Thintoken: An RFID technology based alternative physical two-factor authentication method for PC web applications

By: Bueno, Theron Adrianne A.; Cruz, James Laurence A.; Lenizo, Jackilyn O.; Paz, Kristel Erica D.; Tuling, Jeanne Rose P
Language: English Publisher: . . c2023Description: Undergraduate Thesis: (Bachelor of Science in Computer Engineering) - Pamantasan ng Lungsod ng Maynila, 2023Content type: text Media type: unmediated Carrier type: volumeGenre/Form: academic writingDDC classification: . LOC classification: TK7890 B84 2023
Contents:
ABSTRACT: STATEMENT OF THE PROBLEM: As technology evolves, cybercriminals are attracted to attacking online spaces, with phishing being a prevalent crime. Current physical security keys are limited, and hardware-based 2FA methods are costly and complex, leading to slow adoption rates. To tackle this, the study aims to develop a efficient, and easier-to-use two-factor authentication device using RFID and the TOTP algorithm, with three components: reader, tag, and browser extension. The device called ThinToken will offer an alternative to existing 2FA options in the market. The following objectives about the development of ThinToken will be addressed in this research. 1. Develop a physical two-factor authentication device that can be used in authenticating into web applications that support the time-based one-time password (TOTP) standard. 2. To develop a physical 2FA device that is better than a existing USB-Based Physical 2FA system in terms of time-based efficiency. 3. To develop a physical 2FA device that is better than an existing USB-Based Physical 2FA system in terms of ease-to-use. RESEARCH METHODOLOGY: This research study will innovate the usual features of a security token using Radio Frequency Identification (RFID) and create a physical two-factor authenticator that holds the encrypted user secret in an RFID card/tag making it portable and lightweight. This research will employ the waterfall methodology in creating the ThinToken system that involves assessing the features of existing methods, designing, and implementing the system primarily using the time-based one-time password (TOTP) algorithm and AES encryption and evaluating the developed system. The System Usability Scale (SUS), which is a 10-item questionnaire, will be utilized to evaluate the system in terms of ease-of-use. The data will be analyzed using a paired t-test to compare YubiKey to ThinToker’s time-efficiency and ease-of-use. Furthermore, the findings will be presented using a table together with a statistical description. SUMMARY OF FINDINGS: A two-tailed t-test was conducted to compare the authentication time of ThinToken and YubiKey 5 NFC. The results showed a significant difference between the two devices, leading to the rejection of the null hypothesis. This suggests that ThinToken is a feasible alternative to YubiKey and is more time efficient. The mean value for ThinToken was also lower than that of Yubikey, indicating that ThinToken is marginally faster. The results of the two-tailed t-test indicate that ThinToken and YubiKey showed a significant difference in terms of ease-to-use, which led to the rejection of the null hypothesis. This suggests that ThnToken is a practical alternative and superior to the existing 2FA method in terms of ease-to-use. Additionally, ThinToken received a higher SUS score than YubiKey, with a rating of “Best Imaginable” on the objective scale. Meanwhile, Yubikey received a SUS score equivalent to an “Excellent” rating. CONCLUSION: Hardware-based 2FA methods provide a higher level of security than conventional single-factor authentication, their adoption rate has been hindered by various issues such as cost, complexity, and usability. To address this issue, the researchers developed an RFID-based technology physical 2FA system called ThinToken, which is faster and more user-friendly. The study evaluated ThinToken and Yubikey in terms of time-based efficiency, and usability, and found that ThinToken outperformed Yubikey in all aspects. ThinToken produces unique codes for each authentication attempt, limiting the possibility of successful attacks. It is significantly faster than Yubikey in terms of authentication time and scored higher in usability. Therefore, ThinToken is a viable alternative to existing physical 2FA devices that can provide an extra layer of security against phishing attacks. RECOMMENDATION: In light of the discoveries and deductions derived from this research, the subsequent feasible proposals are hereby put forth. Firstly, use ThinToken as a substitute for YubiKey for an economical and easy-to-use two-factor authentication solution that is user-friendly, and approximately 10.1% faster than YubiKey. Secondly, expand ThinToken website compatibility using AI to automate compatibility to more websites. Thirdly, improve ThinToken’s accuracy by addressing potential concerns with the device, such as user error, connectivity complications, or hardware constraints in future research. Fourthly, enhance ThinToken’s design and usability based on user feedback during the study to refine its features. Fifthly, broaden the research scope by conducting additional research with a more extensive and diverse sample of participants to substantiate the findings and generalize the results. Finally, explore alternative microcontroller options for ThinToken, which may provide enhanced performance, superior energy efficiency, or supplementary features, ultimately culminating in a more robust and versatile system.
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
Item type Current location Home library Collection Call number Status Date due Barcode Item holds
Thesis/Dissertation PLM
PLM
Filipiniana Section 		Filipiniana-Thesis TK7890 B84 2023 (Browse shelf) Available FT8832
Total holds: 0

