SmartAuth: Multi-Factor Authentication using Smart Card and Android on Web

Abstract

To protect any resource in a system from an unauthorized entity, the authentication process is basic and the first line of defense.

In this talk will try to discuss several authentication schemes that are available for user authentication or verification to solve the issue of secure authentication mostly enforcing an extra layer of security with two-factor or multi-factor authentication.

We’ll present a propose solution SmartAuth, a secure and usable multi-factor authentication mechanism using contactless smart card and Android device on the web. The SmartAuth provides ownership base authentication system using Android device and contactless smart-card via NFC on the web. The SmartAuth is based on PKI and a proof of concept of the proposed authentication mechanism is also developed and a demo video will be presented.

Outline

The presentation is based on my MS thesis research and I also published in a journal.

In this presentation:

  • We’ll talk about the importance of a secure authentication to protect resources of a system from unauthorized entities.
  • We’ll try to discuss the security of passwords and will discuss the short comings of knowledge based authentication with examples.
  • We’ll highlight the importance of defense in depth.
  • We’ll try to discuss popular two factor or multi factor authentication schemes.
  • We’ll present a proposed solution for multi-factor authentication using smart card and android on web.
  • We’ll explore the architecture and design of the proposed solution with proof of concept and results with possible applications of the proposed solution in different applications including but not limited to:
  • Corporates where smart cards are already being used
  • Financial Applications
  • Blockchain
  • To enhance security of the system by adding an additional layer of security using smart card

We’ll conclude this presentation by presenting a proof of concept demo video of the proposed solution.

Muhammad Shahbaz

@M_Shahbaz_A

Muhammad Shahbaz is a blockchain developer at ABBC Payment Services Provider. He has a master’s degree in information security and an electrical engineer with full stack development experience. He has discovered vulnerabilities in web and mobile applications and contributed to open source projects. He has published his research papers in IJCSSE journal.