3FA for user validation
Sandhya A
Dept. of Information Science and Engineering
Dayananda Sagar College of Engineering
Bengaluru,Karnataka
Sandhyaseshan01@gmail.com
Tejashree R
Dept. of Information Science and Engineering
Dayananda Sagar College of Engineering
Bengaluru,Karnataka
Sandhyaseshan01@gmail.com
Abstract- In the contemporary digital
landscape, ensuring robust security measures
is essential to safeguard sensitive information
and transactions. This project presents an
innovative Three-Level Authentication System
incorporating facial recognition, eye blink
password, and OTP (One-Time Password)
generation for enhanced security and user
experience.
The first level of authentication employs
advanced facial recognition technology.
Through sophisticated algorithms, unique
facial features are analyzed and verified,
providing a secure initial layer of user
identification. The second level introduces the
novel concept of Eye Blink Password, utilizing
distinct eye gestures and blinks for
authentication. This biometric approach not
only enhances security but also offers a
memorable and user-friendly authentication
method. The third level enhances security
further by generating dynamic OTPs, adding a
time-sensitive element that drastically
reduces the risk of unauthorized access,
especially during online transactions. Thermal
attacks exploit heat signatures to capture
sensitive information, while shoulder surfing
relies on visual observation. This System is
beneficial in protecting against both types of
attacks.
Sandhya A
Dept. of Information Science and Engineering
Dayananda Sagar College of Engineering
Bengaluru,Karnataka
Sandhyaseshan01@gmail.com
Tejashree R
Dept. of Information Science and Engineering
Dayananda Sagar College of Engineering
Bengaluru,Karnataka
Sandhyaseshan01@gmail.com
Introduction- In today's digitally
interconnected world, ensuring robust
security while maintaining user-friendly
authentication methods is paramount.
Conventional password-based systems are
increasingly vulnerable to sophisticated cyber
threats, demanding innovative solutions. This
project introduces a cutting-edge Multi-Factor
Authentication (MFA) System that combines
Haar Cascade Face Detection and Eye Aspect
Ratio (EAR) Password for secure and efficient
user verification.
1)Facial recognition stands out as a pivotal
technology, revolutionizing the way we
confirm identities. Every human face is
unique, featuring distinct patterns and
features. Unlike other biometric measures,
such as fingerprints, faces are easily accessible
for identification without physical contact,
making facial recognition universally
applicable. One of the fundamental
techniques in facial recognition is the use of
HAAR Cascade classifiers. This method, rooted
in computer vision, offers an effective way to
detect faces in images or video frames.
Steps in face recognition
Face Detection: HAAR Cascade first detects
faces within an image or video frame. It
identifies regions of interest (ROI) that are
likely to contain facial features.
Feature Extraction: Once the face is detected,
various facial features, such as eyes, nose, and
mouth, can be extracted using additional Haar
Cascade classifiers specifically trained for
these features.
Matching and Verification: The extracted
features are compared with stored facial data
to verify the identity of the individual.
Matching algorithms assess the similarity
between the detected features and the
enrolled facial template, providing a
verification result.
2)Eye Blink Password introduces a novel
dimension to authentication by analysing
distinctive eye gestures and blinks.
EAR serves as a unique biometric measure
calculated from the proportions of an
individual's eye features. The EAR Password
method analyses these ratios, transforming
them into secure and memorable passwords.
Users are authenticated based on their
distinct EAR patterns, ensuring a high level of
security.
3)OTP Generation adds a temporal layer to
authentication. Time-based OTP algorithms,
such as Time-based One-Time Passwords
(TOTP), generate dynamic, time-sensitive
codes that users receive on their registered
devices. These codes, valid for a short
duration, act as a third factor of
authentication, ensuring that even if static
credentials are compromised, access remains
secure within the defined timeframe.
The walk through of paper starts with section
I, describing the Introduction of the system. In
section II, Literature survey is made to identify
the already existing work with its drawback
and overcoming it. Section III depicts the
design part of the paper including flowchart.
Section IV presents the implementation using
algorithms. Results are displayed in section V.
Section VI presents performance analysis and
the conclusion of the system and future work
is shown in section VII.
Related works- Three-level authentication
systems provide a high level of security by
combining multiple authentication factors,
there are existing projects that rely on single-
factor or dual-factor authentication methods,
making them comparatively inferior in terms
of security. Some of existing projects that
utilize less secure authentication methods
are: [1]Traditional Username and Password
Authentication Level:
Knowledge-Based, Users authenticate by
entering a username and password.
Drawback: Traditional username and
password systems are vulnerable to brute-
force attacks, credential stuffing, and phishing
schemes. They lack the robustness of multi-
factor authentication, making them inferior in
terms of security, especially in the face of
evolving cyber threats.
[2]Biometric: Users authenticate solely
through biometric methods such as
fingerprint, facial recognition, or iris scan.
Drawback: While biometric authentication
offers a higher level of security than
passwords alone, it lacks the additional layer
of security provided by possession-based
methods like OTPs. Biometric data, if
compromised, cannot be easily changed,
making these systems susceptible to breaches
in case of a data leak or theft.
[3]Possession-Based: Users receive a one-time
OTP on their registered mobile devices for
authentication.
Drawback: Single-factor OTP authentication,
while providing a temporary code for
verification, lacks the added security of
biometric or knowledge-based methods. If the
OTP is intercepted or the device is
compromised, unauthorized access becomes
a significant risk.
[4]PIN-Based Systems: Users authenticate by
entering a Personal Identification Number
(PIN).
Drawback: PIN-based systems, similar to
traditional passwords, are susceptible to
unauthorized access through techniques like
shoulder surfing or simple guesswork. They
lack the complexity and security provided by
multi-factor authentication methods.
These less secure methods are more
susceptible to various forms of attacks and
unauthorized access. As a result, organizations
and users are increasingly adopting multi-
factor authentication solutions, like the three-
level authentication system, to enhance their
digital security and protect sensitive
information from evolving cyber threats.