Handheld hybrid offline OTP authentication framework /

Numerous applications are widespread on Internet and mobile communications that transfer personal information and money. Foolproof user authentication becomes imperative in such applications for confirming customer legitimacy. One pragmatic solution for user authentication is that of employing One T...

Full description

Saved in:
Bibliographic Details
Main Author: Khan, Burhan Ul Islam (Author)
Format: Thesis
Language:English
Published: Kuala Lumpur : Kulliyyah of Engineering, International Islamic University Malaysia, 2021
Subjects:
Online Access:http://studentrepo.iium.edu.my/handle/123456789/11058
Tags: Add Tag
No Tags, Be the first to tag this record!
LEADER 055020000a22004210004500
008 220425s2021 my a f m 000 0 eng d
040 |a UIAM  |b eng  |e rda 
041 |a eng 
043 |a a-my---  
050 0 0 |a HG1708.7 
100 1 |a Khan, Burhan Ul Islam  |9 10444  |e author 
245 1 |a Handheld hybrid offline OTP authentication framework /  |c by Burhan Ul Islam Khan 
264 1 |a Kuala Lumpur :   |b Kulliyyah of Engineering, International Islamic University Malaysia,   |c 2021 
300 |a xxiv, 296 leaves :  |b illustrations ;  |c 30 cm. 
336 |2 rdacontent  |a text 
337 |2 rdamedia  |a unmediated 
337 |2 rdamedia  |a computer 
338 |2 rdacarrier  |a volume 
338 |2 rdacarrier  |a online resource 
347 |2 rdaft  |a text file  |b PDF 
500 |a Abstracts in English and Arabic. 
500 |a "A thesis submitted in fulfilment of the requirement for the degree of Doctor of Philosophy (Engineering)." --On title page. 
502 |a Thesis (Ph.D)--International Islamic University Malaysia, 2021. 
504 |a Includes bibliographical references (leaves 239-258). 
520 |a Numerous applications are widespread on Internet and mobile communications that transfer personal information and money. Foolproof user authentication becomes imperative in such applications for confirming customer legitimacy. One pragmatic solution for user authentication is that of employing One Time Password (OTP) with validity for a single transaction or session. Two contextually active user authentication models for internet banking in Malaysia include i.) Receiving OTP over the phone via an SMS, ii.) Generating the OTP over a dedicated hardware token provided by the Bank. SMS OTPs are the most common means used for access control over different online applications, especially Internet banking. However, with this setup, the password generated remains afloat in an unsecured cellular network, thereby increasing the probability of security breaches. Additionally, users need to maintain two active communication channels (Cellular & Internet) with the Authentication Server for proving legitimacy. Other inherent problems include delay-in-delivery, coverage areas/unavailability of service, roaming restrictions, dependency on government regulations, etc. Usage of dedicated hardware for OTP generation is also quite popular. Some of these tokens can even generate OTPs asynchronously. However, this setup brings forth additional logistical and administrative burdens for the customers. Besides, users availing multiple service providers need to maintain distinct tokens for each service. The research focussed on developing a standalone authentication framework for generating unique OTPs from trusted handheld devices using a hybrid approach (based on time as well as challenge response strategy), complying with the degree of authentication assertion essential for Internet-banking applications. The prime intent is to eradicate dependence over additional cellular communication channels and eliminate the use of extra hardware tokens for generating/receiving OTPs by Internet banking clients without compromising the security traits of the system. The proposed authentication framework generates time-based dynamic authentication components (OTPs) in an offline manner (without requiring any cellular or internet connectivity) on user's smartphones by invoking possession, knowledge, and inherence factors of legitimate users. This is achieved by asynchronously operating secure random challenge formations as hash counters upon dynamic seeds, comprising of varying current timestamps, distinct device and identity profiles. It drastically reduces the operational costs, improves upon security, scalability, and convenience factors. Additionally, the system has been equipped to generate OTPs as three Bahasa Malaysia dictionary words as the usage of native language words during verification could help clients to feel more confident and secure compared to making foreign-language entries. The system has been implemented and examined for leading mobile/desktop platforms to ascertain its technical adoptability. The results of performance metrics obtained employing the confusion matrix with Accuracy = 98.55%, Error rate = 1.45%, Specificity = 100%, Alarm rate = 0%, Recall = 98.40% and Precision = 100% validate the authentication robustness. The generation and extraction aspects of the hybrid OTP design are comparatively analysed against prior asynchronous/synchronous OTP generation schemes. Furthermore, the authentication framework is comparatively comprehensively parsed for its ability to thwart common authentication attacks over the Internet. 
650 0 |a Internet banking  |z Malaysia  |9 17325 
650 0 |a Electronic funds transfers  |x Security measures  |z Malaysia  |9 17330 
650 0 |a Mobile commerce  |z Malaysia  |9 17331 
655 |a Theses, IIUM local 
690 |a Dissertations, Academic  |x Kulliyyah of Engineering  |z IIUM  |9 4824 
700 1 |a Rashidah Funke Olanrewaju  |e degree supervisor  |9 10445 
700 1 |a Farhat Anwar   |e degree supervisor  |9 10446 
710 2 |a International Islamic University Malaysia.  |b Kulliyyah of Engineering  |9 4827 
856 4 |u http://studentrepo.iium.edu.my/handle/123456789/11058 
900 |a sz-asbh 
942 |c THESIS  |2 lcc  |n 0 
999 |c 502631  |d 534048 
952 |0 0  |1 0  |2 lcc  |4 0  |6 T H G 01708.00007 K00045H 02021  |7 3  |8 IIUMTHESIS  |9 981755  |a IIUM  |b IIUM  |c THESIS  |d 2022-08-04  |g 0.00  |o t HG 1708.7 K45H 2021  |p 11100429181  |r 1900-01-02  |t 1  |v 0.00  |y THESIS