Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens  in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication

Authentication and transaction verification using QR codes with a mobile device

User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions

EARMARKED UTXO FOR ESCROW SERVICES AND TWO-FACTOR AUTHENTICATION ON THE BLOCKCHAIN

The security of accounts on the blockchain relies on securing private keys, but they are often lost or compromised due to loopholes in key management strategies or due to human error. With an increasing number of thefts in the last few years due to compromised wallets, the security of digital currency has become a significant concern, and no matter how sophisticated and secure mechanisms are put in place to avoid the security risks, it is impossible to achieve a 100% human compliance. This project introduces a novel concept of Earmarked Unspent Transaction Outputs (EUTXOs). EUTXOs enable every user on the blockchain to lock their funds to be spendable only to a designated set of users, even if the private key gets compromised. We validate the utility of EUTXOs by using it to implement an Escrow service in the blockchain to overcome the limitations introduced by traditional Escrow services. We also implement decentralized two-factor authentication (2FA) on the blockchain using EUTXOs and discuss the tradeoffs of this design

A Novel Authentication Method Using Multi-Factor Eye Gaze

A method for novel, rapid and robust one-step multi-factor authentication of a user is presented, employing multi-factor eye gaze. The mobile environment presents challenges that render the conventional password model obsolete. The primary goal is to offer an authentication method that competitively replaces the password, while offering improved security and usability. This method and apparatus combine the smooth operation of biometric authentication with the protection of knowledge based authentication to robustly authenticate a user and secure information on a mobile device in a manner that is easily used and requires no external hardware. This work demonstrates a solution comprised of a pupil segmentation algorithm, gaze estimation, and an innovative application that allows a user to authenticate oneself using gaze as the interaction medium

NFC Security Solution for Web Applications

Töö eesmärgiks on võrrelda erinevaid eksisteerivaid veebirakenduste turvalahendusi, analüüsida NFC sobivust turvalahenduste loomiseks ning pakkuda välja uus NFC autentimise ja signeerimise lahendus läbi Google Cloud Messaging teenuse ja NFC Java Card’i. Autori pakutud lahendus võimaldab kasutajal ennast autentida ja signeerida läbi NFC mobiiliseadme ja NFC Java Card’i, nõudmata kasutajalt eraldi kaardilugejat. Antud lahendust on võimalik kasutada kui ühtset kasutajatuvastamise viisi erinevatele rakendustele, ilma lisaarenduseta.This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made. This smart card solution can be used within multiple applications and gives the possibility to use same authentication solution within different applications

Uniqueness and Reproducibility of Trac Signatures, Journal of Telecommunications and Information Technology, 2015, nr 4

Usable user authentication is an important research topic. The traffic signature-based approach is a new authentication technology that identifies the devices used by online users based on traffic signatures, where the traffic signature is a statistic of the video stream delivered by the authentication server to the user device. This approach has two advantages. First, users need not do any operations regarding the device identification. Second, users need not be sensitive to the privacy loss and computer theft. In this paper, an author evaluates the uniqueness and reproducibility of the sig- nature by introducing a function that quantifies the distance between two signatures. Through number of experiments is demonstrated that the process interference approach has the advantage of generating new signatures that are sufficiently distinguishable from one another

A mobile-based system for enhancing interactive communication among people in the protected area: a case study on human-wildlife conflicts management in Ngorongoro conservation area and Serengeti national park in Tanzania

A Project Report submitted in Partial Fulfilment of the Requirements for the Degree of Master of Science in Embedded and Mobile Systems of the Nelson Mandela African Institution of Science and TechnologyOne of the core human rights is the right to the best possible health for humans and a balanced ecology for wildlife. Electric fences are the only way to prevent human-wildlife conflict, but they are ineffective in many countries due to the high cost of power management required to operate them. Camera trap management can help this problem, however, in underdeveloped nations like Tanzania, it fails to owe to poor GPS usage, which prevents the information from being reported to the protected area authority. The goal of this study is to create a mobile application A mobile-based human-wildlife conflict Management App) that would help to solve the human and wildlife conflicts within Tanzania’s Ngorongoro Conservation Area and Serengeti National Park. Mobile application captures video from camera trap and allows to report the information to the park rangers through live chatting. Interviews, observations, and questionnaires were used to gather information. The findings suggest that 93% from interviews and observation of people thought it to be really useful for receiving video from camera trap to the mobile app and able to report information to the protected area authority. The remaining 7% were unable to fix the problem due to a lack of smartphones and poor internet access within the protected area. Within the villages, the application may be used with a smartphone and a decent internet connection. People in the protected area gave the designed system positive feedback, with 95.2% of those who completed the system evaluation agreeing that the App should be used. Further development of the application would necessitate more functionality and improved internet accessibility