g bx mod p and stores it.

8. Authentication

Mutual authentication is done between server and client. Session key is also generated. This module consists of 4 sub-modules

(8.1) A computes SIDA,

i=h(, t, i) f=h(, t ,IDA), e=E f ( y u ) sends (e, SIDA , i) to B.

8. Authentication
(8.2)

The computation of B

B replace and t stored in the database to SID A, i =h(, t, i) B finds a value matching SIDA, i sent by A After finding right and t, B acquires IDA B computes f=h(, t, IDA) and y u= D f(e) After decryption , B computes c= ( k=h(cg x) b mod p B selects a random value r. B computes sk=h(c, r, IDA) and MB= h(s k,, t, IDA) B sends r and M b to A.

8. Authentication
(8.3) Mutual Authentication

A computes the session key s k=h(c, r, IDA). A and B share the session key sk. A computes MB= h( s k, , t, IDA) and compares it with the MB = h ( s k, , t, y s ) and send it to B.

(8.4) Mutual Authentication by B

B computes MA= h(s k, , t, y s) and compares it with the MA sent by A. if so, B authenticates A as a legimate user. Now a mutual authentication between A and B is completed.

9. Key Exchange Stage The generated keys are exchanged. A and B produces its own session keys. They are exchanged in various stages of authentication in order to check its validity. 10. Successful/Unsuccessful Login stage User Login is checked and verified whether its successful or not. Its based upon the information provided by the user. The server checks the details and if the informations are found correct, the user is allowed to login successfully, else it shows Unsuccessful Login

REGISTRATION TABLE
FIELD ID PASSWORD USERNAME TYPE VARCHAR VARCHAR VARCHAR DESCRIPTION USER-ID PASSWORD USERNAME SIZE 50 50 50

LOGIN TABLE

FIELD

TYPE

DESCRIPTION

SIZE

ID
PASSWORD USERNAME

VARCHAR
VARCHAR VARCHAR

USER-ID
PASSWORD USERNAME

50
50 50

SUCCESSFUL TABLE

FIELD ID PASSWORD

TYPE VARCHAR VARCHAR

DESCRIPTION USER-ID PASSWORD

SIZE 50 50

USERNAME
SUCCESS

VARCHAR
VARCHAR

USERNAME
SUCCESS

50
50

DATA FLOW DIAGRAM

UML Use Case Diagrams can be used to describe the functionality of a system in a horizontal way, rather than merely representing. The details of individual features of the system in horizontal way. Rather than merely representing the details of individual features of the system, UCDs can be used to show all of its available functionality. It is important to note, though, that UCDs are fundamentally different from sequence diagrams or flow charts because they do not make any attempt to represent the order or number of times that the systems actions and sub-actions should be executed

REGISTRATION
Registration

User details

User details

User
Smart Card

Client

Server

User Register

LOGIN
Encrypted details

Registration Details

User

Client

Server

User Register

Smart Card

UCD(Use Case Diagram)

UCDs have only 4 major elements:
1.

2. 3.

4.

The actor ,that the system you are describing interacts with. The system itself. The use case or services, that the system knows how to perform The lines that represent relationships between these elements.

Here the actor is a person, organization or external system that plays a role in one or more interactions with the system. A use case describes a sequence of action that provides something of measurable value to an actor and is drawn as horizontal ellipse. A rectangle is drawn around the use cases called the system boundary box to indicate the scope of the system. Anything within the box represents functionality that is in scope and anything outside the box is not.

In the registration phase and the login phase is represented using UCD. The main entities include the user(the person who has the possession of smartcard),client(link between user and system),sever(function provider) and a database where the whole details about the user is being stored and updated.

The registration phase and the login phase is represented using UCD. The main entities include the user(the person who has the possession of smartcard),client(link between user and the system ) , server(function provider) and a database where the whole details about the user is being stored and updated.

In the registration phase, the user registers using the client which passes the user details onto the server which is stored on the database. The details will be entered onto the smartcard which the user has. In the login phase, the user registers using the smartcard. The client passes the encrypted details onto the server where it stores on the database.

FORM DESIGN OF REGISTRATION

FORM DESIGN OF LOGIN

Thank You !!

By, SHEEBA.L 2nd MSC CS AJK CAS