Enhanced multi-factor authentication for web
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2023 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10773/41032 |
Resumo: | With the recent growth of Internet of Things (IoT), cloud platforms and, consequently, the exponential increase in online exchanges encompassing sensitive information pertinent to users, it has become necessary to implement strong authentication methods to minimize the risk of user impersonation. The aim of this work is to enhance the protection of private information, by developing a prototype which employs risk assessment aligned with a Multi-Factor Authentication (MFA) system, in a platform that can be easily integrated in applications in order to delegate the authentication process to an external platform. While pushing forward the flexibility and supportability of multiple browsers and client applications, the main goal of the solution is to protect against user impersonation and illegitimate access to user accounts, while keeping the intrinsic protection of MFA systems and rendering social engineering attacks inconsequential with the aid or risk-based adaptability. |
| id |
RCAP_6d85aaa333a1acf21ab7bc30ecd14e57 |
|---|---|
| oai_identifier_str |
oai:ria.ua.pt:10773/41032 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Enhanced multi-factor authentication for webAuthenticationSocial engineeringMulti-factor AuthenticationPrivacyRiskbased adaptionWith the recent growth of Internet of Things (IoT), cloud platforms and, consequently, the exponential increase in online exchanges encompassing sensitive information pertinent to users, it has become necessary to implement strong authentication methods to minimize the risk of user impersonation. The aim of this work is to enhance the protection of private information, by developing a prototype which employs risk assessment aligned with a Multi-Factor Authentication (MFA) system, in a platform that can be easily integrated in applications in order to delegate the authentication process to an external platform. While pushing forward the flexibility and supportability of multiple browsers and client applications, the main goal of the solution is to protect against user impersonation and illegitimate access to user accounts, while keeping the intrinsic protection of MFA systems and rendering social engineering attacks inconsequential with the aid or risk-based adaptability.Com o aumento recente da Internet das Coisas (IoT), plataformas cloud e, consequentemente, um crescimento exponencial na troca online de informação sensível, tornou-se necessário implementar mecanismos de autenticação seguros por forma a minimizar o rico de se falsificar a identidade de um utilizador. O objetivo deste trabalho é melhorar a proteção da informação privada dos mesmos, sendo para isso desenvolvido um protótipo que faz uso de análise de risco, agregado a um sistema de Autenticação Multi-factor (MFA), que pode ser facilmente integrado em aplicações existentes por forma a delegar o processo de autenticação a uma plataforma externa. Para além de promover a flexibilidade e o suporte para múltiplos browsers e aplicações clientes, o objetivo principal da solução é proteger utilizadores de roubo de identidade e acesso ilegítimo a contas, enquanto mantendo as proteções intrínsecas dos sistemas MFA, e tornar os ataques de engenharia social inconsequentes com o auxílio de uma abordagem baseada em risco.2024-03-12T09:56:14Z2023-07-04T00:00:00Z2023-07-04info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/41032engMorais, David Gomesinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-18T01:47:58Zoai:ria.ua.pt:10773/41032Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T04:02:08.855115Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Enhanced multi-factor authentication for web |
| title |
Enhanced multi-factor authentication for web |
| spellingShingle |
Enhanced multi-factor authentication for web Morais, David Gomes Authentication Social engineering Multi-factor Authentication Privacy Riskbased adaption |
| title_short |
Enhanced multi-factor authentication for web |
| title_full |
Enhanced multi-factor authentication for web |
| title_fullStr |
Enhanced multi-factor authentication for web |
| title_full_unstemmed |
Enhanced multi-factor authentication for web |
| title_sort |
Enhanced multi-factor authentication for web |
| author |
Morais, David Gomes |
| author_facet |
Morais, David Gomes |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Morais, David Gomes |
| dc.subject.por.fl_str_mv |
Authentication Social engineering Multi-factor Authentication Privacy Riskbased adaption |
| topic |
Authentication Social engineering Multi-factor Authentication Privacy Riskbased adaption |
| description |
With the recent growth of Internet of Things (IoT), cloud platforms and, consequently, the exponential increase in online exchanges encompassing sensitive information pertinent to users, it has become necessary to implement strong authentication methods to minimize the risk of user impersonation. The aim of this work is to enhance the protection of private information, by developing a prototype which employs risk assessment aligned with a Multi-Factor Authentication (MFA) system, in a platform that can be easily integrated in applications in order to delegate the authentication process to an external platform. While pushing forward the flexibility and supportability of multiple browsers and client applications, the main goal of the solution is to protect against user impersonation and illegitimate access to user accounts, while keeping the intrinsic protection of MFA systems and rendering social engineering attacks inconsequential with the aid or risk-based adaptability. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023-07-04T00:00:00Z 2023-07-04 2024-03-12T09:56:14Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10773/41032 |
| url |
http://hdl.handle.net/10773/41032 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799138193891655680 |