Two Factor Authentication for e-Government Services using Hardware-Like One Time Password Generators
Giuseppe Della Penna, Pietro Frasca and Benedetto Intrigila
DOI : 10.3844/jcssp.2019.171.189
Journal of Computer Science
Volume 15, Issue 1
A safe and accessible authentication technique is a prerequisite for any modern e-government application. Two-factor authentication is currently widely adopted, since it alleviates many vulnerabilities of password-based authentication. The majority of e-government systems currently make use of text messages to deliver the second authentication factor, but these messages do not constitute an adequate (secure and reliable) solution. In this paper we show how to use One-Time Passwords (OTP) generated by a per-user, ad-hoc built application installed on a smartphone to support a two-factor authentication scheme specifically targeted to e-government tasks. In particular, we develop a process for the request, generation and distribution of such an application that achieves the same security of OTP hardware devices but avoids the related distribution and management costs, requiring no dedicated hardware and relying on the pre-existing administrative infrastructure. The process is designed to be accessible by any citizen who is able to perform very basic operations on a smartphone.
© 2019 Giuseppe Della Penna, Pietro Frasca and Benedetto Intrigila. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.