Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Login hardening with Multi-factor Authentication

Bergman, Michaela LU (2021) EITM01 20211
Department of Electrical and Information Technology
Abstract
The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from... (More)
The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from research papers, books, and studies about authentication and authenticators, to do a small study about account recovery, and to investigate and analyze the currently used authentication system to implement a multi-factor authenticator that extends the system. The key objectives of the project were gaining an in-depth knowledge of multi-factor authentication, the OpenID Connect protocol and how it can be used in a system, and the implementation of a multi-factor authenticator that would utilize a combination of username/password authentication (knowledge factor), a smartphone (ownership factor), and biometric authentication (biometric factor). The implementation consists of a plugin that extends the current system and an Android application. The application authenticates the user with the built-in fingerprint sensor and creates a time-based one time password (TOTP), i.e., the application is an authenticator that combines TOTP with fingerprint so that the fingerprint never leaves the device, which mitigates the risk of biometric factor leaks. A key conclusion of this project is that the security level of the authenticator is decreased to the security level of its fallback method, in the case where the fallback method is less secure. This fallback method is used in case the user loses, for example, its email address or device. (Less)
Please use this url to cite or link to this publication:
author
Bergman, Michaela LU
supervisor
organization
course
EITM01 20211
year
type
H2 - Master's Degree (Two Years)
subject
keywords
multi-factor authentication, authentication, security, usability, cost, biometrics, biometric authentication, openid connect, oauth 2.0, PKCE, account recovery, security threats, authentication factors
report number
LU/LTH-EIT 2021-828
language
English
id
9058361
date added to LUP
2021-06-29 10:49:34
date last changed
2021-06-29 10:49:34
@misc{9058361,
  abstract     = {{The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from research papers, books, and studies about authentication and authenticators, to do a small study about account recovery, and to investigate and analyze the currently used authentication system to implement a multi-factor authenticator that extends the system. The key objectives of the project were gaining an in-depth knowledge of multi-factor authentication, the OpenID Connect protocol and how it can be used in a system, and the implementation of a multi-factor authenticator that would utilize a combination of username/password authentication (knowledge factor), a smartphone (ownership factor), and biometric authentication (biometric factor). The implementation consists of a plugin that extends the current system and an Android application. The application authenticates the user with the built-in fingerprint sensor and creates a time-based one time password (TOTP), i.e., the application is an authenticator that combines TOTP with fingerprint so that the fingerprint never leaves the device, which mitigates the risk of biometric factor leaks. A key conclusion of this project is that the security level of the authenticator is decreased to the security level of its fallback method, in the case where the fallback method is less secure. This fallback method is used in case the user loses, for example, its email address or device.}},
  author       = {{Bergman, Michaela}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Login hardening with Multi-factor Authentication}},
  year         = {{2021}},
}