Secure web authentication

OData support
Supervisor:
Schulcz Róbert
Department of Networked Systems and Services

Today the web authentication can be considered as a part of our everyday life. To the most of the websites we can not log in in some form, be it a social media site or a page built for official administration.

Due to the expansion of smartphones the secure identification has been becoming a more difficult task owing to the newly appeared viruses and phishing programs as well as to the recklessness of the users. The following example demonstrates this challenge expressively: even sending of an sms to the given customer does not guarantee adequate security any more since the approval code will sent to the same device where the user saves its login data. In the same time the phone bound login unburdens the administration because the mobile is always ready at hand and the user can easily manage with that.

In my thesis I examined the most common attacking methods, the vulnerabilities of the users and the login securing servers. After this I reviewed what kind of solutions exists on the market for securing the authentication, and analyzed the strengths and weaknesses of this methods. Finally on the base of the collected requirements I planned myself a new authorization procedure which combines the comfortable login with the secure authentication. I proved this system in a simulation environment where I could challenge the operation of the technology at various cases.

Downloads

Please sign in to download the files of this thesis.