Please use this identifier to cite or link to this item:
|Title:||Software security token for authentication||Authors:||Lim, Jason||Keywords:||DRNTU::Engineering::Computer science and engineering||Issue Date:||2015||Abstract:||In our security-conscious society today, two factor authentication has been widely deployed for user authentication. In particular, usage of software-based security tokens has been increasingly favoured among organisations because it is cheap and convenient. However, there are concerns that software-based tokens are not as secure compared to hardware-based tokens, as software-based tokens are vulnerable to duplication attacks and malware residing on the underlying computing device. Hence, this project aims to design a system that can address these issues. The current implementation of the two factor authentication for smartphone has been surveyed to determine how the implementation can be improved. Methods that can uniquely identify individual smartphones have been explored and discussed. An experiment based on the HTML5 fingerprinting canvas has been conducted to ascertain its feasibility as a novel method for two factor authentication. Despite not having favourable results, a two factor authentication system based on fingerprinting canvas was designed and carried out. The system is able to generate a one-time password consistently for a smartphone and protect itself against malware. However, it could only partially mitigate duplication attacks. Despite not being able to provide full protection against duplication attacks, there are still some advantages of employing the fingerprinting canvas for a two factor authentication system such as tying the generation of OTP to a physical device and serving as a deterrence to potential attackers.||URI:||http://hdl.handle.net/10356/62676||Rights:||Nanyang Technological University||Fulltext Permission:||restricted||Fulltext Availability:||With Fulltext|
|Appears in Collections:||SCSE Student Reports (FYP/IA/PA/PI)|
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.