A

PROPOSAL ON

DEVELOPMENT OF TWO-FACTOR AUTHENTICATION

SYSTEM FOR MOBILE APPLICATION

BY
AKINYEMI KEMI FEYISAYO
FPA/CS/21/3-0062

SUBMITTED TO:

DEPARTMENT OF COMPUTER SCIENCE,

SCHOOL OF SCIENCE AND COMPUTER STUDIES
THE FEDERAL POLYTECHNIC, ADO EKITI, EKITI STATE
NIGERIA

IN PARTIAL FULFILMENT OF AWARD OF HIGHER

NATIONAL (HND) DIPLOMA IN COMPUTER SCIENCE

SUPERVISOR: MRS. ABIODUN

1.0 INTRODUCTION

1.1 BACKGROUND OF THE STUDY

An important aspect in the research field of information security is the use of authentication, and

it focuses on methods for logging individuals into systems. Authentication is the process of

establishing the appropriate level of assurance or confidence in the identity of the individual

demanding access to any records. Identity authentication is very crucial in confirming that

records (e.g. student’s records, results etc.) are received or transferred by the authorized or

envisioned recipient or sender. Authentication is achieved through various techniques using

authentication factors. The type of authentication factors to be employed depend solely on the

sensitivity of educational records being retrieved. A simple authentication method can be

formulated plainly as “Something we know”, such as a password or PIN (personal identification

number), or “Something we have”, such as biometric data. Apart from that, other categories,

such as “something we do,” such as an Access Point Button, can be included in this taxonomy

(WPS), “Somewhere we are”, such as locationbased cellular networks that can use a claimed

identity to verify or challenge. The last category can reduce risk, but does not directly increase

the level of security. Standard authentication techniques can be used independently or in tandem

with others. Multifactor authentication is a means of creating better authentication processes and

increasing system security by combining multiple authentication methods.

Some graphical-based password methods have been used such as:

i. Knowledge-based Technique (KBT) which is based on confidential information that only

the user knows is the most common and widely used authentication method. Including

low cost and ease of implementation, scalability, and extensive user knowledge.
 ii. Attribute-based Technique (Biometric): which is based on the distinctiveness of a user’s

human qualities?

iii. Possession-based Technique (Token): which deals with the use of tangible items to

represent a user’s identity in order to gain access to a system?

Passwords are unique combination of characters, numbers, or words that are used for gaining

permission to a device and are unique only to the user. Passwords ensure that computers and data

are only accessible to those who have been given permission to view or use them. Password can

be grouped into:

i. One-Time Password (OTP)

ii. Cryptography

iii. Encryption and Decryption

Data Encryption Standard (DES), Triple Data Encryption Standard Algorithm, Advance

Encryption Standard. One approach for generating One-Time Password is through the use of a

mathematical algorithm to create a new password based on the previous password, which means

one-time passwords are a sequence and must be used in a predefined order. This is not secure

because if a hacker discovers the user’s password pattern, he can easily trace out future OTPs.

The most cost-effective method will be to create a one-time password and then send it on a piece

of paper that is already known to the person who generates OTPs on a computer. This is because

these devices eliminate the costs of SMS messaging. Even though it is less expensive to send the

OTPs this way, it is not feasible because the time it takes to deliver the password to the user may

be too long. Dynamic password that is the one-time password is a sequence password scheme

that has been shown to be non-decryptable in principle. Its basic concept is to introduce an

unknown factor into authentication, requiring users to provide different authentication messages
each time. This allows apps to achieve a higher level of protection than the fixed password

technology. The other systems depend on algorithm-based electronic tokens. When a token is not

correctly synchronized with the server, the OTP generators must manage the situation where the

device needs the OTP to be entered on a default timeout, which results in additional development

costs. Time-synchronized systems prevent this, although at the expense of having to keep a clock

in the electronic tokens running. In comparison to hardware tokens, the need to bring an extra

item that serves no purpose other than creating onetime passwords can be removed if one has a

phone or mobile computer. Considering the cost, using a cell phone as a token is the most cost-

effective option since it eliminates the need to deliver devices to each end user. Many proprietary

tokens, on the other hand, have tamper-proof functionality. The proposed work investigates and

introduces the two-way authentication process, as well as its benefit over the one-way

authentication framework. The limitation of these measures is that they may be costly for

students, inconvenient to carry around, and can be forgotten at times. The main objective of this

study is to increase the level of security of mobile application and address its security

susceptibility introduced by the current method of authentication been used. The study presented

a system that will mitigate this issue through two-way factor authentication using SMS

verification. Adding another step of authentication to individual identity makes it more difficult

for an attacker to gain access to educational records or break into individual account and hence,

there is great reduction in fraud, data loss, and identity theft, thereby improving the security of

the system. The other objectives include, identifying the threats that are introduced by one-way

authentication as a method of authentication that is currently used by other mobile applications

and how it affects the security of their system. Also, to investigates and introduces the two-way

authentication process, as well as its benefit over the one-way authentication framework such as
having a system more secured, user friendly, less expensive, faster and efficient. The rest of this

paper is organized as follows: section 2 summarizes the related work done; section 3 focuses on

the methodology; section 4 presents system evaluation and results discussion, and finally, section

5 concludes.

