ETD

Archivio digitale delle tesi discusse presso l'Università di Pisa

Tesi etd-08172012-163835


Tipo di tesi
Tesi di laurea magistrale
Autore
SILVESTRI, DAVIDE
URN
etd-08172012-163835
Titolo
An OTP-based strong authentication system: from client-side to backend
Dipartimento
INGEGNERIA
Corso di studi
INGEGNERIA INFORMATICA
Relatori
relatore Prof. Dini, Gianluca
tutor Ing. Castrucci, Alessandro
correlatore Prof. Marcelloni, Francesco
Parole chiave
  • otp
  • password
  • security
  • radius
  • android
  • blackberry
  • ingegneria informatica
  • test
  • hotp
  • oath
Data inizio appello
04/10/2012
Consultabilità
Non consultabile
Data di rilascio
04/10/2052
Riassunto
In this paper I’m going to describe several aspects and problems related to my apprenticeship work in iambOO srl. The arguments will be addressed both theoretically and practically.
My goal is not to be exhaustive but to give some hints for those who want to complete my work or start over a new project based on one or more topics treated here.

The main subject of the work is a validation server implementing strong authentication using HOTP, HMAC based one-time passwords.

I created an API layer to allow a faster and easier integration with client’s existing tools and to mask the communication layer between client and server.

Subsequently I developed a backend side for the management of seeds (shared secret between token and server) and for monitoring the status of the OTP tokens given to customers. I also realized the front-side of the system for the one-time password insertion and to receive the authentication result.

I studied the necessary requirements for the server and the client to be OATH compliant (OATH is the worldwide leading consortium in the HOTP field).

I developed an application for Blackberry and for Android that takes care of the generation of HOTPs both in the numeric format and in the QRcode format. So I had the opportunity to study the various types of QRCode and design a system taking into account encoding time (for the generation of the code) and spatial requirements (for decoding through webcams).

Finally, I wrote a RADIUS module aimed to achieve strong authentication using one-time passwords.

Each product was fully tested and documented through detailed user manuals.

File