1. Digital Library of University of Colombo School of Computing
  2. Thesis & Dissertations
  3. Postgraduate Thesis Collection
  4. Master’s Degree Programmes
  5. Master of Information Security (MIS)
  6. Archival Collections of Thesis - Masters of Infomation Security
  7. Master of Science in Information Security - 2015
Please use this identifier to cite or link to this item: https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3306
Title: Secure OTP Distribution Scheme for Authentication
Authors: Kumuthini, V.
Issue Date: 3-Dec-2015
Abstract: Today security concerns are on the rise in all areas industries such as banks, governmental applications, healthcare industries, military organizations, educational institutions etc, with one common weak link being “passwords”. Passwords dominate our lives these days; they are part and parcel of spending time online. From the user’s perspective, managing number of credentials for different electronic services is problematic and can lead to insecure practices like sharing a common password. Protocols like Kerberos, Radius and Single Sign On (SSO) methods are some of the existing attempts to implement central authentication mechanism for user authentication. Something user knows (passwords, personal identification number, etc.) and something the user has (smart cards, tokens, etc.) are the main authentication factors available for the said protocols. Something user is (finger print, iris, etc.) considered as the most fail-safe among the factors of authentication. An improved user-friendly Secure One Time Password Distribution Scheme for Authentication using Quick Response (QR) code is proposed in this project which is needless for users to input authentication information at the user terminal. A system is built that allows users to log in to a web service in their browser by scanning a QR code embedded on the page from their smartphone. The proposed scheme uses a known smart phone (Android) as a second factor to decode an encrypted message transferred as a QR code and read via a camera on the mobile device with the mobile application developed for this purpose. A one-time passcode is produced from this for authentication. The proposed scheme improves the security and usability of multi-factor authentication and transaction verification without requiring increased investment in hardware or user training. In this paper, I present the method of the user authentication, and evaluate the usability and the security. This objective of this study is whether general users can use more secure authentication easily without high cost and effort while they avoid troubles with eavesdropping of authentication information unlike fix password methods.
URI: http://hdl.handle.net/123456789/3306
Appears in Collections:Master of Science in Information Security - 2015

Files in This Item:
File Description SizeFormat 
2012MIS021.pdf
  Restricted Access		3.8 MBAdobe PDFView/Open Request a copy
Show full item record


Items in UCSC Digital Library are protected by copyright, with all rights reserved, unless otherwise indicated.