1.2 STATEMENT OF PROBLEM

The main problem addressed in this study is the need for a more secure and reliable two factors

authentication login system that can protect user accounts and sensitive information from

unauthorized access and cyber threats.

Here are some specific problems addressed by the study:

1. Traditional password-based authentication systems are often vulnerable to hacking and

phishing attacks, putting user accounts and sensitive information at risk.

2. Existing two factors authentication systems that rely on static passwords or tokens can

also be vulnerable to cyber threats, as hackers can intercept or steal these credentials.

3. SMS-based two factors authentication systems are often criticized for being unreliable, as

users may not receive the verification code in a timely manner or at all, leading to

frustration and potential security risks.

4. There is a need for a two factors authentication system that is more secure, reliable, and

user-friendly, and that can provide an added layer of protection to online accounts and

sensitive information.

1.3 AIM AND OBJECTIVES

The aim of this project is to develop a two-factor authentication system for mobile application.
OBJECTIVES:

The objectives of this study are to:

  Develop a two factors authentication login system using dynamic password generation and

SMS verification

 Evaluate the performance and security of the developed system

 Compare the developed system with existing two factors authentication systems

 Provide recommendations for future improvements

1.4 SCOPE AND LIMITATIONS OF THE STUDY

This study focuses on the development and evaluation of a two factors authentication login

system using dynamic password generation and SMS verification. The system will be

implemented using specific development tools and technologies and will be tested using a

limited number of scenarios and user groups. The study does not aim to cover all possible two

factors authentication methods or address all possible security threats.

1.5 SIGNIFICANCE OF THE STUDY

The significance of this study lies in the development of a more secure and reliable two factors

authentication login system that can help prevent unauthorized access and protect user accounts

and sensitive information from cyber threats. The study can also provide insights into the design

and implementation of two factors authentication systems and help guide future research in this

area.

1.6 METHODOLOGY

The development of a two-factor authentication system for a mobile application typically

involves several steps, including:

1. Requirement analysis: This step involves identifying the security requirements for the

mobile application and determining the type of two-factor authentication to be

implemented.
 2. Design: In this step, the design of the two-factor authentication system is developed. The

design should consider factors such as the user experience, security protocols, and

potential vulnerabilities.

3. Implementation: The two-factor authentication system is then implemented using

programming languages such as Java, Python, or Swift.

4. Testing: Testing is an essential part of the development process to ensure that the system

is functioning correctly and securely. Testing can be done manually or through automated

testing tools.

5. Deployment: Once the testing is completed, the two-factor authentication system is

deployed to the mobile application.

The following is a method for developing a two-factor authentication system for a mobile

application:

1. Determine the authentication methods to be used: Identify the types of authentication

methods that will be used, such as biometric authentication, one-time passwords, or smart

card authentication.

2. Design the user interface: Design an intuitive user interface that will allow users to

easily access and use the two-factor authentication system.

3. Develop the backend: Develop the backend infrastructure that will enable the mobile

application to communicate with the two-factor authentication system.

4. Develop the authentication logic: Develop the authentication logic that will verify the

user's identity using the selected authentication methods.

5. Test the system: Test the system to ensure that it functions correctly and securely.
 6. Integrate the system with the mobile application: Integrate the two-factor

authentication system with the mobile application.

7. Deploy the system: Deploy the system to the mobile application and ensure that it is

available to all users.

1.7 EXPECTED CONTRIBUTION TO KNOWLEDGE

1. Development of a two-factor authentication (two factors authentication) login system using

dynamic password generation and SMS verification that provides an added layer of

security to online accounts and sensitive information.

2. Improvement over existing two factors authentication systems that often rely on static

passwords or tokens that can still be vulnerable to hacking and phishing attacks.

3. Insights into the design and implementation of two factors authentication systems,

including the importance of considering functional and non-functional requirements, data

flow diagrams, and use case scenarios in the development process.

4. Evaluation of the performance and security of the developed system, providing a

comparison with existing two factors authentication systems to assess its effectiveness.

5. Contribution to the field of cybersecurity by providing a more secure and reliable approach

to user authentication, helping to prevent unauthorized access and protect user accounts and

sensitive information from cyber threats.

6. Foundation for further research in this area and can guide future improvements in the

design and implementation of two factors authentication systems.

 REFERENCES
Ajayi, O. O., Ajayi, A. O., & Oloyede, O. A. (2020). Development of a two-factor authentication

system for mobile devices. International Journal of Advanced Computer Science and

Applications, 11(7), 251-258.

Akhavan-Zanjani, R., Khorsandi, M. S., Rahmani, A. M., & Jahangiri, A. (2017). Design and

implementation of two-factor authentication system based on one-time password and

biometric recognition. Journal of Ambient Intelligence and Humanized Computing, 8(5),

663-673.

Nguyen, T. M., Tran, N. Q., Nguyen, T. N., & Le, T. D. (2020). Development of a two-factor

authentication system based on OTP and facial recognition. International Journal of

Advanced Science and Technology, 29(3), 275-285.

Shinde, H. R., & Sherekar, S. S. (2016). Implementation of two-factor authentication using

mobile devices. International Journal of Computer Applications, 140(10), 22-27.

Ahlawat, S., & Singh, N. (2018). Design and implementation of two-factor authentication system

using OTP and fingerprint. International Journal of Advanced Research in Computer

Science, 9(4), 30-35.