Handheld hybrid offline OTP authentication framework /
Numerous applications are widespread on Internet and mobile communications that transfer personal information and money. Foolproof user authentication becomes imperative in such applications for confirming customer legitimacy. One pragmatic solution for user authentication is that of employing One T...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
Kuala Lumpur :
Kulliyyah of Engineering, International Islamic University Malaysia,
2021
|
| Subjects: | |
| Online Access: | http://studentrepo.iium.edu.my/handle/123456789/11058 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| LEADER | 055020000a22004210004500 | ||
|---|---|---|---|
| 008 | 220425s2021 my a f m 000 0 eng d | ||
| 040 | |a UIAM |b eng |e rda | ||
| 041 | |a eng | ||
| 043 | |a a-my--- | ||
| 050 | 0 | 0 | |a HG1708.7 |
| 100 | 1 | |a Khan, Burhan Ul Islam |9 10444 |e author | |
| 245 | 1 | |a Handheld hybrid offline OTP authentication framework / |c by Burhan Ul Islam Khan | |
| 264 | 1 | |a Kuala Lumpur : |b Kulliyyah of Engineering, International Islamic University Malaysia, |c 2021 | |
| 300 | |a xxiv, 296 leaves : |b illustrations ; |c 30 cm. | ||
| 336 | |2 rdacontent |a text | ||
| 337 | |2 rdamedia |a unmediated | ||
| 337 | |2 rdamedia |a computer | ||
| 338 | |2 rdacarrier |a volume | ||
| 338 | |2 rdacarrier |a online resource | ||
| 347 | |2 rdaft |a text file |b PDF | ||
| 500 | |a Abstracts in English and Arabic. | ||
| 500 | |a "A thesis submitted in fulfilment of the requirement for the degree of Doctor of Philosophy (Engineering)." --On title page. | ||
| 502 | |a Thesis (Ph.D)--International Islamic University Malaysia, 2021. | ||
| 504 | |a Includes bibliographical references (leaves 239-258). | ||
| 520 | |a Numerous applications are widespread on Internet and mobile communications that transfer personal information and money. Foolproof user authentication becomes imperative in such applications for confirming customer legitimacy. One pragmatic solution for user authentication is that of employing One Time Password (OTP) with validity for a single transaction or session. Two contextually active user authentication models for internet banking in Malaysia include i.) Receiving OTP over the phone via an SMS, ii.) Generating the OTP over a dedicated hardware token provided by the Bank. SMS OTPs are the most common means used for access control over different online applications, especially Internet banking. However, with this setup, the password generated remains afloat in an unsecured cellular network, thereby increasing the probability of security breaches. Additionally, users need to maintain two active communication channels (Cellular & Internet) with the Authentication Server for proving legitimacy. Other inherent problems include delay-in-delivery, coverage areas/unavailability of service, roaming restrictions, dependency on government regulations, etc. Usage of dedicated hardware for OTP generation is also quite popular. Some of these tokens can even generate OTPs asynchronously. However, this setup brings forth additional logistical and administrative burdens for the customers. Besides, users availing multiple service providers need to maintain distinct tokens for each service. The research focussed on developing a standalone authentication framework for generating unique OTPs from trusted handheld devices using a hybrid approach (based on time as well as challenge response strategy), complying with the degree of authentication assertion essential for Internet-banking applications. The prime intent is to eradicate dependence over additional cellular communication channels and eliminate the use of extra hardware tokens for generating/receiving OTPs by Internet banking clients without compromising the security traits of the system. The proposed authentication framework generates time-based dynamic authentication components (OTPs) in an offline manner (without requiring any cellular or internet connectivity) on user's smartphones by invoking possession, knowledge, and inherence factors of legitimate users. This is achieved by asynchronously operating secure random challenge formations as hash counters upon dynamic seeds, comprising of varying current timestamps, distinct device and identity profiles. It drastically reduces the operational costs, improves upon security, scalability, and convenience factors. Additionally, the system has been equipped to generate OTPs as three Bahasa Malaysia dictionary words as the usage of native language words during verification could help clients to feel more confident and secure compared to making foreign-language entries. The system has been implemented and examined for leading mobile/desktop platforms to ascertain its technical adoptability. The results of performance metrics obtained employing the confusion matrix with Accuracy = 98.55%, Error rate = 1.45%, Specificity = 100%, Alarm rate = 0%, Recall = 98.40% and Precision = 100% validate the authentication robustness. The generation and extraction aspects of the hybrid OTP design are comparatively analysed against prior asynchronous/synchronous OTP generation schemes. Furthermore, the authentication framework is comparatively comprehensively parsed for its ability to thwart common authentication attacks over the Internet. | ||
| 650 | 0 | |a Internet banking |z Malaysia |9 17325 | |
| 650 | 0 | |a Electronic funds transfers |x Security measures |z Malaysia |9 17330 | |
| 650 | 0 | |a Mobile commerce |z Malaysia |9 17331 | |
| 655 | |a Theses, IIUM local | ||
| 690 | |a Dissertations, Academic |x Kulliyyah of Engineering |z IIUM |9 4824 | ||
| 700 | 1 | |a Rashidah Funke Olanrewaju |e degree supervisor |9 10445 | |
| 700 | 1 | |a Farhat Anwar |e degree supervisor |9 10446 | |
| 710 | 2 | |a International Islamic University Malaysia. |b Kulliyyah of Engineering |9 4827 | |
| 856 | 4 | |u http://studentrepo.iium.edu.my/handle/123456789/11058 | |
| 900 | |a sz-asbh | ||
| 942 | |c THESIS |2 lcc |n 0 | ||
| 999 | |c 502631 |d 534048 | ||
| 952 | |0 0 |1 0 |2 lcc |4 0 |6 T H G 01708.00007 K00045H 02021 |7 3 |8 IIUMTHESIS |9 981755 |a IIUM |b IIUM |c THESIS |d 2022-08-04 |g 0.00 |o t HG 1708.7 K45H 2021 |p 11100429181 |r 1900-01-02 |t 1 |v 0.00 |y THESIS | ||