Two-step Authentication for Web Application using QR Code
Keywords:
Password lending, Multi-factor Authentication, Stateless Authentication, QR codeAbstract
Web application login based on password is commonly to apply in information system. For various applications, a numerous password memorization is still a problem for users that have a chance to forget a password. Moreover, a password lending is a cause of problems that stolen a password from a malicious person. It is a major cyber vulnerability that leads to a cyber attack. However, the developers apply a multi-factor authentication to increase a security for application login. This approach is still a limitation of cost and comfortable using. Therefore, this research aims to develop the two-step authentication for web application using QR code. The proposed method applies a stateless authentication based on JSON Web Token (JWT) technology. It divides to two steps consisting of 1) user authentication to obtain a user_token and 2) web login using QR code scanning. The experiment result to simulate a scenario for 30-240 user accounts login simultaneously found that the performance of a response time is an average at 3-7 second in case of 240 user accounts, which depends on a network traffic. The performance assessment found that obtains a score at 4.53 that means excellent level.
References
ชูศรี วงศ์รัตนะ. (2560). เทคนิคการใช้ สถิติเพื่อการวิจัย. กรุงเทพฯ: อมรการพิมพ์.
Aura, T., and Nikander, P. (1997). Stateless connections. Lecture Notes in Computer Science, 1334. Springer, Berlin, Heidelberg.
Bunaramrueang, P., and Kowpatanakit, P. (2023). Digital identity and authentication. Thammasa Law Journal, 52(4), pp. 1035-1097.
Chaimueng C., Puangpronpitag, S., and Pongsiri, V. (2012) Single point authentication by multiple factor authentication. Journal of information science and technology, 3(1), pp. 53–62.
Jones, M., Bradley, J., and Sakimura, N. (2015). JSON Web Token (JWT). RFC 7519, DOI 10.17487/RFC7519.
Lee, S., Jo, J. Y., and Kim, K. (2018). Authentication System for Stateless RESTful Web Service. Journal of Computational Methods in Sciences and Engineering, 17, pp. 1-14, DOI: 10.3233/JCM-160677.
Mitchell, C. (2013). A Novel Stateless Authentication Protocol. Lecture Notes in Computer Science, vol 7028. Springer, Berlin, Heidelberg.
Rahmatullo, A., Aldya, A. P., and Arifin, M. N. (2019). Stateless authentication with JSON Web Tokens using RSA-512 Algorithm. INFOTEL, 11(2), pp. 36-42, DOI: 10.20895/infotel.v11i2.427
Rukpakavong, W., Subsomboon, K., and Nilpanich, S. (2022). Mutual authentication for cardless ATM withdrawal using location factor. SNRU Journal of Science and Technology, 14(2), pp. 1-8, DOI: https://doi.org/10.55674/snrujst.v14i2.245396
Sainui, J., Jankaew, N., and U-seng, H. (2021). A prototype of seminar registration system using face authentication. Journal of Applied Information Technology, 7(2), pp. 40-50.
Sarawan, K. (2018). Improving Web application security by virtual password Authentication. TNI Journal of Engineering and Technology, 6(1), pp. 19-23.
Saetang, W., and Boonkrong, S. (2017). Effectiveness Analysis and hash function. Journal of Food Health and Bioenvironment Science, 10(2), pp. 81-94.
Titiakarawongse, C., and Boonkrong, S. (2023). A Study of password management behaviors of young People. Applied Science and Engineering Progress, 16(4), pp. 1-16, DOI: 10.14416/j.asep.2023.01.001.
Thumsiraruk, P., and Puangpronpitag, S. (2015). Problem analysis and security testing of one time password. Technology, (37)1, pp. 10-24.
Vongsingthong, S., Paiboonsak, J., and Nakaresruengsak, S. (2023). Machine learning in biometric authentication. Science and technology journal Mahasarakham university, 42(4), pp 97-107.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Loei Rajabhat University
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
บทความที่ได้รับการตีพิมพ์
