Two Factor Authentication Framework Using OTP-SMS Based on Blockchain

Alharbi, Eman; Alghazzawi, Daniyal

doi:10.14738/tmlai.73.6524

Cited by 9 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MFA requires users to provide two or more pieces of evidence to prove their identity. This could include a combination of something the user knows (such as a password), something the user has (such as a physical token or smartphone), and something the user is (such as a biometric scan) [13]. 2FA is one of the most common authentication methods.…”

Section: Authentication Methodsmentioning

confidence: 99%

Usability Testing of Memorable Word in Security Enhancing in e-Government and e-Financial Systems

Alotaibi,

Aljeaid,

Alharbi

2023

IJACSA

View full text Add to dashboard Cite

Most applications increase their security by adding an extra layer to the login process using two-factor authentication (2FA). In Saudi Arabia, One-Time Password (OTP), which is 2FA, is the most common method used as users log in to their accounts. However, some issues have emerged with using OTP as 2FA; these issues from previous research were investigated in the study. Also, the study proposed a new method of account authentication, which is a Memorable Word (MW). MW is the second and short password in which the user enters a certain number of characters instead of the whole password. The study conducted usability testing to compare two 2FA methods, OTP and MW. The study included 60 participants logged into a simulated website using both authentication methods. Then, all participants have to complete the questionnaire. The collected data analyses showed a favourable opinion of the MW method.

show abstract

Section: Authentication Methodsmentioning

confidence: 99%

Usability Testing of Memorable Word in Security Enhancing in e-Government and e-Financial Systems

Alotaibi,

Aljeaid,

Alharbi

2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…However, the multiple blockchain transactions executed during the OTP process affect OTP generation in performance tests. In [28], the authors address the vulnerabilities of the widely used OTP-SMS method in 2FA, especially its susceptibility to MITM and third-party attacks. By leveraging blockchain technology and smart contracts, the proposed framework encrypts the OTP, enhancing the security and efficiency of the authentication process.…”

Section: Related Workmentioning

confidence: 99%

Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor Authentication

Jose Diaz Rivera,

Muhammad,

Song

2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

As network systems advance and become more sophisticated, the associated security challenges grow more complex. The zero trust model emerges as a new paradigm to address this, significantly emphasizing robust and continuous identity verification. Multi-factor authentication (MFA) methods have become crucial for enhancing authentication security within this framework. Additionally, the integration of blockchain technology is increasingly recognized for its potential to strengthen identity trustworthiness further, complementing the zero trust approach by providing a more secure and transparent identity verification process. However, privacy concerns remain, especially in public blockchain environments where personal data is vulnerable to inadvertent exposure. Also, using centralized servers for authentication, even in systems integrated with blockchain, presents the risk of creating single points of failure. This paper introduces a privacy-preserving MFA system that harnesses the decentralized capabilities of blockchain technology to enable a Distributed Authentication Mechanism (DAM) as a network of authenticators for enhancing the reliability of the authentication process. This system utilizes blockchain-based Zero-Knowledge Proofs (ZKP) as a privacy mechanism to prove the knowledge of a One-Time Password (OTP). This approach not only ensures the authenticity of the proof authenticity but also confirms the identity of the prover. In the final stage of the MFA process, non-transferable, non-fungible tokens (NFTs) are employed as authentication tokens for identity verification. Our experimental results and comparative security analyses suggest a relevant contribution to secure, private, and dependable MFA framework research.

show abstract

“…They proposed a blockchain-based OTP (One-Time Password) protocol. This work builds upon other recent solutions [1,3], where the blockchain is utilized to verify the user and generate the OTP. The proposed protocol proves to be user-friendly and decouples the direct interaction of each user with the blockchain.…”

Section: Introductionmentioning

confidence: 99%

“…Figure 1: B2FHA system sequence diagram(1) The user sends a register request to the application. (2) The application creates 𝑁 OTPs, and the user specifies which honeytoken will be the valid one.…”

mentioning

confidence: 99%