Login hardening with Multi-factor Authentication
(2021) EITM01 20211Department of Electrical and Information Technology
- Abstract
- The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from... (More)
- The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from research papers, books, and studies about authentication and authenticators, to do a small study about account recovery, and to investigate and analyze the currently used authentication system to implement a multi-factor authenticator that extends the system. The key objectives of the project were gaining an in-depth knowledge of multi-factor authentication, the OpenID Connect protocol and how it can be used in a system, and the implementation of a multi-factor authenticator that would utilize a combination of username/password authentication (knowledge factor), a smartphone (ownership factor), and biometric authentication (biometric factor). The implementation consists of a plugin that extends the current system and an Android application. The application authenticates the user with the built-in fingerprint sensor and creates a time-based one time password (TOTP), i.e., the application is an authenticator that combines TOTP with fingerprint so that the fingerprint never leaves the device, which mitigates the risk of biometric factor leaks. A key conclusion of this project is that the security level of the authenticator is decreased to the security level of its fallback method, in the case where the fallback method is less secure. This fallback method is used in case the user loses, for example, its email address or device. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9058361
- author
- Bergman, Michaela LU
- supervisor
-
- Ben Smeets LU
- organization
- course
- EITM01 20211
- year
- 2021
- type
- H2 - Master's Degree (Two Years)
- subject
- keywords
- multi-factor authentication, authentication, security, usability, cost, biometrics, biometric authentication, openid connect, oauth 2.0, PKCE, account recovery, security threats, authentication factors
- report number
- LU/LTH-EIT 2021-828
- language
- English
- id
- 9058361
- date added to LUP
- 2021-06-29 10:49:34
- date last changed
- 2021-06-29 10:49:34
@misc{9058361, abstract = {{The aim with this Master’s Thesis work was to conduct research about different available authenticators, as well as implementing a multi-factor authenticator into the currently used login-application. The research included biometric authentication technologies, and investigation of how to implement these to create a highly secure and customizable multi-factor authentication for My Axis-accounts for Axis Communications in Lund. A part of the research was to investigate and compare weaknesses, vulnerabilities, trade-offs, practical considerations, and security storage for common authenticators, as well as recovery and support for the loss of an authentication factor. The method used to achieve these goals was to collect information from research papers, books, and studies about authentication and authenticators, to do a small study about account recovery, and to investigate and analyze the currently used authentication system to implement a multi-factor authenticator that extends the system. The key objectives of the project were gaining an in-depth knowledge of multi-factor authentication, the OpenID Connect protocol and how it can be used in a system, and the implementation of a multi-factor authenticator that would utilize a combination of username/password authentication (knowledge factor), a smartphone (ownership factor), and biometric authentication (biometric factor). The implementation consists of a plugin that extends the current system and an Android application. The application authenticates the user with the built-in fingerprint sensor and creates a time-based one time password (TOTP), i.e., the application is an authenticator that combines TOTP with fingerprint so that the fingerprint never leaves the device, which mitigates the risk of biometric factor leaks. A key conclusion of this project is that the security level of the authenticator is decreased to the security level of its fallback method, in the case where the fallback method is less secure. This fallback method is used in case the user loses, for example, its email address or device.}}, author = {{Bergman, Michaela}}, language = {{eng}}, note = {{Student Paper}}, title = {{Login hardening with Multi-factor Authentication}}, year = {{2021}}, }