Implementation of two-factor user authentication in computer systems
Abstract
Introduction/purpose: The paper explores the implementation of two-factor authentication (2FA) in computer systems, addressing the increasing need for enhanced security. It highlights the vulnerabilities of password-based authentication and emphasizes the advantages of 2FA in mitigating digital threats. The development of the VoiceAuth application, integrating 2FA through a combination of password and voice authentication, serves as a practical illustration.
Methods: The research adopts a three-tier architecture for the VoiceAuth application, encompassing a database, server-side REST API, and client-side single-page application. Speaker verification is employed for voice authentication, analyzing elements like pitch, rhythm, and vocal tract shapes.The paper also discusses possibilities for future upgrades, suggesting enhancements such as real-time voice verification and additional 2FA methods.
Results: The application's implementation involves a detailed breakdown of the REST API architecture, Single Page Applications (SPAs), and the Speaker Verification service.
Conclusion: The research underscores the crucial role of two-factor authentication (2FA) in bolstering the security of computer systems. The VoiceAuth application serves as a practical demonstration, showcasing the successful integration of 2FA through a combination of password and voice authentication. The modular architecture of the application allows for potential upgrades.
References
Bondarchuk, A.P., Onysko, A.I., Otrokh, S.I. & Shevchuk, D.O. 2023. Two-factor user authentication system using facial recognition. Telecommunication and Information Technologies, 3, pp.79-84 (in Ukrainian). Available at: https://doi.org/10.31673/2412-4338.2023.039699.
Chandrakar, P. & Om, H. 2015. RSA Based Two-factor Remote User Authentication Scheme with User Anonymity. Procedia Computer Science, 70, pp.318-324. Available at: https://doi.org/10.1016/j.procs.2015.10.023.
Jones, M., Bradley, J. & Sakimura, N. 2015. JSON Web Token (JWT), Request for Comments:7519. Internet Engineering Task Force (IETF) [online]. Available at: https://datatracker.ietf.org/doc/html/rfc7519 [Accessed: 4. October 2023]. ISSN: 2070-1721.
Kaur, D. & Kumar, D. 2021. Cryptanalysis and improvement of a two-factor user authentication scheme for smart home. Journal of Information Security and Applications, 58, art.number:102787. Available at: https://doi.org/10.1016/j.jisa.2021.102787.
Marky, K., Ragozin, K., Chernyshov, G., Matviienko, A. & Schmitz, M. 2022. “Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor Authentication. ACM Transactions on Computer-Human Interaction, 29(5), art.number:43, pp.1-32. Available at: https://doi.org/10.1145/3503514.
Reese, K., Smith, T., Dutson, J., Armknecht, J., Cameron, J. & Seamons, K. 2019. A Usability Study of Five Two-Factor Authentication Methods. In: Proceedings of the Fifteenth Symposium on Usable Privacy and Security, Santa Clara, CA, USA, August 12-13 [online]. Available at: https://www.usenix.org/conference/soups2019/presentation/reese [Accessed: 4. October 2023].
Tot, I., Trikoš, M., Bajčetić, J., Lalović, K. & Bogićević, D. 2021. Software Platform for Learning about Brain Wave Acquisition and Analysis. Acta Polytechnica Hungarica, 18(3), pp.147-162. Available at: https://doi.org/10.12700/APH.18.3.2021.3.8.
Tomić, M. 2023a. Mihailotomi / voice-auth-api. Github.com, e954845 [online]. Available at: https://github.com/mihailotomi/voice-auth-api [Accessed: 4. October 2023].
Tomić, M. 2023b. Mihailotomi / voice-auth-ui. Github.com, da4f656 [online]. Available at: https://github.com/mihailotomi/voice-auth-ui [Accessed: 4. October 2023].
Tomić, M. 2023c. Mihailotomi / voice-auth-verification. Github.com, 1da74e5 [online]. Available at: https://github.com/mihailotomi/voice-auth-verification [Accessed: 4. October 2023].
Tomić, M. 2023d. Jedan pristup implementaciji dvofaktorske autentikacije u računarskim sistemima. BS thesis. Belgrade, Serbia: University of Defence (in Serbian).
Yuan, J.-J. 2013. An enhanced two-factor user authentication in wireless sensor networks. Telecommunication Systems, 55, pp.105-113. Available at: https://doi.org/10.1007/s11235-013-9755-5.
Zhu, H., Jin, W., Xiao, M., Murali, S. & Li, M. 2020. BlinKey: A Two-Factor User Authentication Method for Virtual Reality Devices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 4(4), art.number:164, pp.1-29. Available at: https://doi.org/10.1145/3432217.
Zou, S., Cao, Q., Wang, C., Huang, Z. & Xu, G. 2021. A Robust Two-Factor User Authentication Scheme-Based ECC for Smart Home in IoT. IEEE Systems Journal, 16(3), pp.4938-4949. Available at: https://doi.org/10.1109/JSYST.2021.3127438.
Copyright (c) 2024 Mihailo D. Tomić, Olivera M. Radojević
This work is licensed under a Creative Commons Attribution 4.0 International License.
Proposed Creative Commons Copyright Notices
Proposed Policy for Military Technical Courier (Journals That Offer Open Access)
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).