vu final project cs619 help: Authentication Technique with OTP

Authentication Technique with OTP

One time password (OTP) is just what the name gives you an idea about a password that is only applicable for one login. The advantage of OTPs is that it proposes much higher security than static password also called conventional way of authentication. OTPs is protected against password sniffing attacks, if an hacker use software to collect your data traffic, video records when you type on your keyboard, or use social engineering, it doesn't matter since the password that the attacker gets hold on will not be valid to use. An OTP can be generated using different methods and is often used in combination with a device that is synchronized with an authentication server.

Time-Based OTPs In the time-based method, a device with an internal clock generates passwords that are depending on the current time. For example, every minute a new password is generated in the device, and the same password is generated at the authentication server. When the user wants to login to a service or system, the current OTP that is displayed on the device is used.

The user's mobile phone will work as the authentication device, in which the user have to enter a 4-digit PIN code to generate an OTP that can be used for login. This is done by any mobile supported application running on the phone.

The OTP that is generated on the mobile phone is based on three components which will be hashed together with MD5 or any well known encryption algorithm.

Functional Requirements:

1. 4-digit PIN code that the user enters.

2. A secret random number that was created during device-initialization (Init-secret) that only exists on the user's mobile device.

3. The OTP algorithm simultaneously executes the code at mobile as well as Server and generates one time password that will be valid defined session /time stamp.

4. Make log file (Data base) manage all record of specific user id.

5. After the login application operates any other operation.

Application Type:

It will be a native mobile application; you can use any modern mobile OS platform (e.g. Android, Apple, Windows Mobile etc) for mobile application and PHP/Dot net frame for server side languages.

The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity.

http://www.miraclesalad.com/webtools/md5.php

http://en.wikipedia.org/wiki/MD5

Algorithm [edit]

Figure 1. One MD5 operation. MD5 consists of 64 of these operations, grouped in four rounds of 16 operations. F is a nonlinear function; one function is used in each round. M_i denotes a 32-bit block of the message input, and K_i denotes a 32-bit constant, different for each operation.

_s denotes a left bit rotation by s places; s varies for each operation.

denotes addition modulo 2³².

MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks (sixteen 32-bit words); the message is padded so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with 64 bits representing the length of the original message, modulo 2⁶⁴.

The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words, denoted A, B, C, and D. These are initialized to certain fixed constants. The main algorithm then uses each 512-bit message block in turn to modify the state. The processing of a message block consists of four similar stages, termed rounds; each round is composed of 16 similar operations based on a non-linear function F, modular addition, and left rotation. Figure 1 illustrates one operation within a round. There are four possible functions F; a different one is used in each round:

$F(B,C,D) = (B\wedge{C}) \vee (\neg{B} \wedge{D})$

$G(B,C,D) = (B\wedge{D}) \vee (C \wedge \neg{D})$

$H(B,C,D) = B \oplus C \oplus D$

$I(B,C,D) = C \oplus (B \vee \neg{D})$

$\oplus, \wedge, \vee, \neg$ denote the XOR, AND, OR and NOT operations respectively.

Scratch the card and insert 14 digit number for card loading is normal and regular activity for mobile users. In this project user will just take picture for mobile card and it will be automatically recharged.

This MD5 hash generator is useful for encoding passwords, credit cards numbers and other sensitive date into MySQL, Postgress or other databases. PHP programmers, ASP programmers and anyone developing on MySQL, SQL, Postgress or similar should find this online tool an especially handy resource.

What is an MD5 hash?

An MD5 hash is created by taking a string of an any length and encoding it into a 128-bit fingerprint. Encoding the same string using the MD5 algorithm will always result in the same 128-bit hash output. MD5 hashes are commonly used with smaller strings when storing passwords, credit card numbers or other sensitive data in databases such as the popular MySQL. This tool provides a quick and easy way to encode an MD5 hash from a simple string of up to 256 characters in length.

MD5 hashes are also used to ensure the data integrity of files. Because the MD5 hash algorithm always produces the same output for the same given input, users can compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.

An MD5 hash is NOT encryption. It is simply a fingerprint of the given input. However, it is a one-way transaction and as such it is almost impossible to reverse engineer an MD5 hash to retrieve the original string.

Supervisor Name: Tanweer Arshad

Email ID: as2@vu.edu.pk

vu final project

Sunday, 26 October 2014

Authentication Technique with OTP