04-02-2013, 11:32 AM
PROJECT SYNOPSIS ON RSA Secure ID Tokens Using Bluetooth
1Secure ID Tokens.pdf (Size: 105.03 KB / Downloads: 46)
Abstract
Today security concerns are on the rise in all areas such as banks,
governmental applications, healthcare industry, military organization, educational
institutions, etc. where traditional password have huge number of
technique to steal password. Our project describes a method of implementing
two factor authentications using mobile phones. Mobile phones are used by
most of people and today every mobile have Bluetooth connectivity. We use
Bluetooth service to get security tokens from the personal computer, Laptops
to authenticate a legal user. Authentication is done in a very secure manner.
The proposed system involves using a mobile phone as a software token for
One Time Password generation [OTP].
A one-time password (OTP) is a single-use value that authenticates a
user for access to a protected resource. In most implementations the use of
OTPs requires access to an on-line authentication service to verify the value
supplied by the user. We propose a scheme, where tokens are generated by
system is send on the mobile device via Bluetooth. This scheme allows OTPs
to be used for local authentication without exposing the long-term secret used
to generate the OTP values. The generated One Time Password is valid for
only a short user-dened period of time.
Introduction
Today security concerns are on the rise in all areas such as banks, governmental
applications, healthcare industry, military organization, educational
institutions, etc. Government organizations are setting standards, passing
laws and forcing organizations and agencies to comply with these standards
with non-compliance being met with wide-ranging consequences. There are
several issues when it comes to security concerns in these numerous and varying
industries with one common weak link being passwords.
Research Problem Address
Several 'proper' strategies for using passwords have been proposed. Some
of which are very dicult to use and others might not meet the company's
security concerns. Two factor authentication using devices such as tokens
and ATM cards have been proposed to solve the password problem and have
shown to be dicult to hack. Two factor authentications also have disadvantages
which include the cost of purchasing, issuing, and managing the tokens
Research Problem Address
Several 'proper' strategies for using passwords have been proposed. Some
of which are very dicult to use and others might not meet the company's
security concerns. Two factor authentication using devices such as tokens
and ATM cards have been proposed to solve the password problem and have
shown to be dicult to hack. Two factor authentications also have disadvantages
which include the cost of purchasing, issuing, and managing the tokens
Connection-Less Authentication System:
A one-time password (OTP) is generated without connecting the client
to the server. The mobile phone will act as a token and use certain factors
unique to it among other factors to generate a one-time password locally.
The server will have all the required factors including the ones unique to
each mobile phone in order to generate the same password at the server side
and compare it to the password submitted by the client. The client may
submit the password online or through a device such as an ATM machine. A
program will be installed on the client's mobile phone to generate the OTP.
SMS-Based Authentication System:
In case the rst method fails to work, the password is rejected, or the
client and server are out of sync, the mobile phone can request the one time
password directly from the server without the need to generate the OTP locally
on the mobile phone. In order for the server to verify the identity of
the user, the mobile phone sends to the server, via an SMS message, information
unique to the user. The server checks the SMS content and if correct,
returns a randomly generated OTP to the mobile phone. The user will then
have a given amount of time to use the OTP before it expires. Note that this
method will require both the client and server to pay for the telecommunication
charges of sending the SMS message.