ABSTRACT: STATEMENT OF THE PROBLEM: As technology evolves, cybercriminals are attracted to attacking online spaces, with phishing being a prevalent crime. Current physical security keys are limited, and hardware-based 2FA methods are costly and complex, leading to slow adoption rates. To tackle this, the study aims to develop a efficient, and easier-to-use two-factor authentication device using RFID and the TOTP algorithm, with three components: reader, tag, and browser extension. The device called ThinToken will offer an alternative to existing 2FA options in the market. The following objectives about the development of ThinToken will be addressed in this research. 1. Develop a physical two-factor authentication device that can be used in authenticating into web applications that support the time-based one-time password (TOTP) standard. 2. To develop a physical 2FA device that is better than a existing USB-Based Physical 2FA system in terms of time-based efficiency. 3. To develop a physical 2FA device that is better than an existing USB-Based Physical 2FA system in terms of ease-to-use. RESEARCH METHODOLOGY: This research study will innovate the usual features of a security token using Radio Frequency Identification (RFID) and create a physical two-factor authenticator that holds the encrypted user secret in an RFID card/tag making it portable and lightweight. This research will employ the waterfall methodology in creating the ThinToken system that involves assessing the features of existing methods, designing, and implementing the system primarily using the time-based one-time password (TOTP) algorithm and AES encryption and evaluating the developed system. The System Usability Scale (SUS), which is a 10-item questionnaire, will be utilized to evaluate the system in terms of ease-of-use. The data will be analyzed using a paired t-test to compare YubiKey to ThinToker’s time-efficiency and ease-of-use. Furthermore, the findings will be presented using a table together with a statistical description. SUMMARY OF FINDINGS: A two-tailed t-test was conducted to compare the authentication time of ThinToken and YubiKey 5 NFC. The results showed a significant difference between the two devices, leading to the rejection of the null hypothesis. This suggests that ThinToken is a feasible alternative to YubiKey and is more time efficient. The mean value for ThinToken was also lower than that of Yubikey, indicating that ThinToken is marginally faster. The results of the two-tailed t-test indicate that ThinToken and YubiKey showed a significant difference in terms of ease-to-use, which led to the rejection of the null hypothesis. This suggests that ThnToken is a practical alternative and superior to the existing 2FA method in terms of ease-to-use. Additionally, ThinToken received a higher SUS score than YubiKey, with a rating of “Best Imaginable” on the objective scale. Meanwhile, Yubikey received a SUS score equivalent to an “Excellent” rating. CONCLUSION: Hardware-based 2FA methods provide a higher level of security than conventional single-factor authentication, their adoption rate has been hindered by various issues such as cost, complexity, and usability. To address this issue, the researchers developed an RFID-based technology physical 2FA system called ThinToken, which is faster and more user-friendly. The study evaluated ThinToken and Yubikey in terms of time-based efficiency, and usability, and found that ThinToken outperformed Yubikey in all aspects. ThinToken produces unique codes for each authentication attempt, limiting the possibility of successful attacks. It is significantly faster than Yubikey in terms of authentication time and scored higher in usability. Therefore, ThinToken is a viable alternative to existing physical 2FA devices that can provide an extra layer of security against phishing attacks. RECOMMENDATION: In light of the discoveries and deductions derived from this research, the subsequent feasible proposals are hereby put forth. Firstly, use ThinToken as a substitute for YubiKey for an economical and easy-to-use two-factor authentication solution that is user-friendly, and approximately 10.1% faster than YubiKey. Secondly, expand ThinToken website compatibility using AI to automate compatibility to more websites. Thirdly, improve ThinToken’s accuracy by addressing potential concerns with the device, such as user error, connectivity complications, or hardware constraints in future research. Fourthly, enhance ThinToken’s design and usability based on user feedback during the study to refine its features. Fifthly, broaden the research scope by conducting additional research with a more extensive and diverse sample of participants to substantiate the findings and generalize the results. Finally, explore alternative microcontroller options for ThinToken, which may provide enhanced performance, superior energy efficiency, or supplementary features, ultimately culminating in a more robust and versatile system.

Filipiniana

There are no comments for this item.

to post a comment.

© Copyright 2024 Phoenix Library Management System - Pinnacle Technologies, Inc. All Rights Reserved.