An Improved Time-Based One Time Password Authentication Framework for Electronic Payments

Hassan, Arif; Shukur, Zarina; Kamrul, Mohammad

doi:10.14569/ijacsa.2020.0111146

Cited by 9 publications

(9 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3) Cryptography authentication: Cryptography or encryption authentication is believed to provide confidentiality and integrity to the system security [44]. Generally, cryptography uses an asymmetric cryptosystem to exchange the secret key and then employ faster secret key algorithms to ensure confidentiality of the data stream.…”

Section: A Proposed Mfa Frameworkmentioning

confidence: 99%

A Systematic Review on Multi-Factor Authentication Framework

Syahreen,

Hafizah,

Maarop

et al. 2024

ijacsa

View full text Add to dashboard Cite

In the new era of technology, where information can be accessed and gained at the push of a button, security concerns are raised about protecting the system and data privacy and confidentiality. Traditional ways of user authentication are vulnerable to multiple attacks across all platforms. Various studies propose the use of more than one authentication process to enhance the security level of a system, either hosted on-premise or on the cloud. However, there is limited study on guidelines and appropriate authentication frameworks that suit the needs of an organization. A systematic literature review of a Multi-Factor Authentication framework was conducted through five primary databases: Scopus, IEEE, Science Direct, Springer Link, and Web of Science. The review examined the proposed solution and the underlying methods in a Multi-Factor Authentication framework. Numerous authentication methods were combined to address specific system and data security challenges. The most common authentication method is biometric authentication, which addresses the uniqueness of the user's biological identity. The majority of the proposed solutions were proof of concept and require a pilot test or experiment in the future.

show abstract

Section: A Proposed Mfa Frameworkmentioning

confidence: 99%

A Systematic Review on Multi-Factor Authentication Framework

Syahreen,

Hafizah,

Maarop

et al. 2024

ijacsa

View full text Add to dashboard Cite

show abstract

“…The server will generate QR-code containing a five digits randomized numbers as shown in Figure 2. This randomized number is acting as one time password (OTP) which appears to be a robust and secure solution in many sensitive data transactions such as electronic payments [22], online transactions [23], secured data accessing systems [24], and corporate information systems [25]. Each digit is filled with a random number from zero to nine.…”

Section: Qr-code Scanningmentioning

confidence: 99%

Randomized QR-code scanning for a low-cost secured attendance system

Imanullah

Reswan

2022

IJECE

View full text Add to dashboard Cite

<span>Human resource management requires good documentation and good data processing. In workspaces such as offices and factories, employee salaries are determined by calculating attendance at each hour of work. Tracking and collecting attendance data for a large number of employees is a difficult thing to do. We need a secure system to facilitate the process of collecting and tracking presence data. We propose an attendance system that uses random quick response code (QR-codes) as one time password (OTP) to improve security. Employees are required to scan the QR-code within ten seconds before it is changed and randomized each time. The proposed attendance system facilitates data collection using employees’ smartphones and Mac-Address as unique identification numbers. The system is able to track employees’ arrival and departure times. We have implemented the system at the local university to collect lecturer attendance data then analyze its security and statistic in all scanning activities. The average time needed by a user to authenticate their presence in the system is 25.8877 seconds. The steps needed to sign in and out from the system are fewer than other previous researches. Those findings tell us that the approach is straightforward and more uncomplicated than other proposed methods. We conclude that randomized QR-code scanning is a relevant scheme to be applied in a secure attendance system.</span>

show abstract

“…A majority of the user authentication and even bank access controls for internet banking systems are based on KBA due to its features and familiarity to the provider and user [6]. However, the KBA is prone to different kinds of attacks such as brute-force attacks [16][17][18], rainbow table attacks [19,20], dictionary attacks [21][22][23], social engineering [10,[24][25][26], phishing [27,28], framework for man-in-the-middle attacks (MITMF) [29,30], password-based attacks [16,31], session hijacking [32], and malware [28,33,34].…”

Section: Literature Reviewmentioning

confidence: 99%

Device Identity-Based User Authentication on Electronic Payment System for Secure E-Wallet Apps

Hassan

Shukur

2021

Electronics

Self Cite

View full text Add to dashboard Cite

E-wallets are a modern electronic payment system technology that easily recognize consumer interest, making our transactions very convenient and efficient. E-wallets are intended to substitute the existing physical wallet, which may tell others something about us as a person. That is why using a physical wallet is a unique, personal experience that cannot be duplicated. A solution would be to replace the physical wallet with an e-wallet on an existing mobile device. The personal nature of the e-wallet is that it should be installed on a unique device. One of the fundamental protections against any illegal access to e-wallet application is through authentication. In particular, the fundamental authentication category used in an existing e-wallet is based on knowledge (i.e., what you know), ownership (i.e., what you have), and biometric (i.e., what you are) authentication, which are sometimes prone to security threats such as account takeover, sim swapping, app cloning, or know your customer verification attacks. The design of an e-wallet authentication on mobile device solution must take into consideration the intensity of the security. To address this problem, this study proposes a design of e-wallet apps with an extension security element that focuses on the device identity in the existing user authentication mechanism. This study covers four fundamental categories of authentication: password, one time password, fingerprints, and international mobile equipment identifier. Using IMEI limits an e-wallet to be in one specific device in one time; this brings it into line with the nature of a physical wallet. In addition, it will be ready to handle the mentioned threats above, which will ultimately result in the far more reliable to use of e-wallet apps. The proposed authentication design has two phases, a registration phase and an authentication phase. The proposed method has been developed and implemented based on an Android Studio Firebase real-time database management and PayPal. In addition, the complete design has been evaluated using functional requirement testing to see how closely it meets functionality requirements. The results obtained from functional testing show that the functionalities of the proposed method meet the requirements, and one cannot use a same account on two devices; hence, it is secure from attacks. The result also shows that the proposed method has no errors. Moreover, it has been shown that our proposed method has better security parameters in terms of the existing method.

show abstract

An Improved Time-Based One Time Password Authentication Framework for Electronic Payments

Cited by 9 publications

References 26 publications

A Systematic Review on Multi-Factor Authentication Framework

A Systematic Review on Multi-Factor Authentication Framework

Randomized QR-code scanning for a low-cost secured attendance system

Device Identity-Based User Authentication on Electronic Payment System for Secure E-Wallet Apps

Contact Info

Product

Resources

About